[ovs-dev] [LimitFlows 4/4] ofproto: Limit table sizes to those advertised over OpenFlow.

Ben Pfaff blp at nicira.com
Mon Apr 19 21:08:51 UTC 2010


Open vSwitch has always advertised maximum flow table sizes, but it has
never enforced them.  This commit implements enforcement.

Bug #1899.
---
 ofproto/ofproto.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index 6498f7c..f77fc97 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -67,6 +67,10 @@ enum {
     TABLEID_WILD = 1            /* Wildcard table. */
 };
 
+/* Maximum number of rules of each kind permitted. */
+#define MAX_EXACT_FLOWS 65536
+#define MAX_WILD_FLOWS 65536
+
 struct ofport {
     struct netdev *netdev;
     struct ofp_phy_port opp;    /* In host byte order. */
@@ -2538,7 +2542,7 @@ handle_table_stats_request(struct ofproto *p, struct ofconn *ofconn,
     strcpy(ots->name, "exact");
     ots->wildcards = htonl(0);
     ots->active_count = htonl(ofproto_count_visible_exact(p));
-    ots->max_entries = htonl(dpstats.max_capacity);
+    ots->max_entries = htonl(MIN(MAX_EXACT_FLOWS, dpstats.max_capacity));
     ots->lookup_count = htonll(dpstats.n_frags + dpstats.n_hit +
                                dpstats.n_missed);
     ots->matched_count = htonll(dpstats.n_hit); /* XXX */
@@ -2551,7 +2555,7 @@ handle_table_stats_request(struct ofproto *p, struct ofconn *ofconn,
     ots->wildcards = p->tun_id_from_cookie ? htonl(OVSFW_ALL)
                                            : htonl(OFPFW_ALL);
     ots->active_count = htonl(ofproto_count_visible_wild(p));
-    ots->max_entries = htonl(65536);
+    ots->max_entries = htonl(MAX_WILD_FLOWS);
     ots->lookup_count = htonll(0);              /* XXX */
     ots->matched_count = htonll(0);             /* XXX */
 
@@ -2975,6 +2979,12 @@ add_flow(struct ofproto *p, struct ofconn *ofconn,
         }
     }
 
+    if (ofm->match.wildcards
+        ? ofproto_count_visible_wild(p) >= MAX_WILD_FLOWS
+        : ofproto_count_visible_exact(p) >= MAX_EXACT_FLOWS) {
+        return ofp_mkerr(OFPET_FLOW_MOD_FAILED, OFPFMFC_ALL_TABLES_FULL);
+    }
+
     rule = rule_create(p, NULL, (const union ofp_action *) ofm->actions,
                        n_actions, ntohs(ofm->idle_timeout),
                        ntohs(ofm->hard_timeout),  ofm->cookie,
-- 
1.6.6.1





More information about the dev mailing list