]> git.proxmox.com Git - mirror_ovs.git/blob - lib/flow.c
projects / mirror_ovs.git / blob
? search:


5ba3e10df435dfa569e6712d850c59456e3619a9
[mirror_ovs.git] / lib / flow.c
1 /*
2 * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <config.h>
17 #include <sys/types.h>
18 #include "flow.h"
19 #include <assert.h>
20 #include <errno.h>
21 #include <inttypes.h>
22 #include <netinet/in.h>
23 #include <netinet/icmp6.h>
24 #include <netinet/ip6.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include "byte-order.h"
28 #include "coverage.h"
29 #include "dynamic-string.h"
30 #include "hash.h"
31 #include "ofpbuf.h"
32 #include "openflow/openflow.h"
33 #include "packets.h"
34 #include "unaligned.h"
35 #include "vlog.h"
36
37 VLOG_DEFINE_THIS_MODULE(flow);
38
39 COVERAGE_DEFINE(flow_extract);
40
41 static struct arp_eth_header *
42 pull_arp(struct ofpbuf *packet)
43 {
44 return ofpbuf_try_pull(packet, ARP_ETH_HEADER_LEN);
45 }
46
47 static struct ip_header *
48 pull_ip(struct ofpbuf *packet)
49 {
50 if (packet->size >= IP_HEADER_LEN) {
51 struct ip_header *ip = packet->data;
52 int ip_len = IP_IHL(ip->ip_ihl_ver) * 4;
53 if (ip_len >= IP_HEADER_LEN && packet->size >= ip_len) {
54 return ofpbuf_pull(packet, ip_len);
55 }
56 }
57 return NULL;
58 }
59
60 static struct tcp_header *
61 pull_tcp(struct ofpbuf *packet)
62 {
63 if (packet->size >= TCP_HEADER_LEN) {
64 struct tcp_header *tcp = packet->data;
65 int tcp_len = TCP_OFFSET(tcp->tcp_ctl) * 4;
66 if (tcp_len >= TCP_HEADER_LEN && packet->size >= tcp_len) {
67 return ofpbuf_pull(packet, tcp_len);
68 }
69 }
70 return NULL;
71 }
72
73 static struct udp_header *
74 pull_udp(struct ofpbuf *packet)
75 {
76 return ofpbuf_try_pull(packet, UDP_HEADER_LEN);
77 }
78
79 static struct icmp_header *
80 pull_icmp(struct ofpbuf *packet)
81 {
82 return ofpbuf_try_pull(packet, ICMP_HEADER_LEN);
83 }
84
85 static struct icmp6_hdr *
86 pull_icmpv6(struct ofpbuf *packet)
87 {
88 return ofpbuf_try_pull(packet, sizeof(struct icmp6_hdr));
89 }
90
91 static void
92 parse_vlan(struct ofpbuf *b, struct flow *flow)
93 {
94 struct qtag_prefix {
95 ovs_be16 eth_type; /* ETH_TYPE_VLAN */
96 ovs_be16 tci;
97 };
98
99 if (b->size >= sizeof(struct qtag_prefix) + sizeof(ovs_be16)) {
100 struct qtag_prefix *qp = ofpbuf_pull(b, sizeof *qp);
101 flow->vlan_tci = qp->tci | htons(VLAN_CFI);
102 }
103 }
104
105 static ovs_be16
106 parse_ethertype(struct ofpbuf *b)
107 {
108 struct llc_snap_header *llc;
109 ovs_be16 proto;
110
111 proto = *(ovs_be16 *) ofpbuf_pull(b, sizeof proto);
112 if (ntohs(proto) >= ETH_TYPE_MIN) {
113 return proto;
114 }
115
116 if (b->size < sizeof *llc) {
117 return htons(FLOW_DL_TYPE_NONE);
118 }
119
120 llc = b->data;
121 if (llc->llc.llc_dsap != LLC_DSAP_SNAP
122 || llc->llc.llc_ssap != LLC_SSAP_SNAP
123 || llc->llc.llc_cntl != LLC_CNTL_SNAP
124 || memcmp(llc->snap.snap_org, SNAP_ORG_ETHERNET,
125 sizeof llc->snap.snap_org)) {
126 return htons(FLOW_DL_TYPE_NONE);
127 }
128
129 ofpbuf_pull(b, sizeof *llc);
130 return llc->snap.snap_type;
131 }
132
133 static int
134 parse_ipv6(struct ofpbuf *packet, struct flow *flow)
135 {
136 const struct ip6_hdr *nh;
137 ovs_be32 tc_flow;
138 int nexthdr;
139
140 nh = ofpbuf_try_pull(packet, sizeof *nh);
141 if (!nh) {
142 return EINVAL;
143 }
144
145 nexthdr = nh->ip6_nxt;
146
147 flow->ipv6_src = nh->ip6_src;
148 flow->ipv6_dst = nh->ip6_dst;
149
150 tc_flow = get_unaligned_be32(&nh->ip6_flow);
151 flow->nw_tos = ntohl(tc_flow) >> 20;
152 flow->ipv6_label = tc_flow & htonl(IPV6_LABEL_MASK);
153 flow->nw_ttl = nh->ip6_hlim;
154 flow->nw_proto = IPPROTO_NONE;
155
156 while (1) {
157 if ((nexthdr != IPPROTO_HOPOPTS)
158 && (nexthdr != IPPROTO_ROUTING)
159 && (nexthdr != IPPROTO_DSTOPTS)
160 && (nexthdr != IPPROTO_AH)
161 && (nexthdr != IPPROTO_FRAGMENT)) {
162 /* It's either a terminal header (e.g., TCP, UDP) or one we
163 * don't understand. In either case, we're done with the
164 * packet, so use it to fill in 'nw_proto'. */
165 break;
166 }
167
168 /* We only verify that at least 8 bytes of the next header are
169 * available, but many of these headers are longer. Ensure that
170 * accesses within the extension header are within those first 8
171 * bytes. All extension headers are required to be at least 8
