@@ -118,6 +118,17 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *,
.where = OVS_SOURCE_LOCATOR,
#define WITH_HINT(HINT) .stage_hint = HINT
+/* The IN_OUT_PORT argument tells the lport name that appears in the MATCH,
+ * which helps ovn-controller to bypass lflows parsing when the lport is
+ * not local to the chassis. The critiera of the lport to be added using this
+ * argument:
+ *
+ * - For ingress pipeline, the lport that is used to match "inport".
+ * - For egress pipeline, the lport that is used to match "outport".
+ *
+ * For now, only LS pipelines should use this argument
+ */
+#define WITH_IO_PORT(IO_PORT) .io_port = IO_PORT
#define LFLOW_TABLE_ADD_ARGS_END }
@@ -136,23 +147,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *,
PRIORITY, MATCH, ACTIONS, NULL, NULL, STAGE_HINT, \
OVS_SOURCE_LOCATOR, NULL, LFLOW_REF)
-/* This macro is similar to ovn_lflow_add_with_hint, except that it requires
- * the IN_OUT_PORT argument, which tells the lport name that appears in the
- * MATCH, which helps ovn-controller to bypass lflows parsing when the lport is
- * not local to the chassis. The critiera of the lport to be added using this
- * argument:
- *
- * - For ingress pipeline, the lport that is used to match "inport".
- * - For egress pipeline, the lport that is used to match "outport".
- *
- * For now, only LS pipelines should use this macro. */
-#define ovn_lflow_add_with_lport_and_hint(LFLOW_TABLE, OD, STAGE, PRIORITY, \
- MATCH, ACTIONS, IN_OUT_PORT, \
- STAGE_HINT, LFLOW_REF) \
- lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \
- ACTIONS, IN_OUT_PORT, NULL, STAGE_HINT, \
- OVS_SOURCE_LOCATOR, NULL, LFLOW_REF)
-
/* Adds a row with the specified contents to the Logical_Flow table. */
#define ovn_lflow_add_default_drop(LFLOW_TABLE, OD, STAGE, LFLOW_REF, ...) \
lflow_table_add_lflow__( \
@@ -171,7 +165,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *,
LFLOW_TABLE_ADD_ARGS_END \
)
-
#define ovn_lflow_add_drop_with_desc(LFLOW_TABLE, OD, STAGE, PRIORITY, MATCH, \
DESCRIPTION, LFLOW_REF) \
lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \
@@ -5912,16 +5912,20 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows,
ds_put_format(match, "inport == %s", op->json_key);
if (!lsp_is_enabled(op->nbsp)) {
/* Drop packets from disabled logical ports. */
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC,
100, ds_cstr(match), REGBIT_PORT_SEC_DROP" = 1; next;",
- op->key, &op->nbsp->header_, op->lflow_ref);
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
ds_clear(match);
ds_put_format(match, "outport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_IN_L2_UNKNOWN, 50, ds_cstr(match),
- debug_drop_action(), op->key, &op->nbsp->header_, op->lflow_ref);
+ debug_drop_action(), op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
return;
}
@@ -5934,19 +5938,21 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows,
ds_put_format(actions, REGBIT_FROM_RAMP" = 1; ");
ds_put_format(actions, "next(pipeline=ingress, table=%d);",
ovn_stage_get_table(S_SWITCH_IN_HAIRPIN));
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_CHECK_PORT_SEC, 70,
- ds_cstr(match), ds_cstr(actions),
- op->key, &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_CHECK_PORT_SEC, 70,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
} else if (queue_id) {
ds_put_cstr(actions,
REGBIT_PORT_SEC_DROP" = check_in_port_sec(); next;");
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_CHECK_PORT_SEC, 70,
- ds_cstr(match), ds_cstr(actions),
- op->key, &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_CHECK_PORT_SEC, 70,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
if (!lsp_is_localnet(op->nbsp) &&
vector_is_empty(&op->od->localnet_ports)) {
