From patchwork Fri Sep 18 15:07:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366989 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHJy5mcFz9sTM for ; Sat, 19 Sep 2020 01:08:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B317587824; Fri, 18 Sep 2020 15:08:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXUUuG56JaPL; Fri, 18 Sep 2020 15:08:16 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 37AA587821; Fri, 18 Sep 2020 15:08:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F3CB9C0891; Fri, 18 Sep 2020 15:08:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2D1BCC0051 for ; Fri, 18 Sep 2020 15:08:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0CB732E208 for ; Fri, 18 Sep 2020 15:08:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wqOV5uNLGR0c for ; Fri, 18 Sep 2020 15:08:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by silver.osuosl.org (Postfix) with ESMTPS id 4E1502014B for ; Fri, 18 Sep 2020 15:08:12 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHze-0004bJ-Ak; Fri, 18 Sep 2020 15:08:10 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzb-0000UP-32; Fri, 18 Sep 2020 16:08:08 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:43 +0100 Message-Id: <20200918150756.3414-2-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 01/14] ovn-northd: add marker for ovn-northd changes X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index cfec6a2c8..355d539da 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6736,6 +6736,11 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, ds_destroy(&match); } +/* +* Do not remove this comment - it is here as a marker to +* make diffs readable. +*/ + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, From patchwork Fri Sep 18 15:07:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366991 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHK227KMz9sTM for ; Sat, 19 Sep 2020 01:08:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id AE77887849; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VH1SiSrmMNlg; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 7105A87831; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4E8B8C0891; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9A7E1C0051 for ; Fri, 18 Sep 2020 15:08:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 7DF3F87821 for ; Fri, 18 Sep 2020 15:08:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvmGX2CqT9wb for ; Fri, 18 Sep 2020 15:08:13 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 6399787813 for ; Fri, 18 Sep 2020 15:08:13 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzf-0004bP-C8; Fri, 18 Sep 2020 15:08:11 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzc-0000UP-NN; Fri, 18 Sep 2020 16:08:10 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:44 +0100 Message-Id: <20200918150756.3414-3-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 02/14] ovn-northd: move pre-acl and acl processing in to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Move pre-acl and acl processing in build_lswitch_flows() into a separate helper function Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 355d539da..a6212f902 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6736,6 +6736,13 @@ build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op, ds_destroy(&match); } +/* Build pre-ACL and ACL tables for both ingress and egress. + * Ingress tables 3 through 10. Egress tables 0 through 7. */ +static void +build_lswitch_flows_pre_acl_and_acl(struct ovn_datapath *od, + struct hmap *lflows, struct hmap *port_groups, + struct shash *meter_groups, struct hmap *lbs); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6758,18 +6765,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * Ingress tables 3 through 10. Egress tables 0 through 7. */ struct ovn_datapath *od; HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - build_pre_acls(od, lflows); - build_pre_lb(od, lflows, meter_groups, lbs); - build_pre_stateful(od, lflows); - build_acl_hints(od, lflows); - build_acls(od, lflows, port_groups); - build_qos(od, lflows); - build_lb(od, lflows); - build_stateful(od, lflows, lbs); + build_lswitch_flows_pre_acl_and_acl(od, lflows, + port_groups, meter_groups, lbs); } /* Build logical flows for the forwarding groups */ @@ -7447,6 +7444,23 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, ds_destroy(&actions); } +static void +build_lswitch_flows_pre_acl_and_acl(struct ovn_datapath *od, + struct hmap *lflows, struct hmap *port_groups, + struct shash *meter_groups, struct hmap *lbs) +{ + if (od->nbs) { + build_pre_acls(od, lflows); + build_pre_lb(od, lflows, meter_groups, lbs); + build_pre_stateful(od, lflows); + build_acl_hints(od, lflows); + build_acls(od, lflows, port_groups); + build_qos(od, lflows); + build_lb(od, lflows); + build_stateful(od, lflows, lbs); + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366990 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHK128vSz9sTH for ; Sat, 19 Sep 2020 01:08:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D8DF2873F1; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s0KZyd_YJgTJ; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 20567873F6; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id DFF1FC08A5; Fri, 18 Sep 2020 15:08:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 05203C0893 for ; Fri, 18 Sep 2020 15:08:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CC1E1873D9 for ; Fri, 18 Sep 2020 15:08:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UAM2XDTjb70 for ; Fri, 18 Sep 2020 15:08:15 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 66A14873DD for ; Fri, 18 Sep 2020 15:08:15 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzi-0004bW-1y; Fri, 18 Sep 2020 15:08:14 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHze-0000UP-E5; Fri, 18 Sep 2020 16:08:13 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:45 +0100 Message-Id: <20200918150756.3414-4-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 03/14] ovn-northd: move condition for forwarding groups into its helper X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Move the condition which skips build_fwd_group_lflows into the helper function to match calling conventions for all other helpers. Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index a6212f902..ecd68fff3 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6098,6 +6098,11 @@ build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs) static void build_fwd_group_lflows(struct ovn_datapath *od, struct hmap *lflows) { + + if (!od->nbs || !od->nbs->n_forwarding_groups) { + return; + } + struct ds match = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; @@ -6771,10 +6776,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, /* Build logical flows for the forwarding groups */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs || !od->nbs->n_forwarding_groups) { - continue; - } - build_fwd_group_lflows(od, lflows); } From patchwork Fri Sep 18 15:07:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366992 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHKB118lz9sTC for ; Sat, 19 Sep 2020 01:08:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 1E01087789; Fri, 18 Sep 2020 15:08:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wk-fGTsbj14U; Fri, 18 Sep 2020 15:08:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 79C4F871FB; Fri, 18 Sep 2020 15:08:21 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5B879C0888; Fri, 18 Sep 2020 15:08:21 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B5B1BC0890 for ; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id A0624873E3 for ; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H38Zb5FXjNEO for ; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 24F75873DC for ; Fri, 18 Sep 2020 15:08:17 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzj-0004bf-OJ; Fri, 18 Sep 2020 15:08:15 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzh-0000UP-3E; Fri, 18 Sep 2020 16:08:14 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:46 +0100 Message-Id: <20200918150756.3414-5-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 04/14] ovn-northd: move admission control to a separate function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ecd68fff3..838772bee 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6748,6 +6748,12 @@ build_lswitch_flows_pre_acl_and_acl(struct ovn_datapath *od, struct hmap *lflows, struct hmap *port_groups, struct shash *meter_groups, struct hmap *lbs); +/* Logical switch ingress table 0: Admission control framework (priority + * 100). */ +static void +build_lswitch_ingress_admission_control(struct ovn_datapath *od, + struct hmap *lflows); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6779,23 +6785,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_fwd_group_lflows(od, lflows); } - /* Logical switch ingress table 0: Admission control framework (priority - * 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - /* Logical VLANs not supported. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", - "drop;"); - - /* Broadcast/multicast source address is invalid. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", - "drop;"); - - /* Port security flows have priority 50 (see below) and will continue - * to the next table if packet source is acceptable. */ + build_lswitch_ingress_admission_control(od, lflows); } build_lswitch_input_port_sec(ports, datapaths, lflows); @@ -7462,6 +7453,25 @@ build_lswitch_flows_pre_acl_and_acl(struct ovn_datapath *od, } } +static void +build_lswitch_ingress_admission_control(struct ovn_datapath *od, + struct hmap *lflows) +{ + if (od->nbs) { + + /* Logical VLANs not supported. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", + "drop;"); + + /* Broadcast/multicast source address is invalid. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", + "drop;"); + + /* Port security flows have priority 50 (see below) and will continue + * to the next table if packet source is acceptable. */ + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366993 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHK96fsGz9sT6 for ; Sat, 19 Sep 2020 01:08:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2EA7B810D0; Fri, 18 Sep 2020 15:08:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wk3naxMzXM45; Fri, 18 Sep 2020 15:08:25 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0C4A7873A1; Fri, 18 Sep 2020 15:08:25 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C9F4DC0888; Fri, 18 Sep 2020 15:08:24 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 405BFC0888 for ; Fri, 18 Sep 2020 15:08:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 28BC487269 for ; Fri, 18 Sep 2020 15:08:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRybv43TYAYT for ; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 610E884353 for ; Fri, 18 Sep 2020 15:08:19 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzl-0004bl-GN; Fri, 18 Sep 2020 15:08:17 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzi-0000UP-Pk; Fri, 18 Sep 2020 16:08:16 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:47 +0100 Message-Id: <20200918150756.3414-6-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 05/14] ovn-northd: replace build_lswitch_input_port_sec with iterators X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Replace build_lswitch_input_port_sec with two separate op and od iterators. Reuse the match and actions allocated in build_lswitch_flows to avoid extra allocs and frees. Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 58 ++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 30 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 838772bee..0f3818890 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -4750,46 +4750,40 @@ has_stateful_acl(struct ovn_datapath *od) } static void -build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths, - struct hmap *lflows) +build_lswitch_input_port_sec_op( + struct ovn_port *op, struct hmap *lflows, + struct ds *match, struct ds *actions) { /* Logical switch ingress table 0: Ingress port security - L2 * (priority 50). * Ingress table 1: Ingress port security - IP (priority 90 and 80) * Ingress table 2: Ingress port security - ND (priority 90 and 80) */ - struct ds actions = DS_EMPTY_INITIALIZER; - struct ds match = DS_EMPTY_INITIALIZER; - struct ovn_port *op; - - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } + if (op->nbsp) { if (!lsp_is_enabled(op->nbsp)) { /* Drop packets from disabled logical ports (since logical flow * tables are default-drop). */ - continue; + return; } if (lsp_is_external(op->nbsp)) { - continue; + return; } - ds_clear(&match); - ds_clear(&actions); - ds_put_format(&match, "inport == %s", op->json_key); + ds_clear(match); + ds_clear(actions); + ds_put_format(match, "inport == %s", op->json_key); build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs, - &match); + match); const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id"); if (queue_id) { - ds_put_format(&actions, "set_queue(%s); ", queue_id); + ds_put_format(actions, "set_queue(%s); ", queue_id); } - ds_put_cstr(&actions, "next;"); + ds_put_cstr(actions, "next;"); ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50, - ds_cstr(&match), ds_cstr(&actions), + ds_cstr(match), ds_cstr(actions), &op->nbsp->header_); if (op->nbsp->n_port_security) { @@ -4797,22 +4791,19 @@ build_lswitch_input_port_sec(struct hmap *ports, struct hmap *datapaths, build_port_security_nd(op, lflows, &op->nbsp->header_); } } +} +static void +build_lswitch_input_port_sec_od( + struct ovn_datapath *od, struct hmap *lflows) +{ /* Ingress table 1 and 2: Port security - IP and ND, by default * goto next. (priority 0) */ - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - + if (od->nbs) { ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;"); } - - ds_destroy(&match); - ds_destroy(&actions); } static void @@ -6775,6 +6766,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, /* Build pre-ACL and ACL tables for both ingress and egress. * Ingress tables 3 through 10. Egress tables 0 through 7. */ struct ovn_datapath *od; + struct ovn_port *op; + HMAP_FOR_EACH (od, key_node, datapaths) { build_lswitch_flows_pre_acl_and_acl(od, lflows, port_groups, meter_groups, lbs); @@ -6789,12 +6782,17 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_ingress_admission_control(od, lflows); } - build_lswitch_input_port_sec(ports, datapaths, lflows); + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_input_port_sec_op(op, lflows, &match, &actions); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_input_port_sec_od(od, lflows); + } /* Ingress table 13: ARP/ND responder, skip requests coming from localnet * and vtep ports. (priority 100); see ovn-northd.8.xml for the * rationale. */ - struct ovn_port *op; HMAP_FOR_EACH (op, key_node, ports) { if (!op->nbsp) { continue; From patchwork Fri Sep 18 15:07:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366998 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHKY5x2gz9sTH for ; Sat, 19 Sep 2020 01:08:49 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 687A8873B5; Fri, 18 Sep 2020 15:08:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5B9-MMJi42M; Fri, 18 Sep 2020 15:08:43 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id BCAFA86C7C; Fri, 18 Sep 2020 15:08:39 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id AADB8C0891; Fri, 18 Sep 2020 15:08:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 83FB5C0051 for ; Fri, 18 Sep 2020 15:08:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id EC21087136 for ; Fri, 18 Sep 2020 15:08:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0d8CLuWL267e for ; Fri, 18 Sep 2020 15:08:22 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 86597871FF for ; Fri, 18 Sep 2020 15:08:21 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzn-0004bt-Oo; Fri, 18 Sep 2020 15:08:20 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzk-0000UP-HG; Fri, 18 Sep 2020 16:08:18 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:48 +0100 Message-Id: <20200918150756.3414-7-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 06/14] ovn-northd: move arp/nd responder to functions X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov 1. move arp/nd responder for unkown ips to a function 2. move arp/nd responder for known ips to a function 3. move default to a function Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 489 ++++++++++++++++++++++++-------------------- 1 file changed, 269 insertions(+), 220 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 0f3818890..d2ea737a5 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6745,6 +6745,34 @@ static void build_lswitch_ingress_admission_control(struct ovn_datapath *od, struct hmap *lflows); +/* Ingress table 13: ARP/ND responder, skip requests coming from localnet + * and vtep ports. (priority 100); see ovn-northd.8.xml for the + * rationale. */ +static void +build_lswitch_arp_nd_responder_op( + struct ovn_port *op, struct hmap *lflows, + struct ds *match); + +/* Ingress table 13: ARP/ND responder, reply for known IPs. + * (priority 50). */ +static void +build_lswitch_arp_nd_responder_known_op( + struct ovn_port *op, struct hmap *lflows, + struct hmap *ports, + struct ds *match, struct ds *actions); +/* Ingress table 13: ARP/ND responder, by default goto next. + * (priority 0)*/ +static void +build_lswitch_arp_nd_responder_od( + struct ovn_datapath *od, struct hmap *lflows); + +/* Ingress table 13: ARP/ND responder for service monitor source ip. + * (priority 110)*/ +static void +build_lswitch_arp_nd_responder_lb( + struct ovn_lb *lb, struct hmap *lflows, + struct ds *match, struct ds *actions); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6767,6 +6795,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * Ingress tables 3 through 10. Egress tables 0 through 7. */ struct ovn_datapath *od; struct ovn_port *op; + struct ovn_lb *lb; HMAP_FOR_EACH (od, key_node, datapaths) { build_lswitch_flows_pre_acl_and_acl(od, lflows, @@ -6790,236 +6819,22 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_input_port_sec_od(od, lflows); } - /* Ingress table 13: ARP/ND responder, skip requests coming from localnet - * and vtep ports. (priority 100); see ovn-northd.8.xml for the - * rationale. */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if ((!strcmp(op->nbsp->type, "localnet")) || - (!strcmp(op->nbsp->type, "vtep"))) { - ds_clear(&match); - ds_put_format(&match, "inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, - 100, ds_cstr(&match), "next;", - &op->nbsp->header_); - } + build_lswitch_arp_nd_responder_op(op, lflows, &match); } - /* Ingress table 13: ARP/ND responder, reply for known IPs. - * (priority 50). */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if (!strcmp(op->nbsp->type, "virtual")) { - /* Handle - * - GARPs for virtual ip which belongs to a logical