From patchwork Thu Aug 12 15:53:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516362 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrpr1pCdz9sX1 for ; Fri, 13 Aug 2021 01:54:28 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 578F440758; Thu, 12 Aug 2021 15:54:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gykD_8Mavlsq; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 40852400FA; Thu, 12 Aug 2021 15:54:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1382CC001D; Thu, 12 Aug 2021 15:54:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4C755C001A for ; Thu, 12 Aug 2021 15:54:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 24F6D405B4 for ; Thu, 12 Aug 2021 15:54:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_nC-GZd3Pxz for ; Thu, 12 Aug 2021 15:54:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp4.osuosl.org (Postfix) with ESMTPS id 4E5FC4042F for ; Thu, 12 Aug 2021 15:54:13 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id ABD96100004; Thu, 12 Aug 2021 15:54:09 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:52 -0700 Message-Id: <20210812155358.3141517-2-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 1/7] ovn-northd-ddlog: Merge TaggedFLow and MeteredFlow into Flow. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff The layers here were getting a little complicated. With the benchmark described at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html this reduces memory consumption from 115 GB to 73 GB and elapsed time for cold start from 18:46 to 15:27. Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 2202 +++++++++++++++++++++++++----------------- 1 file changed, 1294 insertions(+), 908 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 9c5576d16..844add024 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -1636,59 +1636,16 @@ function mFF_N_LOG_REGS() : bit<32> = 10 * enables or disables this feature. */ -// A Flow including a 'controller_meter' column for metering. -// -// Most flows have an empty 'controller_meter' so we provide a Flow relation -// that provides it as empty without specifying it explicitly. -relation MeteredFlow( - logical_datapath: uuid, - stage: Stage, - priority: integer, - __match: string, - actions: string, - tags: Map, - controller_meter: Option, - external_ids: Map -) -MeteredFlow(logical_datapath, stage, priority, __match, actions, tags, None, external_ids) :- - TaggedFlow(logical_datapath, stage, priority, __match, actions, tags, external_ids). - relation Flow( logical_datapath: uuid, stage: Stage, priority: integer, __match: string, actions: string, - external_ids: Map -) - -relation FlowWithInOutPort(f: Flow, ioPort: string) - -relation TaggedFlow( - logical_datapath: uuid, - stage: Stage, - priority: integer, - __match: string, - actions: string, - tags: Map, - external_ids: Map + io_port: Option, + controller_meter: Option, + stage_hint: Option ) -TaggedFlow( - .logical_datapath = f.logical_datapath, - .stage = f.stage, - .priority = f.priority, - .__match = f.__match, - .actions = f.actions, - .tags = map_empty(), - .external_ids = f.external_ids) :- Flow[f]. -TaggedFlow( - .logical_datapath = f.logical_datapath, - .stage = f.stage, - .priority = f.priority, - .__match = f.__match, - .actions = f.actions, - .tags = [ "in_out_port" -> ioPort ], - .external_ids = f.external_ids) :- FlowWithInOutPort(f, ioPort). /* If this option is 'true' northd will combine logical flows that differ by * logical datapath only by creating a datapath group. */ @@ -1710,27 +1667,40 @@ relation AggregatedFlow ( controller_meter: Option, external_ids: Map ) +function make_flow_tags(io_port: Option): Map { + match (io_port) { + None -> map_empty(), + Some{s} -> [ "in_out_port" -> s ] + } +} +function make_flow_external_ids(stage_hint: Option, stage: Stage): Map { + match (stage_hint) { + None -> ["stage-name" -> stage.table_name], + Some{uuid} -> ["stage-name" -> stage.table_name, + "stage-hint" -> "${hex(uuid[127:96])}"] + } +} AggregatedFlow(.logical_datapaths = g.to_set(), .stage = stage, .priority = priority, .__match = __match, .actions = actions, - .tags = tags, + .tags = make_flow_tags(io_port), .controller_meter = controller_meter, - .external_ids = external_ids) :- + .external_ids = make_flow_external_ids(stage_hint, stage)) :- UseLogicalDatapathGroups[true], - MeteredFlow(logical_datapath, stage, priority, __match, actions, tags, controller_meter, external_ids), - var g = logical_datapath.group_by((stage, priority, __match, actions, tags, controller_meter, external_ids)). + Flow(logical_datapath, stage, priority, __match, actions, io_port, controller_meter, stage_hint), + var g = logical_datapath.group_by((stage, priority, __match, actions, io_port, controller_meter, stage_hint)). AggregatedFlow(.logical_datapaths = set_singleton(logical_datapath), .stage = stage, .priority = priority, .__match = __match, .actions = actions, - .tags = tags, + .tags = make_flow_tags(io_port), .controller_meter = controller_meter, - .external_ids = external_ids) :- + .external_ids = make_flow_external_ids(stage_hint, stage)) :- UseLogicalDatapathGroups[false], - MeteredFlow(logical_datapath, stage, priority, __match, actions, tags, controller_meter, external_ids). + Flow(logical_datapath, stage, priority, __match, actions, io_port, controller_meter, stage_hint). for (f in AggregatedFlow()) { var pipeline = if (f.stage.pipeline == Ingress) "ingress" else "egress" in @@ -1774,7 +1744,9 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = actions, - .external_ids = stage_hint(fg_uuid)) :- + .stage_hint = Some{fg_uuid}, + .io_port = None, + .controller_meter = None) :- sw in &Switch(), nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), var fg_uuid = FlatMap(forwarding_groups), @@ -1804,7 +1776,9 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = actions, - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- sw in &Switch(), nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), var fg_uuid = FlatMap(forwarding_groups), @@ -1825,7 +1799,9 @@ for (sw in &Switch()) { .priority = 100, .__match = "vlan.present", .actions = "drop;", - .external_ids = map_empty() /*TODO: check*/) + .stage_hint = None /*TODO: check*/, + .io_port = None, + .controller_meter = None) }; /* Broadcast/multicast source address is invalid */ @@ -1834,7 +1810,9 @@ for (sw in &Switch()) { .priority = 100, .__match = "eth.src[40]", .actions = "drop;", - .external_ids = map_empty() /*TODO: check*/) + .stage_hint = None /*TODO: check*/, + .io_port = None, + .controller_meter = None) /* Port security flows have priority 50 (see below) and will continue to the next table if packet source is acceptable. */ } @@ -1894,26 +1872,34 @@ for (&Switch(._uuid =ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* stateless filters always take precedence over stateful ACLs. */ @@ -1926,14 +1912,18 @@ for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = &acl, .has_fair_meter .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "next;", - .external_ids = stage_hint(acl._uuid)) + .stage_hint = Some{acl._uuid}, + .io_port = None, + .controller_meter = None) } else { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "next;", - .external_ids = stage_hint(acl._uuid)) + .stage_hint = Some{acl._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -1958,43 +1948,43 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "router"}, * as the icmp request went through the logical router * on hostA, not hostB. This would only work with * distributed conntrack state across all chassis. */ - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_PRE_ACL(), - .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name); - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_PRE_ACL(), - .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_PRE_ACL(), + .priority = 110, + .__match = "ip && inport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_PRE_ACL(), + .priority = 110, + .__match = "ip && outport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "localnet"}, .json_name = lsp_name, .sw = &Switch{._uuid = ls_uuid, .has_stateful_acl = true})) { - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_PRE_ACL(), - .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name); - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_PRE_ACL(), - .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_PRE_ACL(), + .priority = 110, + .__match = "ip && inport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_PRE_ACL(), + .priority = 110, + .__match = "ip && outport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { @@ -2008,14 +1998,18 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Ingress and Egress Pre-ACL Table (Priority 100). * @@ -2030,13 +2024,17 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Pre-LB */ @@ -2048,13 +2046,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = __match, .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 110, .__match = __match, .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) }; /* Do not send service monitor packets to conntrack. */ @@ -2063,13 +2065,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 110, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Allow all packets to go to next tables by default. */ Flow(.logical_datapath = ls_uuid, @@ -2077,33 +2083,37 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } for (&SwitchPort(.lsp = lsp, .json_name = lsp_name, .sw = &Switch{._uuid = ls_uuid})) if (lsp.__type == "router" or lsp.__type == "localnet") { - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_PRE_LB(), - .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name); - FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_PRE_LB(), - .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_PRE_LB(), + .priority = 110, + .__match = "ip && inport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_PRE_LB(), + .priority = 110, + .__match = "ip && outport == ${lsp_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } /* Empty LoadBalancer Controller event */ @@ -2154,14 +2164,14 @@ LoadBalancerEmptyEvents(lb) :- var local_events = local_options.get_bool_def("event", false), global_events or local_events. -MeteredFlow(.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PRE_LB(), - .priority = 130, - .__match = __match, - .actions = __action, - .tags = map_empty(), - .controller_meter = sw.copp.get(cOPP_EVENT_ELB()), - .external_ids = stage_hint(lb._uuid)) :- +Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PRE_LB(), + .priority = 130, + .__match = __match, + .actions = __action, + .io_port = None, + .controller_meter = sw.copp.get(cOPP_EVENT_ELB()), + .stage_hint = Some{lb._uuid}) :- SwitchLBVIP(.sw_uuid = sw_uuid, .lb = lb, .vip = vip, .backends = backends), LoadBalancerEmptyEvents(lb), not lb.options.get_bool_def("reject", false), @@ -2204,13 +2214,17 @@ for (sw in &Switch(.has_lb_vip = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Pre-stateful */ @@ -2226,13 +2240,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* If rEGBIT_CONNTRACK_NAT() is set as 1, then packets should just be sent * through nat (without committing). @@ -2251,14 +2269,18 @@ for (&Switch(._uuid = ls_uuid)) { .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip4 && ${protocol}", .actions = "${rEG_ORIG_DIP_IPV4()} = ip4.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 120, .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip6 && ${protocol}", .actions = "${rEG_ORIG_DIP_IPV6()} = ip6.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) }; Flow(.logical_datapath = ls_uuid, @@ -2266,14 +2288,18 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", .actions = "ct_lb;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 110, .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", .actions = "ct_lb;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* If rEGBIT_CONNTRACK_DEFRAG() is set as 1, then the packets should be * sent to conntrack for tracking and defragmentation. */ @@ -2282,13 +2308,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", .actions = "ct_next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 100, .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", .actions = "ct_next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } function acl_log_meter_name(meter_name: string, acl_uuid: uuid): string = @@ -2390,14 +2420,14 @@ for (Reject(lsuuid, pipeline, stage, acl, fair_meter, controller_meter, "reject { " "/* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ " "outport <-> inport; ${next_to_stage(next_stage)}; };" in - MeteredFlow(.logical_datapath = lsuuid, - .stage = stage, - .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = controller_meter, - .external_ids = stage_hint(acl._uuid)) + Flow(.logical_datapath = lsuuid, + .stage = stage, + .priority = acl.priority + oVN_ACL_PRI_OFFSET(), + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = controller_meter, + .stage_hint = Some{acl._uuid}) } /* build_acls */ @@ -2424,13 +2454,17 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = priority, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = priority, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) }; if (has_stateful) { @@ -2460,13 +2494,17 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 1, .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 1, .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Ingress and Egress ACL Table (Priority 65532). * @@ -2480,13 +2518,17 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 65532, .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Ingress and Egress ACL Table (Priority 65532). * @@ -2503,14 +2545,18 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct.rpl && ct_label.blocked == 0", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 65532, .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct.rpl && ct_label.blocked == 0", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Ingress and Egress ACL Table (Priority 65532). * @@ -2529,14 +2575,18 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct_label.blocked == 0", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 65532, .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct_label.blocked == 0", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Ingress and Egress ACL Table (Priority 65532). * @@ -2546,13 +2596,17 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 65532, .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) }; /* Add a 34000 priority flow to advance the DNS reply from ovn-controller, @@ -2564,7 +2618,9 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 34000, .__match = "udp.src == 53", .actions = if has_stateful "ct_commit; next;" else "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) }; if (sw.has_acls or sw.has_lb_vip) { @@ -2575,13 +2631,17 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 34000, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 34000, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } } } @@ -2605,7 +2665,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { for (AclHintStages[stage]) { /* In any case, advance to the next stage. */ var priority = if (not sw.has_acls and not sw.has_lb_vip) { 65535 } else { 0 } in - Flow(ls_uuid, stage, priority, "1", "next;", map_empty()) + Flow(ls_uuid, stage, priority, "1", "next;", None, None, None) }; for (AclHintStages[stage]) @@ -2617,7 +2677,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 7, "ct.new && !ct.est", "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", map_empty()); + "next;", None, None, None); /* Already established connections in the "request" direction that * are already marked as "blocked" may hit either: @@ -2630,13 +2690,13 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 6, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1", "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", map_empty()); + "next;", None, None, None); /* Not tracked traffic can either be allowed or dropped. */ Flow(ls_uuid, stage, 5, "!ct.trk", "${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", map_empty()); + "next;", None, None, None); /* Already established connections in the "request" direction may hit * either: @@ -2649,17 +2709,17 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 4, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0", "${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_BLOCK()} = 1; " - "next;", map_empty()); + "next;", None, None, None); /* Not established or established and already blocked connections may * hit drop ACLs. */ Flow(ls_uuid, stage, 3, "!ct.est", "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", map_empty()); + "next;", None, None, None); Flow(ls_uuid, stage, 2, "ct.est && ct_label.blocked == 1", "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", map_empty()); + "next;", None, None, None); /* Established connections that were previously allowed might hit * drop ACLs in which case the connection must be committed with @@ -2667,7 +2727,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { */ Flow(ls_uuid, stage, 1, "ct.est && ct_label.blocked == 0", "${rEGBIT_ACL_HINT_BLOCK()} = 1; " - "next;", map_empty()) + "next;", None, None, None) } } @@ -2678,7 +2738,7 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { var ingress = acl.direction == "from-lport" in var stage = if (ingress) { s_SWITCH_IN_ACL() } else { s_SWITCH_OUT_ACL() } in var pipeline = if ingress Ingress else Egress in - var stage_hint = stage_hint(acl._uuid) in + var stage_hint = Some{acl._uuid} in var acl_log = build_acl_log(acl, fair_meter) in if (acl.action == "allow" or acl.action == "allow-related") { /* If there are any stateful flows, we must even commit "allow" @@ -2692,7 +2752,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "${acl_log}next;", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) } else { /* Commit the connection tracking entry if it's a new * connection that matches this ACL. After this commit, @@ -2711,7 +2773,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = "${rEGBIT_ACL_HINT_ALLOW_NEW()} == 1 && (${acl.__match})", .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; ${acl_log}next;", - .external_ids = stage_hint); + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None); /* Match on traffic in the request direction for an established * connection tracking entry that has not been marked for @@ -2724,7 +2788,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = "${rEGBIT_ACL_HINT_ALLOW()} == 1 && (${acl.__match})", .actions = "${acl_log}next;", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) } } else if (acl.action == "allow-stateless") { Flow(.logical_datapath = sw._uuid, @@ -2732,7 +2798,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "${acl_log}next;", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) } else if (acl.action == "drop" or acl.action == "reject") { /* The implementation of "drop" differs if stateful ACLs are in * use for this datapath. In that case, the actions differ @@ -2751,7 +2819,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = __match ++ " && (${acl.__match})", .actions = "${acl_log}/* drop */", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) }; /* For an existing connection without ct_label set, we've * encountered a policy change. ACLs previously allowed @@ -2774,7 +2844,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = __match ++ " && (${acl.__match})", .actions = "${actions}${acl_log}/* drop */", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) } } else { /* There are no stateful ACLs in use on this datapath, @@ -2788,7 +2860,9 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "${acl_log}/* drop */", - .external_ids = stage_hint) + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) } } } @@ -2803,17 +2877,17 @@ for (SwitchPortDHCPv4Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, (Some{var server_id}, Some{var server_mac}, Some{var lease_time}) = (options.get("server_id"), options.get("server_mac"), options.get("lease_time")) in var has_stateful = sw.has_stateful_acl or sw.has_lb_vip in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_OUT_ACL(), - .priority = 34000, - .__match = "outport == ${json_string_escape(lsp.name)} " - "&& eth.src == ${server_mac} " - "&& ip4.src == ${server_id} && udp && udp.src == 67 " - "&& udp.dst == 68", - .actions = if (has_stateful) "ct_commit; next;" else "next;", - .external_ids = stage_hint(dhcpv4_options._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_OUT_ACL(), + .priority = 34000, + .__match = "outport == ${json_string_escape(lsp.name)} " + "&& eth.src == ${server_mac} " + "&& ip4.src == ${server_id} && udp && udp.src == 67 " + "&& udp.dst == 68", + .actions = if (has_stateful) "ct_commit; next;" else "next;", + .stage_hint = Some{dhcpv4_options._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } for (SwitchPortDHCPv6Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, @@ -2825,17 +2899,17 @@ for (SwitchPortDHCPv6Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, /* Get the link local IP of the DHCPv6 server from the * server MAC. */ var has_stateful = sw.has_stateful_acl or sw.has_lb_vip in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_OUT_ACL(), - .priority = 34000, - .__match = "outport == ${json_string_escape(lsp.name)} " - "&& eth.src == ${server_mac} " - "&& ip6.src == ${server_ip} && udp && udp.src == 547 " - "&& udp.dst == 546", - .actions = if (has_stateful) "ct_commit; next;" else "next;", - .external_ids = stage_hint(dhcpv6_options._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_OUT_ACL(), + .priority = 34000, + .__match = "outport == ${json_string_escape(lsp.name)} " + "&& eth.src == ${server_mac} " + "&& ip6.src == ${server_ip} && udp && udp.src == 547 " + "&& udp.dst == 546", + .actions = if (has_stateful) "ct_commit; next;" else "next;", + .stage_hint = Some{dhcpv6_options._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } relation QoSAction(qos: uuid, key_action: string, value_action: integer) @@ -2852,25 +2926,33 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_QOS_MARK(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_QOS_METER(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_QOS_METER(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } for (SwitchQoS(.sw = sw, .qos = qos)) { @@ -2885,7 +2967,9 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { .priority = qos.priority, .__match = qos.__match, .actions = "ip.dscp = ${value_action}; next;", - .external_ids = stage_hint(qos._uuid)) + .stage_hint = Some{qos._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -2919,7 +3003,9 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { .priority = qos.priority, .__match = qos.__match, .actions = meter_action, - .external_ids = stage_hint(qos._uuid)) + .stage_hint = Some{qos._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -2933,13 +3019,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_STATEFUL(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* If REGBIT_CONNTRACK_COMMIT is set as 1, then the packets should be * committed to conntrack. We always set ct_label.blocked to 0 here as @@ -2950,13 +3040,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", .actions = "ct_commit { ct_label.blocked = 0; }; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_STATEFUL(), .priority = 100, .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", .actions = "ct_commit { ct_label.blocked = 0; }; next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Load balancing rules for new connections get committed to conntrack @@ -3052,14 +3146,14 @@ function build_lb_vip_actions(lbvip: Intern, lbvip.lb.protocol); (actions0 ++ actions, false) } -MeteredFlow(.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_STATEFUL(), - .priority = priority, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = meter, - .external_ids = stage_hint(lb._uuid)) :- +Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_STATEFUL(), + .priority = priority, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = meter, + .stage_hint = Some{lb._uuid}) :- sw in &Switch(), LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], sw.load_balancer.contains(lb._uuid), @@ -3099,7 +3193,9 @@ Flow(.logical_datapath = ls_uuid, .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- &Switch(._uuid = ls_uuid), var stages = [s_SWITCH_IN_PRE_HAIRPIN(), s_SWITCH_IN_NAT_HAIRPIN(), @@ -3117,7 +3213,9 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .actions = "${rEGBIT_HAIRPIN()} = chk_lb_hairpin(); " "${rEGBIT_HAIRPIN_REPLY()} = chk_lb_hairpin_reply(); " "next;", - .external_ids = stage_hint(ls_uuid)); + .stage_hint = Some{ls_uuid}, + .io_port = None, + .controller_meter = None); /* If packet needs to be hairpinned, snat the src ip with the VIP * for new sessions. */ @@ -3126,7 +3224,9 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 100, .__match = "ip && ct.new && ct.trk && ${rEGBIT_HAIRPIN()} == 1", .actions = "ct_snat_to_vip; next;", - .external_ids = stage_hint(ls_uuid)); + .stage_hint = Some{ls_uuid}, + .io_port = None, + .controller_meter = None); /* If packet needs to be hairpinned, for established sessions there * should already be an SNAT conntrack entry. @@ -3136,7 +3236,9 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 100, .__match = "ip && ct.est && ct.trk && ${rEGBIT_HAIRPIN()} == 1", .actions = "ct_snat;", - .external_ids = stage_hint(ls_uuid)); + .stage_hint = Some{ls_uuid}, + .io_port = None, + .controller_meter = None); /* For the reply of hairpinned traffic, snat the src ip to the VIP. */ Flow(.logical_datapath = ls_uuid, @@ -3144,7 +3246,9 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 90, .__match = "ip && ${rEGBIT_HAIRPIN_REPLY()} == 1", .actions = "ct_snat;", - .external_ids = stage_hint(ls_uuid)); + .stage_hint = Some{ls_uuid}, + .io_port = None, + .controller_meter = None); /* Ingress Hairpin table. * - Priority 1: Packets that were SNAT-ed for hairpinning should be @@ -3155,7 +3259,9 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 1, .__match = "(${rEGBIT_HAIRPIN()} == 1 || ${rEGBIT_HAIRPIN_REPLY()} == 1)", .actions = "eth.dst <-> eth.src; outport = inport; flags.loopback = 1; output;", - .external_ids = stage_hint(ls_uuid)) + .stage_hint = Some{ls_uuid}, + .io_port = None, + .controller_meter = None) } /* Logical switch ingress table PORT_SEC_L2: ingress port security - L2 (priority 50) @@ -3173,14 +3279,14 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses None -> "next;", Some{id} -> "set_queue(${id}); next;" } in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_L2(), - .priority = 50, - .__match = __match, - .actions = actions, - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_L2(), + .priority = 50, + .__match = __match, + .actions = actions, + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } } @@ -3210,14 +3316,14 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) " && ip4.src == 0.0.0.0" " && ip4.dst == 255.255.255.255" " && udp.src == 68 && udp.dst == 67" in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_IP(), - .priority = 90, - .__match = dhcp_match, - .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_IP(), + .priority = 90, + .__match = dhcp_match, + .actions = "next;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) }; var addrs = { var addrs = vec_empty(); @@ -3235,14 +3341,14 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) "inport == ${port.json_name} && eth.src == ${ps.ea} && ip4.src == {" ++ addrs.join(", ") ++ "}" in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_IP(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_IP(), + .priority = 90, + .__match = __match, + .actions = "next;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } }; if (ps.ipv6_addrs.len() > 0) { @@ -3257,31 +3363,33 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = dad_match, .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)) + .stage_hint = Some{port.lsp._uuid}, + .io_port = None, + .controller_meter = None) }; var __match = "inport == ${port.json_name} && eth.src == ${ps.ea}" ++ build_port_security_ipv6_flow(Ingress, ps.ea, ps.ipv6_addrs) in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_IP(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_IP(), + .priority = 90, + .__match = __match, + .actions = "next;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } }; var __match = "inport == ${port.json_name} && eth.src == ${ps.ea} && ip" in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_IP(), - .priority = 80, - .__match = __match, - .actions = "drop;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_IP(), + .priority = 80, + .__match = __match, + .actions = "drop;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } } @@ -3324,38 +3432,38 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) prefix } } in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_ND(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_ND(), + .priority = 90, + .__match = __match, + .actions = "next;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } }; if (not ps.ipv6_addrs.is_empty() or no_ip) { var __match = "inport == ${port.json_name} && eth.src == ${ps.ea}" ++ build_port_security_ipv6_nd_flow(ps.ea, ps.ipv6_addrs) in { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_ND(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_ND(), + .priority = 90, + .__match = __match, + .actions = "next;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } }; - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_PORT_SEC_ND(), - .priority = 80, - .__match = "inport == ${port.json_name} && (arp || nd)", - .actions = "drop;", - .external_ids = stage_hint(port.lsp._uuid)}, - port.lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_PORT_SEC_ND(), + .priority = 80, + .__match = "inport == ${port.json_name} && (arp || nd)", + .actions = "drop;", + .stage_hint = Some{port.lsp._uuid}, + .io_port = Some{port.lsp.name}, + .controller_meter = None) } } @@ -3367,13 +3475,17 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Ingress table ARP_ND_RSP: ARP/ND responder, skip requests coming from @@ -3383,14 +3495,14 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name) if lsp.is_enabled() and (lsp.__type == "localnet" or lsp.__type == "vtep")) { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_ARP_ND_RSP(), - .priority = 100, - .__match = "inport == ${json_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_ARP_ND_RSP(), + .priority = 100, + .__match = "inport == ${json_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } function lsp_is_up(lsp: Intern): bool = { @@ -3406,16 +3518,16 @@ function lsp_is_up(lsp: Intern): bool = { * - ARP reply from the virtual ip which belongs to a logical * port of type 'virtual' and bind that port. * */ - FlowWithInOutPort( - Flow{.logical_datapath = sp.sw._uuid, - .stage = s_SWITCH_IN_ARP_ND_RSP(), - .priority = 100, - .__match = "inport == ${vp.json_name} && " - "((arp.op == 1 && arp.spa == ${virtual_ip} && arp.tpa == ${virtual_ip}) || " - "(arp.op == 2 && arp.spa == ${virtual_ip}))", - .actions = "bind_vport(${sp.json_name}, inport); next;", - .external_ids = stage_hint(lsp._uuid)}, - vp.lsp.name) :- + Flow(.logical_datapath = sp.sw._uuid, + .stage = s_SWITCH_IN_ARP_ND_RSP(), + .priority = 100, + .__match = "inport == ${vp.json_name} && " + "((arp.op == 1 && arp.spa == ${virtual_ip} && arp.tpa == ${virtual_ip}) || " + "(arp.op == 2 && arp.spa == ${virtual_ip}))", + .actions = "bind_vport(${sp.json_name}, inport); next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{vp.lsp.name}, + .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), Some{var virtual_ip} = lsp.options.get("virtual-ip"), Some{var virtual_parents} = lsp.options.get("virtual-parents"), @@ -3457,7 +3569,9 @@ for (CheckLspIsUp[check_lsp_is_up]) { .priority = 50, .__match = __match, .actions = actions, - .external_ids = stage_hint(lsp._uuid)); + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None); /* Do not reply to an ARP request from the port that owns the * address (otherwise a DHCP client that ARPs to check for a @@ -3471,14 +3585,14 @@ for (CheckLspIsUp[check_lsp_is_up]) { * detect situations where the network is not working as * configured, so dropping the request would frustrate that * intent.) */ - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_ARP_ND_RSP(), - .priority = 100, - .__match = __match ++ " && inport == ${json_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_ARP_ND_RSP(), + .priority = 100, + .__match = __match ++ " && inport == ${json_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } } } @@ -3488,7 +3602,9 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = __actions, - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), rp.is_enabled(), @@ -3542,25 +3658,25 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam "output; " "};" in { - MeteredFlow(.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_ARP_ND_RSP(), - .priority = 50, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = sw.copp.get(cOPP_ND_NA()), - .external_ids = stage_hint(lsp._uuid)); + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_ARP_ND_RSP(), + .priority = 50, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = sw.copp.get(cOPP_ND_NA()), + .stage_hint = Some{lsp._uuid}); /* Do not reply to a solicitation from the port that owns the * address (otherwise DAD detection will fail). */ - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_IN_ARP_ND_RSP(), - .priority = 100, - .__match = __match ++ " && inport == ${json_name}", - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_IN_ARP_ND_RSP(), + .priority = 100, + .__match = __match ++ " && inport == ${json_name}", + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } } @@ -3572,7 +3688,9 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Ingress table ARP_ND_RSP: ARP/ND responder for service monitor source ip. @@ -3591,7 +3709,9 @@ Flow(.logical_datapath = sp.sw._uuid, "outport = inport; " "flags.loopback = 1; " "output;", - .external_ids = stage_hint(lbvip.lb._uuid)) :- + .stage_hint = Some{lbvip.lb._uuid}, + .io_port = None, + .controller_meter = None) :- LBVIP[lbvip], var lbvipbackend = FlatMap(lbvip.backends), Some{var svc_monitor} = lbvipbackend.svc_monitor, @@ -3803,14 +3923,14 @@ for (lsp in &SwitchPort "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " "udp.src == 68 && udp.dst == 67" ++ sfx in - MeteredFlow(.logical_datapath = lsuuid, - .stage = s_SWITCH_IN_DHCP_OPTIONS(), - .priority = 100, - .__match = __match, - .actions = options_action, - .tags = map_empty(), - .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), - .external_ids = stage_hint(lsp.lsp._uuid)); + Flow(.logical_datapath = lsuuid, + .stage = s_SWITCH_IN_DHCP_OPTIONS(), + .priority = 100, + .__match = __match, + .actions = options_action, + .io_port = None, + .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), + .stage_hint = Some{lsp.lsp._uuid}); /* Allow ip4.src = OFFER_IP and * ip4.dst = {SERVER_IP, 255.255.255.255} for the below @@ -3822,14 +3942,14 @@ for (lsp in &SwitchPort */ var __match = pfx ++ "eth.src == ${ea} && " "${ipv4_addr_match} && udp.src == 68 && udp.dst == 67" ++ sfx in - MeteredFlow(.logical_datapath = lsuuid, - .stage = s_SWITCH_IN_DHCP_OPTIONS(), - .priority = 100, - .__match = __match, - .actions = options_action, - .tags = map_empty(), - .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), - .external_ids = stage_hint(lsp.lsp._uuid)); + Flow(.logical_datapath = lsuuid, + .stage = s_SWITCH_IN_DHCP_OPTIONS(), + .priority = 100, + .__match = __match, + .actions = options_action, + .io_port = None, + .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), + .stage_hint = Some{lsp.lsp._uuid}); /* If REGBIT_DHCP_OPTS_RESULT is set, it means the * put_dhcp_opts action is successful. */ @@ -3841,7 +3961,9 @@ for (lsp in &SwitchPort .priority = 100, .__match = __match, .actions = response_action, - .external_ids = stage_hint(lsp.lsp._uuid)) + .stage_hint = Some{lsp.lsp._uuid}, + .io_port = None, + .controller_meter = None) // FIXME: is there a constraint somewhere that guarantees that build_dhcpv4_action // returns Some() for at most 1 address in lsp_addrs? Otherwise, simulate this break // by computing an aggregate that returns the first element of a group. @@ -3863,14 +3985,14 @@ for (lsp in &SwitchPort " && ip6.dst == ff02::1:2 && udp.src == 546 &&" " udp.dst == 547" ++ sfx in { - MeteredFlow(.logical_datapath = lsuuid, - .stage = s_SWITCH_IN_DHCP_OPTIONS(), - .priority = 100, - .__match = __match, - .actions = options_action, - .tags = map_empty(), - .controller_meter = lsp.sw.copp.get(cOPP_DHCPV6_OPTS()), - .external_ids = stage_hint(lsp.lsp._uuid)); + Flow(.logical_datapath = lsuuid, + .stage = s_SWITCH_IN_DHCP_OPTIONS(), + .priority = 100, + .__match = __match, + .actions = options_action, + .io_port = None, + .controller_meter = lsp.sw.copp.get(cOPP_DHCPV6_OPTS()), + .stage_hint = Some{lsp.lsp._uuid}); /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the * put_dhcpv6_opts action is successful */ @@ -3879,7 +4001,9 @@ for (lsp in &SwitchPort .priority = 100, .