From patchwork Thu Sep 17 02:16:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1365772 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=XyDZNuuk; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BsLG03rTjz9sR4 for ; Thu, 17 Sep 2020 12:17:27 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 6F47C86F8D; Thu, 17 Sep 2020 02:17:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDy_Ic0oJ-8f; Thu, 17 Sep 2020 02:17:23 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0990B86F35; Thu, 17 Sep 2020 02:17:23 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E5668C0859; Thu, 17 Sep 2020 02:17:22 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3AB6FC0051 for ; Thu, 17 Sep 2020 02:17:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 2DF1A87236 for ; Thu, 17 Sep 2020 02:17:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vuKIPMokXueY for ; Thu, 17 Sep 2020 02:17:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by hemlock.osuosl.org (Postfix) with ESMTPS id A32D787026 for ; Thu, 17 Sep 2020 02:17:19 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 08H27RMv015693 for ; Wed, 16 Sep 2020 19:17:18 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-type : mime-version; s=proofpoint20171006; bh=T8dG0k5R8o3KkUnr246Jk0yuACnCy+hB4zAPktUvEU8=; b=XyDZNuukTBaxklHfIVMEqICoOpOg9UADYTEj5jyjLWK4wip0aaz9rMf2x14bW/yNcziK g6N5GGbKrZ/hgAEKeUKdL02bLNES3FfQfbrpKl1jilC65eeGwbrBC5odHMesewRq3Izk OSdkD5HSsouwQNBVcTrsb7ZfVE/FOHU6zZqPSa3nZFWLAZXjpWgJ849xV/kkRKwzePhy mX5wS/vVhYUrqJ1iSfvflzpYgPHGNy1S6n5uTANoHvgEhemtXtOrGp0+qXuRcGq4ZFPI M9HpJnDhlxYqfh9MeXjWY8JQ3sKjTDndrM0RYp1qy2Ghw/FSNitC1zm/d4JJ3ObZMFCi NA== Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2053.outbound.protection.outlook.com [104.47.36.53]) by mx0b-002c1b01.pphosted.com with ESMTP id 33k5q4k2ng-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 19:17:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P8RfUCsTZ8alT4HHaEtGTD3CepA1GWmXSdGyreswLvopDqlco4hEjBbYzwv2mMQScXkf/14H9oynYFtyp87KfONx5VjrMpT8sNvIgUcwc4iA7Z8VUgBlEZcHkFqflHTtNlz/q/UmKJ4DMRgDOI7kc3Ogcn+2tlhCKa4k+LkCfNT5MZPfiglLzyEuk4HQbZQw0Rh1GXva4V/GGIv9wDxyHgZDcNOoyVra7sMitsf8PC6FhT0r7OoKj7xCAZw02Vl4P1dbK0FDjQjnCz8t7kW9K6zNDEKnCA5XJHikQZ8vC/rZf39Z/SGH9bK6b9qerSmpX1gkSLkDmKGU2uwAdnO49Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T8dG0k5R8o3KkUnr246Jk0yuACnCy+hB4zAPktUvEU8=; b=E2X6517/T7jT9jR3dvLBWmbDG0Bih1OP0OCH2J4Bg0qLjee6wOxLn7/KTOdfkm/5NCHf/I7Muxj7bz3dz7EJsax4/AUuotmzmWdrWkVsRaL48fg58S163cADXU6y27jw4uIoCxq4w/93fAMXZ85ra8MrarC6jlftIycpgOmIq+5NLrJXOAgiiiyT6+yPvd0Ko5yOam0GJm2AO5MrHe87skcScdE/CZKc9w2bJPGOb4uxV/HOGdKBF9RmTtdSzg1k1U6Ag4i3+KeTVpD8PNyv92I6uE5aGwbC+ppSqyaJ+7W8+H+biLirCphCQ/l+JuV3Q4vpqV809a/YxkM7g+T/Fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from MN2PR02MB6896.namprd02.prod.outlook.com (2603:10b6:208:20a::11) by BL0PR02MB4306.namprd02.prod.outlook.com (2603:10b6:208:27::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Thu, 17 Sep 2020 02:17:17 +0000 Received: from MN2PR02MB6896.namprd02.prod.outlook.com ([fe80::9bf:7e6c:ff41:f27e]) by MN2PR02MB6896.namprd02.prod.outlook.com ([fe80::9bf:7e6c:ff41:f27e%6]) with mapi id 15.20.3391.011; Thu, 17 Sep 2020 02:17:17 +0000 From: Ankur Sharma To: ovs-dev@openvswitch.org Date: Wed, 16 Sep 2020 19:16:58 -0700 Message-Id: <1600309019-99938-2-git-send-email-svc.mail.git@nutanix.