From patchwork Tue Mar 24 01:49:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: taoyunxiang X-Patchwork-Id: 1260423 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48mZ2w0sHHz9sSL for ; Tue, 24 Mar 2020 12:50:46 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 3732B204C9; Tue, 24 Mar 2020 01:50:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8qZf64vMzGZ; Tue, 24 Mar 2020 01:50:42 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 2B7C62043E; Tue, 24 Mar 2020 01:50:42 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1321AC1AE2; Tue, 24 Mar 2020 01:50:42 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 70AEFC0177 for ; Tue, 24 Mar 2020 01:50:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 5D0C32041B for ; Tue, 24 Mar 2020 01:50:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1zn5IPRdqsq for ; Tue, 24 Mar 2020 01:50:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from cmccmta1.chinamobile.com (cmccmta1.chinamobile.com [221.176.66.79]) by silver.osuosl.org (Postfix) with ESMTP id 0A2CF203DB for ; Tue, 24 Mar 2020 01:50:32 +0000 (UTC) Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app01-12001 (RichMail) with SMTP id 2ee15e79674bae7-80804; Tue, 24 Mar 2020 09:50:03 +0800 (CST) X-RM-TRANSID: 2ee15e79674bae7-80804 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from yun.localdomain (unknown[112.25.154.146]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee95e79674963e-cd1d8; Tue, 24 Mar 2020 09:50:01 +0800 (CST) X-RM-TRANSID: 2ee95e79674963e-cd1d8 From: Tao YunXiang To: ovs-dev@openvswitch.org Date: Tue, 24 Mar 2020 09:49:51 +0800 Message-Id: <20200324014951.9521-1-taoyunxiang@cmss.chinamobile.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <6> References: <6> Cc: Liu Chang , Rong Yin , Tao YunXiang Subject: [ovs-dev] [PATCH OVN v2] ovn-nbctl.c: Add an optional way to delete router policy by uuid X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" We can delete router policy by specify lr and more parameters. If CMS want to delete it exactly, it must specify detailed "match" field. It's not an easy way, also maybe deleted by mistake. This change adds a way to specify lr and uuid, which is optional. You can still use the previous method to delete. usage: ovn-nbctl lr-policy-del lr0 [UUID0] Author: Tao YunXiang Co-authored-by: Liu Chang Co-authored-by: Rong Yin Signed-off-by: Tao YunXiang Signed-off-by: Liu Chang Signed-off-by: Rong Yin --- utilities/ovn-nbctl.8.xml | 51 +++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 41 ++++++++++++++++++++++--------- 2 files changed, 81 insertions(+), 11 deletions(-) diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml index d973be259..b91e39042 100644 --- a/utilities/ovn-nbctl.8.xml +++ b/utilities/ovn-nbctl.8.xml @@ -710,6 +710,57 @@ +

Logical Router Policy Commands

+ +
+
lr-policy-add router priority + match action [nexthop]
+
+

+ Add Policy to router which provides a way to configure + permit/deny and reroute policies on the router. Permit/deny policies + are similar to OVN ACLs, but exist on the logical-router. Reroute + policies are needed for service-insertion and service-chaining. + nexthop is an optional parameter. It needs to be provided + only when action is reroute. A policy is + uniquely identified by priority and match. + Multiple policies can have the same priority. +

+ +

+ The following example shows a policy to lr1, which will drop packets + from192.168.100.0/24. +

+ +

+ lr-policy-add lr1 100 ip4.src == 192.168.100.0/24 drop. +

+ +
+ +
lr-policy-del router [{priority | uuid} + [match]]
+
+

+ Deletes polices from router. If only router + is supplied, all the polices from the logical router are deleted. If + priority and/or match are also specified, then + all the polices that match the conditions will be deleted from the + logical router. +

+ +

+ If router and uuid are supplied, then the + policy with sepcified uuid is deleted. +

+
+ +
lr-policy-list router
+
+ Lists the polices on router. +
+
+

NAT Commands

diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index e80058e61..1983b5f95 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -696,7 +696,7 @@ Route commands:\n\ Policy commands:\n\ lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP]\n\ add a policy to router\n\ - lr-policy-del ROUTER [PRIORITY [MATCH]]\n\ + lr-policy-del ROUTER [{PRIORITY | UUID} [MATCH]]\n\ remove policies from ROUTER\n\ lr-policy-list ROUTER print policies for ROUTER\n\ \n\ @@ -3587,21 +3587,40 @@ nbctl_lr_policy_del(struct ctl_context *ctx) return; } - error = parse_priority(ctx->argv[2], &priority); - if (error) { - ctx->error = error; - return; + const struct uuid *lr_policy_uuid = NULL; + struct uuid uuid_from_cmd; + if (uuid_from_string(&uuid_from_cmd, ctx->argv[2])) { + lr_policy_uuid = &uuid_from_cmd; + } else { + error = parse_priority(ctx->argv[2], &priority); + if (error) { + ctx->error = error; + return; + } + } - /* If match is not specified, delete all routing policies with the - * specified priority. */ + /* If uuid was specified, delete routing policy with the + * specified uuid. */ if (ctx->argc == 3) { struct nbrec_logical_router_policy **new_policies = xmemdup(lr->policies, sizeof *new_policies * lr->n_policies); int n_policies = 0; - for (int i = 0; i < lr->n_policies; i++) { - if (priority != lr->policies[i]->priority) { - new_policies[n_policies++] = lr->policies[i]; + + if (lr_policy_uuid) { + for (size_t i = 0; i < lr->n_policies; i++) { + if (!uuid_equals(lr_policy_uuid, + &(lr->policies[i]->header_.uuid))) { + new_policies[n_policies++] = lr->policies[i]; + } + } + /* If match is not specified, delete all routing policies with the + * specified priority. */ + } else { + for (int i = 0; i < lr->n_policies; i++) { + if (priority != lr->policies[i]->priority) { + new_policies[n_policies++] = lr->policies[i]; + } } } nbrec_logical_router_verify_policies(lr); @@ -6125,7 +6144,7 @@ static const struct ctl_command_syntax nbctl_commands[] = { /* Policy commands */ { "lr-policy-add", 4, 5, "ROUTER PRIORITY MATCH ACTION [NEXTHOP]", NULL, nbctl_lr_policy_add, NULL, "", RW }, - { "lr-policy-del", 1, 3, "ROUTER [PRIORITY [MATCH]]", NULL, + { "lr-policy-del", 1, 3, "ROUTER [{PRIORITY | UUID} [MATCH]]", NULL, nbctl_lr_policy_del, NULL, "", RW }, { "lr-policy-list", 1, 1, "ROUTER", NULL, nbctl_lr_policy_list, NULL, "", RO },