From patchwork Wed Sep 2 14:59:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355858 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRtv4CNTz9sRK for ; Thu, 3 Sep 2020 01:00:07 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 579A086942; Wed, 2 Sep 2020 15:00:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPX2GRgeqvw9; Wed, 2 Sep 2020 15:00:04 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 4CB8A86890; Wed, 2 Sep 2020 15:00:04 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2FE28C07FF; Wed, 2 Sep 2020 15:00:04 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7EDCDC0051 for ; Wed, 2 Sep 2020 15:00:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6CF7C866F1 for ; Wed, 2 Sep 2020 15:00:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id brUh5nScC5sV for ; Wed, 2 Sep 2020 15:00:00 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id C9342866D3 for ; Wed, 2 Sep 2020 15:00:00 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUEv-0000qo-Ll; Wed, 02 Sep 2020 14:59:57 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUEs-0006lF-3N; Wed, 02 Sep 2020 15:59:55 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:27 +0100 Message-Id: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 01/24] Move out Table 0 (ingress) operations to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 73 +++++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 33 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f2e3104ba..cb77296c4 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8416,57 +8416,40 @@ build_lrouter_force_snat_flows(struct hmap *lflows, struct ovn_datapath *od, } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_ingress_table_0_od( + struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - /* Logical router ingress table 0: Admission control framework. */ - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { /* Logical VLANs not supported. * Broadcast/multicast source address is invalid. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100, "vlan.present || eth.src[40]", "drop;"); } +} - /* Logical router ingress table 0: match (priority 50). */ - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_ingress_table_0_op( + struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (!lrport_is_enabled(op->nbrp)) { - /* Drop packets from disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } + /* Logical router ingress table 0: match (priority 50). + * Drop packets from disabled logical ports (since logical flow + * tables are default-drop). + * No ingress packets should be received on a chassisredirect + * port. */ - if (op->derived) { - /* No ingress packets should be received on a chassisredirect - * port. */ - continue; - } + if (op->nbrp && lrport_is_enabled(op->nbrp) && (!op->derived)) { /* Store the ethernet address of the port receiving the packet. * This will save us from having to match on inport further down in * the pipeline. */ - ds_clear(&actions); ds_put_format(&actions, REG_INPORT_ETH_ADDR " = %s; next;", op->lrp_networks.ea_s); - ds_clear(&match); ds_put_format(&match, "eth.mcast && inport == %s", op->json_key); ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_ADMISSION, 50, ds_cstr(&match), ds_cstr(&actions), @@ -8486,6 +8469,30 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions), &op->nbrp->header_); } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } /* Logical router ingress table 1: LOOKUP_NEIGHBOR and * table 2: LEARN_NEIGHBOR. */ From patchwork Wed Sep 2 14:59:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355859 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRty1KLbz9sTR for ; Thu, 3 Sep 2020 01:00:09 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 53433868AC; Wed, 2 Sep 2020 15:00:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hOCXyKLeYg7; Wed, 2 Sep 2020 15:00:06 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 28DE78684D; Wed, 2 Sep 2020 15:00:05 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 098A7C0894; Wed, 2 Sep 2020 15:00:05 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 13593C0051 for ; Wed, 2 Sep 2020 15:00:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id EF6942226B for ; Wed, 2 Sep 2020 15:00:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEx4zjtioOru for ; Wed, 2 Sep 2020 15:00:01 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id D553C2202C for ; Wed, 2 Sep 2020 15:00:00 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUEw-0000qr-IA; Wed, 02 Sep 2020 14:59:58 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUEt-0006lF-PU; Wed, 02 Sep 2020 15:59:57 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:28 +0100 Message-Id: <20200902145950.25875-2-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 02/24] Move out Table 1 operations into functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov This moves out the operations used to learn MACs from ARP/ND into separate iterator functions. Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 73 ++++++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 28 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index cb77296c4..3c3c904b6 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8474,33 +8474,11 @@ build_lrouter_flows_ingress_table_0_op( } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_arp_nd_mac_learn_od(struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_ingress_table_0_op(op, lflows); - } - - /* Logical router ingress table 1: LOOKUP_NEIGHBOR and - * table 2: LEARN_NEIGHBOR. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { /* Learn MAC bindings from ARP/IPv6 ND. * * For ARP packets, table LOOKUP_NEIGHBOR does a lookup for the @@ -8586,11 +8564,17 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_ROUTER_IN_LEARN_NEIGHBOR, 90, "nd_ns", "put_nd(inport, ip6.src, nd.sll); next;"); } + ds_destroy(&match); + ds_destroy(&actions); +} - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_arp_nd_mac_learn_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + if (op->nbrp) { bool learn_from_arp_request = smap_get_bool(&op->od->nbr->options, "always_learn_from_arp_request", true); @@ -8647,6 +8631,39 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); + } + /* Logical router ingress table 3: IP Input. */ HMAP_FOR_EACH (od, key_node, datapaths) { if (!od->nbr) { From patchwork Wed Sep 2 14:59:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355862 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRv85SbBz9sRK for ; Thu, 3 Sep 2020 01:00:20 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 19A30868DA; Wed, 2 Sep 2020 15:00:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xJOme7jcDeV; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id F3887868D6; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id DBCFAC07FF; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A8702C0891 for ; Wed, 2 Sep 2020 15:00:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9D5828694A for ; Wed, 2 Sep 2020 15:00:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noHdR5w_6Un8 for ; Wed, 2 Sep 2020 15:00:07 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id F3FD58697C for ; Wed, 2 Sep 2020 15:00:06 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF3-0000s7-1a; Wed, 02 Sep 2020 15:00:05 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUEv-0006lF-IE; Wed, 02 Sep 2020 15:59:59 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:29 +0100 Message-Id: <20200902145950.25875-3-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 03/24] Move out Table 3 operations to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 146 ++++++++++++++++++++++++++------------------ 1 file changed, 87 insertions(+), 59 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 3c3c904b6..10ddf6d0a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8636,39 +8636,13 @@ build_lrouter_flows_arp_nd_mac_learn_op(struct ovn_port *op, struct hmap *lflows } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_table_3_ip_input_od( + struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_ingress_table_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); - } /* Logical router ingress table 3: IP Input. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + if (od->nbr) { /* L3 admission control: drop multicast and broadcast source, localhost * source or destination, and zero network source or destination @@ -8756,7 +8730,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "eth.bcast", "drop;"); /* TTL discard */ - ds_clear(&match); ds_put_cstr(&match, "ip4 && ip.ttl == {0, 1}"); ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 30, ds_cstr(&match), "drop;"); @@ -8765,19 +8738,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * routing. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 0, "1", "next;"); } + ds_destroy(&match); +} - /* Logical router ingress table 3: IP Input for IPv4. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_table_3_ip_input_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (op->derived) { - /* No ingress packets are accepted on a chassisredirect - * port, so no need to program flows for that port. */ - continue; - } + /* Logical router ingress table 3: IP Input for IPv4. + * No ingress packets are accepted on a chassisredirect + * port, so no need to program flows for that port. */ + if (op->nbrp && (!op->derived)) { if (op->lrp_networks.n_ipv4_addrs) { /* L3 admission control: drop packets that originate from an * IPv4 address owned by the router or a broadcast address @@ -9084,7 +9058,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * ETH address. */ if (op != op->od->l3dgw_port) { - continue; + return; } for (size_t i = 0; i < op->od->nbr->n_nat; i++) { @@ -9164,16 +9138,18 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } - /* DHCPv6 reply handling */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } + ds_destroy(&match); + ds_destroy(&actions); +} - if (op->derived) { - continue; - } +static void +build_lrouter_dhcp_reply_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + /* DHCPv6 reply handling */ + if (op->nbrp && (!op->derived)) { for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { ds_clear(&actions); ds_clear(&match); @@ -9185,19 +9161,22 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions)); } } + ds_destroy(&match); + ds_destroy(&actions); +} - /* Logical router ingress table 1: IP Input for IPv6. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_ip_input_chassis_redirect_op( + struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (op->derived) { - /* No ingress packets are accepted on a chassisredirect - * port, so no need to program flows for that port. */ - continue; - } + /* Logical router ingress table 1: IP Input for IPv6. + * No ingress packets are accepted on a chassisredirect + * port, so no need to program flows for that port. */ + if (op->nbrp && (!op->derived)) { if (op->lrp_networks.n_ipv6_addrs) { /* ICMPv6 echo reply. These flows reply to echo requests * received for the router's IP address. */ @@ -9320,6 +9299,55 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, &op->nbrp->header_); } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_table_3_ip_input_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_table_3_ip_input_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_dhcp_reply_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_ip_input_chassis_redirect_op(op, lflows); + } /* NAT, Defrag and load balancing. */ HMAP_FOR_EACH (od, key_node, datapaths) { From patchwork Wed Sep 2 14:59:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355860 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRv32CFBz9sRK for ; Thu, 3 Sep 2020 01:00:15 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CA39F869C5; Wed, 2 Sep 2020 15:00:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jcRH7zXz2EPo; Wed, 2 Sep 2020 15:00:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id B139A869AB; Wed, 2 Sep 2020 15:00:10 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8FE33C0894; Wed, 2 Sep 2020 15:00:10 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2A9F9C0051 for ; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 19987871DF for ; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izyjUHLaHGGF for ; Wed, 2 Sep 2020 15:00:07 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id C597A8710A for ; Wed, 2 Sep 2020 15:00:07 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF3-0000sD-OY; Wed, 02 Sep 2020 15:00:06 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUEx-0006lF-Ax; Wed, 02 Sep 2020 16:00:01 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:30 +0100 Message-Id: <20200902145950.25875-4-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 04/24] Move NAT and Load Balancing to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 148 ++++++++++++++++++++++++++------------------ 1 file changed, 89 insertions(+), 59 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 10ddf6d0a..7af7ae525 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9058,6 +9058,8 @@ build_lrouter_flows_table_3_ip_input_op(struct ovn_port *op, struct hmap *lflows * ETH address. */ if (op != op->od->l3dgw_port) { + ds_destroy(&match); + ds_destroy(&actions); return; } @@ -9176,7 +9178,7 @@ build_lrouter_ip_input_chassis_redirect_op( * No ingress packets are accepted on a chassisredirect * port, so no need to program flows for that port. */ - if (op->nbrp && (!op->derived)) { + if (op->nbrp && !op->derived) { if (op->lrp_networks.n_ipv6_addrs) { /* ICMPv6 echo reply. These flows reply to echo requests * received for the router's IP address. */ @@ -9304,57 +9306,15 @@ build_lrouter_ip_input_chassis_redirect_op( } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_NAT_defrag_lb_od( + struct ovn_datapath *od, struct hmap *lflows, + struct hmap *lbs, struct shash *meter_groups) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_ingress_table_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_table_3_ip_input_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_table_3_ip_input_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_dhcp_reply_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_ip_input_chassis_redirect_op(op, lflows); - } - /* NAT, Defrag and load balancing. