From aaca4fe0ce9e90a41b3f4db84be7d05823c733e4 Mon Sep 17 00:00:00 2001 From: William Tu Date: Fri, 24 Jun 2016 07:42:30 -0700 Subject: [PATCH] ofp-actions: Add truncate action. The patch adds a new action to support packet truncation. The new action is formatted as 'output(port=n,max_len=m)', as output to port n, with packet size being MIN(original_size, m). One use case is to enable port mirroring to send smaller packets to the destination port so that only useful packet information is mirrored/copied, saving some performance overhead of copying entire packet payload. Example use case is below as well as shown in the testcases: - Output to port 1 with max_len 100 bytes. - The output packet size on port 1 will be MIN(original_packet_size, 100). # ovs-ofctl add-flow br0 'actions=output(port=1,max_len=100)' - The scope of max_len is limited to output action itself. The following packet size of output:1 and output:2 will be intact. # ovs-ofctl add-flow br0 \ 'actions=output(port=1,max_len=100),output:1,output:2' - The Datapath actions shows: # Datapath actions: trunc(100),1,1,2 Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/140037134 Signed-off-by: William Tu Acked-by: Pravin B Shelar --- NEWS | 3 + include/openvswitch/ofp-actions.h | 10 ++ lib/dp-packet.c | 2 + lib/dp-packet.h | 65 ++++++++ lib/dpif-netdev.c | 33 +++- lib/dpif.c | 25 ++- lib/dpif.h | 1 + lib/netdev-bsd.c | 3 + lib/netdev-dpdk.c | 15 ++ lib/netdev-dummy.c | 2 + lib/netdev-linux.c | 3 + lib/netdev.c | 5 +- lib/odp-execute.c | 12 ++ lib/odp-util.c | 23 +++ lib/ofp-actions.c | 106 +++++++++++++ ofproto/ofproto-dpif-sflow.c | 1 + ofproto/ofproto-dpif-xlate.c | 57 +++++++ ofproto/ofproto-dpif.c | 79 ++++++++++ ofproto/ofproto-dpif.h | 3 + tests/odp.at | 1 + tests/ofp-actions.at | 3 + tests/ofproto-dpif.at | 124 +++++++++++++++ tests/ovs-ofctl.at | 8 + tests/system-kmod-macros.at | 7 + tests/system-traffic.at | 247 ++++++++++++++++++++++++++++++ tests/system-userspace-macros.at | 7 + utilities/ovs-ofctl.8.in | 7 + 27 files changed, 848 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 26ebaf3bd..7aa050b9d 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ Post-v2.5.0 now implemented. Only flow mod and port mod messages are supported in bundles. * New OpenFlow extension NXM_NX_MPLS_TTL to provide access to MPLS TTL. + * New output option, output(port=N,max_len=M), to allow truncating a + packet to size M bytes when outputting to port N. - ovs-ofctl: * queue-get-config command now allows a queue ID to be specified. * '--bundle' option can now be used with OpenFlow 1.3. @@ -64,6 +66,7 @@ Post-v2.5.0 - Datapath Linux kernel compatibility. * Dropped support for kernel older than 3.10. * Removed VLAN splinters feature. + * Support for truncate action. - Tunnels: * Flow based tunnel match and action can be used for IPv6 address using tun_ipv6_src, tun_ipv6_dst fields. diff --git a/include/openvswitch/ofp-actions.h b/include/openvswitch/ofp-actions.h index 91c7ee51d..0b8ccbb4b 100644 --- a/include/openvswitch/ofp-actions.h +++ b/include/openvswitch/ofp-actions.h @@ -108,6 +108,7 @@ OFPACT(UNROLL_XLATE, ofpact_unroll_xlate, ofpact, "unroll_xlate") \ OFPACT(CT, ofpact_conntrack, ofpact, "ct") \ OFPACT(NAT, ofpact_nat, ofpact, "nat") \ + OFPACT(OUTPUT_TRUNC, ofpact_output_trunc,ofpact, "output_trunc") \ \ /* Debugging actions. \ * \ @@ -290,6 +291,15 @@ struct ofpact_output_reg { struct mf_subfield src; }; +/* OFPACT_OUTPUT_TRUNC. + * + * Used for NXAST_OUTPUT_TRUNC. */ +struct ofpact_output_trunc { + struct ofpact ofpact; + ofp_port_t port; /* Output port. */ + uint32_t max_len; /* Max send len. */ +}; + /* Bundle slave choice algorithm to apply. * * In the descriptions below, 'slaves' is the list of possible slaves in the diff --git a/lib/dp-packet.c b/lib/dp-packet.c index 0c85d508a..8e7defc83 100644 --- a/lib/dp-packet.c +++ b/lib/dp-packet.c @@ -30,6 +30,7 @@ dp_packet_init__(struct dp_packet *b, size_t allocated, enum dp_packet_source so dp_packet_reset_offsets(b); pkt_metadata_init(&b->md, 0); dp_packet_rss_invalidate(b); + dp_packet_reset_cutlen(b); } static void @@ -168,6 +169,7 @@ dp_packet_clone_with_headroom(const struct dp_packet *buffer, size_t headroom) new_buffer->l3_ofs = buffer->l3_ofs; new_buffer->l4_ofs = buffer->l4_ofs; new_buffer->md = buffer->md; + new_buffer->cutlen = buffer->cutlen; #ifdef DPDK_NETDEV new_buffer->mbuf.ol_flags = buffer->mbuf.ol_flags; #else diff --git a/lib/dp-packet.h b/lib/dp-packet.h index 118c84d3a..7c1e6373c 100644 --- a/lib/dp-packet.h +++ b/lib/dp-packet.h @@ -60,6 +60,7 @@ struct dp_packet { * or UINT16_MAX. */ uint16_t l4_ofs; /* Transport-level header offset, or UINT16_MAX. */ + uint32_t cutlen; /* length in bytes to cut from the end. */ union { struct pkt_metadata md; uint64_t data[DP_PACKET_CONTEXT_SIZE / 8]; @@ -494,6 +495,34 @@ dp_packet_set_allocated(struct dp_packet *b, uint16_t s) } #endif +static inline void +dp_packet_reset_cutlen(struct dp_packet *b) +{ + b->cutlen = 0; +} + +static inline uint32_t +dp_packet_set_cutlen(struct dp_packet *b, uint32_t max_len) +{ + if (max_len < ETH_HEADER_LEN) { + max_len = ETH_HEADER_LEN; + } + + if (max_len >= dp_packet_size(b)) { + b->cutlen = 0; + } else { + b->cutlen = dp_packet_size(b) - max_len; + } + return b->cutlen; +} + +static inline uint32_t +dp_packet_get_cutlen(struct dp_packet *b) +{ + /* Always in valid range if user uses dp_packet_set_cutlen. */ + return b->cutlen; +} + static inline void * dp_packet_data(const struct dp_packet *b) { @@ -567,12 +596,14 @@ enum { NETDEV_MAX_BURST = 32 }; /* Maximum number packets in a batch. */ struct dp_packet_batch { int count; + bool trunc; /* true if the batch needs truncate. */ struct dp_packet *packets[NETDEV_MAX_BURST]; }; static inline void dp_packet_batch_init(struct dp_packet_batch *b) { b->count = 0; + b->trunc = false; } static inline void @@ -585,12 +616,14 @@ dp_packet_batch_clone(struct dp_packet_batch *dst, dst->packets[i] = dp_packet_clone(src->packets[i]); } dst->count = src->count; + dst->trunc = src->trunc; } static