172 * bytes. */
173 if (packet->size < 8) {
174 return EINVAL;
175 }
176
177 if ((nexthdr == IPPROTO_HOPOPTS)
178 || (nexthdr == IPPROTO_ROUTING)
179 || (nexthdr == IPPROTO_DSTOPTS)) {
180 /* These headers, while different, have the fields we care about
181 * in the same location and with the same interpretation. */
182 const struct ip6_ext *ext_hdr = (struct ip6_ext *)packet->data;
183 nexthdr = ext_hdr->ip6e_nxt;
184 if (!ofpbuf_try_pull(packet, (ext_hdr->ip6e_len + 1) * 8)) {
185 return EINVAL;
186 }
187 } else if (nexthdr == IPPROTO_AH) {
188 /* A standard AH definition isn't available, but the fields
189 * we care about are in the same location as the generic
190 * option header--only the header length is calculated
191 * differently. */
192 const struct ip6_ext *ext_hdr = (struct ip6_ext *)packet->data;
193 nexthdr = ext_hdr->ip6e_nxt;
194 if (!ofpbuf_try_pull(packet, (ext_hdr->ip6e_len + 2) * 4)) {
195 return EINVAL;
196 }
197 } else if (nexthdr == IPPROTO_FRAGMENT) {
198 const struct ip6_frag *frag_hdr = (struct ip6_frag *)packet->data;
199
200 nexthdr = frag_hdr->ip6f_nxt;
201 if (!ofpbuf_try_pull(packet, sizeof *frag_hdr)) {
202 return EINVAL;
203 }
204
205 /* We only process the first fragment. */
206 if (frag_hdr->ip6f_offlg != htons(0)) {
207 if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) == htons(0)) {
208 flow->nw_frag = FLOW_NW_FRAG_ANY;
209 } else {
210 flow->nw_frag |= FLOW_NW_FRAG_LATER;
211 nexthdr = IPPROTO_FRAGMENT;
212 break;
213 }
214 }
215 }
216 }
217
218 flow->nw_proto = nexthdr;
219 return 0;
220 }
221
222 static void
223 parse_tcp(struct ofpbuf *packet, struct ofpbuf *b, struct flow *flow)
224 {
225 const struct tcp_header *tcp = pull_tcp(b);
226 if (tcp) {
227 flow->tp_src = tcp->tcp_src;
228 flow->tp_dst = tcp->tcp_dst;
229 packet->l7 = b->data;
230 }
231 }
232
233 static void
234 parse_udp(struct ofpbuf *packet, struct ofpbuf *b, struct flow *flow)
235 {
236 const struct udp_header *udp = pull_udp(b);
237 if (udp) {
238 flow->tp_src = udp->udp_src;
239 flow->tp_dst = udp->udp_dst;
240 packet->l7 = b->data;
241 }
242 }
243
244 static bool
245 parse_icmpv6(struct ofpbuf *b, struct flow *flow)
246 {
247 const struct icmp6_hdr *icmp = pull_icmpv6(b);
248
249 if (!icmp) {
250 return false;
251 }
252
253 /* The ICMPv6 type and code fields use the 16-bit transport port
254 * fields, so we need to store them in 16-bit network byte order. */
255 flow->tp_src = htons(icmp->icmp6_type);
256 flow->tp_dst = htons(icmp->icmp6_code);
257
258 if (icmp->icmp6_code == 0 &&
259 (icmp->icmp6_type == ND_NEIGHBOR_SOLICIT ||
260 icmp->icmp6_type == ND_NEIGHBOR_ADVERT)) {
261 const struct in6_addr *nd_target;
262
263 nd_target = ofpbuf_try_pull(b, sizeof *nd_target);
264 if (!nd_target) {
265 return false;
266 }
267 flow->nd_target = *nd_target;
268
269 while (b->size >= 8) {
270 /* The minimum size of an option is 8 bytes, which also is
271 * the size of Ethernet link-layer options. */
272 const struct nd_opt_hdr *nd_opt = b->data;
273 int opt_len = nd_opt->nd_opt_len * 8;
274
275 if (!opt_len || opt_len > b->size) {
276 goto invalid;
277 }
278
279 /* Store the link layer address if the appropriate option is
280 * provided. It is considered an error if the same link
281 * layer option is specified twice. */
282 if (nd_opt->nd_opt_type == ND_OPT_SOURCE_LINKADDR
283 && opt_len == 8) {
284 if (eth_addr_is_zero(flow->arp_sha)) {
285 memcpy(flow->arp_sha, nd_opt + 1, ETH_ADDR_LEN);
286 } else {
287 goto invalid;
288 }
289 } else if (nd_opt->nd_opt_type == ND_OPT_TARGET_LINKADDR
290 && opt_len == 8) {
291 if (eth_addr_is_zero(flow->arp_tha)) {
292 memcpy(flow->arp_tha, nd_opt + 1, ETH_ADDR_LEN);
293 } else {
294 goto invalid;
295 }
296 }
297
298 if (!ofpbuf_try_pull(b, opt_len)) {
299 goto invalid;
300 }
301 }
302 }
303
304 return true;
305
306 invalid:
307 memset(&flow->nd_target, 0, sizeof(flow->nd_target));
308 memset(flow->arp_sha, 0, sizeof(flow->arp_sha));
309 memset(flow->arp_tha, 0, sizeof(flow->arp_tha));
310
311 return false;
312
313 }
314
315 /* Initializes 'flow' members from 'packet', 'skb_priority', 'tun_id', and
316 * 'ofp_in_port'.
317 *
318 * Initializes 'packet' header pointers as follows:
319 *
320 * - packet->l2 to the start of the Ethernet header.
