This creates a new WITH_HINT() macro to add a stage hint to the lflow. We convert all instances of ovn_lflow_add_with_hint() to ovn_lflow_add(), using the new WITH_HINT() macro to add the stage hint.
Signed-off-by: Mark Michelson <[email protected]> --- northd/lflow-mgr.h | 8 +- northd/northd.c | 818 ++++++++++++++++++++++++--------------------- 2 files changed, 430 insertions(+), 396 deletions(-) diff --git a/northd/lflow-mgr.h b/northd/lflow-mgr.h index 5fc739336..895679ce1 100644 --- a/northd/lflow-mgr.h +++ b/northd/lflow-mgr.h @@ -117,6 +117,8 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *, .lflow_ref = LFLOW_REF, \ .where = OVS_SOURCE_LOCATOR, +#define WITH_HINT(HINT) .stage_hint = HINT + #define LFLOW_TABLE_ADD_ARGS_END } /* Adds a row with the specified contents to the Logical_Flow table. */ @@ -127,12 +129,6 @@ void lflow_table_add_lflow(struct lflow_table *, const struct ovn_datapath *, ACTIONS, IN_OUT_PORT, CTRL_METER, STAGE_HINT, \ OVS_SOURCE_LOCATOR, NULL, LFLOW_REF) -#define ovn_lflow_add_with_hint(LFLOW_TABLE, OD, STAGE, PRIORITY, MATCH, \ - ACTIONS, STAGE_HINT, LFLOW_REF) \ - lflow_table_add_lflow(LFLOW_TABLE, OD, NULL, 0, STAGE, PRIORITY, MATCH, \ - ACTIONS, NULL, NULL, STAGE_HINT, \ - OVS_SOURCE_LOCATOR, NULL, LFLOW_REF) - #define ovn_lflow_add_with_dp_group(LFLOW_TABLE, DP_BITMAP, DP_BITMAP_LEN, \ STAGE, PRIORITY, MATCH, ACTIONS, \ STAGE_HINT, LFLOW_REF) \ diff --git a/northd/northd.c b/northd/northd.c index c3c0780a3..2d722db5b 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -6129,19 +6129,19 @@ build_stateless_filter(const struct ovn_datapath *od, { const char *action = REGBIT_ACL_STATELESS" = 1; next;"; if (!strcmp(acl->direction, "from-lport")) { - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_ACL, - acl->priority + OVN_ACL_PRI_OFFSET, - acl->match, - action, - &acl->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, + acl->priority + OVN_ACL_PRI_OFFSET, + acl->match, + action, + lflow_ref, + WITH_HINT(&acl->header_)); } else { - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_OUT_PRE_ACL, - acl->priority + OVN_ACL_PRI_OFFSET, - acl->match, - action, - &acl->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, + acl->priority + OVN_ACL_PRI_OFFSET, + acl->match, + action, + lflow_ref, + WITH_HINT(&acl->header_)); } } @@ -7232,9 +7232,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od, ds_put_cstr(actions, "next;"); ds_put_format(match, "(%s)", acl->match); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); return; } @@ -7301,9 +7302,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od, (uint8_t) acl->network_function_group->id); } ds_put_cstr(actions, "next;"); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); /* Match on traffic in the request direction for an established * connection tracking entry that has not been marked for @@ -7332,9 +7334,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od, (uint8_t) acl->network_function_group->id); } ds_put_cstr(actions, "next;"); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); } else if (!strcmp(acl->action, "drop") || !strcmp(acl->action, "reject")) { if (acl->network_function_group) { @@ -7359,9 +7362,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od, build_acl_sample_label_action(actions, acl, acl->sample_new, NULL, obs_stage); ds_put_cstr(actions, "next;"); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); /* For an existing connection without ct_mark.blocked set, we've * encountered a policy change. ACLs previously allowed * this connection and we committed the connection tracking @@ -7386,9 +7390,10 @@ consider_acl(struct lflow_table *lflows, const struct ovn_datapath *od, ds_put_format(actions, "ct_commit { ct_mark.blocked = 1; " "ct_label.obs_point_id = %"PRIu32"; }; next;", obs_pid); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); } } @@ -7613,20 +7618,22 @@ build_acl_log_related_flows(const struct ovn_datapath *od, "ct_mark.blocked == 0 && " "ct_label.label == %" PRId64, acl->label); - ovn_lflow_add_with_hint(lflows, od, log_related_stage, - UINT16_MAX - 2, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, log_related_stage, + UINT16_MAX - 2, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); ds_clear(match); ds_put_format(match, "!ct.est && ct.rel && !ct.new && " "ct_mark.blocked == 0 && " "ct_label.label == %" PRId64, acl->label); - ovn_lflow_add_with_hint(lflows, od, log_related_stage, - UINT16_MAX - 2, - ds_cstr(match), ds_cstr(actions), - &acl->header_, lflow_ref); + ovn_lflow_add(lflows, od, log_related_stage, + UINT16_MAX - 2, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&acl->header_)); } static uint64_t @@ -8008,10 +8015,11 @@ build_qos(struct ovn_datapath *od, struct lflow_table *lflows, } } ds_put_cstr(&action, "next;"); - ovn_lflow_add_with_hint(lflows, od, stage, - qos->priority, - qos->match, ds_cstr(&action), - &qos->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, + qos->priority, + qos->match, ds_cstr(&action), + lflow_ref, + WITH_HINT(&qos->header_)); } ds_destroy(&action); } @@ -8737,39 +8745,39 @@ build_lb_hairpin(const