2 * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include <sys/types.h>
22 #include <netinet/in.h>
23 #include <netinet/icmp6.h>
24 #include <netinet/ip6.h>
27 #include "byte-order.h"
29 #include "dynamic-string.h"
32 #include "openflow/openflow.h"
34 #include "unaligned.h"
37 VLOG_DEFINE_THIS_MODULE(flow
);
39 COVERAGE_DEFINE(flow_extract
);
41 static struct arp_eth_header
*
42 pull_arp(struct ofpbuf
*packet
)
44 return ofpbuf_try_pull(packet
, ARP_ETH_HEADER_LEN
);
47 static struct ip_header
*
48 pull_ip(struct ofpbuf
*packet
)
50 if (packet
->size
>= IP_HEADER_LEN
) {
51 struct ip_header
*ip
= packet
->data
;
52 int ip_len
= IP_IHL(ip
->ip_ihl_ver
) * 4;
53 if (ip_len
>= IP_HEADER_LEN
&& packet
->size
>= ip_len
) {
54 return ofpbuf_pull(packet
, ip_len
);
60 static struct tcp_header
*
61 pull_tcp(struct ofpbuf
*packet
)
63 if (packet
->size
>= TCP_HEADER_LEN
) {
64 struct tcp_header
*tcp
= packet
->data
;
65 int tcp_len
= TCP_OFFSET(tcp
->tcp_ctl
) * 4;
66 if (tcp_len
>= TCP_HEADER_LEN
&& packet
->size
>= tcp_len
) {
67 return ofpbuf_pull(packet
, tcp_len
);
73 static struct udp_header
*
74 pull_udp(struct ofpbuf
*packet
)
76 return ofpbuf_try_pull(packet
, UDP_HEADER_LEN
);
79 static struct icmp_header
*
80 pull_icmp(struct ofpbuf
*packet
)
82 return ofpbuf_try_pull(packet
, ICMP_HEADER_LEN
);
85 static struct icmp6_hdr
*
86 pull_icmpv6(struct ofpbuf
*packet
)
88 return ofpbuf_try_pull(packet
, sizeof(struct icmp6_hdr
));
92 parse_vlan(struct ofpbuf
*b
, struct flow
*flow
)
95 ovs_be16 eth_type
; /* ETH_TYPE_VLAN */
99 if (b
->size
>= sizeof(struct qtag_prefix
) + sizeof(ovs_be16
)) {
100 struct qtag_prefix
*qp
= ofpbuf_pull(b
, sizeof *qp
);
101 flow
->vlan_tci
= qp
->tci
| htons(VLAN_CFI
);
106 parse_ethertype(struct ofpbuf
*b
)
108 struct llc_snap_header
*llc
;
111 proto
= *(ovs_be16
*) ofpbuf_pull(b
, sizeof proto
);
112 if (ntohs(proto
) >= ETH_TYPE_MIN
) {
116 if (b
->size
< sizeof *llc
) {
117 return htons(FLOW_DL_TYPE_NONE
);
121 if (llc
->llc
.llc_dsap
!= LLC_DSAP_SNAP
122 || llc
->llc
.llc_ssap
!= LLC_SSAP_SNAP
123 || llc
->llc
.llc_cntl
!= LLC_CNTL_SNAP
124 || memcmp(llc
->snap
.snap_org
, SNAP_ORG_ETHERNET
,
125 sizeof llc
->snap
.snap_org
)) {
126 return htons(FLOW_DL_TYPE_NONE
);
129 ofpbuf_pull(b
, sizeof *llc
);
130 return llc
->snap
.snap_type
;
134 parse_ipv6(struct ofpbuf
*packet
, struct flow
*flow
)
136 const struct ip6_hdr
*nh
;
140 nh
= ofpbuf_try_pull(packet
, sizeof *nh
);
145 nexthdr
= nh
->ip6_nxt
;
147 flow
->ipv6_src
= nh
->ip6_src
;
148 flow
->ipv6_dst
= nh
->ip6_dst
;
150 tc_flow
= get_unaligned_be32(&nh
->ip6_flow
);
151 flow
->nw_tos
= ntohl(tc_flow
) >> 20;
152 flow
->ipv6_label
= tc_flow
& htonl(IPV6_LABEL_MASK
);
153 flow
->nw_ttl
= nh
->ip6_hlim
;
154 flow
->nw_proto
= IPPROTO_NONE
;
157 if ((nexthdr
!= IPPROTO_HOPOPTS
)
158 && (nexthdr
!= IPPROTO_ROUTING
)
159 && (nexthdr
!= IPPROTO_DSTOPTS
)
160 && (nexthdr
!= IPPROTO_AH
)
161 && (nexthdr
!= IPPROTO_FRAGMENT
)) {
162 /* It's either a terminal header (e.g., TCP, UDP) or one we
163 * don't understand. In either case, we're done with the
164 * packet, so use it to fill in 'nw_proto'. */
168 /* We only verify that at least 8 bytes of the next header are
169 * available, but many of these headers are longer. Ensure that
170 * accesses within the extension header are within those first 8
171 * bytes. All extension headers are required to be at least 8
173 if (packet
->size
< 8) {
177 if ((nexthdr
== IPPROTO_HOPOPTS
)
178 || (nexthdr
== IPPROTO_ROUTING
)
179 || (nexthdr
== IPPROTO_DSTOPTS
)) {
180 /* These headers, while different, have the fields we care about
181 * in the same location and with the same interpretation. */
182 const struct ip6_ext