@@ -5959,28 +5965,32 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows,
ds_clear(match);
if (lsp_is_localnet(op->nbsp)) {
ds_put_format(match, "outport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_OUT_APPLY_PORT_SEC, 100,
- ds_cstr(match), ds_cstr(actions),
- op->key, &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_OUT_APPLY_PORT_SEC, 100,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
} else if (!vector_is_empty(&op->od->localnet_ports)) {
const struct ovn_port *lp = vector_get(&op->od->localnet_ports, 0,
struct ovn_port *);
ds_put_format(match, "outport == %s && inport == %s",
lp->json_key, op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
+ ovn_lflow_add(lflows, op->od,
S_SWITCH_OUT_APPLY_PORT_SEC, 110,
ds_cstr(match), ds_cstr(actions),
- lp->key, &lp->nbsp->header_, op->lflow_ref);
+ op->lflow_ref,
+ WITH_IO_PORT(lp->key),
+ WITH_HINT(&lp->nbsp->header_));
}
} else if (lsp_is_router(op->nbsp)) {
ds_put_format(actions, REGBIT_FROM_ROUTER_PORT" = 1; next;");
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_CHECK_PORT_SEC, 70,
- ds_cstr(match), ds_cstr(actions),
- op->key, &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_CHECK_PORT_SEC, 70,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
}
}
@@ -6008,24 +6018,25 @@ build_lswitch_learn_fdb_op(
}
ds_put_format(actions, REGBIT_LKUP_FDB
" = lookup_fdb(inport, eth.src); next;");
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- remote ? S_SWITCH_OUT_LOOKUP_FDB
- : S_SWITCH_IN_LOOKUP_FDB,
- 100,
- ds_cstr(match), ds_cstr(actions),
- op->key, &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ remote ? S_SWITCH_OUT_LOOKUP_FDB
+ : S_SWITCH_IN_LOOKUP_FDB,
+ 100,
+ ds_cstr(match), ds_cstr(actions),
+ op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
ds_put_cstr(match, " && "REGBIT_LKUP_FDB" == 0");
ds_clear(actions);
ds_put_cstr(actions, "put_fdb(inport, eth.src); next;");
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- remote ? S_SWITCH_OUT_PUT_FDB
- : S_SWITCH_IN_PUT_FDB,
- 100, ds_cstr(match),
- ds_cstr(actions), op->key,
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ remote ? S_SWITCH_OUT_PUT_FDB
+ : S_SWITCH_IN_PUT_FDB,
+ 100, ds_cstr(match),
+ ds_cstr(actions), op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
}
}
@@ -6102,12 +6113,16 @@ skip_port_from_conntrack(const struct ovn_datapath *od, struct ovn_port *op,
char *ingress_match = xasprintf("ip && inport == %s", op->json_key);
char *egress_match = xasprintf("ip && outport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, od, in_stage, priority,
- ingress_match, ingress_action,
- op->key, &op->nbsp->header_, lflow_ref);
- ovn_lflow_add_with_lport_and_hint(lflows, od, out_stage, priority,
- egress_match, egress_action,
- op->key, &op->nbsp->header_, lflow_ref);
+ ovn_lflow_add(lflows, od, in_stage, priority,
+ ingress_match, ingress_action,
+ lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
+ ovn_lflow_add(lflows, od, out_stage, priority,
+ egress_match, egress_action,
+ lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
free(ingress_match);
free(egress_match);
@@ -9438,11 +9453,11 @@ build_dhcpv4_options_flows(struct ovn_port *op,
op->json_key);
}
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100,
- ds_cstr(&match), ds_cstr(&response_action), inport->key,
- &op->nbsp->dhcpv4_options->header_,
- lflow_ref);
+ ds_cstr(&match), ds_cstr(&response_action), lflow_ref,
+ WITH_IO_PORT(inport->key),
+ WITH_HINT(&op->nbsp->dhcpv4_options->header_));
ds_destroy(&options_action);
ds_destroy(&response_action);
ds_destroy(&ipv4_addr_match);
@@ -9466,11 +9481,11 @@ build_dhcpv4_options_flows(struct ovn_port *op,
"&& ip4.src == %s && udp && udp.src == 67 "
"&& udp.dst == 68",op->json_key,