struct ls_stateful_record *ls_stateful_rec, /* Set REGBIT_HAIRPIN in the original direction and * REGBIT_HAIRPIN_REPLY in the reply direction. */ - ovn_lflow_add_with_hint( + ovn_lflow_add( lflows, od, S_SWITCH_IN_PRE_HAIRPIN, 100, "ip && ct.trk", REGBIT_HAIRPIN " = chk_lb_hairpin(); " REGBIT_HAIRPIN_REPLY " = chk_lb_hairpin_reply(); " "next;", - &od->nbs->header_, - lflow_ref); + lflow_ref, + WITH_HINT(&od->nbs->header_)); /* If packet needs to be hairpinned, snat the src ip with the VIP * for new sessions. */ - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100, - "ip && ct.new && ct.trk" - " && "REGBIT_HAIRPIN " == 1", - "ct_snat_to_vip; next;", - &od->nbs->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100, + "ip && ct.new && ct.trk" + " && "REGBIT_HAIRPIN " == 1", + "ct_snat_to_vip; next;", + lflow_ref, + WITH_HINT(&od->nbs->header_)); /* If packet needs to be hairpinned, for established sessions there * should already be an SNAT conntrack entry. */ - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100, - "ip && ct.est && ct.trk" - " && "REGBIT_HAIRPIN " == 1", - "ct_snat;", - &od->nbs->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 100, + "ip && ct.est && ct.trk" + " && "REGBIT_HAIRPIN " == 1", + "ct_snat;", + lflow_ref, + WITH_HINT(&od->nbs->header_)); /* For the reply of hairpinned traffic, snat the src ip to the VIP. */ - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 90, - "ip && "REGBIT_HAIRPIN_REPLY " == 1", - "ct_snat;", - &od->nbs->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_NAT_HAIRPIN, 90, + "ip && "REGBIT_HAIRPIN_REPLY " == 1", + "ct_snat;", + lflow_ref, + WITH_HINT(&od->nbs->header_)); /* Ingress Hairpin table. * - Priority 1: Packets that were SNAT-ed for hairpinning should be @@ -8871,9 +8879,10 @@ build_fwd_group_lflows(struct ovn_datapath *od, struct lflow_table *lflows, "output;", fwd_group->vmac, fwd_group->vmac, fwd_group->vip); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 50, - ds_cstr(&match), ds_cstr(&actions), - &fwd_group->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 50, + ds_cstr(&match), ds_cstr(&actions), + lflow_ref, + WITH_HINT(&fwd_group->header_)); /* L2 lookup for the forwarding group's virtual MAC */ ds_clear(&match); @@ -8894,9 +8903,10 @@ build_fwd_group_lflows(struct ovn_datapath *od, struct lflow_table *lflows, ds_clear(&actions); ds_put_format(&actions, "fwd_group(%s);", ds_cstr(&group_ports)); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&match), ds_cstr(&actions), - &fwd_group->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(&match), ds_cstr(&actions), + lflow_ref, + WITH_HINT(&fwd_group->header_)); } ds_destroy(&match); @@ -9149,17 +9159,16 @@ build_lswitch_rport_arp_req_flow( ds_put_format(&actions, "clone {outport = %s; output; }; " "outport = \""MC_FLOOD_L2"\"; output;", patch_op->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, - priority, ds_cstr(&match), - ds_cstr(&actions), stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, + priority, ds_cstr(&match), + ds_cstr(&actions), lflow_ref, + WITH_HINT(stage_hint)); } else { ds_put_format(&actions, "outport = %s; output;", patch_op->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, - priority, ds_cstr(&match), - ds_cstr(&actions), - stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, + priority, ds_cstr(&match), + ds_cstr(&actions), lflow_ref, + WITH_HINT(stage_hint)); } if (has_cr_port) { @@ -9171,18 +9180,18 @@ build_lswitch_rport_arp_req_flow( ds_put_format(&actions, "clone {outport = %s; output; }; " "outport = \""MC_FLOOD_L2"\"; output;", patch_op->cr_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, - priority, ds_cstr(&match), - ds_cstr(&actions), stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, + priority, ds_cstr(&match), + ds_cstr(&actions), lflow_ref, + WITH_HINT(stage_hint)); } else { ds_put_format(&actions, "outport = %s; output;", patch_op->cr_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, - priority, ds_cstr(&match), - ds_cstr(&actions), - stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, + priority, ds_cstr(&match), + ds_cstr(&actions), + lflow_ref, + WITH_HINT(stage_hint)); } } @@ -10119,11 +10128,11 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, size_t match_len = match->length; ds_put_format(match, " && eth.dst == %s", op->lsp_addrs[i].ea_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 50, - ds_cstr(match), - "next;", &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 50, + ds_cstr(match), + "next;", op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); ds_truncate(match, match_len); } ds_put_cstr(match, " && eth.dst == ff:ff:ff:ff:ff:ff"); @@ -10142,12 +10151,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, "output;", op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ipv4_addrs[j].