__match = __match ++ " && ${rEGBIT_DHCP_OPTS_RESULT()}", .actions = response_action, - .external_ids = stage_hint(lsp.lsp._uuid)) + .stage_hint = Some{lsp.lsp._uuid}, + .io_port = None, + .controller_meter = None) // FIXME: is there a constraint somewhere that guarantees that build_dhcpv4_action // returns Some() for at most 1 address in lsp_addrs? Otherwise, simulate this breaks // by computing an aggregate that returns the first element of a group. @@ -3903,7 +4027,9 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53", .actions = "${rEGBIT_DNS_LOOKUP_RESULT()} = dns_lookup(); next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); var action = "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " "udp.dst = udp.src; udp.src = 53; outport = inport; " @@ -3913,7 +4039,9 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); var action = "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " "udp.dst = udp.src; udp.src = 53; outport = inport; " @@ -3923,7 +4051,9 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Ingress table DHCP_OPTIONS and DHCP_RESPONSE: DHCP options and response, by @@ -3940,35 +4070,45 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DHCP_RESPONSE(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DNS_LOOKUP(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DNS_RESPONSE(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_EXTERNAL_PORT(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } Flow(.logical_datapath = sw._uuid, @@ -3976,7 +4116,9 @@ Flow(.logical_datapath = sw._uuid, .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "handle_svc_check(inport);", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- sw in &Switch(). for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) @@ -4000,24 +4142,24 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) } } in { /* Punt IGMP traffic to controller. */ - MeteredFlow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_L2_LKUP(), - .priority = 100, - .__match = "ip4 && ip.proto == 2", - .actions = "${igmp_act}", - .tags = map_empty(), - .controller_meter = controller_meter, - .external_ids = map_empty()); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_L2_LKUP(), + .priority = 100, + .__match = "ip4 && ip.proto == 2", + .actions = "${igmp_act}", + .io_port = None, + .controller_meter = controller_meter, + .stage_hint = None); /* Punt MLD traffic to controller. */ - MeteredFlow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_L2_LKUP(), - .priority = 100, - .__match = "mldv1 || mldv2", - .actions = "${igmp_act}", - .tags = map_empty(), - .controller_meter = controller_meter, - .external_ids = map_empty()); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_L2_LKUP(), + .priority = 100, + .__match = "mldv1 || mldv2", + .actions = "${igmp_act}", + .io_port = None, + .controller_meter = controller_meter, + .stage_hint = None); /* Flood all IP multicast traffic destined to 224.0.0.X to * all ports - RFC 4541, section 2.1.2, item 2. @@ -4028,7 +4170,9 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .priority = 85, .__match = "ip4.mcast && ip4.dst == 224.0.0.0/24", .actions = "outport = ${flood}; output;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Flood all IPv6 multicast traffic destined to reserved * multicast IPs (RFC 4291, 2.7.1). @@ -4039,7 +4183,9 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .priority = 85, .__match = "ip6.mcast_flood", .actions = "outport = ${flood}; output;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Forward uregistered IP multicast to routers with relay * enabled and to any ports configured to flood IP @@ -4079,7 +4225,9 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .__match = "ip4.mcast || ip6.mcast", .actions = "${relay_act}${static_act}${drop_act}", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } } } @@ -4134,7 +4282,9 @@ for (IgmpSwitchMulticastGroup(.address = address, .switch = sw)) { .actions = "${relay_act} ${static_act} outport = \"${address}\"; " "output;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } } } @@ -4147,17 +4297,17 @@ for (IgmpSwitchMulticastGroup(.address = address, .switch = sw)) { * chassis, drop ARP requests arriving on localnet ports from X's Ethernet * address, if the ARP request is asking to translate the IP address of a * router port on LS. */ -FlowWithInOutPort( - Flow{.logical_datapath = sp.sw._uuid, - .stage = s_SWITCH_IN_EXTERNAL_PORT(), - .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " - "eth.src == ${lp_addr.ea} && " - "!is_chassis_resident(${sp.json_name}) && " - "arp.tpa == ${rp_addr.addr} && arp.op == 1"), - .actions = "drop;", - .external_ids = stage_hint(sp.lsp._uuid)}, - localnet_port.1) :- +Flow(.logical_datapath = sp.sw._uuid, + .stage = s_SWITCH_IN_EXTERNAL_PORT(), + .priority = 100, + .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + "eth.src == ${lp_addr.ea} && " + "!is_chassis_resident(${sp.json_name}) && " + "arp.tpa == ${rp_addr.addr} && arp.op == 1"), + .actions = "drop;", + .stage_hint = Some{sp.lsp._uuid}, + .io_port = Some{localnet_port.1}, + .controller_meter = None) :- sp in &SwitchPort(), sp.lsp.__type == "external", var localnet_port = FlatMap(sp.sw.localnet_ports), @@ -4165,18 +4315,18 @@ FlowWithInOutPort( rp in &SwitchPort(.sw = sp.sw), rp.lsp.__type == "router", SwitchPortIPv4Address(.port = rp, .addr = rp_addr). -FlowWithInOutPort( - Flow{.logical_datapath = sp.sw._uuid, - .stage = s_SWITCH_IN_EXTERNAL_PORT(), - .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " - "eth.src == ${lp_addr.ea} && " - "!is_chassis_resident(${sp.json_name}) && " - "nd_ns && ip6.dst == {${rp_addr.addr}, ${rp_addr.solicited_node()}} && " - "nd.target == ${rp_addr.addr}"), - .actions = "drop;", - .external_ids = stage_hint(sp.lsp._uuid)}, - localnet_port.1) :- +Flow(.logical_datapath = sp.sw._uuid, + .stage = s_SWITCH_IN_EXTERNAL_PORT(), + .priority = 100, + .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + "eth.src == ${lp_addr.ea} && " + "!is_chassis_resident(${sp.json_name}) && " + "nd_ns && ip6.dst == {${rp_addr.addr}, ${rp_addr.solicited_node()}} && " + "nd.target == ${rp_addr.addr}"), + .actions = "drop;", + .stage_hint = Some{sp.lsp._uuid}, + .io_port = Some{localnet_port.1}, + .controller_meter = None) :- sp in &SwitchPort(), sp.lsp.__type == "external", var localnet_port = FlatMap(sp.sw.localnet_ports), @@ -4184,17 +4334,17 @@ FlowWithInOutPort( rp in &SwitchPort(.sw = sp.sw), rp.lsp.__type == "router", SwitchPortIPv6Address(.port = rp, .addr = rp_addr). -FlowWithInOutPort( - Flow{.logical_datapath = sp.sw._uuid, - .stage = s_SWITCH_IN_EXTERNAL_PORT(), - .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " - "eth.src == ${lp_addr.ea} && " - "eth.dst == ${ea} && " - "!is_chassis_resident(${sp.json_name})"), - .actions = "drop;", - .external_ids = stage_hint(sp.lsp._uuid)}, - localnet_port.1) :- +Flow(.logical_datapath = sp.sw._uuid, + .stage = s_SWITCH_IN_EXTERNAL_PORT(), + .priority = 100, + .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + "eth.src == ${lp_addr.ea} && " + "eth.dst == ${ea} && " + "!is_chassis_resident(${sp.json_name})"), + .actions = "drop;", + .stage_hint = Some{sp.lsp._uuid}, + .io_port = Some{localnet_port.1}, + .controller_meter = None) :- sp in &SwitchPort(), sp.lsp.__type == "external", var localnet_port = FlatMap(sp.sw.localnet_ports), @@ -4212,7 +4362,9 @@ for (ls in nb::Logical_Switch) { .priority = 70, .__match = "eth.mcast", .actions = "outport = ${mc_flood}; output;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Ingress table L2_LKUP: Destination lookup, unicast handling (priority 50). @@ -4225,7 +4377,9 @@ for (SwitchPortStaticAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json .priority = 50, .__match = "eth.dst == ${addrs.ea}", .actions = "outport = ${json_name}; output;", - .external_ids = stage_hint(lsp._uuid)) + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None) } /* @@ -4266,7 +4420,9 @@ Flow(.logical_datapath = sw._uuid, .priority = 75, .__match = __match, .actions = actions, - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw@&Switch{.has_non_router_port = true}, .peer = Some{rp}), rp.is_enabled(), var eth_src_set = { @@ -4391,7 +4547,9 @@ Flow(.logical_datapath = sw._uuid, } else { "outport = ${sp.json_name}; output;" }, - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), rp.is_enabled(), &SwitchPortARPForwards(.port = sp, .reachable_ips_v4 = ips_v4), @@ -4408,7 +4566,9 @@ Flow(.logical_datapath = sw._uuid, } else { "outport = ${sp.json_name}; output;" }, - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), rp.is_enabled(), &SwitchPortARPForwards(.port = sp, .reachable_ips_v6 = ips_v6), @@ -4421,7 +4581,9 @@ Flow(.logical_datapath = sw._uuid, .__match = fLAGBIT_NOT_VXLAN() ++ " && arp.op == 1 && arp.tpa == " ++ ipv4, .actions = "outport = ${flood}; output;", - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), rp.is_enabled(), &SwitchPortARPForwards(.port = sp, .unreachable_ips_v4 = ips_v4), @@ -4434,7 +4596,9 @@ Flow(.logical_datapath = sw._uuid, .__match = fLAGBIT_NOT_VXLAN() ++ " && nd_ns && nd.target == " ++ ipv6, .actions = "outport = ${flood}; output;", - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), rp.is_enabled(), &SwitchPortARPForwards(.port = sp, .unreachable_ips_v6 = ips_v6), @@ -4449,7 +4613,9 @@ for (SwitchPortNewDynamicAddress(.port = &SwitchPort{.lsp = lsp, .json_name = js .priority = 50, .__match = "eth.dst == ${addrs.ea}", .actions = "outport = ${json_name}; output;", - .external_ids = stage_hint(lsp._uuid)) + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None) } for (&SwitchPort(.lsp = lsp, @@ -4498,7 +4664,9 @@ for (&SwitchPort(.lsp = lsp, .priority = 50, .__match = __match, .actions = "outport = ${json_name}; output;", - .external_ids = stage_hint(lsp._uuid)); + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None); /* Add ethernet addresses specified in NAT rules on * distributed logical routers. */ @@ -4514,7 +4682,9 @@ for (&SwitchPort(.lsp = lsp, .priority = 50, .__match = __match, .actions = "outport = ${json_name}; output;", - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -4536,7 +4706,9 @@ for (sw in &Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "outport = get_fdb(eth.dst); next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_UNKNOWN(), @@ -4548,14 +4720,18 @@ for (sw in &Switch(._uuid = ls_uuid)) { } else { "drop;" }, - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_UNKNOWN(), .priority = 0, .__match = "1", .actions = "output;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Egress tables PORT_SEC_IP: Egress port security - IP (priority 0) @@ -4566,31 +4742,35 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PORT_SEC_L2(), .priority = 100, .__match = "eth.mcast", .actions = "output;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } -FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_LOOKUP_FDB(), - .priority = 100, - .__match = "inport == ${sp.json_name}", - .actions = "$[rEGBIT_LKUP_FDB()} = lookup_fdb(inport, eth.src); next;", - .external_ids = stage_hint(lsp_uuid)}, - sp.lsp.name), -FlowWithInOutPort( - Flow{.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_LOOKUP_FDB(), - .priority = 100, - .__match = "inport == ${sp.json_name} && ${rEGBIT_LKUP_FDB()} == 0", - .actions = "put_fdb(inport, eth.src); next;", - .external_ids = stage_hint(lsp_uuid)}, - sp.lsp.name) :- +Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_LOOKUP_FDB(), + .priority = 100, + .__match = "inport == ${sp.json_name}", + .actions = "$[rEGBIT_LKUP_FDB()} = lookup_fdb(inport, eth.src); next;", + .stage_hint = Some{lsp_uuid}, + .io_port = Some{sp.lsp.name}, + .controller_meter = None), +Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_LOOKUP_FDB(), + .priority = 100, + .__match = "inport == ${sp.json_name} && ${rEGBIT_LKUP_FDB()} == 0", + .actions = "put_fdb(inport, eth.src); next;", + .stage_hint = Some{lsp_uuid}, + .io_port = Some{sp.lsp.name}, + .controller_meter = None) :- LogicalSwitchPortWithUnknownAddress(ls_uuid, lsp_uuid), sp in &SwitchPort(.lsp = &nb::Logical_Switch_Port{._uuid = lsp_uuid, .__type = ""}, .ps_addresses = vec_empty()). @@ -4600,13 +4780,17 @@ Flow(.logical_datapath = ls_uuid, .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()), + .stage_hint = None, + .io_port = None, + .controller_meter = None), Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PUT_FDB(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- &Switch(._uuid = ls_uuid). /* Egress table PORT_SEC_IP: Egress port security - IP (priorities 90 and 80) @@ -4618,14 +4802,14 @@ Flow(.logical_datapath = ls_uuid, * * Priority 150 rules drop packets to disabled logical ports, so that they * don't even receive multicast or broadcast packets. */ -FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_OUT_PORT_SEC_L2(), - .priority = 50, - .__match = __match, - .actions = queue_action ++ "output;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) :- +Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_OUT_PORT_SEC_L2(), + .priority = 50, + .__match = __match, + .actions = queue_action ++ "output;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) :- &SwitchPort(.sw = sw, .lsp = lsp, .json_name = json_name, .ps_eth_addresses = ps_eth_addresses), lsp.is_enabled(), lsp.__type != "external", @@ -4641,16 +4825,17 @@ FlowWithInOutPort( _ -> "" }. -for (&SwitchPort(.lsp = lsp, .json_name = json_name, .sw = sw) - if not lsp.is_enabled() and lsp.__type != "external") { - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, +for (&SwitchPort(.lsp = lsp, .json_name = json_name, .sw = sw)) { + if (not lsp.is_enabled() and lsp.__type != "external") { + Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_L2(), .priority = 150, .__match = "outport == {$json_name}", .actions = "drop;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) + } } for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_name, .sw = sw}, @@ -4677,36 +4862,36 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam var __match = "outport == ${json_name} && eth.dst == ${ps.ea} && ip4.dst == {255.255.255.255, 224.0.0.0/4, " ++ addrs.join(", ") ++ "}" in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_OUT_PORT_SEC_IP(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_OUT_PORT_SEC_IP(), + .priority = 90, + .__match = __match, + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) }; if (ps.ipv6_addrs.len() > 0) { var __match = "outport == ${json_name} && eth.dst == ${ps.ea}" ++ build_port_security_ipv6_flow(Egress, ps.ea, ps.ipv6_addrs) in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, - .stage = s_SWITCH_OUT_PORT_SEC_IP(), - .priority = 90, - .__match = __match, - .actions = "next;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) - }; - var __match = "outport == ${json_name} && eth.dst == ${ps.ea} && ip" in - FlowWithInOutPort( - Flow{.logical_datapath = sw._uuid, + Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_IP(), - .priority = 80, + .priority = 90, .__match = __match, - .actions = "drop;", - .external_ids = stage_hint(lsp._uuid)}, - lsp.name) + .actions = "next;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) + }; + var __match = "outport == ${json_name} && eth.dst == ${ps.ea} && ip" in + Flow(.logical_datapath = sw._uuid, + .stage = s_SWITCH_OUT_PORT_SEC_IP(), + .priority = 80, + .__match = __match, + .actions = "drop;", + .stage_hint = Some{lsp._uuid}, + .io_port = Some{lsp.name}, + .controller_meter = None) } /* Logical router ingress table ADMISSION: Admission control framework. */ @@ -4718,7 +4903,9 @@ for (&Router(._uuid = lr_uuid)) { .priority = 100, .__match = "vlan.present || eth.src[40]", .actions = "drop;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Logical router ingress table ADMISSION: match (priority 50). */ @@ -4753,7 +4940,9 @@ for (&RouterPort(.lrp = lrp, .priority = 50, .__match = "eth.mcast && inport == ${json_name}", .actions = actions, - .external_ids = stage_hint(lrp._uuid)); + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None); var __match = "eth.dst == ${lrp_networks.ea} && inport == ${json_name}" ++ @@ -4767,7 +4956,9 @@ for (&RouterPort(.lrp = lrp, .priority = 50, .__match = __match, .actions = actions, - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) } } @@ -4823,7 +5014,9 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " ++ { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, @@ -4832,7 +5025,9 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} = lookup_nd(inport, nd.target, nd.tll); " ++ { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, @@ -4842,7 +5037,9 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in { if (learn_from_arp_request) "" else "${rLNIR} = lookup_nd_ip(inport, ip6.src); " } ++ "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* For other packet types, we can skip neighbor learning. * So set REGBIT_LOOKUP_NEIGHBOR_RESULT to 1. */ @@ -4851,7 +5048,9 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .priority = 0, .__match = "1", .actions = "${rLNR} = 1; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Flows for LEARN_NEIGHBOR. */ /* Skip Neighbor learning if not required. */ @@ -4862,31 +5061,33 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} == 1" ++ { if (learn_from_arp_request) "" else " || ${rLNIR} == 0" }, .actions = "next;", - .external_ids = map_empty()); - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), - .priority = 90, - .__match = "arp", - .actions = "put_arp(inport, arp.spa, arp.sha); next;", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ARP()), - .external_ids = map_empty()); - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), - .priority = 90, - .__match = "nd_na", - .actions = "put_nd(inport, nd.target, nd.tll); next;", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ND_NA()), - .external_ids = map_empty()); - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), - .priority = 90, - .__match = "nd_ns", - .actions = "put_nd(inport, ip6.src, nd.sll); next;", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ND_NS()), - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), + .priority = 90, + .__match = "arp", + .actions = "put_arp(inport, arp.spa, arp.sha); next;", + .io_port = None, + .controller_meter = copp.get(cOPP_ARP()), + .stage_hint = None); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), + .priority = 90, + .__match = "nd_na", + .actions = "put_nd(inport, nd.target, nd.tll); next;", + .io_port = None, + .controller_meter = copp.get(cOPP_ND_NA()), + .stage_hint = None); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), + .priority = 90, + .__match = "nd_ns", + .actions = "put_nd(inport, ip6.src, nd.sll); next;", + .io_port = None, + .controller_meter = copp.get(cOPP_ND_NS()), + .stage_hint = None) } /* Check if we need to learn mac-binding from ARP requests. */ @@ -4914,7 +5115,9 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { .priority = 110, .__match = __match.join(" && "), .actions = actions, - .external_ids = stage_hint(rp.lrp._uuid)) + .stage_hint = Some{rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) }; var actions = "${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " ++ @@ -4926,7 +5129,9 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { .priority = 100, .__match = "${match0} && ${match1}", .actions = actions, - .external_ids = stage_hint(rp.lrp._uuid)) + .stage_hint = Some{rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) } } @@ -4946,7 +5151,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { "ip4.src == 0.0.0.0/8 || " "ip4.dst == 0.0.0.0/8", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Drop ARP packets (priority 85). ARP request packets for router's own * IPs are handled with priority-90 flows. @@ -4958,7 +5165,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 85, .__match = "arp || nd", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Allow IPv6 multicast traffic that's supposed to reach the * router pipeline (e.g., router solicitations). @@ -4968,7 +5177,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 84, .__match = "nd_rs || nd_ra", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Drop other reserved multicast. */ Flow(.logical_datapath = lr_uuid, @@ -4976,7 +5187,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 83, .__match = "ip6.mcast_rsvd", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Allow other multicast if relay enabled (priority 82). */ var mcast_action = { if (mcast_cfg.relay) { "next;" } else { "drop;" } } in @@ -4985,7 +5198,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 82, .__match = "ip4.mcast || ip6.mcast", .actions = mcast_action, - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Drop Ethernet local broadcast. By definition this traffic should * not be forwarded.*/ @@ -4994,7 +5209,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 50, .__match = "eth.bcast", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* TTL discard */ Flow( @@ -5003,7 +5220,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 30, .__match = "ip4 && ip.ttl == {0, 1}", .actions = "drop;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); /* Pass other traffic not already handled to the next table for * routing. */ @@ -5012,7 +5231,9 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } function format_v4_networks(networks: lport_addresses, add_bcast: bool): string = @@ -5099,7 +5320,9 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) .priority = 100, .__match = __match, .actions = "drop;", - .external_ids = stage_hint(lrp._uuid)); + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None); /* ICMP echo reply. These flows reply to ICMP echo requests * received for the router's IP address. Since packets only @@ -5118,7 +5341,9 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) "icmp4.type = 0; " "flags.loopback = 1; " "next; ", - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) } /* Priority-90-92 flows handle ARP requests and ND packets. Most are @@ -5214,11 +5439,11 @@ relation LogicalRouterArpNdFlow( drop: bool, priority: integer) LogicalRouterArpFlow(router, lrp, "${ipv4}", mac, extra_match, drop, priority, - stage_hint(nat.nat._uuid)) :- + Some{nat.nat._uuid}) :- LogicalRouterArpNdFlow(router, nat@NAT{.external_ip = IPv4{ipv4}}, lrp, mac, extra_match, drop, priority). LogicalRouterNdFlow(router, lrp, "nd_na", ipv6, true, mac, extra_match, drop, priority, - stage_hint(nat.nat._uuid)) :- + Some{nat.nat._uuid}) :- LogicalRouterArpNdFlow(router, nat@NAT{.external_ip = IPv6{ipv6}}, lrp, mac, extra_match, drop, priority). @@ -5230,16 +5455,18 @@ relation LogicalRouterArpFlow( extra_match: Option, drop: bool, priority: integer, - external_ids: Map) + stage_hint: Option) Flow(.logical_datapath = lr._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = priority, .__match = __match, .actions = actions, - .external_ids = external_ids) :- + .stage_hint = stage_hint, + .io_port = None, + .controller_meter = None) :- LogicalRouterArpFlow(.lr = lr, .lrp = lrp, .ip = ip, .mac = mac, .extra_match = extra_match, .drop = drop, - .priority = priority, .external_ids = external_ids), + .priority = priority, .stage_hint = stage_hint), var __match = { var clauses = vec_with_capacity(3); match (lrp) { @@ -5274,19 +5501,19 @@ relation LogicalRouterNdFlow( extra_match: Option, drop: bool, priority: integer, - external_ids: Map) -MeteredFlow(.logical_datapath = lr._uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = priority, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = controller_meter, - .external_ids = external_ids) :- + stage_hint: Option) +Flow(.logical_datapath = lr._uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = priority, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = controller_meter, + .stage_hint = stage_hint) :- LogicalRouterNdFlow(.lr = lr, .lrp = lrp, .action = action, .ip = ip, .sn_ip = sn_ip, .mac = mac, .extra_match = extra_match, .drop = drop, .priority = priority, - .external_ids = external_ids), + .stage_hint = stage_hint), var __match = { var clauses = vec_with_capacity(4); match (lrp) { @@ -5336,7 +5563,9 @@ for (RouterPortNetworksIPv4Addr(.port = &RouterPort{.lrp = lrp, "ip4.src = ${addr.addr}; " "ip.ttl = 255; " "next; };", - .external_ids = stage_hint(lrp._uuid)); + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None); /* ARP reply. These flows reply to ARP requests for the router's own * IP address. */ @@ -5361,7 +5590,7 @@ for (RouterPortNetworksIPv4Addr(.port = &RouterPort{.lrp = lrp, .extra_match = Some{__match}, .drop = false, .priority = 90, - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}) } } @@ -5383,7 +5612,7 @@ var residence_check = match (is_redirect) { .extra_match = residence_check, .drop = false, .priority = 90, - .external_ids = map_empty()) + .stage_hint = None) } }; for (RouterLBVIP(.router = &Router{._uuid= lr_uuid}, .vip = vip)) { @@ -5398,7 +5627,7 @@ var residence_check = match (is_redirect) { .extra_match = residence_check, .drop = false, .priority = 90, - .external_ids = map_empty()) + .stage_hint = None) } } } @@ -5414,7 +5643,9 @@ Flow(.logical_datapath = lr_uuid, .priority = 60, .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .external_ids = stage_hint(lrp_uuid)) :- + .stage_hint = Some{lrp_uuid}, + .io_port = None, + .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, .router = &Router{.snat_ips = snat_ips, .force_lb_snat = false, @@ -5428,7 +5659,9 @@ Flow(.logical_datapath = lr_uuid, .priority = 60, .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .external_ids = stage_hint(lrp_uuid)) :- + .stage_hint = Some{lrp_uuid}, + .io_port = None, + .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, .router = &Router{.snat_ips = snat_ips, .force_lb_snat = false, @@ -5449,62 +5682,62 @@ for (RouterPortNetworksIPv4Addr( { /* UDP/TCP/SCTP port unreachable. */ var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && udp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "icmp4 {" - "eth.dst <-> eth.src; " - "ip4.dst <-> ip4.src; " - "ip.ttl = 255; " - "icmp4.type = 3; " - "icmp4.code = 3; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ICMP4_ERR()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "icmp4 {" + "eth.dst <-> eth.src; " + "ip4.dst <-> ip4.src; " + "ip.ttl = 255; " + "icmp4.type = 3; " + "icmp4.code = 3; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_ICMP4_ERR()), + .stage_hint = Some{lrp._uuid}); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && tcp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "tcp_reset {" - "eth.dst <-> eth.src; " - "ip4.dst <-> ip4.src; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_TCP_RESET()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "tcp_reset {" + "eth.dst <-> eth.src; " + "ip4.dst <-> ip4.src; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_TCP_RESET()), + .stage_hint = Some{lrp._uuid}); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && sctp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "sctp_abort {" - "eth.dst <-> eth.src; " - "ip4.dst <-> ip4.src; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_TCP_RESET()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "sctp_abort {" + "eth.dst <-> eth.src; " + "ip4.dst <-> ip4.src; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_TCP_RESET()), + .stage_hint = Some{lrp._uuid}); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 70, - .__match = __match, - .actions = "icmp4 {" - "eth.dst <-> eth.src; " - "ip4.dst <-> ip4.src; " - "ip.ttl = 255; " - "icmp4.type = 3; " - "icmp4.code = 2; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ICMP4_ERR()), - .external_ids = stage_hint(lrp._uuid)) + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 70, + .__match = __match, + .actions = "icmp4 {" + "eth.dst <-> eth.src; " + "ip4.dst <-> ip4.src; " + "ip.ttl = 255; " + "icmp4.type = 3; " + "icmp4.code = 2; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_ICMP4_ERR()), + .stage_hint = Some{lrp._uuid}) } /* DHCPv6 reply handling */ @@ -5514,7 +5747,9 @@ Flow(.logical_datapath = rp.router._uuid, .__match = "ip6.dst == ${ipv6_addr.addr} " "&& udp.src == 547 && udp.dst == 546", .actions = "reg0 = 0; handle_dhcpv6_reply;", - .external_ids = stage_hint(rp.lrp._uuid)) :- + .stage_hint = Some{rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) :- rp in &RouterPort(), var ipv6_addr = FlatMap(rp.networks.ipv6_addrs). @@ -5542,7 +5777,9 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) "icmp6.type = 129; " "flags.loopback = 1; " "next; ", - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) } /* ND reply. These flows reply to ND solicitations for the @@ -5571,7 +5808,7 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.lrp = lrp, .extra_match = extra_match, .drop = false, .priority = 90, - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}) } /* UDP/TCP/SCTP port unreachable */ @@ -5585,62 +5822,62 @@ for (RouterPortNetworksIPv6Addr( .addr = addr)) { var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && tcp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "tcp_reset {" - "eth.dst <-> eth.src; " - "ip6.dst <-> ip6.src; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_TCP_RESET()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "tcp_reset {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_TCP_RESET()), + .stage_hint = Some{lrp._uuid}); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && sctp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "sctp_abort {" - "eth.dst <-> eth.src; " - "ip6.dst <-> ip6.src; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_TCP_RESET()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "sctp_abort {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_TCP_RESET()), + .stage_hint = Some{lrp._uuid}); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && udp" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 80, - .__match = __match, - .actions = "icmp6 {" - "eth.dst <-> eth.src; " - "ip6.dst <-> ip6.src; " - "ip.ttl = 255; " - "icmp6.type = 1; " - "icmp6.code = 4; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ICMP6_ERR()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 80, + .__match = __match, + .actions = "icmp6 {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "ip.ttl = 255; " + "icmp6.type = 1; " + "icmp6.code = 4; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_ICMP6_ERR()), + .stage_hint = Some{lrp._uuid}); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag" in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 70, - .__match = __match, - .actions = "icmp6 {" - "eth.dst <-> eth.src; " - "ip6.dst <-> ip6.src; " - "ip.ttl = 255; " - "icmp6.type = 1; " - "icmp6.code = 3; " - "next; };", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ICMP6_ERR()), - .external_ids = stage_hint(lrp._uuid)) + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 70, + .__match = __match, + .actions = "icmp6 {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "ip.ttl = 255; " + "icmp6.type = 1; " + "icmp6.code = 3; " + "next; };", + .io_port = None, + .controller_meter = copp.get(cOPP_ICMP6_ERR()), + .stage_hint = Some{lrp._uuid}) } /* ICMPv6 time exceeded */ @@ -5662,14 +5899,14 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.router = router, "icmp6.type = 3; /* Time exceeded */ " "icmp6.code = 0; /* TTL exceeded in transit */ " "next; };" in - MeteredFlow(.logical_datapath = router._uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 40, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = router.copp.get(cOPP_ICMP6_ERR()), - .external_ids = stage_hint(lrp._uuid)) + Flow(.logical_datapath = router._uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 40, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = router.copp.get(cOPP_ICMP6_ERR()), + .stage_hint = Some{lrp._uuid}) } /* NAT, Defrag and load balancing. */ @@ -5680,7 +5917,9 @@ function default_allow_flow(datapath: uuid, stage: Stage): Flow { .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()} + .io_port = None, + .controller_meter = None, + .stage_hint = None} } for (r in &Router(._uuid = lr_uuid)) { /* Packets are allowed by default. */ @@ -5701,7 +5940,9 @@ for (r in &Router(._uuid = lr_uuid)) { .priority = 120, .__match = "nd_ns", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } for (r in &Router(._uuid = lr_uuid, @@ -5724,14 +5965,18 @@ for (r in &Router(._uuid = lr_uuid, .priority = 50, .__match = "ip && ct.new", .actions = "ct_commit { } ; next; ", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_UNDNAT(), .priority = 50, .__match = "ip", .actions = "flags.loopback = 1; ct_dnat;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } Flow(.logical_datapath = lr, @@ -5739,7 +5984,9 @@ Flow(.logical_datapath = lr, .priority = 120, .__match = "flags.skip_snat_for_lb == 1 && ip", .actions = "next;", - .external_ids = stage_hint(lb._uuid)) :- + .stage_hint = Some{lb._uuid}, + .io_port = None, + .controller_meter = None) :- LogicalRouterLB(lr, lb), lb.options.get_bool_def("skip_snat", false) . @@ -5804,7 +6051,9 @@ function lrouter_nat_add_ext_ip_match( .priority = priority, .__match = "${__match} && ${ipX}.${dir} == $${__as.name}", .actions = "next;", - .external_ids = stage_hint(nat.nat._uuid)}}) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None}}) } } } @@ -5818,7 +6067,9 @@ Flow(.logical_datapath = logical_router, .priority = 110, .__match = "${ipX} && ${ipX}.dst == ${ip}", .actions = "ct_snat;", - .external_ids = map_empty()), + .stage_hint = None, + .io_port = None, + .controller_meter = None), /* Higher priority rules to force SNAT with the IP addresses * configured in the Gateway router. This only takes effect * when the packet has already been DNATed or load balanced once. */ @@ -5827,7 +6078,9 @@ Flow(.logical_datapath = logical_router, .priority = 100, .__match = "flags.force_snat_for_${context} == 1 && ${ipX}", .actions = "ct_snat(${ip});", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- LogicalRouterForceSnatFlows(.logical_router = logical_router, .ips = ips, .context = context), @@ -5845,14 +6098,18 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "inport == ${rp.json_name} && ip4.dst == ${ipv4.addr}", .actions = "ct_snat;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = 110, .__match = "flags.force_snat_for_lb == 1 && ip4 && outport == ${rp.json_name}", .actions = "ct_snat(${ipv4.addr});", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); if (rp.networks.ipv4_addrs.len() > 1) { Warning["Logical router port ${rp.json_name} is configured with multiple IPv4 " @@ -5870,14 +6127,18 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "inport == ${rp.json_name} && ip6.dst == ${ipv6.addr}", .actions = "ct_snat;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = 110, .__match = "flags.force_snat_for_lb == 1 && ip6 && outport == ${rp.json_name}", .actions = "ct_snat(${ipv6.addr});", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); if (rp.networks.ipv6_addrs.len() > 2) { Warning["Logical router port ${rp.json_name} is configured with multiple IPv6 " @@ -5947,7 +6208,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 90, .__match = "ip && ${ipX}.dst == ${nat.nat.external_ip}", .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; Some {var gwport} = l3dgw_ports.nth(0) in { /* Distributed router. */ @@ -5971,7 +6234,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -6014,7 +6279,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match ++ ext_ip_match, .actions = flag_action ++ nat_actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; Some {var gwport} = l3dgw_ports.nth(0) in @@ -6043,7 +6310,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match ++ ext_ip_match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -6058,7 +6327,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 120, .__match = __match, .actions = "next;", - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; var nexthop_reg = "${xx}${rEG_NEXT_HOP()}" in @@ -6073,7 +6344,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = "eth.dst = ${dst_mac}; next;", - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -6109,7 +6382,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; /* Egress SNAT table: Packets enter the egress pipeline with @@ -6144,7 +6419,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = plen as bit<64> + 1, .__match = __match ++ ext_ip_match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; Some {var gwport} = l3dgw_ports.nth(0) in @@ -6182,7 +6459,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = priority + centralized_boost, .__match = __match ++ ext_ip_match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -6207,7 +6486,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 50, .__match = __match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)); + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None); /* Ingress Gateway Redirect Table: For NAT on a distributed * router, add flows that are specific to a NAT rule. These @@ -6234,7 +6515,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)); + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None); for (VirtualLogicalPort(nat.nat.logical_port)) { Some{var gwport} = l3dgw_ports.nth(0) in @@ -6244,7 +6527,9 @@ for (r in &Router(._uuid = lr_uuid, .