inline void packet_batch_init_packet(struct dp_packet_batch *b, struct dp_packet *p) { b->count = 1; + b->trunc = false; b->packets[0] = p; } @@ -606,6 +639,38 @@ dp_packet_delete_batch(struct dp_packet_batch *batch, bool may_steal) } } +static inline void +dp_packet_batch_apply_cutlen(struct dp_packet_batch *pktb) +{ + int i; + + if (!pktb->trunc) + return; + + for (i = 0; i < pktb->count; i++) { + uint32_t cutlen = dp_packet_get_cutlen(pktb->packets[i]); + + dp_packet_set_size(pktb->packets[i], + dp_packet_size(pktb->packets[i]) - cutlen); + dp_packet_reset_cutlen(pktb->packets[i]); + } + pktb->trunc = false; +} + +static inline void +dp_packet_batch_reset_cutlen(struct dp_packet_batch *pktb) +{ + int i; + + if (!pktb->trunc) + return; + + pktb->trunc = false; + for (i = 0; i < pktb->count; i++) { + dp_packet_reset_cutlen(pktb->packets[i]); + } +} + #ifdef __cplusplus } #endif diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 8d39d9ecc..70f320da0 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -4057,13 +4057,17 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, case OVS_ACTION_ATTR_TUNNEL_PUSH: if (*depth < MAX_RECIRC_DEPTH) { struct dp_packet_batch tnl_pkt; + struct dp_packet_batch *orig_packets_ = packets_; int err; if (!may_steal) { dp_packet_batch_clone(&tnl_pkt, packets_); packets_ = &tnl_pkt; + dp_packet_batch_reset_cutlen(orig_packets_); } + dp_packet_batch_apply_cutlen(packets_); + err = push_tnl_action(pmd, a, packets_); if (!err) { (*depth)++; @@ -4076,6 +4080,7 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, case OVS_ACTION_ATTR_TUNNEL_POP: if (*depth < MAX_RECIRC_DEPTH) { + struct dp_packet_batch *orig_packets_ = packets_; odp_port_t portno = u32_to_odp(nl_attr_get_u32(a)); p = pmd_tx_port_cache_lookup(pmd, portno); @@ -4084,10 +4089,13 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, int i; if (!may_steal) { - dp_packet_batch_clone(&tnl_pkt, packets_); - packets_ = &tnl_pkt; + dp_packet_batch_clone(&tnl_pkt, packets_); + packets_ = &tnl_pkt; + dp_packet_batch_reset_cutlen(orig_packets_); } + dp_packet_batch_apply_cutlen(packets_); + netdev_pop_header(p->netdev, packets_); if (!packets_->count) { return; @@ -4107,22 +4115,42 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, case OVS_ACTION_ATTR_USERSPACE: if (!fat_rwlock_tryrdlock(&dp->upcall_rwlock)) { + struct dp_packet_batch *orig_packets_ = packets_; struct dp_packet **packets = packets_->packets; const struct nlattr *userdata; + struct dp_packet_batch usr_pkt; struct ofpbuf actions; struct flow flow; ovs_u128 ufid; + bool clone = false; int i; userdata = nl_attr_find_nested(a, OVS_USERSPACE_ATTR_USERDATA); ofpbuf_init(&actions, 0); + if (packets_->trunc) { + if (!may_steal) { + dp_packet_batch_clone(&usr_pkt, packets_); + packets_ = &usr_pkt; + packets = packets_->packets; + clone = true; + dp_packet_batch_reset_cutlen(orig_packets_); + } + + dp_packet_batch_apply_cutlen(packets_); + } + for (i = 0; i < packets_->count; i++) { flow_extract(packets[i], &flow); dpif_flow_hash(dp->dpif, &flow, sizeof flow, &ufid); dp_execute_userspace_action(pmd, packets[i], may_steal, &flow, &ufid, &actions, userdata); } + + if (clone) { + dp_packet_delete_batch(packets_, true); + } + ofpbuf_uninit(&actions); fat_rwlock_unlock(&dp->upcall_rwlock); @@ -4170,6 +4198,7 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, case OVS_ACTION_ATTR_SAMPLE: case OVS_ACTION_ATTR_HASH: case OVS_ACTION_ATTR_UNSPEC: + case OVS_ACTION_ATTR_TRUNC: case __OVS_ACTION_ATTR_MAX: OVS_NOT_REACHED(); } diff --git a/lib/dpif.c b/lib/dpif.c index c4f24c780..5f1be41c6 100644 --- a/lib/dpif.c +++ b/lib/dpif.c @@ -1092,6 +1092,7 @@ dpif_execute_helper_cb(void *aux_, struct dp_packet_batch *packets_, struct dpif_execute_helper_aux *aux = aux_; int type = nl_attr_type(action); struct dp_packet *packet = packets_->packets[0]; + struct dp_packet *trunc_packet = NULL, *orig_packet; ovs_assert(packets_->count == 1); @@ -1106,7 +1107,8 @@ dpif_execute_helper_cb(void *aux_, struct dp_packet_batch *packets_, struct ofpbuf execute_actions; uint64_t stub[256 / 8]; struct pkt_metadata *md = &packet->md; - bool dst_set; + bool dst_set, clone = false; + uint32_t cutlen = dp_packet_get_cutlen(packet); dst_set = flow_tnl_dst_is_set(&md->tunnel); if (dst_set) { @@ -1124,6 +1126,22 @@ dpif_execute_helper_cb(void *aux_, struct dp_packet_batch *packets_, execute.actions_len = NLA_ALIGN(action->nla_len); } + orig_packet = packet; + + if (cutlen > 0 && (type == OVS_ACTION_ATTR_OUTPUT || + type == OVS_ACTION_ATTR_TUNNEL_PUSH || + type == OVS_ACTION_ATTR_TUNNEL_POP || + type == OVS_ACTION_ATTR_USERSPACE)) { + if (!may_steal) { + trunc_packet = dp_packet_clone(packet); + packet = trunc_packet; + clone = true; + } + + dp_packet_set_size(packet, dp_packet_size(packet) - cutlen); + dp_packet_reset_cutlen(orig_packet); + } + execute.packet = packet; execute.flow = aux->flow; execute.needs_help = false; @@ -1135,6 +1153,10 @@ dpif_execute_helper_cb(void *aux_, struct dp_packet_batch *packets_, if (dst_set) { ofpbuf_uninit(&execute_actions); } + + if (clone) { + dp_packet_delete(trunc_packet); + } break; } @@ -1146,6 +1168,7 @@ dpif_execute_helper_cb(void *aux_, struct dp_packet_batch *packets_, case OVS_ACTION_ATTR_SET: case OVS_ACTION_ATTR_SET_MASKED: case OVS_ACTION_ATTR_SAMPLE: + case OVS_ACTION_ATTR_TRUNC: case OVS_ACTION_ATTR_UNSPEC: case __OVS_ACTION_ATTR_MAX: OVS_NOT_REACHED(); diff --git a/lib/dpif.h b/lib/dpif.h index 678830135..981868cd1 100644 --- a/lib/dpif.h +++ b/lib/dpif.h @@ -784,6 +784,7 @@ struct dpif_upcall { size_t key_len; /* Length of 'key' in bytes. */ ovs_u128 ufid; /* Unique flow identifier for 'key'. */ struct nlattr *mru; /* Maximum receive unit. */ + struct nlattr *cutlen; /* Number of bytes shrink from the end. */ /* DPIF_UC_ACTION only. */ struct nlattr *userdata; /* Argument to OVS_ACTION_ATTR_USERSPACE. */ diff --git a/lib/netdev-bsd.c b/lib/netdev-bsd.c index 43fa9821b..2e92d9768 100644 --- a/lib/netdev-bsd.c +++ b/lib/netdev-bsd.c @@ -699,6 +699,9 @@ netdev_bsd_send(struct