]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks | |
3 | * | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at: | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
15 | */ | |
16 | ||
17 | #ifndef OPENFLOW_NICIRA_EXT_H | |
18 | #define OPENFLOW_NICIRA_EXT_H 1 | |
19 | ||
20 | #include "openflow/openflow.h" | |
21 | #include "openvswitch/types.h" | |
22 | ||
23 | /* The following vendor extensions, proposed by Nicira Networks, are not yet | |
24 | * standardized, so they are not included in openflow.h. Some of them may be | |
25 | * suitable for standardization; others we never expect to standardize. */ | |
26 | ||
27 | #define NX_VENDOR_ID 0x00002320 | |
28 | \f | |
29 | /* Nicira vendor-specific error messages extension. | |
30 | * | |
31 | * OpenFlow 1.0 has a set of predefined error types (OFPET_*) and codes (which | |
32 | * are specific to each type). It does not have any provision for | |
33 | * vendor-specific error codes, and it does not even provide "generic" error | |
34 | * codes that can apply to problems not anticipated by the OpenFlow | |
35 | * specification authors. | |
36 | * | |
37 | * This extension attempts to address the problem by adding a generic "error | |
38 | * vendor extension". The extension works as follows: use NXET_VENDOR as type | |
39 | * and NXVC_VENDOR_ERROR as code, followed by struct nx_vendor_error with | |
40 | * vendor-specific details, followed by at least 64 bytes of the failed | |
41 | * request. | |
42 | * | |
43 | * It would be better to have a type-specific vendor extension, e.g. so that | |
44 | * OFPET_BAD_ACTION could be used with vendor-specific code values. But | |
45 | * OFPET_BAD_ACTION and most other standardized types already specify that | |
46 | * their 'data' values are (the start of) the OpenFlow message being replied | |
47 | * to, so there is no room to insert a vendor ID. | |
48 | * | |
49 | * Currently this extension is only implemented by Open vSwitch, but it seems | |
50 | * like a reasonable candidate for future standardization. | |
51 | */ | |
52 | ||
53 | /* This is a random number to avoid accidental collision with any other | |
54 | * vendor's extension. */ | |
55 | #define NXET_VENDOR 0xb0c2 | |
56 | ||
57 | /* ofp_error msg 'code' values for NXET_VENDOR. */ | |
58 | enum nx_vendor_code { | |
59 | NXVC_VENDOR_ERROR /* 'data' contains struct nx_vendor_error. */ | |
60 | }; | |
61 | ||
62 | /* 'data' for 'type' == NXET_VENDOR, 'code' == NXVC_VENDOR_ERROR. */ | |
63 | struct nx_vendor_error { | |
64 | ovs_be32 vendor; /* Vendor ID as in struct ofp_vendor_header. */ | |
65 | ovs_be16 type; /* Vendor-defined type. */ | |
66 | ovs_be16 code; /* Vendor-defined subtype. */ | |
67 | /* Followed by at least the first 64 bytes of the failed request. */ | |
68 | }; | |
69 | \f | |
70 | /* Specific Nicira extension error numbers. | |
71 | * | |
72 | * These are the "code" values used in nx_vendor_error. So far, the "type" | |
73 | * values in nx_vendor_error are the same as those in ofp_error_msg. That is, | |
74 | * at Nicira so far we've only needed additional vendor-specific 'code' values, | |
75 | * so we're using the existing 'type' values to avoid having to invent new ones | |
76 | * that duplicate the current ones' meanings. */ | |
77 | ||
78 | /* Additional "code" values for OFPET_BAD_REQUEST. */ | |
79 | enum nx_bad_request_code { | |
80 | /* Nicira Extended Match (NXM) errors. */ | |
81 | ||
82 | /* Generic error code used when there is an error in an NXM sent to the | |
83 | * switch. The switch may use one of the more specific error codes below, | |
84 | * if there is an appropriate one, to simplify debugging, but it is not | |
85 | * required to do so. */ | |
86 | NXBRC_NXM_INVALID = 0x100, | |
87 | ||
88 | /* The nxm_type, or nxm_type taken in combination with nxm_hasmask or | |
89 | * nxm_length or both, is invalid or not implemented. */ | |
90 | NXBRC_NXM_BAD_TYPE = 0x101, | |
91 | ||
92 | /* Invalid nxm_value. */ | |
93 | NXBRC_NXM_BAD_VALUE = 0x102, | |
94 | ||
95 | /* Invalid nxm_mask. */ | |
96 | NXBRC_NXM_BAD_MASK = 0x103, | |
97 | ||
98 | /* A prerequisite was not met. */ | |
99 | NXBRC_NXM_BAD_PREREQ = 0x104, | |
100 | ||
101 | /* A given nxm_type was specified more than once. */ | |
102 | NXBRC_NXM_DUP_TYPE = 0x105 | |
103 | }; | |
104 | ||
105 | /* Additional "code" values for OFPET_FLOW_MOD_FAILED. */ | |
106 | enum nx_flow_mod_failed_code { | |
107 | /* Generic hardware error. */ | |
108 | NXFMFC_HARDWARE = 0x100, | |
109 | ||
110 | /* A nonexistent table ID was specified in the "command" field of struct | |
111 | * ofp_flow_mod, when the nxt_flow_mod_table_id extension is enabled. | |
112 | * (This extension is not yet implemented on this branch of Open | |
113 | * vSwitch.) */ | |
114 | NXFMFC_BAD_TABLE_ID = 0x101 | |
115 | }; | |
116 | \f | |
117 | /* Nicira vendor requests and replies. */ | |
118 | ||
119 | /* Header for Nicira vendor requests and replies. */ | |
120 | struct nicira_header { | |
121 | struct ofp_header header; | |
122 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
123 | ovs_be32 subtype; /* One of NXT_* below. */ | |
124 | }; | |
125 | OFP_ASSERT(sizeof(struct nicira_header) == 16); | |
126 | ||
127 | /* Values for the 'subtype' member of struct nicira_header. */ | |
128 | enum nicira_type { | |
129 | /* Switch status request. The request body is an ASCII string that | |
130 | * specifies a prefix of the key names to include in the output; if it is | |
131 | * the null string, then all key-value pairs are included. */ | |
132 | NXT_STATUS_REQUEST, | |
133 | ||
134 | /* Switch status reply. The reply body is an ASCII string of key-value | |
135 | * pairs in the form "key=value\n". */ | |
136 | NXT_STATUS_REPLY, | |
137 | ||
138 | /* No longer used. */ | |
139 | NXT_ACT_SET_CONFIG__OBSOLETE, | |
140 | NXT_ACT_GET_CONFIG__OBSOLETE, | |
141 | NXT_COMMAND_REQUEST__OBSOLETE, | |
142 | NXT_COMMAND_REPLY__OBSOLETE, | |
143 | NXT_FLOW_END_CONFIG__OBSOLETE, | |
144 | NXT_FLOW_END__OBSOLETE, | |
145 | NXT_MGMT__OBSOLETE, | |
146 | ||
147 | /* Use the high 32 bits of the cookie field as the tunnel ID in the flow | |
148 | * match. */ | |
149 | NXT_TUN_ID_FROM_COOKIE, | |
150 | ||
151 | /* Controller role support. The request body is struct nx_role_request. | |
152 | * The reply echos the request. */ | |
153 | NXT_ROLE_REQUEST, | |
154 | NXT_ROLE_REPLY, | |
155 | ||
156 | /* Flexible flow specification (aka NXM = Nicira Extended Match). */ | |
157 | NXT_SET_FLOW_FORMAT, /* Set flow format. */ | |
158 | NXT_FLOW_MOD, /* Analogous to OFPT_FLOW_MOD. */ | |
159 | NXT_FLOW_REMOVED /* Analogous to OFPT_FLOW_REMOVED. */ | |
160 | }; | |
161 | ||
162 | /* Header for Nicira vendor stats request and reply messages. */ | |
163 | struct nicira_stats_msg { | |
164 | struct ofp_header header; /* OFPT_STATS_REQUEST or OFPT_STATS_REPLY. */ | |
165 | ovs_be16 type; /* OFPST_VENDOR. */ | |