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, 50, - ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, 50, + ds_cstr(match), + ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); /* Do not reply to an ARP request from the port that owns * the address (otherwise a DHCP client that ARPs to check @@ -10287,12 +10296,12 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, ea_s, ea_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_ARP_ND_RSP, - 30, ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_ARP_ND_RSP, + 30, ds_cstr(match), + ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } /* Add IPv6 NDP responses. @@ -10403,12 +10412,12 @@ build_lswitch_arp_nd_local_svc_mon(const struct ovn_lb_datapaths *lb_dps, backend_nb->svc_mon_src_ip, actions, match, IN6_IS_ADDR_V4MAPPED(&lb_vip->vip) ? true : false); - ovn_lflow_add_with_hint(lflows, - op->od, - S_SWITCH_IN_ARP_ND_RSP, 110, - ds_cstr(match), ds_cstr(actions), - &lb->nlb->header_, - lb_dps->lflow_ref); + ovn_lflow_add(lflows, + op->od, + S_SWITCH_IN_ARP_ND_RSP, 110, + ds_cstr(match), ds_cstr(actions), + lb_dps->lflow_ref, + WITH_HINT(&lb->nlb->header_)); } } } @@ -10862,11 +10871,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op, op->peer->lrp_networks.ea_s, op->cr_port->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(&m), ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(&m), ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); ds_destroy(&m); ds_put_format(match, " && is_chassis_resident(%s)", op->cr_port->json_key); @@ -10874,11 +10883,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op, ds_clear(actions); ds_put_format(actions, action, op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } else { ds_clear(actions); ds_put_format(actions, action, op->json_key); @@ -10886,11 +10895,11 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op, ds_clear(match); ds_put_format(match, "eth.dst == %s", op->lsp_addrs[i].ea_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } } } @@ -10936,12 +10945,12 @@ build_lswitch_ip_unicast_lookup_for_nats( ds_clear(actions); ds_put_format(actions, action, op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_L2_LKUP, 50, - ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_SWITCH_IN_L2_LKUP, 50, + ds_cstr(match), + ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbsp->header_)); } } } @@ -11446,9 +11455,9 @@ build_routing_policy_flow(struct lflow_table *lflows, struct ovn_datapath *od, rp->chain_id, rule->match); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY, rule->priority, - ds_cstr(&match), ds_cstr(&actions), stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, rule->priority, + ds_cstr(&match), ds_cstr(&actions), lflow_ref, + WITH_HINT(stage_hint)); ds_destroy(&match); ds_destroy(&actions); } @@ -11523,10 +11532,10 @@ build_ecmp_routing_policy_flows(struct lflow_table *lflows, ds_put_format(&match, REG_ECMP_GROUP_ID" == %"PRIu16" && " REG_ECMP_MEMBER_ID" == %"PRIuSIZE, ecmp_group_id, i + 1); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY_ECMP, - 100, ds_cstr(&match), - ds_cstr(&actions), &rule->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY_ECMP, + 100, ds_cstr(&match), + ds_cstr(&actions), lflow_ref, + WITH_HINT(&rule->header_)); } ds_clear(&actions); @@ -11548,10 +11557,10 @@ build_ecmp_routing_policy_flows(struct lflow_table *lflows, "; %s = 1; next;", REG_ECMP_GROUP_ID, ecmp_group_id, REG_ECMP_MEMBER_ID); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY, - rule->priority, rule->match, - ds_cstr(&actions), &rule->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, + rule->priority, rule->match, + ds_cstr(&actions), lflow_ref, + WITH_HINT(&rule->header_)); cleanup: ds_destroy(&match); ds_destroy(&actions); @@ -12204,14 +12213,16 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows, route->is_src_route ? "dst" : "src", cidr); free(cidr); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DEFRAG, 100, - ds_cstr(&match), "ct_next;", - route->source_hint, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 100, + ds_cstr(&match), "ct_next;", + lflow_ref, + WITH_HINT(route->source_hint)); /* And packets that go out over an ECMP route need conntrack */ - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DEFRAG, 100, - ds_cstr(route_match), "ct_next;", - route->source_hint, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 100, + ds_cstr(route_match), "ct_next;", + lflow_ref, + WITH_HINT(route->source_hint)); /* Save src eth and inport in ct_label for packets that arrive over * an ECMP route. @@ -12225,10 +12236,10 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows, "ct_mark.ecmp_reply_port = %" PRId64 ";}; " "next;", out_port->sb->tunnel_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100, - ds_cstr(&match), ds_cstr(&actions), - route->source_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100, + ds_cstr(&match), ds_cstr(&actions), + lflow_ref, + WITH_HINT(route->source_hint)); /* Bypass ECMP selection if we already have ct_label information * for where to route the packet. @@ -12246,16 +12257,16 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows, IN6_IS_ADDR_V4MAPPED(&route->prefix) ? REG_SRC_IPV4 : REG_SRC_IPV6, port_ip, out_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 