static int
learn_check_header(uint16_t header, size_t len)
{
int src_type = header & NX_LEARN_SRC_MASK;
int dst_type = header & NX_LEARN_DST_MASK;
/* Check for valid src and dst type combination. */
if (dst_type == NX_LEARN_DST_MATCH ||
dst_type == NX_LEARN_DST_LOAD ||
(dst_type == NX_LEARN_DST_OUTPUT &&
src_type == NX_LEARN_SRC_FIELD)) {
/* OK. */
} else {
return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
/* Check that the arguments don't overrun the end of the action. */
if (len < learn_min_len(header)) {
return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
}
return 0;
}
/* Checks that 'nab' specifies a bundle action which is supported by this
* bundle module. Uses the 'max_ports' parameter to validate each port using
* ofputil_check_output_port(). Returns 0 if 'nab' is supported, otherwise an
* OpenFlow error code (as returned by ofp_mkerr()). */
int
bundle_check(const struct nx_action_bundle *nab, int max_ports,
const struct flow *flow)
{
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
uint16_t n_slaves, fields, algorithm, subtype;
uint32_t slave_type;
size_t slaves_size, i;
int error;
subtype = ntohs(nab->subtype);
n_slaves = ntohs(nab->n_slaves);
fields = ntohs(nab->fields);
algorithm = ntohs(nab->algorithm);
slave_type = ntohl(nab->slave_type);
slaves_size = ntohs(nab->len) - sizeof *nab;
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
if (!flow_hash_fields_valid(fields)) {
VLOG_WARN_RL(&rl, "unsupported fields %"PRIu16, fields);
} else if (n_slaves > BUNDLE_MAX_SLAVES) {
VLOG_WARN_RL(&rl, "too may slaves");
} else if (algorithm != NX_BD_ALG_HRW
&& algorithm != NX_BD_ALG_ACTIVE_BACKUP) {
VLOG_WARN_RL(&rl, "unsupported algorithm %"PRIu16, algorithm);
} else if (slave_type != NXM_OF_IN_PORT) {
VLOG_WARN_RL(&rl, "unsupported slave type %"PRIu16, slave_type);
} else {
error = 0;
}
for (i = 0; i < sizeof(nab->zero); i++) {
if (nab->zero[i]) {
VLOG_WARN_RL(&rl, "reserved field is nonzero");
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
}
if (subtype == NXAST_BUNDLE && (nab->ofs_nbits || nab->dst)) {
VLOG_WARN_RL(&rl, "bundle action has nonzero reserved fields");
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
if (subtype == NXAST_BUNDLE_LOAD) {
int ofs = nxm_decode_ofs(nab->ofs_nbits);
int n_bits = nxm_decode_n_bits(nab->ofs_nbits);
if (n_bits < 16) {
VLOG_WARN_RL(&rl, "bundle_load action requires at least 16 bit "
"destination.");
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
} else {
error = nxm_dst_check(nab->dst, ofs, n_bits, flow) || error;
}
}
if (slaves_size < n_slaves * sizeof(ovs_be16)) {
VLOG_WARN_RL(&rl, "Nicira action %"PRIu16" only has %zu bytes "
"allocated for slaves. %zu bytes are required for "
"%"PRIu16" slaves.", subtype, slaves_size,
n_slaves * sizeof(ovs_be16), n_slaves);
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
}
for (i = 0; i < n_slaves; i++) {
uint16_t ofp_port = bundle_get_slave(nab, i);
int ofputil_error = ofputil_check_output_port(ofp_port, max_ports);
if (ofputil_error) {
VLOG_WARN_RL(&rl, "invalid slave %"PRIu16, ofp_port);
error = ofputil_error;
}
/* Controller slaves are unsupported due to the lack of a max_len
* argument. This may or may not change in the future. There doesn't
* seem to be a real-world use-case for supporting it. */
if (ofp_port == OFPP_CONTROLLER) {
VLOG_WARN_RL(&rl, "unsupported controller slave");
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT);
}
}
return error;
}
/* Checks that 'learn' (which must be at least 'sizeof *learn' bytes long) is a
* valid action on 'flow'. */
int
learn_check(const struct nx_action_learn *learn, const struct flow *flow)
{
struct cls_rule rule;
const void *p, *end;
cls_rule_init_catchall(&rule, 0);
if (learn->flags & ~htons(OFPFF_SEND_FLOW_REM)
|| !is_all_zeros(learn->pad, sizeof learn->pad)
|| learn->table_id == 0xff) {
return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
end = (char *) learn + ntohs(learn->len);
for (p = learn + 1; p != end; ) {
uint16_t header = ntohs(get_be16(&p));
int n_bits = header & NX_LEARN_N_BITS_MASK;
int src_type = header & NX_LEARN_SRC_MASK;
int dst_type = header & NX_LEARN_DST_MASK;
uint64_t value;
int error;
if (!header) {
break;
}
error = learn_check_header(header, (char *) end - (char *) p);
if (error) {
return error;
}
/* Check the source. */
if (src_type == NX_LEARN_SRC_FIELD) {
ovs_be32 src_field = get_be32(&p);
int src_ofs = ntohs(get_be16(&p));
error = nxm_src_check(src_field, src_ofs, n_bits, flow);
if (error) {
return error;
}
value = 0;
} else {
value = get_bits(n_bits, &p);
}
/* Check the destination. */
if (dst_type == NX_LEARN_DST_MATCH || dst_type == NX_LEARN_DST_LOAD) {
ovs_be32 dst_field = get_be32(&p);
int dst_ofs = ntohs(get_be16(&p));
int error;
error = (dst_type == NX_LEARN_DST_LOAD
? nxm_dst_check(dst_field, dst_ofs, n_bits, &rule.flow)
: nxm_src_check(dst_field, dst_ofs, n_bits, &rule.flow));
if (error) {
return error;
}
if (dst_type == NX_LEARN_DST_MATCH
&& src_type == NX_LEARN_SRC_IMMEDIATE) {
mf_set_subfield(mf_from_nxm_header(ntohl(dst_field)), value,
dst_ofs, n_bits, &rule);
}
}
}
if (!is_all_zeros(p, (char *) end - (char *) p)) {
return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
return 0;
}