166 | ovs_be16 flags; /* OFPSF_{REQ,REPLY}_*. */ | |
167 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
168 | ovs_be32 subtype; /* One of NXST_* below. */ | |
169 | uint8_t pad[4]; /* Align to 64-bits. */ | |
170 | }; | |
171 | OFP_ASSERT(sizeof(struct nicira_stats_msg) == 24); | |
172 | ||
173 | /* Values for the 'subtype' member of struct nicira_stats_msg. */ | |
174 | enum nicira_stats_type { | |
175 | /* Flexible flow specification (aka NXM = Nicira Extended Match). */ | |
176 | NXST_FLOW, /* Analogous to OFPST_FLOW. */ | |
177 | NXST_AGGREGATE /* Analogous to OFPST_AGGREGATE. */ | |
178 | }; | |
179 | ||
180 | /* NXT_TUN_ID_FROM_COOKIE request. */ | |
181 | struct nxt_tun_id_cookie { | |
182 | struct ofp_header header; | |
183 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
184 | ovs_be32 subtype; /* NXT_TUN_ID_FROM_COOKIE */ | |
185 | uint8_t set; /* Nonzero to enable, zero to disable. */ | |
186 | uint8_t pad[7]; | |
187 | }; | |
188 | OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24); | |
189 | ||
190 | /* Configures the "role" of the sending controller. The default role is: | |
191 | * | |
192 | * - Other (NX_ROLE_OTHER), which allows the controller access to all | |
193 | * OpenFlow features. | |
194 | * | |
195 | * The other possible roles are a related pair: | |
196 | * | |
197 | * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may | |
198 | * be at most one Master controller at a time: when a controller | |
199 | * configures itself as Master, any existing Master is demoted to the | |
200 | * Slave role. | |
201 | * | |
202 | * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to | |
203 | * OpenFlow features. In particular attempts to modify the flow table | |
204 | * will be rejected with an OFPBRC_EPERM error. | |
205 | * | |
206 | * Slave controllers do not receive OFPT_PACKET_IN or OFPT_FLOW_REMOVED | |
207 | * messages, but they do receive OFPT_PORT_STATUS messages. | |
208 | */ | |
209 | struct nx_role_request { | |
210 | struct nicira_header nxh; | |
211 | ovs_be32 role; /* One of NX_ROLE_*. */ | |
212 | }; | |
213 | ||
214 | enum nx_role { | |
215 | NX_ROLE_OTHER, /* Default role, full access. */ | |
216 | NX_ROLE_MASTER, /* Full access, at most one. */ | |
217 | NX_ROLE_SLAVE /* Read-only access. */ | |
218 | }; | |
219 | \f | |
220 | /* Nicira vendor flow actions. */ | |
221 | ||
222 | enum nx_action_subtype { | |
223 | NXAST_SNAT__OBSOLETE, /* No longer used. */ | |
224 | NXAST_RESUBMIT, /* struct nx_action_resubmit */ | |
225 | NXAST_SET_TUNNEL, /* struct nx_action_set_tunnel */ | |
226 | NXAST_DROP_SPOOFED_ARP, /* struct nx_action_drop_spoofed_arp */ | |
227 | NXAST_SET_QUEUE, /* struct nx_action_set_queue */ | |
228 | NXAST_POP_QUEUE, /* struct nx_action_pop_queue */ | |
229 | NXAST_REG_MOVE, /* struct nx_action_reg_move */ | |
230 | NXAST_REG_LOAD, /* struct nx_action_reg_load */ | |
231 | NXAST_NOTE, /* struct nx_action_note */ | |
232 | NXAST_SET_TUNNEL64, /* struct nx_action_set_tunnel64 */ | |
233 | NXAST_MULTIPATH /* struct nx_action_multipath */ | |
234 | }; | |
235 | ||
236 | /* Header for Nicira-defined actions. */ | |
237 | struct nx_action_header { | |
238 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
239 | ovs_be16 len; /* Length is 16. */ | |
240 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
241 | ovs_be16 subtype; /* NXAST_*. */ | |
242 | uint8_t pad[6]; | |
243 | }; | |
244 | OFP_ASSERT(sizeof(struct nx_action_header) == 16); | |
245 | ||
246 | /* Action structure for NXAST_RESUBMIT. | |
247 | * | |
248 | * NXAST_RESUBMIT searches the flow table again, using a flow that is slightly | |
249 | * modified from the original lookup: | |
250 | * | |
251 | * - The 'in_port' member of struct nx_action_resubmit is used as the flow's | |
252 | * in_port. | |
253 | * | |
254 | * - If NXAST_RESUBMIT is preceded by actions that affect the flow | |
255 | * (e.g. OFPAT_SET_VLAN_VID), then the flow is updated with the new | |
256 | * values. | |
257 | * | |
258 | * Following the lookup, the original in_port is restored. | |
259 | * | |
260 | * If the modified flow matched in the flow table, then the corresponding | |
261 | * actions are executed. Afterward, actions following NXAST_RESUBMIT in the | |
262 | * original set of actions, if any, are executed; any changes made to the | |
263 | * packet (e.g. changes to VLAN) by secondary actions persist when those | |
264 | * actions are executed, although the original in_port is restored. | |
265 | * | |
266 | * NXAST_RESUBMIT may be used any number of times within a set of actions. | |
267 | * | |
268 | * NXAST_RESUBMIT may nest to an implementation-defined depth. Beyond this | |
269 | * implementation-defined depth, further NXAST_RESUBMIT actions are simply | |
270 | * ignored. (Open vSwitch 1.0.1 and earlier did not support recursion.) | |
271 | */ | |
272 | struct nx_action_resubmit { | |
273 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
274 | ovs_be16 len; /* Length is 16. */ | |
275 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
276 | ovs_be16 subtype; /* NXAST_RESUBMIT. */ | |
277 | ovs_be16 in_port; /* New in_port for checking flow table. */ | |
278 | uint8_t pad[4]; | |
279 | }; | |
280 | OFP_ASSERT(sizeof(struct nx_action_resubmit) == 16); | |
281 | ||
282 | /* Action structure for NXAST_SET_TUNNEL. | |
283 | * | |
284 | * Sets the encapsulating tunnel ID to a 32-bit value. The most-significant 32 | |
285 | * bits of the tunnel ID are set to 0. */ | |
286 | struct nx_action_set_tunnel { | |
287 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
288 | ovs_be16 len; /* Length is 16. */ | |
289 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
290 | ovs_be16 subtype; /* NXAST_SET_TUNNEL. */ | |
291 | uint8_t pad[2]; | |
292 | ovs_be32 tun_id; /* Tunnel ID. */ | |
293 | }; | |
294 | OFP_ASSERT(sizeof(struct nx_action_set_tunnel) == 16); | |
295 | ||
296 | /* Action structure for NXAST_SET_TUNNEL64. | |
297 | * | |
298 | * Sets the encapsulating tunnel ID to a 64-bit value. */ | |
299 | struct nx_action_set_tunnel64 { | |
300 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
301 | ovs_be16 len; /* Length is 16. */ | |
302 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
303 | ovs_be16 subtype; /* NXAST_SET_TUNNEL64. */ | |
304 | uint8_t pad[6]; | |
305 | ovs_be64 tun_id; /* Tunnel ID. */ | |
306 | }; | |
307 | OFP_ASSERT(sizeof(struct nx_action_set_tunnel64) == 24); | |
308 | ||
309 | /* Action structure for NXAST_DROP_SPOOFED_ARP. | |
310 | * | |
311 | * Stops processing further actions, if the packet being processed is an | |
312 | * Ethernet+IPv4 ARP packet for which the source Ethernet address inside the | |
313 | * ARP packet differs from the source Ethernet address in the Ethernet header. | |
314 | * | |
315 | * (This action is deprecated in favor of defining flows using the | |
316 | * NXM_NX_ARP_SHA flow match and will likely be removed in a future version | |
