@@ -117,6 +117,8 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *,
.lflow_ref = LFLOW_REF, \
.where = OVS_SOURCE_LOCATOR,
+#define WITH_HINT(HINT) .stage_hint = HINT
+
#define LFLOW_TABLE_ADD_ARGS_END }
/* Adds a row with the specified contents to the Logical_Flow table. */
@@ -127,12 +129,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *,
ACTIONS, IN_OUT_PORT, CTRL_METER, STAGE_HINT, \
OVS_SOURCE_LOCATOR, NULL, LFLOW_REF)
-#define ovn_lflow_add_with_hint(LFLOW_TABLE, OD, STAGE, PRIORITY, MATCH, \
- ACTIONS, STAGE_HINT, LFLOW_REF) \
- lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \
- ACTIONS, NULL, NULL, STAGE_HINT, \
- OVS_SOURCE_LOCATOR, NULL, LFLOW_REF)
-
#define ovn_lflow_add_with_dp_group(LFLOW_TABLE, DP_BITMAP, DP_BITMAP_LEN, \
STAGE, PRIORITY, MATCH, ACTIONS, \
STAGE_HINT, LFLOW_REF) \
@@ -6121,19 +6121,19 @@ build_stateless_filter(const struct ovn_datapath *od,
{
const char *action = REGBIT_ACL_STATELESS" = 1; next;";
if (!strcmp(acl->direction, "from-lport")) {
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_ACL,
- acl->priority + OVN_ACL_PRI_OFFSET,
- acl->match,
- action,
- &acl->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL,
+ acl->priority + OVN_ACL_PRI_OFFSET,
+ acl->match,
+ action,
+ lflow_ref,
+ WITH_HINT(&acl->header_));
} else {
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_OUT_PRE_ACL,
- acl->priority + OVN_ACL_PRI_OFFSET,
- acl->match,
- action,
- &acl->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL,
+ acl->priority + OVN_ACL_PRI_OFFSET,
+ acl->match,
+ action,
+ lflow_ref,
+ WITH_HINT(&acl->header_));
}
}
@@ -7224,9 +7224,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od,
ds_put_cstr(actions, "next;");
ds_put_format(match, "(%s)", acl->match);
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
return;
}
@@ -7293,9 +7294,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od,
(uint8_t) acl->network_function_group->id);
}
ds_put_cstr(actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
/* Match on traffic in the request direction for an established
* connection tracking entry that has not been marked for
@@ -7324,9 +7326,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od,
(uint8_t) acl->network_function_group->id);
}
ds_put_cstr(actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
} else if (!strcmp(acl->action, "drop")
|| !strcmp(acl->action, "reject")) {
if (acl->network_function_group) {
@@ -7351,9 +7354,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od,
build_acl_sample_label_action(actions, acl, acl->sample_new, NULL,
obs_stage);
ds_put_cstr(actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
/* For an existing connection without ct_mark.blocked set, we've
* encountered a policy change. ACLs previously allowed
* this connection and we committed the connection tracking
@@ -7378,9 +7382,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od,
ds_put_format(actions,
"ct_commit { ct_mark.blocked = 1; "
"ct_label.obs_point_id = %"PRIu32"; }; next;", obs_pid);
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
}
}
@@ -7605,20 +7610,22 @@ build_acl_log_related_flows(const struct ovn_datapath *od,
"ct_mark.blocked == 0 && "
"ct_label.label == %" PRId64,
acl->label);
- ovn_lflow_add_with_hint(lflows, od, log_related_stage,
- UINT16_MAX - 2,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, log_related_stage,
+ UINT16_MAX - 2,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
ds_clear(match);
ds_put_format(match, "!ct.est && ct.rel && !ct.new && "
"ct_mark.blocked == 0 && "
"ct_label.label == %" PRId64,
acl->label);
- ovn_lflow_add_with_hint(lflows, od, log_related_stage,
- UINT16_MAX - 2,
- ds_cstr(match), ds_cstr(actions),
- &acl->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, log_related_stage,
+ UINT16_MAX - 2,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&acl->header_));
}
static uint64_t
@@ -8000,10 +8007,11 @@ build_qos(struct ovn_datapath *od, struct lflow_table *lflows,
}
}
ds_put_cstr(&action, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage,
- qos->priority,
- qos->match, ds_cstr(&action),
- &qos->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage,
+ qos->priority,
+ qos->match, ds_cstr(&action),
+ lflow_ref,
+ WITH_HINT(&qos->header_));
}
ds_destroy(&action);
}
@@ -8729,39 +8737,39 @@ build_lb_hairpin(const struct ls_stateful_record *ls_stateful_rec,
/* Set REGBIT_HAIRPIN in the original direction and
* REGBIT_HAIRPIN_REPLY in the reply direction.