netdev *netdev_, int qid OVS_UNUSED, const void *data = dp_packet_data(pkts[i]); size_t size = dp_packet_size(pkts[i]); + /* Truncate the packet if it is configured. */ + size -= dp_packet_get_cutlen(pkts[i]); + while (!error) { ssize_t retval; if (dev->tap_fd >= 0) { diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index fc0c8d351..ed14a21e1 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -1503,6 +1503,10 @@ dpdk_do_tx_copy(struct netdev *netdev, int qid, struct dp_packet **pkts, break; } + /* Cut the size so only the truncated size is copied. */ + size -= dp_packet_get_cutlen(pkts[i]); + dp_packet_reset_cutlen(pkts[i]); + /* We have to do a copy for now */ memcpy(rte_pktmbuf_mtod(mbufs[newcnt], void *), dp_packet_data(pkts[i]), size); @@ -1550,6 +1554,14 @@ netdev_dpdk_vhost_send(struct netdev *netdev, int qid, struct dp_packet **pkts, } } } else { + int i; + + for (i = 0; i < cnt; i++) { + int cutlen = dp_packet_get_cutlen(pkts[i]); + + dp_packet_set_size(pkts[i], dp_packet_size(pkts[i]) - cutlen); + dp_packet_reset_cutlen(pkts[i]); + } __netdev_dpdk_vhost_send(netdev, qid, pkts, cnt, may_steal); } return 0; @@ -1586,6 +1598,9 @@ netdev_dpdk_send__(struct netdev_dpdk *dev, int qid, for (i = 0; i < cnt; i++) { int size = dp_packet_size(pkts[i]); + size -= dp_packet_get_cutlen(pkts[i]); + dp_packet_set_size(pkts[i], size); + if (OVS_UNLIKELY(size > dev->max_packet_len)) { if (next_tx_idx != i) { temp_cnt = i - next_tx_idx; diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c index aa244b60d..127b6ae01 100644 --- a/lib/netdev-dummy.c +++ b/lib/netdev-dummy.c @@ -1044,6 +1044,8 @@ netdev_dummy_send(struct netdev *netdev, int qid OVS_UNUSED, const void *buffer = dp_packet_data(pkts[i]); size_t size = dp_packet_size(pkts[i]); + size -= dp_packet_get_cutlen(pkts[i]); + if (size < ETH_HEADER_LEN) { error = EMSGSIZE; break; diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c index 8a5661d12..ef11d12ba 100644 --- a/lib/netdev-linux.c +++ b/lib/netdev-linux.c @@ -1172,6 +1172,9 @@ netdev_linux_send(struct netdev *netdev_, int qid OVS_UNUSED, size_t size = dp_packet_size(pkts[i]); ssize_t retval; + /* Truncate the packet if it is configured. */ + size -= dp_packet_get_cutlen(pkts[i]); + if (!is_tap_netdev(netdev_)) { /* Use our AF_PACKET socket to send to this device. */ struct sockaddr_ll sll; diff --git a/lib/netdev.c b/lib/netdev.c index 4be806d18..66511731d 100644 --- a/lib/netdev.c +++ b/lib/netdev.c @@ -681,7 +681,7 @@ netdev_set_tx_multiq(struct netdev *netdev, unsigned int n_txq) return error; } -/* Sends 'buffers' on 'netdev'. Returns 0 if successful (for every packet), +/* Sends 'batch' on 'netdev'. Returns 0 if successful (for every packet), * otherwise a positive errno value. Returns EAGAIN without blocking if * at least one the packets cannot be queued immediately. Returns EMSGSIZE * if a partial packet was transmitted or if a packet is too big or too small @@ -716,6 +716,9 @@ netdev_send(struct netdev *netdev, int qid, struct dp_packet_batch *batch, may_steal); if (!error) { COVERAGE_INC(netdev_sent); + if (!may_steal) { + dp_packet_batch_reset_cutlen(batch); + } } return error; } diff --git a/lib/odp-execute.c b/lib/odp-execute.c index 423962406..5a4390405 100644 --- a/lib/odp-execute.c +++ b/lib/odp-execute.c @@ -503,6 +503,7 @@ requires_datapath_assistance(const struct nlattr *a) case OVS_ACTION_ATTR_HASH: case OVS_ACTION_ATTR_PUSH_MPLS: case OVS_ACTION_ATTR_POP_MPLS: + case OVS_ACTION_ATTR_TRUNC: return false; case OVS_ACTION_ATTR_UNSPEC: @@ -625,6 +626,17 @@ odp_execute_actions(void *dp, struct dp_packet_batch *batch, bool steal, } break; + case OVS_ACTION_ATTR_TRUNC: { + const struct ovs_action_trunc *trunc = + nl_attr_get_unspec(a, sizeof *trunc); + + batch->trunc = true; + for (i = 0; i < cnt; i++) { + dp_packet_set_cutlen(packets[i], trunc->max_len); + } + break; + } + case OVS_ACTION_ATTR_OUTPUT: case OVS_ACTION_ATTR_TUNNEL_PUSH: case OVS_ACTION_ATTR_TUNNEL_POP: diff --git a/lib/odp-util.c b/lib/odp-util.c index 48c05f509..d7b6a2d27 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -107,6 +107,7 @@ odp_action_len(uint16_t type) switch ((enum ovs_action_attr) type) { case OVS_ACTION_ATTR_OUTPUT: return sizeof(uint32_t); + case OVS_ACTION_ATTR_TRUNC: return sizeof(struct ovs_action_trunc); case OVS_ACTION_ATTR_TUNNEL_PUSH: return ATTR_LEN_VARIABLE; case OVS_ACTION_ATTR_TUNNEL_POP: return sizeof(uint32_t); case OVS_ACTION_ATTR_USERSPACE: return ATTR_LEN_VARIABLE; @@ -777,6 +778,14 @@ format_odp_action(struct ds *ds, const struct nlattr *a) case OVS_ACTION_ATTR_OUTPUT: ds_put_format(ds, "%"PRIu32, nl_attr_get_u32(a)); break; + case OVS_ACTION_ATTR_TRUNC: { + const struct ovs_action_trunc *trunc = + nl_attr_get_unspec(a, sizeof *trunc); + + ds_put_format(ds, "trunc(%"PRIu32")", trunc->max_len); + break; + } + break; case OVS_ACTION_ATTR_TUNNEL_POP: ds_put_format(ds, "tnl_pop(%"PRIu32")", nl_attr_get_u32(a)); break; @@ -1528,6 +1537,20 @@ parse_odp_action(const char *s, const struct simap *port_names, } } + { + uint32_t max_len; + int n; + + if (ovs_scan(s, "trunc(%"SCNi32")%n", &max_len, &n)) { + struct ovs_action_trunc *trunc; + + trunc = nl_msg_put_unspec_uninit(actions, + OVS_ACTION_ATTR_TRUNC, sizeof *trunc); + trunc->max_len = max_len; + return n; + } + } + if (port_names) { int len = strcspn(s, delimiters); struct simap_node *node; diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index ea55896f1..997cc15b4 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -301,6 +301,9 @@ enum ofp_raw_action_type { /* NX1.0+(36): struct nx_action_nat, ... */ NXAST_RAW_NAT, + /* NX1.0+(39): struct nx_action_output_trunc. */ + NXAST_RAW_OUTPUT_TRUNC, + /* ## ------------------ ## */ /* ## Debugging actions. ## */ /* ## ------------------ ## */ @@ -381,6 +384,7 @@ ofpact_next_flattened(const struct ofpact *ofpact) case OFPACT_CONTROLLER: case OFPACT_ENQUEUE: case OFPACT_OUTPUT_REG: + case OFPACT_OUTPUT_TRUNC: case OFPACT_BUNDLE: case OFPACT_SET_FIELD: case OFPACT_SET_VLAN_VID: @@ -537,6 +541,40 @@ encode_OUTPUT(const struct ofpact_output *output, } } +static char * OVS_WARN_UNUSED_RESULT +parse_truncate_subfield(struct ofpact_output_trunc *output_trunc, + const char *arg_) +{ + char *key, *value; + char *arg = CONST_CAST(char *, arg_); + + while (ofputil_parse_key_value(&arg, &key, &value)) { + if (!strcmp(key, "port")) { + if (!ofputil_port_from_string(value, &output_trunc->port)) { + return xasprintf("output to unknown truncate port: %s", + value); + } + if (ofp_to_u16(output_trunc->port) > ofp_to_u16(OFPP_MAX)) { + if (output_trunc->port != OFPP_LOCAL && + output_trunc->port != OFPP_IN_PORT) + return xasprintf("output to unsupported truncate port: %s", + value); + } + } else if (!strcmp(key, "max_len")) { + char *err; + + err = str_to_u32(value, &output_trunc->max_len); + if (err) { + return err; + } + } else { + return xasprintf("invalid key '%s' in output_trunc argument", + key); + } + } + return NULL; +} + static char * OVS_WARN_UNUSED_RESULT parse_OUTPUT(const char *arg, struct ofpbuf *ofpacts, enum ofputil_protocol *usable_protocols OVS_UNUSED) @@ -547,6 +585,11 @@ parse_OUTPUT(const char *arg, struct ofpbuf *ofpacts, output_reg = ofpact_put_OUTPUT_REG(ofpacts); output_reg->max_len = UINT16_MAX; return mf_parse_subfield(&output_reg->src, arg); + } else if (strstr(arg, "port") && strstr(arg, "max_len")) { + struct ofpact_output_trunc *output_trunc; + + output_trunc = ofpact_put_OUTPUT_TRUNC(ofpacts); + return parse_truncate_subfield(output_trunc, arg); } else { struct ofpact_output *output; @@ -5603,6 +5646,61 @@ parse_NAT(char *arg, struct ofpbuf *ofpacts, return NULL; } +/* Truncate output action. */ +struct nx_action_output_trunc { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* At least 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_OUTPUT_TRUNC. */ + ovs_be16 port; /* Output port */ + ovs_be32 max_len; /* Truncate packet to size bytes */ +}; +OFP_ASSERT(sizeof(struct nx_action_output_trunc) == 16); + +static enum ofperr +decode_NXAST_RAW_OUTPUT_TRUNC(const struct nx_action_output_trunc *natrc, + enum ofp_version ofp_version OVS_UNUSED, + struct ofpbuf *out) +{ + struct ofpact_output_trunc *output_trunc; + + output_trunc = ofpact_put_OUTPUT_TRUNC(out); + output_trunc->max_len = ntohl(natrc->max_len); + output_trunc->port = u16_to_ofp(ntohs(natrc->port)); + + if (output_trunc->max_len < ETH_HEADER_LEN) { + return OFPERR_OFPBAC_BAD_ARGUMENT; + } + return 0; +} + +static void +encode_OUTPUT_TRUNC(const struct ofpact_output_trunc *output_trunc, + enum ofp_version ofp_version OVS_UNUSED, + struct ofpbuf *out) +{ + struct nx_action_output_trunc *natrc = put_NXAST_OUTPUT_TRUNC(out); + + natrc->max_len = htonl(output_trunc->max_len); + natrc->port = htons(ofp_to_u16(output_trunc->port)); +} + +static char * OVS_WARN_UNUSED_RESULT +parse_OUTPUT_TRUNC(const char *arg, struct ofpbuf *ofpacts OVS_UNUSED, + enum ofputil_protocol *usable_protocols OVS_UNUSED) +{ + /* Disable output_trunc parsing. Expose as output(port=N,max_len=M) and + * reuse parse_OUTPUT to parse output_trunc action. */ + return xasprintf("unknown action %s", arg); +} + +static void +format_OUTPUT_TRUNC(const struct ofpact_output_trunc *a, struct ds *s) +{ + ds_put_format(s, "%soutput%s(port=%"PRIu16",max_len=%"PRIu32")", + colors.special, colors.end, a->port, a->max_len); +} + /* Meter instruction. */ @@ -5997,6 +6095,7 @@ ofpact_is_set_or_move_action(const struct ofpact *a) case OFPACT_NOTE: case OFPACT_OUTPUT: case OFPACT_OUTPUT_REG: + case OFPACT_OUTPUT_TRUNC: case OFPACT_POP_MPLS: case OFPACT_POP_QUEUE: case OFPACT_PUSH_MPLS: @@ -6025,6 +6124,7 @@ ofpact_is_allowed_in_actions_set(const struct ofpact *a) case OFPACT_DEC_TTL: case OFPACT_GROUP: case OFPACT_OUTPUT: + case OFPACT_OUTPUT_TRUNC: case OFPACT_POP_MPLS: case OFPACT_PUSH_MPLS: case OFPACT_PUSH_VLAN: @@ -6249,6 +6349,7 @@ ovs_instruction_type_from_ofpact_type(enum ofpact_type type) case OFPACT_CONTROLLER: case OFPACT_ENQUEUE: case OFPACT_OUTPUT_REG: + case OFPACT_OUTPUT_TRUNC: case OFPACT_BUNDLE: case OFPACT_SET_VLAN_VID: case OFPACT_SET_VLAN_PCP: @@ -6677,6 +6778,10 @@ ofpact_check__(enum ofputil_protocol *usable_protocols, struct ofpact *a, case OFPACT_OUTPUT_REG: return mf_check_src(&ofpact_get_OUTPUT_REG(a)->src, flow); + case OFPACT_OUTPUT_TRUNC: + return ofpact_check_output_port(ofpact_get_OUTPUT_TRUNC(a)->port, + max_ports); + case OFPACT_BUNDLE: return bundle_check(ofpact_get_BUNDLE(a), max_ports, flow); @@ -7354,6 +7459,7 @@ ofpact_outputs_to_port(const struct ofpact *ofpact, ofp_port_t port) return port == OFPP_CONTROLLER; case OFPACT_OUTPUT_REG: + case OFPACT_OUTPUT_TRUNC: case OFPACT_BUNDLE: case OFPACT_SET_VLAN_VID: case OFPACT_SET_VLAN_PCP: diff --git a/ofproto/ofproto-dpif-sflow.c b/ofproto/ofproto-dpif-sflow.c index fbc82b735..5d26b7c47 100644 --- a/ofproto/ofproto-dpif-sflow.c +++ b/ofproto/ofproto-dpif-sflow.c @@ -1140,6 +1140,7 @@ dpif_sflow_read_actions(const struct flow *flow, } break; + case OVS_ACTION_ATTR_TRUNC: case OVS_ACTION_ATTR_USERSPACE: case OVS_ACTION_ATTR_RECIRC: case OVS_ACTION_ATTR_HASH: diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index f8c4a936c..d46a52c1d 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3994,6 +3994,56 @@ xlate_output_reg_action(struct xlate_ctx *ctx, } } +static void +xlate_output_trunc_action(struct xlate_ctx *ctx, + ofp_port_t port, uint32_t max_len) +{ + bool support_trunc = ctx->xbridge->support.trunc; + struct ovs_action_trunc *trunc; + char name[OFP_MAX_PORT_NAME_LEN]; + + switch (port) { + case OFPP_TABLE: + case OFPP_NORMAL: + case OFPP_FLOOD: + case OFPP_ALL: + case OFPP_CONTROLLER: + case OFPP_NONE: + ofputil_port_to_string(port, name, sizeof name); + xlate_report(ctx, "output_trunc does not support port: %s", name); + break; + case OFPP_LOCAL: + case OFPP_IN_PORT: + default: + if (port != ctx->xin->flow.in_port.ofp_port) { + const struct xport *xport = get_ofp_port(ctx->xbridge, port); + + if (xport == NULL || xport->odp_port == ODPP_NONE) { + /* Since truncate happens at its following output action, if + * the output