From patchwork Thu Jul 16 13:19:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1330245 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6vxn4Nmlz9sT6 for ; Thu, 16 Jul 2020 23:20:13 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 1991C88F7F; Thu, 16 Jul 2020 13:20:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zvIOMJma9Ge0; Thu, 16 Jul 2020 13:20:06 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2BF4A88FA9; Thu, 16 Jul 2020 13:20:02 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id DEDACC08A9; Thu, 16 Jul 2020 13:20:01 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5C978C0893 for ; Thu, 16 Jul 2020 13:20:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 3C27389ABF for ; Thu, 16 Jul 2020 13:20:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymd7Z5mUfImD for ; Thu, 16 Jul 2020 13:19:52 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id C1E068A561 for ; Thu, 16 Jul 2020 13:19:51 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jw3nh-00027u-Ms for dev@openvswitch.org; Thu, 16 Jul 2020 13:19:50 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jw3nd-0001Hz-VE; Thu, 16 Jul 2020 14:19:48 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Thu, 16 Jul 2020 14:19:07 +0100 Message-Id: <20200716131927.3943-10-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200716131927.3943-1-anton.ivanov@cambridgegreys.com> References: <20200716131927.3943-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v3 09/29] Move packet size rules to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 752 +++++++++++++++++++++++--------------------- 1 file changed, 397 insertions(+), 355 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 7932ab9e3..0b4926a75 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9941,93 +9941,25 @@ build_lrouter_flows_step_100_od( } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_step_110_od( + struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_10_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_10_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_20_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_20_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_30_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_40_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_50_od(od, lflows, lbs, meter_groups); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_50_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_60_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_70_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_80_od(od, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_90_od(od, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_100_od(od, lflows, ports); - } - - - /* XXX destination unreachable */ - /* Local router ingress table ARP_RESOLVE: ARP Resolution. * * Multicast packets already have the outport set so just advance to next * table (priority 500). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 500, "ip4.mcast || ip6.mcast", "next;"); } +} + +static void +build_lrouter_flows_step_120_op( + struct ovn_port *op, struct hmap *lflows, struct hmap *ports) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; /* Local router ingress table ARP_RESOLVE: ARP Resolution. * @@ -10038,188 +9970,133 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 into an output port in outport and * an Ethernet address in eth.dst. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (op->nbsp && !lsp_is_enabled(op->nbsp)) { - continue; - } - - if (op->nbrp) { - /* This is a logical router port. If next-hop IP address in - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 matches IP address of this - * router port, then the packet is intended to eventually be sent - * to this logical port. Set the destination mac address using - * this port's mac address. - * - * The packet is still in peer's logical pipeline. So the match - * should be on peer's outport. */ - if (op->peer && op->nbrp->peer) { - if (op->lrp_networks.n_ipv4_addrs) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 "== ", - op->peer->json_key); - op_put_v4_networks(&match, op, false); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + if (op->nbsp && !lsp_is_enabled(op->nbsp)) { + return; + } - if (op->lrp_networks.n_ipv6_addrs) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == ", - op->peer->json_key); - op_put_v6_networks(&match, op); + if (op->nbrp) { + /* This is a logical router port. If next-hop IP address in + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 matches IP address of this + * router port, then the packet is intended to eventually be sent + * to this logical port. Set the destination mac address using + * this port's mac address. + * + * The packet is still in peer's logical pipeline. So the match + * should be on peer's outport. */ + if (op->peer && op->nbrp->peer) { + if (op->lrp_networks.n_ipv4_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 "== ", + op->peer->json_key); + op_put_v4_networks(&match, op, false); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); } - if (!op->derived && op->od->l3redirect_port) { - const char *redirect_type = smap_get(&op->nbrp->options, - "redirect-type"); - if (redirect_type && !strcasecmp(redirect_type, "bridged")) { - /* Packet is on a non gateway chassis and - * has an unresolved ARP on a network behind gateway - * chassis attached router port. Since, redirect type - * is "bridged", instead of calling "get_arp" - * on this node, we will redirect the packet to gateway - * chassis, by setting destination mac router port mac.*/ - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - "!is_chassis_resident(%s)", op->json_key, - op->od->l3redirect_port->json_key); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); + if (op->lrp_networks.n_ipv6_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == ", + op->peer->json_key); + op_put_v6_networks(&match, op); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_ARP_RESOLVE, 50, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); } - } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") - && strcmp(op->nbsp->type, "virtual")) { - /* This is a logical switch port that backs a VM or a container. - * Extract its addresses. For each of the address, go through all - * the router ports attached to the switch (to which this port - * connects) and if the address in question is reachable from the - * router port, add an ARP/ND entry in that router's pipeline. */ - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - const char *ea_s = op->lsp_addrs[i].ea_s; - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { - const char *ip_s = op->lsp_addrs[i].ipv4_addrs[j].addr_s; - for (size_t k = 0; k < op->od->n_router_ports; k++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &op->od->router_ports[k]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + } - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + if (!op->derived && op->od->l3redirect_port) { + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + if (redirect_type && !strcasecmp(redirect_type, "bridged")) { + /* Packet is on a non gateway chassis and + * has an unresolved ARP on a network behind gateway + * chassis attached router port. Since, redirect type + * is "bridged", instead of calling "get_arp" + * on this node, we will redirect the packet to gateway + * chassis, by setting destination mac router port mac.