*/
- ovn_lflow_add_with_hint(
+ ovn_lflow_add(
lflows, od, S_SWITCH_IN_PRE_HAIRPIN, 100, "ip && ct.trk",
REGBIT_HAIRPIN " = chk_lb_hairpin(); "
REGBIT_HAIRPIN_REPLY " = chk_lb_hairpin_reply(); "
"next;",
- &od->nbs->header_,
- lflow_ref);
+ lflow_ref,
+ WITH_HINT(&od->nbs->header_));
/* If packet needs to be hairpinned, snat the src ip with the VIP
* for new sessions. */
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100,
- "ip && ct.new && ct.trk"
- " && "REGBIT_HAIRPIN " == 1",
- "ct_snat_to_vip; next;",
- &od->nbs->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100,
+ "ip && ct.new && ct.trk"
+ " && "REGBIT_HAIRPIN " == 1",
+ "ct_snat_to_vip; next;",
+ lflow_ref,
+ WITH_HINT(&od->nbs->header_));
/* If packet needs to be hairpinned, for established sessions there
* should already be an SNAT conntrack entry.
*/
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100,
- "ip && ct.est && ct.trk"
- " && "REGBIT_HAIRPIN " == 1",
- "ct_snat;",
- &od->nbs->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100,
+ "ip && ct.est && ct.trk"
+ " && "REGBIT_HAIRPIN " == 1",
+ "ct_snat;",
+ lflow_ref,
+ WITH_HINT(&od->nbs->header_));
/* For the reply of hairpinned traffic, snat the src ip to the VIP. */
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 90,
- "ip && "REGBIT_HAIRPIN_REPLY " == 1",
- "ct_snat;",
- &od->nbs->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 90,
+ "ip && "REGBIT_HAIRPIN_REPLY " == 1",
+ "ct_snat;",
+ lflow_ref,
+ WITH_HINT(&od->nbs->header_));
/* Ingress Hairpin table.
* - Priority 1: Packets that were SNAT-ed for hairpinning should be
@@ -8863,9 +8871,10 @@ build_fwd_group_lflows(struct ovn_datapath *od, struct lflow_table *lflows,
"output;",
fwd_group->vmac, fwd_group->vmac, fwd_group->vip);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 50,
- ds_cstr(&match), ds_cstr(&actions),
- &fwd_group->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 50,
+ ds_cstr(&match), ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(&fwd_group->header_));
/* L2 lookup for the forwarding group's virtual MAC */
ds_clear(&match);
@@ -8886,9 +8895,10 @@ build_fwd_group_lflows(struct ovn_datapath *od, struct lflow_table *lflows,
ds_clear(&actions);
ds_put_format(&actions, "fwd_group(%s);", ds_cstr(&group_ports));
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(&match), ds_cstr(&actions),
- &fwd_group->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 50,
+ ds_cstr(&match), ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(&fwd_group->header_));
}
ds_destroy(&match);
@@ -9141,17 +9151,16 @@ build_lswitch_rport_arp_req_flow(
ds_put_format(&actions, "clone {outport = %s; output; }; "
"outport = \""MC_FLOOD_L2"\"; output;",
patch_op->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP,
- priority, ds_cstr(&match),
- ds_cstr(&actions), stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP,
+ priority, ds_cstr(&match),
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(stage_hint));
} else {
ds_put_format(&actions, "outport = %s; output;", patch_op->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP,
- priority, ds_cstr(&match),
- ds_cstr(&actions),
- stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP,
+ priority, ds_cstr(&match),
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(stage_hint));
}
if (has_cr_port) {
@@ -9163,18 +9172,18 @@ build_lswitch_rport_arp_req_flow(
ds_put_format(&actions, "clone {outport = %s; output; }; "
"outport = \""MC_FLOOD_L2"\"; output;",
patch_op->cr_port->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP,
- priority, ds_cstr(&match),
- ds_cstr(&actions), stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP,
+ priority, ds_cstr(&match),
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(stage_hint));
} else {
ds_put_format(&actions, "outport = %s; output;",
patch_op->cr_port->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP,
- priority, ds_cstr(&match),
- ds_cstr(&actions),
- stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP,
+ priority, ds_cstr(&match),
+ ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(stage_hint));
}
}
@@ -10111,11 +10120,11 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
size_t match_len = match->length;
ds_put_format(match, " && eth.dst == %s",
op->lsp_addrs[i].ea_s);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP, 50,
- ds_cstr(match),
- "next;", &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP, 50,
+ ds_cstr(match),
+ "next;", op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
ds_truncate(match, match_len);
}
ds_put_cstr(match, " && eth.dst == ff:ff:ff:ff:ff:ff");
@@ -10134,12 +10143,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
"output;",
op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ea_s,
op->lsp_addrs[i].ipv4_addrs[j].addr_s);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP, 50,
- ds_cstr(match),
- ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP, 50,
+ ds_cstr(match),
+ ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
/* Do not reply to an ARP request from the port that owns
* the address (otherwise a DHCP client that ARPs to check
@@ -10279,12 +10288,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
ea_s,
ea_s);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP,
- 30, ds_cstr(match),
- ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP,
+ 30, ds_cstr(match),
+ ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
/* Add IPv6 NDP responses.
