[ovs-dev] [PATCH 1/4] ofp-actions: Add the NXAST_SAMPLE_IPFIX vendor action

Romain Lenglet rlenglet at vmware.com
Sat Jan 19 03:11:40 UTC 2013


Define NXAST_SAMPLE_IPFIX OpenFlow vendor action and the corresponding
OFPACT_SAMPLE_IPFIX OVS action.

Signed-off-by: Romain Lenglet <rlenglet at vmware.com>
---
 FAQ                           |  13 ++--
 NEWS                          |   1 +
 WHY-OVS                       |  17 ++---
 debian/control                | 160 +++++++++++++++++++++---------------------
 include/openflow/nicira-ext.h |  23 ++++++
 lib/ofp-actions.c             |  51 ++++++++++++++
 lib/ofp-actions.h             |  10 +++
 lib/ofp-parse.c               |  28 ++++++++
 lib/ofp-util.def              |   1 +
 ofproto/ofproto-dpif.c        |   4 ++
 tests/ofp-actions.at          |   6 ++
 tests/ovs-ofctl.at            |  10 +++
 utilities/ovs-ofctl.8.in      |  20 ++++++
 13 files changed, 250 insertions(+), 94 deletions(-)

diff --git a/FAQ b/FAQ
index ab1c1cc..af31ff1 100644
--- a/FAQ
+++ b/FAQ
@@ -9,12 +9,13 @@ General
 Q: What is Open vSwitch?
 
 A: Open vSwitch is a production quality open source software switch
-   designed to be used as a vswitch in virtualized server environments.  A
-   vswitch forwards traffic between different VMs on the same physical host
-   and also forwards traffic between VMs and the physical network.  Open
-   vSwitch supports standard management interfaces (e.g. sFlow, NetFlow,
-   RSPAN, CLI), and is open to programmatic extension and control using
-   OpenFlow and the OVSDB management protocol.
+   designed to be used as a vswitch in virtualized server
+   environments.  A vswitch forwards traffic between different VMs on
+   the same physical host and also forwards traffic between VMs and
+   the physical network.  Open vSwitch supports standard management
+   interfaces (e.g. sFlow, NetFlow, IPFIX, RSPAN, CLI), and is open to
+   programmatic extension and control using OpenFlow and the OVSDB
+   management protocol.
 
    Open vSwitch as designed to be compatible with modern switching
    chipsets.  This means that it can be ported to existing high-fanout
diff --git a/NEWS b/NEWS
index 6cf09ba..dd05a8a 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,7 @@ post-v1.9.0
         retire that meaning of ANY in favor of the OpenFlow 1.1 meaning.
     - Inheritance of the Don't Fragment bit in IP tunnels (df_inherit) is
       no longer supported.
+    - New "sample_ipfix" action.
 
 
 v1.9.0 - xx xxx xxxx
diff --git a/WHY-OVS b/WHY-OVS
index e8c6f75..f5f47ff 100644
--- a/WHY-OVS
+++ b/WHY-OVS
@@ -21,7 +21,7 @@ vSwitch cope with the above requirements.
   migratable between different hosts.  This may include traditional
   "soft state" (such as an entry in an L2 learning table), L3 forwarding
   state, policy routing state, ACLs, QoS policy, monitoring
-  configuration (e.g. NetFlow, sFlow), etc.
+  configuration (e.g. NetFlow, IPFIX, sFlow), etc.
 
   Open vSwitch has support for both configuring and migrating both slow
   (configuration) and fast network state between instances.  For
@@ -38,13 +38,14 @@ vSwitch cope with the above requirements.
   environments, and so forth.
 
   Open vSwitch supports a number of features that allow a network
-  control system to respond and adapt as the environment changes.  This
-  includes simple accounting and visibility support such as NetFlow and
-  sFlow.  But perhaps more useful, Open vSwitch supports a network state
-  database (OVSDB) that supports remote triggers.  Therefore, a piece of
-  orchestration software can "watch" various aspects of the network and
-  respond if/when they change.  This is used heavily today, for example,
-  to respond to and track VM migrations.
+  control system to respond and adapt as the environment changes.
+  This includes simple accounting and visibility support such as
+  NetFlow, IPFIX, and sFlow.  But perhaps more useful, Open vSwitch
+  supports a network state database (OVSDB) that supports remote
+  triggers.  Therefore, a piece of orchestration software can "watch"
+  various aspects of the network and respond if/when they change.
+  This is used heavily today, for example, to respond to and track VM
+  migrations.
 