__match = "${ipX}.src == ${nat.nat.logical_ip} && " "outport == ${json_string_escape(gwport.name)}", .actions = "drop;", - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) }; /* Egress Loopback table: For NAT on a distributed router. @@ -6282,7 +6567,9 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = stage_hint(nat.nat._uuid)) + .stage_hint = Some{nat.nat._uuid}, + .io_port = None, + .controller_meter = None) } }; @@ -6327,14 +6614,14 @@ for (RouterLBVIP( for (LoadBalancerEmptyEvents(lb)) { Some {(var __match, var __action)} = build_empty_lb_event_flow(vip, lb) in - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_DNAT(), - .priority = 130, - .__match = __match, - .actions = __action, - .tags = map_empty(), - .controller_meter = r.copp.get(cOPP_EVENT_ELB()), - .external_ids = stage_hint(lb._uuid)) + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_DNAT(), + .priority = 130, + .__match = __match, + .actions = __action, + .io_port = None, + .controller_meter = r.copp.get(cOPP_EVENT_ELB()), + .stage_hint = Some{lb._uuid}) } }; @@ -6374,7 +6661,9 @@ for (RouterLBVIP( .priority = prio, .__match = __match, .actions = __actions, - .external_ids = stage_hint(lb._uuid)); + .stage_hint = Some{lb._uuid}, + .io_port = None, + .controller_meter = None); /* Higher priority rules are added for load-balancing in DNAT * table. For every match (on a VIP[:port]), we add two flows @@ -6418,7 +6707,9 @@ for (RouterLBVIP( .priority = prio, .__match = est_match, .actions = actions, - .external_ids = stage_hint(lb._uuid)); + .stage_hint = Some{lb._uuid}, + .io_port = None, + .controller_meter = None); if (nats_contain_vip(nats, ip_address)) { /* The load balancer vip is also present in the NAT entries. @@ -6440,7 +6731,9 @@ for (RouterLBVIP( .priority = 120, .__match = match3, .actions = "next;", - .external_ids = stage_hint(lb._uuid)) + .stage_hint = Some{lb._uuid}, + .io_port = None, + .controller_meter = None) }; Some{var gwport} = l3dgw_ports.nth(0) in @@ -6480,7 +6773,9 @@ for (RouterLBVIP( .priority = 120, .__match = undnat_match, .actions = action, - .external_ids = stage_hint(lb._uuid)) + .stage_hint = Some{lb._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -6490,14 +6785,14 @@ for (RouterLBVIP( * via add_router_lb_flow(). One flow is for specific matching * on ct.new with an action of "ct_lb($targets);". The other * flow is for ct.est with an action of "ct_dnat;". */ -MeteredFlow(.logical_datapath = r._uuid, - .stage = s_ROUTER_IN_DNAT(), - .priority = priority, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = meter, - .external_ids = stage_hint(lb._uuid)) :- +Flow(.logical_datapath = r._uuid, + .stage = s_ROUTER_IN_DNAT(), + .priority = priority, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = meter, + .stage_hint = Some{lb._uuid}) :- r in &Router(), r.l3dgw_ports.len() > 0 or r.is_gateway, LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], @@ -6661,14 +6956,14 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non Some{prf} -> ", router_preference = \"${prf}\"" } in var actions = actions0 ++ router_preference ++ prefix ++ "); next;" in - MeteredFlow(.logical_datapath = router._uuid, - .stage = s_ROUTER_IN_ND_RA_OPTIONS(), - .priority = 50, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = router.copp.get(cOPP_ND_RA_OPTS()), - .external_ids = stage_hint(lrp._uuid)); + Flow(.logical_datapath = router._uuid, + .stage = s_ROUTER_IN_ND_RA_OPTIONS(), + .priority = 50, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = router.copp.get(cOPP_ND_RA_OPTS()), + .stage_hint = Some{lrp._uuid}); var __match = "inport == ${json_name} && ip6.dst == ff02::2 && " "nd_ra && ${rEGBIT_ND_RA_OPTS_RESULT()}" in @@ -6682,7 +6977,9 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non .priority = 50, .__match = __match, .actions = actions, - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -6697,13 +6994,17 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ND_RA_RESPONSE(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Proxy table that stores per-port routes. @@ -6765,7 +7066,9 @@ for (Route(.port = port, .priority = priority as integer, .__match = __match, .actions = "ip.ttl--; ${actions}", - .external_ids = stage_hint(port.lrp._uuid)); + .stage_hint = Some{port.lrp._uuid}, + .io_port = None, + .controller_meter = None); if (port.has_bfd) { Flow(.logical_datapath = port.router._uuid, @@ -6773,7 +7076,9 @@ for (Route(.port = port, .priority = priority as integer + 1, .__match = "${__match} && udp.dst == 3784", .actions = actions, - .external_ids = stage_hint(port.lrp._uuid)) + .stage_hint = Some{port.lrp._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -6784,7 +7089,9 @@ Flow(.logical_datapath = router._uuid, .priority = priority as integer, .__match = ip_match, .actions = "drop;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- r in RouterDiscardRoute_(.router = router, .key = key), (var ip_match, var priority) = build_route_match(r.key). @@ -6818,7 +7125,9 @@ Flow(.logical_datapath = r._uuid, .priority = 150, .__match = "${rEG_ECMP_GROUP_ID()} == 0", .actions = "next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- r in &Router(). /* Convert the static routes to flows. */ @@ -6899,7 +7208,9 @@ Flow(.logical_datapath = router._uuid, .priority = route_priority, .__match = route_match, .actions = actions, - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- EcmpGroup(group_id, router, key, dsts, route_match, route_priority), var all_member_ids = { var member_ids = vec_with_capacity(dsts.size()); @@ -6919,7 +7230,9 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- EcmpGroup(group_id, router, key, dsts, _, _), var member_id_and_dst = FlatMap(numbered_vec(dsts)), (var member_id, var dst) = member_id_and_dst, @@ -6952,7 +7265,9 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = "ct_next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, _), var __match = "inport == ${dst.port.json_name} && ${route_match}". @@ -6967,7 +7282,9 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), var __match = "inport == ${dst.port.json_name} && ${route_match} && " "(ct.new && !ct.est)", @@ -6987,20 +7304,26 @@ Flow(.logical_datapath = router._uuid, "${xx}reg1 = ${dst.src_ip}; " "outport = ${dst.port.json_name}; " "next;", - .external_ids = map_empty()), + .stage_hint = None, + .io_port = None, + .controller_meter = None), /* Egress reply traffic for symmetric ECMP routes skips router policies. */ Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = 65535, .__match = ecmp_reply, .actions = "next;", - .external_ids = map_empty()), + .stage_hint = None, + .io_port = None, + .controller_meter = None), Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 200, .__match = ecmp_reply, .actions = "eth.dst = ct_label.ecmp_reply_eth; next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), var ecmp_reply = "ct.rpl && ct_label.ecmp_reply_port == ${tunkey}", var xx = dst.nexthop.xxreg(). @@ -7017,7 +7340,9 @@ Flow(.logical_datapath = router._uuid, .priority = 550, .__match = "nd_rs || nd_ra", .actions = "drop;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- router in &Router(). for (IgmpRouterMulticastGroup(address, rtr, ports)) { @@ -7044,7 +7369,9 @@ for (IgmpRouterMulticastGroup(address, rtr, ports)) { .actions = "${static_act}outport = ${json_string_escape(address)}; " "ip.ttl--; next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } } @@ -7068,7 +7395,9 @@ for (RouterMcastFloodPorts(rtr, flood_ports) if rtr.mcast_cfg.relay) { .priority = 450, .__match = "ip4.mcast || ip6.mcast", .actions = actions, - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Logical router ingress table POLICY: Policy. @@ -7088,21 +7417,20 @@ for (&Router(._uuid = lr_uuid)) { .priority = 0, .__match = "1", .actions = "${rEG_ECMP_GROUP_ID()} = 0; next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_POLICY_ECMP(), .priority = 150, .__match = "${rEG_ECMP_GROUP_ID()} == 0", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } -function stage_hint(_uuid: uuid): Map = { - ["stage-hint" -> "${hex(_uuid[127:96])}"] -} - - /* Convert routing policies to flows. */ function pkt_mark_policy(options: Map): string { var pkt_mark = options.get("pkt_mark").and_then(parse_dec_u64).unwrap_or(0); @@ -7117,7 +7445,9 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = actions, - .external_ids = stage_hint(policy._uuid)) :- + .stage_hint = Some{policy._uuid}, + .io_port = None, + .controller_meter = None) :- r in &Router(), var policy_uuid = FlatMap(r.policies), policy in nb::Logical_Router_Policy(._uuid = policy_uuid), @@ -7178,7 +7508,9 @@ Flow(.logical_datapath = r._uuid, .priority = 100, .__match = __match, .actions = actions, - .external_ids = stage_hint(policy._uuid)) :- + .stage_hint = Some{policy._uuid}, + .io_port = None, + .controller_meter = None) :- EcmpReroutePolicy(r, policy, ecmp_group_id), var member_ids = range_vec(1, policy.nexthops.size() + 1, 1), var numbered_nexthops = policy.nexthops.to_vec().zip(member_ids), @@ -7202,7 +7534,9 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = actions, - .external_ids = stage_hint(policy._uuid)) :- + .stage_hint = Some{policy._uuid}, + .io_port = None, + .controller_meter = None) :- EcmpReroutePolicy(r, policy, ecmp_group_id), var member_ids = { var n = policy.nexthops.size(); @@ -7220,7 +7554,9 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = "drop;", - .external_ids = stage_hint(policy._uuid)) :- + .stage_hint = Some{policy._uuid}, + .io_port = None, + .controller_meter = None) :- r in &Router(), var policy_uuid = FlatMap(r.policies), policy in nb::Logical_Router_Policy(._uuid = policy_uuid), @@ -7230,7 +7566,9 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = pkt_mark_policy(policy.options) ++ "${rEG_ECMP_GROUP_ID()} = 0; next;", - .external_ids = stage_hint(policy._uuid)) :- + .stage_hint = Some{policy._uuid}, + .io_port = None, + .controller_meter = None) :- r in &Router(), var policy_uuid = FlatMap(r.policies), policy in nb::Logical_Router_Policy(._uuid = policy_uuid), @@ -7250,7 +7588,9 @@ for (&Router(._uuid = lr_uuid)) { .priority = 500, .__match = "ip4.mcast || ip6.mcast", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Local router ingress table ARP_RESOLVE: ARP Resolution. @@ -7285,7 +7625,9 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, .priority = 100, .__match = __match, .actions = "eth.dst = ${networks.ea}; next;", - .external_ids = stage_hint(rp.lrp._uuid)) + .stage_hint = Some{rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) }; if (not networks.ipv6_addrs.is_empty()) { @@ -7297,7 +7639,9 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, .priority = 100, .__match = __match, .actions = "eth.dst = ${networks.ea}; next;", - .external_ids = stage_hint(rp.lrp._uuid)) + .stage_hint = Some{rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -7314,7 +7658,9 @@ Flow(.logical_datapath = router._uuid, .__match = "outport == ${rp.json_name} && " "!is_chassis_resident(${json_string_escape(chassis_redirect_name(l3dgw_port.name))})", .actions = "eth.dst = ${rp.networks.ea}; next;", - .external_ids = stage_hint(lrp._uuid)) :- + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) :- rp in &RouterPort(.lrp = lrp, .router = router), Some{var l3dgw_port} = router.l3dgw_ports.nth(0), Some{"bridged"} = lrp.options.get("redirect-type"). @@ -7331,7 +7677,9 @@ Flow(.logical_datapath = lr_uuid, .priority = 1, .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .external_ids = stage_hint(lrp_uuid)) :- + .stage_hint = Some{lrp_uuid}, + .io_port = None, + .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, .router = &Router{.snat_ips = snat_ips, ._uuid = lr_uuid}, @@ -7344,7 +7692,9 @@ Flow(.logical_datapath = lr_uuid, .priority = 1, .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .external_ids = stage_hint(lrp_uuid)) :- + .stage_hint = Some{lrp_uuid}, + .io_port = None, + .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, .router = &Router{.snat_ips = snat_ips, ._uuid = lr_uuid}, @@ -7361,7 +7711,9 @@ Flow(.logical_datapath = peer.router._uuid, .priority = 100, .__match = "outport == ${peer.json_name} && " ++ rEG_NEXT_HOP() ++ " == {${ips}}", .actions = "eth.dst = ${addr.ea}; next;", - .external_ids = stage_hint(lrp._uuid)) :- + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) :- RouterPortRoutableAddresses(port, addresses), FirstHopRouterPortRoutableAddresses(port, peer_uuid), peer in &RouterPort(.lrp = lrp), @@ -7391,7 +7743,9 @@ for (SwitchPortIPv4Address( .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${addr.addr}", .actions = "eth.dst = ${ea}; next;", - .external_ids = stage_hint(lsp._uuid)) + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None) } } @@ -7411,7 +7765,9 @@ for (SwitchPortIPv6Address( .__match = "outport == ${peer.json_name} && " "xx${rEG_NEXT_HOP()} == ${addr.addr}", .actions = "eth.dst = ${ea}; next;", - .external_ids = stage_hint(lsp._uuid)) + .stage_hint = Some{lsp._uuid}, + .io_port = None, + .controller_meter = None) } } @@ -7441,7 +7797,9 @@ Flow(.logical_datapath = peer.router._uuid, .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", .actions = "eth.dst = 00:00:00:00:00:00; next;", - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), Some{var virtual_ip_s} = lsp.options.get("virtual-ip"), Some{var virtual_parents} = lsp.options.get("virtual-parents"), @@ -7456,7 +7814,9 @@ Flow(.logical_datapath = peer.router._uuid, .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", .actions = "eth.dst = ${address.ea}; next;", - .external_ids = stage_hint(sp.lsp._uuid)) :- + .stage_hint = Some{sp.lsp._uuid}, + .io_port = None, + .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), Some{var virtual_ip_s} = lsp.options.get("virtual-ip"), Some{var virtual_parents} = lsp.options.get("virtual-parents"), @@ -7493,7 +7853,9 @@ for (&SwitchPort(.lsp = lsp1, .__match = "outport == ${peer1.json_name} && " "${rEG_NEXT_HOP()} == ${format_v4_networks(peer2.networks, false)}", .actions = "eth.dst = ${peer2.networks.ea}; next;", - .external_ids = stage_hint(lsp1._uuid)) + .stage_hint = Some{lsp1._uuid}, + .io_port = None, + .controller_meter = None) }; if (not peer2.networks.ipv6_addrs.is_empty()) { @@ -7503,7 +7865,9 @@ for (&SwitchPort(.lsp = lsp1, .__match = "outport == ${peer1.json_name} && " "xx${rEG_NEXT_HOP()} == ${format_v6_networks(peer2.networks)}", .actions = "eth.dst = ${peer2.networks.ea}; next;", - .external_ids = stage_hint(lsp1._uuid)) + .stage_hint = Some{lsp1._uuid}, + .io_port = None, + .controller_meter = None) } } } @@ -7515,13 +7879,17 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "ip4", .actions = "get_arp(outport, ${rEG_NEXT_HOP()}); next;", - .external_ids = map_empty()); + .stage_hint = None, + .io_port = None, + .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 0, .__match = "ip6", .actions = "get_nd(outport, xx${rEG_NEXT_HOP()}); next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Local router ingress table CHK_PKT_LEN: Check packet length. @@ -7542,14 +7910,18 @@ Flow(.logical_datapath = lr_uuid, .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- &Router(._uuid = lr_uuid). Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LARGER_PKTS(), .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) :- + .stage_hint = None, + .io_port = None, + .controller_meter = None) :- &Router(._uuid = lr_uuid). Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_CHK_PKT_LEN(), @@ -7557,33 +7929,35 @@ Flow(.logical_datapath = lr_uuid, .__match = "outport == ${gw_mtu_rp.json_name}", .actions = "${rEGBIT_PKT_LARGER()} = check_pkt_larger(${mtu}); " "next;", - .external_ids = stage_hint(gw_mtu_rp.lrp._uuid)) :- + .stage_hint = Some{gw_mtu_rp.lrp._uuid}, + .io_port = None, + .controller_meter = None) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), gw_mtu > 0, var mtu = gw_mtu + vLAN_ETH_HEADER_LEN(). -MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_LARGER_PKTS(), - .priority = 150, - .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip4 && " - "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp4_error {" - "${rEGBIT_EGRESS_LOOPBACK()} = 1; " - "${rEGBIT_PKT_LARGER()} = 0; " - "eth.dst = ${rp.networks.ea}; " - "ip4.dst = ip4.src; " - "ip4.src = ${first_ipv4.addr}; " - "ip.ttl = 255; " - "icmp4.type = 3; /* Destination Unreachable. */ " - "icmp4.code = 4; /* Frag Needed and DF was Set. */ " - /* Set icmp4.frag_mtu to gw_mtu */ - "icmp4.frag_mtu = ${gw_mtu}; " - "next(pipeline=ingress, table=0); " - "};", - .tags = map_empty(), - .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), - .external_ids = stage_hint(rp.lrp._uuid)) :- +Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_LARGER_PKTS(), + .priority = 150, + .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip4 && " + "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", + .actions = "icmp4_error {" + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " + "${rEGBIT_PKT_LARGER()} = 0; " + "eth.dst = ${rp.networks.ea}; " + "ip4.dst = ip4.src; " + "ip4.src = ${first_ipv4.addr}; " + "ip.ttl = 255; " + "icmp4.type = 3; /* Destination Unreachable. */ " + "icmp4.code = 4; /* Frag Needed and DF was Set. */ " + /* Set icmp4.frag_mtu to gw_mtu */ + "icmp4.frag_mtu = ${gw_mtu}; " + "next(pipeline=ingress, table=0); " + "};", + .io_port = None, + .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), + .stage_hint = Some{rp.lrp._uuid}) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -7593,27 +7967,27 @@ MeteredFlow(.logical_datapath = lr_uuid, rp.lrp != gw_mtu_rp.lrp, Some{var first_ipv4} = rp.networks.ipv4_addrs.nth(0). -MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 150, - .__match = "inport == ${rp.json_name} && ip4 && " - "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp4_error {" - "${rEGBIT_EGRESS_LOOPBACK()} = 1; " - "${rEGBIT_PKT_LARGER()} = 0; " - "eth.dst = ${rp.networks.ea}; " - "ip4.dst = ip4.src; " - "ip4.src = ${first_ipv4.addr}; " - "ip.ttl = 255; " - "icmp4.type = 3; /* Destination Unreachable. */ " - "icmp4.code = 4; /* Frag Needed and DF was Set. */ " - /* Set icmp4.frag_mtu to gw_mtu */ - "icmp4.frag_mtu = ${gw_mtu}; " - "next(pipeline=ingress, table=0); " - "};", - .tags = map_empty(), - .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), - .external_ids = stage_hint(rp.lrp._uuid)) :- +Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 150, + .__match = "inport == ${rp.json_name} && ip4 && " + "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", + .actions = "icmp4_error {" + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " + "${rEGBIT_PKT_LARGER()} = 0; " + "eth.dst = ${rp.networks.ea}; " + "ip4.dst = ip4.src; " + "ip4.src = ${first_ipv4.addr}; " + "ip.ttl = 255; " + "icmp4.type = 3; /* Destination Unreachable. */ " + "icmp4.code = 4; /* Frag Needed and DF was Set. */ " + /* Set icmp4.frag_mtu to gw_mtu */ + "icmp4.frag_mtu = ${gw_mtu}; " + "next(pipeline=ingress, table=0); " + "};", + .io_port = None, + .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), + .stage_hint = Some{rp.lrp._uuid}) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -7623,27 +7997,27 @@ MeteredFlow(.logical_datapath = lr_uuid, rp.lrp == gw_mtu_rp.lrp, Some{var first_ipv4} = rp.networks.ipv4_addrs.nth(0). -MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_LARGER_PKTS(), - .priority = 150, - .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip6 && " - "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp6_error {" - "${rEGBIT_EGRESS_LOOPBACK()} = 1; " - "${rEGBIT_PKT_LARGER()} = 0; " - "eth.dst = ${rp.networks.ea}; " - "ip6.dst = ip6.src; " - "ip6.src = ${first_ipv6.addr}; " - "ip.ttl = 255; " - "icmp6.type = 2; /* Packet Too Big. */ " - "icmp6.code = 0; " - /* Set icmp6.frag_mtu to gw_mtu */ - "icmp6.frag_mtu = ${gw_mtu}; " - "next(pipeline=ingress, table=0); " - "};", - .tags = map_empty(), - .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), - .external_ids = stage_hint(rp.lrp._uuid)) :- +Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_LARGER_PKTS(), + .priority = 150, + .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip6 && " + "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", + .actions = "icmp6_error {" + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " + "${rEGBIT_PKT_LARGER()} = 0; " + "eth.dst = ${rp.networks.ea}; " + "ip6.dst = ip6.src; " + "ip6.src = ${first_ipv6.addr}; " + "ip.ttl = 255; " + "icmp6.type = 2; /* Packet Too Big. */ " + "icmp6.code = 0; " + /* Set icmp6.frag_mtu to gw_mtu */ + "icmp6.frag_mtu = ${gw_mtu}; " + "next(pipeline=ingress, table=0); " + "};", + .io_port = None, + .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), + .stage_hint = Some{rp.lrp._uuid}) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -7653,27 +8027,27 @@ MeteredFlow(.logical_datapath = lr_uuid, rp.lrp != gw_mtu_rp.lrp, Some{var first_ipv6} = rp.networks.ipv6_addrs.nth(0). -MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 150, - .__match = "inport == ${rp.json_name} && ip6 && " - "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp6_error {" - "${rEGBIT_EGRESS_LOOPBACK()} = 1; " - "${rEGBIT_PKT_LARGER()} = 0; " - "eth.dst = ${rp.networks.ea}; " - "ip6.dst = ip6.src; " - "ip6.src = ${first_ipv6.addr}; " - "ip.ttl = 255; " - "icmp6.type = 2; /* Packet Too Big. */ " - "icmp6.code = 0; " - /* Set icmp6.frag_mtu to gw_mtu */ - "icmp6.frag_mtu = ${gw_mtu}; " - "next(pipeline=ingress, table=0); " - "};", - .tags = map_empty(), - .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), - .external_ids = stage_hint(rp.lrp._uuid)) :- +Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 150, + .__match = "inport == ${rp.json_name} && ip6 && " + "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", + .actions = "icmp6_error {" + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " + "${rEGBIT_PKT_LARGER()} = 0; " + "eth.dst = ${rp.networks.ea}; " + "ip6.dst = ip6.src; " + "ip6.src = ${first_ipv6.addr}; " + "ip.ttl = 255; " + "icmp6.type = 2; /* Packet Too Big. */ " + "icmp6.code = 0; " + /* Set icmp6.frag_mtu to gw_mtu */ + "icmp6.frag_mtu = ${gw_mtu}; " + "next(pipeline=ingress, table=0); " + "};", + .io_port = None, + .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), + .stage_hint = Some{rp.lrp._uuid}) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -7702,7 +8076,9 @@ for (&Router(._uuid = lr_uuid)) .priority = 50, .__match = "outport == ${json_string_escape(lrp.name)}", .actions = "outport = ${json_string_escape(chassis_redirect_name(lrp.name))}; next;", - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) }; /* Packets are allowed by default. */ @@ -7711,7 +8087,9 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "1", .actions = "next;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } /* Local router ingress table ARP_REQUEST: ARP request. @@ -7719,14 +8097,14 @@ for (&Router(._uuid = lr_uuid)) * In the common case where the Ethernet destination has been resolved, * this table outputs the packet (priority 0). Otherwise, it composes * and sends an ARP/IPv6 NA request (priority 100). */ -MeteredFlow(.logical_datapath = router._uuid, - .stage = s_ROUTER_IN_ARP_REQUEST(), - .priority = 200, - .__match = __match, - .actions = actions, - .tags = map_empty(), - .controller_meter = router.copp.get(cOPP_ND_NS_RESOLVE()), - .external_ids = map_empty()) :- +Flow(.logical_datapath = router._uuid, + .stage = s_ROUTER_IN_ARP_REQUEST(), + .priority = 200, + .__match = __match, + .actions = actions, + .io_port = None, + .controller_meter = router.copp.get(cOPP_ND_NS_RESOLVE()), + .stage_hint = None) :- rsr in RouterStaticRoute(.router = router), var dst = FlatMap(rsr.dsts), IPv6{var gw_ip6} = dst.nexthop, @@ -7744,39 +8122,41 @@ MeteredFlow(.logical_datapath = router._uuid, for (&Router(._uuid = lr_uuid, .copp = copp)) { - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_ARP_REQUEST(), - .priority = 100, - .__match = "eth.dst == 00:00:00:00:00:00 && ip4", - .actions = "arp { " - "eth.dst = ff:ff:ff:ff:ff:ff; " - "arp.spa = ${rEG_SRC()}; " - "arp.tpa = ${rEG_NEXT_HOP()}; " - "arp.op = 1; " /* ARP request */ - "output; " - "};", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ARP_RESOLVE()), - .external_ids = map_empty()); - - MeteredFlow(.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_ARP_REQUEST(), - .priority = 100, - .__match = "eth.dst == 00:00:00:00:00:00 && ip6", - .actions = "nd_ns { " - "nd.target = xx${rEG_NEXT_HOP()}; " - "output; " - "};", - .tags = map_empty(), - .controller_meter = copp.get(cOPP_ND_NS_RESOLVE()), - .external_ids = map_empty()); + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_ARP_REQUEST(), + .priority = 100, + .__match = "eth.dst == 00:00:00:00:00:00 && ip4", + .actions = "arp { " + "eth.dst = ff:ff:ff:ff:ff:ff; " + "arp.spa = ${rEG_SRC()}; " + "arp.tpa = ${rEG_NEXT_HOP()}; " + "arp.op = 1; " /* ARP request */ + "output; " + "};", + .io_port = None, + .controller_meter = copp.get(cOPP_ARP_RESOLVE()), + .stage_hint = None); + + Flow(.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_ARP_REQUEST(), + .priority = 100, + .__match = "eth.dst == 00:00:00:00:00:00 && ip6", + .actions = "nd_ns { " + "nd.target = xx${rEG_NEXT_HOP()}; " + "output; " + "};", + .io_port = None, + .controller_meter = copp.get(cOPP_ND_NS_RESOLVE()), + .stage_hint = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), .priority = 0, .__match = "1", .actions = "output;", - .external_ids = map_empty()) + .stage_hint = None, + .io_port = None, + .controller_meter = None) } @@ -7801,7 +8181,9 @@ for (&RouterPort(.lrp = lrp, .__match = "(ip4.mcast || ip6.mcast) && " "outport == ${json_name}", .actions = "eth.src = ${lrp_networks.ea}; output;", - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) }; /* No egress packets should be processed in the context of * a chassisredirect port. The chassisredirect port should @@ -7813,7 +8195,9 @@ for (&RouterPort(.lrp = lrp, .priority = 100, .__match = "outport == ${json_name}", .actions = "output;", - .external_ids = stage_hint(lrp._uuid)) + .stage_hint = Some{lrp._uuid}, + .io_port = None, + .controller_meter = None) } /* @@ -8445,22 +8829,24 @@ function lrouter_bfd_flows(lr_uuid: uuid, ipX: string, networks: string, controller_meter: Option) - : (Flow, MeteredFlow) + : (Flow, Flow) { (Flow{.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 110, .__match = "${ipX}.src == ${networks} && udp.dst == 3784", .actions = "next; ", - .external_ids = stage_hint(lrp_uuid)}, - MeteredFlow{.logical_datapath = lr_uuid, - .stage = s_ROUTER_IN_IP_INPUT(), - .priority = 110, - .__match = "${ipX}.dst == ${networks} && udp.dst == 3784", - .actions = "handle_bfd_msg(); ", - .tags = map_empty(), - .controller_meter = controller_meter, - .external_ids = stage_hint(lrp_uuid)}) + .stage_hint = Some{lrp_uuid}, + .io_port = None, + .controller_meter = None}, + Flow{.logical_datapath = lr_uuid, + .stage = s_ROUTER_IN_IP_INPUT(), + .priority = 110, + .__match = "${ipX}.dst == ${networks} && udp.dst == 3784", + .actions = "handle_bfd_msg(); ", + .io_port = None, + .controller_meter = controller_meter, + .stage_hint = Some{lrp_uuid}}) } for (&RouterPort(.router = router, .networks = networks, .lrp = lrp, .has_bfd = true)) { var controller_meter = router.copp.get(cOPP_BFD()) in { @@ -8469,7 +8855,7 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp, .has_bfd = format_v4_networks(networks, false), controller_meter) in { Flow[a]; - MeteredFlow[b] + Flow[b] } }; @@ -8478,7 +8864,7 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp, .has_bfd = format_v6_networks(networks), controller_meter) in { Flow[a]; - MeteredFlow[b] + Flow[b] } } } From patchwork Thu Aug 12 15:53:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516363 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrpw6kJ7z9sX1 for ; Fri, 13 Aug 2021 01:54:32 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 1A8EC40741; Thu, 12 Aug 2021 15:54:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zigOWsOR9ETU; Thu, 12 Aug 2021 15:54:25 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7BB99404E1; Thu, 12 Aug 2021 15:54:23 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 36E3BC001A; Thu, 12 Aug 2021 15:54:23 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3D857C0028 for ; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 2B6F34075B for ; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKjRkRuE8dKZ for ; Thu, 12 Aug 2021 15:54:16 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp2.osuosl.org (Postfix) with ESMTPS id 4A69B400DB for ; Thu, 12 Aug 2021 15:54:15 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 36D2D100008; Thu, 12 Aug 2021 15:54:11 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:53 -0700 Message-Id: <20210812155358.3141517-3-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 2/7] ovn-northd-ddlog: Use cheaper representation for stage_hint. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff The stage_hint only shows 32 bits of the uuid, so it's cheaper to omit the rest for the internal representation. Also, this is just a hint, so we might as well use zero to mean None and save the cost of the Option wrapper. With the benchmark at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html, this reduces memory consumption by 1.3 GB. Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 579 ++++++++++++++++++++++--------------------- 1 file changed, 292 insertions(+), 287 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 844add024..2365372fb 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -1644,9 +1644,13 @@ relation Flow( actions: string, io_port: Option, controller_meter: Option, - stage_hint: Option + stage_hint: bit<32> ) +function stage_hint(_uuid: uuid): bit<32> { + _uuid[127:96] +} + /* If this option is 'true' northd will combine logical flows that differ by * logical datapath only by creating a datapath group. */ relation UseLogicalDatapathGroups[bool] @@ -1673,11 +1677,12 @@ function make_flow_tags(io_port: Option): Map { Some{s} -> [ "in_out_port" -> s ] } } -function make_flow_external_ids(stage_hint: Option, stage: Stage): Map { - match (stage_hint) { - None -> ["stage-name" -> stage.table_name], - Some{uuid} -> ["stage-name" -> stage.table_name, - "stage-hint" -> "${hex(uuid[127:96])}"] +function make_flow_external_ids(stage_hint: bit<32>, stage: Stage): Map { + if (stage_hint == 0) { + ["stage-name" -> stage.table_name] + } else { + ["stage-name" -> stage.table_name, + "stage-hint" -> "${hex(stage_hint)}"] } } AggregatedFlow(.logical_datapaths = g.to_set(), @@ -1744,7 +1749,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{fg_uuid}, + .stage_hint = stage_hint(fg_uuid), .io_port = None, .controller_meter = None) :- sw in &Switch(), @@ -1776,7 +1781,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = actions, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- sw in &Switch(), @@ -1799,7 +1804,7 @@ for (sw in &Switch()) { .priority = 100, .__match = "vlan.present", .actions = "drop;", - .stage_hint = None /*TODO: check*/, + .stage_hint = 0 /*TODO: check*/, .io_port = None, .controller_meter = None) }; @@ -1810,7 +1815,7 @@ for (sw in &Switch()) { .priority = 100, .__match = "eth.src[40]", .actions = "drop;", - .stage_hint = None /*TODO: check*/, + .stage_hint = 0 /*TODO: check*/, .io_port = None, .controller_meter = None) /* Port security flows have priority 50 (see below) and will continue to the next table @@ -1872,7 +1877,7 @@ for (&Switch(._uuid =ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -1880,7 +1885,7 @@ for (&Switch(._uuid =ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -1889,7 +1894,7 @@ for (&Switch(._uuid =ls_uuid)) { .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -1897,7 +1902,7 @@ for (&Switch(._uuid =ls_uuid)) { .priority = 110, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -1912,7 +1917,7 @@ for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = &acl, .has_fair_meter .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "next;", - .stage_hint = Some{acl._uuid}, + .stage_hint = stage_hint(acl._uuid), .io_port = None, .controller_meter = None) } else { @@ -1921,7 +1926,7 @@ for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = &acl, .has_fair_meter .priority = acl.priority + oVN_ACL_PRI_OFFSET(), .__match = acl.__match, .actions = "next;", - .stage_hint = Some{acl._uuid}, + .stage_hint = stage_hint(acl._uuid), .io_port = None, .controller_meter = None) } @@ -1953,7 +1958,7 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "router"}, .priority = 110, .__match = "ip && inport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -1961,7 +1966,7 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "router"}, .priority = 110, .__match = "ip && outport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -1974,7 +1979,7 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "localnet"}, .priority = 110, .__match = "ip && inport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -1982,7 +1987,7 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "localnet"}, .priority = 110, .__match = "ip && outport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -1998,7 +2003,7 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2007,7 +2012,7 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2024,7 +2029,7 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2032,7 +2037,7 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2046,7 +2051,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = __match, .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2054,7 +2059,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = __match, .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) }; @@ -2065,7 +2070,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2073,7 +2078,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2083,7 +2088,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2091,7 +2096,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2103,7 +2108,7 @@ if (lsp.__type == "router" or lsp.__type == "localnet") { .priority = 110, .__match = "ip && inport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2111,7 +2116,7 @@ if (lsp.__type == "router" or lsp.__type == "localnet") { .priority = 110, .__match = "ip && outport == ${lsp_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -2171,7 +2176,7 @@ Flow(.logical_datapath = sw._uuid, .actions = __action, .io_port = None, .controller_meter = sw.copp.get(cOPP_EVENT_ELB()), - .stage_hint = Some{lb._uuid}) :- + .stage_hint = stage_hint(lb._uuid)) :- SwitchLBVIP(.sw_uuid = sw_uuid, .lb = lb, .vip = vip, .backends = backends), LoadBalancerEmptyEvents(lb), not lb.options.get_bool_def("reject", false), @@ -2214,7 +2219,7 @@ for (sw in &Switch(.has_lb_vip = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = sw._uuid, @@ -2222,7 +2227,7 @@ for (sw in &Switch(.has_lb_vip = true)) { .priority = 100, .__match = "ip", .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2240,7 +2245,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2248,7 +2253,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2269,7 +2274,7 @@ for (&Switch(._uuid = ls_uuid)) { .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip4 && ${protocol}", .actions = "${rEG_ORIG_DIP_IPV4()} = ip4.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2278,7 +2283,7 @@ for (&Switch(._uuid = ls_uuid)) { .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip6 && ${protocol}", .actions = "${rEG_ORIG_DIP_IPV6()} = ip6.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) }; @@ -2288,7 +2293,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", .actions = "ct_lb;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2297,7 +2302,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 110, .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", .actions = "ct_lb;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2308,7 +2313,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", .actions = "ct_next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2316,7 +2321,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", .actions = "ct_next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2427,7 +2432,7 @@ for (Reject(lsuuid, pipeline, stage, acl, fair_meter, controller_meter, .actions = actions, .io_port = None, .controller_meter = controller_meter, - .stage_hint = Some{acl._uuid}) + .stage_hint = stage_hint(acl._uuid)) } /* build_acls */ @@ -2454,7 +2459,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = priority, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2462,7 +2467,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = priority, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) }; @@ -2494,7 +2499,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 1, .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2502,7 +2507,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 1, .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2518,7 +2523,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2526,7 +2531,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2545,7 +2550,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct.rpl && ct_label.blocked == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2554,7 +2559,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct.rpl && ct_label.blocked == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2575,7 +2580,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct_label.blocked == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2584,7 +2589,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ "&& ct_label.blocked == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2596,7 +2601,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2604,7 +2609,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 65532, .