@@ -10395,12 +10404,12 @@ build_lswitch_arp_nd_local_svc_mon(const struct ovn_lb_datapaths *lb_dps,
backend_nb->svc_mon_src_ip, actions, match,
IN6_IS_ADDR_V4MAPPED(&lb_vip->vip) ? true : false);
- ovn_lflow_add_with_hint(lflows,
- op->od,
- S_SWITCH_IN_ARP_ND_RSP, 110,
- ds_cstr(match), ds_cstr(actions),
- &lb->nlb->header_,
- lb_dps->lflow_ref);
+ ovn_lflow_add(lflows,
+ op->od,
+ S_SWITCH_IN_ARP_ND_RSP, 110,
+ ds_cstr(match), ds_cstr(actions),
+ lb_dps->lflow_ref,
+ WITH_HINT(&lb->nlb->header_));
}
}
}
@@ -10854,11 +10863,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op,
op->peer->lrp_networks.ea_s,
op->cr_port->json_key);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(&m), ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_L2_LKUP, 50,
+ ds_cstr(&m), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
ds_destroy(&m);
ds_put_format(match, " && is_chassis_resident(%s)",
op->cr_port->json_key);
@@ -10866,11 +10875,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op,
ds_clear(actions);
ds_put_format(actions, action, op->json_key);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(match), ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_L2_LKUP, 50,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
} else {
ds_clear(actions);
ds_put_format(actions, action, op->json_key);
@@ -10878,11 +10887,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op,
ds_clear(match);
ds_put_format(match, "eth.dst == %s", op->lsp_addrs[i].ea_s);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(match), ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_L2_LKUP, 50,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
}
}
@@ -10928,12 +10937,12 @@ build_lswitch_ip_unicast_lookup_for_nats(
ds_clear(actions);
ds_put_format(actions, action, op->json_key);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(match),
- ds_cstr(actions),
- &op->nbsp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_L2_LKUP, 50,
+ ds_cstr(match),
+ ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
}
}
@@ -11438,9 +11447,9 @@ build_routing_policy_flow(struct lflow_table *lflows, struct ovn_datapath *od,
rp->chain_id, rule->match);
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY, rule->priority,
- ds_cstr(&match), ds_cstr(&actions), stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, rule->priority,
+ ds_cstr(&match), ds_cstr(&actions), lflow_ref,
+ WITH_HINT(stage_hint));
ds_destroy(&match);
ds_destroy(&actions);
}
@@ -11515,10 +11524,10 @@ build_ecmp_routing_policy_flows(struct lflow_table *lflows,
ds_put_format(&match, REG_ECMP_GROUP_ID" == %"PRIu16" && "
REG_ECMP_MEMBER_ID" == %"PRIuSIZE,
ecmp_group_id, i + 1);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY_ECMP,
- 100, ds_cstr(&match),
- ds_cstr(&actions), &rule->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY_ECMP,
+ 100, ds_cstr(&match),
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(&rule->header_));
}
ds_clear(&actions);
@@ -11540,10 +11549,10 @@ build_ecmp_routing_policy_flows(struct lflow_table *lflows,
"; %s = 1; next;", REG_ECMP_GROUP_ID,
ecmp_group_id, REG_ECMP_MEMBER_ID);
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY,
- rule->priority, rule->match,
- ds_cstr(&actions), &rule->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY,
+ rule->priority, rule->match,
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(&rule->header_));
cleanup:
ds_destroy(&match);
ds_destroy(&actions);
@@ -12196,14 +12205,16 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
route->is_src_route ? "dst" : "src",
cidr);
free(cidr);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DEFRAG, 100,
- ds_cstr(&match), "ct_next;",
- route->source_hint, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 100,
+ ds_cstr(&match), "ct_next;",
+ lflow_ref,
+ WITH_HINT(route->source_hint));
/* And packets that go out over an ECMP route need conntrack */
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DEFRAG, 100,
- ds_cstr(route_match), "ct_next;",
- route->source_hint, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 100,
+ ds_cstr(route_match), "ct_next;",
+ lflow_ref,
+ WITH_HINT(route->source_hint));
/* Save src eth and inport in ct_label for packets that arrive over
* an ECMP route.
@@ -12217,10 +12228,10 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
"ct_mark.ecmp_reply_port = %" PRId64 ";}; "
"next;",
out_port->sb->tunnel_key);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100,
- ds_cstr(&match), ds_cstr(&actions),
- route->source_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100,
+ ds_cstr(&match), ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(route->source_hint));
/* Bypass ECMP selection if we already have ct_label information
* for where to route the packet.
@@ -12238,16 +12249,16 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
IN6_IS_ADDR_V4MAPPED(&route->prefix) ?