*/ + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + "!is_chassis_resident(%s)", op->json_key, + op->od->l3redirect_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); - if (!find_lrp_member_ip(peer, ip_s)) { - continue; - } + ovn_lflow_add_with_hint(lflows, op->od, + S_ROUTER_IN_ARP_RESOLVE, 50, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); + } + } + } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") + && strcmp(op->nbsp->type, "virtual")) { + /* This is a logical switch port that backs a VM or a container. + * Extract its addresses. For each of the address, go through all + * the router ports attached to the switch (to which this port + * connects) and if the address in question is reachable from the + * router port, add an ARP/ND entry in that router's pipeline. */ - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, ip_s); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + const char *ea_s = op->lsp_addrs[i].ea_s; + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { + const char *ip_s = op->lsp_addrs[i].ipv4_addrs[j].addr_s; + for (size_t k = 0; k < op->od->n_router_ports; k++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ + const char *peer_name = smap_get( + &op->od->router_ports[k]->nbsp->options, + "router-port"); + if (!peer_name) { + continue; } - } - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { - const char *ip_s = op->lsp_addrs[i].ipv6_addrs[j].addr_s; - for (size_t k = 0; k < op->od->n_router_ports; k++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &op->od->router_ports[k]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; + } - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + if (!find_lrp_member_ip(peer, ip_s)) { + continue; + } - if (!find_lrp_member_ip(peer, ip_s)) { - continue; - } + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, ip_s); - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == %s", - peer->json_key, ip_s); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); } } - } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") - && !strcmp(op->nbsp->type, "virtual")) { - /* This is a virtual port. Add ARP replies for the virtual ip with - * the mac of the present active virtual parent. - * If the logical port doesn't have virtual parent set in - * Port_Binding table, then add the flow to set eth.dst to - * 00:00:00:00:00:00 and advance to next table so that ARP is - * resolved by router pipeline using the arp{} action. - * The MAC_Binding entry for the virtual ip might be invalid. */ - ovs_be32 ip; - - const char *vip = smap_get(&op->nbsp->options, - "virtual-ip"); - const char *virtual_parents = smap_get(&op->nbsp->options, - "virtual-parents"); - if (!vip || !virtual_parents || - !ip_parse(vip, &ip) || !op->sb) { - continue; - } - if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || - !op->sb->chassis) { - /* The virtual port is not claimed yet. */ - for (size_t i = 0; i < op->od->n_router_ports; i++) { + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { + const char *ip_s = op->lsp_addrs[i].ipv6_addrs[j].addr_s; + for (size_t k = 0; k < op->od->n_router_ports; k++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ const char *peer_name = smap_get( - &op->od->router_ports[i]->nbsp->options, + &op->od->router_ports[k]->nbsp->options, "router-port"); if (!peer_name) { continue; @@ -10230,155 +10107,228 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } - if (find_lrp_member_ip(peer, vip)) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, vip); - - ds_clear(&actions); - ds_put_format(&actions, - "eth.dst = 00:00:00:00:00:00; next;"); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - break; + if (!find_lrp_member_ip(peer, ip_s)) { + continue; } - } - } else { - struct ovn_port *vp = - ovn_port_find(ports, op->sb->virtual_parent); - if (!vp || !vp->nbsp) { - continue; - } - - for (size_t i = 0; i < vp->n_lsp_addrs; i++) { - bool found_vip_network = false; - const char *ea_s = vp->lsp_addrs[i].ea_s; - for (size_t j = 0; j < vp->od->n_router_ports; j++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &vp->od->router_ports[j]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } - - struct ovn_port *peer = - ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } - - if (!find_lrp_member_ip(peer, vip)) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, vip); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - found_vip_network = true; - break; - } + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == %s", + peer->json_key, ip_s); - if (found_vip_network) { - break; - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); } } - } else if (!strcmp(op->nbsp->type, "router")) { - /* This is a logical switch port that connects to a router. */ - - /* The peer of this switch port is the router port for which - * we need to add logical flows such that it can resolve - * ARP entries for all the other router ports connected to - * the switch in question. */ - - const char *peer_name = smap_get(&op->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + } + } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") + && !strcmp(op->nbsp->type, "virtual")) { + /* This is a virtual port. Add ARP replies for the virtual ip with + * the mac of the present active virtual parent. + * If the logical port doesn't have virtual parent set in + * Port_Binding table, then add the flow to set eth.dst to + * 00:00:00:00:00:00 and advance to next table so that ARP is + * resolved by router pipeline using the arp{} action. + * The MAC_Binding entry for the virtual ip might be invalid. */ + ovs_be32 