*ext_hdr
= (struct ip6_ext
*)packet
->data
;
183 nexthdr
= ext_hdr
->ip6e_nxt
;
184 if (!ofpbuf_try_pull(packet
, (ext_hdr
->ip6e_len
+ 1) * 8)) {
187 } else if (nexthdr
== IPPROTO_AH
) {
188 /* A standard AH definition isn't available, but the fields
189 * we care about are in the same location as the generic
190 * option header--only the header length is calculated
192 const struct ip6_ext
*ext_hdr
= (struct ip6_ext
*)packet
->data
;
193 nexthdr
= ext_hdr
->ip6e_nxt
;
194 if (!ofpbuf_try_pull(packet
, (ext_hdr
->ip6e_len
+ 2) * 4)) {
197 } else if (nexthdr
== IPPROTO_FRAGMENT
) {
198 const struct ip6_frag
*frag_hdr
= (struct ip6_frag
*)packet
->data
;
200 nexthdr
= frag_hdr
->ip6f_nxt
;
201 if (!ofpbuf_try_pull(packet
, sizeof *frag_hdr
)) {
205 /* We only process the first fragment. */
206 if (frag_hdr
->ip6f_offlg
!= htons(0)) {
207 if ((frag_hdr
->ip6f_offlg
& IP6F_OFF_MASK
) == htons(0)) {
208 flow
->nw_frag
= FLOW_NW_FRAG_ANY
;
210 flow
->nw_frag
|= FLOW_NW_FRAG_LATER
;
211 nexthdr
= IPPROTO_FRAGMENT
;
218 flow
->nw_proto
= nexthdr
;
223 parse_tcp(struct ofpbuf
*packet
, struct ofpbuf
*b
, struct flow
*flow
)
225 const struct tcp_header
*tcp
= pull_tcp(b
);
227 flow
->tp_src
= tcp
->tcp_src
;
228 flow
->tp_dst
= tcp
->tcp_dst
;
229 packet
->l7
= b
->data
;
234 parse_udp(struct ofpbuf
*packet
, struct ofpbuf
*b
, struct flow
*flow
)
236 const struct udp_header
*udp
= pull_udp(b
);
238 flow
->tp_src
= udp
->udp_src
;
239 flow
->tp_dst
= udp
->udp_dst
;
240 packet
->l7
= b
->data
;
245 parse_icmpv6(struct ofpbuf
*b
, struct flow
*flow
)
247 const struct icmp6_hdr
*icmp
= pull_icmpv6(b
);
253 /* The ICMPv6 type and code fields use the 16-bit transport port
254 * fields, so we need to store them in 16-bit network byte order. */
255 flow
->tp_src
= htons(icmp
->icmp6_type
);
256 flow
->tp_dst
= htons(icmp
->icmp6_code
);
258 if (icmp
->icmp6_code
== 0 &&
259 (icmp
->icmp6_type
== ND_NEIGHBOR_SOLICIT
||
260 icmp
->icmp6_type
== ND_NEIGHBOR_ADVERT
)) {
261 const struct in6_addr
*nd_target
;
263 nd_target
= ofpbuf_try_pull(b
, sizeof *nd_target
);
267 flow
->nd_target
= *nd_target
;
269 while (b
->size
>= 8) {
270 /* The minimum size of an option is 8 bytes, which also is
271 * the size of Ethernet link-layer options. */
272 const struct nd_opt_hdr
*nd_opt
= b
->data
;
273 int opt_len
= nd_opt
->nd_opt_len
* 8;
275 if (!opt_len
|| opt_len
> b
->size
) {
279 /* Store the link layer address if the appropriate option is
280 * provided. It is considered an error if the same link
281 * layer option is specified twice. */
282 if (nd_opt
->nd_opt_type
== ND_OPT_SOURCE_LINKADDR
284 if (eth_addr_is_zero(flow
->arp_sha
)) {
285 memcpy(flow
->arp_sha
, nd_opt
+ 1, ETH_ADDR_LEN
);
289 } else if (nd_opt
->nd_opt_type
== ND_OPT_TARGET_LINKADDR
291 if (eth_addr_is_zero(flow
->arp_tha
)) {
292 memcpy(flow
->arp_tha
, nd_opt
+ 1, ETH_ADDR_LEN
);
298 if (!ofpbuf_try_pull(b
, opt_len
)) {
307 memset(&flow
->nd_target
, 0, sizeof(flow
->nd_target
));
308 memset(flow
->arp_sha
, 0, sizeof(flow
->arp_sha
));
309 memset(flow
->arp_tha
, 0, sizeof(flow
->arp_tha
));
315 /* Initializes 'flow' members from 'packet', 'skb_priority', 'tun_id', and
318 * Initializes 'packet' header pointers as follows:
320 * - packet->l2 to the start of the Ethernet header.
322 * - packet->l3 to just past the Ethernet header, or just past the
323 * vlan_header if one is present, to the first byte of the payload of the
326 * - packet->l4 to just past the IPv4 header, if one is present and has a
327 * correct length, and otherwise NULL.
329 * - packet->l7 to just past the TCP or UDP or ICMP header, if one is
330 * present and has a correct length, and otherwise NULL.