REG_SRC_IPV4 : REG_SRC_IPV6,
port_ip, out_port->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 10300,
- ds_cstr(&match), ds_cstr(&actions),
- route->source_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10300,
+ ds_cstr(&match), ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(route->source_hint));
/* Egress reply traffic for symmetric ECMP routes skips router policies. */
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY, 65535,
- ds_cstr(&ecmp_reply), "next;",
- route->source_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 65535,
+ ds_cstr(&ecmp_reply), "next;",
+ lflow_ref,
+ WITH_HINT(route->source_hint));
/* Use REG_ECMP_ETH_FULL to pass the eth field from ct_label to eth.dst to
* avoid masked access to ct_label. Otherwise it may prevent OVS flow
@@ -12261,10 +12272,10 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
REG_ECMP_ETH_FULL " = ct_label;"
" eth.dst = " REG_ECMP_ETH_FIELD ";"
" pop(" REG_ECMP_ETH_FULL "); next;";
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_RESOLVE,
- 200, ds_cstr(&ecmp_reply),
- action, route->source_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE,
+ 200, ds_cstr(&ecmp_reply),
+ action, lflow_ref,
+ WITH_HINT(route->source_hint));
ds_destroy(&match);
ds_destroy(&actions);
@@ -12380,9 +12391,10 @@ build_ecmp_route_flow(struct lflow_table *lflows,
route->out_port->lrp_networks.ea_s,
route->out_port->json_key,
is_ipv4_nexthop);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 100,
- ds_cstr(&match), ds_cstr(&actions),
- route->source_hint, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 100,
+ ds_cstr(&match), ds_cstr(&actions),
+ lflow_ref,
+ WITH_HINT(route->source_hint));
}
sset_destroy(&visited_ports);
ds_destroy(&match);
@@ -12447,17 +12459,18 @@ add_route(struct lflow_table *lflows, const struct ovn_datapath *od,
ds_put_format(&actions, "ip.ttl--; %s", ds_cstr(&common_actions));
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING,
- priority, ds_cstr(&match),
- ds_cstr(&actions), stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING,
+ priority, ds_cstr(&match),
+ ds_cstr(&actions), lflow_ref,
+ WITH_HINT(stage_hint));
if (op && bfd_is_port_running(bfd_ports, op->key)) {
ds_put_format(&match, " && udp.dst == 3784");
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_IP_ROUTING,
- priority + 1, ds_cstr(&match),
- ds_cstr(&common_actions),\
- stage_hint, lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_IP_ROUTING,
+ priority + 1, ds_cstr(&match),
+ ds_cstr(&common_actions),
+ lflow_ref,
+ WITH_HINT(stage_hint));
}
ds_destroy(&match);
ds_destroy(&common_actions);
@@ -12653,11 +12666,11 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx,
ds_put_format(ctx->gw_redir_action, "outport = %s; next;",
dgp->cr_port->json_key);
- ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 200, ds_cstr(ctx->undnat_match),
- ds_cstr(ctx->gw_redir_action),
- &ctx->lb->nlb->header_,
- lflow_ref);
+ ovn_lflow_add(ctx->lflows, od, S_ROUTER_IN_GW_REDIRECT,
+ 200, ds_cstr(ctx->undnat_match),
+ ds_cstr(ctx->gw_redir_action),
+ lflow_ref,
+ WITH_HINT(&ctx->lb->nlb->header_));
ds_truncate(ctx->undnat_match, undnat_match_len);
ds_put_format(ctx->undnat_match, ") && (inport == %s || outport == %s)"
@@ -12668,10 +12681,10 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx,
if (stateless_nat) {
ds_put_format(ctx->undnat_match, " && %s", ctx->lb->proto);
}
- ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_OUT_UNDNAT, 120,
- ds_cstr(ctx->undnat_match),
- ds_cstr(&undnat_action), &ctx->lb->nlb->header_,
- lflow_ref);
+ ovn_lflow_add(ctx->lflows, od, S_ROUTER_OUT_UNDNAT, 120,
+ ds_cstr(ctx->undnat_match),
+ ds_cstr(&undnat_action), lflow_ref,
+ WITH_HINT(&ctx->lb->nlb->header_));
/* (NOTE) snat_action: Add a new rule lr_out_snat with LB VIP as source
* IP action to perform stateless NAT pipeline completely when the
@@ -12699,10 +12712,10 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx,
"ip6" : "ip4",
ctx->lb_vip->vip_str);
}
- ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_OUT_SNAT, 160,
- ds_cstr(ctx->undnat_match),
- ds_cstr(&snat_action), &ctx->lb->nlb->header_,
- lflow_ref);
+ ovn_lflow_add(ctx->lflows, od, S_ROUTER_OUT_SNAT, 160,
+ ds_cstr(ctx->undnat_match),
+ ds_cstr(&snat_action), lflow_ref,
+ WITH_HINT(&ctx->lb->nlb->header_));
}
ds_truncate(ctx->undnat_match, undnat_match_len);
@@ -12917,9 +12930,10 @@ build_lrouter_nat_flows_for_lb(
* unsnat stage, the conntrack flags are not set properly, and
* it doesn't hit the established state flows in
* S_ROUTER_IN_DNAT stage. */
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120,
- ds_cstr(&unsnat_match), "next;",
- &lb->nlb->header_, lb_dps->lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 120,
+ ds_cstr(&unsnat_match), "next;",
+ lb_dps->lflow_ref,
+ WITH_HINT(&lb->nlb->header_));
}
}
@@ -13054,9 +13068,10 @@ build_lrouter_allow_vip_traffic_template(struct lflow_table *lflows,
ds_put_format(&match, "ip%d.dst == %s",
lb_vip->address_family == AF_INET ? 4 : 6,
lb_vip->vip_str);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, 100,
- ds_cstr(&match), "next;",
- &lb->nlb->header_, lb_dps->lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 100,
+ ds_cstr(&match), "next;",
+ lb_dps->lflow_ref,
+ WITH_HINT(&lb->nlb->header_));