   Open vSwitch also supports OpenFlow as a method of exporting remote
   access to control traffic.  There are a number of uses for this
diff --git a/debian/control b/debian/control
index ae88be2..e0ecb42 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: extra
 Maintainer: Open vSwitch developers <dev at openvswitch.org>
 Uploaders: Ben Pfaff <pfaffben at debian.org>, Simon Horman <horms at debian.org>
 Build-Depends:
- debhelper (>= 8), autoconf (>= 2.64), automake (>= 1.10) | automake1.10, 
+ debhelper (>= 8), autoconf (>= 2.64), automake (>= 1.10) | automake1.10,
  libssl-dev, pkg-config (>= 0.21), bzip2, openssl,
  python-all (>= 2.6.6-3~), procps, python-qt4,
  python-zopeinterface, python-twisted-conch
@@ -16,13 +16,13 @@ Architecture: all
 Depends: module-assistant, bzip2, debhelper (>= 5.0.37), ${misc:Depends}
 Suggests: openvswitch-switch
 Description: Open vSwitch datapath module source - module-assistant version
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package provides the Open vSwitch datapath module source code
  that is needed by openvswitch-switch.  The kernel module can be built
@@ -33,13 +33,13 @@ Package: openvswitch-datapath-dkms
 Architecture: all
 Depends: dkms (>= 1.95), make, libc6-dev, ${misc:Depends}, ${python:Depends}
 Description: Open vSwitch datapath module source - DKMS version
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package provides the Open vSwitch datapath module source code
  that is needed by openvswitch-switch.  DKMS can built the kernel
@@ -52,13 +52,13 @@ Depends:
  python (>= 2.7) | python-argparse
 Suggests: ethtool
 Description: Open vSwitch common components
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-common provides components required by both openvswitch-switch
  and openvswitch-controller.
@@ -68,34 +68,34 @@ Architecture: linux-any
 Suggests: openvswitch-datapath-module
 Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, openvswitch-common (= ${binary:Version}), module-init-tools, procps, uuid-runtime, netbase
 Description: Open vSwitch switch implementations
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-switch provides the userspace components and utilities for
- the Open vSwitch kernel-based switch.  
+ the Open vSwitch kernel-based switch.
 
 Package: openvswitch-ipsec
 Architecture: linux-any
 Depends:
  ${shlibs:Depends}, ${misc:Depends}, python,
- ipsec-tools (>=0.8~alpha20101208), 
+ ipsec-tools (>=0.8~alpha20101208),
  racoon (>=0.8~alpha20101208),
  openvswitch-common (= ${binary:Version}),
  openvswitch-switch (= ${binary:Version}),
  python-openvswitch (= ${source:Version})
 Description: Open vSwitch GRE-over-IPsec support
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  The ovs-monitor-ipsec script provides support for encrypting GRE
  tunnels with IPsec.
@@ -106,13 +106,13 @@ Depends:
  ${misc:Depends}, openvswitch-common (>= ${source:Version}),
  openvswitch-common (<< ${source:Version}.1~)
 Description: Open vSwitch public key infrastructure dependency package
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  openvswitch-pki provides PKI (public key infrastructure) support for
  Open vSwitch switches and controllers, reducing the risk of
@@ -124,13 +124,13 @@ Depends:
  ${shlibs:Depends}, openvswitch-common (= ${binary:Version}),
  openvswitch-pki (= ${source:Version}), ${misc:Depends}
 Description: Open vSwitch controller implementation
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  The Open vSwitch controller enables OpenFlow switches that connect to it
  to act as MAC-learning Ethernet switches.
@@ -145,13 +145,13 @@ Depends:
  openvswitch-ipsec (= ${binary:Version}),
  openvswitch-switch (= ${binary:Version})
 Description: Debug symbols for Open vSwitch packages
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains the debug symbols for all the other openvswitch-*
  packages.  Install it to debug one of them or to examine a core dump
@@ -162,13 +162,13 @@ Architecture: all
 Section: python
 Depends: ${misc:Depends}, ${python:Depends}
 Description: Python bindings for Open vSwitch
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains the full Python bindings for Open vSwitch database.
 