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { /* Packets are allowed by default. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 0, "1", "next;"); @@ -9373,7 +9333,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * l3dgw_port (router has a port with "redirect-chassis" * specified). */ if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } struct sset nat_entries = SSET_INITIALIZER(&nat_entries); @@ -9895,7 +9857,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * Gateway routers or router with gateway port. */ if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { sset_destroy(&nat_entries); - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } /* A set to hold all ips that need defragmentation and tracking. */ @@ -9974,18 +9938,23 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, sset_destroy(&all_ips); sset_destroy(&nat_entries); } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows_NAT_defrag_lb_op(struct ovn_port *op, struct hmap *lflows) +{ /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: IPv6 Router * Adv (RA) options and response. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp || op->nbrp->peer || !op->peer) { - continue; - } - - if (!op->lrp_networks.n_ipv6_addrs) { - continue; - } + if (!op->nbrp || op->nbrp->peer || !op->peer) { + return; + } + if (op->lrp_networks.n_ipv6_addrs) { + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; struct smap options; smap_clone(&options, &op->sb->options); @@ -10014,7 +9983,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, &op->nbrp->ipv6_ra_configs, "address_mode"); if (!address_mode) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } if (strcmp(address_mode, "slaac") && strcmp(address_mode, "dhcpv6_stateful") && @@ -10022,7 +9993,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "Invalid address mode [%s] defined", address_mode); - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } if (smap_get_bool(&op->nbrp->ipv6_ra_configs, "send_periodic", @@ -10093,6 +10066,63 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions), &op->nbrp->header_); } + ds_destroy(&match); + ds_destroy(&actions); + } +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_table_3_ip_input_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_table_3_ip_input_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_dhcp_reply_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_ip_input_chassis_redirect_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_NAT_defrag_lb_od( + od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_NAT_defrag_lb_op(op, lflows); } /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS From patchwork Wed Sep 2 14:59:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355861 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRv62lK9z9sTv for ; Thu, 3 Sep 2020 01:00:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id C78CD871F1; Wed, 2 Sep 2020 15:00:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPA6RxMDNGJf; Wed, 2 Sep 2020 15:00:15 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 8C742871D5; Wed, 2 Sep 2020 15:00:15 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 606B9C07FF; Wed, 2 Sep 2020 15:00:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 824A0C0051 for ; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6AC528684B for ; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Z4t7czf38Rh for ; Wed, 2 Sep 2020 15:00:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id E7CED86841 for ; Wed, 2 Sep 2020 15:00:06 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF3-0000s8-DO; Wed, 02 Sep 2020 15:00:05 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUEz-0006lF-4u; Wed, 02 Sep 2020 16:00:03 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:31 +0100 Message-Id: <20200902145950.25875-5-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 05/24] Move Logical router ingress table IP_ROUTING to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 97 ++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 41 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 7af7ae525..e3fb73a8b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10071,6 +10071,60 @@ build_lrouter_flows_NAT_defrag_lb_op(struct ovn_port *op, struct hmap *lflows) } } +static void +build_lrouter_flows_lr_ingress_ra_od(struct ovn_datapath *od, struct hmap *lflows) +{ + /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS + * responder, by default goto next. (priority 0)*/ + if (od->nbr) { + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;"); + } +} + +static void +build_lrouter_flows_lr_ingress_ip_routing_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing. + * + * A packet that arrives at this table is an IP packet that should be + * routed to the address in 'ip[46].dst'. + * + * For regular routes without ECMP, table IP_ROUTING sets outport to the + * correct output port, eth.src to the output port's MAC address, and + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address + * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and + * advances to the next table. + * + * For ECMP routes, i.e. multiple routes with same policy and prefix, table + * IP_ROUTING remembers ECMP group id and selects a member id, and advances + * to table IP_ROUTING_ECMP, which sets outport, eth.src and + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 for the selected ECMP member. + */ + + if (op->nbrp) { + + for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { + add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s, + op->lrp_networks.ipv4_addrs[i].network_s, + op->lrp_networks.ipv4_addrs[i].plen, NULL, false, + &op->nbrp->header_); + } + + for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { + add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, + op->lrp_networks.ipv6_addrs[i].network_s, + op->lrp_networks.ipv6_addrs[i].plen, NULL, false, + &op->nbrp->header_); + } + } + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10125,51 +10179,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_NAT_defrag_lb_op(op, lflows); } - /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS - * responder, by default goto next. (priority 0)*/ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;"); + build_lrouter_flows_lr_ingress_ra_od(od, lflows); } - /* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing. - * - * A packet that arrives at this table is an IP packet that should be - * routed to the address in 'ip[46].dst'. - * - * For regular routes without ECMP, table IP_ROUTING sets outport to the - * correct output port, eth.src to the output port's MAC address, and - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address - * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and - * advances to the next table. - * - * For ECMP routes, i.e. multiple routes with same policy and prefix, table - * IP_ROUTING remembers ECMP group id and selects a member id, and advances - * to table IP_ROUTING_ECMP, which sets outport, eth.src and - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 for the selected ECMP member. - */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } - - for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { - add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s, - op->lrp_networks.ipv4_addrs[i].network_s, - op->lrp_networks.ipv4_addrs[i].plen, NULL, false, - &op->nbrp->header_); - } - - for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { - add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, - op->lrp_networks.ipv6_addrs[i].network_s, - op->lrp_networks.ipv6_addrs[i].plen, NULL, false, - &op->nbrp->header_); - } + build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); } /* Convert the static routes to flows. */ From patchwork Wed Sep 2 14:59:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355863 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRvB1J0Sz9sVK for ; Thu, 3 Sep 2020 01:00:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id AD4F3871D5; Wed, 2 Sep 2020 15:00:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0uOM54SMXn7d; Wed, 2 Sep 2020 15:00:18 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 96A9B8721A; Wed, 2 Sep 2020 15:00:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 660E3C0894; Wed, 2 Sep 2020 15:00:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id CE80EC07FF for ; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id BAA5686841 for ; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3rFToxgOvKs for ; Wed, 2 Sep 2020 15:00:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 8C6308684D for ; Wed, 2 Sep 2020 15:00:07 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF3-0000sI-TL; Wed, 02 Sep 2020 15:00:06 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUF1-0006lF-0t; Wed, 02 Sep 2020 16:00:04 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:32 +0100 Message-Id: <20200902145950.25875-6-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 06/24] Move static route datapath mapping to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 96 ++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e3fb73a8b..b3137ed11 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10125,6 +10125,56 @@ build_lrouter_flows_lr_ingress_ip_routing_op(struct ovn_port *op, struct hmap *l ds_destroy(&actions); } +static void +build_lrouter_flows_step_80_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + /* Convert the static routes to flows. */ + if (od->nbr) { + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 150, + REG_ECMP_GROUP_ID" == 0", "next;"); + + struct hmap ecmp_groups = HMAP_INITIALIZER(&ecmp_groups); + struct hmap unique_routes = HMAP_INITIALIZER(&unique_routes); + struct ovs_list parsed_routes = OVS_LIST_INITIALIZER(&parsed_routes); + struct ecmp_groups_node *group; + for (int i = 0; i < od->nbr->n_static_routes; i++) { + struct parsed_route *route = + parsed_routes_add(&parsed_routes, od->nbr->static_routes[i]); + if (!route) { + continue; + } + group = ecmp_groups_find(&ecmp_groups, route); + if (group) { + ecmp_groups_add_route(group, route); + } else { + const struct parsed_route *existed_route = + unique_routes_remove(&unique_routes, route); + if (existed_route) { + group = ecmp_groups_add(&ecmp_groups, existed_route); + if (group) { + ecmp_groups_add_route(group, route); + } + } else { + unique_routes_add(&unique_routes, route); + } + } + } + HMAP_FOR_EACH (group, hmap_node, &ecmp_groups) { + /* add a flow in IP_ROUTING, and one flow for each member in + * IP_ROUTING_ECMP. */ + build_ecmp_route_flow(lflows, od, ports, group); + } + const struct unique_routes_node *ur; + HMAP_FOR_EACH (ur, hmap_node, &unique_routes) { + build_static_route_flow(lflows, od, ports, ur->route); + } + ecmp_groups_destroy(&ecmp_groups); + unique_routes_destroy(&unique_routes); + parsed_routes_destroy(&parsed_routes); + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10187,52 +10237,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); } - /* Convert the static routes to flows. */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 150, - REG_ECMP_GROUP_ID" == 0", "next;"); - - struct hmap ecmp_groups = HMAP_INITIALIZER(&ecmp_groups); - struct hmap unique_routes = HMAP_INITIALIZER(&unique_routes); - struct ovs_list parsed_routes = OVS_LIST_INITIALIZER(&parsed_routes); - struct ecmp_groups_node *group; - for (int i = 0; i < od->nbr->n_static_routes; i++) { - struct parsed_route *route = - parsed_routes_add(&parsed_routes, od->nbr->static_routes[i]); - if (!route) { - continue; - } - group = ecmp_groups_find(&ecmp_groups, route); - if (group) { - ecmp_groups_add_route(group, route); - } else { - const struct parsed_route *existed_route = - unique_routes_remove(&unique_routes, route); - if (existed_route) { - group = ecmp_groups_add(&ecmp_groups, existed_route); - if (group) { - ecmp_groups_add_route(group, route); - } - } else { - unique_routes_add(&unique_routes, route); - } - } - } - HMAP_FOR_EACH (group, hmap_node, &ecmp_groups) { - /* add a flow in IP_ROUTING, and one flow for each member in - * IP_ROUTING_ECMP. */ - build_ecmp_route_flow(lflows, od, ports, group); - } - const struct unique_routes_node *ur; - HMAP_FOR_EACH (ur, hmap_node, &unique_routes) { - build_static_route_flow(lflows, od, ports, ur->route); - } - ecmp_groups_destroy(&ecmp_groups); - unique_routes_destroy(&unique_routes); - parsed_routes_destroy(&parsed_routes); + build_lrouter_flows_step_80_od(od, lflows, ports); } /* IP Multicast lookup. Here we set the output port, adjust TTL and From patchwork Wed Sep 2 14:59:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355864 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRvF1DBSz9sTv for ; Thu, 3 Sep 2020 01:00:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0578A87237; Wed, 2 Sep 2020 15:00:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvA3FizVCwgP; Wed, 2 Sep 2020 15:00:19 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id AF3258722D; Wed, 2 Sep 2020 15:00:17 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A2198C0895; Wed, 2 Sep 2020 15:00:17 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id C14D9C07FF for ; Wed, 2 Sep 2020 15:00:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 95BCB86899 for ; Wed, 2 Sep 2020 15:00:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsNxOA3M-12H for ; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 14EDD868BD for ; Wed, 2 Sep 2020 15:00:09 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF5-0000sR-KG; Wed, 02 Sep 2020 15:00:07 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUF2-0006lF-PI; Wed, 02 Sep 2020 16:00:06 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:33 +0100 Message-Id: <20200902145950.25875-7-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 07/24] Move out