}
ds_destroy(&match);
@@ -13294,9 +13309,10 @@ lrouter_nat_add_ext_ip_match(const struct ovn_datapath *od,
is_src ? "src" : "dst",
exempted_ext_ips->name);
- ovn_lflow_add_with_hint(lflows, od, stage, priority,
- ds_cstr(&match_exempt), "next;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, stage, priority,
+ ds_cstr(&match_exempt), "next;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
ds_destroy(&match_exempt);
}
}
@@ -13342,9 +13358,9 @@ build_lrouter_arp_flow(const struct ovn_datapath *od, struct ovn_port *op,
eth_addr);
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, priority,
- ds_cstr(&match), ds_cstr(&actions), hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority,
+ ds_cstr(&match), ds_cstr(&actions), lflow_ref,
+ WITH_HINT(hint));
ds_destroy(&match);
ds_destroy(&actions);
@@ -13386,9 +13402,9 @@ build_lrouter_nd_flow(const struct ovn_datapath *od, struct ovn_port *op,
if (drop) {
ds_put_cstr(&actions, debug_drop_action());
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, priority,
- ds_cstr(&match), ds_cstr(&actions), hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority,
+ ds_cstr(&match), ds_cstr(&actions), lflow_ref,
+ WITH_HINT(hint));
} else {
ds_put_format(&actions,
"%s { "
@@ -13555,10 +13571,10 @@ build_lrouter_drop_own_dest(struct ovn_port *op,
ds_chomp(&match_ips, ',');
char *match = xasprintf("ip4.dst == {%s}", ds_cstr(&match_ips));
- ovn_lflow_add_with_hint(lflows, op->od, stage, priority,
- match, debug_drop_action(),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od, stage, priority,
+ match, debug_drop_action(),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
free(match);
}
}
@@ -13586,10 +13602,10 @@ build_lrouter_drop_own_dest(struct ovn_port *op,
ds_chomp(&match_ips, ',');
char *match = xasprintf("ip6.dst == {%s}", ds_cstr(&match_ips));
- ovn_lflow_add_with_hint(lflows, op->od, stage, priority,
- match, debug_drop_action(),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od, stage, priority,
+ match, debug_drop_action(),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
free(match);
}
}
@@ -13844,10 +13860,10 @@ build_lrouter_bfd_flows(struct lflow_table *lflows, struct ovn_port *op,
op_put_v4_networks(&ip_list, op, false);
ds_put_format(&match, "ip4.src == %s && udp.dst == 3784",
ds_cstr(&ip_list));
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
- ds_cstr(&match), "next; ",
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
+ ds_cstr(&match), "next; ",
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(&match);
ds_put_format(&match, "ip4.dst == %s && udp.dst == 3784",
ds_cstr(&ip_list));
@@ -13865,10 +13881,10 @@ build_lrouter_bfd_flows(struct lflow_table *lflows, struct ovn_port *op,
op_put_v6_networks(&ip_list, op);
ds_put_format(&match, "ip6.src == %s && udp.dst == 3784",
ds_cstr(&ip_list));
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
- ds_cstr(&match), "next; ",
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
+ ds_cstr(&match), "next; ",
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(&match);
ds_put_format(&match, "ip6.dst == %s && udp.dst == 3784",
ds_cstr(&ip_list));
@@ -13963,9 +13979,10 @@ build_gateway_mtu_flow(struct lflow_table *lflows, struct ovn_port *op,
}
ds_put_format_valist(actions, extra_actions_fmt, extra_actions_args);
- ovn_lflow_add_with_hint(lflows, op->od, stage, prio_low,
- ds_cstr(match), ds_cstr(actions),
- hint, lflow_ref);
+ ovn_lflow_add(lflows, op->od, stage, prio_low,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(hint));
if (gw_mtu > 0) {
ds_clear(actions);
@@ -13981,9 +13998,10 @@ build_gateway_mtu_flow(struct lflow_table *lflows, struct ovn_port *op,
ds_put_char(match, ')');
- ovn_lflow_add_with_hint(lflows, op->od, stage, prio_high,
- ds_cstr(match), ds_cstr(actions),
- hint, lflow_ref);
+ ovn_lflow_add(lflows, op->od, stage, prio_high,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(hint));
}
va_end(extra_actions_args);
}
@@ -14236,11 +14254,11 @@ build_neigh_learning_flows_for_lrouter_port(
" = lookup_arp(inport, arp.spa, arp.sha); "
REGBIT_LOOKUP_NEIGHBOR_IP_RESULT" = 1;"
" next;";
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_LOOKUP_NEIGHBOR, 110,
- ds_cstr(match), actions_s,
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_LOOKUP_NEIGHBOR, 110,
+ ds_cstr(match), actions_s,
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
ds_clear(match);
ds_put_format(match,
@@ -14254,11 +14272,11 @@ build_neigh_learning_flows_for_lrouter_port(
learn_from_arp_request ? "" :
REGBIT_LOOKUP_NEIGHBOR_IP_RESULT
" = lookup_arp_ip(inport, arp.spa); ");
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_LOOKUP_NEIGHBOR, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_LOOKUP_NEIGHBOR, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
if (lrp_is_l3dgw(op)) {
@@ -14267,12 +14285,12 @@ build_neigh_learning_flows_for_lrouter_port(
"eth.mcast && "
"!is_chassis_resident(%s)", op->json_key,
op->cr_port->json_key);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_LOOKUP_NEIGHBOR, 120,
- ds_cstr(match),
- REGBIT_LOOKUP_NEIGHBOR_RESULT" = 1; next;",
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_LOOKUP_NEIGHBOR, 120,
+ ds_cstr(match),
+ REGBIT_LOOKUP_NEIGHBOR_RESULT" = 1; next;",
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
