From patchwork Sat Nov 9 02:49:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1192356 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="QLLWtyn5"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4791rb3bf2z9sPF for ; Sat, 9 Nov 2019 13:52:15 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id EA41FC87; Sat, 9 Nov 2019 02:49:57 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 14F52C9F for ; Sat, 9 Nov 2019 02:49:56 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 078445F4 for ; Sat, 9 Nov 2019 02:49:52 +0000 (UTC) Received: from pps.filterd (m0127842.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xA92i1mk005578 for ; Fri, 8 Nov 2019 18:49:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=yi6Z3KtpM9c2p4SSxVqSMpHPItWgEFg/eaU3sESseaw=; b=QLLWtyn5+dJpNLTE899c9qe0ucr5NXd3Gc7/1DQWHcVxVBPTCVyQb5qgLiXcPo6OCdcU AHxEBjub/sG49TBgj5Rv25ZqIIUtm5YwXZ+FsUMxDdh3mUiyDUn2j6vmpBRDp5sppd+b GLx4aPe/Cg9Py8EgpFCer9JRXT5rL9hJQLKhq3/miyrbkfZoWiCqyfslUPqEOqm1ZuB4 HFhJ1oYZclId7l45TV8P6i7yEeyDaoq+cLQz10QRF5MW7gGL51wP4Jv8AaSQl7mzEzJU zxOFm9NsFPawbCXJdotb0hS65SbXEd2MTCv2rEgsk736LcpLHZ84CCON159a+epq4MCm HQ== Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp2057.outbound.protection.outlook.com [104.47.41.57]) by mx0b-002c1b01.pphosted.com with ESMTP id 2w5m2hg243-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 08 Nov 2019 18:49:52 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TlMwb3noHQM5nSU4zPy04aP5EDiFvA25IjvEcEt5veR/Ln8pTCsSrTSI2bwgBP4JuMiuhQKRZiP40OUqrJZx4Yco/SwaAreIKuElMTZWM2Cq7MGsXAAEvSE1Uzrx2qxqT315j0wjOn+UedcfKRPW/6apEDdKVPbMaEwypWZQJlPJyu7jzJtih+qq6iuwk/xz+28/2hL0JzdrJ6hINjiIL8puZP815FPUwsREaeF4pVC5fcbtQ45edjm55bqpKL62LXzIsNykkf1yxHczmIsn7YC0edfAjAsu7piEyKga/RapvWxlz7AkWXMkFDydVOni3euT64SmaQZtR+ODUlVEbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yi6Z3KtpM9c2p4SSxVqSMpHPItWgEFg/eaU3sESseaw=; b=f2DwHYu0WDxgNmEaUMyHccLRCGoAbcPM/Zh0PFF51g786P45OUXjaPZB6xJJdCdswYIxchF2oK1aE2BwNyFmDoXdZObCCa8alrYiup6Ld6yQQ/qdpjFUnXe4wKZokOg5xP1vzBwVy0jCMzADV44TCrTc9jlILCh8SzCCZh6awBy6l7WzEywpvlLzs7Lq5mSSYAvgTt7zhQPOyHyzetODwiQU03CvaAB3QtMh+pSquM9dpEBiCCLn8f6WadHEe8SzO5qqYR1d2kQ+VkRjhLp6IN3w6uzjVJARKnOsh0cfMWp79dNq3dqbCjPKkiB5Bxi/HPTE1XOmrK7V0AaeS1BYzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.177.158) by MW2PR02MB3803.namprd02.prod.outlook.com (52.132.177.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Sat, 9 Nov 2019 02:49:50 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::f097:1b5f:8315:3bcd]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::f097:1b5f:8315:3bcd%5]) with mapi id 15.20.2430.020; Sat, 9 Nov 2019 02:49:50 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v4 2/3 ovn] OVN ACL: Allow ct_mark and ct_label values to be set from register as well Thread-Index: AQHVlqha20VPO0TkbkSG5o0AWO6oqg== Date: Sat, 9 Nov 2019 02:49:49 +0000 Message-ID: <1573267855-102768-3-git-send-email-ankur.sharma@nutanix.com> References: <1573267855-102768-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1573267855-102768-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BY5PR16CA0022.namprd16.prod.outlook.com (2603:10b6:a03:1a0::35) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:3::30) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.98] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a4f68cc-4b15-4f1c-6284-08d764bf7d03 x-ms-traffictypediagnostic: MW2PR02MB3803: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:411; x-forefront-prvs: 021670B4D2 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(396003)(136003)(376002)(39860400002)(189003)(199004)(478600001)(6486002)(81166006)(81156014)(446003)(4720700003)(476003)(66446008)(50226002)(6436002)(8676002)(486006)(86362001)(2616005)(2906002)(14454004)(6916009)(2501003)(11346002)(5640700003)(36756003)(66066001)(44832011)(256004)(52116002)(6512007)(66556008)(99286004)(386003)(64756008)(2351001)(66946007)(8936002)(76176011)(186003)(66476007)(6506007)(316002)(4326008)(3846002)(7736002)(71190400001)(5660300002)(26005)(107886003)(25786009)(305945005)(6116002)(102836004)(71200400001)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3803; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5MLUIsAQF5NYzWkTDRGl/mBvss5bkK4C6UHiRE7IwgUKF2F78PSfUvE/Zs7RU8tUQlofnRQAiWuqJ7uue1pAX8hLFCJsP7uA/EEL4krVJGPsx/ZwwQBtXUa6J5/RE0Rn3ReL+/J2DIWXpMQlVSxiU/HgEEcXCEvgCY1DehapHeKpJL41LfPq2lQVmP/WzYr75seo5PiZdHgLoBSTn0to5shx6q8ggblCH+6aV311zEqdYjewjjm+eWbmn+P3Mz7zSGt0oZzReQ3e3gOfVTFeDAHicAe0oWe6vRa2WxBu2kCmGEYe0ahYBJTT8/UKQGUgwDxx6ABQ3eq037lJzkKjbfpMHhkmauI//b7ogsAw9CP28DLjyPuVPq6Giusg6SK6+hH63FI1VT3/br6BiQPWpExDj6kw8mSZ3KCDceG2IJVTv8d2N9xjUjPpcYcXuzFK MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a4f68cc-4b15-4f1c-6284-08d764bf7d03 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2019 02:49:49.7678 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: b3+o5QNLQfaRk5tvLCMPKwQylUOY4DMZAEcGFGZtL4yFvPDyaYzCK3GRqLvleGkjZoICcHcaeZp7lsIc/GJz+WBq/679EbC0dSJat2qv3IU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3803 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-11-08_09:2019-11-08, 2019-11-08 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v4 2/3 ovn] OVN ACL: Allow ct_mark and ct_label values to be set from register as well X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org OVN allows only an integer (or masked integer) to be assigned to ct_mark and ct_label. This patch, enhances the parser code to allow ct_mark and ct_label to be assigned from registers as well. Signed-off-by: Ankur Sharma --- include/ovn/actions.h | 3 +++ lib/actions.c | 72 ++++++++++++++++++++++++++++++++++++++++++++------- ovn-sb.xml | 41 +++++++++++++++++++++-------- tests/ovn.at | 31 ++++++++++++++++++++++ 4 files changed, 126 insertions(+), 21 deletions(-) diff --git a/include/ovn/actions.h b/include/ovn/actions.h index f4997e9..dda9a66 100644 --- a/include/ovn/actions.h +++ b/include/ovn/actions.h @@ -218,8 +218,11 @@ struct ovnact_ct_next { /* OVNACT_CT_COMMIT. */ struct ovnact_ct_commit { struct ovnact ovnact; + bool is_ct_mark_reg, is_ct_label_reg; /* If the value is from a register */ uint32_t ct_mark, ct_mark_mask; ovs_be128 ct_label, ct_label_mask; + enum mf_field_id ct_mark_reg, ct_label_reg; + uint16_t ct_mark_reg_bits, ct_label_reg_bits; }; /* OVNACT_CT_DNAT, OVNACT_CT_SNAT. */ diff --git a/lib/actions.c b/lib/actions.c index a999a4f..2b00469 100644 --- a/lib/actions.c +++ b/lib/actions.c @@ -634,8 +634,21 @@ parse_ct_commit_arg(struct action_context *ctx, } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) { cc->ct_mark = ntohll(ctx->lexer->token.value.integer); cc->ct_mark_mask = ntohll(ctx->lexer->token.mask.integer); + } else if (ctx->lexer->token.type == LEX_T_ID) { + + cc->ct_mark_mask = UINT32_MAX; + + const struct mf_field *mf = mf_from_name(ctx->lexer->token.s); + if (mf && mf_is_register(mf->id)) { + cc->is_ct_mark_reg = true; + cc->ct_mark_reg = mf->id; + } else { + lexer_syntax_error(ctx->lexer, "invalid field name: %s", + ctx->lexer->token.s); + return; + } } else { - lexer_syntax_error(ctx->lexer, "expecting integer"); + lexer_syntax_error(ctx->lexer, "invalid token type"); return; } lexer_get(ctx->lexer); @@ -649,9 +662,21 @@ parse_ct_commit_arg(struct action_context *ctx, } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) { cc->ct_label = ctx->lexer->token.value.be128_int; cc->ct_label_mask = ctx->lexer->token.mask.be128_int; + } else if (ctx->lexer->token.type == LEX_T_ID) { + + const struct mf_field *mf = mf_from_name(ctx->lexer->token.s); + if (mf && mf_is_register(mf->id)) { + cc->is_ct_label_reg = true; + cc->ct_label_reg = mf->id; + } else { + lexer_syntax_error(ctx->lexer, "invalid field name: %s", + ctx->lexer->token.s); + return; + } + } else { - lexer_syntax_error(ctx->lexer, "expecting integer"); - return; + lexer_syntax_error(ctx->lexer, "invalid token type"); + return; } lexer_get(ctx->lexer); } else { @@ -719,15 +744,42 @@ encode_CT_COMMIT(const struct ovnact_ct_commit *cc, size_t set_field_offset = ofpacts->size; ofpbuf_pull(ofpacts, set_field_offset); - if (cc->ct_mark_mask) { + if (cc->is_ct_mark_reg) { + struct ofpact_reg_move *move = ofpact_put_REG_MOVE(ofpacts); + const struct mf_field *src_reg = mf_from_id(cc->ct_mark_reg); + const struct mf_field *ct_mark = mf_from_id(MFF_CT_MARK); + + move->src.field = src_reg; + move->src.ofs = 0; + move->src.n_bits = src_reg->n_bits < ct_mark->n_bits ? + src_reg->n_bits : ct_mark->n_bits; + move->dst.field = mf_from_id(MFF_CT_MARK); + move->dst.ofs = 0; + move->dst.n_bits = src_reg->n_bits < ct_mark->n_bits ? + src_reg->n_bits : ct_mark->n_bits; + } else if (cc->ct_mark_mask) { const ovs_be32 value = htonl(cc->ct_mark); const ovs_be32 mask = htonl(cc->ct_mark_mask); - ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_MARK), &value, &mask); - } - - if (!ovs_be128_is_zero(cc->ct_label_mask)) { - ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_LABEL), &cc->ct_label, - &cc->ct_label_mask); + ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_MARK), &value, + &mask); + } + + if (cc->is_ct_label_reg) { + struct ofpact_reg_move *move = ofpact_put_REG_MOVE(ofpacts); + const struct mf_field *src_reg = mf_from_id(cc->ct_label_reg); + const struct mf_field *ct_label = mf_from_id(MFF_CT_LABEL); + + move->src.field = src_reg; + move->src.ofs = 0; + move->src.n_bits = src_reg->n_bits < ct_label->n_bits ? + src_reg->n_bits : ct_label->n_bits; + move->dst.field = ct_label; + move->dst.ofs = 0; + move->dst.n_bits = src_reg->n_bits < ct_label->n_bits ? + src_reg->n_bits : ct_label->n_bits; + } else if (!ovs_be128_is_zero(cc->ct_label_mask)) { + ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_LABEL), + &cc->ct_label, &cc->ct_label_mask); } ofpacts->header = ofpbuf_push_uninit(ofpacts, set_field_offset); diff --git a/ovn-sb.xml b/ovn-sb.xml index e5fb51a..c8306ab 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -1243,20 +1243,39 @@