333 flow_extract(struct ofpbuf
*packet
, uint32_t skb_priority
, ovs_be64 tun_id
,
334 uint16_t ofp_in_port
, struct flow
*flow
)
336 struct ofpbuf b
= *packet
;
337 struct eth_header
*eth
;
339 COVERAGE_INC(flow_extract
);
341 memset(flow
, 0, sizeof *flow
);
342 flow
->tun_id
= tun_id
;
343 flow
->in_port
= ofp_in_port
;
344 flow
->skb_priority
= skb_priority
;
351 if (b
.size
< sizeof *eth
) {
357 memcpy(flow
->dl_src
, eth
->eth_src
, ETH_ADDR_LEN
);
358 memcpy(flow
->dl_dst
, eth
->eth_dst
, ETH_ADDR_LEN
);
360 /* dl_type, vlan_tci. */
361 ofpbuf_pull(&b
, ETH_ADDR_LEN
* 2);
362 if (eth
->eth_type
== htons(ETH_TYPE_VLAN
)) {
363 parse_vlan(&b
, flow
);
365 flow
->dl_type
= parse_ethertype(&b
);
369 if (flow
->dl_type
== htons(ETH_TYPE_IP
)) {
370 const struct ip_header
*nh
= pull_ip(&b
);
374 flow
->nw_src
= get_unaligned_be32(&nh
->ip_src
);
375 flow
->nw_dst
= get_unaligned_be32(&nh
->ip_dst
);
376 flow
->nw_proto
= nh
->ip_proto
;
378 flow
->nw_tos
= nh
->ip_tos
;
379 if (IP_IS_FRAGMENT(nh
->ip_frag_off
)) {
380 flow
->nw_frag
= FLOW_NW_FRAG_ANY
;
381 if (nh
->ip_frag_off
& htons(IP_FRAG_OFF_MASK
)) {
382 flow
->nw_frag
|= FLOW_NW_FRAG_LATER
;
385 flow
->nw_ttl
= nh
->ip_ttl
;
387 if (!(nh
->ip_frag_off
& htons(IP_FRAG_OFF_MASK
))) {
388 if (flow
->nw_proto
== IPPROTO_TCP
) {
389 parse_tcp(packet
, &b
, flow
);
390 } else if (flow
->nw_proto
== IPPROTO_UDP
) {
391 parse_udp(packet
, &b
, flow
);
392 } else if (flow
->nw_proto
== IPPROTO_ICMP
) {
393 const struct icmp_header
*icmp
= pull_icmp(&b
);
395 flow
->tp_src
= htons(icmp
->icmp_type
);
396 flow
->tp_dst
= htons(icmp
->icmp_code
);
402 } else if (flow
->dl_type
== htons(ETH_TYPE_IPV6
)) {
403 if (parse_ipv6(&b
, flow
)) {
408 if (flow
->nw_proto
== IPPROTO_TCP
) {
409 parse_tcp(packet
, &b
, flow
);
410 } else if (flow
->nw_proto
== IPPROTO_UDP
) {
411 parse_udp(packet
, &b
, flow
);
412 } else if (flow
->nw_proto
== IPPROTO_ICMPV6
) {
413 if (parse_icmpv6(&b
, flow
)) {
417 } else if (flow
->dl_type
== htons(ETH_TYPE_ARP
)) {
418 const struct arp_eth_header
*arp
= pull_arp(&b
);
419 if (arp
&& arp
->ar_hrd
== htons(1)
420 && arp
->ar_pro
== htons(ETH_TYPE_IP
)
421 && arp
->ar_hln
== ETH_ADDR_LEN
422 && arp
->ar_pln
== 4) {
423 /* We only match on the lower 8 bits of the opcode. */
424 if (ntohs(arp
->ar_op
) <= 0xff) {
425 flow
->nw_proto
= ntohs(arp
->ar_op
);
428 if ((flow
->nw_proto
== ARP_OP_REQUEST
)
429 || (flow
->nw_proto
== ARP_OP_REPLY
)) {
430 flow
->nw_src
= arp
->ar_spa
;
431 flow
->nw_dst
= arp
->ar_tpa
;
432 memcpy(flow
->arp_sha
, arp
->ar_sha
, ETH_ADDR_LEN
);
433 memcpy(flow
->arp_tha
, arp
->ar_tha
, ETH_ADDR_LEN
);
439 /* For every bit of a field that is wildcarded in 'wildcards', sets the
440 * corresponding bit in 'flow' to zero. */
442 flow_zero_wildcards(struct flow
*flow
, const struct flow_wildcards
*wildcards
)
444 const flow_wildcards_t wc
= wildcards
->wildcards
;
447 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
449 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
450 flow
->regs
[i
] &= wildcards
->reg_masks
[i
];
452 flow
->tun_id
&= wildcards
->tun_id_mask
;
453 flow
->metadata
&= wildcards
->metadata_mask
;
454 flow
->nw_src
&= wildcards
->nw_src_mask
;
455 flow
->nw_dst
&= wildcards
->nw_dst_mask
;
456 if (wc
& FWW_IN_PORT
) {
459 flow
->vlan_tci
&= wildcards
->vlan_tci_mask
;
460 if (wc
& FWW_DL_TYPE
) {
461 flow
->dl_type
= htons(0);
463 flow
->tp_src
&= wildcards
->tp_src_mask
;
464 flow
->tp_dst
&= wildcards
->tp_dst_mask
;
465 eth_addr_bitand(flow
->dl_src
, wildcards
->dl_src_mask
, flow
->dl_src
);
466 eth_addr_bitand(flow
->dl_dst
, wildcards
->dl_dst_mask
, flow
->dl_dst
);
467 if (wc