port is a patch port, the behavior is somehow + * unpredicable. For simpilicity, disallow this case. */ + ofputil_port_to_string(port, name, sizeof name); + XLATE_REPORT_ERROR(ctx, "bridge %s: " + "output_trunc does not support port: %s", + ctx->xbridge->name, name); + break; + } + + trunc = nl_msg_put_unspec_uninit(ctx->odp_actions, + OVS_ACTION_ATTR_TRUNC, + sizeof *trunc); + trunc->max_len = max_len; + xlate_output_action(ctx, port, max_len, false); + if (!support_trunc) { + ctx->xout->slow |= SLOW_ACTION; + } + } else { + xlate_report(ctx, "skipping output to input port"); + } + break; + } +} + static void xlate_enqueue_action(struct xlate_ctx *ctx, const struct ofpact_enqueue *enqueue) @@ -4333,6 +4383,7 @@ freeze_unroll_actions(const struct ofpact *a, const struct ofpact *end, for (; a < end; a = ofpact_next(a)) { switch (a->type) { case OFPACT_OUTPUT_REG: + case OFPACT_OUTPUT_TRUNC: case OFPACT_GROUP: case OFPACT_OUTPUT: case OFPACT_CONTROLLER: @@ -4584,6 +4635,7 @@ recirc_for_mpls(const struct ofpact *a, struct xlate_ctx *ctx) /* Output actions do not require recirculation. */ case OFPACT_OUTPUT: + case OFPACT_OUTPUT_TRUNC: case OFPACT_ENQUEUE: case OFPACT_OUTPUT_REG: /* Set actions that don't touch L3+ fields do not require recirculation. */ @@ -4933,6 +4985,11 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a)); break; + case OFPACT_OUTPUT_TRUNC: + xlate_output_trunc_action(ctx, ofpact_get_OUTPUT_TRUNC(a)->port, + ofpact_get_OUTPUT_TRUNC(a)->max_len); + break; + case OFPACT_LEARN: xlate_learn_action(ctx, ofpact_get_LEARN(a)); break; diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 100e8d595..0cd1c25b1 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -1212,6 +1212,63 @@ check_masked_set_action(struct dpif_backer *backer) return !error; } +/* Tests whether 'backer''s datapath supports truncation of a packet in + * OVS_ACTION_ATTR_TRUNC. We need to disable some features on older + * datapaths that don't support this feature. */ +static bool +check_trunc_action(struct dpif_backer *backer) +{ + struct eth_header *eth; + struct ofpbuf actions; + struct dpif_execute execute; + struct dp_packet packet; + struct ovs_action_trunc *trunc; + struct flow flow; + int error; + + /* Compose an action with output(port:1, + * max_len:OVS_ACTION_OUTPUT_MIN + 1). + * This translates to one truncate action and one output action. */ + ofpbuf_init(&actions, 64); + trunc = nl_msg_put_unspec_uninit(&actions, + OVS_ACTION_ATTR_TRUNC, sizeof *trunc); + + trunc->max_len = ETH_HEADER_LEN + 1; + nl_msg_put_odp_port(&actions, OVS_ACTION_ATTR_OUTPUT, u32_to_odp(1)); + + /* Compose a dummy Ethernet packet. */ + dp_packet_init(&packet, ETH_HEADER_LEN); + eth = dp_packet_put_zeros(&packet, ETH_HEADER_LEN); + eth->eth_type = htons(0x1234); + + flow_extract(&packet, &flow); + + /* Execute the actions. On older datapaths this fails with EINVAL, on + * newer datapaths it succeeds. */ + execute.actions = actions.data; + execute.actions_len = actions.size; + execute.packet = &packet; + execute.flow = &flow; + execute.needs_help = false; + execute.probe = true; + execute.mtu = 0; + + error = dpif_execute(backer->dpif, &execute); + + dp_packet_uninit(&packet); + ofpbuf_uninit(&actions); + + if (error) { + VLOG_INFO("%s: Datapath does not support truncate action", + dpif_name(backer->dpif)); + } else { + VLOG_INFO("%s: Datapath supports truncate action", + dpif_name(backer->dpif)); + } + + return !error; +} + #define CHECK_FEATURE__(NAME, SUPPORT, FIELD, VALUE) \ static bool \ check_##NAME(struct dpif_backer *backer) \ @@ -1263,6 +1320,7 @@ check_support(struct dpif_backer *backer) backer->support.odp.recirc = check_recirc(backer); backer->support.odp.max_mpls_depth = check_max_mpls_depth(backer); backer->support.masked_set_action = check_masked_set_action(backer); + backer->support.trunc = check_trunc_action(backer); backer->support.ufid = check_ufid(backer); backer->support.tnl_push_pop = dpif_supports_tnl_push_pop(backer->dpif); @@ -5342,6 +5400,24 @@ disable_tnl_push_pop(struct unixctl_conn *conn OVS_UNUSED, int argc OVS_UNUSED, } } +static void +disable_datapath_truncate(struct unixctl_conn *conn OVS_UNUSED, + int argc OVS_UNUSED, + const char *argv[] OVS_UNUSED, + void *aux OVS_UNUSED) +{ + const struct shash_node **backers; + int i; + + backers = shash_sort(&all_dpif_backers); + for (i = 0; i < shash_count(&all_dpif_backers); i++) { + struct dpif_backer *backer = backers[i]->data; + backer->support.trunc = false; + } + free(backers); + unixctl_command_reply(conn, "Datapath truncate action diabled"); +} + static void ofproto_unixctl_init(void) { @@ -5376,6 +5452,9 @@ ofproto_unixctl_init(void) unixctl_command_register("ofproto/tnl-push-pop", "[on]|[off]", 1, 1, disable_tnl_push_pop, NULL); + + unixctl_command_register("dpif/disable-truncate", "", 0, 0, + disable_datapath_truncate, NULL); } /* Returns true if 'table' is the table used for internal rules, diff --git a/ofproto/ofproto-dpif.h b/ofproto/ofproto-dpif.h index 9e03b0124..403447557 100644 --- a/ofproto/ofproto-dpif.h +++ b/ofproto/ofproto-dpif.h @@ -90,6 +90,9 @@ struct dpif_backer_support { /* True if the datapath supports OVS_FLOW_ATTR_UFID. */ bool ufid; + /* True if the datapath supports OVS_ACTION_ATTR_TRUNC action. */ + bool trunc; + /* Each member represents support for related OVS_KEY_ATTR_* fields. */ struct odp_support odp; }; diff --git a/tests/odp.at b/tests/odp.at index 7b94c92a4..e6308556a 100644 --- a/tests/odp.at +++ b/tests/odp.at @@ -329,6 +329,7 @@ ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random)) ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random)) ct(commit,nat(src=[[fe80::20c:29ff:fe88:1]]-[[fe80::20c:29ff:fe88:a18b]]:255-4096,random)) ct(commit,helper=ftp,nat(src=10.1.1.240-10.1.1.255)) +trunc(100) ]) AT_CHECK_UNQUOTED([ovstest test-odp parse-actions < actions.txt], [0], [`cat actions.txt` diff --git a/tests/ofp-actions.at b/tests/ofp-actions.at index 50f74e97c..ca4d1ba3a 100644 --- a/tests/ofp-actions.at +++ b/tests/ofp-actions.at @@ -241,6 +241,9 @@ fe800000 00000000 020c 29ff fe88 0001 dnl fe800000 00000000 020c 29ff fe88 a18b dnl 00ff1000 00000000 +# actions=output(port=1,max_len=100) +ffff 0010 00002320 0027 0001 00000064 + # bad OpenFlow10 actions: NXBRC_MUST_BE_ZERO ffff 0018 00002320 0025 0000 0005 0000 1122334455 000005 diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at index aa724597d..773d099c6 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at @@ -5322,6 +5322,130 @@ PORTNAME portName=p2 ])]) +AT_SETUP([ofproto-dpif - basic truncate action]) +OVS_VSWITCHD_START +add_of_ports br0 1 2 3 4 5 + +AT_CHECK([ovs-vsctl -- set Interface p1 type=dummy options:pcap=p1.pcap]) +AT_CHECK([ovs-vsctl -- set Interface p2 type=dummy options:pstream=punix:p2.sock]) +AT_CHECK([ovs-vsctl -- set Interface p3 type=dummy options:stream=unix:p2.sock]) +AT_CHECK([ovs-vsctl -- set Interface p4 type=dummy options:pstream=punix:p4.sock]) +AT_CHECK([ovs-vsctl -- set Interface p5 type=dummy options:stream=unix:p4.sock]) + +AT_DATA([flows.txt], [dnl +in_port=3,actions=drop +in_port=5,actions=drop +in_port=1,actions=output(port=2,max_len=64),output:4 +]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +dnl Datapath actions +AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(1),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=6,tos=4,ttl=128,frag=no),tcp(src=8,dst=9)'], [0], [stdout]) +AT_CHECK([tail -1 stdout], [0], +[Datapath actions: trunc(64),2,4 +]) + +dnl An 170 byte packet +AT_CHECK([ovs-appctl netdev-dummy/receive p1 '000c29c8a0a4005056c0000808004500009cb4a6000040019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f']) + +AT_CHECK([ovs-ofctl parse-pcap p1.pcap], [0], [dnl +icmp,in_port=ANY,vlan_tci=0x0000,dl_src=00:50:56:c0:00:08,dl_dst=00:0c:29:c8:a0:a4,nw_src=192.168.218.1,nw_dst=192.168.218.100,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 +]) + +AT_CHECK([ovs-appctl revalidator/purge], [0]) +dnl packet with truncated size +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=64 +]) +dnl packet with original size +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=170 +]) + +dnl More complicated case +AT_CHECK([ovs-ofctl del-flows br0]) +AT_DATA([flows.txt], [dnl +in_port=3,actions=drop +in_port=5,actions=drop +in_port=1,actions=output(port=2,max_len=64),output(port=2,max_len=128),output(port=4,max_len=60),output:2,output:4 +]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +dnl Datapath actions +AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(1),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=6,tos=4,ttl=128,frag=no),tcp(src=8,dst=9)'], [0], [stdout]) +AT_CHECK([tail -1 stdout], [0], +[Datapath actions: trunc(64),2,trunc(128),2,trunc(60),4,2,4 +]) + +dnl An 170 byte packet +AT_CHECK([ovs-appctl netdev-dummy/receive p1 '000c29c8a0a4005056c0000808004500009cb4a6000040019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f']) + +AT_CHECK([ovs-appctl revalidator/purge], [0]) +dnl packet size: 64 + 128 + 170 = 362 +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=362 +]) +dnl packet size: 60 + 170 = 230 +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=230 +]) + +dnl syntax checking +AT_CHECK([ovs-ofctl add-flow br0 'actions=output(port=ALL,max_len=100)'], [1], [], [dnl +ovs-ofctl: output to unsupported truncate port: ALL +]) + +OVS_VSWITCHD_STOP +AT_CLEANUP + +AT_SETUP([ofproto-dpif - truncate and output to patch port]) +OVS_VSWITCHD_START([add-br br1 \ +-- set bridge br1 datapath-type=dummy fail-mode=secure \ +-- add-port br1 pbr1 -- set int pbr1 type=patch options:peer=pbr0 ofport_request=1 \ +-- add-port br0 pbr0 -- set int pbr0 type=patch options:peer=pbr1]) + +add_of_ports br0 2 + +AT_CHECK([ovs-ofctl add-flow br0 actions='output(port=1,max_len=100),output:2']) +AT_CHECK([ovs-ofctl add-flow br1 actions=NORMAL]) + +AT_CHECK([ovs-appctl ofproto/trace br0 in_port=LOCAL,dl_src=10:20:30:40:50:60], +[0], [stdout]) +AT_CHECK([tail -1 stdout], [0], [Datapath actions: 2 +]) +dnl the output(port=1,max_len=100) fails the translation, only output:2 in datapath +AT_CHECK([grep "output_trunc does not support port: [[0-9]]*" stdout], [0], [stdout]) + +OVS_VSWITCHD_STOP +AT_CLEANUP + +AT_SETUP([ofproto-dpif - truncate and output to gre tunnel]) +OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ + options:remote_ip=1.1.1.1 options:local_ip=2.2.2.2 \ + options:key=5 ofport_request=1\ + -- add-port br0 p2 -- set Interface p2 type=dummy \ + ofport_request=2]) +AT_DATA([flows.txt], [dnl +actions=output(max_len=100, port=1) +]) +OVS_VSWITCHD_DISABLE_TUNNEL_PUSH_POP +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl + br0 65534/100: (dummy) + p1 1/1: (gre: key=5, local_ip=2.2.2.2, remote_ip=1.1.1.1) + p2 2/2: (dummy) +]) + +dnl Basic +AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=6,tos=4,ttl=128,frag=no),tcp(src=8,dst=9)'], [0], [stdout]) +AT_CHECK([tail -1 stdout], [0], + [Datapath actions: trunc(100),set(tunnel(tun_id=0x5,src=2.2.2.2,dst=1.1.1.1,ttl=64,flags(df|key))),1 +]) + +OVS_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([ofproto-dpif - sFlow packet sampling - IPv4 collector]) CHECK_SFLOW_SAMPLING_PACKET([127.0.0.1]) AT_CLEANUP diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at index 613d9ce7f..71c4aab20 100644 --- a/tests/ovs-ofctl.at +++ b/tests/ovs-ofctl.at @@ -388,6 +388,10 @@ ip,actions=ct(commit,exec(load(0x1->NXM_NX_CT_LABEL[]))) ip,actions=ct(commit,exec(load(0x1234567890ABCDEF->NXM_NX_CT_LABEL[32..95]))) ip,actions=ct(commit,exec(set_field(0x1->ct_label))) ip,ct_state=+trk,ct_label=0x1234567890abcdef12345678,actions=ct(commit) +actions=output(max_len=100,port=123) +actions=output(port=100,max_len=123) +actions=output(port=LOCAL,max_len=123) +actions=output(port=IN_PORT,max_len=123) ]]) AT_CHECK([ovs-ofctl parse-flows flows.txt @@ -431,6 +435,10 @@ NXT_FLOW_MOD: ADD table:255 ip actions=ct(commit,exec(load:0x1->NXM_NX_CT_LABEL[ NXT_FLOW_MOD: ADD table:255 ip actions=ct(commit,exec(load:0x1234567890abcdef->NXM_NX_CT_LABEL[32..95])) NXT_FLOW_MOD: ADD table:255 ip