317 | * of Open vSwitch.) */ | |
318 | struct nx_action_drop_spoofed_arp { | |
319 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
320 | ovs_be16 len; /* Length is 16. */ | |
321 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
322 | ovs_be16 subtype; /* NXAST_DROP_SPOOFED_ARP. */ | |
323 | uint8_t pad[6]; | |
324 | }; | |
325 | OFP_ASSERT(sizeof(struct nx_action_drop_spoofed_arp) == 16); | |
326 | ||
327 | /* Action structure for NXAST_SET_QUEUE. | |
328 | * | |
329 | * Set the queue that should be used when packets are output. This is similar | |
330 | * to the OpenFlow OFPAT_ENQUEUE action, but does not take the output port as | |
331 | * an argument. This allows the queue to be defined before the port is | |
332 | * known. */ | |
333 | struct nx_action_set_queue { | |
334 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
335 | ovs_be16 len; /* Length is 16. */ | |
336 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
337 | ovs_be16 subtype; /* NXAST_SET_QUEUE. */ | |
338 | uint8_t pad[2]; | |
339 | ovs_be32 queue_id; /* Where to enqueue packets. */ | |
340 | }; | |
341 | OFP_ASSERT(sizeof(struct nx_action_set_queue) == 16); | |
342 | ||
343 | /* Action structure for NXAST_POP_QUEUE. | |
344 | * | |
345 | * Restores the queue to the value it was before any NXAST_SET_QUEUE actions | |
346 | * were used. Only the original queue can be restored this way; no stack is | |
347 | * maintained. */ | |
348 | struct nx_action_pop_queue { | |
349 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
350 | ovs_be16 len; /* Length is 16. */ | |
351 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
352 | ovs_be16 subtype; /* NXAST_POP_QUEUE. */ | |
353 | uint8_t pad[6]; | |
354 | }; | |
355 | OFP_ASSERT(sizeof(struct nx_action_pop_queue) == 16); | |
356 | ||
357 | /* Action structure for NXAST_REG_MOVE. | |
358 | * | |
359 | * Copies src[src_ofs:src_ofs+n_bits] to dst[dst_ofs:dst_ofs+n_bits], where | |
360 | * a[b:c] denotes the bits within 'a' numbered 'b' through 'c' (not including | |
361 | * bit 'c'). Bit numbering starts at 0 for the least-significant bit, 1 for | |
362 | * the next most significant bit, and so on. | |
363 | * | |
364 | * 'src' and 'dst' are nxm_header values with nxm_hasmask=0. (It doesn't make | |
365 | * sense to use nxm_hasmask=1 because the action does not do any kind of | |
366 | * matching; it uses the actual value of a field.) | |
367 | * | |
368 | * The following nxm_header values are potentially acceptable as 'src': | |
369 | * | |
370 | * - NXM_OF_IN_PORT | |
371 | * - NXM_OF_ETH_DST | |
372 | * - NXM_OF_ETH_SRC | |
373 | * - NXM_OF_ETH_TYPE | |
374 | * - NXM_OF_VLAN_TCI | |
375 | * - NXM_OF_IP_TOS | |
376 | * - NXM_OF_IP_PROTO | |
377 | * - NXM_OF_IP_SRC | |
378 | * - NXM_OF_IP_DST | |
379 | * - NXM_OF_TCP_SRC | |
380 | * - NXM_OF_TCP_DST | |
381 | * - NXM_OF_UDP_SRC | |
382 | * - NXM_OF_UDP_DST | |
383 | * - NXM_OF_ICMP_TYPE | |
384 | * - NXM_OF_ICMP_CODE | |
385 | * - NXM_OF_ARP_OP | |
386 | * - NXM_OF_ARP_SPA | |
387 | * - NXM_OF_ARP_TPA | |
388 | * - NXM_NX_TUN_ID | |
389 | * - NXM_NX_ARP_SHA | |
390 | * - NXM_NX_ARP_THA | |
391 | * - NXM_NX_ICMPV6_TYPE | |
392 | * - NXM_NX_ICMPV6_CODE | |
393 | * - NXM_NX_REG(idx) for idx in the switch's accepted range. | |
394 | * | |
395 | * The following nxm_header values are potentially acceptable as 'dst': | |
396 | * | |
397 | * - NXM_NX_REG(idx) for idx in the switch's accepted range. | |
398 | * | |
399 | * - NXM_OF_VLAN_TCI. Modifying this field's value has side effects on the | |
400 | * packet's 802.1Q header. Setting a value with CFI=0 removes the 802.1Q | |
401 | * header (if any), ignoring the other bits. Setting a value with CFI=1 | |
402 | * adds or modifies the 802.1Q header appropriately, setting the TCI field | |
403 | * to the field's new value (with the CFI bit masked out). | |
404 | * | |
405 | * - NXM_NX_TUN_ID. Modifying this value modifies the tunnel ID used for the | |
406 | * packet's next tunnel encapsulation. | |
407 | * | |
408 | * A given nxm_header value may be used as 'src' or 'dst' only on a flow whose | |
409 | * nx_match satisfies its prerequisites. For example, NXM_OF_IP_TOS may be | |
410 | * used only if the flow's nx_match includes an nxm_entry that specifies | |
411 | * nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, and nxm_value=0x0800. | |
412 | * | |
413 | * The switch will reject actions for which src_ofs+n_bits is greater than the | |
414 | * width of 'src' or dst_ofs+n_bits is greater than the width of 'dst' with | |
415 | * error type OFPET_BAD_ACTION, code OFPBAC_BAD_ARGUMENT. | |
416 | */ | |
417 | struct nx_action_reg_move { | |
418 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
419 | ovs_be16 len; /* Length is 16. */ | |
420 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
421 | ovs_be16 subtype; /* NXAST_REG_MOVE. */ | |
422 | ovs_be16 n_bits; /* Number of bits. */ | |
423 | ovs_be16 src_ofs; /* Starting bit offset in source. */ | |
424 | ovs_be16 dst_ofs; /* Starting bit offset in destination. */ | |
425 | ovs_be32 src; /* Source register. */ | |
426 | ovs_be32 dst; /* Destination register. */ | |
427 | }; | |
428 | OFP_ASSERT(sizeof(struct nx_action_reg_move) == 24); | |
429 | ||
430 | /* Action structure for NXAST_REG_LOAD. | |
431 | * | |
432 | * Copies value[0:n_bits] to dst[ofs:ofs+n_bits], where a[b:c] denotes the bits | |
433 | * within 'a' numbered 'b' through 'c' (not including bit 'c'). Bit numbering | |
434 | * starts at 0 for the least-significant bit, 1 for the next most significant | |
435 | * bit, and so on. | |
436 | * | |
437 | * 'dst' is an nxm_header with nxm_hasmask=0. See the documentation for | |
438 | * NXAST_REG_MOVE, above, for the permitted fields and for the side effects of | |
439 | * loading them. | |
440 | * | |
441 | * The 'ofs' and 'n_bits' fields are combined into a single 'ofs_nbits' field | |
442 | * to avoid enlarging the structure by another 8 bytes. To allow 'n_bits' to | |
443 | * take a value between 1 and 64 (inclusive) while taking up only 6 bits, it is | |
444 | * also stored as one less than its true value: | |
445 | * | |
446 | * 15 6 5 0 | |
447 | * +------------------------------+------------------+ | |
448 | * | ofs | n_bits - 1 | | |
449 | * +------------------------------+------------------+ | |
450 | * | |
451 | * The switch will reject actions for which ofs+n_bits is greater than the | |
452 | * width of 'dst', or in which any bits in 'value' with value 2**n_bits or | |
453 | * greater are set to 1, with error type OFPET_BAD_ACTION, code | |
454 | * OFPBAC_BAD_ARGUMENT. | |
455 | */ | |
456 | struct nx_action_reg_load { | |
457 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
458 | ovs_be16 len; /* Length is 16. */ | |
459 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
460 | ovs_be16 subtype; /* NXAST_REG_LOAD. */ | |
461 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ | |
462 | ovs_be32 dst; /* Destination register. */ | |
463 | ovs_be64 value; /* Immediate value. */ | |
464 | }; | |
465 | OFP_ASSERT(sizeof(struct nx_action_reg_load) == 24); | |
466 | ||
467 | /* Action structure for NXAST_NOTE. | |
468 | * | |
469 | * This action has no effect. It is variable length. The switch does not | |
470 | * attempt to interpret the user-defined 'note' data in any way. A controller | |
471 | * can use this action to attach arbitrary metadata to a flow. | |
472 | * | |
473 | * This action might go away in the future. | |
474 | */ | |
475 | struct nx_action_note { | |
476 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
477 | ovs_be16 len; /* A multiple of 8, but at least 16. */ | |
478 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
479 | ovs_be16 subtype; /* NXAST_NOTE. */ | |
480 | uint8_t note[6]; /* Start of user-defined data. */ | |
481 | /* Possibly followed by additional user-defined data. */ | |
482 | }; | |
483 | OFP_ASSERT(sizeof(struct nx_action_note) == 16); | |
484 | ||
485 | /* Action structure for NXAST_MULTIPATH. | |
486 | * | |
487 | * This action performs the following steps in sequence: | |
488 | * | |
489 | * 1. Hashes the fields designated by 'fields', one of NX_MP_FIELDS_*. | |
490 | * Refer to the definition of "enum nx_mp_fields" for details. | |
491 | * | |
492 | * The 'basis' value is used as a universal hash parameter, that is, | |
493 | * different values of 'basis' yield different hash functions. The | |
494 | * particular universal hash function used is implementation-defined. | |
495 | * | |
496 | * The hashed fields' values are drawn from the current state of the | |
497 | * flow, including all modifications that have been made by actions up to | |
498 | * this point. | |
499 | * | |
500 | * 2. Applies the multipath link choice algorithm specified by 'algorithm', | |
501 | * one of NX_MP_ALG_*. Refer to the definition of "enum nx_mp_algorithm" | |
502 | * for details. | |
503 | * | |
504 | * The output of the algorithm is 'link', an unsigned integer less than | |
505 | * or equal to 'max_link'. | |
506 | * | |
507 | * Some algorithms use 'arg' as an additional argument. | |
508 | * | |
509 | * 3. Stores 'link' in dst[ofs:ofs+n_bits]. The format and semantics of | |
510 | * 'dst' and 'ofs_nbits' are identical to those for the NXAST_REG_LOAD | |
511 | * action; refer to the description of that action for details. | |
512 | * | |
513 | * The switch will reject actions that have an unknown 'fields', or an unknown | |
514 | * 'algorithm', or in which ofs+n_bits is greater than the width of 'dst', or | |
515 | * in which 'max_link' is greater than or equal to 2**n_bits, with error type | |
516 | * OFPET_BAD_ACTION, code OFPBAC_BAD_ARGUMENT. | |
517 | */ | |
518 | struct nx_action_multipath { | |
519 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
520 | ovs_be16 len; /* Length is 32. */ | |
521 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
522 | ovs_be16 subtype; /* NXAST_MULTIPATH. */ | |
523 | ||
524 | /* What fields to hash and how. */ | |
525 | ovs_be16 fields; /* One of NX_MP_FIELDS_*. */ | |
526 | ovs_be16 basis; /* Universal hash parameter. */ | |
527 | ovs_be16 pad0; | |
528 | ||
529 | /* Multipath link choice algorithm to apply to hash value. */ | |
530 | ovs_be16 algorithm; /* One of NX_MP_ALG_*. */ | |
531 | ovs_be16 max_link; /* Number of output links, minus 1. */ | |
532 | ovs_be32 arg; /* Algorithm-specific argument. */ | |
533 | ovs_be16 pad1; | |
534 | ||
535 | /* Where to store the result. */ | |
536 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ | |
537 | ovs_be32 dst; /* Destination register. */ | |
538 | }; | |
539 | OFP_ASSERT(sizeof(struct nx_action_multipath) == 32); | |
540 | ||
541 | /* NXAST_MULTIPATH: Fields to hash. */ | |
542 | enum nx_mp_fields { | |
543 | /* Ethernet source address (NXM_OF_ETH_SRC) only. */ | |
544 | NX_MP_FIELDS_ETH_SRC, | |
545 | ||
546 | /* L2 through L4, symmetric across src/dst. Specifically, each of the | |
547 | * following fields, if present, is hashed (slashes separate symmetric | |
548 | * pairs): | |
549 | * | |
550 | * - NXM_OF_ETH_DST / NXM_OF_ETH_SRC | |
551 | * - NXM_OF_ETH_TYPE | |
552 | * - The VID bits from NXM_OF_VLAN_TCI, ignoring PCP and CFI. | |
553 | * - NXM_OF_IP_PROTO | |
554 | * - NXM_OF_IP_SRC / NXM_OF_IP_DST | |
555 | * - NXM_OF_TCP_SRC / NXM_OF_TCP_DST | |
556 | * - NXM_OF_UDP_SRC / NXM_OF_UDP_DST | |
557 | */ | |
558 | NX_MP_FIELDS_SYMMETRIC_L4 | |
559 | }; | |
560 | ||
561 | /* NXAST_MULTIPATH: Multipath link choice algorithm to apply. | |
562 | * | |
563 | * In the descriptions below, 'n_links' is max_link + 1. */ | |
564 | enum nx_mp_algorithm { | |
565 | /* link = hash(flow) % n_links. | |
566 | * | |
567 | * Redistributes all traffic when n_links changes. O(1) performance. See | |
568 | * RFC 2992. | |
569 | * | |
570 | * Use UINT16_MAX for max_link to get a raw hash value. */ | |
571 | NX_MP_ALG_MODULO_N, | |
572 | ||
573 | /* link = hash(flow) / (MAX_HASH / n_links). | |
574 | * | |
575 | * Redistributes between one-quarter and one-half of traffic when n_links | |
576 | * changes. O(1) performance. See RFC 2992. | |
577 | */ | |
578 | NX_MP_ALG_HASH_THRESHOLD, | |
579 | ||
580 | /* for i in [0,n_links): | |
581 | * weights[i] = hash(flow, i) | |
582 | * link = { i such that weights[i] >= weights[j] for all j != i } | |
583 | * | |
584 | * Redistributes 1/n_links of traffic when n_links changes. O(n_links) | |
585 | * performance. If n_links is greater than a threshold (currently 64, but | |
586 | * subject to change), Open vSwitch will substitute another algorithm | |
587 | * automatically. See RFC 2992. */ | |
588 | NX_MP_ALG_HRW, /* Highest Random Weight. */ | |
589 | ||
590 | /* i = 0 | |
591 | * repeat: | |
592 | * i = i + 1 | |
593 | * link = hash(flow, i) % arg | |
594 | * while link > max_link | |
595 | * | |
596 | * Redistributes 1/n_links of traffic when n_links changes. O(1) | |
597 | * performance when arg/max_link is bounded by a constant. | |
598 | * | |
599 | * Redistributes all traffic when arg changes. | |
600 | * | |
601 | * arg must be greater than max_link and for best performance should be no | |
602 | * more than approximately max_link * 2. If arg is outside the acceptable | |
603 | * range, Open vSwitch will automatically substitute the least power of 2 | |
604 | * greater than max_link. | |
605 | * | |
606 | * This algorithm is specific to Open vSwitch. | |
607 | */ | |
608 | NX_MP_ALG_ITER_HASH /* Iterative Hash. */ | |
609 | }; | |
610 | ||
611 | /* Wildcard for tunnel ID. */ | |
612 | #define NXFW_TUN_ID (1 << 25) | |
613 | ||
614 | #define NXFW_ALL NXFW_TUN_ID | |
615 | #define OVSFW_ALL (OFPFW_ALL | NXFW_ALL) | |
616 | \f | |
617 | /* Flexible flow specifications (aka NXM = Nicira Extended Match). | |
618 | * | |
619 | * OpenFlow 1.0 has "struct ofp_match" for specifying flow matches. This | |
