From patchwork Thu May 7 08:30:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: taoyunxiang X-Patchwork-Id: 1285036 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49Hms66smYz9sSW for ; Thu, 7 May 2020 18:31:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 39A8788C64; Thu, 7 May 2020 08:31:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIpr99SFfXgx; Thu, 7 May 2020 08:31:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 4614188BEE; Thu, 7 May 2020 08:31:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0D7C4C0859; Thu, 7 May 2020 08:31:33 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0F9F9C07FF for ; Thu, 7 May 2020 08:31:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E78C488C07 for ; Thu, 7 May 2020 08:31:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBaM7b1ksGwT for ; Thu, 7 May 2020 08:31:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from cmccmta1.chinamobile.com (cmccmta1.chinamobile.com [221.176.66.79]) by hemlock.osuosl.org (Postfix) with ESMTP id E00BE88BEE for ; Thu, 7 May 2020 08:31:27 +0000 (UTC) Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app02-12002 (RichMail) with SMTP id 2ee25eb3c743bf2-3a0c6; Thu, 07 May 2020 16:30:59 +0800 (CST) X-RM-TRANSID: 2ee25eb3c743bf2-3a0c6 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from yun.localdomain (unknown[112.25.154.146]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee95eb3c741d8a-239b2; Thu, 07 May 2020 16:30:58 +0800 (CST) X-RM-TRANSID: 2ee95eb3c741d8a-239b2 From: Tao YunXiang To: ovs-dev@openvswitch.org Date: Thu, 7 May 2020 16:30:49 +0800 Message-Id: <20200507083049.100495-1-taoyunxiang@cmss.chinamobile.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <9> References: <9> Cc: Liu Chang , Rong Yin , Tao YunXiang Subject: [ovs-dev] [PATCH OVN, v3] ovn-nbctl.c: Add an optional way to delete router policy by uuid X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" We can delete router policy by specify lr and more parameters. If CMS want to delete it exactly, it must specify detailed "match" field. It's not an easy way, also maybe deleted by mistake. This change adds a way to specify lr and uuid, which is optional. You can still use the previous method to delete. usage: ovn-nbctl lr-policy-del lr0 [UUID0] Author: Tao YunXiang Co-authored-by: Liu Chang Co-authored-by: Rong Yin Signed-off-by: Tao YunXiang Signed-off-by: Liu Chang Signed-off-by: Rong Yin --- tests/ovn-nbctl.at | 6 +++++ utilities/ovn-nbctl.8.xml | 51 +++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 41 ++++++++++++++++++++++--------- 3 files changed, 87 insertions(+), 11 deletions(-) diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at index 66fbcc748..4195844d8 100644 --- a/tests/ovn-nbctl.at +++ b/tests/ovn-nbctl.at @@ -1619,6 +1619,12 @@ Routing Policies 100 ip4.src == 1.1.2.0/24 allow ]) + +dnl Delete policy by specified uuid +AT_CHECK([ovn-nbctl lr-policy-del lr0 `ovn-nbctl --columns=_uuid list logical-router-policy | awk -F ':' '{print $2}'`]) +AT_CHECK([ovn-nbctl list logical-router-policy], [0], [dnl +]) + dnl Add policy with reroute action AT_CHECK([ovn-nbctl lr-policy-add lr0 102 "ip4.src == 3.1.2.0/24" reroute 3.3.3.3]) diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml index d973be259..bcc76ab91 100644 --- a/utilities/ovn-nbctl.8.xml +++ b/utilities/ovn-nbctl.8.xml @@ -710,6 +710,57 @@ +

Logical Router Policy Commands

+ +
+
lr-policy-add router priority + match action [nexthop]
+
+

+ Add Policy to router which provides a way to configure + permit/deny and reroute policies on the router. Permit/deny policies + are similar to OVN ACLs, but exist on the logical-router. Reroute + policies are needed for service-insertion and service-chaining. + nexthop is an optional parameter. It needs to be provided + only when action is reroute. A policy is + uniquely identified by priority and match. + Multiple policies can have the same priority. +

+ +

+ The following example shows a policy to lr1, which will drop packets + from192.168.100.0/24. +

+ +

+ lr-policy-add lr1 100 ip4.src == 192.168.100.0/24 drop. +

+ +
+ +
lr-policy-del router [{priority | uuid} + [match]]
+
+

+ Deletes polices from router. If only router + is supplied, all the polices from the logical router are deleted. If + priority and/or match are also specified, then + all the polices that match the conditions will be deleted from the + logical router. +

+ +

+ If router and uuid are supplied, then the + policy with sepcified uuid is deleted. +

+
+ +
lr-policy-list router
+
+ Lists the polices on router. +
+
+

NAT Commands

diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index c86fa3886..02fc10c9e 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -696,7 +696,7 @@ Route commands:\n\ Policy commands:\n\ lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP]\n\ add a policy to router\n\ - lr-policy-del ROUTER [PRIORITY [MATCH]]\n\ + lr-policy-del ROUTER [{PRIORITY | UUID} [MATCH]]\n\ remove policies from ROUTER\n\ lr-policy-list ROUTER print policies for ROUTER\n\ \n\ @@ -3594,21 +3594,40 @@ nbctl_lr_policy_del(struct ctl_context *ctx) return; } - error = parse_priority(ctx->argv[2], &priority); - if (error) { - ctx->error = error; - return; + const struct uuid *lr_policy_uuid = NULL; + struct uuid uuid_from_cmd; + if (uuid_from_string(&uuid_from_cmd, ctx->argv[2])) { + lr_policy_uuid = &uuid_from_cmd; + } else { + error = parse_priority(ctx->argv[2], &priority); + if (error) { + ctx->error = error; + return; + } + } - /* If match is not specified, delete all routing policies with the - * specified priority. */ + /* If uuid was specified, delete routing policy with the + * specified uuid. */ if (ctx->argc == 3) { struct nbrec_logical_router_policy **new_policies = xmemdup(lr->policies, sizeof *new_policies * lr->n_policies); int n_policies = 0; - for (int i = 0; i < lr->n_policies; i++) { - if (priority != lr->policies[i]->priority) { - new_policies[n_policies++] = lr->policies[i]; + + if (lr_policy_uuid) { + for (size_t i = 0; i < lr->n_policies; i++) { + if (!uuid_equals(lr_policy_uuid, + &(lr->policies[i]->header_.uuid))) { + new_policies[n_policies++] = lr->policies[i]; + } + } + /* If match is not specified, delete all routing policies with the + * specified priority. */ + } else { + for (int i = 0; i < lr->n_policies; i++) { + if (priority != lr->policies[i]->priority) { + new_policies[n_policies++] = lr->policies[i]; + } } } nbrec_logical_router_verify_policies(lr); @@ -6225,7 +6244,7 @@ static const struct ctl_command_syntax nbctl_commands[] = { /* Policy commands */ { "lr-policy-add", 4, 5, "ROUTER PRIORITY MATCH ACTION [NEXTHOP]", NULL, nbctl_lr_policy_add, NULL, "", RW }, - { "lr-policy-del", 1, 3, "ROUTER [PRIORITY [MATCH]]", NULL, + { "lr-policy-del", 1, 3, "ROUTER [{PRIORITY | UUID} [MATCH]]", NULL, nbctl_lr_policy_del, NULL, "", RW }, { "lr-policy-list", 1, 1, "ROUTER", NULL, nbctl_lr_policy_list, NULL, "", RO },