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1600309019-99938-1-git-send-email-svc.mail.git@nutanix.com> References: <1600309019-99938-1-git-send-email-svc.mail.git@nutanix.com> X-ClientProxiedBy: BYAPR21CA0021.namprd21.prod.outlook.com (2603:10b6:a03:114::31) To MN2PR02MB6896.namprd02.prod.outlook.com (2603:10b6:208:20a::11) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from northd.localdomain (192.146.154.98) by BYAPR21CA0021.namprd21.prod.outlook.com (2603:10b6:a03:114::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.1 via Frontend Transport; Thu, 17 Sep 2020 02:17:16 +0000 X-Mailer: git-send-email 1.8.3.1 X-Originating-IP: [192.146.154.98] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e6dc7049-7a33-4278-3038-08d85aafcc70 X-MS-TrafficTypeDiagnostic: BL0PR02MB4306: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:1060; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SN1lxJ+RwJvEV8T8upy2mOTSj4RqeQgOQN1uariScwJnd7RWtwhdq0ntBpy/p7DNqSxMfvqbtUDZEEB56eFMYTNQPcvVnwFcvz+dLSoz6LutOW4Bcbh8/e+F+T8deOHBDYMpiJmz2pjWiAq+Y3P5vyCEtyOlRU3/epRdb5jwsv+4ibKe+XmAfcuZla66xJ+iJp7x70Kcm8/+i51GK0ETGt+DV+jZ+olzR0QsVEQk96u3ZaKskB5bUtB0Z/YEum/iZmIRdCkNgDja0tjX0rHtwolpR4xosVFfS8G/l8perIw53aTHR+X7YXFTlFsN0XjR5g/emXIRLjI73UlPHVI2PPCX0CBKwQ/6tEuytWPt7zUxg+YsTD8q4NxtiirYUVGj X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR02MB6896.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(376002)(39850400004)(346002)(366004)(478600001)(66556008)(36756003)(6666004)(66946007)(66476007)(316002)(2616005)(6486002)(956004)(8936002)(86362001)(6506007)(8676002)(6916009)(2906002)(52116002)(4326008)(5660300002)(107886003)(83380400001)(66574015)(16526019)(30864003)(6512007)(26005)(186003); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: g1tuXSWQQTDz/b7bCVs+jGkf7ThchltfEOfrtO4sl+7E6UV9tD9N8X0y6rcEys3QI4PCEK1EKG9dcs/8LDT4MniVedQxGbo7nqFaV+xypGaci3lLbXhCkU0JwuT1EqGzY4kfufx4V1hIli0tpoWa3H0sLRyAbYEKbzh7uevJomIYR4dK+kolOidjrYOi76bRK7QpkdJ9seM6dideWz6Oe9YAtFsVm4lgRRHKLgGkv7KyarW2zEZY9emirwtapKijnLAIucC+SrRE1igG4IgVu9RzTgUysv2wp1xCOoVKgjzVEL87nYl1j/pKvQNkBiSMBDO95ynSZolQXcX6lBjaHBEe0yhnbI9g74kNGSblhxzCcsj4krPTLjJNcXKq+3wcv15zwRkG1OwYlfAOmG5/5d83z3xWdoImAsFzuUvOn1srNTa/tkcMUYz3K1h/dk8rv8VtF932/piu71tzksuJlSlp9wRRNdx42ziX5vrnCWdkERf922ivtPTe9UzORmpcN9ElxOVxblliRc37UOWJ/GaVz0K+sx/pwvJTHxt2J1EMkqhnhDIwwv6+3cVkbEECAfQv3TwwX7d4Ulnw+Zi2J2XtmBcC66acucjkWcMi4mKzIJKpP4vHqnZRaMZ2c1E6trONWSZqk7XkCq+jMksX0Q== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: e6dc7049-7a33-4278-3038-08d85aafcc70 X-MS-Exchange-CrossTenant-AuthSource: MN2PR02MB6896.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Sep 2020 02:17:17.2329 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: h5Bl8zlfK3mWNFXtuams73fiQlKdo/RleSAtj8bn7FOvZM933bHJ+xZmWjhkHhmIwZGLMW1M0YHR1rEs2kW3q1my9a2mabk5+VVSY4vBmUw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB4306 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-17_02:2020-09-16, 2020-09-17 signatures=0 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH v4 1/2 ovn] NAT: Provide port hash in input X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ankur Sharma This patch enhances the NB OVSSCHEMA to add an additional column in NAT table. external_port_hash: Specifies the hashing mechanism if port range is specified. Changes also add corresponding ovn-nbctl cli. Signed-off-by: Ankur Sharma --- ovn-nb.ovsschema | 5 +- ovn-nb.xml | 15 ++++++ tests/ovn-nbctl.at | 136 +++++++++++++++++++++++++++++++------------------- utilities/ovn-nbctl.c | 102 ++++++++++++++++++++++++++++--------- 4 files changed, 182 insertions(+), 76 deletions(-) diff --git a/ovn-nb.ovsschema b/ovn-nb.ovsschema index 092322a..9b8e070 100644 --- a/ovn-nb.ovsschema +++ b/ovn-nb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Northbound", - "version": "5.27.0", - "cksum": "3507518247 26773", + "version": "5.28.0", + "cksum": "2621169942 26831", "tables": { "NB_Global": { "columns": { @@ -398,6 +398,7 @@ "external_mac": {"type": {"key": "string", "min": 0, "max": 1}}, "external_port_range": {"type": "string"}, + "external_port_hash": {"type": "string"}, "logical_ip": {"type": "string"}, "logical_port": {"type": {"key": "string", "min": 0, "max": 1}}, diff --git a/ovn-nb.xml b/ovn-nb.xml index 0bfe626..142d934 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2729,6 +2729,21 @@ + +

