From patchwork Wed Jul 15 16:50:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329695 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6Ng83q7Vz9sTR for ; Thu, 16 Jul 2020 02:50:44 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 6D893891E4; Wed, 15 Jul 2020 16:50:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hm98oC13V5Qw; Wed, 15 Jul 2020 16:50:40 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 6C9F3896BF; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4C69DC0891; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id B797EC0733 for ; Wed, 15 Jul 2020 16:50:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B02328B67D for ; Wed, 15 Jul 2020 16:50:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hhadn5lJaoGk for ; Wed, 15 Jul 2020 16:50:27 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 2D0D88B671 for ; Wed, 15 Jul 2020 16:50:27 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkbw-0007AN-U6 for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:25 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkbu-0006dn-8v; Wed, 15 Jul 2020 17:50:23 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:07 +0100 Message-Id: <20200715165018.25031-2-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 01/12] Move out Table 0 operations to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 71 ++++++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 192198272..4374b88a6 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8160,57 +8160,38 @@ build_lrouter_nd_flow(struct ovn_datapath *od, struct ovn_port *op, } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_table_0_od(struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - /* Logical router ingress table 0: Admission control framework. */ - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { /* Logical VLANs not supported. * Broadcast/multicast source address is invalid. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100, "vlan.present || eth.src[40]", "drop;"); } +} - /* Logical router ingress table 0: match (priority 50). */ - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_table_0_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (!lrport_is_enabled(op->nbrp)) { - /* Drop packets from disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } + /* Logical router ingress table 0: match (priority 50). + * Drop packets from disabled logical ports (since logical flow + * tables are default-drop). + * No ingress packets should be received on a chassisredirect + * port. */ - if (op->derived) { - /* No ingress packets should be received on a chassisredirect - * port. */ - continue; - } + if (op->nbrp && lrport_is_enabled(op->nbrp) && (!op->derived)) { /* Store the ethernet address of the port receiving the packet. * This will save us from having to match on inport further down in * the pipeline. */ - ds_clear(&actions); ds_put_format(&actions, REG_INPORT_ETH_ADDR " = %s; next;", op->lrp_networks.ea_s); - ds_clear(&match); ds_put_format(&match, "eth.mcast && inport == %s", op->json_key); ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_ADMISSION, 50, ds_cstr(&match), ds_cstr(&actions), @@ -8230,6 +8211,30 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions), &op->nbrp->header_); } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_table_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_table_0_op(op, lflows); + } /* Logical router ingress table 1: LOOKUP_NEIGHBOR and * table 2: LEARN_NEIGHBOR. */ From patchwork Wed Jul 15 16:50:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329693 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6Ng62GS9z9sSn for ; Thu, 16 Jul 2020 02:50:42 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C7C8F24BB3; Wed, 15 Jul 2020 16:50:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoJacDWMyvnz; Wed, 15 Jul 2020 16:50:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 356F3237C8; Wed, 15 Jul 2020 16:50:31 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 09C72C1818; Wed, 15 Jul 2020 16:50:31 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 72A87C0733 for ; Wed, 15 Jul 2020 16:50:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 626B68B671 for ; Wed, 15 Jul 2020 16:50:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLqCF-kDx8yL for ; Wed, 15 Jul 2020 16:50:28 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1E3BA8B672 for ; Wed, 15 Jul 2020 16:50:28 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkby-0007AR-MI for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:26 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkbv-0006dn-V7; Wed, 15 Jul 2020 17:50:25 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:08 +0100 Message-Id: <20200715165018.25031-3-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 02/12] Move out Table 1 operations to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov The functions are numbered in 10 step intervals to minimize renumbering if new pipeline stages are added in the future. Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 75 +++++++++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 29 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4374b88a6..1ec530854 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8160,7 +8160,7 @@ build_lrouter_nd_flow(struct ovn_datapath *od, struct ovn_port *op, } static void -build_lrouter_flows_table_0_od(struct ovn_datapath *od, struct hmap *lflows) +build_lrouter_flows_step_0_od(struct ovn_datapath *od, struct hmap *lflows) { /* Logical router ingress table 0: Admission control framework. */ if (od->nbr) { @@ -8172,7 +8172,7 @@ build_lrouter_flows_table_0_od(struct ovn_datapath *od, struct hmap *lflows) } static void -build_lrouter_flows_table_0_op(struct ovn_port *op, struct hmap *lflows) +build_lrouter_flows_step_0_op(struct ovn_port *op, struct hmap *lflows) { struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; @@ -8216,32 +8216,12 @@ build_lrouter_flows_table_0_op(struct ovn_port *op, struct hmap *lflows) } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_step_10_od(struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_table_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_table_0_op(op, lflows); - } - /* Logical router ingress table 1: LOOKUP_NEIGHBOR and * table 2: LEARN_NEIGHBOR. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + + if (od->nbr) { /* Learn MAC bindings from ARP/IPv6 ND. * @@ -8299,11 +8279,15 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_ROUTER_IN_LEARN_NEIGHBOR, 90, "nd_ns", "put_nd(inport, ip6.src, nd.sll); next;"); } +} - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_step_10_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + if (op->nbrp) { /* Check if we need to learn mac-binding from ARP requests. */ for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { @@ -8327,6 +8311,39 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_10_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_10_op(op, lflows); + } + /* Logical router ingress table 3: IP Input. */ HMAP_FOR_EACH (od, key_node, datapaths) { if (!od->nbr) { From patchwork Wed Jul 15 16:50:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329691 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6Ng21zTRz9sSn for ; Thu, 16 Jul 2020 02:50:37 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 96E558AEB1; Wed, 15 Jul 2020 16:50:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWMeqHFB-aLO; Wed, 15 Jul 2020 16:50:34 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 618B78AE8F; Wed, 15 Jul 2020 16:50:34 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4FB2CC1818; Wed, 15 Jul 2020 16:50:34 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id F3D78C08A6 for ; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D54338B686 for ; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbueRkkiLLel for ; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 02BBC8B671 for ; Wed, 15 Jul 2020 16:50:30 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc0-0007AV-GH for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:28 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkbx-0006dn-Mu; Wed, 15 Jul 2020 17:50:27 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:09 +0100 Message-Id: <20200715165018.25031-4-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 03/12] Move out Table 3 operations to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 143 ++++++++++++++++++++++++++------------------ 1 file changed, 84 insertions(+), 59 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 1ec530854..8a0e28040 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8316,39 +8316,12 @@ build_lrouter_flows_step_10_op(struct ovn_port *op, struct hmap *lflows) } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_step_20_od(struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_10_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_10_op(op, lflows); - } /* Logical router ingress table 3: IP Input. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + if (od->nbr) { /* L3 admission control: drop multicast and broadcast source, localhost * source or destination, and zero network source or destination @@ -8427,7 +8400,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "eth.bcast", "drop;"); /* TTL discard */ - ds_clear(&match); ds_put_cstr(&match, "ip4 && ip.ttl == {0, 1}"); ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 30, ds_cstr(&match), "drop;"); @@ -8436,19 +8408,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * routing. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 0, "1", "next;"); } + ds_destroy(&match); +} - /* Logical router ingress table 3: IP Input for IPv4. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_step_20_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (op->derived) { - /* No ingress packets are accepted on a chassisredirect - * port, so no need to program flows for that port. */ - continue; - } + /* Logical router ingress table 3: IP Input for IPv4. + * No ingress packets are accepted on a chassisredirect + * port, so no need to program flows for that port. */ + if (op->nbrp && (!op->derived)) { if (op->lrp_networks.n_ipv4_addrs) { /* L3 admission control: drop packets that originate from an * IPv4 address owned by the router or a broadcast address @@ -8742,7 +8715,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * ETH address. */ if (op != op->od->l3dgw_port) { - continue; + return; } for (size_t i = 0; i < op->od->nbr->n_nat; i++) { @@ -8822,16 +8795,18 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } - /* DHCPv6 reply handling */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } + ds_destroy(&match); + ds_destroy(&actions); +} - if (op->derived) { - continue; - } +static void +build_lrouter_flows_step_30_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + /* DHCPv6 reply handling */ + if (op->nbrp && (!op->derived)) { for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { ds_clear(&actions); ds_clear(&match); @@ -8843,19 +8818,21 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions)); } } + ds_destroy(&match); + ds_destroy(&actions); +} - /* Logical router ingress table 1: IP Input for IPv6. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } +static void +build_lrouter_flows_step_40_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; - if (op->derived) { - /* No ingress packets are accepted on a chassisredirect - * port, so no need to program flows for that port. */ - continue; - } + /* Logical router ingress table 1: IP Input for IPv6. + * No ingress packets are accepted on a chassisredirect + * port, so no need to program flows for that port. */ + if (op->nbrp && (!op->derived)) { if (op->lrp_networks.n_ipv6_addrs) { /* ICMPv6 echo reply. These flows reply to echo requests * received for the router's IP address. */ @@ -8978,6 +8955,54 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, &op->nbrp->header_); } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_10_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_10_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_20_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_20_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_30_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_40_op(op, lflows); + } /* NAT, Defrag and load balancing. */ HMAP_FOR_EACH (od, key_node, datapaths) { From patchwork Wed Jul 15 16:50:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329694 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6Ng73TKZz9sSn for ; Thu, 16 Jul 2020 02:50:43 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E6C5C8AED8; Wed, 15 Jul 2020 16:50:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0BnTfQgP9h5o; Wed, 15 Jul 2020 16:50:39 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 5AD9D8AECB; Wed, 15 Jul 2020 16:50:39 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0B418C1AE2; Wed, 15 Jul 2020 16:50:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id BAF55C18DA for ; Wed, 15 Jul 2020 16:50:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id AB0D38AEB6 for ; Wed, 15 Jul 2020 16:50:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id go0qYWTMxwEi for ; Wed, 15 Jul 2020 16:50:33 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 35A838AE9B for ; Wed, 15 Jul 2020 16:50:32 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc2-0007AZ-Cs for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:30 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkbz-0006dn-Fo; Wed, 15 Jul 2020 17:50:29 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:10 +0100 Message-Id: <20200715165018.25031-5-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 04/12] Move NAT and Load Balancing to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 144 ++++++++++++++++++++++++++------------------ 1 file changed, 87 insertions(+), 57 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 8a0e28040..95c17af98 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8715,6 +8715,8 @@ build_lrouter_flows_step_20_op(struct ovn_port *op, struct hmap *lflows) * ETH address. */ if (op != op->od->l3dgw_port) { + ds_destroy(&match); + ds_destroy(&actions); return; } @@ -8960,56 +8962,15 @@ build_lrouter_flows_step_40_op(struct ovn_port *op, struct hmap *lflows) } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_step_50_od( + struct ovn_datapath *od, struct hmap *lflows, + struct hmap *lbs, struct shash *meter_groups) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_10_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_10_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_20_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_20_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_30_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_40_op(op, lflows); - } - /* NAT, Defrag and load balancing. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { /* Packets are allowed by default. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 0, "1", "next;"); @@ -9027,7 +8988,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * l3dgw_port (router has a port with "redirect-chassis" * specified). */ if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } struct sset nat_entries = SSET_INITIALIZER(&nat_entries); @@ -9562,7 +9525,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * Gateway routers or router with gateway port. */ if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { sset_destroy(&nat_entries); - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } /* A set to hold all ips that need defragmentation and tracking. */ @@ -9641,18 +9606,23 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, sset_destroy(&all_ips); sset_destroy(&nat_entries); } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows_step_50_op(struct ovn_port *op, struct hmap *lflows) +{ /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: IPv6 Router * Adv (RA) options and response. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp || op->nbrp->peer || !op->peer) { - continue; - } - - if (!op->lrp_networks.n_ipv6_addrs) { - continue; - } + if (!op->nbrp || op->nbrp->peer || !op->peer) { + return; + } + if (op->lrp_networks.n_ipv6_addrs) { + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; struct smap options; smap_clone(&options, &op->sb->options); @@ -9681,7 +9651,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, &op->nbrp->ipv6_ra_configs, "address_mode"); if (!address_mode) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } if (strcmp(address_mode, "slaac") && strcmp(address_mode, "dhcpv6_stateful") && @@ -9689,7 +9661,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "Invalid address mode [%s] defined", address_mode); - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } if (smap_get_bool(&op->nbrp->ipv6_ra_configs, "send_periodic", @@ -9760,6 +9734,62 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions), &op->nbrp->header_); } + ds_destroy(&match); + ds_destroy(&actions); + } +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_10_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_10_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_20_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_20_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_30_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_40_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_50_od(od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_50_op(op, lflows); } /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS From patchwork Wed Jul 15 16:50:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329692 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6Ng370m0z9sTN for ; Thu, 16 Jul 2020 02:50:39 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 3C6758AEC2; Wed, 15 Jul 2020 16:50:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUwXBxHHlL3R; Wed, 15 Jul 2020 16:50:37 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 5020A8AE98; Wed, 15 Jul 2020 16:50:37 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 33864C18DA; Wed, 15 Jul 2020 16:50:37 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 51201C1830 for ; Wed, 15 Jul 2020 16:50:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 426648AE8F for ; Wed, 15 Jul 2020 16:50:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qgR0RqbDaxv for ; Wed, 15 Jul 2020 16:50:33 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 826928AEAB for ; Wed, 15 Jul 2020 16:50:33 