620 | * structure is fixed-length and hence difficult to extend. This section | |
621 | * describes a more flexible, variable-length flow match, called "nx_match" for | |
622 | * short, that is also supported by Open vSwitch. This section also defines a | |
623 | * replacement for each OpenFlow message that includes struct ofp_match. | |
624 | * | |
625 | * | |
626 | * Format | |
627 | * ====== | |
628 | * | |
629 | * An nx_match is a sequence of zero or more "nxm_entry"s, which are | |
630 | * type-length-value (TLV) entries, each 5 to 259 (inclusive) bytes long. | |
631 | * "nxm_entry"s are not aligned on or padded to any multibyte boundary. The | |
632 | * first 4 bytes of an nxm_entry are its "header", followed by the entry's | |
633 | * "body". | |
634 | * | |
635 | * An nxm_entry's header is interpreted as a 32-bit word in network byte order: | |
636 | * | |
637 | * |<-------------------- nxm_type ------------------>| | |
638 | * | | | |
639 | * |31 16 15 9| 8 7 0 | |
640 | * +----------------------------------+---------------+--+------------------+ | |
641 | * | nxm_vendor | nxm_field |hm| nxm_length | | |
642 | * +----------------------------------+---------------+--+------------------+ | |
643 | * | |
644 | * The most-significant 23 bits of the header are collectively "nxm_type". | |
645 | * Bits 16...31 are "nxm_vendor", one of the NXM_VENDOR_* values below. Bits | |
646 | * 9...15 are "nxm_field", which is a vendor-specific value. nxm_type normally | |
647 | * designates a protocol header, such as the Ethernet type, but it can also | |
648 | * refer to packet metadata, such as the switch port on which a packet arrived. | |
649 | * | |
650 | * Bit 8 is "nxm_hasmask" (labeled "hm" above for space reasons). The meaning | |
651 | * of this bit is explained later. | |
652 | * | |
653 | * The least-significant 8 bits are "nxm_length", a positive integer. The | |
654 | * length of the nxm_entry, including the header, is exactly 4 + nxm_length | |
655 | * bytes. | |
656 | * | |
657 | * For a given nxm_vendor, nxm_field, and nxm_hasmask value, nxm_length is a | |
658 | * constant. It is included only to allow software to minimally parse | |
659 | * "nxm_entry"s of unknown types. (Similarly, for a given nxm_vendor, | |
660 | * nxm_field, and nxm_length, nxm_hasmask is a constant.) | |
661 | * | |
662 | * | |
663 | * Semantics | |
664 | * ========= | |
665 | * | |
666 | * A zero-length nx_match (one with no "nxm_entry"s) matches every packet. | |
667 | * | |
668 | * An nxm_entry places a constraint on the packets matched by the nx_match: | |
669 | * | |
670 | * - If nxm_hasmask is 0, the nxm_entry's body contains a value for the | |
671 | * field, called "nxm_value". The nx_match matches only packets in which | |
672 | * the field equals nxm_value. | |
673 | * | |
674 | * - If nxm_hasmask is 1, then the nxm_entry's body contains a value for the | |
675 | * field (nxm_value), followed by a bitmask of the same length as the | |
676 | * value, called "nxm_mask". For each 1-bit in position J in nxm_mask, the | |
677 | * nx_match matches only packets for which bit J in the given field's value | |
678 | * matches bit J in nxm_value. A 0-bit in nxm_mask causes the | |
679 | * corresponding bits in nxm_value and the field's value to be ignored. | |
680 | * (The sense of the nxm_mask bits is the opposite of that used by the | |
681 | * "wildcards" member of struct ofp_match.) | |
682 | * | |
683 | * When nxm_hasmask is 1, nxm_length is always even. | |
684 | * | |
685 | * An all-zero-bits nxm_mask is equivalent to omitting the nxm_entry | |
686 | * entirely. An all-one-bits nxm_mask is equivalent to specifying 0 for | |
687 | * nxm_hasmask. | |
688 | * | |
689 | * When there are multiple "nxm_entry"s, all of the constraints must be met. | |
690 | * | |
691 | * | |
692 | * Mask Restrictions | |
693 | * ================= | |
694 | * | |
695 | * Masks may be restricted: | |
696 | * | |
697 | * - Some nxm_types may not support masked wildcards, that is, nxm_hasmask | |
698 | * must always be 0 when these fields are specified. For example, the | |
699 | * field that identifies the port on which a packet was received may not be | |
700 | * masked. | |
701 | * | |
702 | * - Some nxm_types that do support masked wildcards may only support certain | |
703 | * nxm_mask patterns. For example, fields that have IPv4 address values | |
704 | * may be restricted to CIDR masks. | |
705 | * | |
706 | * These restrictions should be noted in specifications for individual fields. | |
707 | * A switch may accept an nxm_hasmask or nxm_mask value that the specification | |
708 | * disallows, if the switch correctly implements support for that nxm_hasmask | |
709 | * or nxm_mask value. A switch must reject an attempt to set up a flow that | |
710 | * contains a nxm_hasmask or nxm_mask value that it does not support. | |
711 | * | |
712 | * | |
713 | * Prerequisite Restrictions | |
714 | * ========================= | |
715 | * | |
716 | * The presence of an nxm_entry with a given nxm_type may be restricted based | |
717 | * on the presence of or values of other "nxm_entry"s. For example: | |
718 | * | |
719 | * - An nxm_entry for nxm_type=NXM_OF_IP_TOS is allowed only if it is | |
720 | * preceded by another entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, | |
721 | * and nxm_value=0x0800. That is, matching on the IP source address is | |
722 | * allowed only if the Ethernet type is explicitly set to IP. | |
723 | * | |
724 | * - An nxm_entry for nxm_type=NXM_OF_TCP_SRC is allowed only if it is preced | |
725 | * by an entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, | |
726 | * nxm_value=0x0800 and another with nxm_type=NXM_OF_IP_PROTO, | |
727 | * nxm_hasmask=0, nxm_value=6, in that order. That is, matching on the TCP | |
728 | * source port is allowed only if the Ethernet type is IP and the IP | |
729 | * protocol is TCP. | |
730 | * | |
731 | * These restrictions should be noted in specifications for individual fields. | |
732 | * A switch may implement relaxed versions of these restrictions. A switch | |
733 | * must reject an attempt to set up a flow that violates its restrictions. | |
734 | * | |
735 | * | |
736 | * Ordering Restrictions | |
737 | * ===================== | |
738 | * | |
739 | * An nxm_entry that has prerequisite restrictions must appear after the | |
740 | * "nxm_entry"s for its prerequisites. Ordering of "nxm_entry"s within an | |
741 | * nx_match is not otherwise constrained. | |
742 | * | |
743 | * Any given nxm_type may appear in an nx_match at most once. | |
744 | * | |
745 | * | |
746 | * nxm_entry Examples | |
747 | * ================== | |
748 | * | |
749 | * These examples show the format of a single nxm_entry with particular | |
750 | * nxm_hasmask and nxm_length values. The diagrams are labeled with field | |
751 | * numbers and byte indexes. | |
752 | * | |