321 *
322 * - packet->l3 to just past the Ethernet header, or just past the
323 * vlan_header if one is present, to the first byte of the payload of the
324 * Ethernet frame.
325 *
326 * - packet->l4 to just past the IPv4 header, if one is present and has a
327 * correct length, and otherwise NULL.
328 *
329 * - packet->l7 to just past the TCP or UDP or ICMP header, if one is
330 * present and has a correct length, and otherwise NULL.
331 */
332 void
333 flow_extract(struct ofpbuf *packet, uint32_t skb_priority, ovs_be64 tun_id,
334 uint16_t ofp_in_port, struct flow *flow)
335 {
336 struct ofpbuf b = *packet;
337 struct eth_header *eth;
338
339 COVERAGE_INC(flow_extract);
340
341 memset(flow, 0, sizeof *flow);
342 flow->tun_id = tun_id;
343 flow->in_port = ofp_in_port;
344 flow->skb_priority = skb_priority;
345
346 packet->l2 = b.data;
347 packet->l3 = NULL;
348 packet->l4 = NULL;
349 packet->l7 = NULL;
350
351 if (b.size < sizeof *eth) {
352 return;
353 }
354
355 /* Link layer. */
356 eth = b.data;
357 memcpy(flow->dl_src, eth->eth_src, ETH_ADDR_LEN);
358 memcpy(flow->dl_dst, eth->eth_dst, ETH_ADDR_LEN);
359
360 /* dl_type, vlan_tci. */
361 ofpbuf_pull(&b, ETH_ADDR_LEN * 2);
362 if (eth->eth_type == htons(ETH_TYPE_VLAN)) {
363 parse_vlan(&b, flow);
364 }
365 flow->dl_type = parse_ethertype(&b);
366
367 /* Network layer. */
368 packet->l3 = b.data;
369 if (flow->dl_type == htons(ETH_TYPE_IP)) {
370 const struct ip_header *nh = pull_ip(&b);
371 if (nh) {
372 packet->l4 = b.data;
373
374 flow->nw_src = get_unaligned_be32(&nh->ip_src);
375 flow->nw_dst = get_unaligned_be32(&nh->ip_dst);
376 flow->nw_proto = nh->ip_proto;
377
378 flow->nw_tos = nh->ip_tos;
379 if (IP_IS_FRAGMENT(nh->ip_frag_off)) {
380 flow->nw_frag = FLOW_NW_FRAG_ANY;
381 if (nh->ip_frag_off & htons(IP_FRAG_OFF_MASK)) {
382 flow->nw_frag |= FLOW_NW_FRAG_LATER;
383 }
384 }
385 flow->nw_ttl = nh->ip_ttl;
386
387 if (!(nh->ip_frag_off & htons(IP_FRAG_OFF_MASK))) {
388 if (flow->nw_proto == IPPROTO_TCP) {
389 parse_tcp(packet, &b, flow);
390 } else if (flow->nw_proto == IPPROTO_UDP) {
391 parse_udp(packet, &b, flow);
392 } else if (flow->nw_proto == IPPROTO_ICMP) {
393 const struct icmp_header *icmp = pull_icmp(&b);
394 if (icmp) {
395 flow->tp_src = htons(icmp->icmp_type);
396 flow->tp_dst = htons(icmp->icmp_code);
397 packet->l7 = b.data;
398 }
399 }
400 }
401 }
402 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
403 if (parse_ipv6(&b, flow)) {
404 return;
405 }
406
407 packet->l4 = b.data;
408 if (flow->nw_proto == IPPROTO_TCP) {
409 parse_tcp(packet, &b, flow);
410 } else if (flow->nw_proto == IPPROTO_UDP) {
411 parse_udp(packet, &b, flow);
412 } else if (flow->nw_proto == IPPROTO_ICMPV6) {
413 if (parse_icmpv6(&b, flow)) {
414 packet->l7 = b.data;
415 }
416 }
417 } else if (flow->dl_type == htons(ETH_TYPE_ARP)) {
418 const struct arp_eth_header *arp = pull_arp(&b);
419 if (arp && arp->ar_hrd == htons(1)
420 && arp->ar_pro == htons(ETH_TYPE_IP)
421 && arp->ar_hln == ETH_ADDR_LEN
422 && arp->ar_pln == 4) {
423 /* We only match on the lower 8 bits of the opcode. */
424 if (ntohs(arp->ar_op) <= 0xff) {
425 flow->nw_proto = ntohs(arp->ar_op);
426 }
427
428 if ((flow->nw_proto == ARP_OP_REQUEST)
429 || (flow->nw_proto == ARP_OP_REPLY)) {
430 flow->nw_src = arp->ar_spa;
431 flow->nw_dst = arp->ar_tpa;
432 memcpy(flow->arp_sha, arp->ar_sha, ETH_ADDR_LEN);
433 memcpy(flow->arp_tha, arp->ar_tha, ETH_ADDR_LEN);
434 }
435 }
436 }
437 }
438
439 /* For every bit of a field that is wildcarded in 'wildcards', sets the
440 * corresponding bit in 'flow' to zero. */
441 void
442 flow_zero_wildcards(struct flow *flow, const struct flow_wildcards *wildcards)
443 {
444 const flow_wildcards_t wc = wildcards->wildcards;
445 int i;
446
447 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
448
449 for (i = 0; i < FLOW_N_REGS; i++) {
450 flow->regs[i] &= wildcards->reg_masks[i];
451 }
452 flow->tun_id &= wildcards->tun_id_mask;
453 flow->metadata &= wildcards->metadata_mask;
454 flow->nw_src &= wildcards->nw_src_mask;
455 flow->nw_dst &= wildcards->nw_dst_mask;
456 if (wc & FWW_IN_PORT) {
457 flow->in_port = 0;