multicast lookup into a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 132 ++++++++++++++++++++++++-------------------- 1 file changed, 71 insertions(+), 61 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index b3137ed11..99cee36bc 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10126,7 +10126,7 @@ build_lrouter_flows_lr_ingress_ip_routing_op(struct ovn_port *op, struct hmap *l } static void -build_lrouter_flows_step_80_od( +build_lrouter_flows_static_to_flows_od( struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) { /* Convert the static routes to flows. */ @@ -10175,6 +10175,74 @@ build_lrouter_flows_step_80_od( } } +static void +build_lrouter_flows_multicast_lookup_od(struct ovn_datapath *od, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* IP Multicast lookup. Here we set the output port, adjust TTL and + * advance to next table (priority 500). + */ + if (od->nbr) { + + /* Drop IPv6 multicast traffic that shouldn't be forwarded, + * i.e., router solicitation and router advertisement. + */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 550, + "nd_rs || nd_ra", "drop;"); + + if (!od->mcast_info.rtr.relay) { + return; + } + + struct ovn_igmp_group *igmp_group; + + LIST_FOR_EACH (igmp_group, list_node, &od->mcast_info.groups) { + ds_clear(&match); + ds_clear(&actions); + if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { + ds_put_format(&match, "ip4 && ip4.dst == %s ", + igmp_group->mcgroup.name); + } else { + ds_put_format(&match, "ip6 && ip6.dst == %s ", + igmp_group->mcgroup.name); + } + if (od->mcast_info.rtr.flood_static) { + ds_put_cstr(&actions, + "clone { " + "outport = \""MC_STATIC"\"; " + "ip.ttl--; " + "next; " + "};"); + } + ds_put_format(&actions, "outport = \"%s\"; ip.ttl--; next;", + igmp_group->mcgroup.name); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 500, + ds_cstr(&match), ds_cstr(&actions)); + } + + /* If needed, flood unregistered multicast on statically configured + * ports. Otherwise drop any multicast traffic. + */ + if (od->mcast_info.rtr.flood_static) { + ds_clear(&actions); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + "ip4.mcast || ip6.mcast", + "clone { " + "outport = \""MC_STATIC"\"; " + "ip.ttl--; " + "next; " + "};"); + } else { + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + "ip4.mcast || ip6.mcast", "drop;"); + } + } + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10238,69 +10306,11 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_80_od(od, lflows, ports); + build_lrouter_flows_static_to_flows_od(od, lflows, ports); } - /* IP Multicast lookup. Here we set the output port, adjust TTL and - * advance to next table (priority 500). - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - /* Drop IPv6 multicast traffic that shouldn't be forwarded, - * i.e., router solicitation and router advertisement. - */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 550, - "nd_rs || nd_ra", "drop;"); - - if (!od->mcast_info.rtr.relay) { - continue; - } - - struct ovn_igmp_group *igmp_group; - - LIST_FOR_EACH (igmp_group, list_node, &od->mcast_info.groups) { - ds_clear(&match); - ds_clear(&actions); - if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { - ds_put_format(&match, "ip4 && ip4.dst == %s ", - igmp_group->mcgroup.name); - } else { - ds_put_format(&match, "ip6 && ip6.dst == %s ", - igmp_group->mcgroup.name); - } - if (od->mcast_info.rtr.flood_static) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_STATIC"\"; " - "ip.ttl--; " - "next; " - "};"); - } - ds_put_format(&actions, "outport = \"%s\"; ip.ttl--; next;", - igmp_group->mcgroup.name); - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 500, - ds_cstr(&match), ds_cstr(&actions)); - } - - /* If needed, flood unregistered multicast on statically configured - * ports. Otherwise drop any multicast traffic. - */ - if (od->mcast_info.rtr.flood_static) { - ds_clear(&actions); - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, - "ip4.mcast || ip6.mcast", - "clone { " - "outport = \""MC_STATIC"\"; " - "ip.ttl--; " - "next; " - "};"); - } else { - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, - "ip4.mcast || ip6.mcast", "drop;"); - } + build_lrouter_flows_multicast_lookup_od(od, lflows); } /* Logical router ingress table POLICY: Policy. From patchwork Wed Sep 2 14:59:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355865 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRvK1z2Qz9sRK for ; Thu, 3 Sep 2020 01:00:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 79BE2871EC; Wed, 2 Sep 2020 15:00:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TqL6rj5825l7; Wed, 2 Sep 2020 15:00:26 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id AB154871DC; Wed, 2 Sep 2020 15:00:25 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7C9B2C07FF; Wed, 2 Sep 2020 15:00:25 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id B6421C0051 for ; Wed, 2 Sep 2020 15:00:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 903572E00F for ; Wed, 2 Sep 2020 15:00:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1U5csHgOPoYN for ; Wed, 2 Sep 2020 15:00:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id E0A47228E7 for ; Wed, 2 Sep 2020 15:00:10 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF7-0000sW-BR; Wed, 02 Sep 2020 15:00:09 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUF4-0006lF-IC; Wed, 02 Sep 2020 16:00:08 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:34 +0100 Message-Id: <20200902145950.25875-8-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 08/24] Move Logical router ingress policy to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 52 ++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 99cee36bc..4a3484570 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10243,6 +10243,35 @@ build_lrouter_flows_multicast_lookup_od(struct ovn_datapath *od, struct hmap *lf ds_destroy(&actions); } +static void +build_lrouter_flows_ingress_policy_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + + /* Logical router ingress table POLICY: Policy. + * + * A packet that arrives at this table is an IP packet that should be + * permitted/denied/rerouted to the address in the rule's nexthop. + * This table sets outport to the correct out_port, + * eth.src to the output port's MAC address, + * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address + * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and + * advances to the next table for ARP/ND resolution. */ + + if (od->nbr) { + /* This is a catch-all rule. It has the lowest priority (0) + * does a match-all("1") and pass-through (next) */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;"); + + /* Convert routing policies to flows. */ + for (int i = 0; i < od->nbr->n_policies; i++) { + const struct nbrec_logical_router_policy *rule + = od->nbr->policies[i]; + build_routing_policy_flow(lflows, od, ports, rule, &rule->header_); + } + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10313,29 +10342,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_multicast_lookup_od(od, lflows); } - /* Logical router ingress table POLICY: Policy. - * - * A packet that arrives at this table is an IP packet that should be - * permitted/denied/rerouted to the address in the rule's nexthop. - * This table sets outport to the correct out_port, - * eth.src to the output port's MAC address, - * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address - * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and - * advances to the next table for ARP/ND resolution. */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - /* This is a catch-all rule. It has the lowest priority (0) - * does a match-all("1") and pass-through (next) */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;"); - - /* Convert routing policies to flows. */ - for (int i = 0; i < od->nbr->n_policies; i++) { - const struct nbrec_logical_router_policy *rule - = od->nbr->policies[i]; - build_routing_policy_flow(lflows, od, ports, rule, &rule->header_); - } + build_lrouter_flows_ingress_policy_od(od, lflows, ports); } From patchwork Wed Sep 2 14:59:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355866 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRvp1Bb5z9sVK for ; Thu, 3 Sep 2020 01:00:54 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id AF655869BB; Wed, 2 Sep 2020 15:00:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qZPXLQVdIK8; Wed, 2 Sep 2020 15:00:50 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9E99F86937; Wed, 2 Sep 2020 15:00:50 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 871E2C07FF; Wed, 2 Sep 2020 15:00:50 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5BD3FC0051 for ; Wed, 2 Sep 2020 15:00:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 2F5FF227AA for ; Wed, 2 Sep 2020 15:00:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHKEXilzJSoP for ; Wed, 2 Sep 2020 15:00:33 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 2D26B227AD for ; Wed, 2 Sep 2020 15:00:13 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUF9-0000sb-HL; Wed, 02 Sep 2020 15:00:11 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUF6-0006lF-Ag; Wed, 02 Sep 2020 16:00:10 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:35 +0100 Message-Id: <20200902145950.25875-9-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 09/24] Move ARP Resolve into a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 203 ++++++++++++++++++++++++-------------------- 1 file changed, 111 insertions(+), 92 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4a3484570..1e5921c29 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10272,96 +10272,25 @@ build_lrouter_flows_ingress_policy_od( } } -static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +static void build_lrouter_flows_arp_resolve_od( + struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_ingress_table_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_table_3_ip_input_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_table_3_ip_input_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_dhcp_reply_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_ip_input_chassis_redirect_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_NAT_defrag_lb_od( - od, lflows, lbs, meter_groups); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_NAT_defrag_lb_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_lr_ingress_ra_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_static_to_flows_od(od, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_multicast_lookup_od(od, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_policy_od(od, lflows, ports); - } - - /* XXX destination unreachable */ /* Local router ingress table ARP_RESOLVE: ARP Resolution. * * Multicast packets already have the outport set so just advance to next * table (priority 500). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 500, "ip4.mcast || ip6.mcast", "next;"); } +} +static void build_lrouter_flows_arp_resolve_op( + struct ovn_port *op, struct hmap *lflows, struct hmap *ports) +{ /* Local router ingress table ARP_RESOLVE: ARP Resolution. * * Any unicast packet that reaches this table is an IP packet whose @@ -10371,11 +10300,11 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 into an output port in outport and * an Ethernet address in eth.dst. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (op->nbsp && !lsp_is_enabled(op->nbsp)) { - continue; - } + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + if (!op->nbsp || lsp_is_enabled(op->nbsp)) { if (op->nbrp) { /* This is a logical router port. If next-hop IP address in * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 matches IP address of this @@ -10544,7 +10473,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "virtual-parents"); if (!vip || !virtual_parents || !ip_parse(vip, &ip) || !op->sb) { - continue; + goto arp_resolve_op_done; } if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || @@ -10584,7 +10513,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct ovn_port *vp = ovn_port_find(ports, op->sb->virtual_parent); if (!vp || !vp->nbsp) { - continue; + goto arp_resolve_op_done; } for (size_t i = 0; i < vp->n_lsp_addrs; i++) { @@ -10643,18 +10572,18 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, const char *peer_name = smap_get(&op->nbsp->options, "router-port"); if (!peer_name) { - continue; + goto arp_resolve_op_done; } struct ovn_port *peer = ovn_port_find(ports, peer_name); if (!peer || !peer->nbrp) { - continue; + goto arp_resolve_op_done; } if (peer->od->nbr && smap_get_bool(&peer->od->nbr->options, "dynamic_neigh_routers", false)) { - continue; + goto arp_resolve_op_done; } for (size_t i = 0; i < op->od->n_router_ports; i++) { @@ -10706,18 +10635,108 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } } +arp_resolve_op_done: + ds_destroy(&match); + ds_destroy(&actions); +} - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - +static void build_lrouter_flows_arp_resolve_finalize_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip4", "get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;"); ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip6", "get_nd(outport, " REG_NEXT_HOP_IPV6 "); next;"); } +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_table_3_ip_input_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_table_3_ip_input_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_dhcp_reply_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_ip_input_chassis_redirect_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_NAT_defrag_lb_od( + od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_NAT_defrag_lb_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_lr_ingress_ra_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_static_to_flows_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_multicast_lookup_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_policy_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_resolve_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_resolve_op(op, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_resolve_finalize_od(od, lflows); + } /* Local