10300, - ds_cstr(&match), ds_cstr(&actions), - route->source_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10300, + ds_cstr(&match), ds_cstr(&actions), + lflow_ref, + WITH_HINT(route->source_hint)); /* Egress reply traffic for symmetric ECMP routes skips router policies. */ - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_POLICY, 65535, - ds_cstr(&ecmp_reply), "next;", - route->source_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 65535, + ds_cstr(&ecmp_reply), "next;", + lflow_ref, + WITH_HINT(route->source_hint)); /* Use REG_ECMP_ETH_FULL to pass the eth field from ct_label to eth.dst to * avoid masked access to ct_label. Otherwise it may prevent OVS flow @@ -12269,10 +12280,10 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows, REG_ECMP_ETH_FULL " = ct_label;" " eth.dst = " REG_ECMP_ETH_FIELD ";" " pop(" REG_ECMP_ETH_FULL "); next;"; - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_RESOLVE, - 200, ds_cstr(&ecmp_reply), - action, route->source_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, + 200, ds_cstr(&ecmp_reply), + action, lflow_ref, + WITH_HINT(route->source_hint)); ds_destroy(&match); ds_destroy(&actions); @@ -12388,9 +12399,10 @@ build_ecmp_route_flow(struct lflow_table *lflows, route->out_port->lrp_networks.ea_s, route->out_port->json_key, is_ipv4_nexthop); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 100, - ds_cstr(&match), ds_cstr(&actions), - route->source_hint, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP, 100, + ds_cstr(&match), ds_cstr(&actions), + lflow_ref, + WITH_HINT(route->source_hint)); } sset_destroy(&visited_ports); ds_destroy(&match); @@ -12455,17 +12467,18 @@ add_route(struct lflow_table *lflows, const struct ovn_datapath *od, ds_put_format(&actions, "ip.ttl--; %s", ds_cstr(&common_actions)); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, - priority, ds_cstr(&match), - ds_cstr(&actions), stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, + priority, ds_cstr(&match), + ds_cstr(&actions), lflow_ref, + WITH_HINT(stage_hint)); if (op && bfd_is_port_running(bfd_ports, op->key)) { ds_put_format(&match, " && udp.dst == 3784"); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_IP_ROUTING, - priority + 1, ds_cstr(&match), - ds_cstr(&common_actions),\ - stage_hint, lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_IP_ROUTING, + priority + 1, ds_cstr(&match), + ds_cstr(&common_actions), + lflow_ref, + WITH_HINT(stage_hint)); } ds_destroy(&match); ds_destroy(&common_actions); @@ -12661,11 +12674,11 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx, ds_put_format(ctx->gw_redir_action, "outport = %s; next;", dgp->cr_port->json_key); - ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_IN_GW_REDIRECT, - 200, ds_cstr(ctx->undnat_match), - ds_cstr(ctx->gw_redir_action), - &ctx->lb->nlb->header_, - lflow_ref); + ovn_lflow_add(ctx->lflows, od, S_ROUTER_IN_GW_REDIRECT, + 200, ds_cstr(ctx->undnat_match), + ds_cstr(ctx->gw_redir_action), + lflow_ref, + WITH_HINT(&ctx->lb->nlb->header_)); ds_truncate(ctx->undnat_match, undnat_match_len); ds_put_format(ctx->undnat_match, ") && (inport == %s || outport == %s)" @@ -12676,10 +12689,10 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx, if (stateless_nat) { ds_put_format(ctx->undnat_match, " && %s", ctx->lb->proto); } - ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_OUT_UNDNAT, 120, - ds_cstr(ctx->undnat_match), - ds_cstr(&undnat_action), &ctx->lb->nlb->header_, - lflow_ref); + ovn_lflow_add(ctx->lflows, od, S_ROUTER_OUT_UNDNAT, 120, + ds_cstr(ctx->undnat_match), + ds_cstr(&undnat_action), lflow_ref, + WITH_HINT(&ctx->lb->nlb->header_)); /* (NOTE) snat_action: Add a new rule lr_out_snat with LB VIP as source * IP action to perform stateless NAT pipeline completely when the @@ -12707,10 +12720,10 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx, "ip6" : "ip4", ctx->lb_vip->vip_str); } - ovn_lflow_add_with_hint(ctx->lflows, od, S_ROUTER_OUT_SNAT, 160, - ds_cstr(ctx->undnat_match), - ds_cstr(&snat_action), &ctx->lb->nlb->header_, - lflow_ref); + ovn_lflow_add(ctx->lflows, od, S_ROUTER_OUT_SNAT, 160, + ds_cstr(ctx->undnat_match), + ds_cstr(&snat_action), lflow_ref, + WITH_HINT(&ctx->lb->nlb->header_)); } ds_truncate(ctx->undnat_match, undnat_match_len); @@ -12925,9 +12938,10 @@ build_lrouter_nat_flows_for_lb( * unsnat stage, the conntrack flags are not set properly, and * it doesn't hit the established state flows in * S_ROUTER_IN_DNAT stage. */ - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120, - ds_cstr(&unsnat_match), "next;", - &lb->nlb->header_, lb_dps->lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 120, + ds_cstr(&unsnat_match), "next;", + lb_dps->lflow_ref, + WITH_HINT(&lb->nlb->header_)); } } @@ -13062,9 +13076,10 @@ build_lrouter_allow_vip_traffic_template(struct lflow_table *lflows, ds_put_format(&match, "ip%d.dst == %s", lb_vip->address_family == AF_INET ? 