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc4-0007Ad-2d for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:32 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkc1-0006dn-9V; Wed, 15 Jul 2020 17:50:31 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:11 +0100 Message-Id: <20200715165018.25031-6-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 05/12] Move Logical router ingress table IP_ROUTING to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 97 ++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 41 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 95c17af98..807bf23ec 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9739,6 +9739,60 @@ build_lrouter_flows_step_50_op(struct ovn_port *op, struct hmap *lflows) } } +static void +build_lrouter_flows_step_60_od(struct ovn_datapath *od, struct hmap *lflows) +{ + /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS + * responder, by default goto next. (priority 0)*/ + if (od->nbr) { + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;"); + } +} + +static void +build_lrouter_flows_step_70_op(struct ovn_port *op, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing. + * + * A packet that arrives at this table is an IP packet that should be + * routed to the address in 'ip[46].dst'. + * + * For regular routes without ECMP, table IP_ROUTING sets outport to the + * correct output port, eth.src to the output port's MAC address, and + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address + * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and + * advances to the next table. + * + * For ECMP routes, i.e. multiple routes with same policy and prefix, table + * IP_ROUTING remembers ECMP group id and selects a member id, and advances + * to table IP_ROUTING_ECMP, which sets outport, eth.src and + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 for the selected ECMP member. + */ + + if (op->nbrp) { + + for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { + add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s, + op->lrp_networks.ipv4_addrs[i].network_s, + op->lrp_networks.ipv4_addrs[i].plen, NULL, false, + &op->nbrp->header_); + } + + for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { + add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, + op->lrp_networks.ipv6_addrs[i].network_s, + op->lrp_networks.ipv6_addrs[i].plen, NULL, false, + &op->nbrp->header_); + } + } + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -9792,51 +9846,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_50_op(op, lflows); } - /* Logical router ingress table ND_RA_OPTIONS & ND_RA_RESPONSE: RS - * responder, by default goto next. (priority 0)*/ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;"); + build_lrouter_flows_step_60_od(od, lflows); } - /* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing. - * - * A packet that arrives at this table is an IP packet that should be - * routed to the address in 'ip[46].dst'. - * - * For regular routes without ECMP, table IP_ROUTING sets outport to the - * correct output port, eth.src to the output port's MAC address, and - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address - * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and - * advances to the next table. - * - * For ECMP routes, i.e. multiple routes with same policy and prefix, table - * IP_ROUTING remembers ECMP group id and selects a member id, and advances - * to table IP_ROUTING_ECMP, which sets outport, eth.src and - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 for the selected ECMP member. - */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } - - for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { - add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s, - op->lrp_networks.ipv4_addrs[i].network_s, - op->lrp_networks.ipv4_addrs[i].plen, NULL, false, - &op->nbrp->header_); - } - - for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { - add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, - op->lrp_networks.ipv6_addrs[i].network_s, - op->lrp_networks.ipv6_addrs[i].plen, NULL, false, - &op->nbrp->header_); - } + build_lrouter_flows_step_70_op(op, lflows); } /* Convert the static routes to flows. */ From patchwork Wed Jul 15 16:50:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329699 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6NgT5xJhz9sSn for ; Thu, 16 Jul 2020 02:51:01 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2660089720; Wed, 15 Jul 2020 16:51:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9BPr_trayjM; Wed, 15 Jul 2020 16:50:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 93C31899ED; Wed, 15 Jul 2020 16:50:51 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5F7E5C1DA1; Wed, 15 Jul 2020 16:50:51 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id BB231C0895 for ; Wed, 15 Jul 2020 16:50:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 8A08323455 for ; Wed, 15 Jul 2020 16:50:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lp93q0iz2VVR for ; Wed, 15 Jul 2020 16:50:42 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id A4C4D25492 for ; Wed, 15 Jul 2020 16:50:35 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc5-0007Ah-PJ for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:33 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkc3-0006dn-1F; Wed, 15 Jul 2020 17:50:32 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:12 +0100 Message-Id: <20200715165018.25031-7-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 06/12] Move static route datapath mapping to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 96 ++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 807bf23ec..c6e58576a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9793,6 +9793,56 @@ build_lrouter_flows_step_70_op(struct ovn_port *op, struct hmap *lflows) ds_destroy(&actions); } +static void +build_lrouter_flows_step_80_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + /* Convert the static routes to flows. */ + if (od->nbr) { + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 150, + REG_ECMP_GROUP_ID" == 0", "next;"); + + struct hmap ecmp_groups = HMAP_INITIALIZER(&ecmp_groups); + struct hmap unique_routes = HMAP_INITIALIZER(&unique_routes); + struct ovs_list parsed_routes = OVS_LIST_INITIALIZER(&parsed_routes); + struct ecmp_groups_node *group; + for (int i = 0; i < od->nbr->n_static_routes; i++) { + struct parsed_route *route = + parsed_routes_add(&parsed_routes, od->nbr->static_routes[i]); + if (!route) { + continue; + } + group = ecmp_groups_find(&ecmp_groups, route); + if (group) { + ecmp_groups_add_route(group, route); + } else { + const struct parsed_route *existed_route = + unique_routes_remove(&unique_routes, route); + if (existed_route) { + group = ecmp_groups_add(&ecmp_groups, existed_route); + if (group) { + ecmp_groups_add_route(group, route); + } + } else { + unique_routes_add(&unique_routes, route); + } + } + } + HMAP_FOR_EACH (group, hmap_node, &ecmp_groups) { + /* add a flow in IP_ROUTING, and one flow for each member in + * IP_ROUTING_ECMP. */ + build_ecmp_route_flow(lflows, od, ports, group); + } + const struct unique_routes_node *ur; + HMAP_FOR_EACH (ur, hmap_node, &unique_routes) { + build_static_route_flow(lflows, od, ports, ur->route); + } + ecmp_groups_destroy(&ecmp_groups); + unique_routes_destroy(&unique_routes); + parsed_routes_destroy(&parsed_routes); + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -9854,52 +9904,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_70_op(op, lflows); } - /* Convert the static routes to flows. */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 150, - REG_ECMP_GROUP_ID" == 0", "next;"); - - struct hmap ecmp_groups = HMAP_INITIALIZER(&ecmp_groups); - struct hmap unique_routes = HMAP_INITIALIZER(&unique_routes); - struct ovs_list parsed_routes = OVS_LIST_INITIALIZER(&parsed_routes); - struct ecmp_groups_node *group; - for (int i = 0; i < od->nbr->n_static_routes; i++) { - struct parsed_route *route = - parsed_routes_add(&parsed_routes, od->nbr->static_routes[i]); - if (!route) { - continue; - } - group = ecmp_groups_find(&ecmp_groups, route); - if (group) { - ecmp_groups_add_route(group, route); - } else { - const struct parsed_route *existed_route = - unique_routes_remove(&unique_routes, route); - if (existed_route) { - group = ecmp_groups_add(&ecmp_groups, existed_route); - if (group) { - ecmp_groups_add_route(group, route); - } - } else { - unique_routes_add(&unique_routes, route); - } - } - } - HMAP_FOR_EACH (group, hmap_node, &ecmp_groups) { - /* add a flow in IP_ROUTING, and one flow for each member in - * IP_ROUTING_ECMP. */ - build_ecmp_route_flow(lflows, od, ports, group); - } - const struct unique_routes_node *ur; - HMAP_FOR_EACH (ur, hmap_node, &unique_routes) { - build_static_route_flow(lflows, od, ports, ur->route); - } - ecmp_groups_destroy(&ecmp_groups); - unique_routes_destroy(&unique_routes); - parsed_routes_destroy(&parsed_routes); + build_lrouter_flows_step_80_od(od, lflows, ports); } /* IP Multicast lookup. Here we set the output port, adjust TTL and From patchwork Wed Jul 15 16:50:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329696 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6NgG0PJnz9sSn