From patchwork Wed Dec 1 12:56:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1562159 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=V0n4yfnX; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4J3zc70WPzz9sCD for ; Wed, 1 Dec 2021 23:56:21 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id AACAB607D2; Wed, 1 Dec 2021 12:56:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9HC1Yy8KnXf; Wed, 1 Dec 2021 12:56:17 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id C1BA26076F; Wed, 1 Dec 2021 12:56:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6ABCDC001C; Wed, 1 Dec 2021 12:56:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B0ACDC000A for ; Wed, 1 Dec 2021 12:56:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 9A35340475 for ; Wed, 1 Dec 2021 12:56:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iP6_cAzaWr-R for ; Wed, 1 Dec 2021 12:56:14 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by smtp4.osuosl.org (Postfix) with ESMTPS id D0AD540431 for ; Wed, 1 Dec 2021 12:56:13 +0000 (UTC) Received: by mail-ed1-x52d.google.com with SMTP id o20so100671837eds.10 for ; Wed, 01 Dec 2021 04:56:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=cZ/hIL2whPr5orhlzIh1pFAyIQLl+wmAqtzX5/OqL3A=; b=V0n4yfnX2+Kyue4QngpA4acFITz4npukFlW+1egP+NQnUJVzhR08pez/1huonWSeFF MonGt3xlxPIxso0S38tMVjm+i9e0E3aCk+xaCgt7Y71u7YSgaH3OVOtVrF+9odNwIIcG S1gnX5+zOi3Cpqn/xp4GBZ/C5QFgqPG50ZlFA70ShmybPCQ0Kehy81X8SnG/588TFzG/ EJqpZemG2sq1BPwnFo1QmHiUPeAK3tOX1wQCc1cmWCYzyjmkfjVDcwCu5UUtI9PHU7z3 VzA6i7GRfz5MUE5SmajC/nlskvcrutnt7F5GxtmsShM9XWta58RpZRd0Cgf682ttd+f9 yAHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=cZ/hIL2whPr5orhlzIh1pFAyIQLl+wmAqtzX5/OqL3A=; b=e2O5j6p+fMb8sbj25fD7qIoBiXwlVxv3H3Zq7qcPGjUXIVHQQiz3L/vPWZwGOdKwXv nI/KmoWmIiTmoh78GRrDayiZr/j6moayrhOhaIfRiM6lNZHHuub5i6ZEp/7pvCJCeX2h 58qTOsKi+r1eNfOUpzeSsdXubUxf8NL8WLrcgwexnEeWJLwaFKgJkIyBOr1QvUdOnj0j ScHbKLn/8BPwlXUABkHMGVyMrCTUnbcoWWUQgKgtYuPkw4WKfaHIPjLkym+P4/0WpJKd dkVCPvHqlHSPLOPrL3xAJKSAR1jIjb/7oiwTeuJtYXruHde8DZEaXPWn62xtlrO4uai5 BaUQ== X-Gm-Message-State: AOAM532/wp5tDXt9yacqfxsArmfUNj2w0kD+QA/jCDagXII3n42QAjZK C4jDmJdgk+tAqnsD72MhUjqQ9TnhrHGxhQ== X-Google-Smtp-Source: ABdhPJyMqMT/SneTxhGm23iEXP9vWN4w1n/Tai3nhMdpJzQ1s6CmjfQ/in7z5iuzR7YMGGOyMYDuPA== X-Received: by 2002:a17:906:a08d:: with SMTP id q13mr6883853ejy.465.1638363371773; Wed, 01 Dec 2021 04:56:11 -0800 (PST) Received: from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru. [109.252.131.59]) by smtp.gmail.com with ESMTPSA id dm6sm6499907ejc.89.2021.12.01.04.56.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Dec 2021 04:56:11 -0800 (PST) From: Vladislav Odintsov To: dev@openvswitch.org Date: Wed, 1 Dec 2021 15:56:05 +0300 Message-Id: <20211201125608.36918-1-odivlad@gmail.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn 0/3] Support mixing stateless and stateful ACLs regardless of their priority X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Currently if user has a stateless and statetul ACLs (allow-stateless and allow-related) in one port group or in one logical switch simultaneously, the stateless rules whould take precedence. This patch series adds support for mixing all the ACLs types with the respect to their priority. This change requires next: Also, as an optimisation, traffic from HW VTEP switch in ingress datapath is passed from ls_in_l2_sec directly to ls_in_l2_lkup, as it doesn't need any processing in ingress pipeline except determining outport in ls_in_l2_lkup table. Vladislav Odintsov (3): Revert "northd: support HW VTEP with stateful datapath" northd: send ingress packets from HW VTEP directly to L2_LKUP table northd: support mix of stateless ACL with lower priority than stateful northd/northd.c | 113 ++++++++++++++++++++++------------------ northd/ovn-northd.8.xml | 35 ++++--------- northd/ovn_northd.dl | 47 +++++------------ tests/ovn-northd.at | 50 ++++++++++-------- 4 files changed, 114 insertions(+), 131 deletions(-)