4 : 6, lb_vip->vip_str); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, 100, - ds_cstr(&match), "next;", - &lb->nlb->header_, lb_dps->lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 100, + ds_cstr(&match), "next;", + lb_dps->lflow_ref, + WITH_HINT(&lb->nlb->header_)); } ds_destroy(&match); @@ -13302,9 +13317,10 @@ lrouter_nat_add_ext_ip_match(const struct ovn_datapath *od, is_src ? "src" : "dst", exempted_ext_ips->name); - ovn_lflow_add_with_hint(lflows, od, stage, priority, - ds_cstr(&match_exempt), "next;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, stage, priority, + ds_cstr(&match_exempt), "next;", + lflow_ref, + WITH_HINT(&nat->header_)); ds_destroy(&match_exempt); } } @@ -13350,9 +13366,9 @@ build_lrouter_arp_flow(const struct ovn_datapath *od, struct ovn_port *op, eth_addr); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, priority, - ds_cstr(&match), ds_cstr(&actions), hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, + ds_cstr(&match), ds_cstr(&actions), lflow_ref, + WITH_HINT(hint)); ds_destroy(&match); ds_destroy(&actions); @@ -13394,9 +13410,9 @@ build_lrouter_nd_flow(const struct ovn_datapath *od, struct ovn_port *op, if (drop) { ds_put_cstr(&actions, debug_drop_action()); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, priority, - ds_cstr(&match), ds_cstr(&actions), hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, + ds_cstr(&match), ds_cstr(&actions), lflow_ref, + WITH_HINT(hint)); } else { ds_put_format(&actions, "%s { " @@ -13563,10 +13579,10 @@ build_lrouter_drop_own_dest(struct ovn_port *op, ds_chomp(&match_ips, ','); char *match = xasprintf("ip4.dst == {%s}", ds_cstr(&match_ips)); - ovn_lflow_add_with_hint(lflows, op->od, stage, priority, - match, debug_drop_action(), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, stage, priority, + match, debug_drop_action(), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); free(match); } } @@ -13594,10 +13610,10 @@ build_lrouter_drop_own_dest(struct ovn_port *op, ds_chomp(&match_ips, ','); char *match = xasprintf("ip6.dst == {%s}", ds_cstr(&match_ips)); - ovn_lflow_add_with_hint(lflows, op->od, stage, priority, - match, debug_drop_action(), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, stage, priority, + match, debug_drop_action(), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); free(match); } } @@ -13852,10 +13868,10 @@ build_lrouter_bfd_flows(struct lflow_table *lflows, struct ovn_port *op, op_put_v4_networks(&ip_list, op, false); ds_put_format(&match, "ip4.src == %s && udp.dst == 3784", ds_cstr(&ip_list)); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, - ds_cstr(&match), "next; ", - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, + ds_cstr(&match), "next; ", + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(&match); ds_put_format(&match, "ip4.dst == %s && udp.dst == 3784", ds_cstr(&ip_list)); @@ -13873,10 +13889,10 @@ build_lrouter_bfd_flows(struct lflow_table *lflows, struct ovn_port *op, op_put_v6_networks(&ip_list, op); ds_put_format(&match, "ip6.src == %s && udp.dst == 3784", ds_cstr(&ip_list)); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, - ds_cstr(&match), "next; ", - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, + ds_cstr(&match), "next; ", + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(&match); ds_put_format(&match, "ip6.dst == %s && udp.dst == 3784", ds_cstr(&ip_list)); @@ -13971,9 +13987,10 @@ build_gateway_mtu_flow(struct lflow_table *lflows, struct ovn_port *op, } ds_put_format_valist(actions, extra_actions_fmt, extra_actions_args); - ovn_lflow_add_with_hint(lflows, op->od, stage, prio_low, - ds_cstr(match), ds_cstr(actions), - hint, lflow_ref); + ovn_lflow_add(lflows, op->od, stage, prio_low, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(hint)); if (gw_mtu > 0) { ds_clear(actions); @@ -13989,9 +14006,10 @@ build_gateway_mtu_flow(struct lflow_table *lflows, struct ovn_port *op, ds_put_char(match, ')'); - ovn_lflow_add_with_hint(lflows, op->od, stage, prio_high, - ds_cstr(match), ds_cstr(actions), - hint, lflow_ref); + ovn_lflow_add(lflows, op->od, stage, prio_high, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(hint)); } va_end(extra_actions_args); } @@ -14244,11 +14262,11 @@ build_neigh_learning_flows_for_lrouter_port( " = lookup_arp(inport, arp.spa, arp.sha); " REGBIT_LOOKUP_NEIGHBOR_IP_RESULT" = 1;" " next;"; - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_LOOKUP_NEIGHBOR, 110, - ds_cstr(match), actions_s, - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_LOOKUP_NEIGHBOR, 110, + ds_cstr(match), actions_s, + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } ds_clear(match); ds_put_format(match, @@ -14262,11 +14280,11 @@ build_neigh_learning_flows_for_lrouter_port( learn_from_arp_request ? "" : REGBIT_LOOKUP_NEIGHBOR_IP_RESULT " = lookup_arp_ip(inport, arp.spa); "); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_LOOKUP_NEIGHBOR, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_LOOKUP_NEIGHBOR, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } if (lrp_is_l3dgw(op)) { @@ -14275,12 +14293,12 @@ build_neigh_learning_flows_for_lrouter_port( "eth.mcast && " "!is_chassis_resident(%s)", op->json_key, op->cr_port->json_key); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_LOOKUP_NEIGHBOR, 