753 | * | |
754 | * 8-bit nxm_value, nxm_hasmask=1, nxm_length=1: | |
755 | * | |
756 | * 0 3 4 5 | |
757 | * +------------+---+---+ | |
758 | * | header | v | m | | |
759 | * +------------+---+---+ | |
760 | * | |
761 | * | |
762 | * 16-bit nxm_value, nxm_hasmask=0, nxm_length=2: | |
763 | * | |
764 | * 0 3 4 5 | |
765 | * +------------+------+ | |
766 | * | header | value| | |
767 | * +------------+------+ | |
768 | * | |
769 | * | |
770 | * 32-bit nxm_value, nxm_hasmask=0, nxm_length=4: | |
771 | * | |
772 | * 0 3 4 7 | |
773 | * +------------+-------------+ | |
774 | * | header | nxm_value | | |
775 | * +------------+-------------+ | |
776 | * | |
777 | * | |
778 | * 48-bit nxm_value, nxm_hasmask=0, nxm_length=6: | |
779 | * | |
780 | * 0 3 4 9 | |
781 | * +------------+------------------+ | |
782 | * | header | nxm_value | | |
783 | * +------------+------------------+ | |
784 | * | |
785 | * | |
786 | * 48-bit nxm_value, nxm_hasmask=1, nxm_length=12: | |
787 | * | |
788 | * 0 3 4 9 10 15 | |
789 | * +------------+------------------+------------------+ | |
790 | * | header | nxm_value | nxm_mask | | |
791 | * +------------+------------------+------------------+ | |
792 | * | |
793 | * | |
794 | * Error Reporting | |
795 | * =============== | |
796 | * | |
797 | * A switch should report an error in an nx_match using error type | |
798 | * OFPET_BAD_REQUEST and one of the NXBRC_NXM_* codes. Ideally the switch | |
799 | * should report a specific error code, if one is assigned for the particular | |
800 | * problem, but NXBRC_NXM_INVALID is also available to report a generic | |
801 | * nx_match error. | |
802 | */ | |
803 | ||
804 | #define NXM_HEADER__(VENDOR, FIELD, HASMASK, LENGTH) \ | |
805 | (((VENDOR) << 16) | ((FIELD) << 9) | ((HASMASK) << 8) | (LENGTH)) | |
806 | #define NXM_HEADER(VENDOR, FIELD, LENGTH) \ | |
807 | NXM_HEADER__(VENDOR, FIELD, 0, LENGTH) | |
808 | #define NXM_HEADER_W(VENDOR, FIELD, LENGTH) \ | |
809 | NXM_HEADER__(VENDOR, FIELD, 1, (LENGTH) * 2) | |
810 | #define NXM_VENDOR(HEADER) ((HEADER) >> 16) | |
811 | #define NXM_FIELD(HEADER) (((HEADER) >> 9) & 0x7f) | |
812 | #define NXM_TYPE(HEADER) (((HEADER) >> 9) & 0x7fffff) | |
813 | #define NXM_HASMASK(HEADER) (((HEADER) >> 8) & 1) | |
814 | #define NXM_LENGTH(HEADER) ((HEADER) & 0xff) | |
815 | ||
816 | #define NXM_MAKE_WILD_HEADER(HEADER) \ | |
817 | NXM_HEADER_W(NXM_VENDOR(HEADER), NXM_FIELD(HEADER), NXM_LENGTH(HEADER)) | |
818 | ||
819 | /* ## ------------------------------- ## */ | |
820 | /* ## OpenFlow 1.0-compatible fields. ## */ | |
821 | /* ## ------------------------------- ## */ | |
822 | ||
823 | /* Physical or virtual port on which the packet was received. | |
824 | * | |
825 | * Prereqs: None. | |
826 | * | |
827 | * Format: 16-bit integer in network byte order. | |
828 | * | |
829 | * Masking: Not maskable. */ | |
830 | #define NXM_OF_IN_PORT NXM_HEADER (0x0000, 0, 2) | |
831 | ||
832 | /* Source or destination address in Ethernet header. | |
833 | * | |
834 | * Prereqs: None. | |
835 | * | |
836 | * Format: 48-bit Ethernet MAC address. | |
837 | * | |
838 | * Masking: The nxm_mask patterns 01:00:00:00:00:00 and FE:FF:FF:FF:FF:FF must | |
839 | * be supported for NXM_OF_ETH_DST_W (as well as the trivial patterns that | |
840 | * are all-0-bits or all-1-bits). Support for other patterns and for masking | |
841 | * of NXM_OF_ETH_SRC is optional. */ | |
842 | #define NXM_OF_ETH_DST NXM_HEADER (0x0000, 1, 6) | |
843 | #define NXM_OF_ETH_DST_W NXM_HEADER_W(0x0000, 1, 6) | |
844 | #define NXM_OF_ETH_SRC NXM_HEADER (0x0000, 2, 6) | |
845 | ||
846 | /* Packet's Ethernet type. | |
847 | * | |
848 | * For an Ethernet II packet this is taken from the Ethernet header. For an | |
849 | * 802.2 LLC+SNAP header with OUI 00-00-00 this is taken from the SNAP header. | |
850 | * A packet that has neither format has value 0x05ff | |
851 | * (OFP_DL_TYPE_NOT_ETH_TYPE). | |
852 | * | |
853 | * For a packet with an 802.1Q header, this is the type of the encapsulated | |
854 | * frame. | |
855 | * | |
856 | * Prereqs: None. | |
857 | * | |
858 | * Format: 16-bit integer in network byte order. | |
859 | * | |
860 | * Masking: Not maskable. */ | |
861 | #define NXM_OF_ETH_TYPE NXM_HEADER (0x0000, 3, 2) | |
862 | ||
863 | /* 802.1Q TCI. | |
864 | * | |
865 | * For a packet with an 802.1Q header, this is the Tag Control Information | |
866 | * (TCI) field, with the CFI bit forced to 1. For a packet with no 802.1Q | |
867 | * header, this has value 0. | |
868 | * | |
869 | * Prereqs: None. | |
870 | * | |
871 | * Format: 16-bit integer in network byte order. | |
872 | * | |
873 | * Masking: Arbitrary masks. | |
874 | * | |
875 | * This field can be used in various ways: | |
876 | * | |
877 | * - If it is not constrained at all, the nx_match matches packets without | |
878 | * an 802.1Q header or with an 802.1Q header that has any TCI value. | |
879 | * | |
880 | * - Testing for an exact match with 0 matches only packets without an | |
881 | * 802.1Q header. | |
882 | * | |
883 | * - Testing for an exact match with a TCI value with CFI=1 matches packets | |
884 | * that have an 802.1Q header with a specified VID and PCP. | |
885 | * | |
886 | * - Testing for an exact match with a nonzero TCI value with CFI=0 does | |
887 | * not make sense. The switch may reject this combination. | |
888 | * | |
889 | * - Testing with a specific VID and CFI=1, with nxm_mask=0x1fff, matches | |
890 | * packets that have an 802.1Q header with that VID (and any PCP). | |
891 | * | |
892 | * - Testing with a specific PCP and CFI=1, with nxm_mask=0xf000, matches | |
893 | * packets that have an 802.1Q header with that PCP (and any VID). | |
894 | * | |
895 | * - Testing with nxm_value=0, nxm_mask=0x0fff matches packets with no 802.1Q | |
896 | * header or with an 802.1Q header with a VID of 0. | |
897 | * | |
898 | * - Testing with nxm_value=0, nxm_mask=0xe000 matches packets with no 802.1Q | |
899 | * header or with an 802.1Q header with a PCP of 0. | |
900 | * | |
901 | * - Testing with nxm_value=0, nxm_mask=0xefff matches packets with no 802.1Q | |
902 | * header or with an 802.1Q header with both VID and PCP of 0. | |
903 | */ | |
904 | #define NXM_OF_VLAN_TCI NXM_HEADER (0x0000, 4, 2) | |
905 | #define NXM_OF_VLAN_TCI_W NXM_HEADER_W(0x0000, 4, 2) | |
906 | ||
907 | /* The "type of service" byte of the IP header, with the ECN bits forced to 0. | |
908 | * | |
909 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
910 | * | |
911 | * Format: 8-bit integer with 2 least-significant bits forced to 0. | |
912 | * | |
913 | * Masking: Not maskable. */ | |
914 | #define NXM_OF_IP_TOS NXM_HEADER (0x0000, 5, 1) | |
915 | ||
916 | /* The "protocol" byte in the IP header. | |
917 | * | |
918 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
919 | * | |
920 | * Format: 8-bit integer. | |
921 | * | |
922 | * Masking: Not maskable. */ | |