for ; Thu, 16 Jul 2020 02:50:50 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 626D38AEBC; Wed, 15 Jul 2020 16:50:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NzcRkTfcwkl6; Wed, 15 Jul 2020 16:50:47 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 895D18AED4; Wed, 15 Jul 2020 16:50:47 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7A1D7C0895; Wed, 15 Jul 2020 16:50:47 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id CC5B2C0891 for ; Wed, 15 Jul 2020 16:50:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B408C8B6B9 for ; Wed, 15 Jul 2020 16:50:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndLiz+vetvyV for ; Wed, 15 Jul 2020 16:50:40 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id EC4C88B695 for ; Wed, 15 Jul 2020 16:50:36 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc7-0007Am-He for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:35 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkc4-0006dn-PM; Wed, 15 Jul 2020 17:50:34 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:13 +0100 Message-Id: <20200715165018.25031-8-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 07/12] Move out multicast lookup into a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 128 ++++++++++++++++++++++++-------------------- 1 file changed, 69 insertions(+), 59 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index c6e58576a..61f9b4ab8 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9843,6 +9843,74 @@ build_lrouter_flows_step_80_od( } } +static void +build_lrouter_flows_step_90_od(struct ovn_datapath *od, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* IP Multicast lookup. Here we set the output port, adjust TTL and + * advance to next table (priority 500). + */ + if (od->nbr) { + + /* Drop IPv6 multicast traffic that shouldn't be forwarded, + * i.e., router solicitation and router advertisement. + */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 550, + "nd_rs || nd_ra", "drop;"); + + if (!od->mcast_info.rtr.relay) { + return; + } + + struct ovn_igmp_group *igmp_group; + + LIST_FOR_EACH (igmp_group, list_node, &od->mcast_info.groups) { + ds_clear(&match); + ds_clear(&actions); + if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { + ds_put_format(&match, "ip4 && ip4.dst == %s ", + igmp_group->mcgroup.name); + } else { + ds_put_format(&match, "ip6 && ip6.dst == %s ", + igmp_group->mcgroup.name); + } + if (od->mcast_info.rtr.flood_static) { + ds_put_cstr(&actions, + "clone { " + "outport = \""MC_STATIC"\"; " + "ip.ttl--; " + "next; " + "};"); + } + ds_put_format(&actions, "outport = \"%s\"; ip.ttl--; next;", + igmp_group->mcgroup.name); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 500, + ds_cstr(&match), ds_cstr(&actions)); + } + + /* If needed, flood unregistered multicast on statically configured + * ports. Otherwise drop any multicast traffic. + */ + if (od->mcast_info.rtr.flood_static) { + ds_clear(&actions); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + "ip4.mcast || ip6.mcast", + "clone { " + "outport = \""MC_STATIC"\"; " + "ip.ttl--; " + "next; " + "};"); + } else { + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + "ip4.mcast || ip6.mcast", "drop;"); + } + } + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -9908,66 +9976,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_80_od(od, lflows, ports); } - /* IP Multicast lookup. Here we set the output port, adjust TTL and - * advance to next table (priority 500). - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - /* Drop IPv6 multicast traffic that shouldn't be forwarded, - * i.e., router solicitation and router advertisement. - */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 550, - "nd_rs || nd_ra", "drop;"); - - if (!od->mcast_info.rtr.relay) { - continue; - } - - struct ovn_igmp_group *igmp_group; - - LIST_FOR_EACH (igmp_group, list_node, &od->mcast_info.groups) { - ds_clear(&match); - ds_clear(&actions); - if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { - ds_put_format(&match, "ip4 && ip4.dst == %s ", - igmp_group->mcgroup.name); - } else { - ds_put_format(&match, "ip6 && ip6.dst == %s ", - igmp_group->mcgroup.name); - } - if (od->mcast_info.rtr.flood_static) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_STATIC"\"; " - "ip.ttl--; " - "next; " - "};"); - } - ds_put_format(&actions, "outport = \"%s\"; ip.ttl--; next;", - igmp_group->mcgroup.name); - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 500, - ds_cstr(&match), ds_cstr(&actions)); - } - - /* If needed, flood unregistered multicast on statically configured - * ports. Otherwise drop any multicast traffic. - */ - if (od->mcast_info.rtr.flood_static) { - ds_clear(&actions); - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, - "ip4.mcast || ip6.mcast", - "clone { " - "outport = \""MC_STATIC"\"; " - "ip.ttl--; " - "next; " - "};"); - } else { - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, - "ip4.mcast || ip6.mcast", "drop;"); - } + build_lrouter_flows_step_90_od(od, lflows); } /* Logical router ingress table POLICY: Policy. From patchwork Wed Jul 15 16:50:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329697 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6NgN1NQ9z9sSn for ; Thu, 16 Jul 2020 02:50:56 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 960F225AD0; Wed, 15 Jul 2020 16:50:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3tusCH50jJE; Wed, 15 Jul 2020 16:50:48 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 1BEFA237C8; Wed, 15 Jul 2020 16:50:41 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0052EC0733; Wed, 15 Jul 2020 16:50:41 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id EE7BCC1D84 for ; Wed, 15 Jul 2020 16:50:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E62B28AECF for ; Wed, 15 Jul 2020 16:50:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWGAAYKhpUJ8 for ; Wed, 15 Jul 2020 16:50:38 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id BB8788AEBB for ; Wed, 15 Jul 2020 16:50:38 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkc9-0007Aq-BH for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:37 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkc6-0006dn-Ha; Wed, 15 Jul 2020 17:50:36 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:14 +0100 Message-Id: <20200715165018.25031-9-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 08/12] Move Logical router ingress policy to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 52 ++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 61f9b4ab8..7932ab9e3 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9911,6 +9911,35 @@ build_lrouter_flows_step_90_od(struct ovn_datapath *od, struct hmap *lflows) ds_destroy(&actions); } +static void +build_lrouter_flows_step_100_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + + /* Logical router ingress table POLICY: Policy. + * + * A packet that arrives at this table is an IP packet that should be + * permitted/denied/rerouted to the address in the rule's nexthop. + * This table sets outport to the correct out_port, + * eth.src to the output port's MAC address, + * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address + * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and + * advances to the next table for ARP/ND resolution. */ + + if (od->nbr) { + /* This is a catch-all rule. It has the lowest priority (0) + * does a match-all("1") and pass-through (next) */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;"); + + /* Convert routing policies to flows. */ + for (int i = 0; i < od->nbr->n_policies; i++) { + const struct nbrec_logical_router_policy *rule + = od->nbr->policies[i]; + build_routing_policy_flow(lflows, od, ports, rule, &rule->header_); + } + } +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -9980,29 +10009,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_90_od(od, lflows); } - /* Logical router ingress table POLICY: Policy. - * - * A packet that arrives at this table is an IP packet that should be - * permitted/denied/rerouted to the address in the rule's nexthop. - * This table sets outport to the correct out_port, - * eth.src to the output port's MAC address, - * and REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 to the next-hop IP address - * (leaving 'ip[46].dst', the packet’s final destination, unchanged), and - * advances to the next table for ARP/ND resolution. */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - /* This is a catch-all rule. It has the lowest priority (0) - * does a match-all("1") and pass-through (next) */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;"); - - /* Convert routing policies to flows. */ - for (int i = 0; i < od->nbr->n_policies; i++) { - const struct nbrec_logical_router_policy *rule - = od->nbr->policies[i]; - build_routing_policy_flow(lflows, od, ports, rule, &rule->header_); - } + build_lrouter_flows_step_100_od(od, lflows, ports); } From patchwork Wed Jul 15 16:50:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329698 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6NgN50Sgz9sTM for ; Thu, 16 Jul 2020 02:50:56 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 20F9E8AE92; Wed, 15 Jul 2020 