actions=ct(commit,exec(load:0x1->NXM_NX_CT_LABEL[0..63],load:0->NXM_NX_CT_LABEL[64..127])) NXT_FLOW_MOD: ADD table:255 ct_state=+trk,ct_label=0x1234567890abcdef12345678,ip actions=ct(commit) +NXT_FLOW_MOD: ADD table:255 actions=output(port=123,max_len=100) +NXT_FLOW_MOD: ADD table:255 actions=output(port=100,max_len=123) +NXT_FLOW_MOD: ADD table:255 actions=output(port=65534,max_len=123) +NXT_FLOW_MOD: ADD table:255 actions=output(port=65528,max_len=123) ]]) AT_CLEANUP diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index cee0510bd..a3e4dd73a 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -66,3 +66,10 @@ m4_define([CHECK_CONNTRACK], on_exit 'ovstest test-netlink-conntrack flush' ] ) + +# CHECK_KERNEL_DP, CHECK_USER_DP +# +# Ignore the CHECK_USER_DP and execute the CHECK_KERNEL_DP +# +m4_define([CHECK_KERNEL_DP], [$1]) +m4_define([CHECK_USER_DP], []) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 5ce395554..606bc9b8a 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -250,6 +250,253 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PI OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([datapath - basic truncate action]) +OVS_TRAFFIC_VSWITCHD_START() +AT_CHECK([ovs-ofctl del-flows br0]) + +dnl Create p0 and ovs-p0(1) +ADD_NAMESPACES(at_ns0) +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") +NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address e6:66:c1:11:11:11]) +NS_CHECK_EXEC([at_ns0], [arp -s 10.1.1.2 e6:66:c1:22:22:22]) + +dnl Create p1(3) and ovs-p1(2), packets received from ovs-p1 will appear in p1 +AT_CHECK([ip link add p1 type veth peer name ovs-p1]) +on_exit 'ip link del ovs-p1' +AT_CHECK([ip link set dev ovs-p1 up]) +AT_CHECK([ip link set dev p1 up]) +AT_CHECK([ovs-vsctl add-port br0 ovs-p1 -- set interface ovs-p1 ofport_request=2]) +dnl Use p1 to check the truncated packet +AT_CHECK([ovs-vsctl add-port br0 p1 -- set interface p1 ofport_request=3]) + +dnl Create p2(5) and ovs-p2(4) +AT_CHECK([ip link add p2 type veth peer name ovs-p2]) +on_exit 'ip link del ovs-p2' +AT_CHECK([ip link set dev ovs-p2 up]) +AT_CHECK([ip link set dev p2 up]) +AT_CHECK([ovs-vsctl add-port br0 ovs-p2 -- set interface ovs-p2 ofport_request=4]) +dnl Use p2 to check the truncated packet +AT_CHECK([ovs-vsctl add-port br0 p2 -- set interface p2 ofport_request=5]) + +dnl basic test +AT_CHECK([ovs-ofctl del-flows br0]) +AT_DATA([flows.txt], [dnl +in_port=3 dl_dst=e6:66:c1:22:22:22 actions=drop +in_port=5 dl_dst=e6:66:c1:22:22:22 actions=drop +in_port=1 dl_dst=e6:66:c1:22:22:22 actions=output(port=2,max_len=100),output:4 +]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +dnl use this file as payload file for ncat +AT_CHECK([dd if=/dev/urandom of=payload200.bin bs=200 count=1 2> /dev/null]) +on_exit 'rm -f payload200.bin' +NS_CHECK_EXEC([at_ns0], [nc -u 10.1.1.2 1234 < payload200.bin]) + +dnl packet with truncated size +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=100 +]) +dnl packet with original size +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=242 +]) + +dnl more complicated output actions +AT_CHECK([ovs-ofctl del-flows br0]) +AT_DATA([flows.txt], [dnl +in_port=3 dl_dst=e6:66:c1:22:22:22 actions=drop +in_port=5 dl_dst=e6:66:c1:22:22:22 actions=drop +in_port=1 dl_dst=e6:66:c1:22:22:22 actions=output(port=2,max_len=100),output:4,output(port=2,max_len=100),output(port=4,max_len=100),output:2,output(port=4,max_len=200),output(port=2,max_len=65535) +]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +NS_CHECK_EXEC([at_ns0], [nc -u 10.1.1.2 1234 < payload200.bin]) + +dnl 100 + 100 + 242 + min(65535,242) = 684 +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=684 +]) +dnl 242 + 100 + min(242,200) = 542 +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=542 +]) + +dnl SLOW_ACTION: disable kernel datapath truncate support +dnl Repeat the test above, but exercise the SLOW_ACTION code path +AT_CHECK([ovs-appctl dpif/disable-truncate], [0], +[Datapath truncate action diabled +]) + +dnl SLOW_ACTION test1: check datapatch actions +AT_CHECK([ovs-ofctl del-flows br0]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +CHECK_KERNEL_DP( +AT_CHECK([ovs-appctl ofproto/trace system 'in_port(2),eth(src=e6:66:c1:11:11:11,dst=e6:66:c1:22:22:22),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=6,tos=4,ttl=128,frag=no),tcp(src=8,dst=9)'], [0], [stdout]) +AT_CHECK([tail -3 stdout], [0], +[Datapath actions: trunc(100),3,5,trunc(100),3,trunc(100),5,3,trunc(200),5,trunc(65535),3 +This flow is handled by the userspace slow path because it: + - Uses action(s) not supported by datapath. +]) +) + +dnl SLOW_ACTION test2: check actual packet truncate +AT_CHECK([ovs-ofctl del-flows br0]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) +NS_CHECK_EXEC([at_ns0], [nc -u 10.1.1.2 1234 < payload200.bin]) + +dnl 100 + 100 + 242 + min(65535,242) = 684 +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=3" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=684 +]) + +dnl 242 + 100 + min(242,200) = 542 +AT_CHECK([ovs-ofctl dump-flows br0 table=0 | grep "in_port=5" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=542 +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + +dnl Create 2 bridges and 2 namespaces to test truncate over +dnl GRE tunnel: +dnl br0: overlay bridge +dnl ns1: connect to br0, with IP:10.1.1.2 +dnl br-underlay: with IP: 172.31.1.100 +dnl ns0: connect to br-underlay, with IP: 10.1.1.1 +AT_SETUP([datapath - truncate and output to gre tunnel]) +OVS_CHECK_GRE() +OVS_TRAFFIC_VSWITCHD_START() + +ADD_BR([br-underlay]) +ADD_NAMESPACES(at_ns0) +ADD_NAMESPACES(at_ns1) +AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) +AT_CHECK([ovs-ofctl add-flow br-underlay "actions=normal"]) + +dnl Set up underlay link from host into the namespace using veth pair. +ADD_VETH(p0, at_ns0, br-underlay, "172.31.1.1/24") +AT_CHECK([ip addr add dev br-underlay "172.31.1.100/24"]) +AT_CHECK([ip link set dev br-underlay up]) + +dnl Set up tunnel endpoints on OVS outside the namespace and with a native +dnl linux device inside the