@@ -177,13 +177,13 @@ Architecture: all
 Section: utils
 Depends: ${python:Depends}, python-openvswitch, ${misc:Depends}
 Description: Open vSwitch graphical monitoring tool
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package is a GUI tool for monitoring and troubleshooting local
  or remote Open vSwitch installations.  It presents GUI tables that
@@ -195,13 +195,13 @@ Package: openvswitch-test
 Architecture: all
 Depends: ${misc:Depends}, ${python:Depends}, python-twisted-web, python (>= 2.7) | python-argparse
 Description: Open vSwitch test package
- Open vSwitch is a production quality, multilayer, software-based, Ethernet
- virtual switch. It is designed to enable massive network automation through
- programmatic extension, while still supporting standard management interfaces
- and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In
- addition, it is designed to support distribution across multiple physical
- servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus
- 1000V.
+ Open vSwitch is a production quality, multilayer, software-based,
+ Ethernet virtual switch. It is designed to enable massive network
+ automation through programmatic extension, while still supporting
+ standard management interfaces and protocols (e.g. NetFlow, IPFIX,
+ sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed
+ to support distribution across multiple physical servers similar to
+ VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
  .
  This package contains utilities that are useful to diagnose
  performance and connectivity issues in Open vSwitch setup.
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 91c96b3..9bb800a 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -304,6 +304,7 @@ enum nx_action_subtype {
     NXAST_CONTROLLER,           /* struct nx_action_controller */
     NXAST_DEC_TTL_CNT_IDS,      /* struct nx_action_cnt_ids */
     NXAST_WRITE_METADATA,       /* struct nx_action_write_metadata */
+    NXAST_SAMPLE_IPFIX,         /* struct nx_action_sample_ipfix */
 };
 
 /* Header for Nicira-defined actions. */
@@ -2212,4 +2213,26 @@ struct nx_action_write_metadata {
 };
 OFP_ASSERT(sizeof(struct nx_action_write_metadata) == 32);
 
+/* Action structure for NXAST_SAMPLE_IPFIX.
+ *
+ * Samples matching packets with the given probability and sends them
+ * using the IPFIX protocol.  The probability is expressed as a number
+ * of packets to be sampled out of USHRT_MAX packets, and must be >0.
+ * Every sampled packet is associated with the given observation point
+ * ID.
+ *
+ * The IPFIX packets contain the sampled packets' headers when
+ * executing this rule.  If a sampled packet's headers are modified by
+ * previous actions in the flow, those modified headers are sent in
+ * the IPFIX packet. */
+struct nx_action_sample_ipfix {
+    ovs_be16 type;                  /* OFPAT_VENDOR. */
+    ovs_be16 len;                   /* Length is 16. */
+    ovs_be32 vendor;                /* NX_VENDOR_ID. */
+    ovs_be16 subtype;               /* NXAST_SAMPLE_IPFIX. */
+    ovs_be16 probability;           /* Fraction of packets to sample. */
+    ovs_be32 obs_point_id;          /* ID of sampling observation point. */
+};
+OFP_ASSERT(sizeof(struct nx_action_sample_ipfix) == 16);
+
 #endif /* openflow/nicira-ext.h */
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index a439d13..3e16514 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -219,6 +219,23 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids,
 }
 
 static enum ofperr
+sample_ipfix_from_openflow(const struct nx_action_sample_ipfix *nasi,
+                           struct ofpbuf *out)
+{
+    struct ofpact_sample_ipfix *sample_ipfix;
+
+    sample_ipfix = ofpact_put_SAMPLE_IPFIX(out);
+    sample_ipfix->probability = ntohs(nasi->probability);
+    sample_ipfix->obs_point_id = ntohl(nasi->obs_point_id);
+
+    if (sample_ipfix->probability == 0) {
+        return OFPERR_OFPBAC_BAD_ARGUMENT;
+    }
+
+    return 0;
+}
+
+static enum ofperr
 decode_nxast_action(const union ofp_action *a, enum ofputil_action_code *code)
 {
     const struct nx_action_header *nah = (const struct nx_action_header *) a;
@@ -402,6 +419,11 @@ ofpact_from_nxast(const union ofp_action *a, enum ofputil_action_code code,
     case OFPUTIL_NXAST_CONTROLLER:
         controller_from_openflow((const struct nx_action_controller *) a, out);
         break;
+
+    case OFPUTIL_NXAST_SAMPLE_IPFIX:
+        error = sample_ipfix_from_openflow(
+            (const struct nx_action_sample_ipfix *) a, out);
+        break;
     }
 
