From patchwork Thu Nov  7 08:47:02 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
X-Patchwork-Id: 1190993
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12;
	helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=redhat.com header.i=@redhat.com
	header.b="KV/9tdaD"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 477xsV45yfz9sPT
	for <incoming@patchwork.ozlabs.org>;
	Thu,  7 Nov 2019 19:49:18 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 8FEB2DA4;
	Thu,  7 Nov 2019 08:47:29 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 00388D9D
	for <dev@openvswitch.org>; Thu,  7 Nov 2019 08:47:28 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 5F9D7712
	for <dev@openvswitch.org>; Thu,  7 Nov 2019 08:47:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1573116446;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	to:to:cc:mime-version:mime-version:content-type:content-type:
	content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references;
	bh=IcfzUf6D5ObnvP91CdWGVXV1dDhQgqEHJA2SJBIGWfY=;
	b=KV/9tdaDj7SvkY4p5UZ0xjR1n4D9vO5+Sz1+tOTHZyFkeZkT/+/ZrEjLEB2PmqYRUfCfSs
	/Umr7e38aLSYXZ4e/Cv8NuCmr58KqHeAEnuaqrCtkmNCa7DwTfoKsEeTnSx820RwjpzhCS
	DZ/0wPOe2ihKIZcDWYFQ7wykiWdZqwI=
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
	[209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-318-0uu1ho3UNK6eSZOcHYAQdA-1; Thu, 07 Nov 2019 03:47:20 -0500
Received: by mail-wr1-f69.google.com with SMTP id h7so331291wrb.2
	for <dev@openvswitch.org>; Thu, 07 Nov 2019 00:47:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Osq6fv/tKCQlekUNWs5I5BAj1bVTxuTQBT5x14K6E8Y=;
	b=jO0RRJf9VTCfrmB1KEXns3Ru+/QfZTnln2vA7N7Aq+EtswjAKJf9MrOxuLEf5PgbjX
	QrtWjXmcMDs6QWwJP+76SZGw4g6y3kttsHBmIFDwlTLRqLhkbVZoi7Wz+CLJbITJSixJ
	/NVv4UERw8BLWHTKxLQUVh9ybJkjrJp7dMBKBEvOUFTnp5wjQANM7j30/eaVkusNgpYD
	PKG0kwwJHqotkdcbDSiezdht1S68l+5suSfwiKzZ8PjNmmkDaYsbmSBOWgrOOHrXfo5v
	VWqQkbVud66Ov7tQoMtjBVpZsCNvkoGLf5EfeL+dO/9ItThP/g5UWIGiXEsL7Az+f5Xz
	qWvA==
X-Gm-Message-State: APjAAAVotUEgiP91caJu+ghl0DU4aRIr0mdwclPUjTVhVRpIecHfo5xs
	3oqvb3eqBsVYT/CoVWSJ3+MyTnVXZeykTMs9fkR4r7oUUp/hjAA9nnZl4PhhQbum9IQUqdoV7pU
	5jgcCcxPjYUsT
X-Received: by 2002:adf:f342:: with SMTP id e2mr1794047wrp.61.1573116438621;
	Thu, 07 Nov 2019 00:47:18 -0800 (PST)
X-Google-Smtp-Source: 
 APXvYqzrYaFUJxxNz0+qXGSXHausQ0zBbjGOakraU/018ei8Pxff9qi3WLtf1SVMsBzMRR1t3Q3qjw==
X-Received: by 2002:adf:f342:: with SMTP id e2mr1794029wrp.61.1573116438300;
	Thu, 07 Nov 2019 00:47:18 -0800 (PST)
Received: from localhost.localdomain.com ([176.229.194.15])
	by smtp.gmail.com with ESMTPSA id
	y9sm1216621wma.3.2019.11.07.00.47.17 for <dev@openvswitch.org>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 07 Nov 2019 00:47:17 -0800 (PST)
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: dev@openvswitch.org
Date: Thu,  7 Nov 2019 10:47:02 +0200
Message-Id: 
 <45c468a73799df83be0e9e3e4129450545b846ca.1573116139.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <cover.1573116139.git.lorenzo.bianconi@redhat.com>
References: <cover.1573116139.git.lorenzo.bianconi@redhat.com>
MIME-Version: 1.0
X-MC-Unique: 0uu1ho3UNK6eSZOcHYAQdA-1
X-Mimecast-Spam-Score: 0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH ovn 2/2] northd: add logical flows for dhcpv6 pfd
	parsing
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Introduce logical flows in ovn router pipeline in order to parse dhcpv6
advertise/reply from IPv6 prefix delegation router.
Do not overwrite ipv6_ra_pd_list info in options column of SB port_binding
table written by ovn-controller