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) }; @@ -2618,7 +2623,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 34000, .__match = "udp.src == 53", .actions = if has_stateful "ct_commit; next;" else "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) }; @@ -2631,7 +2636,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 34000, .__match = "eth.dst == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2639,7 +2644,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { .priority = 34000, .__match = "eth.src == $svc_monitor_mac", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2665,7 +2670,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { for (AclHintStages[stage]) { /* In any case, advance to the next stage. */ var priority = if (not sw.has_acls and not sw.has_lb_vip) { 65535 } else { 0 } in - Flow(ls_uuid, stage, priority, "1", "next;", None, None, None) + Flow(ls_uuid, stage, priority, "1", "next;", None, None, 0) }; for (AclHintStages[stage]) @@ -2677,7 +2682,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 7, "ct.new && !ct.est", "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); /* Already established connections in the "request" direction that * are already marked as "blocked" may hit either: @@ -2690,13 +2695,13 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 6, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1", "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); /* Not tracked traffic can either be allowed or dropped. */ Flow(ls_uuid, stage, 5, "!ct.trk", "${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); /* Already established connections in the "request" direction may hit * either: @@ -2709,17 +2714,17 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(ls_uuid, stage, 4, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0", "${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_BLOCK()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); /* Not established or established and already blocked connections may * hit drop ACLs. */ Flow(ls_uuid, stage, 3, "!ct.est", "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); Flow(ls_uuid, stage, 2, "ct.est && ct_label.blocked == 1", "${rEGBIT_ACL_HINT_DROP()} = 1; " - "next;", None, None, None); + "next;", None, None, 0); /* Established connections that were previously allowed might hit * drop ACLs in which case the connection must be committed with @@ -2727,7 +2732,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { */ Flow(ls_uuid, stage, 1, "ct.est && ct_label.blocked == 0", "${rEGBIT_ACL_HINT_BLOCK()} = 1; " - "next;", None, None, None) + "next;", None, None, 0) } } @@ -2738,7 +2743,7 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { var ingress = acl.direction == "from-lport" in var stage = if (ingress) { s_SWITCH_IN_ACL() } else { s_SWITCH_OUT_ACL() } in var pipeline = if ingress Ingress else Egress in - var stage_hint = Some{acl._uuid} in + var stage_hint = stage_hint(acl._uuid) in var acl_log = build_acl_log(acl, fair_meter) in if (acl.action == "allow" or acl.action == "allow-related") { /* If there are any stateful flows, we must even commit "allow" @@ -2885,7 +2890,7 @@ for (SwitchPortDHCPv4Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, "&& ip4.src == ${server_id} && udp && udp.src == 67 " "&& udp.dst == 68", .actions = if (has_stateful) "ct_commit; next;" else "next;", - .stage_hint = Some{dhcpv4_options._uuid}, + .stage_hint = stage_hint(dhcpv4_options._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -2907,7 +2912,7 @@ for (SwitchPortDHCPv6Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, "&& ip6.src == ${server_ip} && udp && udp.src == 547 " "&& udp.dst == 546", .actions = if (has_stateful) "ct_commit; next;" else "next;", - .stage_hint = Some{dhcpv6_options._uuid}, + .stage_hint = stage_hint(dhcpv6_options._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -2926,7 +2931,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2934,7 +2939,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2942,7 +2947,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -2950,7 +2955,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -2967,7 +2972,7 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { .priority = qos.priority, .__match = qos.__match, .actions = "ip.dscp = ${value_action}; next;", - .stage_hint = Some{qos._uuid}, + .stage_hint = stage_hint(qos._uuid), .io_port = None, .controller_meter = None) } @@ -3003,7 +3008,7 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { .priority = qos.priority, .__match = qos.__match, .actions = meter_action, - .stage_hint = Some{qos._uuid}, + .stage_hint = stage_hint(qos._uuid), .io_port = None, .controller_meter = None) } @@ -3019,7 +3024,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -3027,7 +3032,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -3040,7 +3045,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", .actions = "ct_commit { ct_label.blocked = 0; }; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -3048,7 +3053,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", .actions = "ct_commit { ct_label.blocked = 0; }; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -3153,7 +3158,7 @@ Flow(.logical_datapath = sw._uuid, .actions = actions, .io_port = None, .controller_meter = meter, - .stage_hint = Some{lb._uuid}) :- + .stage_hint = stage_hint(lb._uuid)) :- sw in &Switch(), LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], sw.load_balancer.contains(lb._uuid), @@ -3193,7 +3198,7 @@ Flow(.logical_datapath = ls_uuid, .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- &Switch(._uuid = ls_uuid), @@ -3213,7 +3218,7 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .actions = "${rEGBIT_HAIRPIN()} = chk_lb_hairpin(); " "${rEGBIT_HAIRPIN_REPLY()} = chk_lb_hairpin_reply(); " "next;", - .stage_hint = Some{ls_uuid}, + .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3224,7 +3229,7 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 100, .__match = "ip && ct.new && ct.trk && ${rEGBIT_HAIRPIN()} == 1", .actions = "ct_snat_to_vip; next;", - .stage_hint = Some{ls_uuid}, + .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3236,7 +3241,7 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 100, .__match = "ip && ct.est && ct.trk && ${rEGBIT_HAIRPIN()} == 1", .actions = "ct_snat;", - .stage_hint = Some{ls_uuid}, + .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3246,7 +3251,7 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 90, .__match = "ip && ${rEGBIT_HAIRPIN_REPLY()} == 1", .actions = "ct_snat;", - .stage_hint = Some{ls_uuid}, + .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3259,7 +3264,7 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { .priority = 1, .__match = "(${rEGBIT_HAIRPIN()} == 1 || ${rEGBIT_HAIRPIN_REPLY()} == 1)", .actions = "eth.dst <-> eth.src; outport = inport; flags.loopback = 1; output;", - .stage_hint = Some{ls_uuid}, + .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None) } @@ -3284,7 +3289,7 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -3321,7 +3326,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = dhcp_match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) }; @@ -3346,7 +3351,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3363,7 +3368,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = dad_match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = None, .controller_meter = None) }; @@ -3375,7 +3380,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3387,7 +3392,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 80, .__match = __match, .actions = "drop;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3437,7 +3442,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3451,7 +3456,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3461,7 +3466,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .priority = 80, .__match = "inport == ${port.json_name} && (arp || nd)", .actions = "drop;", - .stage_hint = Some{port.lsp._uuid}, + .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } @@ -3475,7 +3480,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -3483,7 +3488,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -3500,7 +3505,7 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name) .priority = 100, .__match = "inport == ${json_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -3525,7 +3530,7 @@ function lsp_is_up(lsp: Intern): bool = { "((arp.op == 1 && arp.spa == ${virtual_ip} && arp.tpa == ${virtual_ip}) || " "(arp.op == 2 && arp.spa == ${virtual_ip}))", .actions = "bind_vport(${sp.json_name}, inport); next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{vp.lsp.name}, .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), @@ -3569,7 +3574,7 @@ for (CheckLspIsUp[check_lsp_is_up]) { .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None); @@ -3590,7 +3595,7 @@ for (CheckLspIsUp[check_lsp_is_up]) { .priority = 100, .__match = __match ++ " && inport == ${json_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -3602,7 +3607,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = __actions, - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- @@ -3665,7 +3670,7 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .actions = actions, .io_port = None, .controller_meter = sw.copp.get(cOPP_ND_NA()), - .stage_hint = Some{lsp._uuid}); + .stage_hint = stage_hint(lsp._uuid)); /* Do not reply to a solicitation from the port that owns the * address (otherwise DAD detection will fail). */ @@ -3674,7 +3679,7 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .priority = 100, .__match = __match ++ " && inport == ${json_name}", .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -3688,7 +3693,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -3709,7 +3714,7 @@ Flow(.logical_datapath = sp.sw._uuid, "outport = inport; " "flags.loopback = 1; " "output;", - .stage_hint = Some{lbvip.lb._uuid}, + .stage_hint = stage_hint(lbvip.lb._uuid), .io_port = None, .controller_meter = None) :- LBVIP[lbvip], @@ -3930,7 +3935,7 @@ for (lsp in &SwitchPort .actions = options_action, .io_port = None, .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), - .stage_hint = Some{lsp.lsp._uuid}); + .stage_hint = stage_hint(lsp.lsp._uuid)); /* Allow ip4.src = OFFER_IP and * ip4.dst = {SERVER_IP, 255.255.255.255} for the below @@ -3949,7 +3954,7 @@ for (lsp in &SwitchPort .actions = options_action, .io_port = None, .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), - .stage_hint = Some{lsp.lsp._uuid}); + .stage_hint = stage_hint(lsp.lsp._uuid)); /* If REGBIT_DHCP_OPTS_RESULT is set, it means the * put_dhcp_opts action is successful. */ @@ -3961,7 +3966,7 @@ for (lsp in &SwitchPort .priority = 100, .__match = __match, .actions = response_action, - .stage_hint = Some{lsp.lsp._uuid}, + .stage_hint = stage_hint(lsp.lsp._uuid), .io_port = None, .controller_meter = None) // FIXME: is there a constraint somewhere that guarantees that build_dhcpv4_action @@ -3992,7 +3997,7 @@ for (lsp in &SwitchPort .actions = options_action, .io_port = None, .controller_meter = lsp.sw.copp.get(cOPP_DHCPV6_OPTS()), - .stage_hint = Some{lsp.lsp._uuid}); + .stage_hint = stage_hint(lsp.lsp._uuid)); /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the * put_dhcpv6_opts action is successful */ @@ -4001,7 +4006,7 @@ for (lsp in &SwitchPort .priority = 100, .__match = __match ++ " && ${rEGBIT_DHCP_OPTS_RESULT()}", .actions = response_action, - .stage_hint = Some{lsp.lsp._uuid}, + .stage_hint = stage_hint(lsp.lsp._uuid), .io_port = None, .controller_meter = None) // FIXME: is there a constraint somewhere that guarantees that build_dhcpv4_action @@ -4027,7 +4032,7 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53", .actions = "${rEGBIT_DNS_LOOKUP_RESULT()} = dns_lookup(); next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4039,7 +4044,7 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4051,7 +4056,7 @@ for (LogicalSwitchHasDNSRecords(ls, true)) .priority = 100, .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4070,7 +4075,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4079,7 +4084,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4088,7 +4093,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4097,7 +4102,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4106,7 +4111,7 @@ for (ls in nb::Logical_Switch) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4116,7 +4121,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 110, .__match = "eth.dst == $svc_monitor_mac", .actions = "handle_svc_check(inport);", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- sw in &Switch(). @@ -4149,7 +4154,7 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .actions = "${igmp_act}", .io_port = None, .controller_meter = controller_meter, - .stage_hint = None); + .stage_hint = 0); /* Punt MLD traffic to controller. */ Flow(.logical_datapath = ls_uuid, @@ -4159,7 +4164,7 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .actions = "${igmp_act}", .io_port = None, .controller_meter = controller_meter, - .stage_hint = None); + .stage_hint = 0); /* Flood all IP multicast traffic destined to 224.0.0.X to * all ports - RFC 4541, section 2.1.2, item 2. @@ -4170,7 +4175,7 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .priority = 85, .__match = "ip4.mcast && ip4.dst == 224.0.0.0/24", .actions = "outport = ${flood}; output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4183,7 +4188,7 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .priority = 85, .__match = "ip6.mcast_flood", .actions = "outport = ${flood}; output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4225,7 +4230,7 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) .__match = "ip4.mcast || ip6.mcast", .actions = "${relay_act}${static_act}${drop_act}", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4282,7 +4287,7 @@ for (IgmpSwitchMulticastGroup(.address = address, .switch = sw)) { .actions = "${relay_act} ${static_act} outport = \"${address}\"; " "output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4305,7 +4310,7 @@ Flow(.logical_datapath = sp.sw._uuid, "!is_chassis_resident(${sp.json_name}) && " "arp.tpa == ${rp_addr.addr} && arp.op == 1"), .actions = "drop;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- sp in &SwitchPort(), @@ -4324,7 +4329,7 @@ Flow(.logical_datapath = sp.sw._uuid, "nd_ns && ip6.dst == {${rp_addr.addr}, ${rp_addr.solicited_node()}} && " "nd.target == ${rp_addr.addr}"), .actions = "drop;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- sp in &SwitchPort(), @@ -4342,7 +4347,7 @@ Flow(.logical_datapath = sp.sw._uuid, "eth.dst == ${ea} && " "!is_chassis_resident(${sp.json_name})"), .actions = "drop;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- sp in &SwitchPort(), @@ -4362,7 +4367,7 @@ for (ls in nb::Logical_Switch) { .priority = 70, .__match = "eth.mcast", .actions = "outport = ${mc_flood}; output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4377,7 +4382,7 @@ for (SwitchPortStaticAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json .priority = 50, .__match = "eth.dst == ${addrs.ea}", .actions = "outport = ${json_name}; output;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) } @@ -4420,7 +4425,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 75, .__match = __match, .actions = actions, - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw@&Switch{.has_non_router_port = true}, .peer = Some{rp}), @@ -4547,7 +4552,7 @@ Flow(.logical_datapath = sw._uuid, } else { "outport = ${sp.json_name}; output;" }, - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), @@ -4566,7 +4571,7 @@ Flow(.logical_datapath = sw._uuid, } else { "outport = ${sp.json_name}; output;" }, - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), @@ -4581,7 +4586,7 @@ Flow(.logical_datapath = sw._uuid, .__match = fLAGBIT_NOT_VXLAN() ++ " && arp.op == 1 && arp.tpa == " ++ ipv4, .actions = "outport = ${flood}; output;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), @@ -4596,7 +4601,7 @@ Flow(.logical_datapath = sw._uuid, .__match = fLAGBIT_NOT_VXLAN() ++ " && nd_ns && nd.target == " ++ ipv6, .actions = "outport = ${flood}; output;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), @@ -4613,7 +4618,7 @@ for (SwitchPortNewDynamicAddress(.port = &SwitchPort{.lsp = lsp, .json_name = js .priority = 50, .__match = "eth.dst == ${addrs.ea}", .actions = "outport = ${json_name}; output;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) } @@ -4664,7 +4669,7 @@ for (&SwitchPort(.lsp = lsp, .priority = 50, .__match = __match, .actions = "outport = ${json_name}; output;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None); @@ -4682,7 +4687,7 @@ for (&SwitchPort(.lsp = lsp, .priority = 50, .__match = __match, .actions = "outport = ${json_name}; output;", - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -4706,7 +4711,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "outport = get_fdb(eth.dst); next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4720,7 +4725,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { } else { "drop;" }, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4729,7 +4734,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4742,7 +4747,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, @@ -4750,7 +4755,7 @@ for (&Switch(._uuid = ls_uuid)) { .priority = 100, .__match = "eth.mcast", .actions = "output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4760,7 +4765,7 @@ Flow(.logical_datapath = ls_uuid, .priority = 100, .__match = "inport == ${sp.json_name}", .actions = "$[rEGBIT_LKUP_FDB()} = lookup_fdb(inport, eth.src); next;", - .stage_hint = Some{lsp_uuid}, + .stage_hint = stage_hint(lsp_uuid), .io_port = Some{sp.lsp.name}, .controller_meter = None), Flow(.logical_datapath = ls_uuid, @@ -4768,7 +4773,7 @@ Flow(.logical_datapath = ls_uuid, .priority = 100, .__match = "inport == ${sp.json_name} && ${rEGBIT_LKUP_FDB()} == 0", .actions = "put_fdb(inport, eth.src); next;", - .stage_hint = Some{lsp_uuid}, + .stage_hint = stage_hint(lsp_uuid), .io_port = Some{sp.lsp.name}, .controller_meter = None) :- LogicalSwitchPortWithUnknownAddress(ls_uuid, lsp_uuid), @@ -4780,7 +4785,7 @@ Flow(.logical_datapath = ls_uuid, .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None), Flow(.logical_datapath = ls_uuid, @@ -4788,7 +4793,7 @@ Flow(.logical_datapath = ls_uuid, .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- &Switch(._uuid = ls_uuid). @@ -4807,7 +4812,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 50, .__match = __match, .actions = queue_action ++ "output;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) :- &SwitchPort(.sw = sw, .lsp = lsp, .json_name = json_name, .ps_eth_addresses = ps_eth_addresses), @@ -4832,7 +4837,7 @@ for (&SwitchPort(.lsp = lsp, .json_name = json_name, .sw = sw)) { .priority = 150, .__match = "outport == {$json_name}", .actions = "drop;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -4867,7 +4872,7 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) }; @@ -4879,7 +4884,7 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .priority = 90, .__match = __match, .actions = "next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) }; @@ -4889,7 +4894,7 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .priority = 80, .__match = __match, .actions = "drop;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } @@ -4903,7 +4908,7 @@ for (&Router(._uuid = lr_uuid)) { .priority = 100, .__match = "vlan.present || eth.src[40]", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4940,7 +4945,7 @@ for (&RouterPort(.lrp = lrp, .priority = 50, .__match = "eth.mcast && inport == ${json_name}", .actions = actions, - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None); @@ -4956,7 +4961,7 @@ for (&RouterPort(.lrp = lrp, .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) } @@ -5014,7 +5019,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " ++ { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, @@ -5025,7 +5030,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} = lookup_nd(inport, nd.target, nd.tll); " ++ { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, @@ -5037,7 +5042,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in { if (learn_from_arp_request) "" else "${rLNIR} = lookup_nd_ip(inport, ip6.src); " } ++ "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5048,7 +5053,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .priority = 0, .__match = "1", .actions = "${rLNR} = 1; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5061,7 +5066,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in "${rLNR} == 1" ++ { if (learn_from_arp_request) "" else " || ${rLNIR} == 0" }, .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, @@ -5071,7 +5076,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .actions = "put_arp(inport, arp.spa, arp.sha); next;", .io_port = None, .controller_meter = copp.get(cOPP_ARP()), - .stage_hint = None); + .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 90, @@ -5079,7 +5084,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .actions = "put_nd(inport, nd.target, nd.tll); next;", .io_port = None, .controller_meter = copp.get(cOPP_ND_NA()), - .stage_hint = None); + .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 90, @@ -5087,7 +5092,7 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .actions = "put_nd(inport, ip6.src, nd.sll); next;", .io_port = None, .controller_meter = copp.get(cOPP_ND_NS()), - .stage_hint = None) + .stage_hint = 0) } /* Check if we need to learn mac-binding from ARP requests. */ @@ -5115,7 +5120,7 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { .priority = 110, .__match = __match.join(" && "), .actions = actions, - .stage_hint = Some{rp.lrp._uuid}, + .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) }; @@ -5129,7 +5134,7 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { .priority = 100, .__match = "${match0} && ${match1}", .actions = actions, - .stage_hint = Some{rp.lrp._uuid}, + .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) } @@ -5151,7 +5156,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { "ip4.src == 0.0.0.0/8 || " "ip4.dst == 0.0.0.0/8", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5165,7 +5170,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 85, .__match = "arp || nd", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5177,7 +5182,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 84, .__match = "nd_rs || nd_ra", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5187,7 +5192,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 83, .__match = "ip6.mcast_rsvd", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5198,7 +5203,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 82, .__match = "ip4.mcast || ip6.mcast", .actions = mcast_action, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5209,7 +5214,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 50, .__match = "eth.bcast", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5220,7 +5225,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 30, .__match = "ip4 && ip.ttl == {0, 1}", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5231,7 +5236,7 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -5320,7 +5325,7 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) .priority = 100, .__match = __match, .actions = "drop;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None); @@ -5341,7 +5346,7 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) "icmp4.type = 0; " "flags.loopback = 1; " "next; ", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) } @@ -5439,11 +5444,11 @@ relation LogicalRouterArpNdFlow( drop: bool, priority: integer) LogicalRouterArpFlow(router, lrp, "${ipv4}", mac, extra_match, drop, priority, - Some{nat.nat._uuid}) :- + stage_hint(nat.nat._uuid)) :- LogicalRouterArpNdFlow(router, nat@NAT{.external_ip = IPv4{ipv4}}, lrp, mac, extra_match, drop, priority). LogicalRouterNdFlow(router, lrp, "nd_na", ipv6, true, mac, extra_match, drop, priority, - Some{nat.nat._uuid}) :- + stage_hint(nat.nat._uuid)) :- LogicalRouterArpNdFlow(router, nat@NAT{.external_ip = IPv6{ipv6}}, lrp, mac, extra_match, drop, priority). @@ -5455,7 +5460,7 @@ relation LogicalRouterArpFlow( extra_match: Option, drop: bool, priority: integer, - stage_hint: Option) + stage_hint: bit<32>) Flow(.logical_datapath = lr._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = priority, @@ -5501,7 +5506,7 @@ relation LogicalRouterNdFlow( extra_match: Option, drop: bool, priority: integer, - stage_hint: Option) + stage_hint: bit<32>) Flow(.logical_datapath = lr._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = priority, @@ -5563,7 +5568,7 @@ for (RouterPortNetworksIPv4Addr(.port = &RouterPort{.lrp = lrp, "ip4.src = ${addr.addr}; " "ip.ttl = 255; " "next; };", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None); @@ -5590,7 +5595,7 @@ for (RouterPortNetworksIPv4Addr(.port = &RouterPort{.lrp = lrp, .extra_match = Some{__match}, .drop = false, .priority = 90, - .stage_hint = Some{lrp._uuid}) + .stage_hint = stage_hint(lrp._uuid)) } } @@ -5612,7 +5617,7 @@ var residence_check = match (is_redirect) { .extra_match = residence_check, .drop = false, .priority = 90, - .stage_hint = None) + .stage_hint = 0) } }; for (RouterLBVIP(.router = &Router{._uuid= lr_uuid}, .vip = vip)) { @@ -5627,7 +5632,7 @@ var residence_check = match (is_redirect) { .extra_match = residence_check, .drop = false, .priority = 90, - .stage_hint = None) + .stage_hint = 0) } } } @@ -5643,7 +5648,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 60, .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .stage_hint = Some{lrp_uuid}, + .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, @@ -5659,7 +5664,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 60, .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .stage_hint = Some{lrp_uuid}, + .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, @@ -5695,7 +5700,7 @@ for (RouterPortNetworksIPv4Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_ICMP4_ERR()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && tcp" in Flow(.logical_datapath = lr_uuid, @@ -5708,7 +5713,7 @@ for (RouterPortNetworksIPv4Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_TCP_RESET()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && sctp" in Flow(.logical_datapath = lr_uuid, @@ -5721,7 +5726,7 @@ for (RouterPortNetworksIPv4Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_TCP_RESET()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag" in Flow(.logical_datapath = lr_uuid, @@ -5737,7 +5742,7 @@ for (RouterPortNetworksIPv4Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_ICMP4_ERR()), - .stage_hint = Some{lrp._uuid}) + .stage_hint = stage_hint(lrp._uuid)) } /* DHCPv6 reply handling */ @@ -5747,7 +5752,7 @@ Flow(.logical_datapath = rp.router._uuid, .__match = "ip6.dst == ${ipv6_addr.addr} " "&& udp.src == 547 && udp.dst == 546", .actions = "reg0 = 0; handle_dhcpv6_reply;", - .stage_hint = Some{rp.lrp._uuid}, + .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) :- rp in &RouterPort(), @@ -5777,7 +5782,7 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) "icmp6.type = 129; " "flags.loopback = 1; " "next; ", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) } @@ -5808,7 +5813,7 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.lrp = lrp, .extra_match = extra_match, .drop = false, .priority = 90, - .stage_hint = Some{lrp._uuid}) + .stage_hint = stage_hint(lrp._uuid)) } /* UDP/TCP/SCTP port unreachable */ @@ -5832,7 +5837,7 @@ for (RouterPortNetworksIPv6Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_TCP_RESET()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && sctp" in Flow(.logical_datapath = lr_uuid, @@ -5845,7 +5850,7 @@ for (RouterPortNetworksIPv6Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_TCP_RESET()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && udp" in Flow(.logical_datapath = lr_uuid, @@ -5861,7 +5866,7 @@ for (RouterPortNetworksIPv6Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_ICMP6_ERR()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag" in Flow(.logical_datapath = lr_uuid, @@ -5877,7 +5882,7 @@ for (RouterPortNetworksIPv6Addr( "next; };", .io_port = None, .controller_meter = copp.get(cOPP_ICMP6_ERR()), - .stage_hint = Some{lrp._uuid}) + .stage_hint = stage_hint(lrp._uuid)) } /* ICMPv6 time exceeded */ @@ -5906,7 +5911,7 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.router = router, .actions = actions, .io_port = None, .controller_meter = router.copp.get(cOPP_ICMP6_ERR()), - .stage_hint = Some{lrp._uuid}) + .stage_hint = stage_hint(lrp._uuid)) } /* NAT, Defrag and load balancing. */ @@ -5919,7 +5924,7 @@ function default_allow_flow(datapath: uuid, stage: Stage): Flow { .actions = "next;", .io_port = None, .controller_meter = None, - .stage_hint = None} + .stage_hint = 0} } for (r in &Router(._uuid = lr_uuid)) { /* Packets are allowed by default. */ @@ -5940,7 +5945,7 @@ for (r in &Router(._uuid = lr_uuid)) { .priority = 120, .__match = "nd_ns", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -5965,7 +5970,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 50, .__match = "ip && ct.new", .actions = "ct_commit { } ; next; ", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5974,7 +5979,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 50, .__match = "ip", .actions = "flags.loopback = 1; ct_dnat;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -5984,7 +5989,7 @@ Flow(.logical_datapath = lr, .priority = 120, .__match = "flags.skip_snat_for_lb == 1 && ip", .actions = "next;", - .stage_hint = Some{lb._uuid}, + .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None) :- LogicalRouterLB(lr, lb), @@ -6051,7 +6056,7 @@ function lrouter_nat_add_ext_ip_match( .priority = priority, .__match = "${__match} && ${ipX}.${dir} == $${__as.name}", .actions = "next;", - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None}}) } @@ -6067,7 +6072,7 @@ Flow(.logical_datapath = logical_router, .priority = 110, .__match = "${ipX} && ${ipX}.dst == ${ip}", .actions = "ct_snat;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None), /* Higher priority rules to force SNAT with the IP addresses @@ -6078,7 +6083,7 @@ Flow(.logical_datapath = logical_router, .priority = 100, .__match = "flags.force_snat_for_${context} == 1 && ${ipX}", .actions = "ct_snat(${ip});", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- LogicalRouterForceSnatFlows(.logical_router = logical_router, @@ -6098,7 +6103,7 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "inport == ${rp.json_name} && ip4.dst == ${ipv4.addr}", .actions = "ct_snat;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6107,7 +6112,7 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "flags.force_snat_for_lb == 1 && ip4 && outport == ${rp.json_name}", .actions = "ct_snat(${ipv4.addr});", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6127,7 +6132,7 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "inport == ${rp.json_name} && ip6.dst == ${ipv6.addr}", .actions = "ct_snat;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6136,7 +6141,7 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options .priority = 110, .__match = "flags.force_snat_for_lb == 1 && ip6 && outport == ${rp.json_name}", .actions = "ct_snat(${ipv6.addr});", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6208,7 +6213,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 90, .__match = "ip && ${ipX}.dst == ${nat.nat.external_ip}", .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6234,7 +6239,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -6279,7 +6284,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match ++ ext_ip_match, .actions = flag_action ++ nat_actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6310,7 +6315,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match ++ ext_ip_match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -6327,7 +6332,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 120, .__match = __match, .actions = "next;", - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6344,7 +6349,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = "eth.dst = ${dst_mac}; next;", - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -6382,7 +6387,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6419,7 +6424,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = plen as bit<64> + 1, .__match = __match ++ ext_ip_match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6459,7 +6464,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = priority + centralized_boost, .__match = __match ++ ext_ip_match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -6486,7 +6491,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None); @@ -6515,7 +6520,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None); @@ -6527,7 +6532,7 @@ for (r in &Router(._uuid = lr_uuid, .__match = "${ipX}.src == ${nat.nat.logical_ip} && " "outport == ${json_string_escape(gwport.name)}", .actions = "drop;", - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; @@ -6567,7 +6572,7 @@ for (r in &Router(._uuid = lr_uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = Some{nat.nat._uuid}, + .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) } @@ -6621,7 +6626,7 @@ for (RouterLBVIP( .actions = __action, .io_port = None, .controller_meter = r.copp.get(cOPP_EVENT_ELB()), - .stage_hint = Some{lb._uuid}) + .stage_hint = stage_hint(lb._uuid)) } }; @@ -6661,7 +6666,7 @@ for (RouterLBVIP( .priority = prio, .__match = __match, .actions = __actions, - .stage_hint = Some{lb._uuid}, + .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None); @@ -6707,7 +6712,7 @@ for (RouterLBVIP( .priority = prio, .__match = est_match, .actions = actions, - .stage_hint = Some{lb._uuid}, + .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None); @@ -6731,7 +6736,7 @@ for (RouterLBVIP( .priority = 120, .__match = match3, .actions = "next;", - .stage_hint = Some{lb._uuid}, + .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None) }; @@ -6773,7 +6778,7 @@ for (RouterLBVIP( .priority = 120, .__match = undnat_match, .actions = action, - .stage_hint = Some{lb._uuid}, + .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None) } @@ -6792,7 +6797,7 @@ Flow(.logical_datapath = r._uuid, .actions = actions, .io_port = None, .controller_meter = meter, - .stage_hint = Some{lb._uuid}) :- + .stage_hint = stage_hint(lb._uuid)) :- r in &Router(), r.l3dgw_ports.len() > 0 or r.is_gateway, LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], @@ -6963,7 +6968,7 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non .actions = actions, .io_port = None, .controller_meter = router.copp.get(cOPP_ND_RA_OPTS()), - .stage_hint = Some{lrp._uuid}); + .stage_hint = stage_hint(lrp._uuid)); var __match = "inport == ${json_name} && ip6.dst == ff02::2 && " "nd_ra && ${rEGBIT_ND_RA_OPTS_RESULT()}" in @@ -6977,7 +6982,7 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non .priority = 50, .__match = __match, .actions = actions, - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) } @@ -6994,7 +6999,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, @@ -7002,7 +7007,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7066,7 +7071,7 @@ for (Route(.port = port, .priority = priority as integer, .__match = __match, .actions = "ip.ttl--; ${actions}", - .stage_hint = Some{port.lrp._uuid}, + .stage_hint = stage_hint(port.lrp._uuid), .io_port = None, .controller_meter = None); @@ -7076,7 +7081,7 @@ for (Route(.port = port, .priority = priority as integer + 1, .__match = "${__match} && udp.dst == 3784", .actions = actions, - .stage_hint = Some{port.lrp._uuid}, + .stage_hint = stage_hint(port.lrp._uuid), .io_port = None, .controller_meter = None) } @@ -7089,7 +7094,7 @@ Flow(.logical_datapath = router._uuid, .priority = priority as integer, .__match = ip_match, .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- r in RouterDiscardRoute_(.router = router, .key = key), @@ -7125,7 +7130,7 @@ Flow(.logical_datapath = r._uuid, .priority = 150, .__match = "${rEG_ECMP_GROUP_ID()} == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- r in &Router(). @@ -7208,7 +7213,7 @@ Flow(.logical_datapath = router._uuid, .priority = route_priority, .__match = route_match, .actions = actions, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpGroup(group_id, router, key, dsts, route_match, route_priority), @@ -7230,7 +7235,7 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpGroup(group_id, router, key, dsts, _, _), @@ -7265,7 +7270,7 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = "ct_next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, _), @@ -7282,7 +7287,7 @@ Flow(.logical_datapath = router._uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), @@ -7304,7 +7309,7 @@ Flow(.logical_datapath = router._uuid, "${xx}reg1 = ${dst.src_ip}; " "outport = ${dst.port.json_name}; " "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None), /* Egress reply traffic for symmetric ECMP routes skips router policies. */ @@ -7313,7 +7318,7 @@ Flow(.logical_datapath = router._uuid, .priority = 65535, .