458 }
459 flow->vlan_tci &= wildcards->vlan_tci_mask;
460 if (wc & FWW_DL_TYPE) {
461 flow->dl_type = htons(0);
462 }
463 flow->tp_src &= wildcards->tp_src_mask;
464 flow->tp_dst &= wildcards->tp_dst_mask;
465 eth_addr_bitand(flow->dl_src, wildcards->dl_src_mask, flow->dl_src);
466 eth_addr_bitand(flow->dl_dst, wildcards->dl_dst_mask, flow->dl_dst);
467 if (wc & FWW_NW_PROTO) {
468 flow->nw_proto = 0;
469 }
470 flow->ipv6_label &= wildcards->ipv6_label_mask;
471 if (wc & FWW_NW_DSCP) {
472 flow->nw_tos &= ~IP_DSCP_MASK;
473 }
474 if (wc & FWW_NW_ECN) {
475 flow->nw_tos &= ~IP_ECN_MASK;
476 }
477 if (wc & FWW_NW_TTL) {
478 flow->nw_ttl = 0;
479 }
480 flow->nw_frag &= wildcards->nw_frag_mask;
481 eth_addr_bitand(flow->arp_sha, wildcards->arp_sha_mask, flow->arp_sha);
482 eth_addr_bitand(flow->arp_tha, wildcards->arp_tha_mask, flow->arp_tha);
483 flow->ipv6_src = ipv6_addr_bitand(&flow->ipv6_src,
484 &wildcards->ipv6_src_mask);
485 flow->ipv6_dst = ipv6_addr_bitand(&flow->ipv6_dst,
486 &wildcards->ipv6_dst_mask);
487 flow->nd_target = ipv6_addr_bitand(&flow->nd_target,
488 &wildcards->nd_target_mask);
489 flow->skb_priority = 0;
490 }
491
492 /* Initializes 'fmd' with the metadata found in 'flow'. */
493 void
494 flow_get_metadata(const struct flow *flow, struct flow_metadata *fmd)
495 {
496 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
497
498 fmd->tun_id = flow->tun_id;
499 fmd->tun_id_mask = htonll(UINT64_MAX);
500
501 fmd->metadata = flow->metadata;
502 fmd->metadata_mask = htonll(UINT64_MAX);
503
504 memcpy(fmd->regs, flow->regs, sizeof fmd->regs);
505 memset(fmd->reg_masks, 0xff, sizeof fmd->reg_masks);
506
507 fmd->in_port = flow->in_port;
508 }
509
510 char *
511 flow_to_string(const struct flow *flow)
512 {
513 struct ds ds = DS_EMPTY_INITIALIZER;
514 flow_format(&ds, flow);
515 return ds_cstr(&ds);
516 }
517
518 void
519 flow_format(struct ds *ds, const struct flow *flow)
520 {
521 ds_put_format(ds, "priority:%"PRIu32
522 ",tunnel:%#"PRIx64
523 ",metadata:%#"PRIx64
524 ",in_port:%04"PRIx16,
525 flow->skb_priority,
526 ntohll(flow->tun_id),
527 ntohll(flow->metadata),
528 flow->in_port);
529
530 ds_put_format(ds, ",tci(");
531 if (flow->vlan_tci) {
532 ds_put_format(ds, "vlan:%"PRIu16",pcp:%d",
533 vlan_tci_to_vid(flow->vlan_tci),
534 vlan_tci_to_pcp(flow->vlan_tci));
535 } else {
536 ds_put_char(ds, '0');
537 }
538 ds_put_format(ds, ") mac("ETH_ADDR_FMT"->"ETH_ADDR_FMT
539 ") type:%04"PRIx16,
540 ETH_ADDR_ARGS(flow->dl_src),
541 ETH_ADDR_ARGS(flow->dl_dst),
542 ntohs(flow->dl_type));
543
544 if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
545 ds_put_format(ds, " label:%#"PRIx32" proto:%"PRIu8" tos:%#"PRIx8
546 " ttl:%"PRIu8" ipv6(",
547 ntohl(flow->ipv6_label), flow->nw_proto,
548 flow->nw_tos, flow->nw_ttl);
549 print_ipv6_addr(ds, &flow->ipv6_src);
550 ds_put_cstr(ds, "->");
551 print_ipv6_addr(ds, &flow->ipv6_dst);
552 ds_put_char(ds, ')');
553 } else {
554 ds_put_format(ds, " proto:%"PRIu8" tos:%#"PRIx8" ttl:%"PRIu8
555 " ip("IP_FMT"->"IP_FMT")",
556 flow->nw_proto, flow->nw_tos, flow->nw_ttl,
557 IP_ARGS(&flow->nw_src), IP_ARGS(&flow->nw_dst));
558 }
559 if (flow->nw_frag) {
560 ds_put_format(ds, " frag(%s)",
561 flow->nw_frag == FLOW_NW_FRAG_ANY ? "first"
562 : flow->nw_frag == (FLOW_NW_FRAG_ANY | FLOW_NW_FRAG_LATER)
563 ? "later" : "<error>");
564 }
565 if (flow->tp_src || flow->tp_dst) {
566 ds_put_format(ds, " port(%"PRIu16"->%"PRIu16")",
567 ntohs(flow->tp_src), ntohs(flow->tp_dst));
568 }
569 if (!eth_addr_is_zero(flow->arp_sha) || !eth_addr_is_zero(flow->arp_tha)) {
570 ds_put_format(ds, " arp_ha("ETH_ADDR_FMT"->"ETH_ADDR_FMT")",
571 ETH_ADDR_ARGS(flow->arp_sha),
572 ETH_ADDR_ARGS(flow->arp_tha));
573 }
574 }
575
576 void
577 flow_print(FILE *stream, const struct flow *flow)
578 {
579 char *s = flow_to_string(flow);
580 fputs(s, stream);
581 free(s);
582 }
583 \f
584 /* flow_wildcards functions. */
585
586 /* Initializes 'wc' as a set of wildcards that matches every packet. */
587 void
588 flow_wildcards_init_catchall(struct flow_wildcards *wc)
589 {
590 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