120, - ds_cstr(match), - REGBIT_LOOKUP_NEIGHBOR_RESULT" = 1; next;", - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_LOOKUP_NEIGHBOR, 120, + ds_cstr(match), + REGBIT_LOOKUP_NEIGHBOR_RESULT" = 1; next;", + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } } @@ -14395,11 +14413,11 @@ build_ND_RA_flows_for_lrouter_port( "outport = inport; flags.loopback = 1; " "output;", op->lrp_networks.ea_s, ip6_str); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_ND_RA_RESPONSE, 50, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_ND_RA_RESPONSE, 50, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } } @@ -14925,11 +14943,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op, ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } if (op->lrp_networks.n_ipv6_addrs) { @@ -14942,11 +14960,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op, ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } } @@ -14968,11 +14986,11 @@ build_arp_resolve_flows_for_lrp(struct ovn_port *op, ds_put_format(actions, "eth.dst = %s; next;", op->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_ARP_RESOLVE, 50, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, + S_ROUTER_IN_ARP_RESOLVE, 50, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } } } @@ -15265,12 +15283,12 @@ build_arp_resolve_flows_for_lsp( ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), + ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } } @@ -15296,12 +15314,12 @@ build_arp_resolve_flows_for_lsp( ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), + ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } } } @@ -15343,11 +15361,11 @@ build_arp_resolve_flows_for_lsp( ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", router_port->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } if (router_port->lrp_networks.n_ipv6_addrs) { @@ -15360,11 +15378,11 @@ build_arp_resolve_flows_for_lsp( ds_clear(actions); ds_put_format(actions, "eth.dst = %s; next;", router_port->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbsp->header_, - op->lflow_ref); + ovn_lflow_add(lflows, peer->od, + S_ROUTER_IN_ARP_RESOLVE, 100, + ds_cstr(match), ds_cstr(actions), + op->lflow_ref, + WITH_HINT(&op->nbsp->header_)); } } } @@ -15525,10 +15543,10 @@ build_check_pkt_len_flows_for_lrp(struct ovn_port *op, free(ct_match); if (features->ct_commit_nat_v2) { - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_OUT_POST_SNAT, 100, - "icmp && flags.icmp_snat == 1", - "ct_commit_nat(snat);", &op->nbrp->header_, - lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_POST_SNAT, 100, + "icmp && flags.icmp_snat == 1", + "ct_commit_nat(snat);", lflow_ref, + WITH_HINT(&op->nbrp->header_)); } } @@ -15608,9 +15626,10 @@ build_gateway_redirect_flows_for_lrouter( ds_put_format(match, "outport == %s", dgp->json_key); ds_clear(actions); ds_put_format(actions, "outport = %s; next;", dgp->cr_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, - ds_cstr(match), ds_cstr(actions), - stage_hint, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(stage_hint)); } /* Packets are allowed by default. */ @@ -15663,10 +15682,10 @@ build_lr_gateway_redirect_flows_for_nats( as->name); if (nat->nb->allowed_ext_ips) { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, - 75, ds_cstr(&match_ext), - ds_cstr(actions), stage_hint, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, + 75, ds_cstr(&match_ext), + ds_cstr(actions), lflow_ref, + WITH_HINT(stage_hint)); if (add_def_flow) { ds_clear(&match_ext); ds_put_format(&match_ext, "ip && ip%s.dst == %s", @@ -15678,10 +15697,11 @@ build_lr_gateway_redirect_flows_for_nats( add_def_flow = false; } } else if (nat->nb->exempted_ext_ips) { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, - 75, ds_cstr(&match_ext), - debug_drop_action(), - stage_hint, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, + 75, ds_cstr(&match_ext), + debug_drop_action(), + lflow_ref, + WITH_HINT(stage_hint)); } ds_destroy(&match_ext); } @@ -16097,9 +16117,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op, "/* DHCP_RELAY_REQ */", op->lrp_networks.ipv4_addrs[0].addr_s, server_ip_str); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 100, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(match); ds_clear(actions); @@ -16112,9 +16133,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op, op->json_key); ds_put_format(actions, "drop; /* DHCP_RELAY_REQ */"); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(match); ds_clear(actions); @@ -16124,9 +16146,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op, "ip.frag == 0 && udp.src == 67 && udp.dst == 67", server_ip_str, op->lrp_networks.ipv4_addrs[0].addr_s); ds_put_format(actions, "next; /* DHCP_RELAY_RESP */"); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, - ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 110, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(match); ds_clear(actions); @@ -16163,9 +16186,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op, "ip4.src = %s; udp.dst = 68; " "outport = %s; output; /* DHCP_RELAY_RESP */", op->lrp_networks.ipv4_addrs[0].addr_s, op->json_key); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP, - 100, ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP, + 100, ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(match); ds_clear(actions); @@ -16176,9 +16200,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct ovn_port *op, REGBIT_DHCP_RELAY_RESP_CHK" == 0", server_ip_str, op->lrp_networks.ipv4_addrs[0].addr_s); ds_put_format(actions, "drop; /* DHCP_RELAY_RESP */"); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP, - 1, ds_cstr(match), ds_cstr(actions), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_RESP, + 1, ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); ds_clear(match); ds_clear(actions); free(server_ip_str); @@ -16211,9 +16236,10 @@ build_ipv6_input_flows_for_lrouter_port( "icmp6.type = 129; " "flags.loopback = 1; " "next; "; - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, - ds_cstr(match), lrp_actions, - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, + ds_cstr(match), lrp_actions, + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } /* ND reply. These flows reply to ND solicitations for the @@ -16436,9 +16462,10 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op, ds_put_cstr(match, "ip4.src == "); op_put_v4_networks(match, op, true); ds_put_cstr(match, " && "REGBIT_EGRESS_LOOPBACK" == 0"); - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100, - ds_cstr(match), debug_drop_action(), - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100, + ds_cstr(match), debug_drop_action(), + lflow_ref, + WITH_HINT(&op->nbrp->header_)); /* ICMP echo reply. These flows reply to ICMP echo requests * received for the router's IP address. Since packets only @@ -16455,9 +16482,10 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op, "icmp4.type = 0; " "flags.loopback = 1; " "next; "; - ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, - ds_cstr(match), icmp_actions, - &op->nbrp->header_, lflow_ref); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, + ds_cstr(match), icmp_actions, + lflow_ref, + WITH_HINT(&op->nbrp->header_)); } /* BFD msg handling */ @@ -16766,9 +16794,10 @@ build_lrouter_in_unsnat_stateless_flow(struct lflow_table *lflows, build_lrouter_in_unsnat_match(od, nat, match, distributed_nat, is_v6, l3dgw_port); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, - priority, ds_cstr(match), "next;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, + priority, ds_cstr(match), "next;", + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -16794,17 +16823,19 @@ build_lrouter_in_unsnat_in_czone_flow(struct lflow_table *lflows, size_t common_match_len = match->length; ds_put_cstr(match, " && flags.loopback == 0"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, - 100, ds_cstr(match), "ct_snat_in_czone;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, + 100, ds_cstr(match), "ct_snat_in_czone;", + lflow_ref, + WITH_HINT(&nat->header_)); ds_truncate(match, common_match_len); /* Update common zone match for the hairpin traffic. */ ds_put_cstr(match, " && flags.loopback == 1 && flags.use_snat_zone == 1"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, - 100, ds_cstr(match), "ct_snat;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, + 100, ds_cstr(match), "ct_snat;", + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -16825,9 +16856,10 @@ build_lrouter_in_unsnat_flow(struct lflow_table *lflows, build_lrouter_in_unsnat_match(od, nat, match, distributed_nat, is_v6, l3dgw_port); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, - priority, ds_cstr(match), "ct_snat;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, + priority, ds_cstr(match), "ct_snat;", + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -16905,9 +16937,10 @@ build_lrouter_in_dnat_flow(struct lflow_table *lflows, ds_put_format(match, " && (%s)", nat->match); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority, - ds_cstr(match), ds_cstr(actions), - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -16972,9 +17005,10 @@ build_lrouter_out_undnat_flow(struct lflow_table *lflows, : "ct_dnat;"); } - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 100, - ds_cstr(match), ds_cstr(actions), - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -17004,9 +17038,10 @@ build_lrouter_out_is_dnat_local(struct lflow_table *lflows, ds_clear(actions); ds_put_cstr(actions, REGBIT_DST_NAT_IP_LOCAL" = 1; next;"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL, - 50, ds_cstr(match), ds_cstr(actions), - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL, + 50, ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -17081,10 +17116,10 @@ build_lrouter_out_snat_stateless_flow(struct lflow_table *lflows, ds_put_format(actions, "ip%c.src=%s; next;", is_v6 ? '6' : '4', nat->external_ip); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT, - priority, ds_cstr(match), - ds_cstr(actions), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, + priority, ds_cstr(match), + ds_cstr(actions), lflow_ref, + WITH_HINT(&nat->header_)); } static void @@ -17132,17 +17167,17 @@ build_lrouter_out_snat_in_czone_flow(struct lflow_table *lflows, ds_put_cstr(actions, ");"); ds_put_cstr(&zone_actions, ");"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT, - priority, ds_cstr(match), - ds_cstr(actions), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, + priority, ds_cstr(match), + ds_cstr(actions), lflow_ref, + WITH_HINT(&nat->header_)); ds_put_cstr(match, " && "REGBIT_DST_NAT_IP_LOCAL" == 1"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT, - priority + 1, ds_cstr(match), - ds_cstr(&zone_actions), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, + priority + 1, ds_cstr(match), + ds_cstr(&zone_actions), lflow_ref, + WITH_HINT(&nat->header_)); ds_destroy(&zone_actions); } @@ -17182,10 +17217,10 @@ build_lrouter_out_snat_flow(struct lflow_table *lflows, } ds_put_format(actions, ");"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_SNAT, - priority, ds_cstr(match), - ds_cstr(actions), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, + priority, ds_cstr(match), + ds_cstr(actions), lflow_ref, + WITH_HINT(&nat->header_)); /* For the SNAT networks, we need to make sure that connections are * properly tracked so we can decide whether to perform SNAT on traffic @@ -17330,9 +17365,10 @@ build_lrouter_ingress_flow(struct lflow_table *lflows, match, "inport == %s && %s == %s", l3dgw_port->json_key, is_v6 ? "ip6.src" : "ip4.src", nat->external_ip); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_INPUT, - 120, ds_cstr(match), "next;", - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, + 120, ds_cstr(match), "next;", + lflow_ref, + WITH_HINT(&nat->header_)); } /* Logical router ingress table 0: * For NAT on a distributed router, add rules allowing @@ -17694,12 +17730,12 @@ build_lrouter_nat_defrag_and_lb( nat_entry->l3dgw_port->json_key, nat_entry->l3dgw_port->json_key, is_v6 ? "6" : "4", nat->external_ip); - ovn_lflow_add_with_hint(lflows, od, - S_ROUTER_IN_ARP_RESOLVE, - 150, ds_cstr(match), - debug_drop_action(), - &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, + S_ROUTER_IN_ARP_RESOLVE, + 150, ds_cstr(match), + debug_drop_action(), + lflow_ref, + WITH_HINT(&nat->header_)); /* Now for packets coming from other (downlink) LRPs, allow ARP * resolve for the NAT IP, so that such packets can be * forwarded for E/W NAT. */ @@ -17714,12 +17750,12 @@ build_lrouter_nat_defrag_and_lb( actions, "eth.dst = %s; next;", nat_entry->is_distributed ? nat->external_mac : nat_entry->l3dgw_port->lrp_networks.ea_s); - ovn_lflow_add_with_hint(lflows, od, - S_ROUTER_IN_ARP_RESOLVE, - 100, ds_cstr(match), - ds_cstr(actions), - &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, + S_ROUTER_IN_ARP_RESOLVE, + 100, ds_cstr(match), + ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); if (od->redirect_bridged && nat_entry->is_distributed) { ds_clear(match); ds_put_format( @@ -17738,11 +17774,11 @@ build_lrouter_nat_defrag_and_lb( ds_put_cstr(actions, "get_arp(outport, " REG_NEXT_HOP_IPV4 "); next;"); } - ovn_lflow_add_with_hint(lflows, od, - S_ROUTER_IN_ARP_RESOLVE, 90, - ds_cstr(match), ds_cstr(actions), - &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, + S_ROUTER_IN_ARP_RESOLVE, 90, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); } sset_add(&nat_entries, nat->external_ip); } @@ -17818,10 +17854,10 @@ build_lrouter_nat_defrag_and_lb( struct ovn_port *op = ovn_port_find(ls_ports, nat->logical_port); if (op && op->nbsp && !strcmp(op->nbsp->type, "virtual")) { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, - 80, ds_cstr(match), - debug_drop_action(), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, + 80, ds_cstr(match), + debug_drop_action(), lflow_ref, + WITH_HINT(&nat->header_)); } ds_put_format(match, " && is_chassis_resident(\"%s\")", nat->logical_port); @@ -17829,10 +17865,10 @@ build_lrouter_nat_defrag_and_lb( nat->external_mac, is_v6 ? REG_SRC_IPV6 : REG_SRC_IPV4, nat->external_ip); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, - 100, ds_cstr(match), - ds_cstr(actions), &nat->header_, - lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, + 100, ds_cstr(match), + ds_cstr(actions), lflow_ref, + WITH_HINT(&nat->header_)); } /* Egress Loopback table: For NAT on a distributed router. @@ -17871,9 +17907,10 @@ build_lrouter_nat_defrag_and_lb( ds_put_format(actions, REGBIT_EGRESS_LOOPBACK" = 1; " "next(pipeline=ingress, table=%d); };", ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_EGR_LOOP, 100, - ds_cstr(match), ds_cstr(actions), - &nat->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 100, + ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&nat->header_)); } } @@ -17924,9 +17961,10 @@ build_lrouter_nat_defrag_and_lb( */ ds_clear(actions); ds_put_cstr(actions, REGBIT_DST_NAT_IP_LOCAL" = 1; next;"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL, - 50, ds_cstr(match), ds_cstr(actions), - &od->nbr->header_, lflow_ref); + ovn_lflow_add(lflows, od, S_ROUTER_OUT_CHECK_DNAT_LOCAL, + 50, ds_cstr(match), ds_cstr(actions), + lflow_ref, + WITH_HINT(&od->nbr->header_)); } -- 2.51.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