& FWW_NW_PROTO
) {
470 flow
->ipv6_label
&= wildcards
->ipv6_label_mask
;
471 if (wc
& FWW_NW_DSCP
) {
472 flow
->nw_tos
&= ~IP_DSCP_MASK
;
474 if (wc
& FWW_NW_ECN
) {
475 flow
->nw_tos
&= ~IP_ECN_MASK
;
477 if (wc
& FWW_NW_TTL
) {
480 flow
->nw_frag
&= wildcards
->nw_frag_mask
;
481 eth_addr_bitand(flow
->arp_sha
, wildcards
->arp_sha_mask
, flow
->arp_sha
);
482 eth_addr_bitand(flow
->arp_tha
, wildcards
->arp_tha_mask
, flow
->arp_tha
);
483 flow
->ipv6_src
= ipv6_addr_bitand(&flow
->ipv6_src
,
484 &wildcards
->ipv6_src_mask
);
485 flow
->ipv6_dst
= ipv6_addr_bitand(&flow
->ipv6_dst
,
486 &wildcards
->ipv6_dst_mask
);
487 flow
->nd_target
= ipv6_addr_bitand(&flow
->nd_target
,
488 &wildcards
->nd_target_mask
);
489 flow
->skb_priority
= 0;
492 /* Initializes 'fmd' with the metadata found in 'flow'. */
494 flow_get_metadata(const struct flow
*flow
, struct flow_metadata
*fmd
)
496 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
498 fmd
->tun_id
= flow
->tun_id
;
499 fmd
->tun_id_mask
= htonll(UINT64_MAX
);
501 fmd
->metadata
= flow
->metadata
;
502 fmd
->metadata_mask
= htonll(UINT64_MAX
);
504 memcpy(fmd
->regs
, flow
->regs
, sizeof fmd
->regs
);
505 memset(fmd
->reg_masks
, 0xff, sizeof fmd
->reg_masks
);
507 fmd
->in_port
= flow
->in_port
;
511 flow_to_string(const struct flow
*flow
)
513 struct ds ds
= DS_EMPTY_INITIALIZER
;
514 flow_format(&ds
, flow
);
519 flow_format(struct ds
*ds
, const struct flow
*flow
)
521 ds_put_format(ds
, "priority:%"PRIu32
524 ",in_port:%04"PRIx16
,
526 ntohll(flow
->tun_id
),
527 ntohll(flow
->metadata
),
530 ds_put_format(ds
, ",tci(");
531 if (flow
->vlan_tci
) {
532 ds_put_format(ds
, "vlan:%"PRIu16
",pcp:%d",
533 vlan_tci_to_vid(flow
->vlan_tci
),
534 vlan_tci_to_pcp(flow
->vlan_tci
));
536 ds_put_char(ds
, '0');
538 ds_put_format(ds
, ") mac("ETH_ADDR_FMT
"->"ETH_ADDR_FMT
540 ETH_ADDR_ARGS(flow
->dl_src
),
541 ETH_ADDR_ARGS(flow
->dl_dst
),
542 ntohs(flow
->dl_type
));
544 if (flow
->dl_type
== htons(ETH_TYPE_IPV6
)) {
545 ds_put_format(ds
, " label:%#"PRIx32
" proto:%"PRIu8
" tos:%#"PRIx8
546 " ttl:%"PRIu8
" ipv6(",
547 ntohl(flow
->ipv6_label
), flow
->nw_proto
,
548 flow
->nw_tos
, flow
->nw_ttl
);
549 print_ipv6_addr(ds
, &flow
->ipv6_src
);
550 ds_put_cstr(ds
, "->");
551 print_ipv6_addr(ds
, &flow
->ipv6_dst
);
552 ds_put_char(ds
, ')');
554 ds_put_format(ds
, " proto:%"PRIu8
" tos:%#"PRIx8
" ttl:%"PRIu8
555 " ip("IP_FMT
"->"IP_FMT
")",
556 flow
->nw_proto
, flow
->nw_tos
, flow
->nw_ttl
,
557 IP_ARGS(&flow
->nw_src
), IP_ARGS(&flow
->nw_dst
));
560 ds_put_format(ds
, " frag(%s)",
561 flow
->nw_frag
== FLOW_NW_FRAG_ANY
? "first"
562 : flow
->nw_frag
== (FLOW_NW_FRAG_ANY
| FLOW_NW_FRAG_LATER
)
563 ? "later" : "<error>");
565 if (flow
->tp_src
|| flow
->tp_dst
) {
566 ds_put_format(ds
, " port(%"PRIu16
"->%"PRIu16
")",
567 ntohs(flow
->tp_src
), ntohs(flow
->tp_dst
));
569 if (!eth_addr_is_zero(flow
->arp_sha
) || !eth_addr_is_zero(flow
->arp_tha
)) {
570 ds_put_format(ds
, " arp_ha("ETH_ADDR_FMT
"->"ETH_ADDR_FMT
")",
571 ETH_ADDR_ARGS(flow
->arp_sha
),
572 ETH_ADDR_ARGS(flow
->arp_tha
));
577 flow_print(FILE *stream
, const struct flow
*flow
)
579 char *s
= flow_to_string(flow
);
584 /* flow_wildcards functions. */
586 /* Initializes 'wc' as a set of wildcards that matches every packet. */
588 flow_wildcards_init_catchall(struct flow_wildcards
*wc
)
590 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
592 wc
->wildcards
= FWW_ALL
;
593 wc
->tun_id_mask
= htonll(0);
594 wc
->nw_src_mask
= htonl(0);
595 wc
->nw_dst_mask
= htonl(0);
596 wc
->ipv6_src_mask
= in6addr_any
;
597 wc
->ipv6_dst_mask
= in6addr_any
;
598 wc
->ipv6_label_mask
= htonl(0);
599 wc