591
592 wc->wildcards = FWW_ALL;
593 wc->tun_id_mask = htonll(0);
594 wc->nw_src_mask = htonl(0);
595 wc->nw_dst_mask = htonl(0);
596 wc->ipv6_src_mask = in6addr_any;
597 wc->ipv6_dst_mask = in6addr_any;
598 wc->ipv6_label_mask = htonl(0);
599 wc->nd_target_mask = in6addr_any;
600 memset(wc->reg_masks, 0, sizeof wc->reg_masks);
601 wc->metadata_mask = htonll(0);
602 wc->vlan_tci_mask = htons(0);
603 wc->nw_frag_mask = 0;
604 wc->tp_src_mask = htons(0);
605 wc->tp_dst_mask = htons(0);
606 memset(wc->dl_src_mask, 0, ETH_ADDR_LEN);
607 memset(wc->dl_dst_mask, 0, ETH_ADDR_LEN);
608 memset(wc->arp_sha_mask, 0, ETH_ADDR_LEN);
609 memset(wc->arp_tha_mask, 0, ETH_ADDR_LEN);
610 memset(wc->zeros, 0, sizeof wc->zeros);
611 }
612
613 /* Initializes 'wc' as an exact-match set of wildcards; that is, 'wc' does not
614 * wildcard any bits or fields. */
615 void
616 flow_wildcards_init_exact(struct flow_wildcards *wc)
617 {
618 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
619
620 wc->wildcards = 0;
621 wc->tun_id_mask = htonll(UINT64_MAX);
622 wc->nw_src_mask = htonl(UINT32_MAX);
623 wc->nw_dst_mask = htonl(UINT32_MAX);
624 wc->ipv6_src_mask = in6addr_exact;
625 wc->ipv6_dst_mask = in6addr_exact;
626 wc->ipv6_label_mask = htonl(UINT32_MAX);
627 wc->nd_target_mask = in6addr_exact;
628 memset(wc->reg_masks, 0xff, sizeof wc->reg_masks);
629 wc->metadata_mask = htonll(UINT64_MAX);
630 wc->vlan_tci_mask = htons(UINT16_MAX);
631 wc->nw_frag_mask = UINT8_MAX;
632 wc->tp_src_mask = htons(UINT16_MAX);
633 wc->tp_dst_mask = htons(UINT16_MAX);
634 memset(wc->dl_src_mask, 0xff, ETH_ADDR_LEN);
635 memset(wc->dl_dst_mask, 0xff, ETH_ADDR_LEN);
636 memset(wc->arp_sha_mask, 0xff, ETH_ADDR_LEN);
637 memset(wc->arp_tha_mask, 0xff, ETH_ADDR_LEN);
638 memset(wc->zeros, 0, sizeof wc->zeros);
639 }
640
641 /* Returns true if 'wc' is exact-match, false if 'wc' wildcards any bits or
642 * fields. */
643 bool
644 flow_wildcards_is_exact(const struct flow_wildcards *wc)
645 {
646 int i;
647
648 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
649
650 if (wc->wildcards
651 || wc->tun_id_mask != htonll(UINT64_MAX)
652 || wc->nw_src_mask != htonl(UINT32_MAX)
653 || wc->nw_dst_mask != htonl(UINT32_MAX)
654 || wc->tp_src_mask != htons(UINT16_MAX)
655 || wc->tp_dst_mask != htons(UINT16_MAX)
656 || wc->vlan_tci_mask != htons(UINT16_MAX)
657 || wc->metadata_mask != htonll(UINT64_MAX)
658 || !eth_mask_is_exact(wc->dl_src_mask)
659 || !eth_mask_is_exact(wc->dl_dst_mask)
660 || !eth_mask_is_exact(wc->arp_sha_mask)
661 || !eth_mask_is_exact(wc->arp_tha_mask)
662 || !ipv6_mask_is_exact(&wc->ipv6_src_mask)
663 || !ipv6_mask_is_exact(&wc->ipv6_dst_mask)
664 || wc->ipv6_label_mask != htonl(UINT32_MAX)
665 || !ipv6_mask_is_exact(&wc->nd_target_mask)
666 || wc->nw_frag_mask != UINT8_MAX) {
667 return false;
668 }
669
670 for (i = 0; i < FLOW_N_REGS; i++) {
671 if (wc->reg_masks[i] != UINT32_MAX) {
672 return false;
673 }
674 }
675
676 return true;
677 }
678
679 /* Returns true if 'wc' matches every packet, false if 'wc' fixes any bits or
680 * fields. */
681 bool
682 flow_wildcards_is_catchall(const struct flow_wildcards *wc)
683 {
684 int i;
685
686 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
687
688 if (wc->wildcards != FWW_ALL
689 || wc->tun_id_mask != htonll(0)
690 || wc->nw_src_mask != htonl(0)
691 || wc->nw_dst_mask != htonl(0)
692 || wc->tp_src_mask != htons(0)
693 || wc->tp_dst_mask != htons(0)
694 || wc->vlan_tci_mask != htons(0)
695 || wc->metadata_mask != htonll(0)
696 || !eth_addr_is_zero(wc->dl_src_mask)
697 || !eth_addr_is_zero(wc->dl_dst_mask)
698 || !eth_addr_is_zero(wc->arp_sha_mask)
699 || !eth_addr_is_zero(wc->arp_tha_mask)
700 || !ipv6_mask_is_any(&wc->ipv6_src_mask)
701 || !ipv6_mask_is_any(&wc->ipv6_dst_mask)
702 || wc->ipv6_label_mask != htonl(0)
703 || !ipv6_mask_is_any(&wc->nd_target_mask)
704 || wc->nw_frag_mask != 0) {
705 return false;
706 }
707
708 for (i = 0; i < FLOW_N_REGS; i++) {
709 if (wc->reg_masks[i] != 0) {
710 return false;
711 }
712 }
713
714 return true;
715 }
716
717 /* Initializes 'dst' as the combination of wildcards in 'src1' and 'src2'.