16:50:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGN59OgUiIPa; Wed, 15 Jul 2020 16:50:50 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 0C5058AEF4; Wed, 15 Jul 2020 16:50:50 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E1D23C08A6; Wed, 15 Jul 2020 16:50:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 954D9C0733 for ; Wed, 15 Jul 2020 16:50:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 7762B8AEE9 for ; Wed, 15 Jul 2020 16:50:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcvcsHh8WgHX for ; Wed, 15 Jul 2020 16:50:43 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 273D78AECB for ; Wed, 15 Jul 2020 16:50:42 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkcC-0007Au-2a for dev@openvswitch.org; Wed, 15 Jul 2020 16:50:40 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkc8-0006dn-91; Wed, 15 Jul 2020 17:50:38 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:15 +0100 Message-Id: <20200715165018.25031-10-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 09/12] Move packet size rules to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 752 +++++++++++++++++++++++--------------------- 1 file changed, 397 insertions(+), 355 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 7932ab9e3..0b4926a75 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9941,93 +9941,25 @@ build_lrouter_flows_step_100_od( } static void -build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, - struct hmap *lflows, struct shash *meter_groups, - struct hmap *lbs) +build_lrouter_flows_step_110_od( + struct ovn_datapath *od, struct hmap *lflows) { - /* This flow table structure is documented in ovn-northd(8), so please - * update ovn-northd.8.xml if you change anything. */ - - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_0_od(od, lflows); - } - - struct ovn_port *op; - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_0_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_10_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_10_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_20_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_20_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_30_op(op, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_40_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_50_od(od, lflows, lbs, meter_groups); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_50_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_60_od(od, lflows); - } - - HMAP_FOR_EACH (op, key_node, ports) { - build_lrouter_flows_step_70_op(op, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_80_od(od, lflows, ports); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_90_od(od, lflows); - } - - HMAP_FOR_EACH (od, key_node, datapaths) { - build_lrouter_flows_step_100_od(od, lflows, ports); - } - - - /* XXX destination unreachable */ - /* Local router ingress table ARP_RESOLVE: ARP Resolution. * * Multicast packets already have the outport set so just advance to next * table (priority 500). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 500, "ip4.mcast || ip6.mcast", "next;"); } +} + +static void +build_lrouter_flows_step_120_op( + struct ovn_port *op, struct hmap *lflows, struct hmap *ports) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; /* Local router ingress table ARP_RESOLVE: ARP Resolution. * @@ -10038,188 +9970,133 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 into an output port in outport and * an Ethernet address in eth.dst. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (op->nbsp && !lsp_is_enabled(op->nbsp)) { - continue; - } - - if (op->nbrp) { - /* This is a logical router port. If next-hop IP address in - * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 matches IP address of this - * router port, then the packet is intended to eventually be sent - * to this logical port. Set the destination mac address using - * this port's mac address. - * - * The packet is still in peer's logical pipeline. So the match - * should be on peer's outport. */ - if (op->peer && op->nbrp->peer) { - if (op->lrp_networks.n_ipv4_addrs) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 "== ", - op->peer->json_key); - op_put_v4_networks(&match, op, false); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + if (op->nbsp && !lsp_is_enabled(op->nbsp)) { + return; + } - if (op->lrp_networks.n_ipv6_addrs) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == ", - op->peer->json_key); - op_put_v6_networks(&match, op); + if (op->nbrp) { + /* This is a logical router port. If next-hop IP address in + * REG_NEXT_HOP_IPV4/REG_NEXT_HOP_IPV6 matches IP address of this + * router port, then the packet is intended to eventually be sent + * to this logical port. Set the destination mac address using + * this port's mac address. + * + * The packet is still in peer's logical pipeline. So the match + * should be on peer's outport. */ + if (op->peer && op->nbrp->peer) { + if (op->lrp_networks.n_ipv4_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 "== ", + op->peer->json_key); + op_put_v4_networks(&match, op, false); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); } - if (!op->derived && op->od->l3redirect_port) { - const char *redirect_type = smap_get(&op->nbrp->options, - "redirect-type"); - if (redirect_type && !strcasecmp(redirect_type, "bridged")) { - /* Packet is on a non gateway chassis and - * has an unresolved ARP on a network behind gateway - * chassis attached router port. Since, redirect type - * is "bridged", instead of calling "get_arp" - * on this node, we will redirect the packet to gateway - * chassis, by setting destination mac router port mac.*/ - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - "!is_chassis_resident(%s)", op->json_key, - op->od->l3redirect_port->json_key); - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - op->lrp_networks.ea_s); + if (op->lrp_networks.n_ipv6_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == ", + op->peer->json_key); + op_put_v6_networks(&match, op); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_ARP_RESOLVE, 50, - ds_cstr(&match), ds_cstr(&actions), - &op->nbrp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); } - } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") - && strcmp(op->nbsp->type, "virtual")) { - /* This is a logical switch port that backs a VM or a container. - * Extract its addresses. For each of the address, go through all - * the router ports attached to the switch (to which this port - * connects) and if the address in question is reachable from the - * router port, add an ARP/ND entry in that router's pipeline. */ - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - const char *ea_s = op->lsp_addrs[i].ea_s; - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { - const char *ip_s = op->lsp_addrs[i].ipv4_addrs[j].addr_s; - for (size_t k = 0; k < op->od->n_router_ports; k++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &op->od->router_ports[k]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + } - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + if (!op->derived && op->od->l3redirect_port) { + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + if (redirect_type && !strcasecmp(redirect_type, "bridged")) { + /* Packet is on a non gateway chassis and + * has an unresolved ARP on a network behind gateway + * chassis attached router port. Since, redirect type + * is "bridged", instead of calling "get_arp" + * on this node, we will redirect the packet to gateway + * chassis, by setting destination mac router port mac.*/ + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + "!is_chassis_resident(%s)", op->json_key, + op->od->l3redirect_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); - if (!find_lrp_member_ip(peer, ip_s)) { - continue; - } + ovn_lflow_add_with_hint(lflows, op->od, + S_ROUTER_IN_ARP_RESOLVE, 50, + ds_cstr(&match), ds_cstr(&actions), + &op->nbrp->header_); + } + } + } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") + && strcmp(op->nbsp->type, "virtual")) { + /* This is a logical switch port that backs a VM or a container. + * Extract its addresses. For each of the address, go through all + * the router ports attached to the switch (to which this port + * connects) and if the address in question is reachable from the + * router port, add an ARP/ND entry in that router's pipeline. */ - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, ip_s); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + const char *ea_s = op->lsp_addrs[i].ea_s; + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { + const char *ip_s = op->lsp_addrs[i].ipv4_addrs[j].addr_s; + for (size_t k = 0; k < op->od->n_router_ports; k++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ + const char *peer_name = smap_get( + &op->od->router_ports[k]->nbsp->options, + "router-port"); + if (!peer_name) { + continue; } - } - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { - const char *ip_s = op->lsp_addrs[i].ipv6_addrs[j].addr_s; - for (size_t k = 0; k < op->od->n_router_ports; k++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &op->od->router_ports[k]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; + } - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + if (!find_lrp_member_ip(peer, ip_s)) { + continue; + } - if (!find_lrp_member_ip(peer, ip_s)) { - continue; - } + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, ip_s); - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == %s", - peer->json_key, ip_s); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); } } - } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") - && !strcmp(op->nbsp->type, "virtual")) { - /* This is a virtual port. Add ARP replies for the virtual ip with - * the mac of the present active virtual parent. - * If the logical port doesn't have virtual parent set in - * Port_Binding table, then add the flow to set eth.dst to - * 00:00:00:00:00:00 and advance to next table so that ARP is - * resolved by router pipeline using the arp{} action. - * The MAC_Binding entry for the virtual ip might be invalid. */ - ovs_be32 ip; - - const char *vip = smap_get(&op->nbsp->options, - "virtual-ip"); - const char *virtual_parents = smap_get(&op->nbsp->options, - "virtual-parents"); - if (!vip || !virtual_parents || - !ip_parse(vip, &ip) || !op->sb) { - continue; - } - if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || - !op->sb->chassis) { - /* The virtual port is not claimed yet. */ - for (size_t i = 0; i < op->od->n_router_ports; i++) { + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { + const char *ip_s = op->lsp_addrs[i].ipv6_addrs[j].addr_s; + for (size_t k = 0; k < op->od->n_router_ports; k++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ const char *peer_name = smap_get( - &op->od->router_ports[i]->nbsp->options, + &op->od->router_ports[k]->nbsp->options, "router-port"); if (!peer_name) { continue; @@ -10230,155 +10107,228 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } - if (find_lrp_member_ip(peer, vip)) { - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, vip); - - ds_clear(&actions); - ds_put_format(&actions, - "eth.dst = 00:00:00:00:00:00; next;"); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - break; + if (!find_lrp_member_ip(peer, ip_s)) { + continue; } - } - } else { - struct ovn_port *vp = - ovn_port_find(ports, op->sb->virtual_parent); - if (!vp || !vp->nbsp) { - continue; - } - - for (size_t i = 0; i < vp->n_lsp_addrs; i++) { - bool found_vip_network = false; - const char *ea_s = vp->lsp_addrs[i].ea_s; - for (size_t j = 0; j < vp->od->n_router_ports; j++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - const char *peer_name = smap_get( - &vp->od->router_ports[j]->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } - - struct ovn_port *peer = - ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } - - if (!find_lrp_member_ip(peer, vip)) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == %s", - peer->json_key, vip); - - ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - found_vip_network = true; - break; - } + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == %s", + peer->json_key, ip_s); - if (found_vip_network) { - break; - } + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), + ds_cstr(&actions), + &op->nbsp->header_); } } - } else if (!strcmp(op->nbsp->type, "router")) { - /* This is a logical switch port that connects to a router. */ - - /* The peer of this switch port is the router port for which - * we need to add logical flows such that it can resolve - * ARP entries for all the other router ports connected to - * the switch in question. */ - - const char *peer_name = smap_get(&op->nbsp->options, - "router-port"); - if (!peer_name) { - continue; - } + } + } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") + && !strcmp(op->nbsp->type, "virtual")) { + /* This is a virtual port. Add ARP replies for the virtual ip with + * the mac of the present active virtual parent. + * If the logical port doesn't have virtual parent set in + * Port_Binding table, then add the flow to set eth.dst to + * 00:00:00:00:00:00 and advance to next table so that ARP is + * resolved by router pipeline using the arp{} action. + * The MAC_Binding entry for the virtual ip might be invalid. */ + ovs_be32 ip; - struct ovn_port *peer = ovn_port_find(ports, peer_name); - if (!peer || !peer->nbrp) { - continue; - } + const char *vip = smap_get(&op->nbsp->options, + "virtual-ip"); + const char *virtual_parents = smap_get(&op->nbsp->options, + "virtual-parents"); + if (!vip || !virtual_parents || + !ip_parse(vip, &ip) || !op->sb) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || + !op->sb->chassis) { + /* The virtual port is not claimed yet. */ for (size_t i = 0; i < op->od->n_router_ports; i++) { - const char *router_port_name = smap_get( - &op->od->router_ports[i]->nbsp->options, - "router-port"); - struct ovn_port *router_port = ovn_port_find(ports, - router_port_name); - if (!router_port || !router_port->nbrp) { + const char *peer_name = smap_get( + &op->od->router_ports[i]->nbsp->options, + "router-port"); + if (!peer_name) { continue; } - /* Skip the router port under consideration. */ - if (router_port == peer) { - continue; + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; } - if (router_port->lrp_networks.n_ipv4_addrs) { + if (find_lrp_member_ip(peer, vip)) { ds_clear(&match); ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV4 " == ", - peer->json_key); - op_put_v4_networks(&match, router_port, false); + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, vip); ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - router_port->lrp_networks.ea_s); + ds_put_format(&actions, + "eth.dst = 00:00:00:00:00:00; next;"); ovn_lflow_add_with_hint(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), + ds_cstr(&match), + ds_cstr(&actions), &op->nbsp->header_); + break; } + } + } else { + struct ovn_port *vp = + ovn_port_find(ports, op->sb->virtual_parent); + if (!vp || !vp->nbsp) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + for (size_t i = 0; i < vp->n_lsp_addrs; i++) { + bool found_vip_network = false; + const char *ea_s = vp->lsp_addrs[i].ea_s; + for (size_t j = 0; j < vp->od->n_router_ports; j++) { + /* Get the Logical_Router_Port that the + * Logical_Switch_Port is connected to, as + * 'peer'. */ + const char *peer_name = smap_get( + &vp->od->router_ports[j]->nbsp->options, + "router-port"); + if (!peer_name) { + continue; + } + + struct ovn_port *peer = + ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + continue; + } + + if (!find_lrp_member_ip(peer, vip)) { + continue; + } - if (router_port->lrp_networks.n_ipv6_addrs) { ds_clear(&match); ds_put_format(&match, "outport == %s && " - REG_NEXT_HOP_IPV6 " == ", - peer->json_key); - op_put_v6_networks(&match, router_port); + REG_NEXT_HOP_IPV4 " == %s", + peer->json_key, vip); ds_clear(&actions); - ds_put_format(&actions, "eth.dst = %s; next;", - router_port->lrp_networks.ea_s); + ds_put_format(&actions, "eth.dst = %s; next;", ea_s); ovn_lflow_add_with_hint(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(&match), ds_cstr(&actions), + ds_cstr(&match), + ds_cstr(&actions), &op->nbsp->header_); + found_vip_network = true; + break; + } + + if (found_vip_network) { + break; } } } - } + } else if (!strcmp(op->nbsp->type, "router")) { + /* This is a logical switch port that connects to a router. */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; + /* The peer of this switch port is the router port for which + * we need to add logical flows such that it can resolve + * ARP entries for all the other router ports connected to + * the switch in question. */ + + const char *peer_name = smap_get(&op->nbsp->options, + "router-port"); + if (!peer_name) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + struct ovn_port *peer = ovn_port_find(ports, peer_name); + if (!peer || !peer->nbrp) { + ds_destroy(&match); + ds_destroy(&actions); + return; + } + + for (size_t i = 0; i < op->od->n_router_ports; i++) { + const char *router_port_name = smap_get( + &op->od->router_ports[i]->nbsp->options, + "router-port"); + struct ovn_port *router_port = ovn_port_find(ports, + router_port_name); + if (!router_port || !router_port->nbrp) { + continue; + } + + /* Skip the router port under consideration. */ + if (router_port == peer) { + continue; + } + + if (router_port->lrp_networks.n_ipv4_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV4 " == ", + peer->json_key); + op_put_v4_networks(&match, router_port, false); + + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + router_port->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + } + + if (router_port->lrp_networks.n_ipv6_addrs) { + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + REG_NEXT_HOP_IPV6 " == ", + peer->json_key); + op_put_v6_networks(&match, router_port); + + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + router_port->lrp_networks.ea_s); + ovn_lflow_add_with_hint(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(&match), ds_cstr(&actions), + &op->nbsp->header_); + } } + } + ds_destroy(&match); + ds_destroy(&actions); +} +static void +build_lrouter_flows_step_130_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbr) { ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip4", "get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;"); ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip6", "get_nd(outport, " REG_NEXT_HOP_IPV6 "); next;"); } +} + +static void +build_lrouter_flows_step_140_od( + struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; /* Local router ingress table CHK_PKT_LEN: Check packet length. * @@ -10393,10 +10343,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * generate ICMPv4 packet with type 3 (Destination Unreachable) and * code 4 (Fragmentation needed). * */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } + + if (od->nbr) { /* Packets are allowed by default. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", @@ -10412,7 +10360,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } /* Add the flows only if gateway_mtu is configured. */ if (gw_mtu <= 0) { - continue; + ds_destroy(&match); + ds_destroy(&actions); + return; } ds_clear(&match); @@ -10491,6 +10441,98 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } } } + ds_destroy(&match); + ds_destroy(&actions); +} + +static void +build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, + struct hmap *lflows, struct shash *meter_groups, + struct hmap *lbs) +{ + /* This flow table structure is documented in ovn-northd(8), so please + * update ovn-northd.8.xml if you change anything. */ + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + struct ovn_datapath *od; + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_0_od(od, lflows); + } + + struct ovn_port *op; + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_0_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_10_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_10_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_20_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_20_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_30_op(op, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_40_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_50_od(od, lflows, lbs, meter_groups); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_50_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_60_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_70_op(op, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_80_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_90_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_100_od(od, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_110_od(od, lflows); + } + + HMAP_FOR_EACH (op, key_node, ports) { + build_lrouter_flows_step_120_op(op, lflows, ports); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_130_od(od, lflows); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lrouter_flows_step_140_od(od, lflows, ports); + } /* Logical router ingress table GW_REDIRECT: Gateway redirect. * From patchwork Wed Jul 15 16:50:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329703 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6P6q3dfxz9sTM for ; Thu, 16 Jul 2020 03:11:15 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id A8317880C8; Wed, 15 Jul 2020 17:11:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNNvnbQOZm41; Wed, 15 Jul 2020 17:11:12 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 31F8387A5A; Wed, 15 Jul 2020 17:11:12 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E5DF3C1830; Wed, 15 Jul 2020 17:11:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 06F0FC07FF for ; Wed, 15 Jul 2020 17:11:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id E3032258CF for ; Wed, 15 Jul 2020 17:11:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EhVk30-w4gwl for ; Wed, 15 Jul 2020 17:11:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 3D79823455 for ; Wed, 15 Jul 2020 17:11:05 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkvv-0007Fp-RD for dev@openvswitch.org; Wed, 15 Jul 2020 17:11:03 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkcA-0006dn-H5; Wed, 15 Jul 2020 17:50:40 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:16 +0100 Message-Id: <20200715165018.25031-11-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 10/12] Move GW redirect rules to a new function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 80 ++++++++++++++++++++++++++------------------- 1 file changed, 46 insertions(+), 34 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 0b4926a75..81a6407a9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10445,6 +10445,51 @@ build_lrouter_flows_step_140_od( ds_destroy(&actions); } +static void +build_lrouter_flows_step_150_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* Logical router ingress table GW_REDIRECT: Gateway redirect. + * + * For traffic with outport equal to the l3dgw_port + * on a distributed router, this table redirects a subset + * of the traffic to the l3redirect_port which represents + * the central instance of the l3dgw_port. + */ + if (od->nbr) { + if (od->l3dgw_port && od->l3redirect_port) { + const struct ovsdb_idl_row *stage_hint = NULL; + + if (od->l3dgw_port->nbrp) { + stage_hint = &od->l3dgw_port->nbrp->header_; + } + + /* For traffic with outport == l3dgw_port, if the + * packet did not match any higher priority redirect + * rule, then the traffic is redirected to the central + * instance of the l3dgw_port. */ + ds_clear(&match); + ds_put_format(&match, "outport == %s", + od->l3dgw_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "outport = %s; next;", + od->l3redirect_port->json_key); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, + ds_cstr(&match), ds_cstr(&actions), + stage_hint); + } + + /* Packets are allowed by default. */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1", "next;"); + } + + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10534,41 +10579,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_140_od(od, lflows, ports); } - /* Logical router ingress table GW_REDIRECT: Gateway redirect. - * - * For traffic with outport equal to the l3dgw_port - * on a distributed router, this table redirects a subset - * of the traffic to the l3redirect_port which represents - * the central instance of the l3dgw_port. - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - if (od->l3dgw_port && od->l3redirect_port) { - const struct ovsdb_idl_row *stage_hint = NULL; - - if (od->l3dgw_port->nbrp) { - stage_hint = &od->l3dgw_port->nbrp->header_; - } - - /* For traffic with outport == l3dgw_port, if the - * packet did not match any higher priority redirect - * rule, then the traffic is redirected to the central - * instance of the l3dgw_port. */ - ds_clear(&match); - ds_put_format(&match, "outport == %s", - od->l3dgw_port->json_key); - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; next;", - od->l3redirect_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, - ds_cstr(&match), ds_cstr(&actions), - stage_hint); - } - - /* Packets are allowed by default. */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1", "next;"); + build_lrouter_flows_step_150_od(od, lflows); } /* Local router ingress table ARP_REQUEST: ARP request. From patchwork Wed Jul 15 16:50:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329701 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6P6m6xbYz9sTM for ; Thu, 16 Jul 2020 03:11:12 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 1D08923455; Wed, 15 Jul 2020 17:11:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id or56eMzRX17F; Wed, 15 Jul 2020 17:11:05 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 4043624E83; Wed, 15 Jul 2020 17:11:05 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2D327C07FF; Wed, 15 Jul 2020 17:11:05 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 50305C0733 for ; Wed, 15 Jul 2020 17:11:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 37ACE87D17 for ; Wed, 15 Jul 2020 17:11:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fir-755iGXj9 for ; Wed, 15 Jul 2020 17:11:03 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 7EA9D86E8A for ; Wed, 15 Jul 2020 17:11:03 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkvu-0007Fl-0o for dev@openvswitch.org; Wed, 15 Jul 2020 17:11:02 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkcC-0006dn-7s; Wed, 15 Jul 2020 17:50:41 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:17 +0100 Message-Id: <20200715165018.25031-12-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 11/12] Move ARP request to a separate rule function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 139 ++++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 64 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 81a6407a9..6b7a57c41 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10490,6 +10490,80 @@ build_lrouter_flows_step_150_od( ds_destroy(&actions); } +static void +build_lrouter_flows_step_160_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* Local router ingress table ARP_REQUEST: ARP request. + * + * In the common case where the Ethernet destination has been resolved, + * this table outputs the packet (priority 0). Otherwise, it composes + * and sends an ARP/IPv6 NA request (priority 100). */ + + if (od->nbr) { + for (int i = 0; i < od->nbr->n_static_routes; i++) { + const struct nbrec_logical_router_static_route *route; + + route = od->nbr->static_routes[i]; + struct in6_addr gw_ip6; + unsigned int plen; + char *error = ipv6_parse_cidr(route->nexthop, &gw_ip6, &plen); + if (error || plen != 128) { + free(error); + continue; + } + + ds_clear(&match); + ds_put_format(&match, "eth.dst == 00:00:00:00:00:00 && " + "ip6 && " REG_NEXT_HOP_IPV6 " == %s", + route->nexthop); + struct in6_addr sn_addr; + struct eth_addr eth_dst; + in6_addr_solicited_node(&sn_addr, &gw_ip6); + ipv6_multicast_to_ethernet(ð_dst, &sn_addr); + + char sn_addr_s[INET6_ADDRSTRLEN + 1]; + ipv6_string_mapped(sn_addr_s, &sn_addr); + + ds_clear(&actions); + ds_put_format(&actions, + "nd_ns { " + "eth.dst = "ETH_ADDR_FMT"; " + "ip6.dst = %s; " + "nd.target = %s; " + "output; " + "};", ETH_ADDR_ARGS(eth_dst), sn_addr_s, + route->nexthop); + + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_REQUEST, 200, + ds_cstr(&match), ds_cstr(&actions), + &route->header_); + } + + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, + "eth.dst == 00:00:00:00:00:00 && ip4", + "arp { " + "eth.dst = ff:ff:ff:ff:ff:ff; " + "arp.spa = " REG_SRC_IPV4 "; " + "arp.tpa = " REG_NEXT_HOP_IPV4 "; " + "arp.op = 1; " /* ARP request */ + "output; " + "};"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, + "eth.dst == 00:00:00:00:00:00 && ip6", + "nd_ns { " + "nd.target = " REG_NEXT_HOP_IPV6 "; " + "output; " + "};"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 0, "1", "output;"); + } + + ds_destroy(&match); + ds_destroy(&actions); +} static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10583,71 +10657,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_150_od(od, lflows); } - /* Local router ingress table ARP_REQUEST: ARP request. - * - * In the common case where the Ethernet destination has been resolved, - * this table outputs the packet (priority 0). Otherwise, it composes - * and sends an ARP/IPv6 NA request (priority 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - - for (int i = 0; i < od->nbr->n_static_routes; i++) { - const struct nbrec_logical_router_static_route *route; - - route = od->nbr->static_routes[i]; - struct in6_addr gw_ip6; - unsigned int plen; - char *error = ipv6_parse_cidr(route->nexthop, &gw_ip6, &plen); - if (error || plen != 128) { - free(error); - continue; - } - - ds_clear(&match); - ds_put_format(&match, "eth.dst == 00:00:00:00:00:00 && " - "ip6 && " REG_NEXT_HOP_IPV6 " == %s", - route->nexthop); - struct in6_addr sn_addr; - struct eth_addr eth_dst; - in6_addr_solicited_node(&sn_addr, &gw_ip6); - ipv6_multicast_to_ethernet(ð_dst, &sn_addr); - - char sn_addr_s[INET6_ADDRSTRLEN + 1]; - ipv6_string_mapped(sn_addr_s, &sn_addr); - - ds_clear(&actions); - ds_put_format(&actions, - "nd_ns { " - "eth.dst = "ETH_ADDR_FMT"; " - "ip6.dst = %s; " - "nd.target = %s; " - "output; " - "};", ETH_ADDR_ARGS(eth_dst), sn_addr_s, - route->nexthop); - - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_REQUEST, 200, - ds_cstr(&match), ds_cstr(&actions), - &route->header_); - } - - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, - "eth.dst == 00:00:00:00:00:00 && ip4", - "arp { " - "eth.dst = ff:ff:ff:ff:ff:ff; " - "arp.spa = " REG_SRC_IPV4 "; " - "arp.tpa = " REG_NEXT_HOP_IPV4 "; " - "arp.op = 1; " /* ARP request */ - "output; " - "};"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, - "eth.dst == 00:00:00:00:00:00 && ip6", - "nd_ns { " - "nd.target = " REG_NEXT_HOP_IPV6 "; " - "output; " - "};"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 0, "1", "output;"); + build_lrouter_flows_step_160_od(od, lflows); } /* Logical router egress table DELIVERY: Delivery (priority 100-110). From patchwork Wed Jul 15 16:50:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1329702 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B6P6n2hJzz9sTN for ; Thu, 16 Jul 2020 03:11:13 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id DDBAD87E45; Wed, 15 Jul 2020 17:11:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9BZl3VjqBH1; Wed, 15 Jul 2020 17:11:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 336A387A5A; Wed, 15 Jul 2020 17:11:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1388AC07FF; Wed, 15 Jul 2020 17:11:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7B307C0733 for ; Wed, 15 Jul 2020 17:11:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3E162896D2 for ; Wed, 15 Jul 2020 17:11:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpPYhPnNb7qd for ; Wed, 15 Jul 2020 17:11:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 665A889700 for ; Wed, 15 Jul 2020 17:11:06 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jvkvx-0007Ft-0H for dev@openvswitch.org; Wed, 15 Jul 2020 17:11:05 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1jvkcD-0006dn-Vc; Wed, 15 Jul 2020 17:50:43 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Wed, 15 Jul 2020 17:50:18 +0100 Message-Id: <20200715165018.25031-13-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> References: <20200715165018.25031-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: Anton Ivanov Subject: [ovs-dev] [PATCH ovn RFC v2 12/12] Move egress to a separate rule and finalize X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov 1. Move egress to a separate rule function 2. Clean-up build_lrouter_flows from variables which are not used Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 107 ++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 49 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 6b7a57c41..69972d55e 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10564,6 +10564,63 @@ build_lrouter_flows_step_160_od( ds_destroy(&match); ds_destroy(&actions); } + +static void +build_lrouter_flows_step_170_op( + struct ovn_port *op, struct hmap *lflows) +{ + /* Logical router egress table DELIVERY: Delivery (priority 100-110). + * + * Priority 100 rules deliver packets to enabled logical ports. + * Priority 110 rules match multicast packets and update the source + * mac before delivering to enabled logical ports. IP multicast traffic + * bypasses S_ROUTER_IN_IP_ROUTING route lookups. + */ + + if (!op->nbrp) { + return; + } + + if (!lrport_is_enabled(op->nbrp)) { + /* Drop packets to disabled logical ports (since logical flow + * tables are default-drop). */ + return; + } + + if (op->derived) { + /* No egress packets should be processed in the context of + * a chassisredirect port. The chassisredirect port should + * be replaced by the l3dgw port in the local output + * pipeline stage before egress processing. */ + return; + } + + struct ds match = DS_EMPTY_INITIALIZER; + struct ds actions = DS_EMPTY_INITIALIZER; + + /* If multicast relay is enabled then also adjust source mac for IP + * multicast traffic. + */ + if (op->od->mcast_info.rtr.relay) { + ds_clear(&match); + ds_clear(&actions); + ds_put_format(&match, "(ip4.mcast || ip6.mcast) && outport == %s", + op->json_key); + ds_put_format(&actions, "eth.src = %s; output;", + op->lrp_networks.ea_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 110, + ds_cstr(&match), ds_cstr(&actions)); + } + + ds_clear(&match); + ds_put_format(&match, "outport == %s", op->json_key); + ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100, + ds_cstr(&match), "output;"); + + ds_destroy(&match); + ds_destroy(&actions); +} + static void build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *lflows, struct shash *meter_groups, @@ -10572,9 +10629,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, /* This flow table structure is documented in ovn-northd(8), so please * update ovn-northd.8.xml if you change anything. */ - struct ds match = DS_EMPTY_INITIALIZER; - struct ds actions = DS_EMPTY_INITIALIZER; - struct ovn_datapath *od; HMAP_FOR_EACH (od, key_node, datapaths) { build_lrouter_flows_step_0_od(od, lflows); @@ -10661,54 +10715,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_step_160_od(od, lflows); } - /* Logical router egress table DELIVERY: Delivery (priority 100-110). - * - * Priority 100 rules deliver packets to enabled logical ports. - * Priority 110 rules match multicast packets and update the source - * mac before delivering to enabled logical ports. IP multicast traffic - * bypasses S_ROUTER_IN_IP_ROUTING route lookups. - */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbrp) { - continue; - } - - if (!lrport_is_enabled(op->nbrp)) { - /* Drop packets to disabled logical ports (since logical flow - * tables are default-drop). */ - continue; - } - - if (op->derived) { - /* No egress packets should be processed in the context of - * a chassisredirect port. The chassisredirect port should - * be replaced by the l3dgw port in the local output - * pipeline stage before egress processing. */ - continue; - } - - /* If multicast relay is enabled then also adjust source mac for IP - * multicast traffic. - */ - if (op->od->mcast_info.rtr.relay) { - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "(ip4.mcast || ip6.mcast) && outport == %s", - op->json_key); - ds_put_format(&actions, "eth.src = %s; output;", - op->lrp_networks.ea_s); - ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 110, - ds_cstr(&match), ds_cstr(&actions)); - } - - ds_clear(&match); - ds_put_format(&match, "outport == %s", op->json_key); - ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100, - ds_cstr(&match), "output;"); + build_lrouter_flows_step_170_op(op, lflows); } - - ds_destroy(&match); - ds_destroy(&actions); } /* Updates the Logical_Flow and Multicast_Group tables in the OVN_SB database,