->nd_target_mask
= in6addr_any
;
600 memset(wc
->reg_masks
, 0, sizeof wc
->reg_masks
);
601 wc
->metadata_mask
= htonll(0);
602 wc
->vlan_tci_mask
= htons(0);
603 wc
->nw_frag_mask
= 0;
604 wc
->tp_src_mask
= htons(0);
605 wc
->tp_dst_mask
= htons(0);
606 memset(wc
->dl_src_mask
, 0, ETH_ADDR_LEN
);
607 memset(wc
->dl_dst_mask
, 0, ETH_ADDR_LEN
);
608 memset(wc
->arp_sha_mask
, 0, ETH_ADDR_LEN
);
609 memset(wc
->arp_tha_mask
, 0, ETH_ADDR_LEN
);
610 memset(wc
->zeros
, 0, sizeof wc
->zeros
);
613 /* Initializes 'wc' as an exact-match set of wildcards; that is, 'wc' does not
614 * wildcard any bits or fields. */
616 flow_wildcards_init_exact(struct flow_wildcards
*wc
)
618 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
621 wc
->tun_id_mask
= htonll(UINT64_MAX
);
622 wc
->nw_src_mask
= htonl(UINT32_MAX
);
623 wc
->nw_dst_mask
= htonl(UINT32_MAX
);
624 wc
->ipv6_src_mask
= in6addr_exact
;
625 wc
->ipv6_dst_mask
= in6addr_exact
;
626 wc
->ipv6_label_mask
= htonl(UINT32_MAX
);
627 wc
->nd_target_mask
= in6addr_exact
;
628 memset(wc
->reg_masks
, 0xff, sizeof wc
->reg_masks
);
629 wc
->metadata_mask
= htonll(UINT64_MAX
);
630 wc
->vlan_tci_mask
= htons(UINT16_MAX
);
631 wc
->nw_frag_mask
= UINT8_MAX
;
632 wc
->tp_src_mask
= htons(UINT16_MAX
);
633 wc
->tp_dst_mask
= htons(UINT16_MAX
);
634 memset(wc
->dl_src_mask
, 0xff, ETH_ADDR_LEN
);
635 memset(wc
->dl_dst_mask
, 0xff, ETH_ADDR_LEN
);
636 memset(wc
->arp_sha_mask
, 0xff, ETH_ADDR_LEN
);
637 memset(wc
->arp_tha_mask
, 0xff, ETH_ADDR_LEN
);
638 memset(wc
->zeros
, 0, sizeof wc
->zeros
);
641 /* Returns true if 'wc' is exact-match, false if 'wc' wildcards any bits or
644 flow_wildcards_is_exact(const struct flow_wildcards
*wc
)
648 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
651 || wc
->tun_id_mask
!= htonll(UINT64_MAX
)
652 || wc
->nw_src_mask
!= htonl(UINT32_MAX
)
653 || wc
->nw_dst_mask
!= htonl(UINT32_MAX
)
654 || wc
->tp_src_mask
!= htons(UINT16_MAX
)
655 || wc
->tp_dst_mask
!= htons(UINT16_MAX
)
656 || wc
->vlan_tci_mask
!= htons(UINT16_MAX
)
657 || wc
->metadata_mask
!= htonll(UINT64_MAX
)
658 || !eth_mask_is_exact(wc
->dl_src_mask
)
659 || !eth_mask_is_exact(wc
->dl_dst_mask
)
660 || !eth_mask_is_exact(wc
->arp_sha_mask
)
661 || !eth_mask_is_exact(wc
->arp_tha_mask
)
662 || !ipv6_mask_is_exact(&wc
->ipv6_src_mask
)
663 || !ipv6_mask_is_exact(&wc
->ipv6_dst_mask
)
664 || wc
->ipv6_label_mask
!= htonl(UINT32_MAX
)
665 || !ipv6_mask_is_exact(&wc
->nd_target_mask
)
666 || wc
->nw_frag_mask
!= UINT8_MAX
) {
670 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
671 if (wc
->reg_masks
[i
] != UINT32_MAX
) {
679 /* Returns true if 'wc' matches every packet, false if 'wc' fixes any bits or
682 flow_wildcards_is_catchall(const struct flow_wildcards
*wc
)
686 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
688 if (wc
->wildcards
!= FWW_ALL
689 || wc
->tun_id_mask
!= htonll(0)
690 || wc
->nw_src_mask
!= htonl(0)
691 || wc
->nw_dst_mask
!= htonl(0)
692 || wc
->tp_src_mask
!= htons(0)
693 || wc
->tp_dst_mask
!= htons(0)
694 || wc
->vlan_tci_mask
!= htons(0)
695 || wc
->metadata_mask
!= htonll(0)
696 || !eth_addr_is_zero(wc
->dl_src_mask
)
697 || !eth_addr_is_zero(wc
->dl_dst_mask
)
698 || !eth_addr_is_zero(wc
->arp_sha_mask
)
699 || !eth_addr_is_zero(wc
->arp_tha_mask
)
700 || !ipv6_mask_is_any(&wc
->ipv6_src_mask
)
701 || !ipv6_mask_is_any(&wc
->ipv6_dst_mask
)
702 || wc
->ipv6_label_mask
!= htonl(0)
703 || !ipv6_mask_is_any(&wc
->nd_target_mask
)
704 || wc
->nw_frag_mask
!= 0) {
708 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
709 if (wc
->reg_masks
[i
] != 0) {
717 /* Initializes 'dst' as the combination of wildcards in 'src1' and 'src2'.
