The original packet-out format allowed multiple actions to be specified for
buffered packets, but only a destination port for messages including data.
This change makes packet-out more consistent by allowing multiple actions
regardless of how the packet is stored.
This change also disallows sending packets through the incoming port without
explicitly using the OFPP_IN_PORT virtual port.
Until now, the rconn code would queue up packets not just while connected
but also while connecting. This is not just unnecessary, however, it
actually causes a problem in secchan: if the secchan receives packets
from nl:0 and tries to transmit them, then they will quickly fill up
the rconn's transmit buffer (it uses a 1-packet buffer), which causes
secchan to stop reading packets from nl:0 until the buffer frees up.
That cannot happen until the connection completes. With in-band control,
however, the connection cannot complete until we receive and process
packet_in messages in our in-band hook. Thus, we have a deadlock.
Fixes bug #90, "Sometimes secchan has to go into fail-open mode to connect."
With the previous default burst limit of rate limit * 2, we would queue
up 2 seconds worth of packet_in messages. This is not only much more
than actually needed, it causes an actual problem: the datapath only
retains buffered packets for up to 1 second, by default, so that flow
setups sent in response have no packet to work with.
Now it helps clients track the number of in-flight messages, but lets the
clients do the limiting themselves. This will come in handy for packet-in
rate limiting (in an upcoming commit), in which we want to track in-flight
packet-in messages separately from other in-flight messages.
Checking the current time only when a periodic timer expires allows us
to reduce the number of system calls to obtain the current time to 10 per
second (from an arbitrary number) plus one per poll loop.
This fixes poll_block() to properly handle being interrupted.
Otherwise, a timeout longer than the interval between signals will never
complete (because it will restart from the beginning after every
signal).
Commit 0a3d4ba3a, "Don't allow the learning switch to send packets back
out the incoming port," drops packets that come in on their incoming port,
but it does not set up a flow to drop those packets. If we are connected
to a hub, then this can be very expensive, since we can continue to get
many packets in that flow and have to drop them in secchan one by one. So
now we set up a flow to drop them for us.
This updates the OpenFlow protocol version and changes the names of
structure members, so any software that uses OpenFlow will need to be
updated to match.
Freeing an skb that has a destructor may require interrupts to be enabled.
This can happen when netfilter is performing NAT, for example.
Discovered by Murphy McCauley.
Before, if a hub connected a number of OpenFlow switches and the controller,
then in-band control traffic from one of the OpenFlow switches would be
seen by each of the other switches and forwarded up to the controller as
an ofp_packet_in message. That message would then be seen by all of the
other OpenFlow switches and also forwarded, and so on in an infinite loop.
This change prevents this situation by keeping secchan from forwarding
ofp_packet_in messages for a packet destined to the controller that
arrives on the port where the controller is located.
This code has at least two weaknesses. First, if the controller's port
changes, then the flows set up to drop packets will not be deleted. This
should not be a major problem: if this inadvertently kills a switch's
connection to the controller, then the switch will realize it after it
stops receiving data and re-connect. Its new connection will have new
flow data and therefore its packets will not be dropped.
Second, the notion of the "controller's port" does not take into account
the possibility of loops in the network topology. We need spanning tree
protocol for that.
Some callers want to just test whether the device has an address assigned
and don't care about the particular address, so this simplifies those
callers slightly.
Ben Pfaff
Justin Pettit