router ingress table CHK_PKT_LEN: Check packet length. * From patchwork Wed Sep 2 14:59:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355869 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRwv3HTxz9sVC for ; Thu, 3 Sep 2020 01:01:51 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 06ED32E0D6; Wed, 2 Sep 2020 15:01:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G+6f30CTJuoK; Wed, 2 Sep 2020 15:01:36 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 8216E2E0E5; Wed, 2 Sep 2020 15:00:27 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 568F5C0893; Wed, 2 Sep 2020 15:00:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0C839C0893 for ; Wed, 2 Sep 2020 15:00:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id F3D508696A for ; Wed, 2 Sep 2020 15:00:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nftyrHyhjqeI for ; Wed, 2 Sep 2020 15:00:20 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id ED7D68684D for ; Wed, 2 Sep 2020 15:00:14 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUFB-0000sg-Fi; Wed, 02 Sep 2020 15:00:13 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUF8-0006lF-FZ; Wed, 02 Sep 2020 16:00:12 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:36 +0100 Message-Id: <20200902145950.25875-10-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 10/24] Move packet size rules to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 192 +++++++++++++++++++++++--------------------- 1 file changed, 102 insertions(+), 90 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 1e5921c29..e2edb8f3b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10652,92 +10652,10 @@ static void build_lrouter_flows_arp_resolve_finalize_od( } } -static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +static void build_lrouter_flows_packet_size_od( + struct ovn_datapath *od, struct hmap *lflows, + struct hmap *ports) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_ingress_table_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_table_3_ip_input_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_table_3_ip_input_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_dhcp_reply_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_ip_input_chassis_redirect_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_NAT_defrag_lb_od( - od, lflows, lbs, meter_groups); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_NAT_defrag_lb_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_lr_ingress_ra_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_static_to_flows_od(od, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_multicast_lookup_od(od, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_ingress_policy_od(od, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_resolve_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_arp_resolve_op(op, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_arp_resolve_finalize_od(od, lflows); - } - /* Local router ingress table CHK_PKT_LEN: Check packet length. * * Any IPv4 packet with outport set to the distributed gateway @@ -10751,10 +10669,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * generate ICMPv4 packet with type 3 (Destination Unreachable) and * code 4 (Fragmentation needed). * */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + if (od->nbr) { + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; /* Packets are allowed by default. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", @@ -10770,7 +10688,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } /* Add the flows only if gateway_mtu is configured. */ if (gw_mtu <= 0) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } ds_clear(&match); @@ -10848,6 +10768,98 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } } + ds_destroy(&match); + ds_destroy(&actions); + } +} +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_ingress_table_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_nd_mac_learn_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_nd_mac_learn_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_table_3_ip_input_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_table_3_ip_input_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_dhcp_reply_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_ip_input_chassis_redirect_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_NAT_defrag_lb_od( + od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_NAT_defrag_lb_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_lr_ingress_ra_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_lr_ingress_ip_routing_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_static_to_flows_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_multicast_lookup_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_ingress_policy_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_resolve_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_arp_resolve_op(op, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_arp_resolve_finalize_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_packet_size_od(od, lflows, ports); } /* Logical router ingress table GW_REDIRECT: Gateway redirect. From patchwork Wed Sep 2 14:59:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355871 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyK6D3Mz9sRK for ; Thu, 3 Sep 2020 01:03:05 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id E927486846; Wed, 2 Sep 2020 15:03:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZM4SoY-W4Sqx; Wed, 2 Sep 2020 15:03:03 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id F308086855; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D7145C0052; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5A0B0C0051 for ; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 446E7871E1 for ; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9s3nXSFl4b2T for ; Wed, 2 Sep 2020 15:03:01 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 7FF10871C1 for ; Wed, 2 Sep 2020 15:03:01 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHs-0000sz-3u; Wed, 02 Sep 2020 15:03:00 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFA-0006lF-Be; Wed, 02 Sep 2020 16:00:14 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:37 +0100 Message-Id: <20200902145950.25875-11-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 11/24] Move gateway redirect to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 80 ++++++++++++++++++++++++++------------------- 1 file changed, 46 insertions(+), 34 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e2edb8f3b..4df9b74bd 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10772,6 +10772,51 @@ static void build_lrouter_flows_packet_size_od( ds_destroy(&actions); } } + +static void build_lrouter_flows_gw_redirect_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + /* Logical router ingress table GW_REDIRECT: Gateway redirect. + * + * For traffic with outport equal to the l3dgw_port + * on a distributed router, this table redirects a subset + * of the traffic to the l3redirect_port which represents + * the central instance of the l3dgw_port. + */ + if (od->nbr) { + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + if (od->l3dgw_port && od->l3redirect_port) { + const struct ovsdb_idl_row *stage_hint = NULL; + + if (od->l3dgw_port->nbrp) { + stage_hint = &od->l3dgw_port->nbrp->header_; + } + + /* For traffic with outport == l3dgw_port, if the + * packet did not match any higher priority redirect + * rule, then the traffic is redirected to the central + * instance of the l3dgw_port. */ + ds_clear(&match); + ds_put_format(&match, "outport == %s", + od->l3dgw_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; next;", + od->l3redirect_port->json_key); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, + ds_cstr(&match), ds_cstr(&actions), + stage_hint); + } + + /* Packets are allowed by default. */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1", "next;"); + ds_destroy(&match); + ds_destroy(&actions); + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10862,41 +10907,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_packet_size_od(od, lflows, ports); } - /* Logical router ingress table GW_REDIRECT: Gateway redirect. - * - * For traffic with outport equal to the l3dgw_port - * on a distributed router, this table redirects a subset - * of the traffic to the l3redirect_port which represents - * the central instance of the l3dgw_port. - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - if (od->l3dgw_port && od->l3redirect_port) { - const struct ovsdb_idl_row *stage_hint = NULL; - - if (od->l3dgw_port->nbrp) { - stage_hint = &od->l3dgw_port->nbrp->header_; - } - - /* For traffic with outport == l3dgw_port, if the - * packet did not match any higher priority redirect - * rule, then the traffic is redirected to the central - * instance of the l3dgw_port. */ - ds_clear(&match); - ds_put_format(&match, "outport == %s", - od->l3dgw_port->json_key); - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; next;", - od->l3redirect_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, - ds_cstr(&match), ds_cstr(&actions), - stage_hint); - } - - /* Packets are allowed by default. */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1", "next;"); + build_lrouter_flows_gw_redirect_od(od, lflows); } /* Local router ingress table ARP_REQUEST: ARP request. From patchwork Wed Sep 2 14:59:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355885 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhS344fl4z9sTv for ; Thu, 3 Sep 2020 01:07:12 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D3A8F2E0FD; Wed, 2 Sep 2020 15:07:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U6OzsHrGsl+R; Wed, 2 Sep 2020 15:07:01 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 036FB2E143; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id EAD88C0052; Wed, 2 Sep 2020 15:03:08 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 94557C0051 for ; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 4E226871E9 for ; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5H37jY8ce0kF for ; Wed, 2 Sep 2020 15:03:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 34F05871C1 for ; Wed, 2 Sep 2020 15:03:05 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHv-0000tE-PB; Wed, 02 Sep 2020 15:03:03 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFC-0006lF-5D; Wed, 02 Sep 2020 16:00:15 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:38 +0100 Message-Id: <20200902145950.25875-12-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 12/24] Isolate ARP request to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 139 ++++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 64 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4df9b74bd..5a6d7bcbc 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10817,6 +10817,80 @@ static void build_lrouter_flows_gw_redirect_od( } } +static void build_lrouter_flows_arp_request_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + /* Local router ingress table ARP_REQUEST: ARP request. + * + * In the common case where the Ethernet destination has been resolved, + * this table outputs the packet (priority 0). Otherwise, it composes + * and sends an ARP/IPv6 NA request (priority 100). */ + + if (od->nbr) { + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + for (int i = 0; i < od->nbr->n_static_routes; i++) { + const struct nbrec_logical_router_static_route *route; + + route = od->nbr->static_routes[i]; + struct in6_addr gw_ip6; + unsigned int plen; + char *error = ipv6_parse_cidr(route->nexthop, &gw_ip6, &plen); + if (error || plen != 128) { + free(error); + continue; + } + + ds_clear(&match); + ds_put_format(&match, "eth.dst == 00:00:00:00:00:00 && " + "ip6 && " REG_NEXT_HOP_IPV6 " == %s", + route->nexthop); + struct in6_addr sn_addr; + struct eth_addr eth_dst; + in6_addr_solicited_node(&sn_addr, &gw_ip6); + ipv6_multicast_to_ethernet(ð_dst, &sn_addr); + + char sn_addr_s[INET6_ADDRSTRLEN + 1]; + ipv6_string_mapped(sn_addr_s, &sn_addr); + + ds_clear(&actions); + ds_put_format(&actions, + "nd_ns { " + "eth.dst = "ETH_ADDR_FMT"; " + "ip6.dst = %s; " + "nd.target = %s; " + "output; " + "};", ETH_ADDR_ARGS(eth_dst), sn_addr_s, + route->nexthop); + + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_REQUEST, 200, + ds_cstr(&match), ds_cstr(&actions), + &route->header_); + } + + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, + "eth.dst == 00:00:00:00:00:00 && ip4", + "arp { " + "eth.dst = ff:ff:ff:ff:ff:ff; " + "arp.spa = " REG_SRC_IPV4 "; " + "arp.tpa = " REG_NEXT_HOP_IPV4 "; " + "arp.op = 1; " /* ARP request */ + "output; " + "};"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, + "eth.dst == 00:00:00:00:00:00 && ip6", + "nd_ns { " + "nd.target = " REG_NEXT_HOP_IPV6 "; " + "output; " + "};"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 0, "1", "output;"); + + ds_destroy(&match); + ds_destroy(&actions); + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10911,71 +10985,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_gw_redirect_od(od, lflows); } - /* Local router ingress table ARP_REQUEST: ARP request. - * - * In the common case where the Ethernet destination has been resolved, - * this table outputs the packet (priority 0). Otherwise, it composes - * and sends an ARP/IPv6 NA request (priority 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - for (int i = 0; i < od->nbr->n_static_routes; i++) { - const struct nbrec_logical_router_static_route *route; - - route = od->nbr->static_routes[i]; - struct in6_addr gw_ip6; - unsigned int plen; - char *error = ipv6_parse_cidr(route->nexthop, &gw_ip6, &plen); - if (error || plen != 128) { - free(error); - continue; - } - - ds_clear(&match); - ds_put_format(&match, "eth.dst == 00:00:00:00:00:00 && " - "ip6 && " REG_NEXT_HOP_IPV6 " == %s", - route->nexthop); - struct