718 * That is, a bit or a field is wildcarded in 'dst' if it is wildcarded in
719 * 'src1' or 'src2' or both. */
721 flow_wildcards_combine(struct flow_wildcards
*dst
,
722 const struct flow_wildcards
*src1
,
723 const struct flow_wildcards
*src2
)
727 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
729 dst
->wildcards
= src1
->wildcards
| src2
->wildcards
;
730 dst
->tun_id_mask
= src1
->tun_id_mask
& src2
->tun_id_mask
;
731 dst
->nw_src_mask
= src1
->nw_src_mask
& src2
->nw_src_mask
;
732 dst
->nw_dst_mask
= src1
->nw_dst_mask
& src2
->nw_dst_mask
;
733 dst
->ipv6_src_mask
= ipv6_addr_bitand(&src1
->ipv6_src_mask
,
734 &src2
->ipv6_src_mask
);
735 dst
->ipv6_dst_mask
= ipv6_addr_bitand(&src1
->ipv6_dst_mask
,
736 &src2
->ipv6_dst_mask
);
737 dst
->ipv6_label_mask
= src1
->ipv6_label_mask
& src2
->ipv6_label_mask
;
738 dst
->nd_target_mask
= ipv6_addr_bitand(&src1
->nd_target_mask
,
739 &src2
->nd_target_mask
);
740 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
741 dst
->reg_masks
[i
] = src1
->reg_masks
[i
] & src2
->reg_masks
[i
];
743 dst
->metadata_mask
= src1
->metadata_mask
& src2
->metadata_mask
;
744 dst
->vlan_tci_mask
= src1
->vlan_tci_mask
& src2
->vlan_tci_mask
;
745 dst
->tp_src_mask
= src1
->tp_src_mask
& src2
->tp_src_mask
;
746 dst
->tp_dst_mask
= src1
->tp_dst_mask
& src2
->tp_dst_mask
;
747 eth_addr_bitand(src1
->dl_src_mask
, src2
->dl_src_mask
, dst
->dl_src_mask
);
748 eth_addr_bitand(src1
->dl_dst_mask
, src2
->dl_dst_mask
, dst
->dl_dst_mask
);
749 eth_addr_bitand(src1
->arp_sha_mask
, src2
->arp_sha_mask
, dst
->arp_sha_mask
);
750 eth_addr_bitand(src1
->arp_tha_mask
, src2
->arp_tha_mask
, dst
->arp_tha_mask
);
753 /* Returns a hash of the wildcards in 'wc'. */
755 flow_wildcards_hash(const struct flow_wildcards
*wc
, uint32_t basis
)
757 /* If you change struct flow_wildcards and thereby trigger this
758 * assertion, please check that the new struct flow_wildcards has no holes
759 * in it before you update the assertion. */
760 BUILD_ASSERT_DECL(sizeof *wc
== 112 + FLOW_N_REGS
* 4);
761 return hash_bytes(wc
, sizeof *wc
, basis
);
764 /* Returns true if 'a' and 'b' represent the same wildcards, false if they are
767 flow_wildcards_equal(const struct flow_wildcards
*a
,
768 const struct flow_wildcards
*b
)
772 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
774 if (a
->wildcards
!= b
->wildcards
775 || a
->tun_id_mask
!= b
->tun_id_mask
776 || a
->nw_src_mask
!= b
->nw_src_mask
777 || a
->nw_dst_mask
!= b
->nw_dst_mask
778 || a
->vlan_tci_mask
!= b
->vlan_tci_mask
779 || a
->metadata_mask
!= b
->metadata_mask
780 || !ipv6_addr_equals(&a
->ipv6_src_mask
, &b
->ipv6_src_mask
)
781 || !ipv6_addr_equals(&a
->ipv6_dst_mask
, &b
->ipv6_dst_mask
)
782 || a
->ipv6_label_mask
!= b
->ipv6_label_mask
783 || !ipv6_addr_equals(&a
->nd_target_mask
, &b
->nd_target_mask
)
784 || a
->tp_src_mask
!= b
->tp_src_mask
785 || a
->tp_dst_mask
!= b
->tp_dst_mask
786 || !eth_addr_equals(a
->dl_src_mask
, b
->dl_src_mask
)
787 || !eth_addr_equals(a
->dl_dst_mask
, b
->dl_dst_mask
)
788 || !eth_addr_equals(a
->arp_sha_mask
, b
->arp_sha_mask
)
789 || !eth_addr_equals(a
->arp_tha_mask
, b
->arp_tha_mask
)) {
793 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
794 if (a
->reg_masks
[i
] != b
->reg_masks
[i
]) {
802 /* Returns true if at least one bit or field is wildcarded in 'a' but not in
803 * 'b', false otherwise. */
805 flow_wildcards_has_extra(const struct flow_wildcards
*a
,
806 const struct flow_wildcards
*b
)
809 uint8_t eth_masked
[ETH_ADDR_LEN
];
810 struct in6_addr ipv6_masked
;
812 BUILD_ASSERT_DECL(FLOW_WC_SEQ
== 14);
814 for (i
= 0; i
< FLOW_N_REGS
; i
++) {
815 if ((a
->reg_masks
[i
] & b
->reg_masks
[i
]) != b
->reg_masks
[i
]) {
820 eth_addr_bitand(a
->dl_src_mask
, b
->dl_src_mask
, eth_masked
);
821 if (!eth_addr_equals(eth_masked
, b
->dl_src_mask
)) {
825 eth_addr_bitand(a
->dl_dst_mask
, b
->dl_dst_mask
, eth_masked
);
826 if (!eth_addr_equals(eth_masked
, b
->dl_dst_mask
)) {