port - * of type 'virtual' and bind that port. - * - * - ARP reply from the virtual ip which belongs to a logical - * port of type 'virtual' and bind that port. - * */ - ovs_be32 ip; - const char *virtual_ip = smap_get(&op->nbsp->options, - "virtual-ip"); - const char *virtual_parents = smap_get(&op->nbsp->options, - "virtual-parents"); - if (!virtual_ip || !virtual_parents || - !ip_parse(virtual_ip, &ip)) { - continue; - } - - char *tokstr = xstrdup(virtual_parents); - char *save_ptr = NULL; - char *vparent; - for (vparent = strtok_r(tokstr, ",", &save_ptr); vparent != NULL; - vparent = strtok_r(NULL, ",", &save_ptr)) { - struct ovn_port *vp = ovn_port_find(ports, vparent); - if (!vp || vp->od != op->od) { - /* vparent name should be valid and it should belong - * to the same logical switch. */ - continue; - } - - ds_clear(&match); - ds_put_format(&match, "inport == \"%s\" && " - "((arp.op == 1 && arp.spa == %s && " - "arp.tpa == %s) || (arp.op == 2 && " - "arp.spa == %s))", - vparent, virtual_ip, virtual_ip, - virtual_ip); - ds_clear(&actions); - ds_put_format(&actions, - "bind_vport(%s, inport); " - "next;", - op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(&match), ds_cstr(&actions), - &vp->nbsp->header_); - } - - free(tokstr); - } else { - /* - * Add ARP/ND reply flows if either the - * - port is up and it doesn't have 'unknown' address defined or - * - port type is router or - * - port type is localport - */ - if (check_lsp_is_up && - !lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") && - strcmp(op->nbsp->type, "localport")) { - continue; - } - - if (lsp_is_external(op->nbsp) || op->has_unknown) { - continue; - } - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { - ds_clear(&match); - ds_put_format(&match, "arp.tpa == %s && arp.op == 1", - op->lsp_addrs[i].ipv4_addrs[j].addr_s); - ds_clear(&actions); - ds_put_format(&actions, - "eth.dst = eth.src; " - "eth.src = %s; " - "arp.op = 2; /* ARP reply */ " - "arp.tha = arp.sha; " - "arp.sha = %s; " - "arp.tpa = arp.spa; " - "arp.spa = %s; " - "outport = inport; " - "flags.loopback = 1; " - "output;", - op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ea_s, - op->lsp_addrs[i].ipv4_addrs[j].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 50, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - - /* Do not reply to an ARP request from the port that owns - * the address (otherwise a DHCP client that ARPs to check - * for a duplicate address will fail). Instead, forward - * it the usual way. - * - * (Another alternative would be to simply drop the packet. - * If everything is working as it is configured, then this - * would produce equivalent results, since no one should - * reply to the request. But ARPing for one's own IP - * address is intended to detect situations where the - * network is not working as configured, so dropping the - * request would frustrate that intent.) */ - ds_put_format(&match, " && inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(&match), "next;", - &op->nbsp->header_); - } - - /* For ND solicitations, we need to listen for both the - * unicast IPv6 address and its all-nodes multicast address, - * but always respond with the unicast IPv6 address. */ - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { - ds_clear(&match); - ds_put_format(&match, - "nd_ns && ip6.dst == {%s, %s} && nd.target == %s", - op->lsp_addrs[i].ipv6_addrs[j].addr_s, - op->lsp_addrs[i].ipv6_addrs[j].sn_addr_s, - op->lsp_addrs[i].ipv6_addrs[j].addr_s); - - ds_clear(&actions); - ds_put_format(&actions, - "%s { " - "eth.src = %s; " - "ip6.src = %s; " - "nd.target = %s; " - "nd.tll = %s; " - "outport = inport; " - "flags.loopback = 1; " - "output; " - "};", - !strcmp(op->nbsp->type, "router") ? - "nd_na_router" : "nd_na", - op->lsp_addrs[i].ea_s, - op->lsp_addrs[i].ipv6_addrs[j].addr_s, - op->lsp_addrs[i].ipv6_addrs[j].addr_s, - op->lsp_addrs[i].ea_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 50, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - - /* Do not reply to a solicitation from the port that owns - * the address (otherwise DAD detection will fail). */ - ds_put_format(&match, " && inport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(&match), "next;", - &op->nbsp->header_); - } - } - } + build_lswitch_arp_nd_responder_known_op( + op, lflows, ports, &match, &actions); } - /* Ingress table 13: ARP/ND responder, by default goto next. - * (priority 0)*/ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 0, "1", "next;"); + build_lswitch_arp_nd_responder_od(od, lflows); } - /* Ingress table 13: ARP/ND responder for service monitor source ip. - * (priority 110)*/ - struct ovn_lb *lb; HMAP_FOR_EACH (lb, hmap_node, lbs) { - for (size_t i = 0; i < lb->n_vips; i++) { - if (!lb->vips[i].health_check) { - continue; - } - - for (size_t j = 0; j < lb->vips[i].n_backends; j++) { - if (!lb->vips[i].backends[j].op || - !lb->vips[i].backends[j].svc_mon_src_ip) { - continue; - } - - ds_clear(&match); - ds_put_format(&match, "arp.tpa == %s && arp.op == 1", - lb->vips[i].backends[j].svc_mon_src_ip); - ds_clear(&actions); - ds_put_format(&actions, - "eth.dst = eth.src; " - "eth.src = %s; " - "arp.op = 2; /* ARP reply */ " - "arp.tha = arp.sha; " - "arp.sha = %s; " - "arp.tpa = arp.spa; " - "arp.spa = %s; " - "outport = inport; " - "flags.loopback = 1; " - "output;", - svc_monitor_mac, svc_monitor_mac, - lb->vips[i].backends[j].svc_mon_src_ip); - ovn_lflow_add_with_hint(lflows, - lb->vips[i].backends[j].op->od, - S_SWITCH_IN_ARP_ND_RSP, 110, - ds_cstr(&match), ds_cstr(&actions), - &lb->nlb->header_); - } - } + build_lswitch_arp_nd_responder_lb( + lb, lflows, &match, &actions); } @@ -7470,6 +7285,240 @@ build_lswitch_ingress_admission_control(struct ovn_datapath *od, } } +static void +build_lswitch_arp_nd_responder_op( + struct ovn_port *op, struct hmap *lflows, + struct ds *match) +{ + if (op->nbsp) { + if ((!strcmp(op->nbsp->type, "localnet")) || + (!strcmp(op->nbsp->type, "vtep"))) { + ds_clear(match); + ds_put_format(match, "inport == %s", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(match), "next;", + &op->nbsp->header_); + } + } +} + +static void +build_lswitch_arp_nd_responder_known_op( + struct ovn_port *op, struct hmap *lflows, + struct hmap *ports, + struct ds *match, struct ds *actions) +{ + if (op->nbsp) { + + if (!strcmp(op->nbsp->type, "virtual")) { + /* Handle + * - GARPs for virtual ip which belongs to a logical port + * of type 'virtual' and bind that port. + * + * - ARP reply from the virtual ip which belongs to a logical + * port of type 'virtual' and bind that port. + * */ + ovs_be32 ip; + const char *virtual_ip = smap_get(&op->nbsp->options, + "virtual-ip"); + const char *virtual_parents = smap_get(&op->nbsp->options, + "virtual-parents"); + if (!virtual_ip || !virtual_parents || + !ip_parse(virtual_ip, &ip)) { + return; + } + + char *tokstr = xstrdup(virtual_parents); + char *save_ptr = NULL; + char *vparent; + for (vparent = strtok_r(tokstr, ",", &save_ptr); vparent != NULL; + vparent = strtok_r(NULL, ",", &save_ptr)) { + struct ovn_port *vp = ovn_port_find(ports, vparent); + if (!vp || vp->od != op->od) { + /* vparent name should be valid and it should belong + * to the same logical switch. */ + continue; + } + + ds_clear(match); + ds_put_format(match, "inport == \"%s\" && " + "((arp.op == 1 && arp.spa == %s && " + "arp.tpa == %s) || (arp.op == 2 && " + "arp.spa == %s))", + vparent, virtual_ip, virtual_ip, + virtual_ip); + ds_clear(actions); + ds_put_format(actions, + "bind_vport(%s, inport); " + "next;", + op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), ds_cstr(actions), + &vp->nbsp->header_); + } + + free(tokstr); + } else { + /* + * Add ARP/ND reply flows if either the + * - port is up and it doesn't have 'unknown' address defined or + * - port type is router or + * - port type is localport + */ + if (check_lsp_is_up && + !lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") && + strcmp(op->nbsp->type, "localport")) { + return; + } + + if (lsp_is_external(op->nbsp) || op->has_unknown) { + return; + } + + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { + ds_clear(match); + ds_put_format(match, "arp.tpa == %s && arp.op == 1", + op->lsp_addrs[i].ipv4_addrs[j].addr_s); + ds_clear(actions); + ds_put_format(actions, + "eth.dst = eth.src; " + "eth.src = %s; " + "arp.op = 2; /* ARP reply */ " + "arp.tha = arp.sha; " + "arp.sha = %s; " + "arp.tpa = arp.spa; " + "arp.spa = %s; " + "outport = inport; " + "flags.loopback = 1; " + "output;", + op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ea_s, + op->lsp_addrs[i].ipv4_addrs[j].addr_s); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 50, + ds_cstr(match), + ds_cstr(actions), + &op->nbsp->header_); + + /* Do not reply to an ARP request from the port that owns + * the address (otherwise a DHCP client that ARPs to check + * for a duplicate address will fail). Instead, forward + * it the usual way. + * + * (Another alternative would be to simply drop the packet. + * If everything is working as it is configured, then this + * would produce equivalent results, since no one should + * reply to the request. But ARPing for one's own IP + * address is intended to detect situations where the + * network is not working as configured, so dropping the + * request would frustrate that intent.) */ + ds_put_format(match, " && inport == %s", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), "next;", + &op->nbsp->header_); + } + + /* For ND solicitations, we need to listen for both the + * unicast IPv6 address and its all-nodes multicast address, + * but always respond with the unicast IPv6 address. */ + for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { + ds_clear(match); + ds_put_format(match, + "nd_ns && ip6.dst == {%s, %s} && nd.target == %s", + op->lsp_addrs[i].ipv6_addrs[j].addr_s, + op->lsp_addrs[i].ipv6_addrs[j].sn_addr_s, + op->lsp_addrs[i].ipv6_addrs[j].addr_s); + + ds_clear(actions); + ds_put_format(actions, + "%s { " + "eth.src = %s; " + "ip6.src = %s; " + "nd.target = %s; " + "nd.tll = %s; " + "outport = inport; " + "flags.loopback = 1; " + "output; " + "};", + !strcmp(op->nbsp->type, "router") ? + "nd_na_router" : "nd_na", + op->lsp_addrs[i].ea_s, + op->lsp_addrs[i].ipv6_addrs[j].addr_s, + op->lsp_addrs[i].ipv6_addrs[j].addr_s, + op->lsp_addrs[i].ea_s); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 50, + ds_cstr(match), + ds_cstr(actions), + &op->nbsp->header_); + + /* Do not reply to a solicitation from the port that owns + * the address (otherwise DAD detection will fail). */ + ds_put_format(match, " && inport == %s", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), "next;", + &op->nbsp->header_); + } + } + } + } + +} + +static void +build_lswitch_arp_nd_responder_od( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbs) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 0, "1", "next;"); + } +} + +static void +build_lswitch_arp_nd_responder_lb( + struct ovn_lb *lb, struct hmap *lflows, + struct ds *match, struct ds *actions) +{ + for (size_t i = 0; i < lb->n_vips; i++) { + if (!lb->vips[i].health_check) { + continue; + } + + for (size_t j = 0; j < lb->vips[i].n_backends; j++) { + if (!lb->vips[i].backends[j].op || + !lb->vips[i].backends[j].svc_mon_src_ip) { + continue; + } + + ds_clear(match); + ds_put_format(match, "arp.tpa == %s && arp.op == 1", + lb->vips[i].backends[j].svc_mon_src_ip); + ds_clear(actions); + ds_put_format(actions, + "eth.dst = eth.src; " + "eth.src = %s; " + "arp.op = 2; /* ARP reply */ " + "arp.tha = arp.sha; " + "arp.sha = %s; " + "arp.tpa = arp.spa; " + "arp.spa = %s; " + "outport = inport; " + "flags.loopback = 1; " + "output;", + svc_monitor_mac, svc_monitor_mac, + lb->vips[i].backends[j].svc_mon_src_ip); + ovn_lflow_add_with_hint(lflows, + lb->vips[i].backends[j].op->od, + S_SWITCH_IN_ARP_ND_RSP, 110, + ds_cstr(match), ds_cstr(actions), + &lb->nlb->header_); + } + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366999 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHKh3RZVz9sT6 for ; Sat, 19 Sep 2020 01:08:56 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id DB6EB2E279; Fri, 18 Sep 2020 15:08:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtHnpqOHDUrD; Fri, 18 Sep 2020 15:08:44 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 7D7D72E23B; Fri, 18 Sep 2020 15:08:26 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5771BC0895; Fri, 18 Sep 2020 15:08:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 69BBEC0051 for ; Fri, 18 Sep 2020 15:08:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 53D618741F for ; Fri, 18 Sep 2020 15:08:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P9sqmhcH6FsN for ; Fri, 18 Sep 2020 15:08:22 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 9E50887411 for ; Fri, 18 Sep 2020 15:08:22 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzp-0004by-6V; Fri, 18 Sep 2020 15:08:21 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzm-0000UP-Fn; Fri, 18 Sep 2020 16:08:20 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:49 +0100 Message-Id: <20200918150756.3414-8-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 07/14] ovn-northd: move out DHCP response into a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 101 ++++++++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 46 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index d2ea737a5..e4ca8670f 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6773,6 +6773,12 @@ build_lswitch_arp_nd_responder_lb( struct ovn_lb *lb, struct hmap *lflows, struct ds *match, struct ds *actions); +/* Logical switch ingress table 14 and 15: DHCP options and response + * priority 100 flows. */ +static void +build_lswitch_dhcp_response( + struct ovn_port *op, struct hmap *lflows); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6837,55 +6843,11 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, lb, lflows, &match, &actions); } - - /* Logical switch ingress table 14 and 15: DHCP options and response - * priority 100 flows. */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp) { - continue; - } - - if (!lsp_is_enabled(op->nbsp) || !strcmp(op->nbsp->type, "router")) { - /* Don't add the DHCP flows if the port is not enabled or if the - * port is a router port. */ - continue; - } - - if (!op->nbsp->dhcpv4_options && !op->nbsp->dhcpv6_options) { - /* CMS has disabled both native DHCPv4 and DHCPv6 for this lport. - */ - continue; - } - - bool is_external = lsp_is_external(op->nbsp); - if (is_external && (!op->od->n_localnet_ports || - !op->nbsp->ha_chassis_group)) { - /* If it's an external port and there are no localnet ports - * and if it doesn't belong to an HA chassis group ignore it. */ - continue; - } - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - if (is_external) { - for (size_t j = 0; j < op->od->n_localnet_ports; j++) { - build_dhcpv4_options_flows( - op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, - lflows); - build_dhcpv6_options_flows( - op, &op->lsp_addrs[i], - op->od->localnet_ports[j]->json_key, is_external, - lflows); - } - } else { - build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op->json_key, - is_external, lflows); - build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op->json_key, - is_external, lflows); - } - } + build_lswitch_dhcp_response(op, lflows); } + /* Logical switch ingress table 17 and 18: DNS lookup and response * priority 100 flows. */ @@ -7519,6 +7481,53 @@ build_lswitch_arp_nd_responder_lb( } } +static void +build_lswitch_dhcp_response( + struct ovn_port *op, struct hmap *lflows) +{ + if (op->nbsp) { + if (!lsp_is_enabled(op->nbsp) || !strcmp(op->nbsp->type, "router")) { + /* Don't add the DHCP flows if the port is not enabled or if the + * port is a router port. */ + return; + } + + if (!op->nbsp->dhcpv4_options && !op->nbsp->dhcpv6_options) { + /* CMS has disabled both native DHCPv4 and DHCPv6 for this lport. + */ + return; + } + + bool is_external = lsp_is_external(op->nbsp); + if (is_external && (!op->od->n_localnet_ports || + !op->nbsp->ha_chassis_group)) { + /* If it's an external port and there are no localnet ports + * and if it doesn't belong to an HA chassis group ignore it. */ + return; + } + + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + if (is_external) { + for (size_t j = 0; j < op->od->n_localnet_ports; j++) { + build_dhcpv4_options_flows( + op, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external, + lflows); + build_dhcpv6_options_flows( + op, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external, + lflows); + } + } else { + build_dhcpv4_options_flows(op, &op->lsp_addrs[i], op->json_key, + is_external, lflows); + build_dhcpv6_options_flows(op, &op->lsp_addrs[i], op->json_key, + is_external, lflows); + } + } + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367000 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHKz1nTGz9sRK for ; Sat, 19 Sep 2020 01:09:11 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B57702E21A; Fri, 18 Sep 2020 15:09:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1unGdtwHQDQT; Fri, 18 Sep 2020 15:09:03 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 45A9F2E24C; Fri, 18 Sep 2020 15:08:29 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id ECA03C08A8; Fri, 18 Sep 2020 15:08:28 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 34869C0888 for ; Fri, 18 Sep 2020 15:08:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 218A38743E for ; Fri, 18 Sep 2020 15:08:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6xR0hG2ANsX3 for ; Fri, 18 Sep 2020 15:08:24 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 49CC887432 for ; Fri, 18 Sep 2020 15:08:24 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzq-0004c5-SH; Fri, 18 Sep 2020 15:08:23 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzo-0000UP-64; Fri, 18 Sep 2020 16:08:21 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:50 +0100 Message-Id: <20200918150756.3414-9-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 08/14] ovn-northd: move lswitch dns lookup/response into a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 51 ++++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e4ca8670f..e9a3a0fc9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6779,6 +6779,12 @@ static void build_lswitch_dhcp_response( struct ovn_port *op, struct hmap *lflows); +/* Logical switch ingress table 17 and 18: DNS lookup and response + * priority 100 flows. + */ +static void +build_lswitch_dns_lookup_response( + struct ovn_datapath *od, struct hmap *lflows); /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6847,29 +6853,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_dhcp_response(op, lflows); } - - /* Logical switch ingress table 17 and 18: DNS lookup and response - * priority 100 flows. - */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs || !ls_has_dns_records(od->nbs)) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 100, - "udp.dst == 53", - REGBIT_DNS_LOOKUP_RESULT" = dns_lookup(); next;"); - const char *dns_action = "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " - "udp.dst = udp.src; udp.src = 53; outport = inport; " - "flags.loopback = 1; output;"; - const char *dns_match = "udp.dst == 53 && "REGBIT_DNS_LOOKUP_RESULT; - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, - dns_match, dns_action); - dns_action = "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " - "udp.dst = udp.src; udp.src = 53; outport = inport; " - "flags.loopback = 1; output;"; - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, - dns_match, dns_action); + build_lswitch_dns_lookup_response(od, lflows); } /* Ingress table 14 and 15: DHCP options and response, by default goto @@ -7528,6 +7513,28 @@ build_lswitch_dhcp_response( } } +static void +build_lswitch_dns_lookup_response( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (!(!od->nbs || !ls_has_dns_records(od->nbs))) { + + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 100, + "udp.dst == 53", + REGBIT_DNS_LOOKUP_RESULT" = dns_lookup(); next;"); + const char *dns_action = "eth.dst <-> eth.src; ip4.src <-> ip4.dst; " + "udp.dst = udp.src; udp.src = 53; outport = inport; " + "flags.loopback = 1; output;"; + const char *dns_match = "udp.dst == 53 && "REGBIT_DNS_LOOKUP_RESULT; + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, + dns_match, dns_action); + dns_action = "eth.dst <-> eth.src; ip6.src <-> ip6.dst; " + "udp.dst = udp.src; udp.src = 53; outport = inport; " + "flags.loopback = 1; output;"; + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100, + dns_match, dns_action); + } +} /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1366996 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHKY2xzFz9sTC for ; Sat, 19 Sep 2020 01:08:49 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id E577E87825; Fri, 18 Sep 2020 15:08:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixTjhDsE7Zes; Fri, 18 Sep 2020 15:08:45 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 8D70D87851; Fri, 18 Sep 2020 15:08:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 569BBC1D8C; Fri, 18 Sep 2020 15:08:30 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 01AD3C08A8 for ; Fri, 18 Sep 2020 15:08:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id D501787856 for ; Fri, 18 Sep 2020 15:08:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nBdODFWW8oKy for ; Fri, 18 Sep 2020 15:08:26 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id 01F2487830 for ; Fri, 18 Sep 2020 15:08:25 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJHzs-0004cB-IV; Fri, 18 Sep 2020 15:08:24 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzp-0000UP-S9; Fri, 18 Sep 2020 16:08:23 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:51 +0100 Message-Id: <20200918150756.3414-10-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 09/14] ovn-northd: move per datapath dhcp response to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e9a3a0fc9..afc35624d 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6785,6 +6785,17 @@ build_lswitch_dhcp_response( static void build_lswitch_dns_lookup_response( struct ovn_datapath *od, struct hmap *lflows); + +/* Ingress table 14 and 15: DHCP options and response, by default goto + * next. (priority 0). + * Ingress table 16 and 17: DNS lookup and response, by default goto next. + * (priority 0). + * Ingress table 18 - External port handling, by default goto next. + * (priority 0). */ +static void +build_lswitch_dhcp_and_dns_response( + struct ovn_datapath *od, struct hmap *lflows); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6857,23 +6868,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_dns_lookup_response(od, lflows); } - /* Ingress table 14 and 15: DHCP options and response, by default goto - * next. (priority 0). - * Ingress table 16 and 17: DNS lookup and response, by default goto next. - * (priority 0). - * Ingress table 18 - External port handling, by default goto next. - * (priority 0). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_OPTIONS, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 0, "1", "next;"); - ovn_lflow_add(lflows, od, S_SWITCH_IN_EXTERNAL_PORT, 0, "1", "next;"); + build_lswitch_dhcp_and_dns_response(od, lflows); } HMAP_FOR_EACH (op, key_node, ports) { @@ -7535,6 +7531,20 @@ build_lswitch_dns_lookup_response( dns_match, dns_action); } } + +static void +build_lswitch_dhcp_and_dns_response( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbs) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_OPTIONS, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 0, "1", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_IN_EXTERNAL_PORT, 0, "1", "next;"); + } + +} /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367020 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHsg3hqqz9sTv for ; Sat, 19 Sep 2020 01:33:11 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 12CE9878A9; Fri, 18 Sep 2020 15:33:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uPlUEo8A27k; Fri, 18 Sep 2020 15:33:08 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id DBA1E87872; Fri, 18 Sep 2020 15:33:08 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A612BC08A5; Fri, 18 Sep 2020 15:33:08 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 74E71C0051 for ; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 641F987858 for ; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhwLnMTuhCqp for ; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by hemlock.osuosl.org (Postfix) with ESMTPS id D16BF87850 for ; Fri, 18 Sep 2020 15:33:03 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJINi-0004gh-BG; Fri, 18 Sep 2020 15:33:02 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzr-0000UP-Id; Fri, 18 Sep 2020 16:08:25 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:52 +0100 Message-Id: <20200918150756.3414-11-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 10/14] ovn-northd: move external port arp handling to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index afc35624d..a66453d19 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6796,6 +6796,14 @@ static void build_lswitch_dhcp_and_dns_response( struct ovn_datapath *od, struct hmap *lflows); +/* Table 18: External port. Drop ARP request for router ips from + * external ports on chassis not binding those ports. + * This makes the router pipeline to be run only on the chassis + * binding the external ports. */ +static void +build_lswitch_external_ports_op( + struct ovn_port *op, struct hmap *lflows); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6873,18 +6881,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || !lsp_is_external(op->nbsp)) { - continue; - } - - /* Table 18: External port. Drop ARP request for router ips from - * external ports on chassis not binding those ports. - * This makes the router pipeline to be run only on the chassis - * binding the external ports. */ - for (size_t i = 0; i < op->od->n_localnet_ports; i++) { - build_drop_arp_nd_flows_for_unbound_router_ports( - op, op->od->localnet_ports[i], lflows); - } + build_lswitch_external_ports_op(op, lflows); } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); @@ -7545,6 +7542,24 @@ build_lswitch_dhcp_and_dns_response( } } + +static void +build_lswitch_external_ports_op( + struct ovn_port *op, struct hmap *lflows) +{ + if (!(!op->nbsp || !lsp_is_external(op->nbsp))) { + + /* Table 18: External port. Drop ARP request for router ips from + * external ports on chassis not binding those ports. + * This makes the router pipeline to be run only on the chassis + * binding the external ports. */ + for (size_t i = 0; i < op->od->n_localnet_ports; i++) { + build_drop_arp_nd_flows_for_unbound_router_ports( + op, op->od->localnet_ports[i], lflows); + } + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367023 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHsj5v9jz9sT6 for ; Sat, 19 Sep 2020 01:33:13 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 634DE8744B; Fri, 18 Sep 2020 15:33:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMTVeAzS95id; Fri, 18 Sep 2020 15:33:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 18E008740E; Fri, 18 Sep 2020 15:33:10 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E9580C0895; Fri, 18 Sep 2020 15:33:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 491FAC0891 for ; Fri, 18 Sep 2020 15:33:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5F55287788 for ; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9-9aojgWgI88 for ; Fri, 18 Sep 2020 15:33:03 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 994088778A for ; Fri, 18 Sep 2020 15:33:02 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJINh-0004gb-2Q; Fri, 18 Sep 2020 15:33:01 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzt-0000UP-7r; Fri, 18 Sep 2020 16:08:27 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:53 +0100 Message-Id: <20200918150756.3414-12-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 11/14] ovn-northd: move destination lookup b/mcast handling to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 169 ++++++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 78 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index a66453d19..ac4f63888 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6804,6 +6804,13 @@ static void build_lswitch_external_ports_op( struct ovn_port *op, struct hmap *lflows); +/* Ingress table 19: Destination lookup, broadcast and multicast handling + * (priority 70 - 100). */ +static void +build_lswitch_destination_lookup_brodcast_multicast( + struct ovn_datapath *od, struct hmap *lflows, + char *svc_check_match, struct ds *actions); + /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6885,85 +6892,9 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); - /* Ingress table 19: Destination lookup, broadcast and multicast handling - * (priority 70 - 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, svc_check_match, - "handle_svc_check(inport);"); - - struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; - - if (mcast_sw_info->enabled) { - ds_clear(&actions); - if (mcast_sw_info->flood_reports) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_MROUTER_STATIC"\"; " - "output; " - "};"); - } - ds_put_cstr(&actions, "igmp;"); - /* Punt IGMP traffic to controller. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, - "ip4 && ip.proto == 2", ds_cstr(&actions)); - - /* Punt MLD traffic to controller. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, - "mldv1 || mldv2", ds_cstr(&actions)); - - /* Flood all IP multicast traffic destined to 224.0.0.X to all - * ports - RFC 4541, section 2.1.2, item 2. - */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, - "ip4.mcast && ip4.dst == 224.0.0.0/24", - "outport = \""MC_FLOOD"\"; output;"); - - /* Flood all IPv6 multicast traffic destined to reserved - * multicast IPs (RFC 4291, 2.7.1). - */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, - "ip6.mcast_flood", - "outport = \""MC_FLOOD"\"; output;"); - - /* Forward uregistered IP multicast to routers with relay enabled - * and to any ports configured to flood IP multicast traffic. - * If configured to flood unregistered traffic this will be - * handled by the L2 multicast flow. - */ - if (!mcast_sw_info->flood_unregistered) { - ds_clear(&actions); - - if (mcast_sw_info->flood_relay) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_MROUTER_FLOOD"\"; " - "output; " - "}; "); - } - - if (mcast_sw_info->flood_static) { - ds_put_cstr(&actions, "outport =\""MC_STATIC"\"; output;"); - } - - /* Explicitly drop the traffic if relay or static flooding - * is not configured. - */ - if (!mcast_sw_info->flood_relay && - !mcast_sw_info->flood_static) { - ds_put_cstr(&actions, "drop;"); - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80, - "ip4.mcast || ip6.mcast", ds_cstr(&actions)); - } - } - - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast", - "outport = \""MC_FLOOD"\"; output;"); + build_lswitch_destination_lookup_brodcast_multicast( + od, lflows, svc_check_match, &actions); } free(svc_check_match); @@ -7560,6 +7491,88 @@ build_lswitch_external_ports_op( } } +static void +build_lswitch_destination_lookup_brodcast_multicast( + struct ovn_datapath *od, struct hmap *lflows, + char *svc_check_match, struct ds *actions) +{ + if (od->nbs) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, svc_check_match, + "handle_svc_check(inport);"); + + struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; + + if (mcast_sw_info->enabled) { + ds_clear(actions); + if (mcast_sw_info->flood_reports) { + ds_put_cstr(actions, + "clone { " + "outport = \""MC_MROUTER_STATIC"\"; " + "output; " + "};"); + } + ds_put_cstr(actions, "igmp;"); + /* Punt IGMP traffic to controller. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, + "ip4 && ip.proto == 2", ds_cstr(actions)); + + /* Punt MLD traffic to controller. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100, + "mldv1 || mldv2", ds_cstr(actions)); + + /* Flood all IP multicast traffic destined to 224.0.0.X to all + * ports - RFC 4541, section 2.1.2, item 2. + */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, + "ip4.mcast && ip4.dst == 224.0.0.0/24", + "outport = \""MC_FLOOD"\"; output;"); + + /* Flood all IPv6 multicast traffic destined to reserved + * multicast IPs (RFC 4291, 2.7.1). + */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85, + "ip6.mcast_flood", + "outport = \""MC_FLOOD"\"; output;"); + + /* Forward uregistered IP multicast to routers with relay enabled + * and to any ports configured to flood IP multicast traffic. + * If configured to flood unregistered traffic this will be + * handled by the L2 multicast flow. + */ + if (!mcast_sw_info->flood_unregistered) { + ds_clear(actions); + + if (mcast_sw_info->flood_relay) { + ds_put_cstr(actions, + "clone { " + "outport = \""MC_MROUTER_FLOOD"\"; " + "output; " + "}; "); + } + + if (mcast_sw_info->flood_static) { + ds_put_cstr(actions, "outport =\""MC_STATIC"\"; output;"); + } + + /* Explicitly drop the traffic if relay or static flooding + * is not configured. + */ + if (!mcast_sw_info->flood_relay && + !mcast_sw_info->flood_static) { + ds_put_cstr(actions, "drop;"); + } + + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80, + "ip4.mcast || ip6.mcast", ds_cstr(actions)); + } + } + + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast", + "outport = \""MC_FLOOD"\"; output;"); + } + +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367024 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHsm4pWcz9sT6 for ; Sat, 19 Sep 2020 01:33:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 6BF16874AE; Fri, 18 Sep 2020 15:33:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KfHk-721X8_L; Fri, 18 Sep 2020 15:33:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3EC8C87434; Fri, 18 Sep 2020 15:33:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 06FF6C0893; Fri, 18 Sep 2020 15:33:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1B2C5C0051 for ; Fri, 18 Sep 2020 15:33:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0D8FA87400 for ; Fri, 18 Sep 2020 15:33:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5Be55A3maHr for ; Fri, 18 Sep 2020 15:33:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 105E28740F for ; Fri, 18 Sep 2020 15:33:05 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJINj-0004gn-JY; Fri, 18 Sep 2020 15:33:03 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzv-0000UP-0o; Fri, 18 Sep 2020 16:08:28 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:54 +0100 Message-Id: <20200918150756.3414-13-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 12/14] ovn-northd: move mcast flow learned from IGMP/MLD to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 144 ++++++++++++++++++++++++-------------------- 1 file changed, 79 insertions(+), 65 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ac4f63888..9e55d98bc 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6811,6 +6811,13 @@ build_lswitch_destination_lookup_brodcast_multicast( struct ovn_datapath *od, struct hmap *lflows, char *svc_check_match, struct ds *actions); +/* Ingress table 19: Add IP multicast flows learnt from IGMP/MLD + * (priority 90). */ +static void +build_lswitch_multicast_igmp_mld( + struct ovn_igmp_group *igmp_group, + struct hmap *lflows, + struct ds *match, struct ds *actions); /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6834,6 +6841,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct ovn_datapath *od; struct ovn_port *op; struct ovn_lb *lb; + struct ovn_igmp_group *igmp_group; HMAP_FOR_EACH (od, key_node, datapaths) { build_lswitch_flows_pre_acl_and_acl(od, lflows, @@ -6898,72 +6906,9 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } free(svc_check_match); - /* Ingress table 19: Add IP multicast flows learnt from IGMP/MLD - * (priority 90). */ - struct ovn_igmp_group *igmp_group; - HMAP_FOR_EACH (igmp_group, hmap_node, igmp_groups) { - if (!igmp_group->datapath) { - continue; - } - - ds_clear(&match); - ds_clear(&actions); - - struct mcast_switch_info *mcast_sw_info = - &igmp_group->datapath->mcast_info.sw; - - if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { - /* RFC 4541, section 2.1.2, item 2: Skip groups in the 224.0.0.X - * range. - */ - ovs_be32 group_address = - in6_addr_get_mapped_ipv4(&igmp_group->address); - if (ip_is_local_multicast(group_address)) { - continue; - } - - if (mcast_sw_info->active_v4_flows >= mcast_sw_info->table_size) { - continue; - } - mcast_sw_info->active_v4_flows++; - ds_put_format(&match, "eth.mcast && ip4 && ip4.dst == %s ", - igmp_group->mcgroup.name); - } else { - /* RFC 4291, section 2.7.1: Skip groups that correspond to all - * hosts. - */ - if (ipv6_is_all_hosts(&igmp_group->address)) { - continue; - } - if (mcast_sw_info->active_v6_flows >= mcast_sw_info->table_size) { - continue; - } - mcast_sw_info->active_v6_flows++; - ds_put_format(&match, "eth.mcast && ip6 && ip6.dst == %s ", - igmp_group->mcgroup.name); - } - - /* Also flood traffic to all multicast routers with relay enabled. */ - if (mcast_sw_info->flood_relay) { - ds_put_cstr(&actions, - "clone { " - "outport = \""MC_MROUTER_FLOOD "\"; " - "output; " - "};"); - } - if (mcast_sw_info->flood_static) { - ds_put_cstr(&actions, - "clone { " - "outport =\""MC_STATIC"\"; " - "output; " - "};"); - } - ds_put_format(&actions, "outport = \"%s\"; output; ", - igmp_group->mcgroup.name); - - ovn_lflow_add(lflows, igmp_group->datapath, S_SWITCH_IN_L2_LKUP, 90, - ds_cstr(&match), ds_cstr(&actions)); + build_lswitch_multicast_igmp_mld( + igmp_group, lflows, &match, &actions); } /* Ingress table 19: Destination lookup, unicast handling (priority 50), */ @@ -7573,6 +7518,75 @@ build_lswitch_destination_lookup_brodcast_multicast( } +static void +build_lswitch_multicast_igmp_mld( + struct ovn_igmp_group *igmp_group, + struct hmap *lflows, + struct ds *match, struct ds *actions) +{ + if (igmp_group->datapath) { + + ds_clear(match); + ds_clear(actions); + + struct mcast_switch_info *mcast_sw_info = + &igmp_group->datapath->mcast_info.sw; + + if (IN6_IS_ADDR_V4MAPPED(&igmp_group->address)) { + /* RFC 4541, section 2.1.2, item 2: Skip groups in the 224.0.0.X + * range. + */ + ovs_be32 group_address = + in6_addr_get_mapped_ipv4(&igmp_group->address); + if (ip_is_local_multicast(group_address)) { + continue; + } + + if (mcast_sw_info->active_v4_flows >= mcast_sw_info->table_size) { + continue; + } + mcast_sw_info->active_v4_flows++; + ds_put_format(match, "eth.mcast && ip4 && ip4.dst == %s ", + igmp_group->mcgroup.name); + } else { + /* RFC 4291, section 2.7.1: Skip groups that correspond to all + * hosts. + */ + if (ipv6_is_all_hosts(&igmp_group->address)) { + continue; + } + if (mcast_sw_info->active_v6_flows >= mcast_sw_info->table_size) { + continue; + } + mcast_sw_info->active_v6_flows++; + ds_put_format(match, "eth.mcast && ip6 && ip6.dst == %s ", + igmp_group->mcgroup.name); + } + + /* Also flood traffic to all multicast routers with relay enabled. */ + if (mcast_sw_info->flood_relay) { + ds_put_cstr(actions, + "clone { " + "outport = \""MC_MROUTER_FLOOD "\"; " + "output; " + "};"); + } + if (mcast_sw_info->flood_static) { + ds_put_cstr(actions, + "clone { " + "outport =\""MC_STATIC"\"; " + "output; " + "};"); + } + ds_put_format(actions, "outport = \"%s\"; output; ", + igmp_group->mcgroup.name); + + ovn_lflow_add(lflows, igmp_group->datapath, S_SWITCH_IN_L2_LKUP, 90, + ds_cstr(match), ds_cstr(actions)); + } + +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367021 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHsf3s18z9sTs for ; Sat, 19 Sep 2020 01:33:10 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id E2D0E87898; Fri, 18 Sep 2020 15:33:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBQnAbsiCkzP; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 91A27877D4; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8604EC088B; Fri, 18 Sep 2020 15:33:04 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id F3FCDC0051 for ; Fri, 18 Sep 2020 15:33:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id DA07A877CE for ; Fri, 18 Sep 2020 15:33:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61fcdzX4kujx for ; Fri, 18 Sep 2020 15:33:01 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id 4312A872C8 for ; Fri, 18 Sep 2020 15:33:01 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJINf-0004gV-J1; Fri, 18 Sep 2020 15:32:59 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzw-0000UP-O6; Fri, 18 Sep 2020 16:08:30 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:55 +0100 Message-Id: <20200918150756.3414-14-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 13/14] ovn-northd: move destination lookup and unicast to a function X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 289 +++++++++++++++++++++++--------------------- 1 file changed, 152 insertions(+), 137 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 9e55d98bc..73db942d5 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6818,6 +6818,13 @@ build_lswitch_multicast_igmp_mld( struct ovn_igmp_group *igmp_group, struct hmap *lflows, struct ds *match, struct ds *actions); + +/* Ingress table 19: Destination lookup, unicast handling (priority 50), */ +static void +build_lswitch_destination_lookup_and_unicast( + struct ovn_port *op, struct hmap *lflows, + struct hmap *mcgroups, + struct ds *match, struct ds *actions); /* * Do not remove this comment - it is here as a marker to * make diffs readable. @@ -6911,140 +6918,9 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, igmp_group, lflows, &match, &actions); } - /* Ingress table 19: Destination lookup, unicast handling (priority 50), */ HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || lsp_is_external(op->nbsp)) { - continue; - } - - /* For ports connected to logical routers add flows to bypass the - * broadcast flooding of ARP/ND requests in table 19. We direct the - * requests only to the router port that owns the IP address. - */ - if (!strcmp(op->nbsp->type, "router")) { - build_lswitch_rport_arp_req_flows(op->peer, op->od, op, lflows, - &op->nbsp->header_); - } - - for (size_t i = 0; i < op->nbsp->n_addresses; i++) { - /* Addresses are owned by the logical port. - * Ethernet address followed by zero or more IPv4 - * or IPv6 addresses (or both). */ - struct eth_addr mac; - if (ovs_scan(op->nbsp->addresses[i], - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, - 50, ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } else if (!strcmp(op->nbsp->addresses[i], "unknown")) { - if (lsp_is_enabled(op->nbsp)) { - ovn_multicast_add(mcgroups, &mc_unknown, op); - op->od->has_unknown = true; - } - } else if (is_dynamic_lsp_address(op->nbsp->addresses[i])) { - if (!op->nbsp->dynamic_addresses - || !ovs_scan(op->nbsp->dynamic_addresses, - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, - 50, ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } else if (!strcmp(op->nbsp->addresses[i], "router")) { - if (!op->peer || !op->peer->nbrp - || !ovs_scan(op->peer->nbrp->mac, - ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { - continue; - } - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT, - ETH_ADDR_ARGS(mac)); - if (op->peer->od->l3dgw_port - && op->peer->od->l3redirect_port - && op->od->n_localnet_ports) { - bool add_chassis_resident_check = false; - if (op->peer == op->peer->od->l3dgw_port) { - /* The peer of this port represents a distributed - * gateway port. The destination lookup flow for the - * router's distributed gateway port MAC address should - * only be programmed on the "redirect-chassis". */ - add_chassis_resident_check = true; - } else { - /* Check if the option 'reside-on-redirect-chassis' - * is set to true on the peer port. If set to true - * and if the logical switch has a localnet port, it - * means the router pipeline for the packets from - * this logical switch should be run on the chassis - * hosting the gateway port. - */ - add_chassis_resident_check = smap_get_bool( - &op->peer->nbrp->options, - "reside-on-redirect-chassis", false); - } - - if (add_chassis_resident_check) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->peer->od->l3redirect_port->json_key); - } - } - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&match), ds_cstr(&actions), - &op->nbsp->header_); - - /* Add ethernet addresses specified in NAT rules on - * distributed logical routers. */ - if (op->peer->od->l3dgw_port - && op->peer == op->peer->od->l3dgw_port) { - for (int j = 0; j < op->peer->od->nbr->n_nat; j++) { - const struct nbrec_nat *nat - = op->peer->od->nbr->nat[j]; - if (!strcmp(nat->type, "dnat_and_snat") - && nat->logical_port && nat->external_mac - && eth_addr_from_string(nat->external_mac, &mac)) { - - ds_clear(&match); - ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT - " && is_chassis_resident(\"%s\")", - ETH_ADDR_ARGS(mac), - nat->logical_port); - - ds_clear(&actions); - ds_put_format(&actions, "outport = %s; output;", - op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&match), - ds_cstr(&actions), - &op->nbsp->header_); - } - } - } - } else { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - - VLOG_INFO_RL(&rl, - "%s: invalid syntax '%s' in addresses column", - op->nbsp->name, op->nbsp->addresses[i]); - } - } + build_lswitch_destination_lookup_and_unicast( + op, lflows, mcgroups, &match, &actions); } /* Ingress table 19: Destination lookup for unknown MACs (priority 0). */ @@ -7539,11 +7415,11 @@ build_lswitch_multicast_igmp_mld( ovs_be32 group_address = in6_addr_get_mapped_ipv4(&igmp_group->address); if (ip_is_local_multicast(group_address)) { - continue; + return; } if (mcast_sw_info->active_v4_flows >= mcast_sw_info->table_size) { - continue; + return; } mcast_sw_info->active_v4_flows++; ds_put_format(match, "eth.mcast && ip4 && ip4.dst == %s ", @@ -7553,10 +7429,10 @@ build_lswitch_multicast_igmp_mld( * hosts. */ if (ipv6_is_all_hosts(&igmp_group->address)) { - continue; + return; } if (mcast_sw_info->active_v6_flows >= mcast_sw_info->table_size) { - continue; + return; } mcast_sw_info->active_v6_flows++; ds_put_format(match, "eth.mcast && ip6 && ip6.dst == %s ", @@ -7587,6 +7463,145 @@ build_lswitch_multicast_igmp_mld( } +static void +build_lswitch_destination_lookup_and_unicast( + struct ovn_port *op, struct hmap *lflows, + struct hmap *mcgroups, + struct ds *match, struct ds *actions) +{ + if (!