     return error;
@@ -1119,6 +1141,9 @@ ofpact_check__(const struct ofpact *a, const struct flow *flow, int max_ports)
     case OFPACT_EXIT:
         return 0;
 
+    case OFPACT_SAMPLE_IPFIX:
+        return 0;
+
     case OFPACT_CLEAR_ACTIONS:
     case OFPACT_WRITE_METADATA:
     case OFPACT_GOTO_TABLE:
@@ -1313,6 +1338,17 @@ ofpact_fin_timeout_to_nxast(const struct ofpact_fin_timeout *fin_timeout,
 }
 
 static void
+ofpact_sample_ipfix_to_nxast(const struct ofpact_sample_ipfix *os,
+                             struct ofpbuf *out)
+{
+    struct nx_action_sample_ipfix *nasi;
+
+    nasi = ofputil_put_NXAST_SAMPLE_IPFIX(out);
+    nasi->probability = htons(os->probability);
+    nasi->obs_point_id = htonl(os->obs_point_id);
+}
+
+static void
 ofpact_to_nxast(const struct ofpact *a, struct ofpbuf *out)
 {
     switch (a->type) {
@@ -1385,6 +1421,10 @@ ofpact_to_nxast(const struct ofpact *a, struct ofpbuf *out)
         ofputil_put_NXAST_EXIT(out);
         break;
 
+    case OFPACT_SAMPLE_IPFIX:
+        ofpact_sample_ipfix_to_nxast(ofpact_get_SAMPLE_IPFIX(a), out);
+        break;
+
     case OFPACT_OUTPUT:
     case OFPACT_ENQUEUE:
     case OFPACT_SET_VLAN_VID:
@@ -1512,6 +1552,7 @@ ofpact_to_openflow10(const struct ofpact *a, struct ofpbuf *out)
     case OFPACT_AUTOPATH:
     case OFPACT_NOTE:
     case OFPACT_EXIT:
+    case OFPACT_SAMPLE_IPFIX:
         ofpact_to_nxast(a, out);
         break;
     }
@@ -1654,6 +1695,7 @@ ofpact_to_openflow11(const struct ofpact *a, struct ofpbuf *out)
     case OFPACT_AUTOPATH:
     case OFPACT_NOTE:
     case OFPACT_EXIT:
+    case OFPACT_SAMPLE_IPFIX:
         ofpact_to_nxast(a, out);
         break;
     }
@@ -1777,6 +1819,7 @@ ofpact_outputs_to_port(const struct ofpact *ofpact, uint16_t port)
     case OFPACT_AUTOPATH:
     case OFPACT_NOTE:
     case OFPACT_EXIT:
+    case OFPACT_SAMPLE_IPFIX:
     case OFPACT_CLEAR_ACTIONS:
     case OFPACT_GOTO_TABLE:
     default:
@@ -1869,6 +1912,7 @@ ofpact_format(const struct ofpact *a, struct ds *s)
     const struct ofpact_controller *controller;
     const struct ofpact_metadata *metadata;
     const struct ofpact_tunnel *tunnel;
+    const struct ofpact_sample_ipfix *sample_ipfix;
     uint16_t port;
 
     switch (a->type) {
@@ -2052,6 +2096,13 @@ ofpact_format(const struct ofpact *a, struct ds *s)
         ds_put_cstr(s, "exit");
         break;
 