923 | #define NXM_OF_IP_PROTO NXM_HEADER (0x0000, 6, 1) | |
924 | ||
925 | /* The source or destination address in the IP header. | |
926 | * | |
927 | * Prereqs: NXM_OF_ETH_TYPE must match 0x0800 exactly. | |
928 | * | |
929 | * Format: 32-bit integer in network byte order. | |
930 | * | |
931 | * Masking: Only CIDR masks are allowed, that is, masks that consist of N | |
932 | * high-order bits set to 1 and the other 32-N bits set to 0. */ | |
933 | #define NXM_OF_IP_SRC NXM_HEADER (0x0000, 7, 4) | |
934 | #define NXM_OF_IP_SRC_W NXM_HEADER_W(0x0000, 7, 4) | |
935 | #define NXM_OF_IP_DST NXM_HEADER (0x0000, 8, 4) | |
936 | #define NXM_OF_IP_DST_W NXM_HEADER_W(0x0000, 8, 4) | |
937 | ||
938 | /* The source or destination port in the TCP header. | |
939 | * | |
940 | * Prereqs: | |
941 | * NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
942 | * NXM_OF_IP_PROTO must match 6 exactly. | |
943 | * | |
944 | * Format: 16-bit integer in network byte order. | |
945 | * | |
946 | * Masking: Not maskable. */ | |
947 | #define NXM_OF_TCP_SRC NXM_HEADER (0x0000, 9, 2) | |
948 | #define NXM_OF_TCP_DST NXM_HEADER (0x0000, 10, 2) | |
949 | ||
950 | /* The source or destination port in the UDP header. | |
951 | * | |
952 | * Prereqs: | |
953 | * NXM_OF_ETH_TYPE must match either 0x0800 or 0x86dd. | |
954 | * NXM_OF_IP_PROTO must match 17 exactly. | |
955 | * | |
956 | * Format: 16-bit integer in network byte order. | |
957 | * | |
958 | * Masking: Not maskable. */ | |
959 | #define NXM_OF_UDP_SRC NXM_HEADER (0x0000, 11, 2) | |
960 | #define NXM_OF_UDP_DST NXM_HEADER (0x0000, 12, 2) | |
961 | ||
962 | /* The type or code in the ICMP header. | |
963 | * | |
964 | * Prereqs: | |
965 | * NXM_OF_ETH_TYPE must match 0x0800 exactly. | |
966 | * NXM_OF_IP_PROTO must match 1 exactly. | |
967 | * | |
968 | * Format: 8-bit integer. | |
969 | * | |
970 | * Masking: Not maskable. */ | |
971 | #define NXM_OF_ICMP_TYPE NXM_HEADER (0x0000, 13, 1) | |
972 | #define NXM_OF_ICMP_CODE NXM_HEADER (0x0000, 14, 1) | |
973 | ||
974 | /* ARP opcode. | |
975 | * | |
976 | * For an Ethernet+IP ARP packet, the opcode in the ARP header. Always 0 | |
977 | * otherwise. Only ARP opcodes between 1 and 255 should be specified for | |
978 | * matching. | |
979 | * | |
980 | * Prereqs: NXM_OF_ETH_TYPE must match 0x0806 exactly. | |
981 | * | |
982 | * Format: 16-bit integer in network byte order. | |
983 | * | |
984 | * Masking: Not maskable. */ | |
985 | #define NXM_OF_ARP_OP NXM_HEADER (0x0000, 15, 2) | |
986 | ||
987 | /* For an Ethernet+IP ARP packet, the source or target protocol address | |
988 | * in the ARP header. Always 0 otherwise. | |
989 | * | |
990 | * Prereqs: NXM_OF_ETH_TYPE must match 0x0806 exactly. | |
991 | * | |
992 | * Format: 32-bit integer in network byte order. | |
993 | * | |
994 | * Masking: Only CIDR masks are allowed, that is, masks that consist of N | |
995 | * high-order bits set to 1 and the other 32-N bits set to 0. */ | |
996 | #define NXM_OF_ARP_SPA NXM_HEADER (0x0000, 16, 4) | |
997 | #define NXM_OF_ARP_SPA_W NXM_HEADER_W(0x0000, 16, 4) | |
998 | #define NXM_OF_ARP_TPA NXM_HEADER (0x0000, 17, 4) | |
999 | #define NXM_OF_ARP_TPA_W NXM_HEADER_W(0x0000, 17, 4) | |
1000 | ||
1001 | /* ## ------------------------ ## */ | |
1002 | /* ## Nicira match extensions. ## */ | |
1003 | /* ## ------------------------ ## */ | |
1004 | ||
1005 | /* Metadata registers. | |
1006 | * | |
1007 | * Registers initially have value 0. Actions allow register values to be | |
1008 | * manipulated. | |
1009 | * | |
1010 | * Prereqs: None. | |
1011 | * | |
1012 | * Format: Array of 32-bit integer registers. Space is reserved for up to | |
1013 | * NXM_NX_MAX_REGS registers, but switches may implement fewer. | |
1014 | * | |
1015 | * Masking: Arbitrary masks. */ | |
1016 | #define NXM_NX_MAX_REGS 16 | |
1017 | #define NXM_NX_REG(IDX) NXM_HEADER (0x0001, IDX, 4) | |
1018 | #define NXM_NX_REG_W(IDX) NXM_HEADER_W(0x0001, IDX, 4) | |
1019 | #define NXM_NX_REG_IDX(HEADER) NXM_FIELD(HEADER) | |
1020 | #define NXM_IS_NX_REG(HEADER) (!((((HEADER) ^ NXM_NX_REG0)) & 0xffffe1ff)) | |
1021 | #define NXM_IS_NX_REG_W(HEADER) (!((((HEADER) ^ NXM_NX_REG0_W)) & 0xffffe1ff)) | |
1022 | #define NXM_NX_REG0 NXM_HEADER (0x0001, 0, 4) | |
1023 | #define NXM_NX_REG0_W NXM_HEADER_W(0x0001, 0, 4) | |
1024 | #define NXM_NX_REG1 NXM_HEADER (0x0001, 1, 4) | |
1025 | #define NXM_NX_REG1_W NXM_HEADER_W(0x0001, 1, 4) | |
1026 | #define NXM_NX_REG2 NXM_HEADER (0x0001, 2, 4) | |
1027 | #define NXM_NX_REG2_W NXM_HEADER_W(0x0001, 2, 4) | |
1028 | #define NXM_NX_REG3 NXM_HEADER (0x0001, 3, 4) | |
1029 | #define NXM_NX_REG3_W NXM_HEADER_W(0x0001, 3, 4) | |
1030 | ||
1031 | /* Tunnel ID. | |
1032 | * | |
1033 | * For a packet received via GRE tunnel including a (32-bit) key, the key is | |
1034 | * stored in the low 32-bits and the high bits are zeroed. For other packets, | |
1035 | * the value is 0. | |
1036 | * | |
1037 | * Prereqs: None. | |
1038 | * | |
1039 | * Format: 64-bit integer in network byte order. | |
1040 | * | |
1041 | * Masking: Arbitrary masks. */ | |
1042 | #define NXM_NX_TUN_ID NXM_HEADER (0x0001, 16, 8) | |
1043 | #define NXM_NX_TUN_ID_W NXM_HEADER_W(0x0001, 16, 8) | |
1044 | ||
1045 | /* For an Ethernet+IP ARP packet, the source or target hardware address | |
1046 | * in the ARP header. Always 0 otherwise. | |
1047 | * | |
1048 | * Prereqs: NXM_OF_ETH_TYPE must match 0x0806 exactly. | |
1049 | * | |
1050 | * Format: 48-bit Ethernet MAC address. | |
1051 | * | |
1052 | * Masking: Not maskable. */ | |
1053 | #define NXM_NX_ARP_SHA NXM_HEADER (0x0001, 17, 6) | |
1054 | #define NXM_NX_ARP_THA NXM_HEADER (0x0001, 18, 6) | |
1055 | ||
1056 | /* The source or destination address in the IPv6 header. | |
1057 | * | |
1058 | * Prereqs: NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1059 | * | |
1060 | * Format: 128-bit IPv6 address. | |
1061 | * | |
1062 | * Masking: Only CIDR masks are allowed, that is, masks that consist of N | |
1063 | * high-order bits set to 1 and the other 128-N bits set to 0. */ | |
1064 | #define NXM_NX_IPV6_SRC NXM_HEADER (0x0001, 19, 16) | |
1065 | #define NXM_NX_IPV6_SRC_W NXM_HEADER_W(0x0001, 19, 16) | |
1066 | #define NXM_NX_IPV6_DST NXM_HEADER (0x0001, 20, 16) | |
1067 | #define NXM_NX_IPV6_DST_W NXM_HEADER_W(0x0001, 20, 16) | |
1068 | ||
1069 | /* The type or code in the ICMPv6 header. | |
1070 | * | |
1071 | * Prereqs: | |
1072 | * NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1073 | * NXM_OF_IP_PROTO must match 58 exactly. | |
1074 | * | |
1075 | * Format: 8-bit integer. | |
1076 | * | |
1077 | * Masking: Not maskable. */ | |
1078 | #define NXM_NX_ICMPV6_TYPE NXM_HEADER (0x0001, 21, 1) | |
1079 | #define NXM_NX_ICMPV6_CODE NXM_HEADER (0x0001, 22, 1) | |
1080 | ||
1081 | ||
1082 | /* ## --------------------- ## */ | |
1083 | /* ## Requests and replies. ## */ | |
1084 | /* ## --------------------- ## */ | |
1085 | ||