__match = ecmp_reply, .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None), Flow(.logical_datapath = router._uuid, @@ -7321,7 +7326,7 @@ Flow(.logical_datapath = router._uuid, .priority = 200, .__match = ecmp_reply, .actions = "eth.dst = ct_label.ecmp_reply_eth; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), @@ -7340,7 +7345,7 @@ Flow(.logical_datapath = router._uuid, .priority = 550, .__match = "nd_rs || nd_ra", .actions = "drop;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- router in &Router(). @@ -7369,7 +7374,7 @@ for (IgmpRouterMulticastGroup(address, rtr, ports)) { .actions = "${static_act}outport = ${json_string_escape(address)}; " "ip.ttl--; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7395,7 +7400,7 @@ for (RouterMcastFloodPorts(rtr, flood_ports) if rtr.mcast_cfg.relay) { .priority = 450, .__match = "ip4.mcast || ip6.mcast", .actions = actions, - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7417,7 +7422,7 @@ for (&Router(._uuid = lr_uuid)) { .priority = 0, .__match = "1", .actions = "${rEG_ECMP_GROUP_ID()} = 0; next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -7426,7 +7431,7 @@ for (&Router(._uuid = lr_uuid)) { .priority = 150, .__match = "${rEG_ECMP_GROUP_ID()} == 0", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7445,7 +7450,7 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = actions, - .stage_hint = Some{policy._uuid}, + .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- r in &Router(), @@ -7508,7 +7513,7 @@ Flow(.logical_datapath = r._uuid, .priority = 100, .__match = __match, .actions = actions, - .stage_hint = Some{policy._uuid}, + .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- EcmpReroutePolicy(r, policy, ecmp_group_id), @@ -7534,7 +7539,7 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = actions, - .stage_hint = Some{policy._uuid}, + .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- EcmpReroutePolicy(r, policy, ecmp_group_id), @@ -7554,7 +7559,7 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = "drop;", - .stage_hint = Some{policy._uuid}, + .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- r in &Router(), @@ -7566,7 +7571,7 @@ Flow(.logical_datapath = r._uuid, .priority = policy.priority, .__match = policy.__match, .actions = pkt_mark_policy(policy.options) ++ "${rEG_ECMP_GROUP_ID()} = 0; next;", - .stage_hint = Some{policy._uuid}, + .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- r in &Router(), @@ -7588,7 +7593,7 @@ for (&Router(._uuid = lr_uuid)) { .priority = 500, .__match = "ip4.mcast || ip6.mcast", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7625,7 +7630,7 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, .priority = 100, .__match = __match, .actions = "eth.dst = ${networks.ea}; next;", - .stage_hint = Some{rp.lrp._uuid}, + .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) }; @@ -7639,7 +7644,7 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, .priority = 100, .__match = __match, .actions = "eth.dst = ${networks.ea}; next;", - .stage_hint = Some{rp.lrp._uuid}, + .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) } @@ -7658,7 +7663,7 @@ Flow(.logical_datapath = router._uuid, .__match = "outport == ${rp.json_name} && " "!is_chassis_resident(${json_string_escape(chassis_redirect_name(l3dgw_port.name))})", .actions = "eth.dst = ${rp.networks.ea}; next;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) :- rp in &RouterPort(.lrp = lrp, .router = router), @@ -7677,7 +7682,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 1, .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .stage_hint = Some{lrp_uuid}, + .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, @@ -7692,7 +7697,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 1, .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", .actions = "drop;", - .stage_hint = Some{lrp_uuid}, + .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- &RouterPort(.lrp = &nb::Logical_Router_Port{._uuid = lrp_uuid}, @@ -7711,7 +7716,7 @@ Flow(.logical_datapath = peer.router._uuid, .priority = 100, .__match = "outport == ${peer.json_name} && " ++ rEG_NEXT_HOP() ++ " == {${ips}}", .actions = "eth.dst = ${addr.ea}; next;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) :- RouterPortRoutableAddresses(port, addresses), @@ -7743,7 +7748,7 @@ for (SwitchPortIPv4Address( .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${addr.addr}", .actions = "eth.dst = ${ea}; next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) } @@ -7765,7 +7770,7 @@ for (SwitchPortIPv6Address( .__match = "outport == ${peer.json_name} && " "xx${rEG_NEXT_HOP()} == ${addr.addr}", .actions = "eth.dst = ${ea}; next;", - .stage_hint = Some{lsp._uuid}, + .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) } @@ -7797,7 +7802,7 @@ Flow(.logical_datapath = peer.router._uuid, .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", .actions = "eth.dst = 00:00:00:00:00:00; next;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), @@ -7814,7 +7819,7 @@ Flow(.logical_datapath = peer.router._uuid, .__match = "outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", .actions = "eth.dst = ${address.ea}; next;", - .stage_hint = Some{sp.lsp._uuid}, + .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "virtual"}), @@ -7853,7 +7858,7 @@ for (&SwitchPort(.lsp = lsp1, .__match = "outport == ${peer1.json_name} && " "${rEG_NEXT_HOP()} == ${format_v4_networks(peer2.networks, false)}", .actions = "eth.dst = ${peer2.networks.ea}; next;", - .stage_hint = Some{lsp1._uuid}, + .stage_hint = stage_hint(lsp1._uuid), .io_port = None, .controller_meter = None) }; @@ -7865,7 +7870,7 @@ for (&SwitchPort(.lsp = lsp1, .__match = "outport == ${peer1.json_name} && " "xx${rEG_NEXT_HOP()} == ${format_v6_networks(peer2.networks)}", .actions = "eth.dst = ${peer2.networks.ea}; next;", - .stage_hint = Some{lsp1._uuid}, + .stage_hint = stage_hint(lsp1._uuid), .io_port = None, .controller_meter = None) } @@ -7879,7 +7884,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "ip4", .actions = "get_arp(outport, ${rEG_NEXT_HOP()}); next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, @@ -7887,7 +7892,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "ip6", .actions = "get_nd(outport, xx${rEG_NEXT_HOP()}); next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -7910,7 +7915,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- &Router(._uuid = lr_uuid). @@ -7919,7 +7924,7 @@ Flow(.logical_datapath = lr_uuid, .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) :- &Router(._uuid = lr_uuid). @@ -7929,7 +7934,7 @@ Flow(.logical_datapath = lr_uuid, .__match = "outport == ${gw_mtu_rp.json_name}", .actions = "${rEGBIT_PKT_LARGER()} = check_pkt_larger(${mtu}); " "next;", - .stage_hint = Some{gw_mtu_rp.lrp._uuid}, + .stage_hint = stage_hint(gw_mtu_rp.lrp._uuid), .io_port = None, .controller_meter = None) :- r in &Router(._uuid = lr_uuid), @@ -7957,7 +7962,7 @@ Flow(.logical_datapath = lr_uuid, "};", .io_port = None, .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), - .stage_hint = Some{rp.lrp._uuid}) :- + .stage_hint = stage_hint(rp.lrp._uuid)) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -7987,7 +7992,7 @@ Flow(.logical_datapath = lr_uuid, "};", .io_port = None, .controller_meter = r.copp.get(cOPP_ICMP4_ERR()), - .stage_hint = Some{rp.lrp._uuid}) :- + .stage_hint = stage_hint(rp.lrp._uuid)) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -8017,7 +8022,7 @@ Flow(.logical_datapath = lr_uuid, "};", .io_port = None, .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), - .stage_hint = Some{rp.lrp._uuid}) :- + .stage_hint = stage_hint(rp.lrp._uuid)) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -8047,7 +8052,7 @@ Flow(.logical_datapath = lr_uuid, "};", .io_port = None, .controller_meter = r.copp.get(cOPP_ICMP6_ERR()), - .stage_hint = Some{rp.lrp._uuid}) :- + .stage_hint = stage_hint(rp.lrp._uuid)) :- r in &Router(._uuid = lr_uuid), gw_mtu_rp in &RouterPort(.router = r), var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), @@ -8076,7 +8081,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 50, .__match = "outport == ${json_string_escape(lrp.name)}", .actions = "outport = ${json_string_escape(chassis_redirect_name(lrp.name))}; next;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) }; @@ -8087,7 +8092,7 @@ for (&Router(._uuid = lr_uuid)) .priority = 0, .__match = "1", .actions = "next;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -8104,7 +8109,7 @@ Flow(.logical_datapath = router._uuid, .actions = actions, .io_port = None, .controller_meter = router.copp.get(cOPP_ND_NS_RESOLVE()), - .stage_hint = None) :- + .stage_hint = 0) :- rsr in RouterStaticRoute(.router = router), var dst = FlatMap(rsr.dsts), IPv6{var gw_ip6} = dst.nexthop, @@ -8135,7 +8140,7 @@ for (&Router(._uuid = lr_uuid, .copp = copp)) "};", .io_port = None, .controller_meter = copp.get(cOPP_ARP_RESOLVE()), - .stage_hint = None); + .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), @@ -8147,14 +8152,14 @@ for (&Router(._uuid = lr_uuid, .copp = copp)) "};", .io_port = None, .controller_meter = copp.get(cOPP_ND_NS_RESOLVE()), - .stage_hint = None); + .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), .priority = 0, .__match = "1", .actions = "output;", - .stage_hint = None, + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -8181,7 +8186,7 @@ for (&RouterPort(.lrp = lrp, .__match = "(ip4.mcast || ip6.mcast) && " "outport == ${json_name}", .actions = "eth.src = ${lrp_networks.ea}; output;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) }; @@ -8195,7 +8200,7 @@ for (&RouterPort(.lrp = lrp, .priority = 100, .__match = "outport == ${json_name}", .actions = "output;", - .stage_hint = Some{lrp._uuid}, + .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) } @@ -8836,7 +8841,7 @@ function lrouter_bfd_flows(lr_uuid: uuid, .priority = 110, .__match = "${ipX}.src == ${networks} && udp.dst == 3784", .actions = "next; ", - .stage_hint = Some{lrp_uuid}, + .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None}, Flow{.logical_datapath = lr_uuid, @@ -8846,7 +8851,7 @@ function lrouter_bfd_flows(lr_uuid: uuid, .actions = "handle_bfd_msg(); ", .io_port = None, .controller_meter = controller_meter, - .stage_hint = Some{lrp_uuid}}) + .stage_hint = stage_hint(lrp_uuid)}) } for (&RouterPort(.router = router, .networks = networks, .lrp = lrp, .has_bfd = true)) { var controller_meter = router.copp.get(cOPP_BFD()) in { From patchwork Thu Aug 12 15:53:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516364 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrpz40Lmz9sX1 for ; Fri, 13 Aug 2021 01:54:35 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id ECBA24077E; Thu, 12 Aug 2021 15:54:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9-2wzt8QcIES; Thu, 12 Aug 2021 15:54:29 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 2287D40773; Thu, 12 Aug 2021 15:54:27 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2BF69C0029; Thu, 12 Aug 2021 15:54:24 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5A003C001D for ; Thu, 12 Aug 2021 15:54:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 67C1C4075B for ; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OEOqBSR_DN3a for ; Thu, 12 Aug 2021 15:54:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp2.osuosl.org (Postfix) with ESMTPS id E35D8402A1 for ; Thu, 12 Aug 2021 15:54:16 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 375C810000A; Thu, 12 Aug 2021 15:54:13 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:54 -0700 Message-Id: <20210812155358.3141517-4-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 3/7] ovn-northd-ddlog: Intern Stage. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff With the benchmark at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html, this reduces memory consumption from 72 GB to 66 GB and elapsed time by a few seconds. Signed-off-by: Ben Pfaff Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 140 +++++++++++++++++++++---------------------- 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 2365372fb..f1b7471f2 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -1434,77 +1434,77 @@ nb::Out_Logical_Router_Port(._uuid = _uuid, typedef Pipeline = Ingress | Egress -typedef Stage = Stage{ +typedef Stage = Stage { pipeline : Pipeline, - table_id : integer, + table_id : bit<8>, table_name : string } /* Logical switch ingress stages. */ -function s_SWITCH_IN_PORT_SEC_L2(): Stage { Stage{Ingress, 0, "ls_in_port_sec_l2"} } -function s_SWITCH_IN_PORT_SEC_IP(): Stage { Stage{Ingress, 1, "ls_in_port_sec_ip"} } -function s_SWITCH_IN_PORT_SEC_ND(): Stage { Stage{Ingress, 2, "ls_in_port_sec_nd"} } -function s_SWITCH_IN_LOOKUP_FDB(): Stage { Stage{Ingress, 3, "ls_in_lookup_fdb"} } -function s_SWITCH_IN_PUT_FDB(): Stage { Stage{Ingress, 4, "ls_in_put_fdb"} } -function s_SWITCH_IN_PRE_ACL(): Stage { Stage{Ingress, 5, "ls_in_pre_acl"} } -function s_SWITCH_IN_PRE_LB(): Stage { Stage{Ingress, 6, "ls_in_pre_lb"} } -function s_SWITCH_IN_PRE_STATEFUL(): Stage { Stage{Ingress, 7, "ls_in_pre_stateful"} } -function s_SWITCH_IN_ACL_HINT(): Stage { Stage{Ingress, 8, "ls_in_acl_hint"} } -function s_SWITCH_IN_ACL(): Stage { Stage{Ingress, 9, "ls_in_acl"} } -function s_SWITCH_IN_QOS_MARK(): Stage { Stage{Ingress, 10, "ls_in_qos_mark"} } -function s_SWITCH_IN_QOS_METER(): Stage { Stage{Ingress, 11, "ls_in_qos_meter"} } -function s_SWITCH_IN_STATEFUL(): Stage { Stage{Ingress, 12, "ls_in_stateful"} } -function s_SWITCH_IN_PRE_HAIRPIN(): Stage { Stage{Ingress, 13, "ls_in_pre_hairpin"} } -function s_SWITCH_IN_NAT_HAIRPIN(): Stage { Stage{Ingress, 14, "ls_in_nat_hairpin"} } -function s_SWITCH_IN_HAIRPIN(): Stage { Stage{Ingress, 15, "ls_in_hairpin"} } -function s_SWITCH_IN_ARP_ND_RSP(): Stage { Stage{Ingress, 16, "ls_in_arp_rsp"} } -function s_SWITCH_IN_DHCP_OPTIONS(): Stage { Stage{Ingress, 17, "ls_in_dhcp_options"} } -function s_SWITCH_IN_DHCP_RESPONSE(): Stage { Stage{Ingress, 18, "ls_in_dhcp_response"} } -function s_SWITCH_IN_DNS_LOOKUP(): Stage { Stage{Ingress, 19, "ls_in_dns_lookup"} } -function s_SWITCH_IN_DNS_RESPONSE(): Stage { Stage{Ingress, 20, "ls_in_dns_response"} } -function s_SWITCH_IN_EXTERNAL_PORT(): Stage { Stage{Ingress, 21, "ls_in_external_port"} } -function s_SWITCH_IN_L2_LKUP(): Stage { Stage{Ingress, 22, "ls_in_l2_lkup"} } -function s_SWITCH_IN_L2_UNKNOWN(): Stage { Stage{Ingress, 23, "ls_in_l2_unknown"} } +function s_SWITCH_IN_PORT_SEC_L2(): Intern { Stage{Ingress, 0, "ls_in_port_sec_l2"}.intern() } +function s_SWITCH_IN_PORT_SEC_IP(): Intern { Stage{Ingress, 1, "ls_in_port_sec_ip"}.intern() } +function s_SWITCH_IN_PORT_SEC_ND(): Intern { Stage{Ingress, 2, "ls_in_port_sec_nd"}.intern() } +function s_SWITCH_IN_LOOKUP_FDB(): Intern { Stage{Ingress, 3, "ls_in_lookup_fdb"}.intern() } +function s_SWITCH_IN_PUT_FDB(): Intern { Stage{Ingress, 4, "ls_in_put_fdb"}.intern() } +function s_SWITCH_IN_PRE_ACL(): Intern { Stage{Ingress, 5, "ls_in_pre_acl"}.intern() } +function s_SWITCH_IN_PRE_LB(): Intern { Stage{Ingress, 6, "ls_in_pre_lb"}.intern() } +function s_SWITCH_IN_PRE_STATEFUL(): Intern { Stage{Ingress, 7, "ls_in_pre_stateful"}.intern() } +function s_SWITCH_IN_ACL_HINT(): Intern { Stage{Ingress, 8, "ls_in_acl_hint"}.intern() } +function s_SWITCH_IN_ACL(): Intern { Stage{Ingress, 9, "ls_in_acl"}.intern() } +function s_SWITCH_IN_QOS_MARK(): Intern { Stage{Ingress, 10, "ls_in_qos_mark"}.intern() } +function s_SWITCH_IN_QOS_METER(): Intern { Stage{Ingress, 11, "ls_in_qos_meter"}.intern() } +function s_SWITCH_IN_STATEFUL(): Intern { Stage{Ingress, 12, "ls_in_stateful"}.intern() } +function s_SWITCH_IN_PRE_HAIRPIN(): Intern { Stage{Ingress, 13, "ls_in_pre_hairpin"}.intern() } +function s_SWITCH_IN_NAT_HAIRPIN(): Intern { Stage{Ingress, 14, "ls_in_nat_hairpin"}.intern() } +function s_SWITCH_IN_HAIRPIN(): Intern { Stage{Ingress, 15, "ls_in_hairpin"}.intern() } +function s_SWITCH_IN_ARP_ND_RSP(): Intern { Stage{Ingress, 16, "ls_in_arp_rsp"}.intern() } +function s_SWITCH_IN_DHCP_OPTIONS(): Intern { Stage{Ingress, 17, "ls_in_dhcp_options"}.intern() } +function s_SWITCH_IN_DHCP_RESPONSE(): Intern { Stage{Ingress, 18, "ls_in_dhcp_response"}.intern() } +function s_SWITCH_IN_DNS_LOOKUP(): Intern { Stage{Ingress, 19, "ls_in_dns_lookup"}.intern() } +function s_SWITCH_IN_DNS_RESPONSE(): Intern { Stage{Ingress, 20, "ls_in_dns_response"}.intern() } +function s_SWITCH_IN_EXTERNAL_PORT(): Intern { Stage{Ingress, 21, "ls_in_external_port"}.intern() } +function s_SWITCH_IN_L2_LKUP(): Intern { Stage{Ingress, 22, "ls_in_l2_lkup"}.intern() } +function s_SWITCH_IN_L2_UNKNOWN(): Intern { Stage{Ingress, 23, "ls_in_l2_unknown"}.intern() } /* Logical switch egress stages. */ -function s_SWITCH_OUT_PRE_LB(): Stage { Stage{ Egress, 0, "ls_out_pre_lb"} } -function s_SWITCH_OUT_PRE_ACL(): Stage { Stage{ Egress, 1, "ls_out_pre_acl"} } -function s_SWITCH_OUT_PRE_STATEFUL(): Stage { Stage{ Egress, 2, "ls_out_pre_stateful"} } -function s_SWITCH_OUT_ACL_HINT(): Stage { Stage{ Egress, 3, "ls_out_acl_hint"} } -function s_SWITCH_OUT_ACL(): Stage { Stage{ Egress, 4, "ls_out_acl"} } -function s_SWITCH_OUT_QOS_MARK(): Stage { Stage{ Egress, 5, "ls_out_qos_mark"} } -function s_SWITCH_OUT_QOS_METER(): Stage { Stage{ Egress, 6, "ls_out_qos_meter"} } -function s_SWITCH_OUT_STATEFUL(): Stage { Stage{ Egress, 7, "ls_out_stateful"} } -function s_SWITCH_OUT_PORT_SEC_IP(): Stage { Stage{ Egress, 8, "ls_out_port_sec_ip"} } -function s_SWITCH_OUT_PORT_SEC_L2(): Stage { Stage{ Egress, 9, "ls_out_port_sec_l2"} } +function s_SWITCH_OUT_PRE_LB(): Intern { Stage{ Egress, 0, "ls_out_pre_lb"}.intern() } +function s_SWITCH_OUT_PRE_ACL(): Intern { Stage{ Egress, 1, "ls_out_pre_acl"}.intern() } +function s_SWITCH_OUT_PRE_STATEFUL(): Intern { Stage{ Egress, 2, "ls_out_pre_stateful"}.intern() } +function s_SWITCH_OUT_ACL_HINT(): Intern { Stage{ Egress, 3, "ls_out_acl_hint"}.intern() } +function s_SWITCH_OUT_ACL(): Intern { Stage{ Egress, 4, "ls_out_acl"}.intern() } +function s_SWITCH_OUT_QOS_MARK(): Intern { Stage{ Egress, 5, "ls_out_qos_mark"}.intern() } +function s_SWITCH_OUT_QOS_METER(): Intern { Stage{ Egress, 6, "ls_out_qos_meter"}.intern() } +function s_SWITCH_OUT_STATEFUL(): Intern { Stage{ Egress, 7, "ls_out_stateful"}.intern() } +function s_SWITCH_OUT_PORT_SEC_IP(): Intern { Stage{ Egress, 8, "ls_out_port_sec_ip"}.intern() } +function s_SWITCH_OUT_PORT_SEC_L2(): Intern { Stage{ Egress, 9, "ls_out_port_sec_l2"}.intern() } /* Logical router ingress stages. */ -function s_ROUTER_IN_ADMISSION(): Stage { Stage{Ingress, 0, "lr_in_admission"} } -function s_ROUTER_IN_LOOKUP_NEIGHBOR(): Stage { Stage{Ingress, 1, "lr_in_lookup_neighbor"} } -function s_ROUTER_IN_LEARN_NEIGHBOR(): Stage { Stage{Ingress, 2, "lr_in_learn_neighbor"} } -function s_ROUTER_IN_IP_INPUT(): Stage { Stage{Ingress, 3, "lr_in_ip_input"} } -function s_ROUTER_IN_UNSNAT(): Stage { Stage{Ingress, 4, "lr_in_unsnat"} } -function s_ROUTER_IN_DEFRAG(): Stage { Stage{Ingress, 5, "lr_in_defrag"} } -function s_ROUTER_IN_DNAT(): Stage { Stage{Ingress, 6, "lr_in_dnat"} } -function s_ROUTER_IN_ECMP_STATEFUL(): Stage { Stage{Ingress, 7, "lr_in_ecmp_stateful"} } -function s_ROUTER_IN_ND_RA_OPTIONS(): Stage { Stage{Ingress, 8, "lr_in_nd_ra_options"} } -function s_ROUTER_IN_ND_RA_RESPONSE(): Stage { Stage{Ingress, 9, "lr_in_nd_ra_response"} } -function s_ROUTER_IN_IP_ROUTING(): Stage { Stage{Ingress, 10, "lr_in_ip_routing"} } -function s_ROUTER_IN_IP_ROUTING_ECMP(): Stage { Stage{Ingress, 11, "lr_in_ip_routing_ecmp"} } -function s_ROUTER_IN_POLICY(): Stage { Stage{Ingress, 12, "lr_in_policy"} } -function s_ROUTER_IN_POLICY_ECMP(): Stage { Stage{Ingress, 13, "lr_in_policy_ecmp"} } -function s_ROUTER_IN_ARP_RESOLVE(): Stage { Stage{Ingress, 14, "lr_in_arp_resolve"} } -function s_ROUTER_IN_CHK_PKT_LEN(): Stage { Stage{Ingress, 15, "lr_in_chk_pkt_len"} } -function s_ROUTER_IN_LARGER_PKTS(): Stage { Stage{Ingress, 16, "lr_in_larger_pkts"} } -function s_ROUTER_IN_GW_REDIRECT(): Stage { Stage{Ingress, 17, "lr_in_gw_redirect"} } -function s_ROUTER_IN_ARP_REQUEST(): Stage { Stage{Ingress, 18, "lr_in_arp_request"} } +function s_ROUTER_IN_ADMISSION(): Intern { Stage{Ingress, 0, "lr_in_admission"}.intern() } +function s_ROUTER_IN_LOOKUP_NEIGHBOR(): Intern { Stage{Ingress, 1, "lr_in_lookup_neighbor"}.intern() } +function s_ROUTER_IN_LEARN_NEIGHBOR(): Intern { Stage{Ingress, 2, "lr_in_learn_neighbor"}.intern() } +function s_ROUTER_IN_IP_INPUT(): Intern { Stage{Ingress, 3, "lr_in_ip_input"}.intern() } +function s_ROUTER_IN_UNSNAT(): Intern { Stage{Ingress, 4, "lr_in_unsnat"}.intern() } +function s_ROUTER_IN_DEFRAG(): Intern { Stage{Ingress, 5, "lr_in_defrag"}.intern() } +function s_ROUTER_IN_DNAT(): Intern { Stage{Ingress, 6, "lr_in_dnat"}.intern() } +function s_ROUTER_IN_ECMP_STATEFUL(): Intern { Stage{Ingress, 7, "lr_in_ecmp_stateful"}.intern() } +function s_ROUTER_IN_ND_RA_OPTIONS(): Intern { Stage{Ingress, 8, "lr_in_nd_ra_options"}.intern() } +function s_ROUTER_IN_ND_RA_RESPONSE(): Intern { Stage{Ingress, 9, "lr_in_nd_ra_response"}.intern() } +function s_ROUTER_IN_IP_ROUTING(): Intern { Stage{Ingress, 10, "lr_in_ip_routing"}.intern() } +function s_ROUTER_IN_IP_ROUTING_ECMP(): Intern { Stage{Ingress, 11, "lr_in_ip_routing_ecmp"}.intern() } +function s_ROUTER_IN_POLICY(): Intern { Stage{Ingress, 12, "lr_in_policy"}.intern() } +function s_ROUTER_IN_POLICY_ECMP(): Intern { Stage{Ingress, 13, "lr_in_policy_ecmp"}.intern() } +function s_ROUTER_IN_ARP_RESOLVE(): Intern { Stage{Ingress, 14, "lr_in_arp_resolve"}.intern() } +function s_ROUTER_IN_CHK_PKT_LEN(): Intern { Stage{Ingress, 15, "lr_in_chk_pkt_len"}.intern() } +function s_ROUTER_IN_LARGER_PKTS(): Intern { Stage{Ingress, 16, "lr_in_larger_pkts"}.intern() } +function s_ROUTER_IN_GW_REDIRECT(): Intern { Stage{Ingress, 17, "lr_in_gw_redirect"}.intern() } +function s_ROUTER_IN_ARP_REQUEST(): Intern { Stage{Ingress, 18, "lr_in_arp_request"}.intern() } /* Logical router egress stages. */ -function s_ROUTER_OUT_UNDNAT(): Stage { Stage{ Egress, 0, "lr_out_undnat"} } -function s_ROUTER_OUT_POST_UNDNAT(): Stage { Stage{ Egress, 1, "lr_out_post_undnat"} } -function s_ROUTER_OUT_SNAT(): Stage { Stage{ Egress, 2, "lr_out_snat"} } -function s_ROUTER_OUT_EGR_LOOP(): Stage { Stage{ Egress, 3, "lr_out_egr_loop"} } -function s_ROUTER_OUT_DELIVERY(): Stage { Stage{ Egress, 4, "lr_out_delivery"} } +function s_ROUTER_OUT_UNDNAT(): Intern { Stage{ Egress, 0, "lr_out_undnat"}.intern() } +function s_ROUTER_OUT_POST_UNDNAT(): Intern { Stage{ Egress, 1, "lr_out_post_undnat"}.intern() } +function s_ROUTER_OUT_SNAT(): Intern { Stage{ Egress, 2, "lr_out_snat"}.intern() } +function s_ROUTER_OUT_EGR_LOOP(): Intern { Stage{ Egress, 3, "lr_out_egr_loop"}.intern() } +function s_ROUTER_OUT_DELIVERY(): Intern { Stage{ Egress, 4, "lr_out_delivery"}.intern() } /* * OVS register usage: @@ -1638,7 +1638,7 @@ function mFF_N_LOG_REGS() : bit<32> = 10 relation Flow( logical_datapath: uuid, - stage: Stage, + stage: Intern, priority: integer, __match: string, actions: string, @@ -1663,7 +1663,7 @@ UseLogicalDatapathGroups[false] :- relation AggregatedFlow ( logical_datapaths: Set, - stage: Stage, + stage: Intern, priority: integer, __match: string, actions: string, @@ -1677,7 +1677,7 @@ function make_flow_tags(io_port: Option): Map { Some{s} -> [ "in_out_port" -> s ] } } -function make_flow_external_ids(stage_hint: bit<32>, stage: Stage): Map { +function make_flow_external_ids(stage_hint: bit<32>, stage: Intern): Map { if (stage_hint == 0) { ["stage-name" -> stage.table_name] } else { @@ -1717,7 +1717,7 @@ for (f in AggregatedFlow()) { .logical_datapath = Some{dp}, .logical_dp_group = None, .pipeline = pipeline, - .table_id = f.stage.table_id, + .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, .__match = f.__match, @@ -1731,7 +1731,7 @@ for (f in AggregatedFlow()) { .logical_datapath = None, .logical_dp_group = Some{group_uuid}, .pipeline = pipeline, - .table_id = f.stage.table_id, + .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, .__match = f.__match, @@ -2390,7 +2390,7 @@ function oVN_ACL_PRI_OFFSET(): integer = 1000 relation Reject( lsuuid: uuid, pipeline: Pipeline, - stage: Stage, + stage: Intern, acl: Intern, fair_meter: bool, controller_meter: Option, @@ -2398,7 +2398,7 @@ relation Reject( extra_actions: string) /* build_reject_acl_rules() */ -function next_to_stage(stage: Stage): string { +function next_to_stage(stage: Intern): string { var pipeline = match (stage.pipeline) { Ingress -> "ingress", Egress -> "egress" @@ -2663,7 +2663,7 @@ for (UseCtInvMatch[use_ct_inv_match]) { * types of ACL logical flows (e.g., allow/drop). In such cases hints * corresponding to all potential matches are set. */ -input relation AclHintStages[Stage] +input relation AclHintStages[Intern] AclHintStages[s_SWITCH_IN_ACL_HINT()]. AclHintStages[s_SWITCH_OUT_ACL_HINT()]. for (sw in &Switch(._uuid = ls_uuid)) { @@ -3125,7 +3125,7 @@ function ct_lb(backends: string, "ct_lb(" ++ args.join("; ") ++ ");" } function build_lb_vip_actions(lbvip: Intern, - stage: Stage, + stage: Intern, actions0: string): (string, bool) { var up_backends = set_empty(); for (pair in lbvip.backends) { @@ -5916,7 +5916,7 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.router = router, /* NAT, Defrag and load balancing. */ -function default_allow_flow(datapath: uuid, stage: Stage): Flow { +function default_allow_flow(datapath: uuid, stage: Intern): Flow { Flow{.logical_datapath = datapath, .stage = stage, .priority = 0, From patchwork Thu Aug 12 15:53:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516366 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrq60wvFz9sX1 for ; Fri, 13 Aug 2021 01:54:42 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C4BFA400F9; Thu, 12 Aug 2021 15:54:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YsLEV_1S_87; Thu, 12 Aug 2021 15:54:35 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id E5E2740757; Thu, 12 Aug 2021 15:54:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id BC341C001D; Thu, 12 Aug 2021 15:54:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8AD16C002C for ; Thu, 12 Aug 2021 15:54:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 5FA7D40742 for ; Thu, 12 Aug 2021 15:54:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLyx24jZ5DDx for ; Thu, 12 Aug 2021 15:54:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp4.osuosl.org (Postfix) with ESMTPS id DAA6740540 for ; Thu, 12 Aug 2021 15:54:18 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id E66A5100005; Thu, 12 Aug 2021 15:54:15 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:55 -0700 Message-Id: <20210812155358.3141517-5-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 4/7] Intern all the matches and actions. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff With the benchmark at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html, this reduces memory consumption from 66 GB to 53 GB and elapsed time from 15 minutes to 14 minutes. Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 1292 +++++++++++++++++++++--------------------- 1 file changed, 646 insertions(+), 646 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index f1b7471f2..dd69126ff 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -1640,8 +1640,8 @@ relation Flow( logical_datapath: uuid, stage: Intern, priority: integer, - __match: string, - actions: string, + __match: istring, + actions: istring, io_port: Option, controller_meter: Option, stage_hint: bit<32> @@ -1665,8 +1665,8 @@ relation AggregatedFlow ( logical_datapaths: Set, stage: Intern, priority: integer, - __match: string, - actions: string, + __match: istring, + actions: istring, tags: Map, controller_meter: Option, external_ids: Map @@ -1720,8 +1720,8 @@ for (f in AggregatedFlow()) { .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, - .__match = f.__match, - .actions = f.actions, + .__match = f.__match.ival(), + .actions = f.actions.ival(), .tags = f.tags, .external_ids = external_ids) } else { @@ -1734,8 +1734,8 @@ for (f in AggregatedFlow()) { .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, - .__match = f.__match, - .actions = f.actions, + .__match = f.__match.ival(), + .actions = f.actions.ival(), .tags = f.tags, .external_ids = external_ids); sb::Out_Logical_DP_Group(._uuid = group_uuid, .datapaths = f.logical_datapaths) @@ -1757,8 +1757,8 @@ Flow(.logical_datapath = sw._uuid, var fg_uuid = FlatMap(forwarding_groups), fg in nb::Forwarding_Group(._uuid = fg_uuid), not fg.child_port.is_empty(), - var __match = "arp.tpa == ${fg.vip} && arp.op == 1", - var actions = "eth.dst = eth.src; " + var __match = i"arp.tpa == ${fg.vip} && arp.op == 1", + var actions = i"eth.dst = eth.src; " "eth.src = ${fg.vmac}; " "arp.op = 2; /* ARP reply */ " "arp.tha = arp.sha; " @@ -1779,8 +1779,8 @@ function escape_child_ports(child_port: Set): string { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 50, - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -1802,8 +1802,8 @@ for (sw in &Switch()) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_L2(), .priority = 100, - .__match = "vlan.present", - .actions = "drop;", + .__match = i"vlan.present", + .actions = i"drop;", .stage_hint = 0 /*TODO: check*/, .io_port = None, .controller_meter = None) @@ -1813,8 +1813,8 @@ for (sw in &Switch()) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_L2(), .priority = 100, - .__match = "eth.src[40]", - .actions = "drop;", + .__match = i"eth.src[40]", + .actions = i"drop;", .stage_hint = 0 /*TODO: check*/, .io_port = None, .controller_meter = None) @@ -1875,16 +1875,16 @@ for (&Switch(._uuid =ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -1892,31 +1892,31 @@ for (&Switch(._uuid =ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 110, - .__match = "eth.dst == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.dst == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, - .__match = "eth.src == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.src == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) } /* stateless filters always take precedence over stateful ACLs. */ -for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = &acl, .has_fair_meter = fair_meter)) { +for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = acl, .has_fair_meter = fair_meter)) { if (sw.has_stateful_acl) { if (acl.action == "allow-stateless") { if (acl.direction == "from-lport") { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = acl.__match, - .actions = "next;", + .__match = acl.__match.intern(), + .actions = i"next;", .stage_hint = stage_hint(acl._uuid), .io_port = None, .controller_meter = None) @@ -1924,8 +1924,8 @@ for (&SwitchACL(.sw = sw@&Switch{._uuid = ls_uuid}, .acl = &acl, .has_fair_meter Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = acl.__match, - .actions = "next;", + .__match = acl.__match.intern(), + .actions = i"next;", .stage_hint = stage_hint(acl._uuid), .io_port = None, .controller_meter = None) @@ -1956,16 +1956,16 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "router"}, Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && inport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && outport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -1977,16 +1977,16 @@ for (&SwitchPort(.lsp = lsp@&nb::Logical_Switch_Port{.__type = "localnet"}, Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && inport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && outport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -2000,18 +2000,18 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 110, - .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " + .__match = i"nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", - .actions = "next;", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 110, - .__match = "nd || nd_rs || nd_ra || mldv1 || mldv2 || " + .__match = i"nd || nd_rs || nd_ra || mldv1 || mldv2 || " "(udp && udp.src == 546 && udp.dst == 547)", - .actions = "next;", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2027,16 +2027,16 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_ACL(), .priority = 100, - .__match = "ip", - .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", + .__match = i"ip", + .actions = i"${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_ACL(), .priority = 100, - .__match = "ip", - .actions = "${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", + .__match = i"ip", + .actions = i"${rEGBIT_CONNTRACK_DEFRAG()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2045,12 +2045,12 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) { /* Pre-LB */ for (&Switch(._uuid = ls_uuid)) { /* Do not send ND packets to conntrack */ - var __match = "nd || nd_rs || nd_ra || mldv1 || mldv2" in { + var __match = i"nd || nd_rs || nd_ra || mldv1 || mldv2" in { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_LB(), .priority = 110, .__match = __match, - .actions = "next;", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2058,7 +2058,7 @@ for (&Switch(._uuid = ls_uuid)) { .stage = s_SWITCH_OUT_PRE_LB(), .priority = 110, .__match = __match, - .actions = "next;", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2068,16 +2068,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_LB(), .priority = 110, - .__match = "eth.dst == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.dst == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 110, - .__match = "eth.src == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.src == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2086,16 +2086,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_LB(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2106,23 +2106,23 @@ if (lsp.__type == "router" or lsp.__type == "localnet") { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_LB(), .priority = 110, - .__match = "ip && inport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && inport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 110, - .__match = "ip && outport == ${lsp_name}", - .actions = "next;", + .__match = i"ip && outport == ${lsp_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) } /* Empty LoadBalancer Controller event */ -function build_empty_lb_event_flow(key: string, lb: Intern): Option<(string, string)> { +function build_empty_lb_event_flow(key: string, lb: Intern): Option<(istring, istring)> { (var ip, var port) = match (ip_address_and_port_from_lb_key(key)) { Some{(ip, port)} -> (ip, port), _ -> return None @@ -2143,13 +2143,13 @@ function build_empty_lb_event_flow(key: string, lb: Intern): __match.push("${protocol}.dst == ${port}"); }; - var action = "trigger_event(" + var action = i"trigger_event(" "event = \"empty_lb_backends\", " "vip = \"${vip}\", " "protocol = \"${protocol}\", " "load_balancer = \"${uuid2str(lb._uuid)}\");"; - Some{(__match.join(" && "), action)} + Some{(__match.join(" && ").intern(), action)} } /* Contains the load balancers for which an event should be sent each time it @@ -2217,16 +2217,16 @@ for (sw in &Switch(.has_lb_vip = true)) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PRE_LB(), .priority = 100, - .__match = "ip", - .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", + .__match = i"ip", + .actions = i"${rEGBIT_CONNTRACK_NAT()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PRE_LB(), .priority = 100, - .__match = "ip", - .actions = "${rEGBIT_CONNTRACK_NAT()} = 1; next;", + .__match = i"ip", + .actions = i"${rEGBIT_CONNTRACK_NAT()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2243,16 +2243,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2271,8 +2271,8 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 120, - .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip4 && ${protocol}", - .actions = "${rEG_ORIG_DIP_IPV4()} = ip4.dst; " + .__match = i"${rEGBIT_CONNTRACK_NAT()} == 1 && ip4 && ${protocol}", + .actions = i"${rEG_ORIG_DIP_IPV4()} = ip4.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", .stage_hint = 0, .io_port = None, @@ -2280,8 +2280,8 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 120, - .__match = "${rEGBIT_CONNTRACK_NAT()} == 1 && ip6 && ${protocol}", - .actions = "${rEG_ORIG_DIP_IPV6()} = ip6.dst; " + .__match = i"${rEGBIT_CONNTRACK_NAT()} == 1 && ip6 && ${protocol}", + .actions = i"${rEG_ORIG_DIP_IPV6()} = ip6.dst; " "${rEG_ORIG_TP_DPORT()} = ${protocol}.dst; ct_lb;", .stage_hint = 0, .io_port = None, @@ -2291,8 +2291,8 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 110, - .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", - .actions = "ct_lb;", + .__match = i"${rEGBIT_CONNTRACK_NAT()} == 1", + .actions = i"ct_lb;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2300,8 +2300,8 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 110, - .__match = "${rEGBIT_CONNTRACK_NAT()} == 1", - .actions = "ct_lb;", + .__match = i"${rEGBIT_CONNTRACK_NAT()} == 1", + .actions = i"ct_lb;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2311,16 +2311,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_STATEFUL(), .priority = 100, - .