+    case OFPACT_SAMPLE_IPFIX:
+        sample_ipfix = ofpact_get_SAMPLE_IPFIX(a);
+        ds_put_format(
+            s, "sample_ipfix(probability=%"PRIu16",obs_point_id=%"PRIu32")",
+            sample_ipfix->probability, sample_ipfix->obs_point_id);
+        break;
+
     case OFPACT_CLEAR_ACTIONS:
         ds_put_format(s, "%s",
                       ofpact_instruction_name_from_type(
diff --git a/lib/ofp-actions.h b/lib/ofp-actions.h
index e930986..0c1a8c2 100644
--- a/lib/ofp-actions.h
+++ b/lib/ofp-actions.h
@@ -89,6 +89,7 @@
     /* Other. */                                                    \
     DEFINE_OFPACT(NOTE,            ofpact_note,          data)      \
     DEFINE_OFPACT(EXIT,            ofpact_null,          ofpact)    \
+    DEFINE_OFPACT(SAMPLE_IPFIX,    ofpact_sample_ipfix,  ofpact)    \
                                                                     \
     /* Instructions */                                              \
     /* XXX Write-Actions */                                         \
@@ -421,6 +422,15 @@ struct ofpact_note {
     uint8_t data[];
 };
 
+/* OFPACT_SAMPLE_IPFIX.
+ *
+ * Used for NXAST_SAMPLE_IPFIX. */
+struct ofpact_sample_ipfix {
+    struct ofpact ofpact;
+    uint16_t probability;  // Always >0.
+    uint32_t obs_point_id;
+};
+
 /* OFPACT_DEC_TTL.
  *
  * Used for OFPAT11_DEC_NW_TTL, NXAST_DEC_TTL and NXAST_DEC_TTL_CNT_IDS. */
diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c
index 1d0ab85..2e01291 100644
--- a/lib/ofp-parse.c
+++ b/lib/ofp-parse.c
@@ -379,6 +379,30 @@ parse_metadata(struct ofpbuf *b, char *arg)
 }
 
 static void
+parse_sample_ipfix(struct ofpbuf *b, char *arg)
+{
+    struct ofpact_sample_ipfix *osi = ofpact_put_SAMPLE_IPFIX(b);
+    char *key, *value;
+
+    while (ofputil_parse_key_value(&arg, &key, &value)) {
+        if (!strcmp(key, "probability")) {
+            osi->probability = str_to_u16(value, "probability");
+            if (osi->probability == 0) {
+                ovs_fatal(0, "invalid probability value \"%s\"", value);
+            }
+        } else if (!strcmp(key, "obs_point_id")) {
+            osi->obs_point_id = str_to_u32(value);
+        } else {
+            ovs_fatal(0, "invalid key \"%s\" in \"sample_ipfix\" argument",
+                      key);
+        }
+    }
+    if (osi->probability == 0) {
+        ovs_fatal(0, "\"probability\" must be specified on sample_ipfix");
+    }
+}
+
+static void
 parse_named_action(enum ofputil_action_code code, const struct flow *flow,
                    char *arg, struct ofpbuf *ofpacts)
 {
@@ -562,6 +586,10 @@ parse_named_action(enum ofputil_action_code code, const struct flow *flow,
     case OFPUTIL_NXAST_CONTROLLER:
         parse_controller(ofpacts, arg);
         break;
+
+    case OFPUTIL_NXAST_SAMPLE_IPFIX:
+        parse_sample_ipfix(ofpacts, arg);
+        break;
     }
 }
 
diff --git a/lib/ofp-util.def b/lib/ofp-util.def
index 6d08d8a..be91732 100644
--- a/lib/ofp-util.def
+++ b/lib/ofp-util.def
@@ -62,6 +62,7 @@ NXAST_ACTION(NXAST_CONTROLLER,      nx_action_controller,   0, "controller")
 NXAST_ACTION(NXAST_DEC_TTL_CNT_IDS, nx_action_cnt_ids,      1, NULL)
 NXAST_ACTION(NXAST_WRITE_METADATA,  nx_action_write_metadata, 0,
              "write_metadata")
+NXAST_ACTION(NXAST_SAMPLE_IPFIX,    nx_action_sample_ipfix, 0, "sample_ipfix")
 