namespace. +ADD_OVS_TUNNEL([gre], [br0], [at_gre0], [172.31.1.1], [10.1.1.100/24]) +ADD_NATIVE_TUNNEL([gretap], [ns_gre0], [at_ns0], [172.31.1.100], [10.1.1.1/24]) +AT_CHECK([ovs-vsctl -- set interface at_gre0 ofport_request=1]) +NS_CHECK_EXEC([at_ns0], [ip link set dev ns_gre0 address e6:66:c1:11:11:11]) +NS_CHECK_EXEC([at_ns0], [arp -s 10.1.1.2 e6:66:c1:22:22:22]) + +dnl Set up (p1 and ovs-p1) at br0 +ADD_VETH(p1, at_ns1, br0, '10.1.1.2/24') +AT_CHECK([ovs-vsctl -- set interface ovs-p1 ofport_request=2]) +NS_CHECK_EXEC([at_ns1], [ip link set dev p1 address e6:66:c1:22:22:22]) +NS_CHECK_EXEC([at_ns1], [arp -s 10.1.1.1 e6:66:c1:11:11:11]) + +dnl Set up (p2 and ovs-p2) as loopback for verifying packet size +AT_CHECK([ip link add p2 type veth peer name ovs-p2]) +on_exit 'ip link del ovs-p2' +AT_CHECK([ip link set dev ovs-p2 up]) +AT_CHECK([ip link set dev p2 up]) +AT_CHECK([ovs-vsctl add-port br0 ovs-p2 -- set interface ovs-p2 ofport_request=3]) +AT_CHECK([ovs-vsctl add-port br0 p2 -- set interface p2 ofport_request=4]) + +dnl use this file as payload file for ncat +AT_CHECK([dd if=/dev/urandom of=payload200.bin bs=200 count=1 2> /dev/null]) +on_exit 'rm -f payload200.bin' + +AT_CHECK([ovs-ofctl del-flows br0]) +AT_DATA([flows.txt], [dnl +priority=99,in_port=1,actions=output(port=2,max_len=100),output(port=3,max_len=100) +priority=99,in_port=2,udp,actions=output(port=1,max_len=100) +priority=1,in_port=4,ip,actions=drop +priority=1,actions=drop +]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +AT_CHECK([ovs-ofctl del-flows br-underlay]) +AT_DATA([flows-underlay.txt], [dnl +priority=99,dl_type=0x0800,nw_proto=47,in_port=1,actions=LOCAL +priority=99,dl_type=0x0800,nw_proto=47,in_port=LOCAL,ip_dst=172.31.1.1/24,actions=1 +priority=1,actions=drop +]) + +AT_CHECK([ovs-ofctl add-flows br-underlay flows-underlay.txt]) + +dnl check tunnel push path, from at_ns1 to at_ns0 +NS_CHECK_EXEC([at_ns1], [nc -u 10.1.1.1 1234 < payload200.bin]) +AT_CHECK([ovs-appctl revalidator/purge], [0]) + +dnl Before truncation = ETH(14) + IP(20) + UDP(8) + 200 = 242B +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=242 +]) +dnl After truncation = outer ETH(14) + outer IP(20) + GRE(4) + 100 = 138B +AT_CHECK([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=138 +]) + +dnl check tunnel pop path, from at_ns0 to at_ns1 +NS_CHECK_EXEC([at_ns0], [nc -u 10.1.1.2 5678 < payload200.bin]) +dnl After truncation = 100 byte at loopback device p2(4) +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=4" | awk --field-separator=', ' '{print $5}'], [0], [dnl +n_bytes=100 +]) + +dnl SLOW_ACTION: disable datapath truncate support +dnl Repeat the test above, but exercise the SLOW_ACTION code path +AT_CHECK([ovs-appctl dpif/disable-truncate], [0], +[Datapath truncate action diabled +]) + +dnl SLOW_ACTION test1: check datapatch actions +AT_CHECK([ovs-ofctl del-flows br0]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +CHECK_KERNEL_DP( +AT_CHECK([ovs-appctl ofproto/trace system 'in_port(5),eth(src=e6:66:c1:11:11:11,dst=e6:66:c1:22:22:22),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=17,tos=4,ttl=128,frag=no),udp(src=8,dst=9)'], [0], [stdout]) +AT_CHECK([tail -3 stdout], [0], +[Datapath actions: trunc(100),set(tunnel(dst=172.31.1.1,ttl=64,flags(df))),4 +This flow is handled by the userspace slow path because it: + - Uses action(s) not supported by datapath. +]) +) + +dnl SLOW_ACTION test2: check actual packet truncate +AT_CHECK([ovs-ofctl del-flows br0]) +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) +AT_CHECK([ovs-ofctl del-flows br-underlay]) +AT_CHECK([ovs-ofctl add-flows br-underlay flows-underlay.txt]) + +dnl check tunnel push path, from at_ns1 to at_ns0 +NS_CHECK_EXEC([at_ns1], [nc -u 10.1.1.1 1234 < payload200.bin]) +AT_CHECK([ovs-appctl revalidator/purge], [0]) + +dnl Before truncation = ETH(14) + IP(20) + UDP(8) + 200 = 242B +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=2" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=242 +]) +dnl After truncation = outer ETH(14) + outer IP(20) + GRE(4) + 100 = 138B +AT_CHECK([ovs-ofctl dump-flows br-underlay | grep "in_port=LOCAL" | sed -n 's/.*\(n\_bytes=[[0-9]]*\).*/\1/p'], [0], [dnl +n_bytes=138 +]) + +dnl check tunnel pop path, from at_ns0 to at_ns1 +NS_CHECK_EXEC([at_ns0], [nc -u 10.1.1.2 5678 < payload200.bin]) +dnl After truncation = 100 byte at loopback device p2(4) +AT_CHECK([ovs-appctl revalidator/purge], [0]) +AT_CHECK([ovs-ofctl dump-flows br0 | grep "in_port=4" | awk --field-separator=', ' '{print $5}'], [0], [dnl +n_bytes=100 +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([conntrack - controller]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START() diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at index c09a4aa72..dc4bd0e9c 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at @@ -66,3 +66,10 @@ m4_define([CONFIGURE_VETH_OFFLOADS], m4_define([CHECK_CONNTRACK], [AT_SKIP_IF(true)] ) + +# CHECK_KERNEL_DP, CHECK_USER_DP +# +# Ignore the CHECK_KERNEL_DP and execute the CHECK_USER_DP +# +m4_define([CHECK_KERNEL_DP], []) +m4_define([CHECK_USER_DP], [$1]) diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in index fad27098b..208f67177 100644 --- a/utilities/ovs-ofctl.8.in +++ b/utilities/ovs-ofctl.8.in @@ -1511,6 +1511,13 @@ This form of \fBoutput\fR was added in Open vSwitch 1.3.0. This form of \fBoutput\fR uses an OpenFlow extension that is not supported by standard OpenFlow switches. . +.IP \fBoutput(port=\fIport\fR\fB,max_len=\fInbytes\fR) +Outputs the packet to the OpenFlow port number read from \fIport\fR, +with maximum packet size set to \fInbytes\fR. \fIport\fR may be OpenFlow +port number, \fBlocal\fR, or \fBin_port\fR. Patch port is not supported. +Packets larger than \fInbytes\fR will be trimmed to \fInbytes\fR while +packets smaller than \fInbytes\fR remains the original size. +. .IP \fBgroup:\fIgroup_id\fR Outputs the packet to the OpenFlow group \fIgroup_id\fR. Group tables are only supported in OpenFlow 1.1+. See Group Syntax for more details. -- 2.39.2