ct_commit;
-
ct_commit(ct_mark=value[/mask]);
-
ct_commit(ct_label=value[/mask]);
-
ct_commit(ct_mark=value[/mask], ct_label=value[/mask]);
+
+ + ct_commit(ct_mark=(value[/mask] OR regX OR xregX OR xxregX)); + +
+
+ + ct_commit(ct_label=(value[/mask] OR regX OR xregX OR xxregX)); + +
+
+ + ct_commit(ct_mark=(value[/mask] OR regX OR xregX OR xxregX), + ct_label=(value[/mask] OR regX OR xregX OR xxregX )); + +

Commit the flow to the connection tracking entry associated with it - by a previous call to ct_next. When - ct_mark=value[/mask] and/or - ct_label=value[/mask] are supplied, - ct_mark and/or ct_label will be set to the - values indicated by value[/mask] on the connection - tracking entry. ct_mark is a 32-bit field. - ct_label is a 128-bit field. The value[/mask] - should be specified in hex string if more than 64bits are to be used. + by a previous call to ct_next. When + ct_mark=value[/mask] OR regX OR + xregX OR xxregX and/or + ct_label=value[/mask] OR regX + OR xregX OR xxregX are + supplied, ct_mark and/or ct_label + will be set to the values indicated by value[/mask] + or 32 bit/128 bit registers on the connection tracking entry. + ct_mark is a 32-bit field and hence will read + value only from a 32 bit register (reg0 - reg9). + ct_label is a 128-bit field and hence + will read value only from a 128 bit register (xxreg0 - xxreg1). + The value[/mask] should be specified in hex string if + more than 64bits are to be used.

diff --git a/tests/ovn.at b/tests/ovn.at index 3e20c84..042abee 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1037,6 +1037,37 @@ ct_commit(ct_label=18446744073709551615); ct_commit(ct_label=18446744073709551616); Decimal constants must be less than 2**64. +ct_commit(ct_label=xxreg1); + formats as ct_commit; + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:NXM_NX_XXREG1[]->NXM_NX_CT_LABEL[])) + has prereqs ip + +ct_commit(ct_label=xreg1); + formats as ct_commit; + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:OXM_OF_PKT_REG1[]->NXM_NX_CT_LABEL[0..63])) + has prereqs ip + +ct_commit(ct_label=reg1); + formats as ct_commit; + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:NXM_NX_REG1[]->NXM_NX_CT_LABEL[0..31])) + has prereqs ip + +ct_commit(ct_mark=xxreg1); + formats as ct_commit(ct_mark=0); + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:NXM_NX_XXREG1[0..31]->NXM_NX_CT_MARK[])) + has prereqs ip + +ct_commit(ct_mark=xreg1); + formats as ct_commit(ct_mark=0); + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:OXM_OF_PKT_REG1[0..31]->NXM_NX_CT_MARK[])) + has prereqs ip + +ct_commit(ct_mark=reg1); + formats as ct_commit(ct_mark=0); + encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(move:NXM_NX_REG1[]->NXM_NX_CT_MARK[])) + has prereqs ip + + # ct_dnat ct_dnat; encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat)