From patchwork Mon Oct 26 18:16:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 1387967 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CKjhv0s09z9sT6 for ; Tue, 27 Oct 2020 05:16:47 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 94BC685B3D; Mon, 26 Oct 2020 18:16:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPaSGpNvGyee; Mon, 26 Oct 2020 18:16:43 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id BED1685F66; Mon, 26 Oct 2020 18:16:43 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A3791C1ADC; Mon, 26 Oct 2020 18:16:43 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 99749C1AD8 for ; Mon, 26 Oct 2020 18:16:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8B7F187093 for ; Mon, 26 Oct 2020 18:16:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56K2T5dsREQR for ; Mon, 26 Oct 2020 18:16:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by hemlock.osuosl.org (Postfix) with ESMTPS id 6431687053 for ; Mon, 26 Oct 2020 18:16:39 +0000 (UTC) Received: from sigfpe.attlocal.net (75-54-222-30.lightspeed.rdcyca.sbcglobal.net [75.54.222.30]) (Authenticated sender: blp@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 24CD6100008; Mon, 26 Oct 2020 18:16:36 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Mon, 26 Oct 2020 11:16:24 -0700 Message-Id: <20201026181626.1827014-5-blp@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201026181626.1827014-1-blp@ovn.org> References: <20201026181626.1827014-1-blp@ovn.org> MIME-Version: 1.0 Cc: Ben Pfaff Subject: [ovs-dev] [PATCH ovn 5/7] northd: Use address set for service monitor MAC. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Until now, the service monitor MAC has been inlined into logical flow matches. This makes it a little hard to compare flow tables from one run or deployment to another, since the service monitor MAC is random and will always differ. This commit changes flow matches to use an address set $svc_monitor_mac everywhere that it can be. This makes the flow matches the same in every deployment. The service monitor MAC is also used in actions to set Ethernet addresses. This can't be replaced by an address set, so these flows will still have some differences. Signed-off-by: Ben Pfaff Acked-by: Numan Siddique --- northd/ovn-northd.c | 43 +++++++++++++++++-------------------------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f25f5cd82f39..b96e0db516be 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -5004,15 +5004,11 @@ build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 0, "1", "next;"); - char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); - ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, svc_check_match, - "next;"); - free(svc_check_match); + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, + "eth.dst == $svc_monitor_mac", "next;"); - svc_check_match = xasprintf("eth.src == %s", svc_monitor_mac); - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, svc_check_match, - "next;"); - free(svc_check_match); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, + "eth.src == $svc_monitor_mac", "next;"); /* If there are any stateful ACL rules in this datapath, we must * send all IP packets through the conntrack action, which handles @@ -5170,15 +5166,10 @@ build_pre_lb(struct ovn_datapath *od, struct hmap *lflows, "next;"); /* Do not send service monitor packets to conntrack. */ - char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110, - svc_check_match, "next;"); - free(svc_check_match); - - svc_check_match = xasprintf("eth.src == %s", svc_monitor_mac); + "eth.dst == $svc_monitor_mac", "next;"); ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110, - svc_check_match, "next;"); - free(svc_check_match); + "eth.src == $svc_monitor_mac", "next;"); /* Allow all packets to go to next tables by default. */ ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, "1", "next;"); @@ -5831,17 +5822,13 @@ build_acls(struct ovn_datapath *od, struct hmap *lflows, /* Add a 34000 priority flow to advance the service monitor reply * packets to skip applying ingress ACLs. */ - char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); - ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 34000, svc_check_match, - "next;"); - free(svc_check_match); + ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 34000, + "eth.dst == $svc_monitor_mac", "next;"); /* Add a 34000 priority flow to advance the service monitor packets * generated by ovn-controller to skip applying egress ACLs. */ - svc_check_match = xasprintf("eth.src == %s", svc_monitor_mac); - ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, 34000, svc_check_match, - "next;"); - free(svc_check_match); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, 34000, + "eth.src == $svc_monitor_mac", "next;"); } static void @@ -7172,7 +7159,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } } - char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); /* Ingress table 19: Destination lookup, broadcast and multicast handling * (priority 70 - 100). */ HMAP_FOR_EACH (od, key_node, datapaths) { @@ -7180,7 +7166,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, continue; } - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, svc_check_match, + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, + "eth.dst == $svc_monitor_mac", "handle_svc_check(inport);"); struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; @@ -7253,7 +7240,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast", "outport = \""MC_FLOOD"\"; output;"); } - free(svc_check_match); /* Ingress table 19: Add IP multicast flows learnt from IGMP/MLD * (priority 90). */ @@ -11537,6 +11523,11 @@ sync_address_sets(struct northd_context *ctx) shash_add(&sb_address_sets, sb_address_set->name, sb_address_set); } + /* Service monitor MAC. */ + const char *svc_monitor_macp = svc_monitor_mac; + sync_address_set(ctx, "svc_monitor_mac", &svc_monitor_macp, 1, + &sb_address_sets); + /* sync port group generated address sets first */ const struct nbrec_port_group *nb_port_group; NBREC_PORT_GROUP_FOR_EACH (nb_port_group, ctx->ovnnb_idl) {