 #undef OFPAT10_ACTION
 #undef OFPAT11_ACTION
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index b37b482..6acce4f 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -6073,6 +6073,10 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
             xlate_table_action(ctx, ctx->flow.in_port, ogt->table_id, true);
             break;
         }
+
+        case OFPACT_SAMPLE_IPFIX:
+            /* TODO: Actually implement the translation here. */
+            break;
         }
     }
 
diff --git a/tests/ofp-actions.at b/tests/ofp-actions.at
index aa51e08..bb35eb9 100644
--- a/tests/ofp-actions.at
+++ b/tests/ofp-actions.at
@@ -118,6 +118,9 @@ ffff 0010 00002320 0014 04d2 162e 02 00
 # actions=dec_ttl(32768,12345,90,765,1024)
 ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
 
+# actions=sample_ipfix(probability=12345,obs_point_id=23456)
+ffff 0010 00002320 0017 3039 00005BA0
+
 ])
 sed '/^[[#&]]/d' < test-data > input.txt
 sed -n 's/^# //p; /^$/p' < test-data > expout
@@ -297,6 +300,9 @@ ffff 0010 00002320 0014 04d2 162e 02 00
 # actions=dec_ttl(32768,12345,90,765,1024)
 ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
 
+# actions=sample_ipfix(probability=12345,obs_point_id=23456)
+ffff 0010 00002320 0017 3039 00005BA0
+
 ])
 sed '/^[[#&]]/d' < test-data > input.txt
 sed -n 's/^# //p; /^$/p' < test-data > expout
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at
index ca68226..9d30933 100644
--- a/tests/ovs-ofctl.at
+++ b/tests/ovs-ofctl.at
@@ -12,6 +12,7 @@ cookie=0x123456789abcdef hard_timeout=10 priority=60000 actions=controller
 actions=note:41.42.43,note:00.01.02.03.04.05.06.07,note
 actions=set_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src
 in_port=0 actions=resubmit:0
+actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 
 AT_CHECK([ovs-ofctl parse-flows flows.txt
@@ -28,6 +29,7 @@ OFPT_FLOW_MOD: ADD priority=60000 cookie:0x123456789abcdef hard:10 actions=CONTR
 OFPT_FLOW_MOD: ADD actions=note:41.42.43.00.00.00,note:00.01.02.03.04.05.06.07.00.00.00.00.00.00,note:00.00.00.00.00.00
 OFPT_FLOW_MOD: ADD actions=load:0xa6badbfffefe59fa->NXM_NX_IPV6_SRC[0..63],load:0xfe8001234567890a->NXM_NX_IPV6_SRC[64..127]
 OFPT_FLOW_MOD: ADD in_port=0 actions=resubmit:0
+OFPT_FLOW_MOD: ADD actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 AT_CLEANUP
 
@@ -43,6 +45,7 @@ cookie=0x123456789abcdef hard_timeout=10 priority=60000 actions=controller
 actions=note:41.42.43,note:00.01.02.03.04.05.06.07,note
 actions=set_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src
 in_port=0 actions=resubmit:0
+actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 
 AT_CHECK([ovs-ofctl --protocols OpenFlow12 parse-flows flows.txt
@@ -59,6 +62,7 @@ OFPT_FLOW_MOD (OF1.2): ADD table:255 priority=60000 cookie:0x123456789abcdef har
 OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=note:41.42.43.00.00.00,note:00.01.02.03.04.05.06.07.00.00.00.00.00.00,note:00.00.00.00.00.00
 OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=set_field:fe80:123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src
 OFPT_FLOW_MOD (OF1.2): ADD table:255 in_port=0 actions=resubmit:0
+OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 AT_CLEANUP
 
@@ -116,6 +120,7 @@ send_flow_rem,actions=output:1,output:NXM_NX_REG0[],output:2,output:NXM_NX_REG1[
 check_overlap,actions=output:1,exit,output:2
 actions=fin_timeout(idle_timeout=5,hard_timeout=15)
 actions=controller(max_len=123,reason=invalid_ttl,id=555)
+actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 
 AT_CHECK([ovs-ofctl parse-flows flows.txt
@@ -150,6 +155,7 @@ NXT_FLOW_MOD: ADD table:255 send_flow_rem actions=output:1,output:NXM_NX_REG0[],
 NXT_FLOW_MOD: ADD table:255 check_overlap actions=output:1,exit,output:2
 NXT_FLOW_MOD: ADD table:255 actions=fin_timeout(idle_timeout=5,hard_timeout=15)
 NXT_FLOW_MOD: ADD table:255 actions=controller(reason=invalid_ttl,max_len=123,id=555)
+NXT_FLOW_MOD: ADD table:255 actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 AT_CLEANUP
 