}
@@ -14387,11 +14405,11 @@ build_ND_RA_flows_for_lrouter_port(
"outport = inport; flags.loopback = 1; "
"output;",
op->lrp_networks.ea_s, ip6_str);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_ND_RA_RESPONSE, 50,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_ND_RA_RESPONSE, 50,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
}
@@ -14917,11 +14935,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op,
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;",
op->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, op->peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
if (op->lrp_networks.n_ipv6_addrs) {
@@ -14934,11 +14952,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op,
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;",
op->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, op->peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
}
@@ -14960,11 +14978,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op,
ds_put_format(actions, "eth.dst = %s; next;",
op->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, op->od,
- S_ROUTER_IN_ARP_RESOLVE, 50,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_ROUTER_IN_ARP_RESOLVE, 50,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
}
}
@@ -15257,12 +15275,12 @@ build_arp_resolve_flows_for_lsp(
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;", ea_s);
- ovn_lflow_add_with_hint(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match),
- ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match),
+ ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
}
@@ -15288,12 +15306,12 @@ build_arp_resolve_flows_for_lsp(
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;", ea_s);
- ovn_lflow_add_with_hint(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match),
- ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match),
+ ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
}
}
@@ -15335,11 +15353,11 @@ build_arp_resolve_flows_for_lsp(
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;",
router_port->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
if (router_port->lrp_networks.n_ipv6_addrs) {
@@ -15352,11 +15370,11 @@ build_arp_resolve_flows_for_lsp(
ds_clear(actions);
ds_put_format(actions, "eth.dst = %s; next;",
router_port->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, peer->od,
+ S_ROUTER_IN_ARP_RESOLVE, 100,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_HINT(&op->nbsp->header_));
}
}
}
@@ -15517,10 +15535,10 @@ build_check_pkt_len_flows_for_lrp(struct ovn_port *op,
free(ct_match);
if (features->ct_commit_nat_v2) {
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_OUT_POST_SNAT, 100,
- "icmp && flags.icmp_snat == 1",
- "ct_commit_nat(snat);", &op->nbrp->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_POST_SNAT, 100,
+ "icmp && flags.icmp_snat == 1",
+ "ct_commit_nat(snat);", lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
}
@@ -15600,9 +15618,10 @@ build_gateway_redirect_flows_for_lrouter(
ds_put_format(match, "outport == %s", dgp->json_key);
ds_clear(actions);
ds_put_format(actions, "outport = %s; next;", dgp->cr_port->json_key);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50,
- ds_cstr(match), ds_cstr(actions),
- stage_hint, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(stage_hint));
}
/* Packets are allowed by default. */
@@ -15655,10 +15674,10 @@ build_lr_gateway_redirect_flows_for_nats(
as->name);
if (nat->nb->allowed_ext_ips) {
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 75, ds_cstr(&match_ext),
- ds_cstr(actions), stage_hint,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT,
+ 75, ds_cstr(&match_ext),
+ ds_cstr(actions), lflow_ref,
+ WITH_HINT(stage_hint));
if (add_def_flow) {
ds_clear(&match_ext);
ds_put_format(&match_ext, "ip && ip%s.dst == %s",
@@ -15670,10 +15689,11 @@ build_lr_gateway_redirect_flows_for_nats(
add_def_flow = false;
}
} else if (nat->nb->exempted_ext_ips) {
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 75, ds_cstr(&match_ext),
- debug_drop_action(),
- stage_hint, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT,
+ 75, ds_cstr(&match_ext),
+ debug_drop_action(),
+ lflow_ref,
+ WITH_HINT(stage_hint));
}
ds_destroy(&match_ext);
}
@@ -16089,9 +16109,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op,
"/* DHCP_RELAY_REQ */",
op->lrp_networks.ipv4_addrs[0].addr_s, server_ip_str);
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 100,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(match);
ds_clear(actions);
@@ -16104,9 +16125,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op,
op->json_key);
ds_put_format(actions, "drop; /* DHCP_RELAY_REQ */");
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(match);
ds_clear(actions);
@@ -16116,9 +16138,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op,
"ip.frag == 0 && udp.src == 67 && udp.dst == 67",
server_ip_str, op->lrp_networks.ipv4_addrs[0].addr_s);
ds_put_format(actions, "next; /* DHCP_RELAY_RESP */");
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
- ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(match);
ds_clear(actions);
@@ -16155,9 +16178,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op,
"ip4.src = %s; udp.dst = 68; "
"outport = %s; output; /* DHCP_RELAY_RESP */",
