This adds a new WITH_IO_PORT() macro to fill in the optional io_port. We convert all instances of ovn_lflow_add_with_lport_and_hint() to use ovn_lflow_add(), using the WITH_IO_PORT() and WITH_HINT() macros.
Signed-off-by: Mark Michelson <[email protected]> --- northd/lflow-mgr.h | 29 +++---- northd/northd.c | 183 +++++++++++++++++++++++++-------------------- 2 files changed, 111 insertions(+), 101 deletions(-) diff --git a/northd/lflow-mgr.h b/northd/lflow-mgr.h index 895679ce1..19a51965a 100644 --- a/northd/lflow-mgr.h +++ b/northd/lflow-mgr.h @@ -118,6 +118,17 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *, .where = OVS_SOURCE_LOCATOR, #define WITH_HINT(HINT) .stage_hint = HINT +/* The IN_OUT_PORT argument tells the lport name that appears in the MATCH, + * which helps ovn-controller to bypass lflows parsing when the lport is + * not local to the chassis. The critiera of the lport to be added using this + * argument: + * + * - For ingress pipeline, the lport that is used to match "inport". + * - For egress pipeline, the lport that is used to match "outport". + * + * For now, only LS pipelines should use this argument + */ +#define WITH_IO_PORT(IO_PORT) .io_port = IO_PORT #define LFLOW_TABLE_ADD_ARGS_END } @@ -136,23 +147,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *, PRIORITY, MATCH, ACTIONS, NULL, NULL, STAGE_HINT, \ OVS_SOURCE_LOCATOR, NULL, LFLOW_REF) -/* This macro is similar to ovn_lflow_add_with_hint, except that it requires - * the IN_OUT_PORT argument, which tells the lport name that appears in the - * MATCH, which helps ovn-controller to bypass lflows parsing when the lport is - * not local to the chassis. The critiera of the lport to be added using this - * argument: - * - * - For ingress pipeline, the lport that is used to match "inport". - * - For egress pipeline, the lport that is used to match "outport". - * - * For now, only LS pipelines should use this macro. */ -#define ovn_lflow_add_with_lport_and_hint(LFLOW_TABLE, OD, STAGE, PRIORITY, \ - MATCH, ACTIONS, IN_OUT_PORT, \ - STAGE_HINT, LFLOW_REF) \ - lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \ - ACTIONS, IN_OUT_PORT, NULL, STAGE_HINT, \ - OVS_SOURCE_LOCATOR, NULL, LFLOW_REF) - /* Adds a row with the specified contents to the Logical_Flow table. */ #define ovn_lflow_add_default_drop(LFLOW_TABLE, OD, STAGE, LFLOW_REF, ...) \ lflow_table_add_lflow__( \ @@ -171,7 +165,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *, LFLOW_TABLE_ADD_ARGS_END \ ) - #define ovn_lflow_add_drop_with_desc(LFLOW_TABLE, OD, STAGE, PRIORITY, MATCH, \ DESCRIPTION, LFLOW_REF) \ lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \ diff --git a/northd/northd.c b/northd/northd.c index 2d722db5b..1c68d5499 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -5920,16 +5920,20 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows, ds_put_format(match, "inport == %s", op->json_key); if (!lsp_is_enabled(op->nbsp)) { /* Drop packets from disabled logical ports. */ - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 100, ds_cstr(match), REGBIT_PORT_SEC_DROP" = 1; next;", - op->key, &op->nbsp->header_, op->lflow_ref); + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); ds_clear(match); ds_put_format(match, "outport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_IN_L2_UNKNOWN, 50, ds_cstr(match), - debug_drop_action(), op->key, &op->nbsp->header_, op->lflow_ref); + debug_drop_action(), op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); return; } @@ -5942,19 +5946,21 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows, ds_put_format(actions, REGBIT_FROM_RAMP" = 1; "); ds_put_format(actions, "next(pipeline=ingress, table=%d);", ovn_stage_get_table(S_SWITCH_IN_HAIRPIN)); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_CHECK_PORT_SEC, 70, - ds_cstr(match), ds_cstr(actions), - op->key, &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_CHECK_PORT_SEC, 70, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } else if (queue_id) { ds_put_cstr(actions, REGBIT_PORT_SEC_DROP" = check_in_port_sec(); next;"); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_CHECK_PORT_SEC, 70, - ds_cstr(match), ds_cstr(actions), - op->key, &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_CHECK_PORT_SEC, 70, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); if (!lsp_is_localnet(op->nbsp) && vector_is_empty(&op->od->localnet_ports)) { @@ -5967,28 +5973,32 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct lflow_table *lflows, ds_clear(match); if (lsp_is_localnet(op->nbsp)) { ds_put_format(match, "outport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_OUT_APPLY_PORT_SEC, 100, - ds_cstr(match), ds_cstr(actions), - op->key, &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_OUT_APPLY_PORT_SEC, 100, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } else if (!vector_is_empty(&op->od->localnet_ports)) { const struct ovn_port *lp = vector_get(&op->od->localnet_ports, 0, struct ovn_port *); ds_put_format(match, "outport == %s && inport == %s", lp->json_key, op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, + ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_APPLY_PORT_SEC, 110, ds_cstr(match), ds_cstr(actions), - lp->key, &lp->nbsp->header_, op->lflow_ref); + op->lflow_ref, + WITH_IO_PORT(lp->key), + WITH_HINT(&lp->nbsp->header_)); } } else if (lsp_is_router(op->nbsp)) { ds_put_format(actions, REGBIT_FROM_ROUTER_PORT" = 1; next;"); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_CHECK_PORT_SEC, 70, - ds_cstr(match), ds_cstr(actions), - op->key, &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_CHECK_PORT_SEC, 70, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } } @@ -6016,24 +6026,25 @@ build_lswitch_learn_fdb_op( } ds_put_format(actions, REGBIT_LKUP_FDB " = lookup_fdb(inport, eth.src); next;"); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - remote ? S_SWITCH_OUT_LOOKUP_FDB - : S_SWITCH_IN_LOOKUP_FDB, - 100, - ds_cstr(match), ds_cstr(actions), - op->key, &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + remote ? S_SWITCH_OUT_LOOKUP_FDB + : S_SWITCH_IN_LOOKUP_FDB, + 100, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); ds_put_cstr(match, " && "REGBIT_LKUP_FDB" == 0"); ds_clear(actions); ds_put_cstr(actions, "put_fdb(inport, eth.src); next;"); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - remote ? S_SWITCH_OUT_PUT_FDB - : S_SWITCH_IN_PUT_FDB, - 100, ds_cstr(match), - ds_cstr(actions), op->key, - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + remote ? S_SWITCH_OUT_PUT_FDB + : S_SWITCH_IN_PUT_FDB, + 100, ds_cstr(match), + ds_cstr(actions), op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } } @@ -6110,12 +6121,16 @@ skip_port_from_conntrack(const struct ovn_datapath *od, struct ovn_port *op, char *ingress_match = xasprintf("ip && inport == %s", op->json_key); char *egress_match = xasprintf("ip && outport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, od, in_stage, priority, - ingress_match, ingress_action, - op->key, &op->nbsp->header_, lflow_ref); - ovn_lflow_add_with_lport_and_hint(lflows, od, out_stage, priority, - egress_match, egress_action, - op->key, &op->nbsp->header_, lflow_ref); + ovn_lflow_add(lflows, od, in_stage, priority, + ingress_match, ingress_action, + lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); + ovn_lflow_add(lflows, od, out_stage, priority, + egress_match, egress_action, + lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); free(ingress_match); free(egress_match); @@ -9446,11 +9461,11 @@ build_dhcpv4_options_flows(struct ovn_port *op, op->json_key); } - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), ds_cstr(&response_action), inport->key, - &op->nbsp->dhcpv4_options->header_, - lflow_ref); + ds_cstr(&match), ds_cstr(&response_action), lflow_ref, + WITH_IO_PORT(inport->key), + WITH_HINT(&op->nbsp->dhcpv4_options->header_)); ds_destroy(&options_action); ds_destroy(&response_action); ds_destroy(&ipv4_addr_match); @@ -9474,11 +9489,11 @@ build_dhcpv4_options_flows(struct ovn_port *op, "&& ip4.src == %s && udp && udp.src == 67 " "&& udp.dst == 68",op->json_key, server_mac, server_id); - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000, - ds_cstr(&match),dhcp_actions, op->key, - &op->nbsp->dhcpv4_options->header_, - lflow_ref); + ds_cstr(&match),dhcp_actions, lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->dhcpv4_options->header_)); } break; } @@ -9528,10 +9543,11 @@ build_dhcpv6_options_flows(struct ovn_port *op, /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the * put_dhcpv6_opts action is successful */ ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT); - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), ds_cstr(&response_action), inport->key, - &op->nbsp->dhcpv6_options->header_, lflow_ref); + ds_cstr(&match), ds_cstr(&response_action), lflow_ref, + WITH_IO_PORT(inport->key), + WITH_HINT(&op->nbsp->dhcpv6_options->header_)); ds_destroy(&options_action); ds_destroy(&response_action); @@ -9560,11 +9576,11 @@ build_dhcpv6_options_flows(struct ovn_port *op, "&& ip6.src == %s && udp && udp.src == 547 " "&& udp.dst == 546", op->json_key, server_mac, server_ip); - ovn_lflow_add_with_lport_and_hint( + ovn_lflow_add( lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000, - ds_cstr(&match),dhcp6_actions, op->key, - &op->nbsp->dhcpv6_options->header_, - lflow_ref); + ds_cstr(&match),dhcp6_actions, lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->dhcpv6_options->header_)); } break; } @@ -9985,10 +10001,11 @@ build_lswitch_arp_nd_responder_skip_local(struct ovn_port *op, } ds_clear(match); ds_put_format(match, "inport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(match), "next;", op->key, - &op->nbsp->header_, op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), "next;", op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } /* Ingress table 24: ARP/ND responder, reply for known IPs. @@ -10076,12 +10093,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, "bind_vport(%s, inport); " "next;", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 100, - ds_cstr(match), - ds_cstr(actions), vparent, - &vp->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 100, + ds_cstr(match), + ds_cstr(actions), op->lflow_ref, + WITH_IO_PORT(vparent), + WITH_HINT(&vp->nbsp->header_)); } free(tokstr); @@ -10171,12 +10188,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, * network is not working as configured, so dropping the * request would frustrate that intent.) */ ds_put_format(match, " && inport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, - 100, ds_cstr(match), - "next;", op->key, - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(match), + "next;", op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } /* For ND solicitations: @@ -10243,12 +10260,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, /* Do not reply to a solicitation from the port that owns * the address (otherwise DAD detection will fail). */ ds_put_format(match, " && inport == %s", op->json_key); - ovn_lflow_add_with_lport_and_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, - 100, ds_cstr(match), - "next;", op->key, - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, + 100, ds_cstr(match), + "next;", op->lflow_ref, + WITH_IO_PORT(op->key), + WITH_HINT(&op->nbsp->header_)); } } } -- 2.51.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