in6_addr sn_addr; - struct eth_addr eth_dst; - in6_addr_solicited_node(&sn_addr, &gw_ip6); - ipv6_multicast_to_ethernet(ð_dst, &sn_addr); - - char sn_addr_s[INET6_ADDRSTRLEN + 1]; - ipv6_string_mapped(sn_addr_s, &sn_addr); - - ds_clear(&actions); - ds_put_format(&actions, - "nd_ns { " - "eth.dst = "ETH_ADDR_FMT"; " - "ip6.dst = %s; " - "nd.target = %s; " - "output; " - "};", ETH_ADDR_ARGS(eth_dst), sn_addr_s, - route->nexthop); - - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_REQUEST, 200, - ds_cstr(&match), ds_cstr(&actions), - &route->header_); - } - - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, - "eth.dst == 00:00:00:00:00:00 && ip4", - "arp { " - "eth.dst = ff:ff:ff:ff:ff:ff; " - "arp.spa = " REG_SRC_IPV4 "; " - "arp.tpa = " REG_NEXT_HOP_IPV4 "; " - "arp.op = 1; " /* ARP request */ - "output; " - "};"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, - "eth.dst == 00:00:00:00:00:00 && ip6", - "nd_ns { " - "nd.target = " REG_NEXT_HOP_IPV6 "; " - "output; " - "};"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 0, "1", "output;"); + build_lrouter_flows_arp_request_od(od, lflows); } /* Logical router egress table DELIVERY: Delivery (priority 100-110). From patchwork Wed Sep 2 14:59:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355872 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyQ2XbYz9sRK for ; Thu, 3 Sep 2020 01:03:10 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 80C018722B; Wed, 2 Sep 2020 15:03:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sxMcIvX9VWC4; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id BE8AD871E3; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 95BCEC0893; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2B7B4C0051 for ; Wed, 2 Sep 2020 15:03:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 22D2287201 for ; Wed, 2 Sep 2020 15:03:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1dxe-ccg4HG for ; Wed, 2 Sep 2020 15:03:04 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id CD2CE871C1 for ; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHt-0000t4-Cu; Wed, 02 Sep 2020 15:03:01 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFD-0006lF-Tj; Wed, 02 Sep 2020 16:00:17 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:39 +0100 Message-Id: <20200902145950.25875-13-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 13/24] Finalise migration of build_lrouter_flows to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 103 +++++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 50 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 5a6d7bcbc..440b12235 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10891,6 +10891,56 @@ static void build_lrouter_flows_arp_request_od( } } +static void build_lrouter_flows_delivery_op( + struct ovn_port *op, struct hmap *lflows) +{ + /* Logical router egress table DELIVERY: Delivery (priority 100-110). + * + * Priority 100 rules deliver packets to enabled logical ports. + * Priority 110 rules match multicast packets and update the source + * mac before delivering to enabled logical ports. IP multicast traffic + * bypasses S_ROUTER_IN_IP_ROUTING route lookups. + */ + if (!op->nbrp) { + return; + } + if (!lrport_is_enabled(op->nbrp)) { + /* Drop packets to disabled logical ports (since logical flow + * tables are default-drop). */ + return; + } + if (!op->derived) { + /* No egress packets should be processed in the context of + * a chassisredirect port. The chassisredirect port should + * be replaced by the l3dgw port in the local output + * pipeline stage before egress processing. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + if (op->od->mcast_info.rtr.relay) { + + /* If multicast relay is enabled then also adjust source mac for IP + * multicast traffic. + */ + ds_clear(&match); + ds_clear(&actions); + ds_put_format(&match, "(ip4.mcast || ip6.mcast) && outport == %s", + op->json_key); + ds_put_format(&actions, "eth.src = %s; output;", + op->lrp_networks.ea_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 110, + ds_cstr(&match), ds_cstr(&actions)); + } + + ds_clear(&match); + ds_put_format(&match, "outport == %s", op->json_key); + ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100, + ds_cstr(&match), "output;"); + ds_destroy(&match); + ds_destroy(&actions); + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10899,15 +10949,13 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, /* This flow table structure is documented in ovn-northd(8), so please * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - struct ovn_datapath *od; + struct ovn_port *op; + HMAP_FOR_EACH (od, key_node, datapaths) { build_lrouter_flows_ingress_table_0_od(od, lflows); } - struct ovn_port *op; HMAP_FOR_EACH (op, key_node, ports) { build_lrouter_flows_ingress_table_0_op(op, lflows); } @@ -10989,54 +11037,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_arp_request_od(od, lflows); } - /* Logical router egress table DELIVERY: Delivery (priority 100-110). - * - * Priority 100 rules deliver packets to enabled logical ports. - * Priority 110 rules match multicast packets and update the source - * mac before delivering to enabled logical ports. IP multicast traffic - * bypasses S_ROUTER_IN_IP_ROUTING route lookups. - */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } - - if (!lrport_is_enabled(op->nbrp)) { - /* Drop packets to disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } - - if (op->derived) { - /* No egress packets should be processed in the context of - * a chassisredirect port. The chassisredirect port should - * be replaced by the l3dgw port in the local output - * pipeline stage before egress processing. */ - continue; - } - - /* If multicast relay is enabled then also adjust source mac for IP - * multicast traffic. - */ - if (op->od->mcast_info.rtr.relay) { - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "(ip4.mcast || ip6.mcast) && outport == %s", - op->json_key); - ds_put_format(&actions, "eth.src = %s; output;", - op->lrp_networks.ea_s); - ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 110, - ds_cstr(&match), ds_cstr(&actions)); - } - - ds_clear(&match); - ds_put_format(&match, "outport == %s", op->json_key); - ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100, - ds_cstr(&match), "output;"); + build_lrouter_flows_delivery_op(op, lflows); } - - ds_destroy(&match); - ds_destroy(&actions); } /* Updates the Logical_Flow and Multicast_Group tables in the OVN_SB database, From patchwork Wed Sep 2 14:59:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355874 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyX4QJWz9sTv for ; Thu, 3 Sep 2020 01:03:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2B09A86A97; Wed, 2 Sep 2020 15:03:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1ZRGc4M2pCe; Wed, 2 Sep 2020 15:03:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id AB11886A0E; Wed, 2 Sep 2020 15:03:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9F563C0890; Wed, 2 Sep 2020 15:03:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8ACA9C0051 for ; Wed, 2 Sep 2020 15:03:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 173048723E for ; Wed, 2 Sep 2020 15:03:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8eZHZjbKbn1 for ; Wed, 2 Sep 2020 15:03:07 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 7F13687227 for ; Wed, 2 Sep 2020 15:03:07 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHy-0000tO-44; Wed, 02 Sep 2020 15:03:06 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFF-0006lF-Li; Wed, 02 Sep 2020 16:00:19 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:40 +0100 Message-Id: <20200902145950.25875-14-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 14/24] Pull tables 3-10 ingress and 0-7 egress into a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 440b12235..455258dfd 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6597,6 +6597,25 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, ds_destroy(&match); } +static void +build_lswitch_flows_pre_acl_and_acl_od( + struct ovn_datapath *od, struct hmap *lflows, + struct shash *meter_groups, struct hmap *lbs, + struct hmap *port_groups) +{ + /* Build pre-ACL and ACL tables for both ingress and egress. + * Ingress tables 3 through 10. Egress tables 0 through 7. */ + if (od->nbs) { + build_pre_acls(od, lflows); + build_pre_lb(od, lflows, meter_groups, lbs); + build_pre_stateful(od, lflows); + build_acls(od, lflows, port_groups); + build_qos(od, lflows); + build_lb(od, lflows); + build_stateful(od, lflows, lbs); + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6610,21 +6629,10 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; - /* Build pre-ACL and ACL tables for both ingress and egress. - * Ingress tables 3 through 10. Egress tables 0 through 7. */ struct ovn_datapath *od; HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - build_pre_acls(od, lflows); - build_pre_lb(od, lflows, meter_groups, lbs); - build_pre_stateful(od, lflows); - build_acls(od, lflows, port_groups); - build_qos(od, lflows); - build_lb(od, lflows); - build_stateful(od, lflows, lbs); + build_lswitch_flows_pre_acl_and_acl_od( + od, lflows, meter_groups, lbs, port_groups); } /* Build logical flows for the forwarding groups */ From patchwork Wed Sep 2 14:59:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355880 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRz00bqdz9sRK for ; Thu, 3 Sep 2020 01:03:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 870428691E; Wed, 2 Sep 2020 15:03:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqx+EDT6-lve; Wed, 2 Sep 2020 15:03:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 71B848694F; Wed, 2 Sep 2020 15:03:22 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 56D5CC08A6; Wed, 2 Sep 2020 15:03:22 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8B601C0890 for ; Wed, 2 Sep 2020 15:03:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 12EA2872AB for ; Wed, 2 Sep 2020 15:03:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2JKY8aY2xs3j for ; Wed, 2 Sep 2020 15:03:15 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id B63A1872A0 for ; Wed, 2 Sep 2020 15:03:13 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUI4-0000tn-Bf; Wed, 02 Sep 2020 15:03:12 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFH-0006lF-Bn; Wed, 02 Sep 2020 16:00:21 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:41 +0100 Message-Id: <20200902145950.25875-15-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 15/24] Pull forwarding groups and admission control to separate functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 54 +++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 455258dfd..ce0647fe9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6616,6 +6616,36 @@ build_lswitch_flows_pre_acl_and_acl_od( } } +static void +build_lswitch_flows_forwarding_groups(struct ovn_datapath *od, struct hmap *lflows) +{ + /* Build logical flows for the forwarding groups */ + if (!od->nbs || !od->nbs->n_forwarding_groups) { + return; + } + build_fwd_group_lflows(od, lflows); +} + +static void +build_lswitch_flows_admission_control(struct ovn_datapath *od, struct hmap *lflows) +{ + + /* Logical switch ingress table 0: Admission control framework (priority + * 100). */ + if (od->nbs) { + /* Logical VLANs not supported. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", + "drop;"); + + /* Broadcast/multicast source address is invalid. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", + "drop;"); + + /* Port security flows have priority 50 (see below) and will continue + * to the next table if packet source is acceptable. */ + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6635,32 +6665,12 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, od, lflows, meter_groups, lbs, port_groups); } - /* Build logical flows for the forwarding groups */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs || !od->nbs->n_forwarding_groups) { - continue; - } - - build_fwd_group_lflows(od, lflows); + build_lswitch_flows_forwarding_groups(od, lflows); } - /* Logical switch ingress table 0: Admission control framework (priority - * 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - /* Logical VLANs not supported. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", - "drop;"); - - /* Broadcast/multicast source address is invalid. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", - "drop;"); - - /* Port security flows have priority 50 (see below) and will continue - * to the next table if packet source is acceptable. */ + build_lswitch_flows_admission_control(od, lflows); } build_lswitch_input_port_sec(ports, datapaths, lflows); From patchwork Wed Sep 2 14:59:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355878 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyj0VBYz9sTv for ; Thu, 3 Sep 2020 01:03:24 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 51B7086A39; Wed, 2 Sep 2020 15:03:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqm-XjJJgUe5; Wed, 2 Sep 2020 15:03:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id E35CA869FE; Wed, 2 Sep 2020 15:03:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9EC16C0890; Wed, 2 Sep 2020 15:03:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9C169C0052 for ; Wed, 2 Sep 2020 15:03:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 97CD186A10 for ; Wed, 2 Sep 2020 15:03:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa7zrvTd-RLS for ; Wed, 2 Sep 2020 15:03:16 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 901288694A for ; Wed, 2 Sep 2020 15:03:12 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUI3-0000ti-57; Wed, 02 Sep 2020 15:03:11 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFJ-0006lF-2e; Wed, 02 Sep 2020 16:00:22 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:42 +0100 Message-Id: <20200902145950.25875-16-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 16/24] Split port security into two separate functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 94 +++++++++++++++++++++++---------------------- 1 file changed, 49 insertions(+), 45 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ce0647fe9..28b69ac54 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -4715,7 +4715,7 @@ has_stateful_acl(struct ovn_datapath *od) } static void -build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths, +build_lswitch_input_port_sec_op(struct ovn_port *op, struct hmap *lflows) { /* Logical switch ingress table 0: Ingress port security - L2 @@ -4723,61 +4723,58 @@ build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths, * Ingress table 1: Ingress port security - IP (priority 90 and 80) * Ingress table 2: Ingress port security - ND (priority 90 and 80) */ - struct ds actions = DS_EMPTY_INITIALIZER; - struct ds match = DS_EMPTY_INITIALIZER; - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } + if (!op->nbsp) { + return; + } - if (!lsp_is_enabled(op->nbsp)) { - /* Drop packets from disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } + if (!lsp_is_enabled(op->nbsp)) { + /* Drop packets from disabled logical ports (since logical flow + * tables are default-drop). */ + return; + } - if (lsp_is_external(op->nbsp)) { - continue; - } + if (lsp_is_external(op->nbsp)) { + return; + } - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "inport == %s", op->json_key); - build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, - &match); + struct ds actions = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; - const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); - if (queue_id) { - ds_put_format(&actions, "set_queue(%s); ", queue_id); - } - ds_put_cstr(&actions, "next;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, - ds_cstr(&match), ds_cstr(&actions), - &op->nbsp->header_); + ds_put_format(&match, "inport == %s", op->json_key); + build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, + &match); - if (op->nbsp->n_port_security) { - build_port_security_ip(P_IN, op, lflows, &op->nbsp->header_); - build_port_security_nd(op, lflows, &op->nbsp->header_); - } + const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); + if (queue_id) { + ds_put_format(&actions, "set_queue(%s); ", queue_id); } + ds_put_cstr(&actions, "next;"); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + if (op->nbsp->n_port_security) { + build_port_security_ip(P_IN, op, lflows, &op->nbsp->header_); + build_port_security_nd(op, lflows, &op->nbsp->header_); + } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lswitch_input_port_sec_od(struct ovn_datapath *od, + struct hmap *lflows) +{ /* Ingress table 1 and 2: Port security - IP and ND, by default * goto next. (priority 0) */ - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); + if (!od->nbs) { + return; } - ds_destroy(&match); - ds_destroy(&actions); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); } static void @@ -6660,6 +6657,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct ds actions = DS_EMPTY_INITIALIZER; struct ovn_datapath *od; + struct ovn_port *op; + HMAP_FOR_EACH (od, key_node, datapaths) { build_lswitch_flows_pre_acl_and_acl_od( od, lflows, meter_groups, lbs, port_groups); @@ -6673,12 +6672,17 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_flows_admission_control(od, lflows); } - build_lswitch_input_port_sec(ports, datapaths, lflows); + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_input_port_sec_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_input_port_sec_od(od, lflows); + } /* Ingress table 13: ARP/ND responder, skip requests coming from localnet * and vtep ports. (priority 100); see ovn-northd.8.xml for the * rationale. */ - struct ovn_port *op; HMAP_FOR_EACH (op, key_node, ports) { if (!op->nbsp) { continue; From patchwork Wed Sep 2 14:59:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355886 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhS383b32z9sVC for ; Thu, 3 Sep 2020 01:07:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C6CBB86489; Wed, 2 Sep 2020 15:07:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0VSQL1l+ceB; Wed, 2 Sep 2020 15:07:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id D2DE58692B; Wed, 2 Sep 2020 15:07:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B2A27C0890; Wed, 2 Sep 2020 15:07:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2A689C0052 for ; Wed, 2 Sep 2020 15:07:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 12D6E2E0DD for ; Wed, 2 Sep 2020 15:07:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6n1eqjx9KSbg for ; Wed, 2 Sep 2020 15:07:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id D61C72E14E for ; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUI0-0000tY-DP; Wed, 02 Sep 2020 15:03:08 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFK-0006lF-PU; Wed, 02 Sep 2020 16:00:24 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:43 +0100 Message-Id: <20200902145950.25875-17-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 17/24] Pull Table 13 Arp/ND responder to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 28b69ac54..a4549f5ef 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6643,6 +6643,27 @@ build_lswitch_flows_admission_control(struct ovn_datapath *od, struct hmap *lflo } } +static void +build_lswitch_flows_arp_nd_responder(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + + /* Ingress table 13: ARP/ND responder, skip requests coming from localnet + * and vtep ports. (priority 100); see ovn-northd.8.xml for the + * rationale. */ + if (op->nbsp) { + if ((!strcmp(op->nbsp->type, "localnet")) || + (!strcmp(op->nbsp->type, "vtep"))) { + ds_clear(&match); + ds_put_format(&match, "inport == %s", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(&match), "next;", + &op->nbsp->header_); + } + } + ds_destroy(&match); +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6680,22 +6701,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_input_port_sec_od(od, lflows); } - /* Ingress table 13: ARP/ND responder, skip requests coming from localnet - * and vtep ports. (priority 100); see ovn-northd.8.xml for the - * rationale. */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if ((!strcmp(op->nbsp->type, "localnet")) || - (!strcmp(op->nbsp->type, "vtep"))) { - ds_clear(&match); - ds_put_format(&match, "inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, - 100, ds_cstr(&match), "next;", - &op->nbsp->header_); - } + build_lswitch_flows_arp_nd_responder(op, lflows); } /* Ingress table 13: ARP/ND responder, reply for known IPs. From patchwork Wed Sep 2 14:59:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355889 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhS3Z2jSyz9sTR for ; Thu, 3 Sep 2020 01:07:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id B7CA786A24; Wed, 2 Sep 2020 15:07:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyCcIQKmIbhX; Wed, 2 Sep 2020 15:07:35 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id DCC258445E; Wed, 2 Sep 2020 15:07:35 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C7914C0890; Wed, 2 Sep 2020 15:07:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 472F8C0051 for ; Wed, 2 Sep 2020 15:07:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 3A6A02E13E for ; Wed, 2 Sep 2020 15:07:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0v6d06cSDgE for ; Wed, 2 Sep 2020 15:07:24 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 0DCDB2E16F for ; Wed, 2 Sep 2020 15:03:15 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUI5-0000ts-Ip; Wed, 02 Sep 2020 15:03:13 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFM-0006lF-Et; Wed, 02 Sep 2020 16:00:26 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:44 +0100 Message-Id: <20200902145950.25875-18-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 18/24] Pull out lswitch ARP/ND respond, known IPs into functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 119 +++++++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 51 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index a4549f5ef..973fc922a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6644,7 +6644,18 @@ build_lswitch_flows_admission_control(struct ovn_datapath *od, struct hmap *lflo } static void -build_lswitch_flows_arp_nd_responder(struct ovn_port *op, struct hmap *lflows) +build_lswitch_flows_arp_nd_responder_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + /* Ingress table 13: ARP/ND responder, by default goto next. + * (priority 0)*/ + if (od->nbs) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 0, "1", "next;"); + } +} + +static void +build_lswitch_flows_arp_nd_responder_op(struct ovn_port *op, struct hmap *lflows) { struct ds match = DS_EMPTY_INITIALIZER; @@ -6665,53 +6676,15 @@ build_lswitch_flows_arp_nd_responder(struct ovn_port *op, struct hmap *lflows) } static void -build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *port_groups, struct hmap *lflows, - struct hmap *mcgroups, struct hmap *igmp_groups, - struct shash *meter_groups, - struct hmap *lbs) +build_lswitch_flows_arp_nd_responder_known_ips_op( + struct ovn_port *op, struct hmap *lflows, struct hmap *ports) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; - struct ovn_datapath *od; - struct ovn_port *op; - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lswitch_flows_pre_acl_and_acl_od( - od, lflows, meter_groups, lbs, port_groups); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lswitch_flows_forwarding_groups(od, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lswitch_flows_admission_control(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lswitch_input_port_sec_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lswitch_input_port_sec_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lswitch_flows_arp_nd_responder(op, lflows); - } - /* Ingress table 13: ARP/ND responder, reply for known IPs. * (priority 50). */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - + if (op->nbsp) { if (!strcmp(op->nbsp->type, "virtual")) { /* Handle * - GARPs for virtual ip which belongs to a logical port @@ -6727,7 +6700,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, "virtual-parents"); if (!virtual_ip || !virtual_parents || !ip_parse(virtual_ip, &ip)) { - continue; + goto arp_nd_responder_known_ips_done; } char *tokstr = xstrdup(virtual_parents); @@ -6770,11 +6743,11 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, */ if (!lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") && strcmp(op->nbsp->type, "localport")) { - continue; + goto arp_nd_responder_known_ips_done; } if (lsp_is_external(op->nbsp) || op->has_unknown) { - continue; + goto arp_nd_responder_known_ips_done; } for (size_t i = 0; i < op->n_lsp_addrs; i++) { @@ -6866,15 +6839,59 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } } +arp_nd_responder_known_ips_done: + ds_destroy(&actions); + ds_destroy(&match); +} + +static void +build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *port_groups, struct hmap *lflows, + struct hmap *mcgroups, struct hmap *igmp_groups, + struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + struct ovn_port *op; - /* Ingress table 13: ARP/ND responder, by default goto next. - * (priority 0)*/ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } + build_lswitch_flows_pre_acl_and_acl_od( + od, lflows, meter_groups, lbs, port_groups); + } - ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 0, "1", "next;"); + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_flows_forwarding_groups(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_flows_admission_control(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_input_port_sec_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_input_port_sec_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_flows_arp_nd_responder_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_flows_arp_nd_responder_known_ips_op( + op, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_flows_arp_nd_responder_od(od, lflows); } /* Ingress table 13: ARP/ND responder for service monitor source ip. From patchwork Wed Sep 2 14:59:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355873 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyW3hzdz9sTR for ; Thu, 3 Sep 2020 01:03:15 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 4ED3D87294; Wed, 2 Sep 2020 15:03:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdqZPpb3hBAm; Wed, 2 Sep 2020 15:03:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id D9B9087265; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C3AFDC08A5; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 145FFC0893 for ; Wed, 2 Sep 2020 15:03:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id F0A9C86899 for ; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qRe+-uM3wnp for ; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 6196A8687B for ; Wed, 2 Sep 2020 15:03:06 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHw-0000tJ-Vq; Wed, 02 Sep 2020 15:03:05 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFO-0006lF-74; Wed, 02 Sep 2020 16:00:27 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:45 +0100 Message-Id: <20200902145950.25875-19-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 19/24] Pull DHCP Options into a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 98 ++++++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 46 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 973fc922a..9b96af9e1 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6844,6 +6844,57 @@ arp_nd_responder_known_ips_done: ds_destroy(&match); } +static void +build_lswitch_flows_dhcp_options_op( + struct ovn_port *op, struct hmap *lflows) +{ + /* Logical switch ingress table 14 and 15: DHCP options and response + * priority 100 flows. */ + if (!op->nbsp) { + return; + } + + if (!lsp_is_enabled(op->nbsp) || !strcmp(op->nbsp->type, "router")) { + /* Don't add the DHCP flows if the port is not enabled or if the + * port is a router port. */ + return; + } + + if (!op->nbsp->dhcpv4_options && !op->nbsp->dhcpv6_options) { + /* CMS has disabled both native DHCPv4 and DHCPv6 for this lport. + */ + return; + } + + bool is_external = lsp_is_external(op->nbsp); + if (is_external && (!op->od->n_localnet_ports || + !op->nbsp->ha_chassis_group)) { + /* If it's an external port and there are no localnet ports + * and if it doesn't belong to an HA chassis group ignore it. */ + return; + } + + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + if (is_external) { + for (size_t j = 0; j < op->od->n_localnet_ports; j++) { + build_dhcpv4_options_flows( + op, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external, + lflows); + build_dhcpv6_options_flows( + op, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external, + lflows); + } + } else { + build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op->json_key, + is_external, lflows); + build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op->json_key, + is_external, lflows); + } + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6935,53 +6986,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } - - /* Logical switch ingress table 14 and 15: DHCP options and response - * priority 100 flows. */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if (!lsp_is_enabled(op->nbsp) || !strcmp(op->nbsp->type, "router")) { - /* Don't add the DHCP flows if the port is not enabled or if the - * port is a router port. */ - continue; - } - - if (!op->nbsp->dhcpv4_options && !op->nbsp->dhcpv6_options) { - /* CMS has disabled both native DHCPv4 and DHCPv6 for this lport. - */ - continue; - } - - bool is_external = lsp_is_external(op->nbsp); - if (is_external && (!op->od->n_localnet_ports || - !op->nbsp->ha_chassis_group)) { - /* If it's an external port and there are no localnet ports - * and if it doesn't belong to an HA chassis group ignore it. */ - continue; - } - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - if (is_external) { - for (size_t j = 0; j < op->od->n_localnet_ports; j++) { - build_dhcpv4_options_flows( - op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, - lflows); - build_dhcpv6_options_flows( - op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, - lflows); - } - } else { - build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op->json_key, - is_external, lflows); - build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op->json_key, - is_external, lflows); - } - } + build_lswitch_flows_dhcp_options_op(op, lflows); } /* Logical switch ingress table 17 and 18: DNS lookup and response From patchwork Wed Sep 2 14:59:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355884 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhS2L1JjYz9sRK for ; Thu, 3 Sep 2020 01:06:34 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id AEA2886990; Wed, 2 Sep 2020 15:06:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qm0CENK295x6; Wed, 2 Sep 2020 15:06:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 16C5F8697D; Wed, 2 Sep 2020 15:06:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0A35EC0052; Wed, 2 Sep 2020 15:06:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 763BDC0051 for ; Wed, 2 Sep 2020 15:06:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 37DEC23100 for ; Wed, 2 Sep 2020 15:06:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PzSE703DNxAg for ; Wed, 2 Sep 2020 15:06:21 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 5BCB12D002 for ; Wed, 2 Sep 2020 15:03:00 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHq-0000su-TV; Wed, 02 Sep 2020 15:02:59 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFP-0006lF-Uz; Wed, 02 Sep 2020 16:00:29 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:46 +0100 Message-Id: <20200902145950.25875-20-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 20/24] Pull DNS lookup and response to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 67 +++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 29 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 9b96af9e1..46d56c4d2 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6895,6 +6895,43 @@ build_lswitch_flows_dhcp_options_op( } } +static void +build_lswitch_flows_dns_lookup_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + /* Logical switch ingress table 17 and 18: DNS lookup and response + * priority 100 flows. + */ + if (!od->nbs || !ls_has_dns_records(od->nbs)) { + return; + } + + struct ds action = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + + ds_clear(&match); + ds_put_cstr(&match, "udp.dst == 53"); + ds_put_format(&action, + REGBIT_DNS_LOOKUP_RESULT" = dns_lookup(); next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 100, + ds_cstr(&match), ds_cstr(&action)); + ds_clear(&action); + ds_put_cstr(&match, " && "REGBIT_DNS_LOOKUP_RESULT); + ds_put_format(&action, "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " + "udp.dst = udp.src; udp.src = 53; outport = inport; " + "flags.loopback = 1; output;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, + ds_cstr(&match), ds_cstr(&action)); + ds_clear(&action); + ds_put_format(&action, "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " + "udp.dst = udp.src; udp.src = 53; outport = inport; " + "flags.loopback = 1; output;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, + ds_cstr(&match), ds_cstr(&action)); + ds_destroy(&action); + ds_destroy(&match); +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6990,36 +7027,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_flows_dhcp_options_op(op, lflows); } - /* Logical switch ingress table 17 and 18: DNS lookup and response - * priority 100 flows. - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs || !ls_has_dns_records(od->nbs)) { - continue; - } - - struct ds action = DS_EMPTY_INITIALIZER; - - ds_clear(&match); - ds_put_cstr(&match, "udp.dst == 53"); - ds_put_format(&action, - REGBIT_DNS_LOOKUP_RESULT" = dns_lookup(); next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 100, - ds_cstr(&match), ds_cstr(&action)); - ds_clear(&action); - ds_put_cstr(&match, " && "REGBIT_DNS_LOOKUP_RESULT); - ds_put_format(&action, "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " - "udp.dst = udp.src; udp.src = 53; outport = inport; " - "flags.loopback = 1; output;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, - ds_cstr(&match), ds_cstr(&action)); - ds_clear(&action); - ds_put_format(&action, "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " - "udp.dst = udp.src; udp.src = 53; outport = inport; " - "flags.loopback = 1; output;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, - ds_cstr(&match), ds_cstr(&action)); - ds_destroy(&action); + build_lswitch_flows_dns_lookup_od(od, lflows); } /* Ingress table 14 and 15: DHCP options and response, by default goto From patchwork Wed Sep 2 14:59:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355900 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhSBd4KtZz9sRK for ; Thu, 3 Sep 2020 01:13:45 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 9B8E723120; Wed, 2 Sep 2020 15:13:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbmD8OMm-v-W; Wed, 2 Sep 2020 15:13:34 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id CCCAF2E0F2; Wed, 2 Sep 2020 15:06:52 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B22E0C0052; Wed, 2 Sep 2020 15:06:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id C644AC0052 for ; Wed, 2 Sep 2020 15:06:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 944AA2DFF8 for ; Wed, 2 Sep 2020 15:06:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrE8SPHYuXtI for ; Wed, 2 Sep 2020 15:06:45 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 077F02E112 for ; Wed, 2 Sep 2020 15:03:03 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHu-0000t9-Jx; Wed, 02 Sep 2020 15:03:02 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFR-0006lF-NB; Wed, 02 Sep 2020 16:00:31 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:47 +0100 Message-Id: <20200902145950.25875-21-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 21/24] Pull DNS response defaults into a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 46d56c4d2..5ce33090d 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6932,6 +6932,25 @@ build_lswitch_flows_dns_lookup_od( ds_destroy(&match); } +static void +build_lswitch_flows_dns_response_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + /* Ingress table 14 and 15: DHCP options and response, by default goto + * next. (priority 0). + * Ingress table 16 and 17: DNS lookup and response, by default goto next. + * (priority 0). + * Ingress table 18 - External port handling, by default goto next. + * (priority 0). */ + if (od->nbs) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_OPTIONS, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_EXTERNAL_PORT, 0, "1", "next;"); + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -7031,23 +7050,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_flows_dns_lookup_od(od, lflows); } - /* Ingress table 14 and 15: DHCP options and response, by default goto - * next. (priority 0). - * Ingress table 16 and 17: DNS lookup and response, by default goto next. - * (priority 0). - * Ingress table 18 - External port handling, by default goto next. - * (priority 0). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_OPTIONS, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_EXTERNAL_PORT, 0, "1", "next;"); + build_lswitch_flows_dns_response_od(od, lflows); } HMAP_FOR_EACH (op, key_node, ports) { From patchwork Wed Sep 2 14:59:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355876 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyc3D4Vz9sRK for ; Thu, 3 Sep 2020 01:03:20 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id C885D86A4A; Wed, 2 Sep 2020 15:03:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3r2DJWovhelE; Wed, 2 Sep 2020 15:03:16 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id B105E86A63; Wed, 2 Sep 2020 15:03:12 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7A48EC0893; Wed, 2 Sep 2020 15:03:12 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 70548C0052 for ; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 361E98724C for ; Wed, 2 Sep 2020 15:03:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QH239rFfEYDx for ; Wed, 2 Sep 2020 15:03:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 9A80287236 for ; Wed, 2 Sep 2020 15:03:08 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHz-0000tT-7e; Wed, 02 Sep 2020 15:03:07 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFT-0006lF-E5; Wed, 02 Sep 2020 16:00:33 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:48 +0100 Message-Id: <20200902145950.25875-22-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 22/24] Pull external port ARP responses into a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 5ce33090d..4c50a844b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6951,6 +6951,24 @@ build_lswitch_flows_dns_response_od( } } +static void +build_lswitch_flows_arp_response_op( + struct ovn_port *op, struct hmap *lflows) +{ + if (!op->nbsp || !lsp_is_external(op->nbsp)) { + return; + } + + /* Table 18: External port. Drop ARP request for router ips from + * external ports on chassis not binding those ports. + * This makes the router pipeline to be run only on the chassis + * binding the external ports. */ + for (size_t i = 0; i < op->od->n_localnet_ports; i++) { + build_drop_arp_nd_flows_for_unbound_router_ports( + op, op->od->localnet_ports[i], lflows); + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -7055,18 +7073,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || !lsp_is_external(op->nbsp)) { - continue; - } - - /* Table 18: External port. Drop ARP request for router ips from - * external ports on chassis not binding those ports. - * This makes the router pipeline to be run only on the chassis - * binding the external ports. */ - for (size_t i = 0; i < op->od->n_localnet_ports; i++) { - build_drop_arp_nd_flows_for_unbound_router_ports( - op, op->od->localnet_ports[i], lflows); - } + build_lswitch_flows_arp_response_op(op, lflows); } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); From patchwork Wed Sep 2 14:59:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355870 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyH4Ybqz9sRK for ; Thu, 3 Sep 2020 01:03:03 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2A3B78693F; Wed, 2 Sep 2020 15:03:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LB_rKJvsi-A2; Wed, 2 Sep 2020 15:03:01 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3248586946; Wed, 2 Sep 2020 15:03:01 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 19F5CC0052; Wed, 2 Sep 2020 15:03:01 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id E56CEC0051 for ; Wed, 2 Sep 2020 15:02:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id D4C13871D1 for ; Wed, 2 Sep 2020 15:02:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mWLYkzldOM1s for ; Wed, 2 Sep 2020 15:02:59 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 2BBB2871C1 for ; Wed, 2 Sep 2020 15:02:59 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUHp-0000sp-Lw; Wed, 02 Sep 2020 15:02:57 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFV-0006lF-5I; Wed, 02 Sep 2020 16:00:35 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:49 +0100 Message-Id: <20200902145950.25875-23-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 23/24] Pull out multicast flows from IGMP into a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 166 +++++++++++++++++++++++--------------------- 1 file changed, 88 insertions(+), 78 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4c50a844b..0b0070856 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6969,6 +6969,93 @@ build_lswitch_flows_arp_response_op( } } +static void +build_lswitch_flows_mcast_from_igmp_od( + struct ovn_datapath *od, + struct hmap *lflows, char *svc_check_match) +{ + /* Ingress table 19: Destination lookup, broadcast and multicast handling + * (priority 70 - 100). */ + struct ds actions = DS_EMPTY_INITIALIZER; + + if (od->nbs) { + + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, svc_check_match, + "handle_svc_check(inport);"); + + struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; + + if (mcast_sw_info->enabled) { + ds_clear(&actions); + if (mcast_sw_info->flood_reports) { + ds_put_cstr(&actions, + "clone { " + "outport = \""MC_MROUTER_STATIC"\"; " + "output; " + "};"); + } + ds_put_cstr(&actions, "igmp;"); + /* Punt IGMP traffic to controller. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, + "ip4 && ip.proto == 2", ds_cstr(&actions)); + + /* Punt MLD traffic to controller. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, + "mldv1 || mldv2", ds_cstr(&actions)); + + /* Flood all IP multicast traffic destined to 224.0.0.X to all + * ports - RFC 4541, section 2.1.2, item 2. + */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, + "ip4.mcast && ip4.dst == 224.0.0.0/24", + "outport = \""MC_FLOOD"\"; output;"); + + /* Flood all IPv6 multicast traffic destined to reserved + * multicast IPs (RFC 4291, 2.7.1). + */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, + "ip6.mcast_flood", + "outport = \""MC_FLOOD"\"; output;"); + + /* Forward uregistered IP multicast to routers with relay enabled + * and to any ports configured to flood IP multicast traffic. + * If configured to flood unregistered traffic this will be + * handled by the L2 multicast flow. + */ + if (!mcast_sw_info->flood_unregistered) { + ds_clear(&actions); + + if (mcast_sw_info->flood_relay) { + ds_put_cstr(&actions, + "clone { " + "outport = \""MC_MROUTER_FLOOD"\"; " + "output; " + "}; "); + } + + if (mcast_sw_info->flood_static) { + ds_put_cstr(&actions, "outport =\""MC_STATIC"\"; output;"); + } + + /* Explicitly drop the traffic if relay or static flooding + * is not configured. + */ + if (!mcast_sw_info->flood_relay && + !mcast_sw_info->flood_static) { + ds_put_cstr(&actions, "drop;"); + } + + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80, + "ip4.mcast || ip6.mcast", ds_cstr(&actions)); + } + } + + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast", + "outport = \""MC_FLOOD"\"; output;"); + } + ds_destroy(&actions); +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -7077,85 +7164,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); - /* Ingress table 19: Destination lookup, broadcast and multicast handling - * (priority 70 - 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, svc_check_match, - "handle_svc_check(inport);"); - - struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; - - if (mcast_sw_info->enabled) { - ds_clear(&actions); - if (mcast_sw_info->flood_reports) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_MROUTER_STATIC"\"; " - "output; " - "};"); - } - ds_put_cstr(&actions, "igmp;"); - /* Punt IGMP traffic to controller. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, - "ip4 && ip.proto == 2", ds_cstr(&actions)); - - /* Punt MLD traffic to controller. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, - "mldv1 || mldv2", ds_cstr(&actions)); - - /* Flood all IP multicast traffic destined to 224.0.0.X to all - * ports - RFC 4541, section 2.1.2, item 2. - */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, - "ip4.mcast && ip4.dst == 224.0.0.0/24", - "outport = \""MC_FLOOD"\"; output;"); - - /* Flood all IPv6 multicast traffic destined to reserved - * multicast IPs (RFC 4291, 2.7.1). - */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, - "ip6.mcast_flood", - "outport = \""MC_FLOOD"\"; output;"); - - /* Forward uregistered IP multicast to routers with relay enabled - * and to any ports configured to flood IP multicast traffic. - * If configured to flood unregistered traffic this will be - * handled by the L2 multicast flow. - */ - if (!mcast_sw_info->flood_unregistered) { - ds_clear(&actions); - - if (mcast_sw_info->flood_relay) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_MROUTER_FLOOD"\"; " - "output; " - "}; "); - } - - if (mcast_sw_info->flood_static) { - ds_put_cstr(&actions, "outport =\""MC_STATIC"\"; output;"); - } - - /* Explicitly drop the traffic if relay or static flooding - * is not configured. - */ - if (!mcast_sw_info->flood_relay && - !mcast_sw_info->flood_static) { - ds_put_cstr(&actions, "drop;"); - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80, - "ip4.mcast || ip6.mcast", ds_cstr(&actions)); - } - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast", - "outport = \""MC_FLOOD"\"; output;"); + build_lswitch_flows_mcast_from_igmp_od(od, lflows, svc_check_match); } free(svc_check_match); From patchwork Wed Sep 2 14:59:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1355879 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BhRyt14TXz9sRK for ; Thu, 3 Sep 2020 01:03:34 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6883B8697B; Wed, 2 Sep 2020 15:03:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CR0i2ox+fxjg; Wed, 2 Sep 2020 15:03:24 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 9AB8386904; Wed, 2 Sep 2020 15:03:19 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 71EE4C0890; Wed, 2 Sep 2020 15:03:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 84B03C0051 for ; Wed, 2 Sep 2020 15:03:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 4C380872BF for ; Wed, 2 Sep 2020 15:03:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZP-97sK22gm for ; Wed, 2 Sep 2020 15:03:14 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 5932287284 for ; Wed, 2 Sep 2020 15:03:11 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kDUI1-0000td-ON; Wed, 02 Sep 2020 15:03:10 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kDUFX-0006lF-1V; Wed, 02 Sep 2020 16:00:36 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 2 Sep 2020 15:59:50 +0100 Message-Id: <20200902145950.25875-24-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> References: <20200902145950.25875-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v4 24/24] Pull out Destination lookup, broadcast and multicast handling X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 277 +++++++++++++++++++++++--------------------- 1 file changed, 145 insertions(+), 132 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 0b0070856..5490e8e84 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7056,6 +7056,149 @@ build_lswitch_flows_mcast_from_igmp_od( ds_destroy(&actions); } +static void +build_lswitch_flows_destination_lookup_unicast_op( + struct ovn_port *op, struct hmap *lflows, struct hmap *mcgroups) +{ + /* Ingress table 19: Destination lookup, unicast handling (priority 50), */ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + if (op->nbsp && (!lsp_is_external(op->nbsp))) { + + /* For ports connected to logical routers add flows to bypass the + * broadcast flooding of ARP/ND requests in table 19. We direct the + * requests only to the router port that owns the IP address. + */ + if (!strcmp(op->nbsp->type, "router")) { + build_lswitch_rport_arp_req_flows(op->peer, op->od, op, lflows, + &op->nbsp->header_); + } + + for (size_t i = 0; i < op->nbsp->n_addresses; i++) { + /* Addresses are owned by the logical port. + * Ethernet address followed by zero or more IPv4 + * or IPv6 addresses (or both). */ + struct eth_addr mac; + if (ovs_scan(op->nbsp->addresses[i], + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + ds_clear(&match); + ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, + 50, ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); + } else if (!strcmp(op->nbsp->addresses[i], "unknown")) { + if (lsp_is_enabled(op->nbsp)) { + ovn_multicast_add(mcgroups, &mc_unknown, op); + op->od->has_unknown = true; + } + } else if (is_dynamic_lsp_address(op->nbsp->addresses[i])) { + if (!op->nbsp->dynamic_addresses + || !ovs_scan(op->nbsp->dynamic_addresses, + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + continue; + } + ds_clear(&match); + ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, + 50, ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); + } else if (!strcmp(op->nbsp->addresses[i], "router")) { + if (!op->peer || !op->peer->nbrp + || !ovs_scan(op->peer->nbrp->mac, + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + continue; + } + ds_clear(&match); + ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + if (op->peer->od->l3dgw_port + && op->peer->od->l3redirect_port + && op->od->n_localnet_ports) { + bool add_chassis_resident_check = false; + if (op->peer == op->peer->od->l3dgw_port) { + /* The peer of this port represents a distributed + * gateway port. The destination lookup flow for the + * router's distributed gateway port MAC address should + * only be programmed on the "redirect-chassis". */ + add_chassis_resident_check = true; + } else { + /* Check if the option 'reside-on-redirect-chassis' + * is set to true on the peer port. If set to true + * and if the logical switch has a localnet port, it + * means the router pipeline for the packets from + * this logical switch should be run on the chassis + * hosting the gateway port. + */ + add_chassis_resident_check = smap_get_bool( + &op->peer->nbrp->options, + "reside-on-redirect-chassis", false); + } + + if (add_chassis_resident_check) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->peer->od->l3redirect_port->json_key); + } + } + + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + + /* Add ethernet addresses specified in NAT rules on + * distributed logical routers. */ + if (op->peer->od->l3dgw_port + && op->peer == op->peer->od->l3dgw_port) { + for (int j = 0; j < op->peer->od->nbr->n_nat; j++) { + const struct nbrec_nat *nat + = op->peer->od->nbr->nat[j]; + if (!strcmp(nat->type, "dnat_and_snat") + && nat->logical_port && nat->external_mac + && eth_addr_from_string(nat->external_mac, &mac)) { + + ds_clear(&match); + ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT + " && is_chassis_resident(\"%s\")", + ETH_ADDR_ARGS(mac), + nat->logical_port); + + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; output;", + op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); + } + } + } + } else { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + + VLOG_INFO_RL(&rl, + "%s: invalid syntax '%s' in addresses column", + op->nbsp->name, op->nbsp->addresses[i]); + } + } + } + + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -7239,138 +7382,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, /* Ingress table 19: Destination lookup, unicast handling (priority 50), */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || lsp_is_external(op->nbsp)) { - continue; - } - - /* For ports connected to logical routers add flows to bypass the - * broadcast flooding of ARP/ND requests in table 19. We direct the - * requests only to the router port that owns the IP address. - */ - if (!strcmp(op->nbsp->type, "router")) { - build_lswitch_rport_arp_req_flows(op->peer, op->od, op, lflows, - &op->nbsp->header_); - } - - for (size_t i = 0; i < op->nbsp->n_addresses; i++) { - /* Addresses are owned by the logical port. - * Ethernet address followed by zero or more IPv4 - * or IPv6 addresses (or both). */ - struct eth_addr mac; - if (ovs_scan(op->nbsp->addresses[i], - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, - 50, ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } else if (!strcmp(op->nbsp->addresses[i], "unknown")) { - if (lsp_is_enabled(op->nbsp)) { - ovn_multicast_add(mcgroups, &mc_unknown, op); - op->od->has_unknown = true; - } - } else if (is_dynamic_lsp_address(op->nbsp->addresses[i])) { - if (!op->nbsp->dynamic_addresses - || !ovs_scan(op->nbsp->dynamic_addresses, - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, - 50, ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } else if (!strcmp(op->nbsp->addresses[i], "router")) { - if (!op->peer || !op->peer->nbrp - || !ovs_scan(op->peer->nbrp->mac, - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - if (op->peer->od->l3dgw_port - && op->peer->od->l3redirect_port - && op->od->n_localnet_ports) { - bool add_chassis_resident_check = false; - if (op->peer == op->peer->od->l3dgw_port) { - /* The peer of this port represents a distributed - * gateway port. The destination lookup flow for the - * router's distributed gateway port MAC address should - * only be programmed on the "redirect-chassis". */ - add_chassis_resident_check = true; - } else { - /* Check if the option 'reside-on-redirect-chassis' - * is set to true on the peer port. If set to true - * and if the logical switch has a localnet port, it - * means the router pipeline for the packets from - * this logical switch should be run on the chassis - * hosting the gateway port. - */ - add_chassis_resident_check = smap_get_bool( - &op->peer->nbrp->options, - "reside-on-redirect-chassis", false); - } - - if (add_chassis_resident_check) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->peer->od->l3redirect_port->json_key); - } - } - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&match), ds_cstr(&actions), - &op->nbsp->header_); - - /* Add ethernet addresses specified in NAT rules on - * distributed logical routers. */ - if (op->peer->od->l3dgw_port - && op->peer == op->peer->od->l3dgw_port) { - for (int j = 0; j < op->peer->od->nbr->n_nat; j++) { - const struct nbrec_nat *nat - = op->peer->od->nbr->nat[j]; - if (!strcmp(nat->type, "dnat_and_snat") - && nat->logical_port && nat->external_mac - && eth_addr_from_string(nat->external_mac, &mac)) { - - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT - " && is_chassis_resident(\"%s\")", - ETH_ADDR_ARGS(mac), - nat->logical_port); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", - op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } - } - } - } else { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - - VLOG_INFO_RL(&rl, - "%s: invalid syntax '%s' in addresses column", - op->nbsp->name, op->nbsp->addresses[i]); - } - } + build_lswitch_flows_destination_lookup_unicast_op( + op, lflows, mcgroups); } /* Ingress table 19: Destination lookup for unknown MACs (priority 0). */