718 * That is, a bit or a field is wildcarded in 'dst' if it is wildcarded in
719 * 'src1' or 'src2' or both. */
720 void
721 flow_wildcards_combine(struct flow_wildcards *dst,
722 const struct flow_wildcards *src1,
723 const struct flow_wildcards *src2)
724 {
725 int i;
726
727 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
728
729 dst->wildcards = src1->wildcards | src2->wildcards;
730 dst->tun_id_mask = src1->tun_id_mask & src2->tun_id_mask;
731 dst->nw_src_mask = src1->nw_src_mask & src2->nw_src_mask;
732 dst->nw_dst_mask = src1->nw_dst_mask & src2->nw_dst_mask;
733 dst->ipv6_src_mask = ipv6_addr_bitand(&src1->ipv6_src_mask,
734 &src2->ipv6_src_mask);
735 dst->ipv6_dst_mask = ipv6_addr_bitand(&src1->ipv6_dst_mask,
736 &src2->ipv6_dst_mask);
737 dst->ipv6_label_mask = src1->ipv6_label_mask & src2->ipv6_label_mask;
738 dst->nd_target_mask = ipv6_addr_bitand(&src1->nd_target_mask,
739 &src2->nd_target_mask);
740 for (i = 0; i < FLOW_N_REGS; i++) {
741 dst->reg_masks[i] = src1->reg_masks[i] & src2->reg_masks[i];
742 }
743 dst->metadata_mask = src1->metadata_mask & src2->metadata_mask;
744 dst->vlan_tci_mask = src1->vlan_tci_mask & src2->vlan_tci_mask;
745 dst->tp_src_mask = src1->tp_src_mask & src2->tp_src_mask;
746 dst->tp_dst_mask = src1->tp_dst_mask & src2->tp_dst_mask;
747 eth_addr_bitand(src1->dl_src_mask, src2->dl_src_mask, dst->dl_src_mask);
748 eth_addr_bitand(src1->dl_dst_mask, src2->dl_dst_mask, dst->dl_dst_mask);
749 eth_addr_bitand(src1->arp_sha_mask, src2->arp_sha_mask, dst->arp_sha_mask);
750 eth_addr_bitand(src1->arp_tha_mask, src2->arp_tha_mask, dst->arp_tha_mask);
751 }
752
753 /* Returns a hash of the wildcards in 'wc'. */
754 uint32_t
755 flow_wildcards_hash(const struct flow_wildcards *wc, uint32_t basis)
756 {
757 /* If you change struct flow_wildcards and thereby trigger this
758 * assertion, please check that the new struct flow_wildcards has no holes
759 * in it before you update the assertion. */
760 BUILD_ASSERT_DECL(sizeof *wc == 112 + FLOW_N_REGS * 4);
761 return hash_bytes(wc, sizeof *wc, basis);
762 }
763
764 /* Returns true if 'a' and 'b' represent the same wildcards, false if they are
765 * different. */
766 bool
767 flow_wildcards_equal(const struct flow_wildcards *a,
768 const struct flow_wildcards *b)
769 {
770 int i;
771
772 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
773
774 if (a->wildcards != b->wildcards
775 || a->tun_id_mask != b->tun_id_mask
776 || a->nw_src_mask != b->nw_src_mask
777 || a->nw_dst_mask != b->nw_dst_mask
778 || a->vlan_tci_mask != b->vlan_tci_mask
779 || a->metadata_mask != b->metadata_mask
780 || !ipv6_addr_equals(&a->ipv6_src_mask, &b->ipv6_src_mask)
781 || !ipv6_addr_equals(&a->ipv6_dst_mask, &b->ipv6_dst_mask)
782 || a->ipv6_label_mask != b->ipv6_label_mask
783 || !ipv6_addr_equals(&a->nd_target_mask, &b->nd_target_mask)
784 || a->tp_src_mask != b->tp_src_mask
785 || a->tp_dst_mask != b->tp_dst_mask
786 || !eth_addr_equals(a->dl_src_mask, b->dl_src_mask)
787 || !eth_addr_equals(a->dl_dst_mask, b->dl_dst_mask)
788 || !eth_addr_equals(a->arp_sha_mask, b->arp_sha_mask)
789 || !eth_addr_equals(a->arp_tha_mask, b->arp_tha_mask)) {
790 return false;
791 }
792
793 for (i = 0; i < FLOW_N_REGS; i++) {
794 if (a->reg_masks[i] != b->reg_masks[i]) {
795 return false;
796 }
797 }
798
799 return true;
800 }
801
802 /* Returns true if at least one bit or field is wildcarded in 'a' but not in
803 * 'b', false otherwise. */
804 bool
805 flow_wildcards_has_extra(const struct flow_wildcards *a,
806 const struct flow_wildcards *b)
807 {
808 int i;
809 uint8_t eth_masked[ETH_ADDR_LEN];
810 struct in6_addr ipv6_masked;
811
812 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 14);
813
814 for (i = 0; i < FLOW_N_REGS; i++) {
815 if ((a->reg_masks[i] & b->reg_masks[i]) != b->reg_masks[i]) {
816 return true;
817 }
818 }
819
820 eth_addr_bitand(a->dl_src_mask, b->dl_src_mask, eth_masked);
821 if (!eth_addr_equals(eth_masked, b->dl_src_mask)) {
822 return true;
823 }
824
825 eth_addr_bitand(a->dl_dst_mask, b->dl_dst_mask, eth_masked);
826 if (!eth_addr_equals(eth_masked, b->dl_dst_mask)) {
827 return true;
828 }
829
830 eth_addr_bitand(a->arp_sha_mask, b->arp_sha_mask, eth_masked);
831 if (!eth_addr_equals(eth_masked, b->arp_sha_mask)) {
832 return true;
833 }
834