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", - .actions = "ct_next;", + .__match = i"${rEGBIT_CONNTRACK_DEFRAG()} == 1", + .actions = i"ct_next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PRE_STATEFUL(), .priority = 100, - .__match = "${rEGBIT_CONNTRACK_DEFRAG()} == 1", - .actions = "ct_next;", + .__match = i"${rEGBIT_CONNTRACK_DEFRAG()} == 1", + .actions = i"ct_next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2428,8 +2428,8 @@ for (Reject(lsuuid, pipeline, stage, acl, fair_meter, controller_meter, Flow(.logical_datapath = lsuuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .io_port = None, .controller_meter = controller_meter, .stage_hint = stage_hint(acl._uuid)) @@ -2457,16 +2457,16 @@ for (UseCtInvMatch[use_ct_inv_match]) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_ACL(), .priority = priority, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = priority, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2497,16 +2497,16 @@ for (UseCtInvMatch[use_ct_inv_match]) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_ACL(), .priority = 1, - .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", - .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", + .__match = i"ip && (!ct.est || (ct.est && ct_label.blocked == 1))", + .actions = i"${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 1, - .__match = "ip && (!ct.est || (ct.est && ct_label.blocked == 1))", - .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", + .__match = i"ip && (!ct.est || (ct.est && ct_label.blocked == 1))", + .actions = i"${rEGBIT_CONNTRACK_COMMIT()} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -2518,22 +2518,24 @@ for (UseCtInvMatch[use_ct_inv_match]) { * for deletion (bit 0 of ct_label is set). * * This is enforced at a higher priority than ACLs can be defined. */ - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_ACL(), - .priority = 65532, - .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", - .actions = "drop;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_ACL(), - .priority = 65532, - .__match = ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)", - .actions = "drop;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); + var __match = (ct_inv_or ++ "(ct.est && ct.rpl && ct_label.blocked == 1)").intern() in { + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"drop;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"drop;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None) + }; /* Ingress and Egress ACL Table (Priority 65532). * @@ -2544,24 +2546,25 @@ for (UseCtInvMatch[use_ct_inv_match]) { * direction to hit the currently defined policy from ACLs. * * This is enforced at a higher priority than ACLs can be defined. */ - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_ACL(), - .priority = 65532, - .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ - "&& ct.rpl && ct_label.blocked == 0", - .actions = "next;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_ACL(), - .priority = 65532, - .__match = "ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ - "&& ct.rpl && ct_label.blocked == 0", - .actions = "next;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); + var __match = ("ct.est && !ct.rel && !ct.new " ++ and_not_ct_inv ++ + "&& ct.rpl && ct_label.blocked == 0").intern() in { + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"next;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"next;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None) + }; /* Ingress and Egress ACL Table (Priority 65532). * @@ -2574,24 +2577,25 @@ for (UseCtInvMatch[use_ct_inv_match]) { * a dynamically negotiated FTP data channel), but will allow * related traffic such as an ICMP Port Unreachable through * that's generated from a non-listening UDP port. */ - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_IN_ACL(), - .priority = 65532, - .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ - "&& ct_label.blocked == 0", - .actions = "next;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); - Flow(.logical_datapath = ls_uuid, - .stage = s_SWITCH_OUT_ACL(), - .priority = 65532, - .__match = "!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ - "&& ct_label.blocked == 0", - .actions = "next;", - .stage_hint = 0, - .io_port = None, - .controller_meter = None); + var __match = ("!ct.est && ct.rel && !ct.new " ++ and_not_ct_inv ++ + "&& ct_label.blocked == 0").intern() in { + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_IN_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"next;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None); + Flow(.logical_datapath = ls_uuid, + .stage = s_SWITCH_OUT_ACL(), + .priority = 65532, + .__match = __match, + .actions = i"next;", + .stage_hint = 0, + .io_port = None, + .controller_meter = None) + }; /* Ingress and Egress ACL Table (Priority 65532). * @@ -2599,16 +2603,16 @@ for (UseCtInvMatch[use_ct_inv_match]) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_ACL(), .priority = 65532, - .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", - .actions = "next;", + .__match = i"nd || nd_ra || nd_rs || mldv1 || mldv2", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 65532, - .__match = "nd || nd_ra || nd_rs || mldv1 || mldv2", - .actions = "next;", + .__match = i"nd || nd_ra || nd_rs || mldv1 || mldv2", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2621,8 +2625,8 @@ for (UseCtInvMatch[use_ct_inv_match]) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 34000, - .__match = "udp.src == 53", - .actions = if has_stateful "ct_commit; next;" else "next;", + .__match = i"udp.src == 53", + .actions = if has_stateful i"ct_commit; next;" else i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2634,16 +2638,16 @@ for (UseCtInvMatch[use_ct_inv_match]) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_ACL(), .priority = 34000, - .__match = "eth.dst == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.dst == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 34000, - .__match = "eth.src == $svc_monitor_mac", - .actions = "next;", + .__match = i"eth.src == $svc_monitor_mac", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2670,7 +2674,7 @@ for (sw in &Switch(._uuid = ls_uuid)) { for (AclHintStages[stage]) { /* In any case, advance to the next stage. */ var priority = if (not sw.has_acls and not sw.has_lb_vip) { 65535 } else { 0 } in - Flow(ls_uuid, stage, priority, "1", "next;", None, None, 0) + Flow(ls_uuid, stage, priority, i"1", i"next;", None, None, 0) }; for (AclHintStages[stage]) @@ -2679,8 +2683,8 @@ for (sw in &Switch(._uuid = ls_uuid)) { * or drop ACLs. For allow ACLs, the connection must also be committed * to conntrack so we set REGBIT_ACL_HINT_ALLOW_NEW. */ - Flow(ls_uuid, stage, 7, "ct.new && !ct.est", - "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " + Flow(ls_uuid, stage, 7, i"ct.new && !ct.est", + i"${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " "next;", None, None, 0); @@ -2692,14 +2696,14 @@ for (sw in &Switch(._uuid = ls_uuid)) { * REGBIT_ACL_HINT_ALLOW_NEW. * - drop ACLs. */ - Flow(ls_uuid, stage, 6, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1", - "${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " + Flow(ls_uuid, stage, 6, i"!ct.new && ct.est && !ct.rpl && ct_label.blocked == 1", + i"${rEGBIT_ACL_HINT_ALLOW_NEW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " "next;", None, None, 0); /* Not tracked traffic can either be allowed or dropped. */ - Flow(ls_uuid, stage, 5, "!ct.trk", - "${rEGBIT_ACL_HINT_ALLOW()} = 1; " + Flow(ls_uuid, stage, 5, i"!ct.trk", + i"${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_DROP()} = 1; " "next;", None, None, 0); @@ -2711,27 +2715,27 @@ for (sw in &Switch(._uuid = ls_uuid)) { * connection must be committed with ct_label.blocked set so we set * REGBIT_ACL_HINT_BLOCK. */ - Flow(ls_uuid, stage, 4, "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0", - "${rEGBIT_ACL_HINT_ALLOW()} = 1; " + Flow(ls_uuid, stage, 4, i"!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0", + i"${rEGBIT_ACL_HINT_ALLOW()} = 1; " "${rEGBIT_ACL_HINT_BLOCK()} = 1; " "next;", None, None, 0); /* Not established or established and already blocked connections may * hit drop ACLs. */ - Flow(ls_uuid, stage, 3, "!ct.est", - "${rEGBIT_ACL_HINT_DROP()} = 1; " + Flow(ls_uuid, stage, 3, i"!ct.est", + i"${rEGBIT_ACL_HINT_DROP()} = 1; " "next;", None, None, 0); - Flow(ls_uuid, stage, 2, "ct.est && ct_label.blocked == 1", - "${rEGBIT_ACL_HINT_DROP()} = 1; " + Flow(ls_uuid, stage, 2, i"ct.est && ct_label.blocked == 1", + i"${rEGBIT_ACL_HINT_DROP()} = 1; " "next;", None, None, 0); /* Established connections that were previously allowed might hit * drop ACLs in which case the connection must be committed with * ct_label.blocked set. */ - Flow(ls_uuid, stage, 1, "ct.est && ct_label.blocked == 0", - "${rEGBIT_ACL_HINT_BLOCK()} = 1; " + Flow(ls_uuid, stage, 1, i"ct.est && ct_label.blocked == 0", + i"${rEGBIT_ACL_HINT_BLOCK()} = 1; " "next;", None, None, 0) } } @@ -2745,6 +2749,7 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { var pipeline = if ingress Ingress else Egress in var stage_hint = stage_hint(acl._uuid) in var acl_log = build_acl_log(acl, fair_meter) in + var acl_match = acl.__match.intern() in if (acl.action == "allow" or acl.action == "allow-related") { /* If there are any stateful flows, we must even commit "allow" * actions. This is because, while the initiater's @@ -2755,8 +2760,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = acl.__match, - .actions = "${acl_log}next;", + .__match = acl.__match.intern(), + .actions = i"${acl_log}next;", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2776,8 +2781,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = "${rEGBIT_ACL_HINT_ALLOW_NEW()} == 1 && (${acl.__match})", - .actions = "${rEGBIT_CONNTRACK_COMMIT()} = 1; ${acl_log}next;", + .__match = i"${rEGBIT_ACL_HINT_ALLOW_NEW()} == 1 && (${acl.__match})", + .actions = i"${rEGBIT_CONNTRACK_COMMIT()} = 1; ${acl_log}next;", .stage_hint = stage_hint, .io_port = None, .controller_meter = None); @@ -2791,8 +2796,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = "${rEGBIT_ACL_HINT_ALLOW()} == 1 && (${acl.__match})", - .actions = "${acl_log}next;", + .__match = i"${rEGBIT_ACL_HINT_ALLOW()} == 1 && (${acl.__match})", + .actions = i"${acl_log}next;", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2801,8 +2806,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = acl.__match, - .actions = "${acl_log}next;", + .__match = acl.__match.intern(), + .actions = i"${acl_log}next;", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2822,8 +2827,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = __match ++ " && (${acl.__match})", - .actions = "${acl_log}/* drop */", + .__match = (__match ++ " && (${acl.__match})").intern(), + .actions = i"${acl_log}/* drop */", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2847,8 +2852,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = __match ++ " && (${acl.__match})", - .actions = "${actions}${acl_log}/* drop */", + .__match = (__match ++ " && (${acl.__match})").intern(), + .actions = i"${actions}${acl_log}/* drop */", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2863,8 +2868,8 @@ for (&SwitchACL(.sw = sw, .acl = acl, .has_fair_meter = fair_meter)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = acl.priority + oVN_ACL_PRI_OFFSET(), - .__match = acl.__match, - .actions = "${acl_log}/* drop */", + .__match = acl.__match.intern(), + .actions = i"${acl_log}/* drop */", .stage_hint = stage_hint, .io_port = None, .controller_meter = None) @@ -2885,11 +2890,11 @@ for (SwitchPortDHCPv4Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 34000, - .__match = "outport == ${json_string_escape(lsp.name)} " + .__match = i"outport == ${json_string_escape(lsp.name)} " "&& eth.src == ${server_mac} " "&& ip4.src == ${server_id} && udp && udp.src == 67 " "&& udp.dst == 68", - .actions = if (has_stateful) "ct_commit; next;" else "next;", + .actions = if (has_stateful) i"ct_commit; next;" else i"next;", .stage_hint = stage_hint(dhcpv4_options._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -2907,11 +2912,11 @@ for (SwitchPortDHCPv6Options(.port = &SwitchPort{.lsp = lsp, .sw = sw}, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_ACL(), .priority = 34000, - .__match = "outport == ${json_string_escape(lsp.name)} " + .__match = i"outport == ${json_string_escape(lsp.name)} " "&& eth.src == ${server_mac} " "&& ip6.src == ${server_ip} && udp && udp.src == 547 " "&& udp.dst == 546", - .actions = if (has_stateful) "ct_commit; next;" else "next;", + .actions = if (has_stateful) i"ct_commit; next;" else i"next;", .stage_hint = stage_hint(dhcpv6_options._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -2929,32 +2934,32 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_QOS_MARK(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_QOS_MARK(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_QOS_METER(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_QOS_METER(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -2970,8 +2975,8 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = qos.priority, - .__match = qos.__match, - .actions = "ip.dscp = ${value_action}; next;", + .__match = qos.__match.intern(), + .actions = i"ip.dscp = ${value_action}; next;", .stage_hint = stage_hint(qos._uuid), .io_port = None, .controller_meter = None) @@ -2995,9 +3000,9 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { if (rate != 0) { var stage = if (ingress) { s_SWITCH_IN_QOS_METER() } else { s_SWITCH_OUT_QOS_METER() } in var meter_action = if (burst != 0) { - "set_meter(${rate}, ${burst}); next;" + i"set_meter(${rate}, ${burst}); next;" } else { - "set_meter(${rate}); next;" + i"set_meter(${rate}); next;" } in /* Ingress and Egress QoS Meter Table. * @@ -3006,7 +3011,7 @@ for (SwitchQoS(.sw = sw, .qos = qos)) { Flow(.logical_datapath = sw._uuid, .stage = stage, .priority = qos.priority, - .__match = qos.__match, + .__match = qos.__match.intern(), .actions = meter_action, .stage_hint = stage_hint(qos._uuid), .io_port = None, @@ -3022,16 +3027,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_STATEFUL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_STATEFUL(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -3043,16 +3048,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_STATEFUL(), .priority = 100, - .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", - .actions = "ct_commit { ct_label.blocked = 0; }; next;", + .__match = i"${rEGBIT_CONNTRACK_COMMIT()} == 1", + .actions = i"ct_commit { ct_label.blocked = 0; }; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_STATEFUL(), .priority = 100, - .__match = "${rEGBIT_CONNTRACK_COMMIT()} == 1", - .actions = "ct_commit { ct_label.blocked = 0; }; next;", + .__match = i"${rEGBIT_CONNTRACK_COMMIT()} == 1", + .actions = i"ct_commit { ct_label.blocked = 0; }; next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -3154,8 +3159,8 @@ function build_lb_vip_actions(lbvip: Intern, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_STATEFUL(), .priority = priority, - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .io_port = None, .controller_meter = meter, .stage_hint = stage_hint(lb._uuid)) :- @@ -3196,8 +3201,8 @@ Flow(.logical_datapath = sw._uuid, Flow(.logical_datapath = ls_uuid, .stage = stage, .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -3214,8 +3219,8 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PRE_HAIRPIN(), .priority = 100, - .__match = "ip && ct.trk", - .actions = "${rEGBIT_HAIRPIN()} = chk_lb_hairpin(); " + .__match = i"ip && ct.trk", + .actions = i"${rEGBIT_HAIRPIN()} = chk_lb_hairpin(); " "${rEGBIT_HAIRPIN_REPLY()} = chk_lb_hairpin_reply(); " "next;", .stage_hint = stage_hint(ls_uuid), @@ -3227,8 +3232,8 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_NAT_HAIRPIN(), .priority = 100, - .__match = "ip && ct.new && ct.trk && ${rEGBIT_HAIRPIN()} == 1", - .actions = "ct_snat_to_vip; next;", + .__match = i"ip && ct.new && ct.trk && ${rEGBIT_HAIRPIN()} == 1", + .actions = i"ct_snat_to_vip; next;", .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3239,8 +3244,8 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_NAT_HAIRPIN(), .priority = 100, - .__match = "ip && ct.est && ct.trk && ${rEGBIT_HAIRPIN()} == 1", - .actions = "ct_snat;", + .__match = i"ip && ct.est && ct.trk && ${rEGBIT_HAIRPIN()} == 1", + .actions = i"ct_snat;", .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3249,8 +3254,8 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_NAT_HAIRPIN(), .priority = 90, - .__match = "ip && ${rEGBIT_HAIRPIN_REPLY()} == 1", - .actions = "ct_snat;", + .__match = i"ip && ${rEGBIT_HAIRPIN_REPLY()} == 1", + .actions = i"ct_snat;", .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None); @@ -3262,8 +3267,8 @@ for (&Switch(._uuid = ls_uuid, .has_lb_vip = true)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_HAIRPIN(), .priority = 1, - .__match = "(${rEGBIT_HAIRPIN()} == 1 || ${rEGBIT_HAIRPIN_REPLY()} == 1)", - .actions = "eth.dst <-> eth.src; outport = inport; flags.loopback = 1; output;", + .__match = i"(${rEGBIT_HAIRPIN()} == 1 || ${rEGBIT_HAIRPIN_REPLY()} == 1)", + .actions = i"eth.dst <-> eth.src; outport = inport; flags.loopback = 1; output;", .stage_hint = stage_hint(ls_uuid), .io_port = None, .controller_meter = None) @@ -3276,13 +3281,13 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses if lsp.is_enabled() and lsp.__type != "external") { for (pbinding in sb::Out_Port_Binding(.logical_port = lsp.name)) { var __match = if (ps_eth_addresses.is_empty()) { - "inport == ${json_name}" + i"inport == ${json_name}" } else { - "inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\" \")}}" + i"inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\" \")}}" } in var actions = match (pbinding.options.get("qdisc_queue_id")) { - None -> "next;", - Some{id} -> "set_queue(${id}); next;" + None -> i"next;", + Some{id} -> i"set_queue(${id}); next;" } in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_L2(), @@ -3316,7 +3321,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) port.lsp.__type != "external") { if (ps.ipv4_addrs.len() > 0) { - var dhcp_match = "inport == ${port.json_name}" + var dhcp_match = i"inport == ${port.json_name}" " && eth.src == ${ps.ea}" " && ip4.src == 0.0.0.0" " && ip4.dst == 255.255.255.255" @@ -3325,7 +3330,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 90, .__match = dhcp_match, - .actions = "next;", + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) @@ -3349,15 +3354,15 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } }; if (ps.ipv6_addrs.len() > 0) { - var dad_match = "inport == ${port.json_name}" + var dad_match = i"inport == ${port.json_name}" " && eth.src == ${ps.ea}" " && ip6.src == ::" " && ip6.dst == ff02::/16" @@ -3367,7 +3372,7 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 90, .__match = dad_match, - .actions = "next;", + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = None, .controller_meter = None) @@ -3378,20 +3383,20 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) } }; - var __match = "inport == ${port.json_name} && eth.src == ${ps.ea} && ip" in + var __match = i"inport == ${port.json_name} && eth.src == ${ps.ea} && ip" in { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 80, .__match = __match, - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) @@ -3440,8 +3445,8 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_ND(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) @@ -3454,8 +3459,8 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_ND(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) @@ -3464,8 +3469,8 @@ for (SwitchPortPSAddresses(.port = port@&SwitchPort{.sw = sw}, .ps_addrs = ps) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_PORT_SEC_ND(), .priority = 80, - .__match = "inport == ${port.json_name} && (arp || nd)", - .actions = "drop;", + .__match = i"inport == ${port.json_name} && (arp || nd)", + .actions = i"drop;", .stage_hint = stage_hint(port.lsp._uuid), .io_port = Some{port.lsp.name}, .controller_meter = None) @@ -3478,16 +3483,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PORT_SEC_ND(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PORT_SEC_IP(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -3503,8 +3508,8 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name) Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 100, - .__match = "inport == ${json_name}", - .actions = "next;", + .__match = i"inport == ${json_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -3526,10 +3531,10 @@ function lsp_is_up(lsp: Intern): bool = { Flow(.logical_datapath = sp.sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 100, - .__match = "inport == ${vp.json_name} && " + .__match = i"inport == ${vp.json_name} && " "((arp.op == 1 && arp.spa == ${virtual_ip} && arp.tpa == ${virtual_ip}) || " "(arp.op == 2 && arp.spa == ${virtual_ip}))", - .actions = "bind_vport(${sp.json_name}, inport); next;", + .actions = i"bind_vport(${sp.json_name}, inport); next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{vp.lsp.name}, .controller_meter = None) :- @@ -3559,7 +3564,7 @@ for (CheckLspIsUp[check_lsp_is_up]) { { var __match = "arp.tpa == ${addr.addr} && arp.op == 1" in { - var actions = "eth.dst = eth.src; " + var actions = i"eth.dst = eth.src; " "eth.src = ${ea}; " "arp.op = 2; /* ARP reply */ " "arp.tha = arp.sha; " @@ -3572,7 +3577,7 @@ for (CheckLspIsUp[check_lsp_is_up]) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 50, - .__match = __match, + .__match = __match.intern(), .actions = actions, .stage_hint = stage_hint(lsp._uuid), .io_port = None, @@ -3593,8 +3598,8 @@ for (CheckLspIsUp[check_lsp_is_up]) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 100, - .__match = __match ++ " && inport == ${json_name}", - .actions = "next;", + .__match = i"${__match} && inport == ${json_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -3605,7 +3610,7 @@ for (CheckLspIsUp[check_lsp_is_up]) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 50, - .__match = __match, + .__match = __match.intern(), .actions = __actions, .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, @@ -3632,7 +3637,7 @@ Flow(.logical_datapath = sw._uuid, }, proxy_ips != "", var __match = "arp.op == 1 && arp.tpa == {" ++ proxy_ips ++ "}", - var __actions = "eth.dst = eth.src; " + var __actions = i"eth.dst = eth.src; " "eth.src = ${rp.networks.ea}; " "arp.op = 2; /* ARP reply */ " "arp.tha = arp.sha; " @@ -3653,7 +3658,7 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam not sw.is_vlan_transparent) { var __match = "nd_ns && ip6.dst == {${addr.addr}, ${addr.solicited_node()}} && nd.target == ${addr.addr}" in - var actions = "${if (lsp.__type == \"router\") \"nd_na_router\" else \"nd_na\"} { " + var actions = i"${if (lsp.__type == \"router\") \"nd_na_router\" else \"nd_na\"} { " "eth.src = ${ea}; " "ip6.src = ${addr.addr}; " "nd.target = ${addr.addr}; " @@ -3666,7 +3671,7 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 50, - .__match = __match, + .__match = __match.intern(), .actions = actions, .io_port = None, .controller_meter = sw.copp.get(cOPP_ND_NA()), @@ -3677,8 +3682,8 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 100, - .__match = __match ++ " && inport == ${json_name}", - .actions = "next;", + .__match = i"${__match} && inport == ${json_name}", + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -3691,8 +3696,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -3703,8 +3708,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = sp.sw._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 110, - .__match = "arp.tpa == ${svc_mon_src_ip} && arp.op == 1", - .actions = "eth.dst = eth.src; " + .__match = i"arp.tpa == ${svc_mon_src_ip} && arp.op == 1", + .actions = i"eth.dst = eth.src; " "eth.src = ${svc_monitor_mac}; " "arp.op = 2; /* ARP reply */ " "arp.tha = arp.sha; " @@ -3729,7 +3734,7 @@ function build_dhcpv4_action( lsp_json_key: string, dhcpv4_options: Intern, offer_ip: in_addr, - lsp_options: Map) : Option<(string, string, string)> = + lsp_options: Map) : Option<(istring, istring, string)> = { match (ip_parse_masked(dhcpv4_options.cidr)) { Left{err} -> { @@ -3768,13 +3773,13 @@ function build_dhcpv4_action( }; var options_action = "${rEGBIT_DHCP_OPTS_RESULT()} = put_dhcp_opts(offerip = ${offer_ip}, " ++ options.join(", ") ++ "); next;"; - var response_action = "eth.dst = eth.src; eth.src = ${server_mac}; " + var response_action = i"eth.dst = eth.src; eth.src = ${server_mac}; " "ip4.src = ${server_ip}; udp.src = 67; " "udp.dst = 68; outport = inport; flags.loopback = 1; " "output;"; var ipv4_addr_match = "ip4.src == ${offer_ip} && ip4.dst == {${server_ip}, 255.255.255.255}"; - Some{(options_action, response_action, ipv4_addr_match)} + Some{(options_action.intern(), response_action, ipv4_addr_match)} }, _ -> { /* "server_id", "server_mac" and "lease_time" should be @@ -3792,7 +3797,7 @@ function build_dhcpv4_action( function build_dhcpv6_action( lsp_json_key: string, dhcpv6_options: Intern, - offer_ip: in6_addr): Option<(string, string)> = + offer_ip: in6_addr): Option<(istring, istring)> = { match (ipv6_parse_masked(dhcpv6_options.cidr)) { Left{err} -> { @@ -3844,11 +3849,11 @@ function build_dhcpv6_action( var options_action = "${rEGBIT_DHCP_OPTS_RESULT()} = put_dhcpv6_opts(" ++ options.join(", ") ++ "); next;"; - var response_action = "eth.dst = eth.src; eth.src = ${server_mac}; " + var response_action = i"eth.dst = eth.src; eth.src = ${server_mac}; " "ip6.dst = ip6.src; ip6.src = ${server_ip}; udp.src = 547; " "udp.dst = 546; outport = inport; flags.loopback = 1; " "output;"; - Some{(options_action, response_action)} + Some{(options_action.intern(), response_action)} } } } @@ -3924,9 +3929,9 @@ for (lsp in &SwitchPort build_dhcpv4_action(json_key, dhcpv4_options, addr.addr, lsp.lsp.options) in { var __match = - pfx ++ "eth.src == ${ea} && " + (pfx ++ "eth.src == ${ea} && " "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " - "udp.src == 68 && udp.dst == 67" ++ sfx + "udp.src == 68 && udp.dst == 67" ++ sfx).intern() in Flow(.logical_datapath = lsuuid, .stage = s_SWITCH_IN_DHCP_OPTIONS(), @@ -3950,7 +3955,7 @@ for (lsp in &SwitchPort Flow(.logical_datapath = lsuuid, .stage = s_SWITCH_IN_DHCP_OPTIONS(), .priority = 100, - .__match = __match, + .__match = __match.intern(), .actions = options_action, .io_port = None, .controller_meter = lsp.sw.copp.get(cOPP_DHCPV4_OPTS()), @@ -3964,7 +3969,7 @@ for (lsp in &SwitchPort Flow(.logical_datapath = lsuuid, .stage = s_SWITCH_IN_DHCP_RESPONSE(), .priority = 100, - .__match = __match, + .__match = __match.intern(), .actions = response_action, .stage_hint = stage_hint(lsp.lsp._uuid), .io_port = None, @@ -3993,7 +3998,7 @@ for (lsp in &SwitchPort Flow(.logical_datapath = lsuuid, .stage = s_SWITCH_IN_DHCP_OPTIONS(), .priority = 100, - .__match = __match, + .__match = __match.intern(), .actions = options_action, .io_port = None, .controller_meter = lsp.sw.copp.get(cOPP_DHCPV6_OPTS()), @@ -4004,7 +4009,7 @@ for (lsp in &SwitchPort Flow(.logical_datapath = lsuuid, .stage = s_SWITCH_IN_DHCP_RESPONSE(), .priority = 100, - .__match = __match ++ " && ${rEGBIT_DHCP_OPTS_RESULT()}", + .__match = (__match ++ " && ${rEGBIT_DHCP_OPTS_RESULT()}").intern(), .actions = response_action, .stage_hint = stage_hint(lsp.lsp._uuid), .io_port = None, @@ -4030,31 +4035,31 @@ for (LogicalSwitchHasDNSRecords(ls, true)) Flow(.logical_datapath = ls, .stage = s_SWITCH_IN_DNS_LOOKUP(), .priority = 100, - .__match = "udp.dst == 53", - .actions = "${rEGBIT_DNS_LOOKUP_RESULT()} = dns_lookup(); next;", + .__match = i"udp.dst == 53", + .actions = i"${rEGBIT_DNS_LOOKUP_RESULT()} = dns_lookup(); next;", .stage_hint = 0, .io_port = None, .controller_meter = None); - var action = "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " + var action = i"eth.dst <-> eth.src; ip4.src <-> ip4.dst; " "udp.dst = udp.src; udp.src = 53; outport = inport; " "flags.loopback = 1; output;" in Flow(.logical_datapath = ls, .stage = s_SWITCH_IN_DNS_RESPONSE(), .priority = 100, - .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", + .__match = i"udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, .stage_hint = 0, .io_port = None, .controller_meter = None); - var action = "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " + var action = i"eth.dst <-> eth.src; ip6.src <-> ip6.dst; " "udp.dst = udp.src; udp.src = 53; outport = inport; " "flags.loopback = 1; output;" in Flow(.logical_datapath = ls, .stage = s_SWITCH_IN_DNS_RESPONSE(), .priority = 100, - .__match = "udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", + .__match = i"udp.dst == 53 && ${rEGBIT_DNS_LOOKUP_RESULT()}", .actions = action, .stage_hint = 0, .io_port = None, @@ -4073,8 +4078,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DHCP_OPTIONS(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4082,8 +4087,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DHCP_RESPONSE(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4091,8 +4096,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DNS_LOOKUP(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4100,8 +4105,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DNS_RESPONSE(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4109,8 +4114,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_EXTERNAL_PORT(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -4119,8 +4124,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 110, - .__match = "eth.dst == $svc_monitor_mac", - .actions = "handle_svc_check(inport);", + .__match = i"eth.dst == $svc_monitor_mac", + .actions = i"handle_svc_check(inport);", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -4138,20 +4143,20 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) var igmp_act = { if (flood_reports) { var mrouter_static = json_string_escape(mC_MROUTER_STATIC().0); - "clone { " + i"clone { " "outport = ${mrouter_static}; " "output; " "};igmp;" } else { - "igmp;" + i"igmp;" } } in { /* Punt IGMP traffic to controller. */ Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 100, - .__match = "ip4 && ip.proto == 2", - .actions = "${igmp_act}", + .__match = i"ip4 && ip.proto == 2", + .actions = i"${igmp_act}", .io_port = None, .controller_meter = controller_meter, .stage_hint = 0); @@ -4160,8 +4165,8 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 100, - .__match = "mldv1 || mldv2", - .actions = "${igmp_act}", + .__match = i"mldv1 || mldv2", + .actions = igmp_act, .io_port = None, .controller_meter = controller_meter, .stage_hint = 0); @@ -4173,8 +4178,8 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 85, - .__match = "ip4.mcast && ip4.dst == 224.0.0.0/24", - .actions = "outport = ${flood}; output;", + .__match = i"ip4.mcast && ip4.dst == 224.0.0.0/24", + .actions = i"outport = ${flood}; output;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4186,8 +4191,8 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 85, - .__match = "ip6.mcast_flood", - .actions = "outport = ${flood}; output;", + .__match = i"ip6.mcast_flood", + .actions = i"outport = ${flood}; output;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4227,10 +4232,9 @@ for (sw in &Switch(._uuid = ls_uuid, .mcast_cfg = mcast_cfg) Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 80, - .__match = "ip4.mcast || ip6.mcast", - .actions = - "${relay_act}${static_act}${drop_act}", - .stage_hint = 0, + .__match = i"ip4.mcast || ip6.mcast", + .actions = i"${relay_act}${static_act}${drop_act}", + .stage_hint = 0, .io_port = None, .controller_meter = None) } @@ -4283,9 +4287,9 @@ for (IgmpSwitchMulticastGroup(.address = address, .switch = sw)) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 90, - .__match = "eth.mcast && ${ipX} && ${ipX}.dst == ${address}", + .__match = i"eth.mcast && ${ipX} && ${ipX}.dst == ${address}", .actions = - "${relay_act} ${static_act} outport = \"${address}\"; " + i"${relay_act} ${static_act} outport = \"${address}\"; " "output;", .stage_hint = 0, .io_port = None, @@ -4305,11 +4309,11 @@ for (IgmpSwitchMulticastGroup(.address = address, .switch = sw)) { Flow(.logical_datapath = sp.sw._uuid, .stage = s_SWITCH_IN_EXTERNAL_PORT(), .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + .__match = (i"inport == ${json_string_escape(localnet_port.1)} && " "eth.src == ${lp_addr.ea} && " "!is_chassis_resident(${sp.json_name}) && " "arp.tpa == ${rp_addr.addr} && arp.op == 1"), - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- @@ -4323,12 +4327,12 @@ Flow(.logical_datapath = sp.sw._uuid, Flow(.logical_datapath = sp.sw._uuid, .stage = s_SWITCH_IN_EXTERNAL_PORT(), .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + .__match = (i"inport == ${json_string_escape(localnet_port.1)} && " "eth.src == ${lp_addr.ea} && " "!is_chassis_resident(${sp.json_name}) && " "nd_ns && ip6.dst == {${rp_addr.addr}, ${rp_addr.solicited_node()}} && " "nd.target == ${rp_addr.addr}"), - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- @@ -4342,11 +4346,11 @@ Flow(.logical_datapath = sp.sw._uuid, Flow(.logical_datapath = sp.sw._uuid, .stage = s_SWITCH_IN_EXTERNAL_PORT(), .priority = 100, - .__match = ("inport == ${json_string_escape(localnet_port.1)} && " + .__match = (i"inport == ${json_string_escape(localnet_port.1)} && " "eth.src == ${lp_addr.ea} && " "eth.dst == ${ea} && " "!is_chassis_resident(${sp.json_name})"), - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = Some{localnet_port.1}, .controller_meter = None) :- @@ -4365,8 +4369,8 @@ for (ls in nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 70, - .__match = "eth.mcast", - .actions = "outport = ${mc_flood}; output;", + .__match = i"eth.mcast", + .actions = i"outport = ${mc_flood}; output;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -4380,8 +4384,8 @@ for (SwitchPortStaticAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 50, - .__match = "eth.dst == ${addrs.ea}", - .actions = "outport = ${json_name}; output;", + .__match = i"eth.dst == ${addrs.ea}", + .actions = i"outport = ${json_name}; output;", .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) @@ -4444,9 +4448,9 @@ Flow(.logical_datapath = sw._uuid, eth_src_set }, var eth_src = "{" ++ eth_src_set.to_vec().join(", ") ++ "}", - var __match = "eth.src == ${eth_src} && (arp.op == 1 || nd_ns)", + var __match = i"eth.src == ${eth_src} && (arp.op == 1 || nd_ns)", var mc_flood_l2 = json_string_escape(mC_FLOOD_L2().0), - var actions = "outport = ${mc_flood_l2}; output;". + var actions = i"outport = ${mc_flood_l2}; output;". /* Forward ARP requests for owned IP addresses (L3, VIP, NAT) only to this * router port. @@ -4544,13 +4548,12 @@ relation &SwitchPortARPForwards( Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 80, - .__match = fLAGBIT_NOT_VXLAN() ++ - " && arp.op == 1 && arp.tpa == " ++ ipv4, + .__match = i"${fLAGBIT_NOT_VXLAN()} && arp.op == 1 && arp.tpa == ${ipv4}", .actions = if (sw.has_non_router_port) { - "clone {outport = ${sp.json_name}; output; }; " + i"clone {outport = ${sp.json_name}; output; }; " "outport = ${mc_flood_l2}; output;" } else { - "outport = ${sp.json_name}; output;" + i"outport = ${sp.json_name}; output;" }, .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, @@ -4563,13 +4566,12 @@ Flow(.logical_datapath = sw._uuid, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 80, - .__match = fLAGBIT_NOT_VXLAN() ++ - " && nd_ns && nd.target == " ++ ipv6, + .__match = i"${fLAGBIT_NOT_VXLAN()} && nd_ns && nd.target == ${ipv6}", .actions = if (sw.has_non_router_port) { - "clone {outport = ${sp.json_name}; output; }; " + i"clone {outport = ${sp.json_name}; output; }; " "outport = ${mc_flood_l2}; output;" } else { - "outport = ${sp.json_name}; output;" + i"outport = ${sp.json_name}; output;" }, .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, @@ -4583,9 +4585,8 @@ Flow(.logical_datapath = sw._uuid, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 90, - .__match = fLAGBIT_NOT_VXLAN() ++ - " && arp.op == 1 && arp.tpa == " ++ ipv4, - .actions = "outport = ${flood}; output;", + .__match = i"${fLAGBIT_NOT_VXLAN()} && arp.op == 1 && arp.tpa == ${ipv4}", + .actions = i"outport = ${flood}; output;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- @@ -4598,9 +4599,8 @@ Flow(.logical_datapath = sw._uuid, Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 90, - .__match = fLAGBIT_NOT_VXLAN() ++ - " && nd_ns && nd.target == " ++ ipv6, - .actions = "outport = ${flood}; output;", + .__match = i"${fLAGBIT_NOT_VXLAN()} && nd_ns && nd.target == ${ipv6}", + .actions = i"outport = ${flood}; output;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- @@ -4616,8 +4616,8 @@ for (SwitchPortNewDynamicAddress(.port = &SwitchPort{.lsp = lsp, .json_name = js Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 50, - .__match = "eth.dst == ${addrs.ea}", - .actions = "outport = ${json_name}; output;", + .__match = i"eth.dst == ${addrs.ea}", + .actions = i"outport = ${json_name}; output;", .