@@ -8584,6 +8584,21 @@ static void
build_lrouter_flows_multicast_lookup_od(
struct ovn_datapath *od, struct hmap *lflows,
struct ds *match, struct ds *actions);
+
+/* Logical router ingress table POLICY: Policy.
+ *
+ * A packet that arrives at this table is an IP packet that should be
+ * permitted/denied/rerouted to the address in the rule's nexthop.
+ * This table sets outport to the correct out_port,
+ * eth.src to the output port's MAC address,
+ * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address
+ * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and
+ * advances to the next table for ARP/ND resolution. */
+static void
+build_lrouter_flows_ingress_policy_od(
+ struct ovn_datapath *od, struct hmap *lflows,
+ struct hmap *ports);
+
/*
* Do not remove this comment - it is here on purpose
* It serves as a marker so that pulling operations out
@@ -8669,32 +8684,11 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
od, lflows, &match, &actions);
}
- /* Logical router ingress table POLICY: Policy.
- *
- * A packet that arrives at this table is an IP packet that should be
- * permitted/denied/rerouted to the address in the rule's nexthop.
- * This table sets outport to the correct out_port,
- * eth.src to the output port's MAC address,
- * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address
- * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and
- * advances to the next table for ARP/ND resolution. */
HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
- /* This is a catch-all rule. It has the lowest priority (0)
- * does a match-all("1") and pass-through (next) */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;");
-
- /* Convert routing policies to flows. */
- for (int i = 0; i < od->nbr->n_policies; i++) {
- const struct nbrec_logical_router_policy *rule
- = od->nbr->policies[i];
- build_routing_policy_flow(lflows, od, ports, rule, &rule->header_);
- }
+ build_lrouter_flows_ingress_policy_od(
+ od, lflows, ports);
}
-
/* XXX destination unreachable */
/* Local router ingress table ARP_RESOLVE: ARP Resolution.
@@ -11125,9 +11119,27 @@ build_lrouter_flows_multicast_lookup_od(
"ip4.mcast || ip6.mcast", "drop;");
}
}
+}
+static void
+build_lrouter_flows_ingress_policy_od(
+ struct ovn_datapath *od, struct hmap *lflows,
+ struct hmap *ports)
+{
+ if (od->nbr) {
+ /* This is a catch-all rule. It has the lowest priority (0)
+ * does a match-all("1") and pass-through (next) */
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;");
+ /* Convert routing policies to flows. */
+ for (int i = 0; i < od->nbr->n_policies; i++) {
+ const struct nbrec_logical_router_policy *rule
+ = od->nbr->policies[i];
+ build_routing_policy_flow(lflows, od, ports, rule, &rule->header_);
+ }
+ }
}
+
/* Updates the Logical_Flow and Multicast_Group tables in the OVN_SB database,
* constructing their contents based on the OVN_NB database. */
static void