835 eth_addr_bitand(a->arp_tha_mask, b->arp_tha_mask, eth_masked);
836 if (!eth_addr_equals(eth_masked, b->arp_tha_mask)) {
837 return true;
838 }
839
840 ipv6_masked = ipv6_addr_bitand(&a->ipv6_src_mask, &b->ipv6_src_mask);
841 if (!ipv6_addr_equals(&ipv6_masked, &b->ipv6_src_mask)) {
842 return true;
843 }
844
845 ipv6_masked = ipv6_addr_bitand(&a->ipv6_dst_mask, &b->ipv6_dst_mask);
846 if (!ipv6_addr_equals(&ipv6_masked, &b->ipv6_dst_mask)) {
847 return true;
848 }
849
850 ipv6_masked = ipv6_addr_bitand(&a->nd_target_mask, &b->nd_target_mask);
851 if (!ipv6_addr_equals(&ipv6_masked, &b->nd_target_mask)) {
852 return true;
853 }
854
855 return (a->wildcards & ~b->wildcards
856 || (a->tun_id_mask & b->tun_id_mask) != b->tun_id_mask
857 || (a->nw_src_mask & b->nw_src_mask) != b->nw_src_mask
858 || (a->nw_dst_mask & b->nw_dst_mask) != b->nw_dst_mask
859 || (a->ipv6_label_mask & b->ipv6_label_mask) != b->ipv6_label_mask
860 || (a->vlan_tci_mask & b->vlan_tci_mask) != b->vlan_tci_mask
861 || (a->metadata_mask & b->metadata_mask) != b->metadata_mask
862 || (a->tp_src_mask & b->tp_src_mask) != b->tp_src_mask
863 || (a->tp_dst_mask & b->tp_dst_mask) != b->tp_dst_mask);
864 }
865
866 /* Sets the wildcard mask for register 'idx' in 'wc' to 'mask'.
867 * (A 0-bit indicates a wildcard bit.) */
868 void
869 flow_wildcards_set_reg_mask(struct flow_wildcards *wc, int idx, uint32_t mask)
870 {
871 wc->reg_masks[idx] = mask;
872 }
873
874 /* Hashes 'flow' based on its L2 through L4 protocol information. */
875 uint32_t
876 flow_hash_symmetric_l4(const struct flow *flow, uint32_t basis)
877 {
878 struct {
879 union {
880 ovs_be32 ipv4_addr;
881 struct in6_addr ipv6_addr;
882 };
883 ovs_be16 eth_type;
884 ovs_be16 vlan_tci;
885 ovs_be16 tp_port;
886 uint8_t eth_addr[ETH_ADDR_LEN];
887 uint8_t ip_proto;
888 } fields;
889
890 int i;
891
892 memset(&fields, 0, sizeof fields);
893 for (i = 0; i < ETH_ADDR_LEN; i++) {
894 fields.eth_addr[i] = flow->dl_src[i] ^ flow->dl_dst[i];
895 }
896 fields.vlan_tci = flow->vlan_tci & htons(VLAN_VID_MASK);
897 fields.eth_type = flow->dl_type;
898
899 /* UDP source and destination port are not taken into account because they
900 * will not necessarily be symmetric in a bidirectional flow. */
901 if (fields.eth_type == htons(ETH_TYPE_IP)) {
902 fields.ipv4_addr = flow->nw_src ^ flow->nw_dst;
903 fields.ip_proto = flow->nw_proto;
904 if (fields.ip_proto == IPPROTO_TCP) {
905 fields.tp_port = flow->tp_src ^ flow->tp_dst;
906 }
907 } else if (fields.eth_type == htons(ETH_TYPE_IPV6)) {
908 const uint8_t *a = &flow->ipv6_src.s6_addr[0];
909 const uint8_t *b = &flow->ipv6_dst.s6_addr[0];
910 uint8_t *ipv6_addr = &fields.ipv6_addr.s6_addr[0];
911
912 for (i=0; i<16; i++) {
913 ipv6_addr[i] = a[i] ^ b[i];
914 }
915 fields.ip_proto = flow->nw_proto;
916 if (fields.ip_proto == IPPROTO_TCP) {
917 fields.tp_port = flow->tp_src ^ flow->tp_dst;
918 }
919 }
920 return hash_bytes(&fields, sizeof fields, basis);
921 }
922
923 /* Hashes the portions of 'flow' designated by 'fields'. */
924 uint32_t
925 flow_hash_fields(const struct flow *flow, enum nx_hash_fields fields,
926 uint16_t basis)
927 {
928 switch (fields) {
929
930 case NX_HASH_FIELDS_ETH_SRC:
931 return hash_bytes(flow->dl_src, sizeof flow->dl_src, basis);
932
933 case NX_HASH_FIELDS_SYMMETRIC_L4:
934 return flow_hash_symmetric_l4(flow, basis);
935 }
936
937 NOT_REACHED();
938 }
939
940 /* Returns a string representation of 'fields'. */
941 const char *
942 flow_hash_fields_to_str(enum nx_hash_fields fields)
943 {
944 switch (fields) {
945 case NX_HASH_FIELDS_ETH_SRC: return "eth_src";
946 case NX_HASH_FIELDS_SYMMETRIC_L4: return "symmetric_l4";
947 default: return "<unknown>";
948 }
949 }
950
951 /* Returns true if the value of 'fields' is supported. Otherwise false. */
952 bool
953 flow_hash_fields_valid(enum nx_hash_fields fields)
954 {
955 return fields == NX_HASH_FIELDS_ETH_SRC
956 || fields == NX_HASH_FIELDS_SYMMETRIC_L4;
957 }
958
959 /* Sets the VLAN VID that 'flow' matches to 'vid', which is interpreted as an
960 * OpenFlow 1.0 "dl_vlan" value:
961 *
962 * - If it is in the range 0...4095, 'flow->vlan_tci' is set to match
963 * that VLAN. Any existing PCP match is unchanged (it becomes 0 if
964 * 'flow' previously matched packets without a VLAN header).