1086 | enum nx_flow_format { | |
1087 | NXFF_OPENFLOW10 = 0, /* Standard OpenFlow 1.0 compatible. */ | |
1088 | NXFF_TUN_ID_FROM_COOKIE = 1, /* OpenFlow 1.0, plus obtain tunnel ID from | |
1089 | * cookie. */ | |
1090 | NXFF_NXM = 2 /* Nicira extended match. */ | |
1091 | }; | |
1092 | ||
1093 | /* NXT_SET_FLOW_FORMAT request. */ | |
1094 | struct nxt_set_flow_format { | |
1095 | struct ofp_header header; | |
1096 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
1097 | ovs_be32 subtype; /* NXT_SET_FLOW_FORMAT. */ | |
1098 | ovs_be32 format; /* One of NXFF_*. */ | |
1099 | }; | |
1100 | OFP_ASSERT(sizeof(struct nxt_set_flow_format) == 20); | |
1101 | ||
1102 | /* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). */ | |
1103 | struct nx_flow_mod { | |
1104 | struct nicira_header nxh; | |
1105 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ | |
1106 | ovs_be16 command; /* One of OFPFC_*. */ | |
1107 | ovs_be16 idle_timeout; /* Idle time before discarding (seconds). */ | |
1108 | ovs_be16 hard_timeout; /* Max time before discarding (seconds). */ | |
1109 | ovs_be16 priority; /* Priority level of flow entry. */ | |
1110 | ovs_be32 buffer_id; /* Buffered packet to apply to (or -1). | |
1111 | Not meaningful for OFPFC_DELETE*. */ | |
1112 | ovs_be16 out_port; /* For OFPFC_DELETE* commands, require | |
1113 | matching entries to include this as an | |
1114 | output port. A value of OFPP_NONE | |
1115 | indicates no restriction. */ | |
1116 | ovs_be16 flags; /* One of OFPFF_*. */ | |
1117 | ovs_be16 match_len; /* Size of nx_match. */ | |
1118 | uint8_t pad[6]; /* Align to 64-bits. */ | |
1119 | /* Followed by: | |
1120 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1121 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1122 | * all-zero bytes, then | |
1123 | * - Actions to fill out the remainder of the message length (always a | |
1124 | * multiple of 8). | |
1125 | */ | |
1126 | }; | |
1127 | OFP_ASSERT(sizeof(struct nx_flow_mod) == 48); | |
1128 | ||
1129 | /* NXT_FLOW_REMOVED (analogous to OFPT_FLOW_REMOVED). */ | |
1130 | struct nx_flow_removed { | |
1131 | struct nicira_header nxh; | |
1132 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ | |
1133 | ovs_be16 priority; /* Priority level of flow entry. */ | |
1134 | uint8_t reason; /* One of OFPRR_*. */ | |
1135 | uint8_t pad[1]; /* Align to 32-bits. */ | |
1136 | ovs_be32 duration_sec; /* Time flow was alive in seconds. */ | |
1137 | ovs_be32 duration_nsec; /* Time flow was alive in nanoseconds beyond | |
1138 | duration_sec. */ | |
1139 | ovs_be16 idle_timeout; /* Idle timeout from original flow mod. */ | |
1140 | ovs_be16 match_len; /* Size of nx_match. */ | |
1141 | ovs_be64 packet_count; | |
1142 | ovs_be64 byte_count; | |
1143 | /* Followed by: | |
1144 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1145 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1146 | * all-zero bytes. */ | |
1147 | }; | |
1148 | OFP_ASSERT(sizeof(struct nx_flow_removed) == 56); | |
1149 | ||
1150 | /* Nicira vendor stats request of type NXST_FLOW (analogous to OFPST_FLOW | |
1151 | * request). */ | |
1152 | struct nx_flow_stats_request { | |
1153 | struct nicira_stats_msg nsm; | |
1154 | ovs_be16 out_port; /* Require matching entries to include this | |
1155 | as an output port. A value of OFPP_NONE | |
1156 | indicates no restriction. */ | |
1157 | ovs_be16 match_len; /* Length of nx_match. */ | |
1158 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
1159 | or 0xff for all tables. */ | |
1160 | uint8_t pad[3]; /* Align to 64 bits. */ | |
1161 | /* Followed by: | |
1162 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1163 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1164 | * all-zero bytes, which must also exactly fill out the length of the | |
1165 | * message. | |
1166 | */ | |
1167 | }; | |
1168 | OFP_ASSERT(sizeof(struct nx_flow_stats_request) == 32); | |
1169 | ||
1170 | /* Body for Nicira vendor stats reply of type NXST_FLOW (analogous to | |
1171 | * OFPST_FLOW reply). */ | |
1172 | struct nx_flow_stats { | |
1173 | ovs_be16 length; /* Length of this entry. */ | |
1174 | uint8_t table_id; /* ID of table flow came from. */ | |
1175 | uint8_t pad; | |
1176 | ovs_be32 duration_sec; /* Time flow has been alive in seconds. */ | |
1177 | ovs_be32 duration_nsec; /* Time flow has been alive in nanoseconds | |
1178 | beyond duration_sec. */ | |
1179 | ovs_be16 priority; /* Priority of the entry. Only meaningful | |
1180 | when this is not an exact-match entry. */ | |
1181 | ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ | |
1182 | ovs_be16 hard_timeout; /* Number of seconds before expiration. */ | |
1183 | ovs_be16 match_len; /* Length of nx_match. */ | |
1184 | uint8_t pad2[4]; /* Align to 64 bits. */ | |
1185 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ | |
1186 | ovs_be64 packet_count; /* Number of packets in flow. */ | |
1187 | ovs_be64 byte_count; /* Number of bytes in flow. */ | |
1188 | /* Followed by: | |
1189 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1190 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1191 | * all-zero bytes, then | |
1192 | * - Actions to fill out the remainder 'length' bytes (always a multiple | |
1193 | * of 8). | |
1194 | */ | |
1195 | }; | |
1196 | OFP_ASSERT(sizeof(struct nx_flow_stats) == 48); | |
1197 | ||
1198 | /* Nicira vendor stats request of type NXST_AGGREGATE (analogous to | |
1199 | * OFPST_AGGREGATE request). */ | |
1200 | struct nx_aggregate_stats_request { | |
1201 | struct nicira_stats_msg nsm; | |
1202 | ovs_be16 out_port; /* Require matching entries to include this | |
1203 | as an output port. A value of OFPP_NONE | |
1204 | indicates no restriction. */ | |
1205 | ovs_be16 match_len; /* Length of nx_match. */ | |
1206 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
1207 | or 0xff for all tables. */ | |
1208 | uint8_t pad[3]; /* Align to 64 bits. */ | |
1209 | /* Followed by: | |
1210 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1211 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1212 | * all-zero bytes, which must also exactly fill out the length of the | |
1213 | * message. | |
1214 | */ | |
1215 | }; | |
1216 | OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 32); | |
1217 | ||
1218 | /* Body for nicira_stats_msg reply of type NXST_AGGREGATE (analogous to | |
1219 | * OFPST_AGGREGATE reply). | |
1220 | * | |
1221 | * ofp_aggregate_stats_reply does not contain an ofp_match structure, so we | |
1222 | * reuse it entirely. (It would be very odd to use OFPST_AGGREGATE to reply to | |
1223 | * an NXST_AGGREGATE request, so we don't do that.) */ | |
1224 | struct nx_aggregate_stats_reply { | |
1225 | struct nicira_stats_msg nsm; | |
1226 | struct ofp_aggregate_stats_reply asr; | |
1227 | }; | |
1228 | OFP_ASSERT(sizeof(struct nx_aggregate_stats_reply) == 48); | |
1229 | ||
1230 | #endif /* openflow/nicira-ext.h */ |