ip; - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + const char *vip = smap_get(&op->nbsp->options, + "virtual-ip"); + const char *virtual_parents = smap_get(&op->nbsp->options, + "virtual-parents"); + if (!vip || !virtual_parents || + !ip_parse(vip, &ip) || !op->sb) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || + !op->sb->chassis) { + /* The virtual port is not claimed yet. */ for (size_t i = 0; i < op->od->n_router_ports; i++) { - const char *router_port_name = smap_get( - &op->od->router_ports[i]->nbsp->options, - "router-port"); - struct ovn_port *router_port = ovn_port_find(ports, - router_port_name); - if (!router_port || !router_port->nbrp) { + const char *peer_name = smap_get( + &op->od->router_ports[i]->nbsp->options, + "router-port"); + if (!peer_name) { continue; } - /* Skip the router port under consideration. */ - if (router_port == peer) { - continue; + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; } - if (router_port->lrp_networks.n_ipv4_addrs) { + if (find_lrp_member_ip(peer, vip)) { ds_clear(&match); ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == ", - peer->json_key); - op_put_v4_networks(&match, router_port, false); + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, vip); ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - router_port->lrp_networks.ea_s); + ds_put_format(&actions, + "eth.dst = 00:00:00:00:00:00; next;"); ovn_lflow_add_with_hint(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), + ds_cstr(&match), + ds_cstr(&actions), &op->nbsp->header_); + break; } + } + } else { + struct ovn_port *vp = + ovn_port_find(ports, op->sb->virtual_parent); + if (!vp || !vp->nbsp) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + for (size_t i = 0; i < vp->n_lsp_addrs; i++) { + bool found_vip_network = false; + const char *ea_s = vp->lsp_addrs[i].ea_s; + for (size_t j = 0; j < vp->od->n_router_ports; j++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ + const char *peer_name = smap_get( + &vp->od->router_ports[j]->nbsp->options, + "router-port"); + if (!peer_name) { + continue; + } + + struct ovn_port *peer = + ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; + } + + if (!find_lrp_member_ip(peer, vip)) { + continue; + } - if (router_port->lrp_networks.n_ipv6_addrs) { ds_clear(&match); ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == ", - peer->json_key); - op_put_v6_networks(&match, router_port); + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, vip); ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - router_port->lrp_networks.ea_s); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); ovn_lflow_add_with_hint(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), + ds_cstr(&match), + ds_cstr(&actions), &op->nbsp->header_); + found_vip_network = true; + break; + } + + if (found_vip_network) { + break; } } } - } + } else if (!strcmp(op->nbsp->type, "router")) { + /* This is a logical switch port that connects to a router. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; + /* The peer of this switch port is the router port for which + * we need to add logical flows such that it can resolve + * ARP entries for all the other router ports connected to + * the switch in question. */ + + const char *peer_name = smap_get(&op->nbsp->options, + "router-port"); + if (!peer_name) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + for (size_t i = 0; i < op->od->n_router_ports; i++) { + const char *router_port_name = smap_get( + &op->od->router_ports[i]->nbsp->options, + "router-port"); + struct ovn_port *router_port = ovn_port_find(ports, + router_port_name); + if (!router_port || !router_port->nbrp) { + continue; + } + + /* Skip the router port under consideration. */ + if (router_port == peer) { + continue; + } + + if (router_port->lrp_networks.n_ipv4_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 " == ", + peer->json_key); + op_put_v4_networks(&match, router_port, false); + + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + router_port->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + } + + if (router_port->lrp_networks.n_ipv6_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == ", + peer->json_key); + op_put_v6_networks(&match, router_port); + + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + router_port->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + } } + } + ds_destroy(&match); + ds_destroy(&actions); +} +static void +build_lrouter_flows_step_130_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip4", "get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;"); ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip6", "get_nd(outport, " REG_NEXT_HOP_IPV6 "); next;"); } +} + +static void +build_lrouter_flows_step_140_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; /* Local router ingress table CHK_PKT_LEN: Check packet length. * @@ -10393,10 +10343,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * generate ICMPv4 packet with type 3 (Destination Unreachable) and * code 4 (Fragmentation needed). * */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + + if (od->nbr) { /* Packets are allowed by default. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", @@ -10412,7 +10360,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } /* Add the flows only if gateway_mtu is configured. */ if (gw_mtu <= 0) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } ds_clear(&match); @@ -10491,6 +10441,98 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_10_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_10_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_20_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_20_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_30_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_40_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_50_od(od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_50_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_60_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_70_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_80_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_90_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_100_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_110_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_120_op(op, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_130_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_140_od(od, lflows, ports); + } /* Logical router ingress table GW_REDIRECT: Gateway redirect. *