965 *
966 * - If it is OFP_VLAN_NONE, 'flow->vlan_tci' is set to match a packet
967 * without a VLAN tag.
968 *
969 * - Other values of 'vid' should not be used. */
970 void
971 flow_set_vlan_vid(struct flow *flow, ovs_be16 vid)
972 {
973 if (vid == htons(OFP10_VLAN_NONE)) {
974 flow->vlan_tci = htons(0);
975 } else {
976 vid &= htons(VLAN_VID_MASK);
977 flow->vlan_tci &= ~htons(VLAN_VID_MASK);
978 flow->vlan_tci |= htons(VLAN_CFI) | vid;
979 }
980 }
981
982 /* Sets the VLAN PCP that 'flow' matches to 'pcp', which should be in the
983 * range 0...7.
984 *
985 * This function has no effect on the VLAN ID that 'flow' matches.
986 *
987 * After calling this function, 'flow' will not match packets without a VLAN
988 * header. */
989 void
990 flow_set_vlan_pcp(struct flow *flow, uint8_t pcp)
991 {
992 pcp &= 0x07;
993 flow->vlan_tci &= ~htons(VLAN_PCP_MASK);
994 flow->vlan_tci |= htons((pcp << VLAN_PCP_SHIFT) | VLAN_CFI);
995 }
996
997 /* Puts into 'b' a packet that flow_extract() would parse as having the given
998 * 'flow'.
999 *
1000 * (This is useful only for testing, obviously, and the packet isn't really
1001 * valid. It hasn't got any checksums filled in, for one, and lots of fields
1002 * are just zeroed.) */
1003 void
1004 flow_compose(struct ofpbuf *b, const struct flow *flow)
1005 {
1006 eth_compose(b, flow->dl_dst, flow->dl_src, ntohs(flow->dl_type), 0);
1007 if (flow->dl_type == htons(FLOW_DL_TYPE_NONE)) {
1008 struct eth_header *eth = b->l2;
1009 eth->eth_type = htons(b->size);
1010 return;
1011 }
1012
1013 if (flow->vlan_tci & htons(VLAN_CFI)) {
1014 eth_push_vlan(b, flow->vlan_tci);
1015 }
1016
1017 if (flow->dl_type == htons(ETH_TYPE_IP)) {
1018 struct ip_header *ip;
1019
1020 b->l3 = ip = ofpbuf_put_zeros(b, sizeof *ip);
1021 ip->ip_ihl_ver = IP_IHL_VER(5, 4);
1022 ip->ip_tos = flow->nw_tos;
1023 ip->ip_proto = flow->nw_proto;
1024 ip->ip_src = flow->nw_src;
1025 ip->ip_dst = flow->nw_dst;
1026
1027 if (flow->nw_frag & FLOW_NW_FRAG_ANY) {
1028 ip->ip_frag_off |= htons(IP_MORE_FRAGMENTS);
1029 if (flow->nw_frag & FLOW_NW_FRAG_LATER) {
1030 ip->ip_frag_off |= htons(100);
1031 }
1032 }
1033 if (!(flow->nw_frag & FLOW_NW_FRAG_ANY)
1034 || !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
1035 if (flow->nw_proto == IPPROTO_TCP) {
1036 struct tcp_header *tcp;
1037
1038 b->l4 = tcp = ofpbuf_put_zeros(b, sizeof *tcp);
1039 tcp->tcp_src = flow->tp_src;
1040 tcp->tcp_dst = flow->tp_dst;
1041 tcp->tcp_ctl = TCP_CTL(0, 5);
1042 } else if (flow->nw_proto == IPPROTO_UDP) {
1043 struct udp_header *udp;
1044
1045 b->l4 = udp = ofpbuf_put_zeros(b, sizeof *udp);
1046 udp->udp_src = flow->tp_src;
1047 udp->udp_dst = flow->tp_dst;
1048 } else if (flow->nw_proto == IPPROTO_ICMP) {
1049 struct icmp_header *icmp;
1050
1051 b->l4 = icmp = ofpbuf_put_zeros(b, sizeof *icmp);
1052 icmp->icmp_type = ntohs(flow->tp_src);
1053 icmp->icmp_code = ntohs(flow->tp_dst);
1054 }
1055 }
1056
1057 ip->ip_tot_len = htons((uint8_t *) b->data + b->size
1058 - (uint8_t *) b->l3);
1059 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
1060 /* XXX */
1061 } else if (flow->dl_type == htons(ETH_TYPE_ARP)) {
1062 struct arp_eth_header *arp;
1063
1064 b->l3 = arp = ofpbuf_put_zeros(b, sizeof *arp);
1065 arp->ar_hrd = htons(1);
1066 arp->ar_pro = htons(ETH_TYPE_IP);
1067 arp->ar_hln = ETH_ADDR_LEN;
1068 arp->ar_pln = 4;
1069 arp->ar_op = htons(flow->nw_proto);
1070
1071 if (flow->nw_proto == ARP_OP_REQUEST ||
1072 flow->nw_proto == ARP_OP_REPLY) {
1073 arp->ar_spa = flow->nw_src;
1074 arp->ar_tpa = flow->nw_dst;
1075 memcpy(arp->ar_sha, flow->arp_sha, ETH_ADDR_LEN);
1076 memcpy(arp->ar_tha, flow->arp_tha, ETH_ADDR_LEN);
1077 }
1078 }
1079 }
openvswitch mirror