From patchwork Fri Jan 19 21:33:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Michelson X-Patchwork-Id: 1888675 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ut9Vgpg4; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TGtCb05WLz1yWl for ; Sat, 20 Jan 2024 08:33:46 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id EC82683F3A; Fri, 19 Jan 2024 21:33:43 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EC82683F3A Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ut9Vgpg4 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjY0OgqiHnAE; Fri, 19 Jan 2024 21:33:42 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 6ED548264C; Fri, 19 Jan 2024 21:33:41 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 6ED548264C Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4186EC0DD6; Fri, 19 Jan 2024 21:33:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8FDE6C0037 for ; Fri, 19 Jan 2024 21:33:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 5E9FA42191 for ; Fri, 19 Jan 2024 21:33:37 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 5E9FA42191 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ut9Vgpg4 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2d9YdBR3c6nU for ; Fri, 19 Jan 2024 21:33:36 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id E61734218B for ; Fri, 19 Jan 2024 21:33:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E61734218B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1705700014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z2yPorA1yFQnA6w/AE5292GgvgGl7exY5UcibpOrlSQ=; b=Ut9Vgpg4eesbd2OXIs+OaGWCSwM7b9ye8i1L35i/1EOMb0qTzd05evjTtHBZWnRf1CHb/8 U+olLTwLVbmQkW86ttZ4UkHFpXu3iopzvQGawz9oS5eWcPzMrCJheeTorj7kFq/3vVhpz2 ZBpdvmad8jzqbLSn62ZyeOjuLqcw4U4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-_zdzvkAMMNqfGf9lWkpjFQ-1; Fri, 19 Jan 2024 16:33:32 -0500 X-MC-Unique: _zdzvkAMMNqfGf9lWkpjFQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A6FE2101A526 for ; Fri, 19 Jan 2024 21:33:32 +0000 (UTC) Received: from localhost.redhat.com (unknown [10.22.50.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id 25C1C40D1B60 for ; Fri, 19 Jan 2024 21:33:32 +0000 (UTC) From: Mark Michelson To: dev@openvswitch.org Date: Fri, 19 Jan 2024 16:33:28 -0500 Message-Id: <20240119213331.454896-1-mmichels@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 1/4] rbac: MAC_Bindings can only be updated by the inserting chassis. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" With this change, a chassis may only update MAC Binding records that it has created. We achieve this by adding a "chassis_name" column to the MAC_Binding table, and having the chassis insert its name into this column when creating a new MAC_Binding. The "chassis_name" is now part of the rbac_auth structure for the MAC_Binding table. --- controller/pinctrl.c | 51 ++++++++++++++++++++++++++++++++------------ northd/ovn-northd.c | 2 +- ovn-sb.ovsschema | 7 +++--- ovn-sb.xml | 3 +++ 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 4992eab08..a00cdceea 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -180,6 +180,7 @@ struct pinctrl { bool mac_binding_can_timestamp; bool fdb_can_timestamp; bool dns_supports_ovn_owned; + bool mac_binding_has_chassis_name; }; static struct pinctrl pinctrl; @@ -204,7 +205,8 @@ static void run_put_mac_bindings( struct ovsdb_idl_txn *ovnsb_idl_txn, struct ovsdb_idl_index *sbrec_datapath_binding_by_key, struct ovsdb_idl_index *sbrec_port_binding_by_key, - struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip) + struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip, + const struct sbrec_chassis *chassis) OVS_REQUIRES(pinctrl_mutex); static void wait_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn); static void send_mac_binding_buffered_pkts(struct rconn *swconn) @@ -3591,6 +3593,13 @@ pinctrl_update(const struct ovsdb_idl *idl, const char *br_int_name) notify_pinctrl_handler(); } + bool mac_binding_has_chassis_name = + sbrec_server_has_mac_binding_table_col_chassis_name(idl); + if (mac_binding_has_chassis_name != pinctrl.mac_binding_has_chassis_name) { + pinctrl.mac_binding_has_chassis_name = mac_binding_has_chassis_name; + notify_pinctrl_handler(); + } + ovs_mutex_unlock(&pinctrl_mutex); } @@ -3621,7 +3630,8 @@ pinctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn, ovs_mutex_lock(&pinctrl_mutex); run_put_mac_bindings(ovnsb_idl_txn, sbrec_datapath_binding_by_key, sbrec_port_binding_by_key, - sbrec_mac_binding_by_lport_ip); + sbrec_mac_binding_by_lport_ip, + chassis); run_put_vport_bindings(ovnsb_idl_txn, sbrec_datapath_binding_by_key, sbrec_port_binding_by_key, chassis); send_garp_rarp_prepare(ovnsb_idl_txn, sbrec_port_binding_by_datapath, @@ -4285,7 +4295,8 @@ mac_binding_add_to_sb(struct ovsdb_idl_txn *ovnsb_idl_txn, const char *logical_port, const struct sbrec_datapath_binding *dp, struct eth_addr ea, const char *ip, - bool update_only) + bool update_only, + const struct sbrec_chassis *chassis) { /* Convert ethernet argument to string form for database. */ char mac_string[ETH_ADDR_STRLEN + 1]; @@ -4302,6 +4313,9 @@ mac_binding_add_to_sb(struct ovsdb_idl_txn *ovnsb_idl_txn, sbrec_mac_binding_set_logical_port(b, logical_port); sbrec_mac_binding_set_ip(b, ip); sbrec_mac_binding_set_datapath(b, dp); + if (pinctrl.mac_binding_has_chassis_name) { + sbrec_mac_binding_set_chassis_name(b, chassis->name); + } } if (strcmp(b->mac, mac_string)) { @@ -4323,7 +4337,8 @@ send_garp_locally(struct ovsdb_idl_txn *ovnsb_idl_txn, struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip, const struct hmap *local_datapaths, const struct sbrec_port_binding *in_pb, - struct eth_addr ea, ovs_be32 ip) + struct eth_addr ea, ovs_be32 ip, + const struct sbrec_chassis *chassis) { if (!ovnsb_idl_txn) { return; @@ -4351,7 +4366,7 @@ send_garp_locally(struct ovsdb_idl_txn *ovnsb_idl_txn, ip_format_masked(ip, OVS_BE32_MAX, &ip_s); mac_binding_add_to_sb(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, remote->logical_port, remote->datapath, - ea, ds_cstr(&ip_s), update_only); + ea, ds_cstr(&ip_s), update_only, chassis); ds_destroy(&ip_s); } } @@ -4361,7 +4376,8 @@ run_put_mac_binding(struct ovsdb_idl_txn *ovnsb_idl_txn, struct ovsdb_idl_index *sbrec_datapath_binding_by_key, struct ovsdb_idl_index *sbrec_port_binding_by_key, struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip, - const struct mac_binding *mb) + const struct mac_binding *mb, + const struct sbrec_chassis *chassis) { /* Convert logical datapath and logical port key into lport. */ const struct sbrec_port_binding *pb = lport_lookup_by_key( @@ -4384,7 +4400,7 @@ run_put_mac_binding(struct ovsdb_idl_txn *ovnsb_idl_txn, ipv6_format_mapped(&mb->ip, &ip_s); mac_binding_add_to_sb(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, pb->logical_port, pb->datapath, mb->mac, - ds_cstr(&ip_s), false); + ds_cstr(&ip_s), false, chassis); ds_destroy(&ip_s); } @@ -4394,7 +4410,8 @@ static void run_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn, struct ovsdb_idl_index *sbrec_datapath_binding_by_key, struct ovsdb_idl_index *sbrec_port_binding_by_key, - struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip) + struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip, + const struct sbrec_chassis *chassis) OVS_REQUIRES(pinctrl_mutex) { if (!ovnsb_idl_txn) { @@ -4409,7 +4426,8 @@ run_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn, run_put_mac_binding(ovnsb_idl_txn, sbrec_datapath_binding_by_key, sbrec_port_binding_by_key, - sbrec_mac_binding_by_lport_ip, mb); + sbrec_mac_binding_by_lport_ip, mb, + chassis); ovn_mac_binding_remove(mb, &put_mac_bindings); } } @@ -4552,7 +4570,8 @@ send_garp_rarp_update(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct sbrec_port_binding *binding_rec, struct shash *nat_addresses, long long int garp_max_timeout, - bool garp_continuous) + bool garp_continuous, + const struct sbrec_chassis *chassis) { volatile struct garp_rarp_data *garp_rarp = NULL; @@ -4592,7 +4611,8 @@ send_garp_rarp_update(struct ovsdb_idl_txn *ovnsb_idl_txn, send_garp_locally(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, local_datapaths, binding_rec, laddrs->ea, - laddrs->ipv4_addrs[i].addr); + laddrs->ipv4_addrs[i].addr, + chassis); } free(name); @@ -4661,7 +4681,8 @@ send_garp_rarp_update(struct ovsdb_idl_txn *ovnsb_idl_txn, binding_rec->tunnel_key); if (ip) { send_garp_locally(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, - local_datapaths, binding_rec, laddrs.ea, ip); + local_datapaths, binding_rec, laddrs.ea, ip, + chassis); } destroy_lport_addresses(&laddrs); @@ -6080,7 +6101,8 @@ send_garp_rarp_prepare(struct ovsdb_idl_txn *ovnsb_idl_txn, send_garp_rarp_update(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, local_datapaths, pb, &nat_addresses, - garp_max_timeout, garp_continuous); + garp_max_timeout, garp_continuous, + chassis); } } @@ -6092,7 +6114,8 @@ send_garp_rarp_prepare(struct ovsdb_idl_txn *ovnsb_idl_txn, if (pb) { send_garp_rarp_update(ovnsb_idl_txn, sbrec_mac_binding_by_lport_ip, local_datapaths, pb, &nat_addresses, - garp_max_timeout, garp_continuous); + garp_max_timeout, garp_continuous, + chassis); } } diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f3868068d..f51dbecb4 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -109,7 +109,7 @@ static const char *rbac_port_binding_update[] = "options"}; static const char *rbac_mac_binding_auth[] = - {""}; + {"chassis_name"}; static const char *rbac_mac_binding_update[] = {"logical_port", "ip", "mac", "datapath", "timestamp"}; diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema index 72e230b75..9cf91c8f7 100644 --- a/ovn-sb.ovsschema +++ b/ovn-sb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Southbound", - "version": "20.30.0", - "cksum": "2972392849 31172", + "version": "20.31.0", + "cksum": "3395536250 31224", "tables": { "SB_Global": { "columns": { @@ -286,7 +286,8 @@ "mac": {"type": "string"}, "timestamp": {"type": {"key": "integer"}}, "datapath": {"type": {"key": {"type": "uuid", - "refTable": "Datapath_Binding"}}}}, + "refTable": "Datapath_Binding"}}}, + "chassis_name": {"type": "string"}}, "indexes": [["logical_port", "ip"]], "isRoot": true}, "DHCP_Options": { diff --git a/ovn-sb.xml b/ovn-sb.xml index e393f92b3..411074083 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -3925,6 +3925,9 @@ tcp.flags = RST; The logical datapath to which the logical port belongs. + + The name of the chassis that inserted this record. +