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) @@ -4660,15 +4660,15 @@ for (&SwitchPort(.lsp = lsp, /* The destination lookup flow for the router's * distributed gateway port MAC address should only be * programmed on the "redirect-chassis". */ - "eth.dst == ${mac} && is_chassis_resident(${redirect_port_name})" + i"eth.dst == ${mac} && is_chassis_resident(${redirect_port_name})" } else { - "eth.dst == ${mac}" + i"eth.dst == ${mac}" } in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 50, .__match = __match, - .actions = "outport = ${json_name}; output;", + .actions = i"outport = ${json_name}; output;", .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None); @@ -4681,12 +4681,12 @@ for (&SwitchPort(.lsp = lsp, Some{var lport} = nat.nat.logical_port in Some{var emac} = nat.nat.external_mac in Some{var nat_mac} = eth_addr_from_string(emac) in - var __match = "eth.dst == ${nat_mac} && is_chassis_resident(${json_string_escape(lport)})" in + var __match = i"eth.dst == ${nat_mac} && is_chassis_resident(${json_string_escape(lport)})" in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 50, .__match = __match, - .actions = "outport = ${json_name}; output;", + .actions = i"outport = ${json_name}; output;", .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -4709,8 +4709,8 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_LKUP(), .priority = 0, - .__match = "1", - .actions = "outport = get_fdb(eth.dst); next;", + .__match = i"1", + .actions = i"outport = get_fdb(eth.dst); next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -4718,12 +4718,12 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_UNKNOWN(), .priority = 50, - .__match = "outport == \"none\"", + .__match = i"outport == \"none\"", .actions = if (sw.has_unknown_ports) { var mc_unknown = json_string_escape(mC_UNKNOWN().0); - "outport = ${mc_unknown}; output;" + i"outport = ${mc_unknown}; output;" } else { - "drop;" + i"drop;" }, .stage_hint = 0, .io_port = None, @@ -4732,8 +4732,8 @@ for (sw in &Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_L2_UNKNOWN(), .priority = 0, - .__match = "1", - .actions = "output;", + .__match = i"1", + .actions = i"output;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -4745,16 +4745,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PORT_SEC_IP(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_OUT_PORT_SEC_L2(), .priority = 100, - .__match = "eth.mcast", - .actions = "output;", + .__match = i"eth.mcast", + .actions = i"output;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -4763,16 +4763,16 @@ for (&Switch(._uuid = ls_uuid)) { Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_LOOKUP_FDB(), .priority = 100, - .__match = "inport == ${sp.json_name}", - .actions = "$[rEGBIT_LKUP_FDB()} = lookup_fdb(inport, eth.src); next;", + .__match = i"inport == ${sp.json_name}", + .actions = i"$[rEGBIT_LKUP_FDB()} = lookup_fdb(inport, eth.src); next;", .stage_hint = stage_hint(lsp_uuid), .io_port = Some{sp.lsp.name}, .controller_meter = None), Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_LOOKUP_FDB(), .priority = 100, - .__match = "inport == ${sp.json_name} && ${rEGBIT_LKUP_FDB()} == 0", - .actions = "put_fdb(inport, eth.src); next;", + .__match = i"inport == ${sp.json_name} && ${rEGBIT_LKUP_FDB()} == 0", + .actions = i"put_fdb(inport, eth.src); next;", .stage_hint = stage_hint(lsp_uuid), .io_port = Some{sp.lsp.name}, .controller_meter = None) :- @@ -4783,16 +4783,16 @@ Flow(.logical_datapath = ls_uuid, Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_LOOKUP_FDB(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None), Flow(.logical_datapath = ls_uuid, .stage = s_SWITCH_IN_PUT_FDB(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -4811,7 +4811,7 @@ Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_L2(), .priority = 50, .__match = __match, - .actions = queue_action ++ "output;", + .actions = i"${queue_action}output;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) :- @@ -4819,9 +4819,9 @@ Flow(.logical_datapath = sw._uuid, lsp.is_enabled(), lsp.__type != "external", var __match = if (ps_eth_addresses.is_empty()) { - "outport == ${json_name}" + i"outport == ${json_name}" } else { - "outport == ${json_name} && eth.dst == {${ps_eth_addresses.join(\" \")}}" + i"outport == ${json_name} && eth.dst == {${ps_eth_addresses.join(\" \")}}" }, pbinding in sb::Out_Port_Binding(.logical_port = lsp.name), var queue_action = match ((lsp.__type, @@ -4835,8 +4835,8 @@ for (&SwitchPort(.lsp = lsp, .json_name = json_name, .sw = sw)) { Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_L2(), .priority = 150, - .__match = "outport == {$json_name}", - .actions = "drop;", + .__match = i"outport == {$json_name}", + .actions = i"drop;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -4870,8 +4870,8 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_IP(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -4882,18 +4882,18 @@ for (SwitchPortPSAddresses(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_IP(), .priority = 90, - .__match = __match, - .actions = "next;", + .__match = __match.intern(), + .actions = i"next;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) }; - var __match = "outport == ${json_name} && eth.dst == ${ps.ea} && ip" in + var __match = i"outport == ${json_name} && eth.dst == ${ps.ea} && ip" in Flow(.logical_datapath = sw._uuid, .stage = s_SWITCH_OUT_PORT_SEC_IP(), .priority = 80, .__match = __match, - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(lsp._uuid), .io_port = Some{lsp.name}, .controller_meter = None) @@ -4906,8 +4906,8 @@ for (&Router(._uuid = lr_uuid)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ADMISSION(), .priority = 100, - .__match = "vlan.present || eth.src[40]", - .actions = "drop;", + .__match = i"vlan.present || eth.src[40]", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -4943,8 +4943,8 @@ for (&RouterPort(.lrp = lrp, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_ADMISSION(), .priority = 50, - .__match = "eth.mcast && inport == ${json_name}", - .actions = actions, + .__match = i"eth.mcast && inport == ${json_name}", + .actions = actions.intern(), .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None); @@ -4959,8 +4959,8 @@ for (&RouterPort(.lrp = lrp, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_ADMISSION(), .priority = 50, - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) @@ -5014,34 +5014,34 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, - .__match = "arp.op == 2", + .__match = i"arp.op == 2", .actions = - "${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " ++ - { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ - "next;", + ("${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " ++ + { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ + "next;").intern(), .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, - .__match = "nd_na", + .__match = i"nd_na", .actions = - "${rLNR} = lookup_nd(inport, nd.target, nd.tll); " ++ - { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ - "next;", + ("${rLNR} = lookup_nd(inport, nd.target, nd.tll); " ++ + { if (learn_from_arp_request) "" else "${rLNIR} = 1; " } ++ + "next;").intern(), .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, - .__match = "nd_ns", + .__match = i"nd_ns", .actions = - "${rLNR} = lookup_nd(inport, ip6.src, nd.sll); " ++ - { if (learn_from_arp_request) "" else - "${rLNIR} = lookup_nd_ip(inport, ip6.src); " } ++ - "next;", + ("${rLNR} = lookup_nd(inport, ip6.src, nd.sll); " ++ + { if (learn_from_arp_request) "" else + "${rLNIR} = lookup_nd_ip(inport, ip6.src); " } ++ + "next;").intern(), .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5051,8 +5051,8 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 0, - .__match = "1", - .actions = "${rLNR} = 1; next;", + .__match = i"1", + .actions = i"${rLNR} = 1; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5063,33 +5063,33 @@ var rLNIR = rEGBIT_LOOKUP_NEIGHBOR_IP_RESULT() in .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 100, .__match = - "${rLNR} == 1" ++ - { if (learn_from_arp_request) "" else " || ${rLNIR} == 0" }, - .actions = "next;", + ("${rLNR} == 1" ++ + { if (learn_from_arp_request) "" else " || ${rLNIR} == 0" }).intern(), + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 90, - .__match = "arp", - .actions = "put_arp(inport, arp.spa, arp.sha); next;", + .__match = i"arp", + .actions = i"put_arp(inport, arp.spa, arp.sha); next;", .io_port = None, .controller_meter = copp.get(cOPP_ARP()), .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 90, - .__match = "nd_na", - .actions = "put_nd(inport, nd.target, nd.tll); next;", + .__match = i"nd_na", + .actions = i"put_nd(inport, nd.target, nd.tll); next;", .io_port = None, .controller_meter = copp.get(cOPP_ND_NA()), .stage_hint = 0); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LEARN_NEIGHBOR(), .priority = 90, - .__match = "nd_ns", - .actions = "put_nd(inport, ip6.src, nd.sll); next;", + .__match = i"nd_ns", + .actions = i"put_nd(inport, ip6.src, nd.sll); next;", .io_port = None, .controller_meter = copp.get(cOPP_ND_NS()), .stage_hint = 0) @@ -5112,13 +5112,13 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { * so add a priority-110 flow to set * REGBIT_LOOKUP_NEIGHBOR_IP_RESULT to 1. */ var __match = [match0, "arp.tpa == ${addr.addr}", match1] in - var actions = "${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " + var actions = i"${rLNR} = lookup_arp(inport, arp.spa, arp.sha); " "${rLNIR} = 1; " "next;" in Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 110, - .__match = __match.join(" && "), + .__match = __match.join(" && ").intern(), .actions = actions, .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, @@ -5132,8 +5132,8 @@ for (RouterPortNetworksIPv4Addr(rp@&RouterPort{.router = router}, addr)) { Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_LOOKUP_NEIGHBOR(), .priority = 100, - .__match = "${match0} && ${match1}", - .actions = actions, + .__match = i"${match0} && ${match1}", + .actions = actions.intern(), .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) @@ -5149,13 +5149,13 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 100, - .__match = "ip4.src_mcast ||" + .__match = i"ip4.src_mcast ||" "ip4.src == 255.255.255.255 || " "ip4.src == 127.0.0.0/8 || " "ip4.dst == 127.0.0.0/8 || " "ip4.src == 0.0.0.0/8 || " "ip4.dst == 0.0.0.0/8", - .actions = "drop;", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5168,8 +5168,8 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 85, - .__match = "arp || nd", - .actions = "drop;", + .__match = i"arp || nd", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5180,8 +5180,8 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 84, - .__match = "nd_rs || nd_ra", - .actions = "next;", + .__match = i"nd_rs || nd_ra", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5190,18 +5190,18 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 83, - .__match = "ip6.mcast_rsvd", - .actions = "drop;", + .__match = i"ip6.mcast_rsvd", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None); /* Allow other multicast if relay enabled (priority 82). */ - var mcast_action = { if (mcast_cfg.relay) { "next;" } else { "drop;" } } in + var mcast_action = { if (mcast_cfg.relay) { i"next;" } else { i"drop;" } } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 82, - .__match = "ip4.mcast || ip6.mcast", + .__match = i"ip4.mcast || ip6.mcast", .actions = mcast_action, .stage_hint = 0, .io_port = None, @@ -5212,8 +5212,8 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 50, - .__match = "eth.bcast", - .actions = "drop;", + .__match = i"eth.bcast", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5223,8 +5223,8 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { .logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 30, - .__match = "ip4 && ip.ttl == {0, 1}", - .actions = "drop;", + .__match = i"ip4 && ip.ttl == {0, 1}", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5234,8 +5234,8 @@ for (router in &Router(._uuid = lr_uuid, .mcast_cfg = mcast_cfg)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -5323,8 +5323,8 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 100, - .__match = __match, - .actions = "drop;", + .__match = __match.intern(), + .actions = i"drop;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None); @@ -5340,8 +5340,8 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 90, - .__match = __match, - .actions = "ip4.dst <-> ip4.src; " + .__match = __match.intern(), + .actions = i"ip4.dst <-> ip4.src; " "ip.ttl = 255; " "icmp4.type = 0; " "flags.loopback = 1; " @@ -5464,7 +5464,7 @@ relation LogicalRouterArpFlow( Flow(.logical_datapath = lr._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = priority, - .__match = __match, + .__match = __match.intern(), .actions = actions, .stage_hint = stage_hint, .io_port = None, @@ -5483,9 +5483,9 @@ Flow(.logical_datapath = lr._uuid, clauses.join(" && ") }, var actions = if (drop) { - "drop;" + i"drop;" } else { - "eth.dst = eth.src; " + i"eth.dst = eth.src; " "eth.src = ${mac}; " "arp.op = 2; /* ARP reply */ " "arp.tha = arp.sha; " @@ -5510,7 +5510,7 @@ relation LogicalRouterNdFlow( Flow(.logical_datapath = lr._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = priority, - .__match = __match, + .__match = __match.intern(), .actions = actions, .io_port = None, .controller_meter = controller_meter, @@ -5533,9 +5533,9 @@ Flow(.logical_datapath = lr._uuid, clauses.join(" && ") }, (var actions, var controller_meter) = if (drop) { - ("drop;", None) + (i"drop;", None) } else { - ("${action} { " + (i"${action} { " "eth.src = ${mac}; " "ip6.src = ${ip}; " "nd.target = ${ip}; " @@ -5558,9 +5558,9 @@ for (RouterPortNetworksIPv4Addr(.port = &RouterPort{.lrp = lrp, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 40, - .__match = "inport == ${json_name} && ip4 && " + .__match = i"inport == ${json_name} && ip4 && " "ip.ttl == {0, 1} && !ip.later_frag", - .actions = "icmp4 {" + .actions = i"icmp4 {" "eth.dst <-> eth.src; " "icmp4.type = 11; /* Time exceeded */ " "icmp4.code = 0; /* TTL exceeded in transit */ " @@ -5646,8 +5646,8 @@ var residence_check = match (is_redirect) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 60, - .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", - .actions = "drop;", + .__match = ("ip4.dst == {" ++ match_ips.join(", ") ++ "}").intern(), + .actions = i"drop;", .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- @@ -5662,8 +5662,8 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 60, - .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", - .actions = "drop;", + .__match = ("ip6.dst == {" ++ match_ips.join(", ") ++ "}").intern(), + .actions = i"drop;", .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- @@ -5686,12 +5686,12 @@ for (RouterPortNetworksIPv4Addr( .addr = addr)) { /* UDP/TCP/SCTP port unreachable. */ - var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && udp" in + var __match = i"ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && udp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "icmp4 {" + .actions = i"icmp4 {" "eth.dst <-> eth.src; " "ip4.dst <-> ip4.src; " "ip.ttl = 255; " @@ -5702,12 +5702,12 @@ for (RouterPortNetworksIPv4Addr( .controller_meter = copp.get(cOPP_ICMP4_ERR()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && tcp" in + var __match = i"ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && tcp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "tcp_reset {" + .actions = i"tcp_reset {" "eth.dst <-> eth.src; " "ip4.dst <-> ip4.src; " "next; };", @@ -5715,12 +5715,12 @@ for (RouterPortNetworksIPv4Addr( .controller_meter = copp.get(cOPP_TCP_RESET()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && sctp" in + var __match = i"ip4 && ip4.dst == ${addr.addr} && !ip.later_frag && sctp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "sctp_abort {" + .actions = i"sctp_abort {" "eth.dst <-> eth.src; " "ip4.dst <-> ip4.src; " "next; };", @@ -5728,12 +5728,12 @@ for (RouterPortNetworksIPv4Addr( .controller_meter = copp.get(cOPP_TCP_RESET()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip4 && ip4.dst == ${addr.addr} && !ip.later_frag" in + var __match = i"ip4 && ip4.dst == ${addr.addr} && !ip.later_frag" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 70, .__match = __match, - .actions = "icmp4 {" + .actions = i"icmp4 {" "eth.dst <-> eth.src; " "ip4.dst <-> ip4.src; " "ip.ttl = 255; " @@ -5749,9 +5749,9 @@ for (RouterPortNetworksIPv4Addr( Flow(.logical_datapath = rp.router._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 100, - .__match = "ip6.dst == ${ipv6_addr.addr} " + .__match = i"ip6.dst == ${ipv6_addr.addr} " "&& udp.src == 547 && udp.dst == 546", - .actions = "reg0 = 0; handle_dhcpv6_reply;", + .actions = i"reg0 = 0; handle_dhcpv6_reply;", .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) :- @@ -5776,8 +5776,8 @@ for (&RouterPort(.router = router, .networks = networks, .lrp = lrp) Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 90, - .__match = __match, - .actions = "ip6.dst <-> ip6.src; " + .__match = __match.intern(), + .actions = i"ip6.dst <-> ip6.src; " "ip.ttl = 255; " "icmp6.type = 129; " "flags.loopback = 1; " @@ -5826,12 +5826,12 @@ for (RouterPortNetworksIPv6Addr( .json_name = json_name}, .addr = addr)) { - var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && tcp" in + var __match = i"ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && tcp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "tcp_reset {" + .actions = i"tcp_reset {" "eth.dst <-> eth.src; " "ip6.dst <-> ip6.src; " "next; };", @@ -5839,12 +5839,12 @@ for (RouterPortNetworksIPv6Addr( .controller_meter = copp.get(cOPP_TCP_RESET()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && sctp" in + var __match = i"ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && sctp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "sctp_abort {" + .actions = i"sctp_abort {" "eth.dst <-> eth.src; " "ip6.dst <-> ip6.src; " "next; };", @@ -5852,12 +5852,12 @@ for (RouterPortNetworksIPv6Addr( .controller_meter = copp.get(cOPP_TCP_RESET()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && udp" in + var __match = i"ip6 && ip6.dst == ${addr.addr} && !ip.later_frag && udp" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 80, .__match = __match, - .actions = "icmp6 {" + .actions = i"icmp6 {" "eth.dst <-> eth.src; " "ip6.dst <-> ip6.src; " "ip.ttl = 255; " @@ -5868,12 +5868,12 @@ for (RouterPortNetworksIPv6Addr( .controller_meter = copp.get(cOPP_ICMP6_ERR()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "ip6 && ip6.dst == ${addr.addr} && !ip.later_frag" in + var __match = i"ip6 && ip6.dst == ${addr.addr} && !ip.later_frag" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 70, .__match = __match, - .actions = "icmp6 {" + .actions = i"icmp6 {" "eth.dst <-> eth.src; " "ip6.dst <-> ip6.src; " "ip.ttl = 255; " @@ -5893,10 +5893,10 @@ for (RouterPortNetworksIPv6Addr(.port = &RouterPort{.router = router, /* skip link-local address */ if (not addr.is_lla())) { - var __match = "inport == ${json_name} && ip6 && " + var __match = i"inport == ${json_name} && ip6 && " "ip6.src == ${addr.match_network()} && " "ip.ttl == {0, 1} && !ip.later_frag" in - var actions = "icmp6 {" + var actions = i"icmp6 {" "eth.dst <-> eth.src; " "ip6.dst = ip6.src; " "ip6.src = ${addr.addr}; " @@ -5920,8 +5920,8 @@ function default_allow_flow(datapath: uuid, stage: Intern): Flow { Flow{.logical_datapath = datapath, .stage = stage, .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .io_port = None, .controller_meter = None, .stage_hint = 0} @@ -5943,8 +5943,8 @@ for (r in &Router(._uuid = lr_uuid)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = 120, - .__match = "nd_ns", - .actions = "next;", + .__match = i"nd_ns", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -5968,8 +5968,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_POST_UNDNAT(), .priority = 50, - .__match = "ip && ct.new", - .actions = "ct_commit { } ; next; ", + .__match = i"ip && ct.new", + .actions = i"ct_commit { } ; next; ", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -5977,8 +5977,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_UNDNAT(), .priority = 50, - .__match = "ip", - .actions = "flags.loopback = 1; ct_dnat;", + .__match = i"ip", + .actions = i"flags.loopback = 1; ct_dnat;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -5987,8 +5987,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr, .stage = s_ROUTER_OUT_SNAT(), .priority = 120, - .__match = "flags.skip_snat_for_lb == 1 && ip", - .actions = "next;", + .__match = i"flags.skip_snat_for_lb == 1 && ip", + .actions = i"next;", .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None) :- @@ -6054,8 +6054,8 @@ function lrouter_nat_add_ext_ip_match( Some{Flow{.logical_datapath = router._uuid, .stage = if (is_src) { s_ROUTER_IN_DNAT() } else { s_ROUTER_OUT_SNAT() }, .priority = priority, - .__match = "${__match} && ${ipX}.${dir} == $${__as.name}", - .actions = "next;", + .__match = i"${__match} && ${ipX}.${dir} == $${__as.name}", + .actions = i"next;", .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None}}) @@ -6070,8 +6070,8 @@ relation LogicalRouterForceSnatFlows( Flow(.logical_datapath = logical_router, .stage = s_ROUTER_IN_UNSNAT(), .priority = 110, - .__match = "${ipX} && ${ipX}.dst == ${ip}", - .actions = "ct_snat;", + .__match = i"${ipX} && ${ipX}.dst == ${ip}", + .actions = i"ct_snat;", .stage_hint = 0, .io_port = None, .controller_meter = None), @@ -6081,8 +6081,8 @@ Flow(.logical_datapath = logical_router, Flow(.logical_datapath = logical_router, .stage = s_ROUTER_OUT_SNAT(), .priority = 100, - .__match = "flags.force_snat_for_${context} == 1 && ${ipX}", - .actions = "ct_snat(${ip});", + .__match = i"flags.force_snat_for_${context} == 1 && ${ipX}", + .actions = i"ct_snat(${ip});", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -6101,8 +6101,8 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_UNSNAT(), .priority = 110, - .__match = "inport == ${rp.json_name} && ip4.dst == ${ipv4.addr}", - .actions = "ct_snat;", + .__match = i"inport == ${rp.json_name} && ip4.dst == ${ipv4.addr}", + .actions = i"ct_snat;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6110,8 +6110,8 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = 110, - .__match = "flags.force_snat_for_lb == 1 && ip4 && outport == ${rp.json_name}", - .actions = "ct_snat(${ipv4.addr});", + .__match = i"flags.force_snat_for_lb == 1 && ip4 && outport == ${rp.json_name}", + .actions = i"ct_snat(${ipv4.addr});", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6130,8 +6130,8 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_UNSNAT(), .priority = 110, - .__match = "inport == ${rp.json_name} && ip6.dst == ${ipv6.addr}", - .actions = "ct_snat;", + .__match = i"inport == ${rp.json_name} && ip6.dst == ${ipv6.addr}", + .actions = i"ct_snat;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6139,8 +6139,8 @@ for (rp in &RouterPort(.router = &Router{._uuid = lr_uuid, .options = lr_options Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = 110, - .__match = "flags.force_snat_for_lb == 1 && ip6 && outport == ${rp.json_name}", - .actions = "ct_snat(${ipv6.addr});", + .__match = i"flags.force_snat_for_lb == 1 && ip6 && outport == ${rp.json_name}", + .actions = i"ct_snat(${ipv6.addr});", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6204,14 +6204,14 @@ for (r in &Router(._uuid = lr_uuid, if (l3dgw_ports.is_empty()) { /* Gateway router. */ var actions = if (stateless) { - "${ipX}.dst=${nat.nat.logical_ip}; next;" + i"${ipX}.dst=${nat.nat.logical_ip}; next;" } else { - "ct_snat;" + i"ct_snat;" } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_UNSNAT(), .priority = 90, - .__match = "ip && ${ipX}.dst == ${nat.nat.external_ip}", + .__match = i"ip && ${ipX}.dst == ${nat.nat.external_ip}", .actions = actions, .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, @@ -6230,14 +6230,14 @@ for (r in &Router(._uuid = lr_uuid, " && is_chassis_resident(${json_string_escape(chassis_redirect_name(gwport.name))})" } else { "" } in var actions = if (stateless) { - "${ipX}.dst=${nat.nat.logical_ip}; next;" + i"${ipX}.dst=${nat.nat.logical_ip}; next;" } else { - "ct_snat;" + i"ct_snat;" } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_UNSNAT(), .priority = 100, - .__match = __match, + .__match = __match.intern(), .actions = actions, .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, @@ -6282,8 +6282,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_DNAT(), .priority = 100, - .__match = __match ++ ext_ip_match, - .actions = flag_action ++ nat_actions, + .__match = (__match ++ ext_ip_match).intern(), + .actions = (flag_action ++ nat_actions).intern(), .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6306,14 +6306,14 @@ for (r in &Router(._uuid = lr_uuid, Some{var f} = ext_flow in Flow[f]; var actions = if (stateless) { - "${ipX}.dst=${nat.nat.logical_ip}; next;" + i"${ipX}.dst=${nat.nat.logical_ip}; next;" } else { - "ct_dnat(${ip_and_ports});" + i"ct_dnat(${ip_and_ports});" } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_DNAT(), .priority = 100, - .__match = __match ++ ext_ip_match, + .__match = (__match ++ ext_ip_match).intern(), .actions = actions, .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, @@ -6325,20 +6325,20 @@ for (r in &Router(._uuid = lr_uuid, Some {var gwport} = l3dgw_ports.nth(0) in { var gwport_name = json_string_escape(gwport.name) in { if (nat.nat.__type == "snat") { - var __match = "inport == ${gwport_name} && " + var __match = i"inport == ${gwport_name} && " "${ipX}.src == ${nat.nat.external_ip}" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 120, .__match = __match, - .actions = "next;", + .actions = i"next;", .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) }; var nexthop_reg = "${xx}${rEG_NEXT_HOP()}" in - var __match = "outport == ${gwport_name} && " + var __match = i"outport == ${gwport_name} && " "${nexthop_reg} == ${nat.nat.external_ip}" in var dst_mac = match (mac) { Some{value} -> "${value}", @@ -6348,7 +6348,7 @@ for (r in &Router(._uuid = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, .__match = __match, - .actions = "eth.dst = ${dst_mac}; next;", + .actions = i"eth.dst = ${dst_mac}; next;", .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6385,8 +6385,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_UNDNAT(), .priority = 100, - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6414,15 +6414,15 @@ for (r in &Router(._uuid = lr_uuid, * nat->logical_ip with the longest mask gets a higher * priority. */ var actions = if (stateless) { - "${ipX}.src=${nat.nat.external_ip}; next;" + i"${ipX}.src=${nat.nat.external_ip}; next;" } else { - "ct_snat(${ip_and_ports});" + i"ct_snat(${ip_and_ports});" } in Some{var plen} = mask.cidr_bits() in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = plen as bit<64> + 1, - .__match = __match ++ ext_ip_match, + .__match = (__match ++ ext_ip_match).intern(), .actions = actions, .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, @@ -6462,8 +6462,8 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_SNAT(), .priority = priority + centralized_boost, - .__match = __match ++ ext_ip_match, - .actions = actions, + .__match = (__match ++ ext_ip_match).intern(), + .actions = actions.intern(), .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6479,13 +6479,13 @@ for (r in &Router(._uuid = lr_uuid, Some{var gwport} = l3dgw_ports.nth(0) in Some{var logical_port} = nat.nat.logical_port in var __match = - "eth.dst == ${mac_addr} && inport == ${json_string_escape(gwport.name)}" + i"eth.dst == ${mac_addr} && inport == ${json_string_escape(gwport.name)}" " && is_chassis_resident(${json_string_escape(logical_port)})" in /* Store the ethernet address of the port receiving the packet. * This will save us from having to match on inport further * down in the pipeline. */ - var actions = "${rEG_INPORT_ETH_ADDR()} = ${gwport.mac}; next;" in + var actions = i"${rEG_INPORT_ETH_ADDR()} = ${gwport.mac}; next;" in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ADMISSION(), .priority = 50, @@ -6508,11 +6508,11 @@ for (r in &Router(._uuid = lr_uuid, Some{var logical_port} = nat.nat.logical_port in Some{var external_mac} = nat.nat.external_mac in var __match = - "${ipX}.src == ${nat.nat.logical_ip} && " + i"${ipX}.src == ${nat.nat.logical_ip} && " "outport == ${json_string_escape(gwport.name)} && " "is_chassis_resident(${json_string_escape(logical_port)})" in var actions = - "eth.src = ${external_mac}; " + i"eth.src = ${external_mac}; " "${xx}${rEG_SRC()} = ${nat.nat.external_ip}; " "next;" in Flow(.logical_datapath = lr_uuid, @@ -6529,9 +6529,9 @@ for (r in &Router(._uuid = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_GW_REDIRECT(), .priority = 80, - .__match = "${ipX}.src == ${nat.nat.logical_ip} && " + .__match = i"${ipX}.src == ${nat.nat.logical_ip} && " "outport == ${json_string_escape(gwport.name)}", - .actions = "drop;", + .actions = i"drop;", .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6551,7 +6551,7 @@ for (r in &Router(._uuid = lr_uuid, }, None -> Some{json_string_escape(chassis_redirect_name(gwport.name))} } in - var __match = "${ipX}.dst == ${nat.nat.external_ip} && outport == ${json_string_escape(gwport.name)} && is_chassis_resident(${port})" in + var __match = i"${ipX}.dst == ${nat.nat.external_ip} && outport == ${json_string_escape(gwport.name)} && is_chassis_resident(${port})" in var regs = { var regs = vec_empty(); for (j in range_vec(0, mFF_N_LOG_REGS(), 01)) { @@ -6571,7 +6571,7 @@ for (r in &Router(._uuid = lr_uuid, .stage = s_ROUTER_OUT_EGR_LOOP(), .priority = 100, .__match = __match, - .actions = actions, + .actions = actions.intern(), .stage_hint = stage_hint(nat.nat._uuid), .io_port = None, .controller_meter = None) @@ -6656,7 +6656,7 @@ for (RouterLBVIP( } in var __match = match1 ++ match2 in var xx = ip_address.xxreg() in - var __actions = "${xx}${rEG_NEXT_HOP()} = ${ip_address}; ct_dnat;" in + var __actions = i"${xx}${rEG_NEXT_HOP()} = ${ip_address}; ct_dnat;" in /* One of these flows must be created for each unique LB VIP address. * We create one for each VIP:port pair; flows with the same IP and * different port numbers will produce identical flows that will @@ -6664,7 +6664,7 @@ for (RouterLBVIP( Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_DEFRAG(), .priority = prio, - .__match = __match, + .__match = __match.intern(), .actions = __actions, .stage_hint = stage_hint(lb._uuid), .io_port = None, @@ -6703,14 +6703,14 @@ for (RouterLBVIP( } in var actions = match (snat_for_lb) { - SkipSNAT -> "flags.skip_snat_for_lb = 1; next;", - ForceSNAT -> "flags.force_snat_for_lb = 1; next;", - _ -> "next;" + SkipSNAT -> i"flags.skip_snat_for_lb = 1; next;", + ForceSNAT -> i"flags.force_snat_for_lb = 1; next;", + _ -> i"next;" } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_DNAT(), .priority = prio, - .__match = est_match, + .__match = est_match.intern(), .actions = actions, .stage_hint = stage_hint(lb._uuid), .io_port = None, @@ -6734,8 +6734,8 @@ for (RouterLBVIP( Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_UNSNAT(), .priority = 120, - .__match = match3, - .actions = "next;", + .__match = match3.intern(), + .actions = i"next;", .stage_hint = stage_hint(lb._uuid), .io_port = None, .controller_meter = None) @@ -6769,14 +6769,14 @@ for (RouterLBVIP( "is_chassis_resident(${json_string_escape(chassis_redirect_name(gwport.name))})" in var action = match (snat_for_lb) { - SkipSNAT -> "flags.skip_snat_for_lb = 1; ct_dnat;", - ForceSNAT -> "flags.force_snat_for_lb = 1; ct_dnat;", - _ -> "ct_dnat;" + SkipSNAT -> i"flags.skip_snat_for_lb = 1; ct_dnat;", + ForceSNAT -> i"flags.force_snat_for_lb = 1; ct_dnat;", + _ -> i"ct_dnat;" } in Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_UNDNAT(), .priority = 120, - .__match = undnat_match, + .__match = undnat_match.intern(), .actions = action, .stage_hint = stage_hint(lb._uuid), .io_port = None, @@ -6793,8 +6793,8 @@ for (RouterLBVIP( Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_DNAT(), .priority = priority, - .__match = __match, - .actions = actions, + .__match = __match.intern(), + .actions = actions.intern(), .io_port = None, .controller_meter = meter, .stage_hint = stage_hint(lb._uuid)) :- @@ -6939,7 +6939,7 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non (add_rs_response_flow, prefix) } in { - var __match = "inport == ${json_name} && ip6.dst == ff02::2 && nd_rs" in + var __match = i"inport == ${json_name} && ip6.dst == ff02::2 && nd_rs" in /* As per RFC 2460, 1280 is minimum IPv6 MTU. */ var mtu = match(lrp.ipv6_ra_configs.get("mtu")) { Some{mtu_s} -> { @@ -6965,15 +6965,15 @@ for (&RouterPort[port@RouterPort{.lrp = lrp@&nb::Logical_Router_Port{.peer = Non .stage = s_ROUTER_IN_ND_RA_OPTIONS(), .priority = 50, .__match = __match, - .actions = actions, + .actions = actions.intern(), .io_port = None, .controller_meter = router.copp.get(cOPP_ND_RA_OPTS()), .stage_hint = stage_hint(lrp._uuid)); - var __match = "inport == ${json_name} && ip6.dst == ff02::2 && " + var __match = i"inport == ${json_name} && ip6.dst == ff02::2 && " "nd_ra && ${rEGBIT_ND_RA_OPTS_RESULT()}" in var ip6_str = networks.ea.to_ipv6_lla().string_mapped() in - var actions = "eth.dst = eth.src; eth.src = ${networks.ea}; " + var actions = i"eth.dst = eth.src; eth.src = ${networks.ea}; " "ip6.dst = ip6.src; ip6.src = ${ip6_str}; " "outport = inport; flags.loopback = 1; " "output;" in @@ -6997,16 +6997,16 @@ for (&Router(._uuid = lr_uuid)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ND_RA_OPTIONS(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ND_RA_RESPONSE(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -7058,7 +7058,7 @@ for (Route(.port = port, None -> "${ipX}.dst" } in var actions = - "${rEG_ECMP_GROUP_ID()} = 0; " + i"${rEG_ECMP_GROUP_ID()} = 0; " "${xx}${rEG_NEXT_HOP()} = ${nexthop}; " "${xx}${rEG_SRC()} = ${src_ip}; " "eth.src = ${port.networks.ea}; " @@ -7069,8 +7069,8 @@ for (Route(.port = port, Flow(.logical_datapath = port.router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = priority as integer, - .__match = __match, - .actions = "ip.ttl--; ${actions}", + .__match = __match.intern(), + .actions = i"ip.ttl--; ${actions}", .stage_hint = stage_hint(port.lrp._uuid), .io_port = None, .controller_meter = None); @@ -7079,7 +7079,7 @@ for (Route(.port = port, Flow(.logical_datapath = port.router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = priority as integer + 1, - .__match = "${__match} && udp.dst == 3784", + .__match = i"${__match} && udp.dst == 3784", .actions = actions, .stage_hint = stage_hint(port.lrp._uuid), .io_port = None, @@ -7092,8 +7092,8 @@ for (Route(.port = port, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = priority as integer, - .__match = ip_match, - .actions = "drop;", + .__match = ip_match.intern(), + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -7128,8 +7128,8 @@ Route(key, port, src_ip, None) :- Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_IP_ROUTING_ECMP(), .priority = 150, - .__match = "${rEG_ECMP_GROUP_ID()} == 0", - .actions = "next;", + .__match = i"${rEG_ECMP_GROUP_ID()} == 0", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -7211,7 +7211,7 @@ EcmpGroup(group_id, router, key, dsts, route_match, route_priority) :- Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = route_priority, - .__match = route_match, + .__match = route_match.intern(), .actions = actions, .stage_hint = 0, .io_port = None, @@ -7225,7 +7225,7 @@ Flow(.logical_datapath = router._uuid, member_ids.join(", ") }, var actions = - "ip.ttl--; " + i"ip.ttl--; " "flags.loopback = 1; " "${rEG_ECMP_GROUP_ID()} = ${group_id}; " /* XXX */ "${rEG_ECMP_MEMBER_ID()} = select(${all_member_ids});". @@ -7242,9 +7242,9 @@ Flow(.logical_datapath = router._uuid, var member_id_and_dst = FlatMap(numbered_vec(dsts)), (var member_id, var dst) = member_id_and_dst, var xx = dst.nexthop.xxreg(), - var __match = "${rEG_ECMP_GROUP_ID()} == ${group_id} && " + var __match = i"${rEG_ECMP_GROUP_ID()} == ${group_id} && " "${rEG_ECMP_MEMBER_ID()} == ${member_id}", - var actions = "${xx}${rEG_NEXT_HOP()} = ${dst.nexthop}; " + var actions = i"${xx}${rEG_NEXT_HOP()} = ${dst.nexthop}; " "${xx}${rEG_SRC()} = ${dst.src_ip}; " "eth.src = ${dst.port.networks.ea}; " "outport = ${dst.port.json_name}; " @@ -7269,12 +7269,12 @@ Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_DEFRAG(), .priority = 100, .__match = __match, - .actions = "ct_next;", + .actions = i"ct_next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, _), - var __match = "inport == ${dst.port.json_name} && ${route_match}". + var __match = i"inport == ${dst.port.json_name} && ${route_match}". /* And packets that go out over an ECMP route need conntrack. XXX this seems to exactly duplicate the above flow? */ @@ -7291,9 +7291,9 @@ Flow(.logical_datapath = router._uuid, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), - var __match = "inport == ${dst.port.json_name} && ${route_match} && " + var __match = i"inport == ${dst.port.json_name} && ${route_match} && " "(ct.new && !ct.est)", - var actions = "ct_commit { ct_label.ecmp_reply_eth = eth.src;" + var actions = i"ct_commit { ct_label.ecmp_reply_eth = eth.src;" " ct_label.ecmp_reply_port = ${tunkey};}; next;". /* Bypass ECMP selection if we already have ct_label information @@ -7302,8 +7302,8 @@ Flow(.logical_datapath = router._uuid, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = 300, - .