Re: [ovs-dev] [PATCH v4 1/3 ovn] OVN ACL: Replace the usage of ct_label with ct_mark

2019-11-08 Thread 0-day Robot 
Bleep bloop.  Greetings Ankur Sharma, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line is 141 characters long (recommended limit is 79)
#42 FILE: Documentation/tutorials/ovn-openstack.rst:1231:
   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct.blocked 
== 0 && (inport == "ap" && ip4), priority 2002, uuid a12b39f0

WARNING: Line is 202 characters long (recommended limit is 79)
#51 FILE: Documentation/tutorials/ovn-openstack.rst:1300:
   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "cp" && ip4 && ip4.src == 
$as_ip4_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid a746fa0d

WARNING: Line is 176 characters long (recommended limit is 79)
#60 FILE: Documentation/tutorials/ovn-openstack.rst:1540:
   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "dp" && ip4 && ip4.src == 0.0.0.0/0 && icmp4), 
priority 2002, uuid b860fc9f

WARNING: Line is 141 characters long (recommended limit is 79)
#69 FILE: Documentation/tutorials/ovn-openstack.rst:1652:
   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct.blocked 
== 0 && (inport == "ap" && ip6), priority 2002, uuid 7fdd607e

WARNING: Line is 202 characters long (recommended limit is 79)
#78 FILE: Documentation/tutorials/ovn-openstack.rst:1710:
   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "cp" && ip6 && ip6.src == 
$as_ip6_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid 12fc96f9

WARNING: Line is 227 characters long (recommended limit is 79)
#87 FILE: Documentation/tutorials/ovn-openstack.rst:1916:
   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct.blocked 
== 0 && (inport == "ap" && ip4 && ip4.dst == {255.255.255.255, 10.1.1.0/24} && 
udp && udp.src == 68 && udp.dst == 67), priority 2002, uuid 9c90245d

Lines checked: 365, Warnings: 6, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v4 1/3 ovn] OVN ACL: Replace the usage of ct_label with ct_mark

2019-11-08 Thread Ankur Sharma 
OVN ACL implementation used ct_label to indicate if a previosuly
allowed connection should not be allowed anymore and vice versa.

However, ct_label is a 128 bit value and we should rather leverage
on ct_mark which is a 32 bit value.

Using ct_mark for this purpose, allows us to use ct_label for storing
other values like, identifier for corresponidng OVN ACL/Security group etc.

Signed-off-by: Ankur Sharma 
---
 Documentation/tutorials/ovn-openstack.rst | 14 -
 lib/logical-fields.c  |  3 ++
 northd/ovn-northd.8.xml   | 14 -
 northd/ovn-northd.c   | 50 ---
 tests/ovn.at  | 11 +++
 5 files changed, 49 insertions(+), 43 deletions(-)

diff --git a/Documentation/tutorials/ovn-openstack.rst 
b/Documentation/tutorials/ovn-openstack.rst
index 3ef0523..5134406 100644
--- a/Documentation/tutorials/ovn-openstack.rst
+++ b/Documentation/tutorials/ovn-openstack.rst
@@ -60,7 +60,7 @@ packaging for developers, in a way that allows you to follow 
along
 with the tutorial in full.
 
 Unless you have a spare computer laying about, it's easiest to install
-DevStacck in a virtual machine.  This tutorial was built using a VM
+DevStack in a virtual machine.  This tutorial was built using a VM
 implemented by KVM and managed by virt-manager.  I recommend
 configuring the VM configured for the x86-64 architecture, 6 GB RAM, 2
 VCPUs, and a 20 GB virtual disk.
@@ -1228,7 +1228,7 @@ as the output port::
 
   ct_next(ct_state=est|trk /* default (use --ct to customize) */)
   ---
-   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct_label.blocked == 0 && (inport == "ap" && ip4), priority 2002, uuid a12b39f0
+   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (inport == "ap" && ip4), priority 2002, uuid a12b39f0
   next;
   13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:f6:e2:8f, 
priority 50, uuid c43ead31
   outport = "17d870";
@@ -1297,7 +1297,7 @@ Finally the logical switch for ``n2`` runs through the 
same logic as
 
   ct_next(ct_state=est|trk /* default (use --ct to customize) */)
   ---
-   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct_label.blocked == 0 && (outport == "cp" && ip4 && ip4.src == 
$as_ip4_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid a746fa0d
+   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "cp" && ip4 && ip4.src == 
$as_ip4_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid a746fa0d
   next;
7. ls_out_port_sec_ip (ovn-northd.c:2364): outport == "cp" && eth.dst == 
fa:16:3e:89:f2:36 && ip4.dst == {255.255.255.255, 224.0.0.0/4, 10.1.2.7}, 
priority 90, uuid 4d9862b5
   next;
@@ -1537,7 +1537,7 @@ firewall and is output to ``d``::
 
   ct_next(ct_state=est|trk /* default (use --ct to customize) */)
   ---
-   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct_label.blocked == 0 && (outport == "dp" && ip4 && ip4.src == 0.0.0.0/0 && 
icmp4), priority 2002, uuid b860fc9f
+   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "dp" && ip4 && ip4.src == 0.0.0.0/0 && icmp4), 
priority 2002, uuid b860fc9f
   next;
7. ls_out_port_sec_ip (ovn-northd.c:2364): outport == "dp" && eth.dst == 
fa:16:3e:c1:f5:a2 && ip4.dst == {255.255.255.255, 224.0.0.0/4, 10.0.0.6}, 
priority 90, uuid 15655a98
   next;
@@ -1649,7 +1649,7 @@ closely to those for IPv4 which we already discussed back 
under
 
   ct_next(ct_state=est|trk /* default (use --ct to customize) */)
   ---
-   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct_label.blocked == 0 && (inport == "ap" && ip6), priority 2002, uuid 7fdd607e
+   6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (inport == "ap" && ip6), priority 2002, uuid 7fdd607e
   next;
   13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:ef:2f:8b, 
priority 50, uuid e1d87fc5
   outport = "ad952e";
@@ -1707,7 +1707,7 @@ closely to those for IPv4 which we already discussed back 
under
 
   ct_next(ct_state=est|trk /* default (use --ct to customize) */)
   ---
-   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct_label.blocked == 0 && (outport == "cp" && ip6 && ip6.src == 
$as_ip6_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid 12fc96f9
+   4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && 
ct.blocked == 0 && (outport == "cp" && ip6 && ip6.src == 
$as_ip6_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority