From patchwork Sat Oct 17 21:07:42 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 531878 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id EF7C9140DA8 for ; Sun, 18 Oct 2015 08:08:01 +1100 (AEDT) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 2CC0010D27; Sat, 17 Oct 2015 14:08:00 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 593F410D22 for ; Sat, 17 Oct 2015 14:07:58 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id CE8681E00F0 for ; Sat, 17 Oct 2015 15:07:57 -0600 (MDT) X-ASG-Debug-ID: 1445116077-09eadd3d2a08100001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar5.cudamail.com with ESMTP id e2EZTk6GOEc2ONn1 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 17 Oct 2015 15:07:57 -0600 (MDT) X-Barracuda-Envelope-From: blp@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail-pa0-f51.google.com) (209.85.220.51) by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 17 Oct 2015 21:07:57 -0000 Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.51 Received: by pabrc13 with SMTP id rc13so151945780pab.0 for ; Sat, 17 Oct 2015 14:07:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LdUTxbg4Hm0zfkF4wKOWFHG7Ts3yd7reZYEynd0vydc=; b=VZ0tlEkC29atdh1REz6GpxLortyJBkKAVCnZzpW+Uo9kGUSMQ/7WyfyPrwrfe7BDCc PjNfapJA/E9C94wjjygTxPGt/WwY6MTBF9X+060oOKtc+KMzgdFetyEyAx/lgyS46Ttf 6YIHaIsruqjb67q7o+cSDZPUeW9qblOYM9K/OrdzA9ngoCYvp4LHTQYVEWHyTBlw6S5l Ox/+p40ObjL9Sx2+Z6cmLW5z5U+ulbjQQwJqgaBTzsjA0f16BMkBQ+iWI08r6hk1V4tD MRclSSfZaWrO91EJ3iEJB3Cgb55ZCderqUaU/cWGgYWNYEmeP7GStps1wfsjGWCvcLUI bV3g== X-Gm-Message-State: ALoCoQmRNnF0JkGZIxIIqrChCm1AYk9RugZDHUA6ZhbNMnrzfZsmot3VYvUSuvGjD3abeJofXL/a X-Received: by 10.66.217.138 with SMTP id oy10mr24522471pac.149.1445116076530; Sat, 17 Oct 2015 14:07:56 -0700 (PDT) Received: from sigabrt.gateway.sonic.net (173-228-112-197.dsl.dynamic.fusionbroadband.com. [173.228.112.197]) by smtp.gmail.com with ESMTPSA id pj10sm4755548pbc.59.2015.10.17.14.07.55 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 17 Oct 2015 14:07:55 -0700 (PDT) X-CudaMail-Envelope-Sender: blp@nicira.com X-Barracuda-Apparent-Source-IP: 173.228.112.197 From: Ben Pfaff To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-1016029809 X-CudaMail-DTE: 101715 X-CudaMail-Originating-IP: 209.85.220.51 Date: Sat, 17 Oct 2015 14:07:42 -0700 X-ASG-Orig-Subj: [##CM-E2-1016029809##][PATCH v2 2/4] ovn: Implement the ability to send a packet back out its input port. Message-Id: <1445116064-20782-3-git-send-email-blp@nicira.com> X-Mailer: git-send-email 2.1.3 In-Reply-To: <1445115992-16951-1-git-send-email-blp@nicira.com> References: <1445115992-16951-1-git-send-email-blp@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1445116077 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Cc: Ben Pfaff Subject: [ovs-dev] [PATCH v2 2/4] ovn: Implement the ability to send a packet back out its input port. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Otherwise logical router ARP replies won't work as implemented. Signed-off-by: Ben Pfaff Acked-by: Justin Pettit --- ovn/TODO | 35 ----------------------------------- ovn/lib/expr.c | 10 ++++++++++ ovn/ovn-sb.xml | 6 +++++- 3 files changed, 15 insertions(+), 36 deletions(-) diff --git a/ovn/TODO b/ovn/TODO index 10c3adf..7f69508 100644 --- a/ovn/TODO +++ b/ovn/TODO @@ -12,41 +12,6 @@ one router to another, this doesn't seem to matter (just put more than one connection between them), but for connections between a router and a switch it might matter because a switch has only one router port. -** OVN_SB schema - -*** Allow output to ingress port - -Sometimes when a packet ingresses into a router, it has to egress the -same port. One example is a "one-armed" router that has multiple -routes on a single port (or in which a host is (mis)configured to send -every IP packet to the router, e.g. due to a bad netmask). Another is -when a router needs to send an ICMP reply to an ingressing packet. - -To some degree this problem is layered, because there are two -different notions of "ingress port". The first is the OpenFlow -ingress port, essentially a physical port identifier. This is -implemented as part of ovs-vswitchd's OpenFlow implementation. It -prevents a reply from being sent across the tunnel on which it -arrived. It is questionable whether this OpenFlow feature is useful -to OVN. (OVN already has to override it to allow a packet from one -nested container to be forwarded to a different nested container.) -OVS make it possible to disable this feature of OpenFlow by setting -the OpenFlow input port field to 0. (If one does this too early, of -course, it means that there's no way to actually match on the input -port in the OpenFlow flow tables, but one can work around that by -instead setting the input port just before the output action, possibly -wrapping these actions in push/pop pairs to preserve the input port -for later.) - -The second is the OVN logical ingress port, which is implemented in -ovn-controller as part of the logical abstraction, using an OVS -register. Dropping packets directed to the logical ingress port is -implemented through an OpenFlow table not directly visible to the -logical flow table. Currently this behavior can't be disabled, but -various ways to ensure it could be implemented, e.g. the same as for -OpenFlow by allowing the logical inport to be zeroed, or by -introducing a new action that ignores the inport. - ** New OVN logical actions *** arp diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c index 8a69e3e..a970b12 100644 --- a/ovn/lib/expr.c +++ b/ovn/lib/expr.c @@ -2812,6 +2812,16 @@ parse_assignment(struct expr_context *ctx, const struct simap *ports, sf->field->n_bytes, 0, sf->field->n_bits); bitwise_put(UINT64_MAX, &sf->mask, sf->field->n_bytes, 0, sf->field->n_bits); + + /* If the logical input port is being zeroed, clear the OpenFlow + * ingress port also, to allow a packet to be sent back to its + * origin. */ + if (!port && sf->field->id == MFF_REG6) { + sf = ofpact_put_SET_FIELD(ofpacts); + sf->field = mf_from_id(MFF_IN_PORT); + bitwise_put(UINT64_MAX, &sf->mask, sf->field->n_bytes, 0, + sf->field->n_bits); + } } exit_destroy_cs: diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml index 1d9104e..9c2d411 100644 --- a/ovn/ovn-sb.xml +++ b/ovn/ovn-sb.xml @@ -782,7 +782,11 @@

Output to the input port is implicitly dropped, that is, output becomes a no-op if outport == - inport. + inport. Occasionally it may be useful to override + this behavior, e.g. to send an ARP reply to an ARP request; to do + so, use inport = ""; to set the logical input port to + an empty string (which should not be used as the name of any + logical port).