__match = "${ecmp_reply} && ${route_match}", - .actions = "ip.ttl--; " + .__match = i"${ecmp_reply} && ${route_match}", + .actions = i"ip.ttl--; " "flags.loopback = 1; " "eth.src = ${dst.port.networks.ea}; " "${xx}reg1 = ${dst.src_ip}; " @@ -7317,7 +7317,7 @@ Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = 65535, .__match = ecmp_reply, - .actions = "next;", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None), @@ -7325,12 +7325,12 @@ Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 200, .__match = ecmp_reply, - .actions = "eth.dst = ct_label.ecmp_reply_eth; next;", + .actions = i"eth.dst = ct_label.ecmp_reply_eth; next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- EcmpSymmetricReply(router, dst, route_match, tunkey), - var ecmp_reply = "ct.rpl && ct_label.ecmp_reply_port == ${tunkey}", + var ecmp_reply = i"ct.rpl && ct_label.ecmp_reply_port == ${tunkey}", var xx = dst.nexthop.xxreg(). @@ -7343,8 +7343,8 @@ Flow(.logical_datapath = router._uuid, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = 550, - .__match = "nd_rs || nd_ra", - .actions = "drop;", + .__match = i"nd_rs || nd_ra", + .actions = i"drop;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -7370,9 +7370,9 @@ for (IgmpRouterMulticastGroup(address, rtr, ports)) { Flow(.logical_datapath = rtr._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = 500, - .__match = "${ipX} && ${ipX}.dst == ${address} ", + .__match = i"${ipX} && ${ipX}.dst == ${address} ", .actions = - "${static_act}outport = ${json_string_escape(address)}; " + i"${static_act}outport = ${json_string_escape(address)}; " "ip.ttl--; next;", .stage_hint = 0, .io_port = None, @@ -7387,18 +7387,18 @@ for (RouterMcastFloodPorts(rtr, flood_ports) if rtr.mcast_cfg.relay) { var mc_static = json_string_escape(mC_STATIC().0) in var flood_static = not flood_ports.is_empty() in var actions = if (flood_static) { - "clone { " + i"clone { " "outport = ${mc_static}; " "ip.ttl--; " "next; " "};" } else { - "drop;" + i"drop;" } in Flow(.logical_datapath = rtr._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), .priority = 450, - .__match = "ip4.mcast || ip6.mcast", + .__match = i"ip4.mcast || ip6.mcast", .actions = actions, .stage_hint = 0, .io_port = None, @@ -7420,8 +7420,8 @@ for (&Router(._uuid = lr_uuid)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_POLICY(), .priority = 0, - .__match = "1", - .actions = "${rEG_ECMP_GROUP_ID()} = 0; next;", + .__match = i"1", + .actions = i"${rEG_ECMP_GROUP_ID()} = 0; next;", .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -7429,8 +7429,8 @@ for (&Router(._uuid = lr_uuid)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_POLICY_ECMP(), .priority = 150, - .__match = "${rEG_ECMP_GROUP_ID()} == 0", - .actions = "next;", + .__match = i"${rEG_ECMP_GROUP_ID()} == 0", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -7448,8 +7448,8 @@ function pkt_mark_policy(options: Map): string { Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = policy.priority, - .__match = policy.__match, - .actions = actions, + .__match = policy.__match.intern(), + .actions = actions.intern(), .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- @@ -7512,7 +7512,7 @@ Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_POLICY_ECMP(), .priority = 100, .__match = __match, - .actions = actions, + .actions = actions.intern(), .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- @@ -7532,12 +7532,12 @@ Flow(.logical_datapath = r._uuid, "outport = ${out_port.json_name}; " "flags.loopback = 1; " "next;"), - var __match = ("${rEG_ECMP_GROUP_ID()} == ${ecmp_group_id} && " - "${rEG_ECMP_MEMBER_ID()} == ${member_id}"). + var __match = i"${rEG_ECMP_GROUP_ID()} == ${ecmp_group_id} && " + "${rEG_ECMP_MEMBER_ID()} == ${member_id}". Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = policy.priority, - .__match = policy.__match, + .__match = policy.__match.intern(), .actions = actions, .stage_hint = stage_hint(policy._uuid), .io_port = None, @@ -7551,14 +7551,14 @@ Flow(.logical_datapath = r._uuid, }; member_ids.join(", ") }, - var actions = ("${rEG_ECMP_GROUP_ID()} = ${ecmp_group_id}; " - "${rEG_ECMP_MEMBER_ID()} = select(${member_ids});"). + var actions = i"${rEG_ECMP_GROUP_ID()} = ${ecmp_group_id}; " + "${rEG_ECMP_MEMBER_ID()} = select(${member_ids});". Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = policy.priority, - .__match = policy.__match, - .actions = "drop;", + .__match = policy.__match.intern(), + .actions = i"drop;", .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- @@ -7569,8 +7569,8 @@ Flow(.logical_datapath = r._uuid, Flow(.logical_datapath = r._uuid, .stage = s_ROUTER_IN_POLICY(), .priority = policy.priority, - .__match = policy.__match, - .actions = pkt_mark_policy(policy.options) ++ "${rEG_ECMP_GROUP_ID()} = 0; next;", + .__match = policy.__match.intern(), + .actions = (pkt_mark_policy(policy.options) ++ "${rEG_ECMP_GROUP_ID()} = 0; next;").intern(), .stage_hint = stage_hint(policy._uuid), .io_port = None, .controller_meter = None) :- @@ -7591,8 +7591,8 @@ for (&Router(._uuid = lr_uuid)) { Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 500, - .__match = "ip4.mcast || ip6.mcast", - .actions = "next;", + .__match = i"ip4.mcast || ip6.mcast", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -7628,8 +7628,8 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = __match, - .actions = "eth.dst = ${networks.ea}; next;", + .__match = __match.intern(), + .actions = i"eth.dst = ${networks.ea}; next;", .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) @@ -7642,8 +7642,8 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = __match, - .actions = "eth.dst = ${networks.ea}; next;", + .__match = __match.intern(), + .actions = i"eth.dst = ${networks.ea}; next;", .stage_hint = stage_hint(rp.lrp._uuid), .io_port = None, .controller_meter = None) @@ -7660,9 +7660,9 @@ for (rp in &RouterPort(.peer = PeerRouter{peer_port, _}, Flow(.logical_datapath = router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 50, - .__match = "outport == ${rp.json_name} && " + .__match = i"outport == ${rp.json_name} && " "!is_chassis_resident(${json_string_escape(chassis_redirect_name(l3dgw_port.name))})", - .actions = "eth.dst = ${rp.networks.ea}; next;", + .actions = i"eth.dst = ${rp.networks.ea}; next;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) :- @@ -7680,8 +7680,8 @@ Flow(.logical_datapath = router._uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 1, - .__match = "ip4.dst == {" ++ match_ips.join(", ") ++ "}", - .actions = "drop;", + .__match = ("ip4.dst == {" ++ match_ips.join(", ") ++ "}").intern(), + .actions = i"drop;", .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- @@ -7695,8 +7695,8 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 1, - .__match = "ip6.dst == {" ++ match_ips.join(", ") ++ "}", - .actions = "drop;", + .__match = ("ip6.dst == {" ++ match_ips.join(", ") ++ "}").intern(), + .actions = i"drop;", .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None) :- @@ -7714,8 +7714,8 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = peer.router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer.json_name} && " ++ rEG_NEXT_HOP() ++ " == {${ips}}", - .actions = "eth.dst = ${addr.ea}; next;", + .__match = ("outport == ${peer.json_name} && " ++ rEG_NEXT_HOP() ++ " == {${ips}}").intern(), + .actions = i"eth.dst = ${addr.ea}; next;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) :- @@ -7745,9 +7745,9 @@ for (SwitchPortIPv4Address( Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer.json_name} && " + .__match = i"outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${addr.addr}", - .actions = "eth.dst = ${ea}; next;", + .actions = i"eth.dst = ${ea}; next;", .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) @@ -7767,9 +7767,9 @@ for (SwitchPortIPv6Address( Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer.json_name} && " + .__match = i"outport == ${peer.json_name} && " "xx${rEG_NEXT_HOP()} == ${addr.addr}", - .actions = "eth.dst = ${ea}; next;", + .actions = i"eth.dst = ${ea}; next;", .stage_hint = stage_hint(lsp._uuid), .io_port = None, .controller_meter = None) @@ -7799,9 +7799,9 @@ function is_empty_set_or_string(s: Option): bool = { Flow(.logical_datapath = peer.router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer.json_name} && " + .__match = i"outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", - .actions = "eth.dst = 00:00:00:00:00:00; next;", + .actions = i"eth.dst = 00:00:00:00:00:00; next;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- @@ -7816,9 +7816,9 @@ Flow(.logical_datapath = peer.router._uuid, Flow(.logical_datapath = peer.router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer.json_name} && " + .__match = i"outport == ${peer.json_name} && " "${rEG_NEXT_HOP()} == ${virtual_ip}", - .actions = "eth.dst = ${address.ea}; next;", + .actions = i"eth.dst = ${address.ea}; next;", .stage_hint = stage_hint(sp.lsp._uuid), .io_port = None, .controller_meter = None) :- @@ -7855,9 +7855,9 @@ for (&SwitchPort(.lsp = lsp1, Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer1.json_name} && " + .__match = i"outport == ${peer1.json_name} && " "${rEG_NEXT_HOP()} == ${format_v4_networks(peer2.networks, false)}", - .actions = "eth.dst = ${peer2.networks.ea}; next;", + .actions = i"eth.dst = ${peer2.networks.ea}; next;", .stage_hint = stage_hint(lsp1._uuid), .io_port = None, .controller_meter = None) @@ -7867,9 +7867,9 @@ for (&SwitchPort(.lsp = lsp1, Flow(.logical_datapath = peer_router._uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 100, - .__match = "outport == ${peer1.json_name} && " + .__match = i"outport == ${peer1.json_name} && " "xx${rEG_NEXT_HOP()} == ${format_v6_networks(peer2.networks)}", - .actions = "eth.dst = ${peer2.networks.ea}; next;", + .actions = i"eth.dst = ${peer2.networks.ea}; next;", .stage_hint = stage_hint(lsp1._uuid), .io_port = None, .controller_meter = None) @@ -7882,16 +7882,16 @@ for (&Router(._uuid = lr_uuid)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 0, - .__match = "ip4", - .actions = "get_arp(outport, ${rEG_NEXT_HOP()}); next;", + .__match = i"ip4", + .actions = i"get_arp(outport, ${rEG_NEXT_HOP()}); next;", .stage_hint = 0, .io_port = None, .controller_meter = None); Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_RESOLVE(), .priority = 0, - .__match = "ip6", - .actions = "get_nd(outport, xx${rEG_NEXT_HOP()}); next;", + .__match = i"ip6", + .actions = i"get_nd(outport, xx${rEG_NEXT_HOP()}); next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -7913,8 +7913,8 @@ for (&Router(._uuid = lr_uuid)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_CHK_PKT_LEN(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -7922,8 +7922,8 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LARGER_PKTS(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) :- @@ -7931,8 +7931,8 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_CHK_PKT_LEN(), .priority = 50, - .__match = "outport == ${gw_mtu_rp.json_name}", - .actions = "${rEGBIT_PKT_LARGER()} = check_pkt_larger(${mtu}); " + .__match = i"outport == ${gw_mtu_rp.json_name}", + .actions = i"${rEGBIT_PKT_LARGER()} = check_pkt_larger(${mtu}); " "next;", .stage_hint = stage_hint(gw_mtu_rp.lrp._uuid), .io_port = None, @@ -7945,9 +7945,9 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LARGER_PKTS(), .priority = 150, - .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip4 && " + .__match = i"inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip4 && " "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp4_error {" + .actions = i"icmp4_error {" "${rEGBIT_EGRESS_LOOPBACK()} = 1; " "${rEGBIT_PKT_LARGER()} = 0; " "eth.dst = ${rp.networks.ea}; " @@ -7975,9 +7975,9 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 150, - .__match = "inport == ${rp.json_name} && ip4 && " + .__match = i"inport == ${rp.json_name} && ip4 && " "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp4_error {" + .actions = i"icmp4_error {" "${rEGBIT_EGRESS_LOOPBACK()} = 1; " "${rEGBIT_PKT_LARGER()} = 0; " "eth.dst = ${rp.networks.ea}; " @@ -8005,9 +8005,9 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_LARGER_PKTS(), .priority = 150, - .__match = "inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip6 && " + .__match = i"inport == ${rp.json_name} && outport == ${gw_mtu_rp.json_name} && ip6 && " "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp6_error {" + .actions = i"icmp6_error {" "${rEGBIT_EGRESS_LOOPBACK()} = 1; " "${rEGBIT_PKT_LARGER()} = 0; " "eth.dst = ${rp.networks.ea}; " @@ -8035,9 +8035,9 @@ Flow(.logical_datapath = lr_uuid, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 150, - .__match = "inport == ${rp.json_name} && ip6 && " + .__match = i"inport == ${rp.json_name} && ip6 && " "${rEGBIT_PKT_LARGER()} && ${rEGBIT_EGRESS_LOOPBACK()} == 0", - .actions = "icmp6_error {" + .actions = i"icmp6_error {" "${rEGBIT_EGRESS_LOOPBACK()} = 1; " "${rEGBIT_PKT_LARGER()} = 0; " "eth.dst = ${rp.networks.ea}; " @@ -8079,8 +8079,8 @@ for (&Router(._uuid = lr_uuid)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_GW_REDIRECT(), .priority = 50, - .__match = "outport == ${json_string_escape(lrp.name)}", - .actions = "outport = ${json_string_escape(chassis_redirect_name(lrp.name))}; next;", + .__match = i"outport == ${json_string_escape(lrp.name)}", + .actions = i"outport = ${json_string_escape(chassis_redirect_name(lrp.name))}; next;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) @@ -8090,8 +8090,8 @@ for (&Router(._uuid = lr_uuid)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_GW_REDIRECT(), .priority = 0, - .__match = "1", - .actions = "next;", + .__match = i"1", + .actions = i"next;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -8113,12 +8113,12 @@ Flow(.logical_datapath = router._uuid, rsr in RouterStaticRoute(.router = router), var dst = FlatMap(rsr.dsts), IPv6{var gw_ip6} = dst.nexthop, - var __match = "eth.dst == 00:00:00:00:00:00 && " + var __match = i"eth.dst == 00:00:00:00:00:00 && " "ip6 && xx${rEG_NEXT_HOP()} == ${dst.nexthop}", var sn_addr = gw_ip6.solicited_node(), var eth_dst = sn_addr.multicast_to_ethernet(), var sn_addr_s = sn_addr.string_mapped(), - var actions = "nd_ns { " + var actions = i"nd_ns { " "eth.dst = ${eth_dst}; " "ip6.dst = ${sn_addr_s}; " "nd.target = ${dst.nexthop}; " @@ -8130,8 +8130,8 @@ for (&Router(._uuid = lr_uuid, .copp = copp)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), .priority = 100, - .__match = "eth.dst == 00:00:00:00:00:00 && ip4", - .actions = "arp { " + .__match = i"eth.dst == 00:00:00:00:00:00 && ip4", + .actions = i"arp { " "eth.dst = ff:ff:ff:ff:ff:ff; " "arp.spa = ${rEG_SRC()}; " "arp.tpa = ${rEG_NEXT_HOP()}; " @@ -8145,8 +8145,8 @@ for (&Router(._uuid = lr_uuid, .copp = copp)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), .priority = 100, - .__match = "eth.dst == 00:00:00:00:00:00 && ip6", - .actions = "nd_ns { " + .__match = i"eth.dst == 00:00:00:00:00:00 && ip6", + .actions = i"nd_ns { " "nd.target = xx${rEG_NEXT_HOP()}; " "output; " "};", @@ -8157,8 +8157,8 @@ for (&Router(._uuid = lr_uuid, .copp = copp)) Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_ARP_REQUEST(), .priority = 0, - .__match = "1", - .actions = "output;", + .__match = i"1", + .actions = i"output;", .stage_hint = 0, .io_port = None, .controller_meter = None) @@ -8183,9 +8183,9 @@ for (&RouterPort(.lrp = lrp, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_DELIVERY(), .priority = 110, - .__match = "(ip4.mcast || ip6.mcast) && " + .__match = i"(ip4.mcast || ip6.mcast) && " "outport == ${json_name}", - .actions = "eth.src = ${lrp_networks.ea}; output;", + .actions = i"eth.src = ${lrp_networks.ea}; output;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) @@ -8198,8 +8198,8 @@ for (&RouterPort(.lrp = lrp, Flow(.logical_datapath = lr_uuid, .stage = s_ROUTER_OUT_DELIVERY(), .priority = 100, - .__match = "outport == ${json_name}", - .actions = "output;", + .__match = i"outport == ${json_name}", + .actions = i"output;", .stage_hint = stage_hint(lrp._uuid), .io_port = None, .controller_meter = None) @@ -8839,16 +8839,16 @@ function lrouter_bfd_flows(lr_uuid: uuid, (Flow{.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 110, - .__match = "${ipX}.src == ${networks} && udp.dst == 3784", - .actions = "next; ", + .__match = i"${ipX}.src == ${networks} && udp.dst == 3784", + .actions = i"next; ", .stage_hint = stage_hint(lrp_uuid), .io_port = None, .controller_meter = None}, Flow{.logical_datapath = lr_uuid, .stage = s_ROUTER_IN_IP_INPUT(), .priority = 110, - .__match = "${ipX}.dst == ${networks} && udp.dst == 3784", - .actions = "handle_bfd_msg(); ", + .__match = i"${ipX}.dst == ${networks} && udp.dst == 3784", + .actions = i"handle_bfd_msg(); ", .io_port = None, .controller_meter = controller_meter, .stage_hint = stage_hint(lrp_uuid)}) From patchwork Thu Aug 12 15:53:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516365 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrq31MChz9sX1 for ; Fri, 13 Aug 2021 01:54:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 90E7F61430; Thu, 12 Aug 2021 15:54:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Ps3Xtmyukho; Thu, 12 Aug 2021 15:54:30 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id BF4536002E; Thu, 12 Aug 2021 15:54:28 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0B6C3C002F; Thu, 12 Aug 2021 15:54:25 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6E0DCC0022 for ; Thu, 12 Aug 2021 15:54:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id C060F401CE for ; Thu, 12 Aug 2021 15:54:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4vMIQR0OC59 for ; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp2.osuosl.org (Postfix) with ESMTPS id A98AA40758 for ; Thu, 12 Aug 2021 15:54:20 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id EE434100009; Thu, 12 Aug 2021 15:54:17 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:56 -0700 Message-Id: <20210812155358.3141517-6-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 5/7] ovn-northd-ddlog: Get rid of duplicate flows caused by stage_hint. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff It was possible for these rules to generate multiple Flow records that differed only in their stage_hint. This caused a lot of duplication for the load balancer benchmark. With the benchmark at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html, this reduces memory consumption from 53 GB to 17 GB and elapsed time from 14 minutes to 5 minutes. Signed-off-by: Ben Pfaff Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index dd69126ff..38b97aa6b 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -3163,7 +3163,7 @@ Flow(.logical_datapath = sw._uuid, .actions = actions.intern(), .io_port = None, .controller_meter = meter, - .stage_hint = stage_hint(lb._uuid)) :- + .stage_hint = 0) :- sw in &Switch(), LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], sw.load_balancer.contains(lb._uuid), @@ -4587,7 +4587,7 @@ Flow(.logical_datapath = sw._uuid, .priority = 90, .__match = i"${fLAGBIT_NOT_VXLAN()} && arp.op == 1 && arp.tpa == ${ipv4}", .actions = i"outport = ${flood}; output;", - .stage_hint = stage_hint(sp.lsp._uuid), + .stage_hint = 0, .io_port = None, .controller_meter = None) :- sp in &SwitchPort(.sw = sw, .peer = Some{rp}), @@ -6666,7 +6666,7 @@ for (RouterLBVIP( .priority = prio, .__match = __match.intern(), .actions = __actions, - .stage_hint = stage_hint(lb._uuid), + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6712,7 +6712,7 @@ for (RouterLBVIP( .priority = prio, .__match = est_match.intern(), .actions = actions, - .stage_hint = stage_hint(lb._uuid), + .stage_hint = 0, .io_port = None, .controller_meter = None); @@ -6797,7 +6797,7 @@ Flow(.logical_datapath = r._uuid, .actions = actions.intern(), .io_port = None, .controller_meter = meter, - .stage_hint = stage_hint(lb._uuid)) :- + .stage_hint = 0) :- r in &Router(), r.l3dgw_ports.len() > 0 or r.is_gateway, LBVIPWithStatus[lbvip@&LBVIPWithStatus{.lb = lb}], From patchwork Thu Aug 12 15:53:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516367 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Glrq74nqZz9sX1 for ; Fri, 13 Aug 2021 01:54:43 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id A317360790; Thu, 12 Aug 2021 15:54:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ao8kvxLvyN5T; Thu, 12 Aug 2021 15:54:37 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id C84786142E; Thu, 12 Aug 2021 15:54:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 19CD8C002E; Thu, 12 Aug 2021 15:54:29 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 77921C0033 for ; Thu, 12 Aug 2021 15:54:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 419A880D95 for ; Thu, 12 Aug 2021 15:54:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SiOA_ZG5R3i for ; Thu, 12 Aug 2021 15:54:24 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp1.osuosl.org (Postfix) with ESMTPS id 5B8F680D16 for ; Thu, 12 Aug 2021 15:54:22 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id A587210000D; Thu, 12 Aug 2021 15:54:19 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:57 -0700 Message-Id: <20210812155358.3141517-7-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 6/7] ovn-northd-ddlog: Intern nb::Logical_Switch. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff With the benchmark at https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385333.html, this reduces memory consumption by 300 MB and elapsed time by a few seconds. Signed-off-by: Ben Pfaff --- northd/ipam.dl | 2 +- northd/lswitch.dl | 36 ++++++++++++++++++------------------ northd/multicast.dl | 2 +- northd/ovn-nb.dlopts | 1 + northd/ovn_northd.dl | 16 ++++++++-------- 5 files changed, 29 insertions(+), 28 deletions(-) diff --git a/northd/ipam.dl b/northd/ipam.dl index da71b2872..4665a28cb 100644 --- a/northd/ipam.dl +++ b/northd/ipam.dl @@ -187,7 +187,7 @@ SwitchIPv4ReservedAddresses(lswitch, addrs) :- var addrs = addr.group_by(lswitch).to_set(). SwitchIPv4ReservedAddresses(lswitch_uuid, set_empty()) :- - nb::Logical_Switch(._uuid = lswitch_uuid), + &nb::Logical_Switch(._uuid = lswitch_uuid), not SwitchIPv4ReservedAddress(lswitch_uuid, _). /* Allocate dynamic IP addresses for ports that require them: diff --git a/northd/lswitch.dl b/northd/lswitch.dl index 7e7b62a4d..868ae115f 100644 --- a/northd/lswitch.dl +++ b/northd/lswitch.dl @@ -44,7 +44,7 @@ SwitchRouterPeerRef(lsp, None) :- * (Use LogicalSwitchPort instead, which guarantees uniqueness.) */ relation LogicalSwitchPortCandidate(lsp_uuid: uuid, ls_uuid: uuid) LogicalSwitchPortCandidate(lsp_uuid, ls_uuid) :- - nb::Logical_Switch(._uuid = ls_uuid, .ports = ports), + &nb::Logical_Switch(._uuid = ls_uuid, .ports = ports), var lsp_uuid = FlatMap(ports). Warning[message] :- LogicalSwitchPortCandidate(lsp_uuid, ls_uuid), @@ -74,7 +74,7 @@ LogicalSwitchPortWithUnknownAddress(ls_uuid, lsp_uuid) :- output relation LogicalSwitchHasUnknownPorts(ls: uuid, has_unknown: bool) LogicalSwitchHasUnknownPorts(ls, true) :- LogicalSwitchPortWithUnknownAddress(ls, _). LogicalSwitchHasUnknownPorts(ls, false) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchPortWithUnknownAddress(ls, _). /* PortStaticAddresses: static IP addresses associated with each Logical_Switch_Port */ @@ -101,11 +101,11 @@ PortInGroup(port, group) :- relation LogicalSwitchACL(ls: uuid, acl: uuid) LogicalSwitchACL(ls, acl) :- - nb::Logical_Switch(._uuid = ls, .acls = acls), + &nb::Logical_Switch(._uuid = ls, .acls = acls), var acl = FlatMap(acls). LogicalSwitchACL(ls, acl) :- - nb::Logical_Switch(._uuid = ls, .ports = ports), + &nb::Logical_Switch(._uuid = ls, .ports = ports), var port_id = FlatMap(ports), PortInGroup(port_id, group_id), nb::Port_Group(._uuid = group_id, .acls = acls), @@ -125,7 +125,7 @@ LogicalSwitchHasStatefulACL(ls, true) :- LogicalSwitchStatefulACL(ls, _). LogicalSwitchHasStatefulACL(ls, false) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchStatefulACL(ls, _). // "Pitfalls of projections" in ddlog-new-feature.rst explains why this @@ -136,7 +136,7 @@ LogicalSwitchHasACLs(ls, true) :- LogicalSwitchACL(ls, _). LogicalSwitchHasACLs(ls, false) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchACL(ls, _). /* @@ -146,7 +146,7 @@ LogicalSwitchHasACLs(ls, false) :- */ relation LogicalSwitchLocalnetPort0(ls_uuid: uuid, lsp: (uuid, string)) LogicalSwitchLocalnetPort0(ls_uuid, (lsp_uuid, lsp.name)) :- - ls in nb::Logical_Switch(._uuid = ls_uuid), + ls in &nb::Logical_Switch(._uuid = ls_uuid), var lsp_uuid = FlatMap(ls.ports), lsp in &nb::Logical_Switch_Port(._uuid = lsp_uuid), lsp.__type == "localnet". @@ -156,7 +156,7 @@ LogicalSwitchLocalnetPorts(ls_uuid, localnet_ports) :- LogicalSwitchLocalnetPort0(ls_uuid, lsp), var localnet_ports = lsp.group_by(ls_uuid).to_vec(). LogicalSwitchLocalnetPorts(ls_uuid, vec_empty()) :- - ls in nb::Logical_Switch(), + ls in &nb::Logical_Switch(), var ls_uuid = ls._uuid, not LogicalSwitchLocalnetPort0(ls_uuid, _). @@ -164,7 +164,7 @@ LogicalSwitchLocalnetPorts(ls_uuid, vec_empty()) :- relation LogicalSwitchDNS(ls_uuid: uuid, dns_uuid: uuid) LogicalSwitchDNS(ls._uuid, dns_uuid) :- - nb::Logical_Switch[ls], + &nb::Logical_Switch[ls], var dns_uuid = FlatMap(ls.dns_records), nb::DNS(._uuid = dns_uuid). @@ -183,12 +183,12 @@ LogicalSwitchHasDNSRecords(ls, true) :- LogicalSwitchWithDNSRecords(ls). LogicalSwitchHasDNSRecords(ls, false) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchWithDNSRecords(ls). relation LogicalSwitchHasNonRouterPort0(ls: uuid) LogicalSwitchHasNonRouterPort0(ls_uuid) :- - ls in nb::Logical_Switch(._uuid = ls_uuid), + ls in &nb::Logical_Switch(._uuid = ls_uuid), var lsp_uuid = FlatMap(ls.ports), lsp in &nb::Logical_Switch_Port(._uuid = lsp_uuid), lsp.__type != "router". @@ -199,7 +199,7 @@ output relation LogicalSwitchHasNonRouterPort(ls: uuid, has_non_router_port: boo LogicalSwitchHasNonRouterPort(ls, true) :- LogicalSwitchHasNonRouterPort0(ls). LogicalSwitchHasNonRouterPort(ls, false) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchHasNonRouterPort0(ls). // LogicalSwitchCopp maps from each LS to its collection of Copp meters, @@ -207,12 +207,12 @@ LogicalSwitchHasNonRouterPort(ls, false) :- relation LogicalSwitchCopp(ls: uuid, meters: Map) LogicalSwitchCopp(ls, meters) :- LogicalSwitchCopp0(ls, meters). LogicalSwitchCopp(ls, map_empty()) :- - nb::Logical_Switch(._uuid = ls), + &nb::Logical_Switch(._uuid = ls), not LogicalSwitchCopp0(ls, _). relation LogicalSwitchCopp0(ls: uuid, meters: Map) LogicalSwitchCopp0(ls, meters) :- - nb::Logical_Switch(._uuid = ls, .copp = Some{copp_uuid}), + &nb::Logical_Switch(._uuid = ls, .copp = Some{copp_uuid}), nb::Copp(._uuid = copp_uuid, .meters = meters), var entry = FlatMap(meters), (var copp_id, var meter_name) = entry, @@ -280,7 +280,7 @@ Switch[Switch{ .copp = copp, .is_vlan_transparent = is_vlan_transparent }.intern()] :- - nb::Logical_Switch[ls], + &nb::Logical_Switch[ls], LogicalSwitchHasStatefulACL(ls._uuid, has_stateful_acl), LogicalSwitchHasACLs(ls._uuid, has_acls), LogicalSwitchHasLBVIP(ls._uuid, has_lb_vip), @@ -320,7 +320,7 @@ Switch[Switch{ /* SwitchLB: many-to-many relation between logical switches and nb::LB */ relation SwitchLB(sw_uuid: uuid, lb: Intern) SwitchLB(sw_uuid, lb) :- - nb::Logical_Switch(._uuid = sw_uuid, .load_balancer = lb_ids), + &nb::Logical_Switch(._uuid = sw_uuid, .load_balancer = lb_ids), var lb_id = FlatMap(lb_ids), lb in &nb::Load_Balancer(._uuid = lb_id). @@ -337,7 +337,7 @@ output relation LogicalSwitchHasLBVIP(sw_uuid: uuid, has_lb_vip: bool) LogicalSwitchHasLBVIP(sw_uuid, true) :- SwitchLBVIP(.sw_uuid = sw_uuid). LogicalSwitchHasLBVIP(sw_uuid, false) :- - nb::Logical_Switch(._uuid = sw_uuid), + &nb::Logical_Switch(._uuid = sw_uuid), not SwitchLBVIP(.sw_uuid = sw_uuid). /* Load balancer virtual IPs. @@ -520,7 +520,7 @@ relation SwitchQoS(sw: Intern, qos: Intern) SwitchQoS(sw, qos) :- sw in &Switch(), - nb::Logical_Switch(._uuid = sw._uuid, .qos_rules = qos_rules), + &nb::Logical_Switch(._uuid = sw._uuid, .qos_rules = qos_rules), var qos_rule = FlatMap(qos_rules), qos in &nb::QoS(._uuid = qos_rule). diff --git a/northd/multicast.dl b/northd/multicast.dl index dfd58f477..ef365b408 100644 --- a/northd/multicast.dl +++ b/northd/multicast.dl @@ -64,7 +64,7 @@ McastSwitchCfg[McastSwitchCfg { .query_interval = query_interval, .query_max_resp = query_max_resp }.intern()] :- - nb::Logical_Switch(._uuid = ls_uuid, + &nb::Logical_Switch(._uuid = ls_uuid, .other_config = other_config), var idle_timeout = other_config.get_int_def("mcast_idle_timeout", mCAST_DEFAULT_IDLE_TIMEOUT_S()) .clamp(mCAST_IDLE_TIMEOUT_S_RANGE()), diff --git a/northd/ovn-nb.dlopts b/northd/ovn-nb.dlopts index 402a44636..c22130004 100644 --- a/northd/ovn-nb.dlopts +++ b/northd/ovn-nb.dlopts @@ -17,6 +17,7 @@ --intern-table ACL --intern-table QoS --intern-table Load_Balancer +--intern-table Logical_Switch --intern-table Load_Balancer_Health_Check --intern-table Meter --intern-table NAT diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 38b97aa6b..dadf33ab6 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -59,7 +59,7 @@ relation OutProxy_Datapath_Binding ( /* Datapath_Binding table */ OutProxy_Datapath_Binding(uuid, external_ids) :- - nb::Logical_Switch(._uuid = uuid, .name = name, .external_ids = ids, + &nb::Logical_Switch(._uuid = uuid, .name = name, .external_ids = ids, .other_config = other_config), var uuid_str = uuid2str(uuid), var external_ids = { @@ -1753,7 +1753,7 @@ Flow(.logical_datapath = sw._uuid, .io_port = None, .controller_meter = None) :- sw in &Switch(), - nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), + &nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), var fg_uuid = FlatMap(forwarding_groups), fg in nb::Forwarding_Group(._uuid = fg_uuid), not fg.child_port.is_empty(), @@ -1785,7 +1785,7 @@ Flow(.logical_datapath = sw._uuid, .io_port = None, .controller_meter = None) :- sw in &Switch(), - nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), + &nb::Logical_Switch(._uuid = sw._uuid, .forwarding_groups = forwarding_groups), var fg_uuid = FlatMap(forwarding_groups), fg in nb::Forwarding_Group(._uuid = fg_uuid), not fg.child_port.is_empty(), @@ -3692,7 +3692,7 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam /* Ingress table ARP_ND_RSP: ARP/ND responder, by default goto next. * (priority 0)*/ -for (ls in nb::Logical_Switch) { +for (ls in &nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_ARP_ND_RSP(), .priority = 0, @@ -4074,7 +4074,7 @@ for (LogicalSwitchHasDNSRecords(ls, true)) * Ingress table EXTERNAL_PORT - External port handling, by default goto next. * (priority 0). */ -for (ls in nb::Logical_Switch) { +for (ls in &nb::Logical_Switch) { Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_DHCP_OPTIONS(), .priority = 0, @@ -4364,7 +4364,7 @@ Flow(.logical_datapath = sp.sw._uuid, /* Ingress table L2_LKUP: Destination lookup, broadcast and multicast handling * (priority 100). */ -for (ls in nb::Logical_Switch) { +for (ls in &nb::Logical_Switch) { var mc_flood = json_string_escape(mC_FLOOD().0) in Flow(.logical_datapath = ls._uuid, .stage = s_SWITCH_IN_L2_LKUP(), @@ -8255,7 +8255,7 @@ function get_dp_tunkey(map: Map, key: string): Option { // Tunnel keys requested by datapaths. relation RequestedTunKey(datapath: uuid, tunkey: integer) RequestedTunKey(uuid, tunkey) :- - ls in nb::Logical_Switch(._uuid = uuid), + ls in &nb::Logical_Switch(._uuid = uuid), Some{var tunkey} = get_dp_tunkey(ls.other_config, "requested-tnl-key"). RequestedTunKey(uuid, tunkey) :- lr in nb::Logical_Router(._uuid = uuid), @@ -8653,7 +8653,7 @@ sb::Out_Load_Balancer(._uuid = lb._uuid, .datapaths = datapaths, .external_ids = ["lb_id" -> uuid2str(lb_uuid)], .options = options) :- - nb in nb::Logical_Switch(._uuid = ls_uuid, .load_balancer = lb_uuids), + nb in &nb::Logical_Switch(._uuid = ls_uuid, .load_balancer = lb_uuids), var lb_uuid = FlatMap(lb_uuids), var datapaths = ls_uuid.group_by(lb_uuid).to_set(), lb in &nb::Load_Balancer(._uuid = lb_uuid), From patchwork Thu Aug 12 15:53:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1516368 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GlrqB0nfzz9sX1 for ; Fri, 13 Aug 2021 01:54:46 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 410EB40757; Thu, 12 Aug 2021 15:54:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CapNhKnuP86f; Thu, 12 Aug 2021 15:54:36 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 2CEDC4075D; Thu, 12 Aug 2021 15:54:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 63E9EC0031; Thu, 12 Aug 2021 15:54:28 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id CE949C0031 for ; Thu, 12 Aug 2021 15:54:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id B5A9580D2C for ; Thu, 12 Aug 2021 15:54:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Uu4OLaDZbkZ for ; Thu, 12 Aug 2021 15:54:24 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by smtp1.osuosl.org (Postfix) with ESMTPS id 295D080CEB for ; Thu, 12 Aug 2021 15:54:23 +0000 (UTC) Received: (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 60D3610000A; Thu, 12 Aug 2021 15:54:21 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Thu, 12 Aug 2021 08:53:58 -0700 Message-Id: <20210812155358.3141517-8-blp@ovn.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210812155358.3141517-1-blp@ovn.org> References: <20210812155358.3141517-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff , Ben Pfaff Subject: [ovs-dev] [PATCH 7/7] ovn-northd-ddlog: Postpone expanding external_ids, stage_hint, tags. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ben Pfaff This has little effect on performance in the current benchmark, but it seems like the cleanest approach to me. Signed-off-by: Ben Pfaff --- northd/ovn_northd.dl | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index dadf33ab6..f0730d40b 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -1667,9 +1667,9 @@ relation AggregatedFlow ( priority: integer, __match: istring, actions: istring, - tags: Map, + io_port: Option, controller_meter: Option, - external_ids: Map + stage_hint: bit<32> ) function make_flow_tags(io_port: Option): Map { match (io_port) { @@ -1690,9 +1690,9 @@ AggregatedFlow(.logical_datapaths = g.to_set(), .priority = priority, .__match = __match, .actions = actions, - .tags = make_flow_tags(io_port), + .io_port = io_port, .controller_meter = controller_meter, - .external_ids = make_flow_external_ids(stage_hint, stage)) :- + .stage_hint = stage_hint) :- UseLogicalDatapathGroups[true], Flow(logical_datapath, stage, priority, __match, actions, io_port, controller_meter, stage_hint), var g = logical_datapath.group_by((stage, priority, __match, actions, io_port, controller_meter, stage_hint)). @@ -1701,43 +1701,49 @@ AggregatedFlow(.logical_datapaths = set_singleton(logical_datapath), .priority = priority, .__match = __match, .actions = actions, - .tags = make_flow_tags(io_port), + .io_port = io_port, .controller_meter = controller_meter, - .external_ids = make_flow_external_ids(stage_hint, stage)) :- + .stage_hint = stage_hint) :- UseLogicalDatapathGroups[false], Flow(logical_datapath, stage, priority, __match, actions, io_port, controller_meter, stage_hint). +function to_string(pipeline: Pipeline): string { + if (pipeline == Ingress) { + "ingress" + } else { + "egress" + } +} + for (f in AggregatedFlow()) { - var pipeline = if (f.stage.pipeline == Ingress) "ingress" else "egress" in - var external_ids = f.external_ids.insert_imm("stage-name", f.stage.table_name) in if (f.logical_datapaths.size() == 1) { Some{var dp} = f.logical_datapaths.nth(0) in sb::Out_Logical_Flow( - ._uuid = hash128((dp, f.stage, f.priority, f.__match, f.actions, f.controller_meter, f.external_ids)), + ._uuid = hash128((dp, f.stage, f.priority, f.__match, f.actions, f.controller_meter, f.io_port, f.stage_hint)), .logical_datapath = Some{dp}, .logical_dp_group = None, - .pipeline = pipeline, + .pipeline = f.stage.pipeline.to_string(), .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, .__match = f.__match.ival(), .actions = f.actions.ival(), - .tags = f.tags, - .external_ids = external_ids) + .tags = make_flow_tags(f.io_port), + .external_ids = make_flow_external_ids(f.stage_hint, f.stage)) } else { var group_uuid = hash128(f.logical_datapaths) in { sb::Out_Logical_Flow( - ._uuid = hash128((group_uuid, f.stage, f.priority, f.__match, f.actions, f.controller_meter, f.external_ids)), + ._uuid = hash128((group_uuid, f.stage, f.priority, f.__match, f.actions, f.controller_meter, f.io_port, f.stage_hint)), .logical_datapath = None, .logical_dp_group = Some{group_uuid}, - .pipeline = pipeline, + .pipeline = f.stage.pipeline.to_string(), .table_id = f.stage.table_id as integer, .priority = f.priority, .controller_meter = f.controller_meter, .__match = f.__match.ival(), .actions = f.actions.ival(), - .tags = f.tags, - .external_ids = external_ids); + .tags = make_flow_tags(f.io_port), + .external_ids = make_flow_external_ids(f.stage_hint, f.stage)); sb::Out_Logical_DP_Group(._uuid = group_uuid, .datapaths = f.logical_datapaths) } }