830 eth_addr_bitand(a
->arp_sha_mask
, b
->arp_sha_mask
, eth_masked
);
831 if (!eth_addr_equals(eth_masked
, b
->arp_sha_mask
)) {
835 eth_addr_bitand(a
->arp_tha_mask
, b
->arp_tha_mask
, eth_masked
);
836 if (!eth_addr_equals(eth_masked
, b
->arp_tha_mask
)) {
840 ipv6_masked
= ipv6_addr_bitand(&a
->ipv6_src_mask
, &b
->ipv6_src_mask
);
841 if (!ipv6_addr_equals(&ipv6_masked
, &b
->ipv6_src_mask
)) {
845 ipv6_masked
= ipv6_addr_bitand(&a
->ipv6_dst_mask
, &b
->ipv6_dst_mask
);
846 if (!ipv6_addr_equals(&ipv6_masked
, &b
->ipv6_dst_mask
)) {
850 ipv6_masked
= ipv6_addr_bitand(&a
->nd_target_mask
, &b
->nd_target_mask
);
851 if (!ipv6_addr_equals(&ipv6_masked
, &b
->nd_target_mask
)) {
855 return (a
->wildcards
& ~b
->wildcards
856 || (a
->tun_id_mask
& b
->tun_id_mask
) != b
->tun_id_mask
857 || (a
->nw_src_mask
& b
->nw_src_mask
) != b
->nw_src_mask
858 || (a
->nw_dst_mask
& b
->nw_dst_mask
) != b
->nw_dst_mask
859 || (a
->ipv6_label_mask
& b
->ipv6_label_mask
) != b
->ipv6_label_mask
860 || (a
->vlan_tci_mask
& b
->vlan_tci_mask
) != b
->vlan_tci_mask
861 || (a
->metadata_mask
& b
->metadata_mask
) != b
->metadata_mask
862 || (a
->tp_src_mask
& b
->tp_src_mask
) != b
->tp_src_mask
863 || (a
->tp_dst_mask
& b
->tp_dst_mask
) != b
->tp_dst_mask
);
866 /* Sets the wildcard mask for register 'idx' in 'wc' to 'mask'.
867 * (A 0-bit indicates a wildcard bit.) */
869 flow_wildcards_set_reg_mask(struct flow_wildcards
*wc
, int idx
, uint32_t mask
)
871 wc
->reg_masks
[idx
] = mask
;
874 /* Hashes 'flow' based on its L2 through L4 protocol information. */
876 flow_hash_symmetric_l4(const struct flow
*flow
, uint32_t basis
)
881 struct in6_addr ipv6_addr
;
886 uint8_t eth_addr
[ETH_ADDR_LEN
];
892 memset(&fields
, 0, sizeof fields
);
893 for (i
= 0; i
< ETH_ADDR_LEN
; i
++) {
894 fields
.eth_addr
[i
] = flow
->dl_src
[i
] ^ flow
->dl_dst
[i
];
896 fields
.vlan_tci
= flow
->vlan_tci
& htons(VLAN_VID_MASK
);
897 fields
.eth_type
= flow
->dl_type
;
899 /* UDP source and destination port are not taken into account because they
900 * will not necessarily be symmetric in a bidirectional flow. */
901 if (fields
.eth_type
== htons(ETH_TYPE_IP
)) {
902 fields
.ipv4_addr
= flow
->nw_src
^ flow
->nw_dst
;
903 fields
.ip_proto
= flow
->nw_proto
;
904 if (fields
.ip_proto
== IPPROTO_TCP
) {
905 fields
.tp_port
= flow
->tp_src
^ flow
->tp_dst
;
907 } else if (fields
.eth_type
== htons(ETH_TYPE_IPV6
)) {
908 const uint8_t *a
= &flow
->ipv6_src
.s6_addr
[0];
909 const uint8_t *b
= &flow
->ipv6_dst
.s6_addr
[0];
910 uint8_t *ipv6_addr
= &fields
.ipv6_addr
.s6_addr
[0];
912 for (i
=0; i
<16; i
++) {
913 ipv6_addr
[i
] = a
[i
] ^ b
[i
];
915 fields
.ip_proto
= flow
->nw_proto
;
916 if (fields
.ip_proto
== IPPROTO_TCP
) {
917 fields
.tp_port
= flow
->tp_src
^ flow
->tp_dst
;
920 return hash_bytes(&fields
, sizeof fields
, basis
);
923 /* Hashes the portions of 'flow' designated by 'fields'. */
925 flow_hash_fields(const struct flow
*flow
, enum nx_hash_fields fields
,
930 case NX_HASH_FIELDS_ETH_SRC
:
931 return hash_bytes(flow
->dl_src
, sizeof flow
->dl_src
, basis
);
933 case NX_HASH_FIELDS_SYMMETRIC_L4
:
934 return flow_hash_symmetric_l4(flow
, basis
);
940 /* Returns a string representation of 'fields'. */
942 flow_hash_fields_to_str(enum nx_hash_fields fields
)
945 case NX_HASH_FIELDS_ETH_SRC
: return "eth_src";
946 case NX_HASH_FIELDS_SYMMETRIC_L4
: return "symmetric_l4";
947 default: return "<unknown>";
951 /* Returns true if the value of 'fields' is supported. Otherwise false. */
953 flow_hash_fields_valid(enum nx_hash_fields fields
)
955 return fields
== NX_HASH_FIELDS_ETH_SRC
956 || fields
== NX_HASH_FIELDS_SYMMETRIC_L4
;
959 /* Sets the VLAN VID that 'flow' matches to 'vid', which is interpreted as an
960 * OpenFlow 1.0 "dl_vlan" value:
962 * - If it is in the range 0...4095, 'flow->vlan_tci' is set to match
963 * that VLAN. Any existing PCP match is unchanged (it becomes 0 if
964 * 'flow' previously matched packets without a VLAN header).