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 northd/ovn-northd.c | 66 ++++++++++++++++++++++++++++++++++++++++++++-
 ovn-nb.xml          | 10 +++++++
 2 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index c23c270dc..e1af9828b 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -2588,6 +2588,8 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                       struct sset *active_ha_chassis_grps)
 {
     sbrec_port_binding_set_datapath(op->sb, op->od->sb);
+    const char *ipv6_pd_list = NULL;
+
     if (op->nbrp) {
         /* If the router is for l3 gateway, it resides on a chassis
          * and its port type is "l3gateway". */
@@ -2710,6 +2712,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 smap_add(&new, "l3gateway-chassis", chassis_name);
             }
         }
+
+        ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+        if (ipv6_pd_list) {
+            smap_add(&new, "ipv6_ra_pd_list", ipv6_pd_list);
+        }
+
         sbrec_port_binding_set_options(op->sb, &new);
         smap_destroy(&new);
 
@@ -2759,6 +2767,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 smap_add_format(&options,
                                 "qdisc_queue_id", "%d", queue_id);
             }
+
+            ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+            if (ipv6_pd_list) {
+                smap_add(&options, "ipv6_ra_pd_list", ipv6_pd_list);
+            }
+
             sbrec_port_binding_set_options(op->sb, &options);
             smap_destroy(&options);
             if (ovn_is_known_nb_lsp_type(op->nbsp->type)) {
@@ -2808,6 +2822,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 if (chassis) {
                     smap_add(&new, "l3gateway-chassis", chassis);
                 }
+
+                ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+                if (ipv6_pd_list) {
+                    smap_add(&new, "ipv6_ra_pd_list", ipv6_pd_list);
+                }
+
                 sbrec_port_binding_set_options(op->sb, &new);
                 smap_destroy(&new);
             } else {
@@ -7242,7 +7262,38 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
         free(snat_ips);
     }
 
-    /* Logical router ingress table 3: IP Input for IPv6. */
+    /* DHCPv6 reply handling */
+    HMAP_FOR_EACH (op, key_node, ports) {
+        if (!op->nbrp) {
+            continue;
+        }
+
+        bool prefix_delegation = smap_get_bool(&op->nbrp->options,
+                                               "prefix_delegation", false);
+        if (!prefix_delegation) {
+            continue;
+        }
+
+        struct lport_addresses lrp_networks;
+        if (!extract_lrp_networks(op->nbrp, &lrp_networks)) {
+            continue;
+        }
+
+        for (size_t i = 0; i < lrp_networks.n_ipv6_addrs; i++) {
+            ds_clear(&actions);
+            ds_clear(&match);
+            ds_put_format(&match, "inport == %s && ip6.dst == %s"
+                          " && udp.src == 547 && udp.dst == 546",
+                          op->json_key, lrp_networks.ipv6_addrs[i].addr_s);
+            ds_put_format(&actions, "reg0 = 0; dhcp6_server_pkt { "
+                          "eth.dst <-> eth.src; ip6.dst <-> ip6.src; "
+                          "outport <-> inport; output; };");
+            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
+                          ds_cstr(&match), ds_cstr(&actions));
+        }
+    }
+
+    /* Logical router ingress table 1: IP Input for IPv6. */
     HMAP_FOR_EACH (op, key_node, ports) {
         if (!op->nbrp) {
             continue;
@@ -8037,6 +8088,19 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
             continue;
         }
 
+        /* enable IPv6 prefix delegation */
+        bool prefix_delegation = smap_get_bool(&op->nbrp->options,
+                                               "prefix_delegation", false);
+        if (prefix_delegation) {
+            struct smap options;
+
+            smap_clone(&options, &op->sb->options);
+            smap_add(&options, "ipv6_prefix_delegation", "true");
+
+            sbrec_port_binding_set_options(op->sb, &options);
+            smap_destroy(&options);
+        }
+
         const char *address_mode = smap_get(
             &op->nbrp->ipv6_ra_configs, "address_mode");
 
diff --git a/ovn-nb.xml b/ovn-nb.xml
index d8f3237fc..7468d37ec 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -2048,6 +2048,16 @@
           to <code>true</code>.
         </p>
       </column>
+
+      <column name="options" key="prefix_delegation"
+              type='{"type": "boolean"}'>
+        <p>
+          If set to <code>true</code>, enable IPv6 prefix delegation state
+          machine on this logical router port (RFC3633). IPv6 prefix
+          delegation is available just on a gateway router or on a gateway
+          router port.
+        </p>
+      </column>
     </group>
 
     <group title="Attachment">