From patchwork Wed Jul 13 11:20:36 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gurucharan Shetty <guru@ovn.org>
X-Patchwork-Id: 648066
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (archives.nicira.com [96.126.127.54])
	by ozlabs.org (Postfix) with ESMTP id 3rqWvN0WTRz9sDB
	for <incoming@patchwork.ozlabs.org>;
	Thu, 14 Jul 2016 07:20:16 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 28DD010A8E;
	Wed, 13 Jul 2016 14:20:15 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5])
	by archives.nicira.com (Postfix) with ESMTPS id 85BC810A8D
	for <dev@openvswitch.org>; Wed, 13 Jul 2016 14:20:13 -0700 (PDT)
Received: from bar6.cudamail.com (localhost [127.0.0.1])
	by mx3v3.cudamail.com (Postfix) with ESMTPS id 1BE7D162D81
	for <dev@openvswitch.org>; Wed, 13 Jul 2016 15:20:13 -0600 (MDT)
X-ASG-Debug-ID: 1468444812-0b32373fc308510001-byXFYA
Received: from mx3-pf3.cudamail.com ([192.168.14.3]) by bar6.cudamail.com
	with
	ESMTP id 7LDPpAhtLrRFRL5w (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Wed, 13 Jul 2016 15:20:12 -0600 (MDT)
X-Barracuda-Envelope-From: guru.ovn@gmail.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.3
Received: from unknown (HELO mail-pa0-f66.google.com) (209.85.220.66)
	by mx3-pf3.cudamail.com with ESMTPS (AES128-SHA encrypted);
	13 Jul 2016 21:20:12 -0000
Received-SPF: pass (mx3-pf3.cudamail.com: SPF record at _netblocks.google.com
	designates 209.85.220.66 as permitted sender)
X-Barracuda-Apparent-Source-IP: 209.85.220.66
X-Barracuda-RBL-IP: 209.85.220.66
Received: by mail-pa0-f66.google.com with SMTP id hh10so3568173pac.1
	for <dev@openvswitch.org>; Wed, 13 Jul 2016 14:20:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=E9M4xLPa2q1t5Ih9Aj6u4BwJu+furrZ2+XTdi8NF4pg=;
	b=e3iNY9Hyu4ERa53BnZvo0U+vYHW8SX3n/4nuewpbyQNeTXtSZzXPONMms15JAAGCJt
	lwvbgyvBt04rm4HwAQH7AMSh0BL55p38qAoewPBjnIzcO+PeHBSZXUT4lEUMprkSvE36
	ExlAqLu0mKlfbWxn913DFLLQMsL3y1QlVW3XqdHFkKmdxqvAYa54l1PaeO8lgSvYJW/k
	hmS3YahmHAQDilM1mSutpCHYmVrItZl9m8M1s/gE+Sr0spgEb94ipwReZKLWohR6aKfM
	kR/TaXt9YDUZ0bYkiOM8r3JYCzqzc5HP6binBudy8lpQlEU5oZ0q8SJi4BPwGDUgnaF+
	gbdA==
X-Gm-Message-State: 
 ALyK8tIPknRd5Iq4YJlz12xEe+qxqyZwr7Q2Ei4ddZ87JkipeRRPLOL+OKc4GSiURvZMjQ==
X-Received: by 10.66.127.10 with SMTP id nc10mr16939805pab.109.1468444811628;
	Wed, 13 Jul 2016 14:20:11 -0700 (PDT)
Received: from ubuntu.eng.vmware.com ([208.91.1.34])
	by smtp.gmail.com with ESMTPSA id
	w63sm6496352pfi.9.2016.07.13.14.20.09 for <dev@openvswitch.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 13 Jul 2016 14:20:10 -0700 (PDT)
X-CudaMail-Envelope-Sender: guru.ovn@gmail.com
From: Gurucharan Shetty <guru@ovn.org>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-V3-712050344
X-CudaMail-DTE: 071316
X-CudaMail-Originating-IP: 209.85.220.66
Date: Wed, 13 Jul 2016 04:20:36 -0700
X-ASG-Orig-Subj: [##CM-V3-712050344##][PATCH v2] ovn-northd: Combine two NAT
	loops into one.
Message-Id: <1468408836-20417-1-git-send-email-guru@ovn.org>
X-Mailer: git-send-email 1.9.1
X-Barracuda-Connect: UNKNOWN[192.168.14.3]
X-Barracuda-Start-Time: 1468444812
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [PATCH v2] ovn-northd: Combine two NAT loops into one.
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
---
 ovn/northd/ovn-northd.c | 47 ++++++++++++++---------------------------------
 1 file changed, 14 insertions(+), 33 deletions(-)

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index b1c2c6c..52e3229 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2330,27 +2330,30 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           ds_cstr(&match), ds_cstr(&actions));
         }
 
-        /* ARP handling for external IP addresses.
-         *
-         * DNAT IP addresses are external IP addresses that need ARP
-         * handling. */
+        ovs_be32 *nat_ips = xmalloc(sizeof *nat_ips * op->od->nbr->n_nat);
+        size_t n_snat_ips = 0;
         for (int i = 0; i < op->od->nbr->n_nat; i++) {
             const struct nbrec_nat *nat;
 
             nat = op->od->nbr->nat[i];
 
-            if(!strcmp(nat->type, "snat")) {
-                continue;
-            }
-
             ovs_be32 ip;
             if (!ip_parse(nat->external_ip, &ip) || !ip) {
                 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
-                VLOG_WARN_RL(&rl, "bad ip address %s in dnat configuration "
+                VLOG_WARN_RL(&rl, "bad ip address %s in nat configuration "
                              "for router %s", nat->external_ip, op->key);
                 continue;
             }
 
+            if (!strcmp(nat->type, "snat")) {
+                nat_ips[n_snat_ips++] = ip;
+                continue;
+            }
+
+            /* ARP handling for external IP addresses.
+             *
+             * DNAT IP addresses are external IP addresses that need ARP
+             * handling. */
             ds_clear(&match);
             ds_put_format(&match,
                           "inport == %s && arp.tpa == "IP_FMT" && arp.op == 1",
@@ -2376,34 +2379,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           ds_cstr(&match), ds_cstr(&actions));
         }
 
-        /* Drop IP traffic to this router, unless the router ip is used as
-         * SNAT ip. */
-        ovs_be32 *nat_ips = xmalloc(sizeof *nat_ips * op->od->nbr->n_nat);
-        size_t n_nat_ips = 0;
-        for (int i = 0; i < op->od->nbr->n_nat; i++) {
-            const struct nbrec_nat *nat;
-            ovs_be32 ip;
-
-            nat = op->od->nbr->nat[i];
-            if (strcmp(nat->type, "snat")) {
-                continue;
-            }
-
-            if (!ip_parse(nat->external_ip, &ip) || !ip) {
-                static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
-                VLOG_WARN_RL(&rl, "bad ip address %s in snat configuration "
-                         "for router %s", nat->external_ip, op->key);
-                continue;
-            }
-
-            nat_ips[n_nat_ips++] = ip;
-        }
-
         ds_clear(&match);
         ds_put_cstr(&match, "ip4.dst == {");
         bool has_drop_ips = false;
         for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
-            for (int j = 0; j < n_nat_ips; j++) {
+            for (int j = 0; j < n_snat_ips; j++) {
+                /* Packets to SNAT IPs should not be dropped. */
                 if (op->lrp_networks.ipv4_addrs[i].addr == nat_ips[j]) {
                     continue;
                 }