966 * - If it is OFP_VLAN_NONE, 'flow->vlan_tci' is set to match a packet
967 * without a VLAN tag.
969 * - Other values of 'vid' should not be used. */
971 flow_set_vlan_vid(struct flow
*flow
, ovs_be16 vid
)
973 if (vid
== htons(OFP10_VLAN_NONE
)) {
974 flow
->vlan_tci
= htons(0);
976 vid
&= htons(VLAN_VID_MASK
);
977 flow
->vlan_tci
&= ~htons(VLAN_VID_MASK
);
978 flow
->vlan_tci
|= htons(VLAN_CFI
) | vid
;
982 /* Sets the VLAN PCP that 'flow' matches to 'pcp', which should be in the
985 * This function has no effect on the VLAN ID that 'flow' matches.
987 * After calling this function, 'flow' will not match packets without a VLAN
990 flow_set_vlan_pcp(struct flow
*flow
, uint8_t pcp
)
993 flow
->vlan_tci
&= ~htons(VLAN_PCP_MASK
);
994 flow
->vlan_tci
|= htons((pcp
<< VLAN_PCP_SHIFT
) | VLAN_CFI
);
997 /* Puts into 'b' a packet that flow_extract() would parse as having the given
1000 * (This is useful only for testing, obviously, and the packet isn't really
1001 * valid. It hasn't got any checksums filled in, for one, and lots of fields
1002 * are just zeroed.) */
1004 flow_compose(struct ofpbuf
*b
, const struct flow
*flow
)
1006 eth_compose(b
, flow
->dl_dst
, flow
->dl_src
, ntohs(flow
->dl_type
), 0);
1007 if (flow
->dl_type
== htons(FLOW_DL_TYPE_NONE
)) {
1008 struct eth_header
*eth
= b
->l2
;
1009 eth
->eth_type
= htons(b
->size
);
1013 if (flow
->vlan_tci
& htons(VLAN_CFI
)) {
1014 eth_push_vlan(b
, flow
->vlan_tci
);
1017 if (flow
->dl_type
== htons(ETH_TYPE_IP
)) {
1018 struct ip_header
*ip
;
1020 b
->l3
= ip
= ofpbuf_put_zeros(b
, sizeof *ip
);
1021 ip
->ip_ihl_ver
= IP_IHL_VER(5, 4);
1022 ip
->ip_tos
= flow
->nw_tos
;
1023 ip
->ip_proto
= flow
->nw_proto
;
1024 ip
->ip_src
= flow
->nw_src
;
1025 ip
->ip_dst
= flow
->nw_dst
;
1027 if (flow
->nw_frag
& FLOW_NW_FRAG_ANY
) {
1028 ip
->ip_frag_off
|= htons(IP_MORE_FRAGMENTS
);
1029 if (flow
->nw_frag
& FLOW_NW_FRAG_LATER
) {
1030 ip
->ip_frag_off
|= htons(100);
1033 if (!(flow
->nw_frag
& FLOW_NW_FRAG_ANY
)
1034 || !(flow
->nw_frag
& FLOW_NW_FRAG_LATER
)) {
1035 if (flow
->nw_proto
== IPPROTO_TCP
) {
1036 struct tcp_header
*tcp
;
1038 b
->l4
= tcp
= ofpbuf_put_zeros(b
, sizeof *tcp
);
1039 tcp
->tcp_src
= flow
->tp_src
;
1040 tcp
->tcp_dst
= flow
->tp_dst
;
1041 tcp
->tcp_ctl
= TCP_CTL(0, 5);
1042 } else if (flow
->nw_proto
== IPPROTO_UDP
) {
1043 struct udp_header
*udp
;
1045 b
->l4
= udp
= ofpbuf_put_zeros(b
, sizeof *udp
);
1046 udp
->udp_src
= flow
->tp_src
;
1047 udp
->udp_dst
= flow
->tp_dst
;
1048 } else if (flow
->nw_proto
== IPPROTO_ICMP
) {
1049 struct icmp_header
*icmp
;
1051 b
->l4
= icmp
= ofpbuf_put_zeros(b
, sizeof *icmp
);
1052 icmp
->icmp_type
= ntohs(flow
->tp_src
);
1053 icmp
->icmp_code
= ntohs(flow
->tp_dst
);
1057 ip
->ip_tot_len
= htons((uint8_t *) b
->data
+ b
->size
1058 - (uint8_t *) b
->l3
);
1059 } else if (flow
->dl_type
== htons(ETH_TYPE_IPV6
)) {
1061 } else if (flow
->dl_type
== htons(ETH_TYPE_ARP
)) {
1062 struct arp_eth_header
*arp
;
1064 b
->l3
= arp
= ofpbuf_put_zeros(b
, sizeof *arp
);
1065 arp
->ar_hrd
= htons(1);
1066 arp
->ar_pro
= htons(ETH_TYPE_IP
);
1067 arp
->ar_hln
= ETH_ADDR_LEN
;
1069 arp
->ar_op
= htons(flow
->nw_proto
);
1071 if (flow
->nw_proto
== ARP_OP_REQUEST
||
1072 flow
->nw_proto
== ARP_OP_REPLY
) {
1073 arp
->ar_spa
= flow
->nw_src
;
1074 arp
->ar_tpa
= flow
->nw_dst
;
1075 memcpy(arp
->ar_sha
, flow
->arp_sha
, ETH_ADDR_LEN
);
1076 memcpy(arp
->ar_tha
, flow
->arp_tha
, ETH_ADDR_LEN
);