op->lrp_networks.ipv4_addrs[0].addr_s, op->json_key);
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP,
- 100, ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP,
+ 100, ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(match);
ds_clear(actions);
@@ -16168,9 +16192,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op,
REGBIT_DHCP_RELAY_RESP_CHK" == 0",
server_ip_str, op->lrp_networks.ipv4_addrs[0].addr_s);
ds_put_format(actions, "drop; /* DHCP_RELAY_RESP */");
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP,
- 1, ds_cstr(match), ds_cstr(actions),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP,
+ 1, ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
ds_clear(match);
ds_clear(actions);
free(server_ip_str);
@@ -16203,9 +16228,10 @@ build_ipv6_input_flows_for_lrouter_port(
"icmp6.type = 129; "
"flags.loopback = 1; "
"next; ";
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(match), lrp_actions,
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
+ ds_cstr(match), lrp_actions,
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
/* ND reply. These flows reply to ND solicitations for the
@@ -16428,9 +16454,10 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op,
ds_put_cstr(match, "ip4.src == ");
op_put_v4_networks(match, op, true);
ds_put_cstr(match, " && "REGBIT_EGRESS_LOOPBACK" == 0");
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
- ds_cstr(match), debug_drop_action(),
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
+ ds_cstr(match), debug_drop_action(),
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
/* ICMP echo reply. These flows reply to ICMP echo requests
* received for the router's IP address. Since packets only
@@ -16447,9 +16474,10 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op,
"icmp4.type = 0; "
"flags.loopback = 1; "
"next; ";
- ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(match), icmp_actions,
- &op->nbrp->header_, lflow_ref);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
+ ds_cstr(match), icmp_actions,
+ lflow_ref,
+ WITH_HINT(&op->nbrp->header_));
}
/* BFD msg handling */
@@ -16758,9 +16786,10 @@ build_lrouter_in_unsnat_stateless_flow(struct lflow_table *lflows,
build_lrouter_in_unsnat_match(od, nat, match, distributed_nat, is_v6,
l3dgw_port);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT,
- priority, ds_cstr(match), "next;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT,
+ priority, ds_cstr(match), "next;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -16786,17 +16815,19 @@ build_lrouter_in_unsnat_in_czone_flow(struct lflow_table *lflows,
size_t common_match_len = match->length;
ds_put_cstr(match, " && flags.loopback == 0");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT,
- 100, ds_cstr(match), "ct_snat_in_czone;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT,
+ 100, ds_cstr(match), "ct_snat_in_czone;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
ds_truncate(match, common_match_len);
/* Update common zone match for the hairpin traffic. */
ds_put_cstr(match, " && flags.loopback == 1 && flags.use_snat_zone == 1");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT,
- 100, ds_cstr(match), "ct_snat;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT,
+ 100, ds_cstr(match), "ct_snat;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -16817,9 +16848,10 @@ build_lrouter_in_unsnat_flow(struct lflow_table *lflows,
build_lrouter_in_unsnat_match(od, nat, match, distributed_nat, is_v6,
l3dgw_port);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT,
- priority, ds_cstr(match), "ct_snat;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT,
+ priority, ds_cstr(match), "ct_snat;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -16897,9 +16929,10 @@ build_lrouter_in_dnat_flow(struct lflow_table *lflows,
ds_put_format(match, " && (%s)", nat->match);
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority,
- ds_cstr(match), ds_cstr(actions),
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -16964,9 +16997,10 @@ build_lrouter_out_undnat_flow(struct lflow_table *lflows,
: "ct_dnat;");
}
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 100,
- ds_cstr(match), ds_cstr(actions),
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -16996,9 +17030,10 @@ build_lrouter_out_is_dnat_local(struct lflow_table *lflows,
ds_clear(actions);
ds_put_cstr(actions, REGBIT_DST_NAT_IP_LOCAL" = 1; next;");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL,
- 50, ds_cstr(match), ds_cstr(actions),
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL,
+ 50, ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -17073,10 +17108,10 @@ build_lrouter_out_snat_stateless_flow(struct lflow_table *lflows,
ds_put_format(actions, "ip%c.src=%s; next;",
is_v6 ? '6' : '4', nat->external_ip);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT,
- priority, ds_cstr(match),
- ds_cstr(actions), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
+ priority, ds_cstr(match),
+ ds_cstr(actions), lflow_ref,
+ WITH_HINT(&nat->header_));
}
static void
@@ -17124,17 +17159,17 @@ build_lrouter_out_snat_in_czone_flow(struct lflow_table *lflows,
ds_put_cstr(actions, ");");
ds_put_cstr(&zone_actions, ");");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT,
- priority, ds_cstr(match),