@@ -183,6 +189,7 @@ dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=drop
 dl_dst=00:00:00:00:00:00/01:00:00:00:00:00,actions=drop
 dl_dst=aa:bb:cc:dd:ee:ff/fe:ff:ff:ff:ff:ff,actions=drop
 dl_dst=aa:bb:cc:dd:ee:ff/00:00:00:00:00:00,actions=drop
+actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ])
 AT_CHECK([ovs-ofctl -F nxm parse-flows flows.txt], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0], [dnl
@@ -215,6 +222,7 @@ NXT_FLOW_MOD: ADD dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
 NXT_FLOW_MOD: ADD dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=drop
 NXT_FLOW_MOD: ADD dl_dst=aa:bb:cc:dd:ee:ff/fe:ff:ff:ff:ff:ff actions=drop
 NXT_FLOW_MOD: ADD actions=drop
+NXT_FLOW_MOD: ADD actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ])
 AT_CLEANUP
 
@@ -245,6 +253,7 @@ reg0=123,actions=move:NXM_NX_REG0[0..5]->NXM_NX_REG1[26..31],load:55->NXM_NX_REG
 actions=move:OXM_OF_ETH_DST[]->OXM_OF_ETH_SRC[]
 actions=autopath(5,NXM_NX_REG0[])
 vlan_tci=0x1123/0x1fff,actions=drop
+actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 AT_CHECK([ovs-ofctl -F nxm -mmm parse-flows flows.txt], [0], [stdout], [stderr])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
@@ -274,6 +283,7 @@ NXT_FLOW_MOD: ADD NXM_NX_REG0(0000007b) actions=move:NXM_NX_REG0[0..5]->NXM_NX_R
 NXT_FLOW_MOD: ADD <any> actions=move:NXM_OF_ETH_DST[]->NXM_OF_ETH_SRC[]
 NXT_FLOW_MOD: ADD <any> actions=autopath(5,NXM_NX_REG0[])
 NXT_FLOW_MOD: ADD NXM_OF_VLAN_TCI_W(1123/1fff) actions=drop
+NXT_FLOW_MOD: ADD <any> actions=sample_ipfix(probability=12345,obs_point_id=23456)
 ]])
 AT_CHECK([[sed 's/^[^|]*|[^|]*|//' stderr]], [0], [dnl
 autopath|WARN|The autopath action is deprecated and may be removed in February 2013.  Please email dev at openvswitch.org with concerns.
diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
index c48645a..b26f0eb 100644
--- a/utilities/ovs-ofctl.8.in
+++ b/utilities/ovs-ofctl.8.in
@@ -1198,6 +1198,25 @@ flow's creation, not since the receipt of the FIN or RST.)
 .RE
 .IP
 This action was added in Open vSwitch 1.5.90.
+.
+.IP "\fBsample_ipfix(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR"
+Samples packets and sends one IPFIX data record for every sampled
+packet.
+.IP
+\fIargument\fR takes the following forms:
+.RS
+.IP "\fBprobability=\fIpackets\fR"
+The number of sampled packets out of 65535.  Must be greater or equal to 1.
+.IP "\fBobs_point_id=\fIid\fR"
+The unsigned 32-bit integer identifier of the IPFIX Observation Point
+ID associated with every sampled packet.  Defaults to 0.
+.RE
+.IP
+Refer to \fBovs\-vswitchd.conf.db\fR(8) for more details on
+configuring IPFIX.
+.IP
+This action was added in Open vSwitch 1.9.90.
+.
 .IP "\fBexit\fR"
 This action causes Open vSwitch to immediately halt execution of further
 actions.  Those actions which have already been executed are unaffected.  Any
@@ -1512,3 +1531,4 @@ Prints the flow entries in the switch.
 .BR ovs\-appctl (8),
 .BR ovs\-controller (8),
 .BR ovs\-vswitchd (8)
+.BR ovs\-vswitchd.conf.db (8)
-- 
1.8.1



More information about the dev mailing list