server_mac, server_id);
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000,
- ds_cstr(&match),dhcp_actions, op->key,
- &op->nbsp->dhcpv4_options->header_,
- lflow_ref);
+ ds_cstr(&match),dhcp_actions, lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->dhcpv4_options->header_));
}
break;
}
@@ -9520,10 +9535,11 @@ build_dhcpv6_options_flows(struct ovn_port *op,
/* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the
* put_dhcpv6_opts action is successful */
ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT);
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100,
- ds_cstr(&match), ds_cstr(&response_action), inport->key,
- &op->nbsp->dhcpv6_options->header_, lflow_ref);
+ ds_cstr(&match), ds_cstr(&response_action), lflow_ref,
+ WITH_IO_PORT(inport->key),
+ WITH_HINT(&op->nbsp->dhcpv6_options->header_));
ds_destroy(&options_action);
ds_destroy(&response_action);
@@ -9552,11 +9568,11 @@ build_dhcpv6_options_flows(struct ovn_port *op,
"&& ip6.src == %s && udp && udp.src == 547 "
"&& udp.dst == 546", op->json_key,
server_mac, server_ip);
- ovn_lflow_add_with_lport_and_hint(
+ ovn_lflow_add(
lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000,
- ds_cstr(&match),dhcp6_actions, op->key,
- &op->nbsp->dhcpv6_options->header_,
- lflow_ref);
+ ds_cstr(&match),dhcp6_actions, lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->dhcpv6_options->header_));
}
break;
}
@@ -9977,10 +9993,11 @@ build_lswitch_arp_nd_responder_skip_local(struct ovn_port *op,
}
ds_clear(match);
ds_put_format(match, "inport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP, 100,
- ds_cstr(match), "next;", op->key,
- &op->nbsp->header_, op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP, 100,
+ ds_cstr(match), "next;", op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
}
/* Ingress table 24: ARP/ND responder, reply for known IPs.
@@ -10068,12 +10085,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
"bind_vport(%s, inport); "
"next;",
op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP, 100,
- ds_cstr(match),
- ds_cstr(actions), vparent,
- &vp->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP, 100,
+ ds_cstr(match),
+ ds_cstr(actions), op->lflow_ref,
+ WITH_IO_PORT(vparent),
+ WITH_HINT(&vp->nbsp->header_));
}
free(tokstr);
@@ -10163,12 +10180,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
* network is not working as configured, so dropping the
* request would frustrate that intent.) */
ds_put_format(match, " && inport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP,
- 100, ds_cstr(match),
- "next;", op->key,
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP,
+ 100, ds_cstr(match),
+ "next;", op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
}
/* For ND solicitations:
@@ -10235,12 +10252,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
/* Do not reply to a solicitation from the port that owns
* the address (otherwise DAD detection will fail). */
ds_put_format(match, " && inport == %s", op->json_key);
- ovn_lflow_add_with_lport_and_hint(lflows, op->od,
- S_SWITCH_IN_ARP_ND_RSP,
- 100, ds_cstr(match),
- "next;", op->key,
- &op->nbsp->header_,
- op->lflow_ref);
+ ovn_lflow_add(lflows, op->od,
+ S_SWITCH_IN_ARP_ND_RSP,
+ 100, ds_cstr(match),
+ "next;", op->lflow_ref,
+ WITH_IO_PORT(op->key),
+ WITH_HINT(&op->nbsp->header_));
}
}
}
This adds a new WITH_IO_PORT() macro to fill in the optional io_port. We convert all instances of ovn_lflow_add_with_lport_and_hint() to use ovn_lflow_add(), using the WITH_IO_PORT() and WITH_HINT() macros. Signed-off-by: Mark Michelson <mmichels@redhat.com> --- northd/lflow-mgr.h | 29 +++---- northd/northd.c | 183 +++++++++++++++++++++++++-------------------- 2 files changed, 111 insertions(+), 101 deletions(-)