- ds_cstr(actions), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
+ priority, ds_cstr(match),
+ ds_cstr(actions), lflow_ref,
+ WITH_HINT(&nat->header_));
ds_put_cstr(match, " && "REGBIT_DST_NAT_IP_LOCAL" == 1");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT,
- priority + 1, ds_cstr(match),
- ds_cstr(&zone_actions), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
+ priority + 1, ds_cstr(match),
+ ds_cstr(&zone_actions), lflow_ref,
+ WITH_HINT(&nat->header_));
ds_destroy(&zone_actions);
}
@@ -17174,10 +17209,10 @@ build_lrouter_out_snat_flow(struct lflow_table *lflows,
}
ds_put_format(actions, ");");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT,
- priority, ds_cstr(match),
- ds_cstr(actions), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
+ priority, ds_cstr(match),
+ ds_cstr(actions), lflow_ref,
+ WITH_HINT(&nat->header_));
/* For the SNAT networks, we need to make sure that connections are
* properly tracked so we can decide whether to perform SNAT on traffic
@@ -17322,9 +17357,10 @@ build_lrouter_ingress_flow(struct lflow_table *lflows,
match, "inport == %s && %s == %s",
l3dgw_port->json_key,
is_v6 ? "ip6.src" : "ip4.src", nat->external_ip);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT,
- 120, ds_cstr(match), "next;",
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT,
+ 120, ds_cstr(match), "next;",
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
/* Logical router ingress table 0:
* For NAT on a distributed router, add rules allowing
@@ -17686,12 +17722,12 @@ build_lrouter_nat_defrag_and_lb(
nat_entry->l3dgw_port->json_key,
nat_entry->l3dgw_port->json_key,
is_v6 ? "6" : "4", nat->external_ip);
- ovn_lflow_add_with_hint(lflows, od,
- S_ROUTER_IN_ARP_RESOLVE,
- 150, ds_cstr(match),
- debug_drop_action(),
- &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od,
+ S_ROUTER_IN_ARP_RESOLVE,
+ 150, ds_cstr(match),
+ debug_drop_action(),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
/* Now for packets coming from other (downlink) LRPs, allow ARP
* resolve for the NAT IP, so that such packets can be
* forwarded for E/W NAT. */
@@ -17706,12 +17742,12 @@ build_lrouter_nat_defrag_and_lb(
actions, "eth.dst = %s; next;",
nat_entry->is_distributed ? nat->external_mac :
nat_entry->l3dgw_port->lrp_networks.ea_s);
- ovn_lflow_add_with_hint(lflows, od,
- S_ROUTER_IN_ARP_RESOLVE,
- 100, ds_cstr(match),
- ds_cstr(actions),
- &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od,
+ S_ROUTER_IN_ARP_RESOLVE,
+ 100, ds_cstr(match),
+ ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
if (od->redirect_bridged && nat_entry->is_distributed) {
ds_clear(match);
ds_put_format(
@@ -17730,11 +17766,11 @@ build_lrouter_nat_defrag_and_lb(
ds_put_cstr(actions,
"get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;");
}
- ovn_lflow_add_with_hint(lflows, od,
- S_ROUTER_IN_ARP_RESOLVE, 90,
- ds_cstr(match), ds_cstr(actions),
- &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od,
+ S_ROUTER_IN_ARP_RESOLVE, 90,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
sset_add(&nat_entries, nat->external_ip);
}
@@ -17810,10 +17846,10 @@ build_lrouter_nat_defrag_and_lb(
struct ovn_port *op = ovn_port_find(ls_ports,
nat->logical_port);
if (op && op->nbsp && !strcmp(op->nbsp->type, "virtual")) {
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 80, ds_cstr(match),
- debug_drop_action(), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT,
+ 80, ds_cstr(match),
+ debug_drop_action(), lflow_ref,
+ WITH_HINT(&nat->header_));
}
ds_put_format(match, " && is_chassis_resident(\"%s\")",
nat->logical_port);
@@ -17821,10 +17857,10 @@ build_lrouter_nat_defrag_and_lb(
nat->external_mac,
is_v6 ? REG_SRC_IPV6 : REG_SRC_IPV4,
nat->external_ip);
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 100, ds_cstr(match),
- ds_cstr(actions), &nat->header_,
- lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT,
+ 100, ds_cstr(match),
+ ds_cstr(actions), lflow_ref,
+ WITH_HINT(&nat->header_));
}
/* Egress Loopback table: For NAT on a distributed router.
@@ -17863,9 +17899,10 @@ build_lrouter_nat_defrag_and_lb(
ds_put_format(actions, REGBIT_EGRESS_LOOPBACK" = 1; "
"next(pipeline=ingress, table=%d); };",
ovn_stage_get_table(S_ROUTER_IN_ADMISSION));
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_EGR_LOOP, 100,
- ds_cstr(match), ds_cstr(actions),
- &nat->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 100,
+ ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&nat->header_));
}
}
@@ -17916,9 +17953,10 @@ build_lrouter_nat_defrag_and_lb(
*/
ds_clear(actions);
ds_put_cstr(actions, REGBIT_DST_NAT_IP_LOCAL" = 1; next;");
- ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL,
- 50, ds_cstr(match), ds_cstr(actions),
- &od->nbr->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL,
+ 50, ds_cstr(match), ds_cstr(actions),
+ lflow_ref,
+ WITH_HINT(&od->nbr->header_));
}
This creates a new WITH_HINT() macro to add a stage hint to the lflow. We convert all instances of ovn_lflow_add_with_hint() to ovn_lflow_add(), using the new WITH_HINT() macro to add the stage hint. Signed-off-by: Mark Michelson <mmichels@redhat.com> --- northd/lflow-mgr.h | 8 +- northd/northd.c | 818 ++++++++++++++++++++++++--------------------- 2 files changed, 430 insertions(+), 396 deletions(-)