(!op->nbsp || lsp_is_external(op->nbsp))) { + + /* For ports connected to logical routers add flows to bypass the + * broadcast flooding of ARP/ND requests in table 19. We direct the + * requests only to the router port that owns the IP address. + */ + if (!strcmp(op->nbsp->type, "router")) { + build_lswitch_rport_arp_req_flows(op->peer, op->od, op, lflows, + &op->nbsp->header_); + } + + for (size_t i = 0; i < op->nbsp->n_addresses; i++) { + /* Addresses are owned by the logical port. + * Ethernet address followed by zero or more IPv4 + * or IPv6 addresses (or both). */ + struct eth_addr mac; + if (ovs_scan(op->nbsp->addresses[i], + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + ds_clear(match); + ds_put_format(match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + + ds_clear(actions); + ds_put_format(actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, + 50, ds_cstr(match), + ds_cstr(actions), + &op->nbsp->header_); + } else if (!strcmp(op->nbsp->addresses[i], "unknown")) { + if (lsp_is_enabled(op->nbsp)) { + ovn_multicast_add(mcgroups, &mc_unknown, op); + op->od->has_unknown = true; + } + } else if (is_dynamic_lsp_address(op->nbsp->addresses[i])) { + if (!op->nbsp->dynamic_addresses + || !ovs_scan(op->nbsp->dynamic_addresses, + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + continue; + } + ds_clear(match); + ds_put_format(match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + + ds_clear(actions); + ds_put_format(actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_L2_LKUP, + 50, ds_cstr(match), + ds_cstr(actions), + &op->nbsp->header_); + } else if (!strcmp(op->nbsp->addresses[i], "router")) { + if (!op->peer || !op->peer->nbrp + || !ovs_scan(op->peer->nbrp->mac, + ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) { + continue; + } + ds_clear(match); + ds_put_format(match, "eth.dst == "ETH_ADDR_FMT, + ETH_ADDR_ARGS(mac)); + if (op->peer->od->l3dgw_port + && op->peer->od->l3redirect_port + && op->od->n_localnet_ports) { + bool add_chassis_resident_check = false; + if (op->peer == op->peer->od->l3dgw_port) { + /* The peer of this port represents a distributed + * gateway port. The destination lookup flow for the + * router's distributed gateway port MAC address should + * only be programmed on the "redirect-chassis". */ + add_chassis_resident_check = true; + } else { + /* Check if the option 'reside-on-redirect-chassis' + * is set to true on the peer port. If set to true + * and if the logical switch has a localnet port, it + * means the router pipeline for the packets from + * this logical switch should be run on the chassis + * hosting the gateway port. + */ + add_chassis_resident_check = smap_get_bool( + &op->peer->nbrp->options, + "reside-on-redirect-chassis", false); + } + + if (add_chassis_resident_check) { + ds_put_format(match, " && is_chassis_resident(%s)", + op->peer->od->l3redirect_port->json_key); + } + } + + ds_clear(actions); + ds_put_format(actions, "outport = %s; output;", op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(match), ds_cstr(actions), + &op->nbsp->header_); + + /* Add ethernet addresses specified in NAT rules on + * distributed logical routers. */ + if (op->peer->od->l3dgw_port + && op->peer == op->peer->od->l3dgw_port) { + for (int j = 0; j < op->peer->od->nbr->n_nat; j++) { + const struct nbrec_nat *nat + = op->peer->od->nbr->nat[j]; + if (!strcmp(nat->type, "dnat_and_snat") + && nat->logical_port && nat->external_mac + && eth_addr_from_string(nat->external_mac, &mac)) { + + ds_clear(match); + ds_put_format(match, "eth.dst == "ETH_ADDR_FMT + " && is_chassis_resident(\"%s\")", + ETH_ADDR_ARGS(mac), + nat->logical_port); + + ds_clear(actions); + ds_put_format(actions, "outport = %s; output;", + op->json_key); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(match), + ds_cstr(actions), + &op->nbsp->header_); + } + } + } + } else { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + + VLOG_INFO_RL(&rl, + "%s: invalid syntax '%s' in addresses column", + op->nbsp->name, op->nbsp->addresses[i]); + } + } + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. * From patchwork Fri Sep 18 15:07:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Ivanov X-Patchwork-Id: 1367019 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cambridgegreys.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BtHsX6BWpz9sTX for ; Sat, 19 Sep 2020 01:33:04 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 57CB78785A; Fri, 18 Sep 2020 15:33:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRkydKdVGmuT; Fri, 18 Sep 2020 15:33:02 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 0983F87840; Fri, 18 Sep 2020 15:33:02 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D6B18C0859; Fri, 18 Sep 2020 15:33:01 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 71978C0051 for ; Fri, 18 Sep 2020 15:33:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5A6B6873EB for ; Fri, 18 Sep 2020 15:33:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RqJlAVt4KRnq for ; Fri, 18 Sep 2020 15:32:59 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from www.kot-begemot.co.uk (ivanoab7.miniserver.com [37.128.132.42]) by whitealder.osuosl.org (Postfix) with ESMTPS id BDDD5873D7 for ; Fri, 18 Sep 2020 15:32:59 +0000 (UTC) Received: from tun252.jain.kot-begemot.co.uk ([192.168.18.6] helo=jain.kot-begemot.co.uk) by www.kot-begemot.co.uk with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kJINe-0004gQ-6z; Fri, 18 Sep 2020 15:32:58 +0000 Received: from jain.kot-begemot.co.uk ([192.168.3.3]) by jain.kot-begemot.co.uk with esmtp (Exim 4.92) (envelope-from ) id 1kJHzy-0000UP-JJ; Fri, 18 Sep 2020 16:08:32 +0100 From: anton.ivanov@cambridgegreys.com To: dev@openvswitch.org Date: Fri, 18 Sep 2020 16:07:56 +0100 Message-Id: <20200918150756.3414-15-anton.ivanov@cambridgegreys.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> References: <20200918150756.3414-1-anton.ivanov@cambridgegreys.com> MIME-Version: 1.0 X-Clacks-Overhead: GNU Terry Pratchett Cc: i.maximets@ovn.org, Anton Ivanov Subject: [ovs-dev] [PATCH ovn v2 14/14] ovn-northd: convert output port security to iterators X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Anton Ivanov 1. Convert output port security to iterators 2. Switch to reusing the match and action scrathcpads from build_lswitch_flows Signed-off-by: Anton Ivanov --- northd/ovn-northd.c | 92 +++++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 44 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 73db942d5..9a484e972 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -4807,13 +4807,10 @@ build_lswitch_input_port_sec_od( } static void -build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths, - struct hmap *lflows) +build_lswitch_output_port_sec_op( + struct ovn_port *op, struct hmap *lflows, + struct ds *match, struct ds *actions) { - struct ds actions = DS_EMPTY_INITIALIZER; - struct ds match = DS_EMPTY_INITIALIZER; - struct ovn_port *op; - /* Egress table 8: Egress port security - IP (priorities 90 and 80) * if port security enabled. * @@ -4824,57 +4821,53 @@ build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths, * Priority 150 rules drop packets to disabled logical ports, so that * they don't even receive multicast or broadcast packets. */ - HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || lsp_is_external(op->nbsp)) { - continue; - } + if (!op->nbsp || lsp_is_external(op->nbsp)) { + return; + } - ds_clear(&actions); - ds_clear(&match); + ds_clear(actions); + ds_clear(match); - ds_put_format(&match, "outport == %s", op->json_key); - if (lsp_is_enabled(op->nbsp)) { - build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, - &match); + ds_put_format(match, "outport == %s", op->json_key); + if (lsp_is_enabled(op->nbsp)) { + build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs, + match); - if (!strcmp(op->nbsp->type, "localnet")) { - const char *queue_id = smap_get(&op->sb->options, - "qdisc_queue_id"); - if (queue_id) { - ds_put_format(&actions, "set_queue(%s); ", queue_id); - } + if (!strcmp(op->nbsp->type, "localnet")) { + const char *queue_id = smap_get(&op->sb->options, + "qdisc_queue_id"); + if (queue_id) { + ds_put_format(actions, "set_queue(%s); ", queue_id); } - ds_put_cstr(&actions, "output;"); - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, - 50, ds_cstr(&match), ds_cstr(&actions), - &op->nbsp->header_); - } else { - ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, - 150, ds_cstr(&match), "drop;", - &op->nbsp->header_); } + ds_put_cstr(actions, "output;"); + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, + 50, ds_cstr(match), ds_cstr(actions), + &op->nbsp->header_); + } else { + ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, + 150, ds_cstr(match), "drop;", + &op->nbsp->header_); + } - if (op->nbsp->n_port_security) { - build_port_security_ip(P_OUT, op, lflows, &op->nbsp->header_); - } + if (op->nbsp->n_port_security) { + build_port_security_ip(P_OUT, op, lflows, &op->nbsp->header_); } +} + +static void +build_lswitch_output_port_sec_od( + struct ovn_datapath *od, struct hmap *lflows) +{ /* Egress tables 8: Egress port security - IP (priority 0) * Egress table 9: Egress port security L2 - multicast/broadcast * (priority 100). */ - struct ovn_datapath *od; - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - + if (od->nbs) { ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast", "output;"); } - - ds_destroy(&match); - ds_destroy(&actions); } static void @@ -6923,7 +6916,11 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, op, lflows, mcgroups, &match, &actions); } - /* Ingress table 19: Destination lookup for unknown MACs (priority 0). */ + /* Ingress table 19: Destination lookup for unknown MACs (priority 0). + * This cannot be parallelised because has_unknown is modified in + * build_lswitch_destination_lookup_and_unicast_op() so leaving it + * "as is" */ + HMAP_FOR_EACH (od, key_node, datapaths) { if (!od->nbs) { continue; @@ -6935,7 +6932,14 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } - build_lswitch_output_port_sec(ports, datapaths, lflows); + HMAP_FOR_EACH (op, key_node, ports) { + build_lswitch_output_port_sec_op( + op, lflows, &match, &actions); + } + + HMAP_FOR_EACH (od, key_node, datapaths) { + build_lswitch_output_port_sec_od(od, lflows); + } ds_destroy(&match); ds_destroy(&actions);