From patchwork Fri May 3 07:26:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1930949 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=hxaMTqZm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VW2Rb1nTRz1ydX for ; Fri, 3 May 2024 17:26:34 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 6E634612DA; Fri, 3 May 2024 07:26:32 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id xCU9RDZPIXK0; Fri, 3 May 2024 07:26:31 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 24014612D4 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=hxaMTqZm Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 24014612D4; Fri, 3 May 2024 07:26:31 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id EE399C0077; Fri, 3 May 2024 07:26:30 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 98A9AC0077 for ; Fri, 3 May 2024 07:26:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 67E65404AF for ; Fri, 3 May 2024 07:26:29 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id m6fMOM6q7FIv for ; Fri, 3 May 2024 07:26:28 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org E7745401CE Authentication-Results: smtp2.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org E7745401CE Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=hxaMTqZm Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id E7745401CE for ; Fri, 3 May 2024 07:26:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1714721186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sZPBqHtgoK4H3FLXOl+iiBwwBXGPJKivGIGTywc06Sk=; b=hxaMTqZmM0j+JjdoCY27Vb5JlF+d3VH8b5lBB/n2WpIXk66pod5WNOmIrIwJYu5Y/0/OFB 2iNff81K6OEys2e+uclyzwcfaLjipUDvAjN8NzVwEPZySKT7tTH5Gtdwv7WEHfHbfQdyPd HZEccYIb8B50BEoAHzVEI7ki25vKpBQ= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-343-BK8Qf3KVOEKXclfI7DKOqQ-1; Fri, 03 May 2024 03:26:25 -0400 X-MC-Unique: BK8Qf3KVOEKXclfI7DKOqQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CB08B29AA386 for ; Fri, 3 May 2024 07:26:24 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 17B37AC6D; Fri, 3 May 2024 07:26:23 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 3 May 2024 09:26:20 +0200 Message-ID: <20240503072622.2111265-2-amusil@redhat.com> In-Reply-To: <20240503072622.2111265-1-amusil@redhat.com> References: <20240503072622.2111265-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 1/3] nothd: Unify the priority calculation for NAT flows. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The priority calculation was scattered in multiple places which could result in errors when the code is being updated. Move it to common function that makes it very clear how is the priority calculated. Signed-off-by: Ales Musil Acked-by: Mark Michelson --- northd/northd.c | 82 +++++++++++++++++++------------------------------ 1 file changed, 32 insertions(+), 50 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 133cddb69..a883c3e08 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -11543,6 +11543,25 @@ lrouter_dnat_and_snat_is_stateless(const struct nbrec_nat *nat) !strcmp(nat->type, "dnat_and_snat"); } +static inline uint16_t +lrouter_nat_get_priority(const struct ovn_datapath *od, bool is_dnat, + uint16_t prefix_len) +{ + if (is_dnat) { + return 100; + } + + /* The priority here is calculated such that the + * nat->logical_ip with the longest mask gets a higher + * priority. */ + uint16_t priority = prefix_len + 1; + if (!od->is_gw_router && od->n_l3dgw_ports) { + priority += 128; + } + + return priority; +} + /* Handles the match criteria and actions in logical flow * based on external ip based NAT rule filter. * @@ -11573,7 +11592,6 @@ lrouter_nat_add_ext_ip_match(const struct ovn_datapath *od, } else if (exempted_ext_ips) { struct ds match_exempt = DS_EMPTY_INITIALIZER; enum ovn_stage stage = is_src ? S_ROUTER_IN_DNAT : S_ROUTER_OUT_SNAT; - uint16_t priority; /* Priority of logical flows corresponding to exempted_ext_ips is * +2 of the corresponding regular NAT rule. @@ -11589,17 +11607,8 @@ lrouter_nat_add_ext_ip_match(const struct ovn_datapath *od, * lr_out_snat...priority=161, match=(..), action=(ct_snat(....);) * */ - if (is_src) { - /* S_ROUTER_IN_DNAT uses priority 100 */ - priority = 100 + 2; - } else { - /* S_ROUTER_OUT_SNAT uses priority (mask + 1 + 128 + 1) */ - priority = cidr_bits + 3; - - if (!od->is_gw_router) { - priority += 128; - } - } + uint16_t priority = + lrouter_nat_get_priority(od, is_src, cidr_bits) + 2; ds_clone(&match_exempt, match); ds_put_format(&match_exempt, " && ip%s.%s == $%s", @@ -14598,7 +14607,8 @@ build_lrouter_in_dnat_flow(struct lflow_table *lflows, ds_put_format(actions, ");"); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, 100, + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, + lrouter_nat_get_priority(od, true, cidr_bits), ds_cstr(match), ds_cstr(actions), &nat->header_, lflow_ref); } @@ -14741,25 +14751,14 @@ build_lrouter_out_snat_stateless_flow(struct lflow_table *lflows, ds_clear(actions); - /* The priority here is calculated such that the - * nat->logical_ip with the longest mask gets a higher - * priority. */ - uint16_t priority = cidr_bits + 1; - + uint16_t priority = lrouter_nat_get_priority(od, false, cidr_bits); build_lrouter_out_snat_match(lflows, od, nat, match, distributed_nat, cidr_bits, is_v6, l3dgw_port, lflow_ref, false); - if (!od->is_gw_router) { - /* Distributed router. */ - if (od->n_l3dgw_ports) { - priority += 128; - } - - if (distributed_nat) { - ds_put_format(actions, "eth.src = "ETH_ADDR_FMT"; ", - ETH_ADDR_ARGS(mac)); - } + if (!od->is_gw_router && distributed_nat) { + ds_put_format(actions, "eth.src = "ETH_ADDR_FMT"; ", + ETH_ADDR_ARGS(mac)); } ds_put_format(actions, "ip%c.src=%s; next;", @@ -14787,20 +14786,13 @@ build_lrouter_out_snat_in_czone_flow(struct lflow_table *lflows, ds_clear(actions); - /* The priority here is calculated such that the - * nat->logical_ip with the longest mask gets a higher - * priority. */ - uint16_t priority = cidr_bits + 1; + uint16_t priority = lrouter_nat_get_priority(od, false, cidr_bits); struct ds zone_actions = DS_EMPTY_INITIALIZER; build_lrouter_out_snat_match(lflows, od, nat, match, distributed_nat, cidr_bits, is_v6, l3dgw_port, lflow_ref, false); - if (od->n_l3dgw_ports) { - priority += 128; - } - if (distributed_nat) { ds_put_format(actions, "eth.src = "ETH_ADDR_FMT"; ", ETH_ADDR_ARGS(mac)); @@ -14853,26 +14845,16 @@ build_lrouter_out_snat_flow(struct lflow_table *lflows, ds_clear(actions); - /* The priority here is calculated such that the - * nat->logical_ip with the longest mask gets a higher - * priority. */ - uint16_t priority = cidr_bits + 1; + uint16_t priority = lrouter_nat_get_priority(od, false, cidr_bits); build_lrouter_out_snat_match(lflows, od, nat, match, distributed_nat, cidr_bits, is_v6, l3dgw_port, lflow_ref, false); size_t original_match_len = match->length; - if (!od->is_gw_router) { - /* Distributed router. */ - if (od->n_l3dgw_ports) { - priority += 128; - } - - if (distributed_nat) { - ds_put_format(actions, "eth.src = "ETH_ADDR_FMT"; ", - ETH_ADDR_ARGS(mac)); - } + if (!od->is_gw_router && distributed_nat) { + ds_put_format(actions, "eth.src = "ETH_ADDR_FMT"; ", + ETH_ADDR_ARGS(mac)); } ds_put_cstr(match, " && (!ct.trk || !ct.rpl)");