From patchwork Sat Oct 10 04:20:33 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Pfaff
X-Patchwork-Id: 528534
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (unknown
[IPv6:2600:3c00::f03c:91ff:fe6e:bdf7])
by ozlabs.org (Postfix) with ESMTP id 3EB15140E42
for ;
Sat, 10 Oct 2015 15:20:57 +1100 (AEDT)
Received: from archives.nicira.com (localhost [127.0.0.1])
by archives.nicira.com (Postfix) with ESMTP id C0EFA10B60;
Fri, 9 Oct 2015 21:20:52 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67])
by archives.nicira.com (Postfix) with ESMTPS id 46DCA10B5F
for ; Fri, 9 Oct 2015 21:20:52 -0700 (PDT)
Received: from bar2.cudamail.com (unknown [192.168.21.12])
by mx1e4.cudamail.com (Postfix) with ESMTPS id C09531E0524
for ; Fri, 9 Oct 2015 22:20:51 -0600 (MDT)
X-ASG-Debug-ID: 1444450851-03dc537fe3ef2680001-byXFYA
Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar2.cudamail.com
with
ESMTP id TMGMGACvWDJoGurW (version=TLSv1 cipher=DHE-RSA-AES256-SHA
bits=256 verify=NO) for ;
Fri, 09 Oct 2015 22:20:51 -0600 (MDT)
X-Barracuda-Envelope-From: blp@nicira.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1
Received: from unknown (HELO mail-pa0-f49.google.com) (209.85.220.49)
by mx1-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted);
10 Oct 2015 04:20:51 -0000
Received-SPF: unknown (mx1-pf1.cudamail.com: Multiple SPF records returned)
X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.49
Received: by padhy16 with SMTP id hy16so103731498pad.1
for ; Fri, 09 Oct 2015 21:20:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references;
bh=Ei16Lc3PuzkI5H6Xyo9WH/DRdNDWBzQkCaNNTk14STo=;
b=N1hxp3HJqXkGaIJm3GK76J5NXzHMhZm/g4W6fz3j5NBZ2xtuOCfXyjZFgr03lgyUZs
l/Tkpo/LlPNiQR1MyQl5/kv8xLYvzYJWUgNH1jAXqbaTUmHLMxWcV9fP6a4Cg1zHSSNf
TjuQqdTyyIH6d8Bmhj0xMlX3JNISdGFI2lAyHQiuZUmWHDYjVPB4fxSIpLTqAej/YIOn
NPv9PIbpZp864nAXZxXkuqV/4vQY2t+37JdwhvEnCcCXDPVnGrwF/KOKTdnu0kKY8KQl
yHlDVZQUH/hIZWecbPxEv8pygZf7DZZp5HPQKijkV2tWQsPWFgyNp2rHLyyDYZ7KU2fp
mjLQ==
X-Gm-Message-State:
ALoCoQkXRVefFjuMejdnF8wO4WDKUqC7Qf6F2atLfVguKxGH0BWJYCfzZN5aIMlDMtJ+PcdkgXjx
X-Received: by 10.68.204.37 with SMTP id kv5mr19850585pbc.64.1444450850541;
Fri, 09 Oct 2015 21:20:50 -0700 (PDT)
Received: from sigabrt.gateway.sonic.net
(173-228-112-112.dsl.dynamic.fusionbroadband.com. [173.228.112.112])
by smtp.gmail.com with ESMTPSA id
o3sm5365390pap.37.2015.10.09.21.20.48
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Fri, 09 Oct 2015 21:20:49 -0700 (PDT)
X-CudaMail-Envelope-Sender: blp@nicira.com
X-Barracuda-Apparent-Source-IP: 173.228.112.112
From: Ben Pfaff
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-E1-1008110427
X-CudaMail-DTE: 100915
X-CudaMail-Originating-IP: 209.85.220.49
Date: Fri, 9 Oct 2015 21:20:33 -0700
X-ASG-Orig-Subj: [##CM-E1-1008110427##][PATCH 14/23] ovn: Add new predicates
for matching broadcast and multicast packets.
Message-Id: <1444450838-12150-3-git-send-email-blp@nicira.com>
X-Mailer: git-send-email 2.1.3
In-Reply-To: <1444450838-12150-1-git-send-email-blp@nicira.com>
References: <1444450838-12150-1-git-send-email-blp@nicira.com>
X-Barracuda-Connect: UNKNOWN[192.168.24.1]
X-Barracuda-Start-Time: 1444450851
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Cc: Ben Pfaff
Subject: [ovs-dev] [PATCH 14/23] ovn: Add new predicates for matching
broadcast and multicast packets.
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev"
In my opinion, "eth.mcast" is a bit more readable than "eth.dst[40]", and
so on.
Signed-off-by: Ben Pfaff
Acked-by: Justin Pettit
---
ovn/controller/lflow.c | 4 ++++
ovn/northd/ovn-northd.8.xml | 4 ++--
ovn/northd/ovn-northd.c | 4 ++--
ovn/ovn-sb.xml | 3 +++
4 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
index 2b1984a..066f908 100644
--- a/ovn/controller/lflow.c
+++ b/ovn/controller/lflow.c
@@ -62,6 +62,9 @@ symtab_init(void)
expr_symtab_add_field(&symtab, "eth.src", MFF_ETH_SRC, NULL, false);
expr_symtab_add_field(&symtab, "eth.dst", MFF_ETH_DST, NULL, false);
expr_symtab_add_field(&symtab, "eth.type", MFF_ETH_TYPE, NULL, true);
+ expr_symtab_add_predicate(&symtab, "eth.bcast",
+ "eth.dst == ff:ff:ff:ff:ff:ff");
+ expr_symtab_add_subfield(&symtab, "eth.mcast", NULL, "eth.dst[40]");
expr_symtab_add_field(&symtab, "vlan.tci", MFF_VLAN_TCI, NULL, false);
expr_symtab_add_predicate(&symtab, "vlan.present", "vlan.tci[12]");
@@ -80,6 +83,7 @@ symtab_init(void)
expr_symtab_add_field(&symtab, "ip4.src", MFF_IPV4_SRC, "ip4", false);
expr_symtab_add_field(&symtab, "ip4.dst", MFF_IPV4_DST, "ip4", false);
+ expr_symtab_add_predicate(&symtab, "ip4.mcast", "ip4.dst[28..31] == 0xe");
expr_symtab_add_predicate(&symtab, "icmp4", "ip4 && ip.proto == 1");
expr_symtab_add_field(&symtab, "icmp4.type", MFF_ICMPV4_TYPE, "icmp4",
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 3731d56..002708b 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -202,7 +202,7 @@
eth.src
. Second, packets directed to broadcast or multicast
eth.dst
are always accepted instead of being subject to the
port security rules; this is implemented through a priority-100 flow that
- matches on eth.dst[40]
with action output;
.
+ matches on eth.mcast
with action output;
.
Finally, to ensure that even broadcast and multicast packets are not
delivered to disabled logical ports, a priority-150 flow for each
disabled logical outport
overrides the priority-100 flow
@@ -227,7 +227,7 @@
For each enabled router port P with Ethernet address
E, a priority-50 flow that matches inport ==
- P && (eth.dst[40] || eth.dst ==
+ P && (eth.mcast || eth.dst ==
E
), with action next;
.
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index e698907..089bf75 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -798,7 +798,7 @@ build_lflows(struct northd_context *ctx, struct hmap *datapaths,
}
}
HMAP_FOR_EACH (od, key_node, datapaths) {
- ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 100, "eth.dst[40]",
+ ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 100, "eth.mcast",
"outport = \""MC_FLOOD"\"; output;");
}
@@ -867,7 +867,7 @@ build_lflows(struct northd_context *ctx, struct hmap *datapaths,
/* Egress table 1: Egress port security multicast/broadcast (priority
* 100). */
HMAP_FOR_EACH (od, key_node, datapaths) {
- ovn_lflow_add(&lflows, od, P_OUT, S_OUT_PORT_SEC, 100, "eth.dst[40]",
+ ovn_lflow_add(&lflows, od, P_OUT, S_OUT_PORT_SEC, 100, "eth.mcast",
"output;");
}
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index bd116c3..f898f97 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -705,8 +705,11 @@
+ eth.bcast
expands to eth.dst == ff:ff:ff:ff:ff:ff
+ eth.mcast
expands to eth.dst[40]
vlan.present
expands to vlan.tci[12]
ip4
expands to eth.type == 0x800
+ ip4.mcast
expands to ip4.dst[28..31] == 0xe
ip6
expands to eth.type == 0x86dd
ip
expands to ip4 || ip6
icmp4
expands to ip4 && ip.proto == 1