+ Hashing algorithm to hash a packet to specified port range +

+ +

+ Applicable only if port range is also specified. +

+ +

+ Takes one of the 2 values "Random" and "Hash" +

+ + + An IPv4 network (e.g 192.168.1.0/24) or an IPv4 address. diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at index baf7a87..6ce1ecf 100644 --- a/tests/ovn-nbctl.at +++ b/tests/ovn-nbctl.at @@ -476,15 +476,15 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::1 fd11::2]) AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:01:02:03]) AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3 lp0 00:00:00:01:02:03]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:01:02:03 lp0 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:01:02:03 lp0 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24], [1], [], [ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and logical_ip already exists @@ -512,28 +512,28 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.3], [1], [], ]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:04:05:06]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:04:05:06 lp0 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:04:05:06 lp0 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl --bare --columns=options list nat | grep stateless=true| wc -l], [0], @@ -584,26 +584,26 @@ AT_CHECK([ovn-nbctl --if-exists lr-nat-del lr0 snat 192.168.10.0/24]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat 30.0.0.1]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat fd01::1]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat 40.0.0.2 192.168.1.4 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat 40.0.0.3 192.168.1.6 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat 40.0.0.2 192.168.1.4 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat 40.0.0.3 192.168.1.6 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat 40.0.0.2 192.168.1.4 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat 40.0.0.3 192.168.1.6 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat 40.0.0.2 192.168.1.4 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat 40.0.0.3 192.168.1.6 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0]) @@ -613,10 +613,10 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.5 192.168.1.10 1]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.5 192.168.1.8 1-3000]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 00:00:00:04:05:06 1-3000]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 1-3000], [1], [], -[ovn-nbctl: lr-nat-add with logical_port must also specify external_mac. +[ovn-nbctl: invalid port range lp0. ]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 00:00:00:04:05:06 1-3000], [1], [], -[ovn-nbctl: lr-nat-add with logical_port must also specify external_mac. +[ovn-nbctl: invalid port range 00:00:00:04:05:06. ]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 0], [1], [], @@ -674,12 +674,46 @@ AT_CHECK([ovn-nbctl show lr0 | grep -C2 'external port(s): "1"' | uuidfilt], [0] ]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 40.0.0.4 1-3000 192.168.1.7 -dnat 40.0.0.5 1 192.168.1.10 -dnat_and_snat 40.0.0.5 1-3000 192.168.1.8 -dnat_and_snat 40.0.0.6 1-3000 192.168.1.9 00:00:00:04:05:06 lp0 -snat 40.0.0.3 21-65535 192.168.1.6 +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 40.0.0.4 1-3000 192.168.1.7 +dnat 40.0.0.5 1 192.168.1.10 +dnat_and_snat 40.0.0.5 1-3000 192.168.1.8 +dnat_and_snat 40.0.0.6 1-3000 192.168.1.9 00:00:00:04:05:06 lp0 +snat 40.0.0.3 21-65535 192.168.1.6 +]) + +AT_CHECK([ovn-nbctl lr-nat-del lr0]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 snat 40.0.0.3 192.168.1.6 21-65535 hash]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.4 192.168.1.7 1-3000 random]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.5 192.168.1.10 1 hash]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.5 192.168.1.8 1-3000]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 00:00:00:04:05:06 1-3000]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 1-3000 hash], [1], [], +[ovn-nbctl: invalid mac address 1-3000. +]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 00:00:00:04:05:06 1-3000 hash], [1], [], +[ovn-nbctl: 00:00:00:04:05:06: port name not found +]) + +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 0 random], [1], [], +[ovn-nbctl: invalid port range 0. +]) + +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 1-300 abcd], [1], [], +[ovn-nbctl: invalid port hash abcd. +]) + +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 abcd], [1], [], +[ovn-nbctl: invalid port range abcd. +]) + +AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl +TYPE EXTERNAL_IP EXTERNAL_PORT EXTERNAL_PORT_HASH LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 40.0.0.4 1-3000 random 192.168.1.7 +dnat 40.0.0.5 1 hash 192.168.1.10 +dnat_and_snat 40.0.0.5 1-3000 192.168.1.8 +dnat_and_snat 40.0.0.6 1-3000 192.168.1.9 00:00:00:04:05:06 lp0 +snat 40.0.0.3 21-65535 hash 192.168.1.6 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0]) diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index c54e639..3a1b158 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -1088,6 +1088,11 @@ print_lr(const struct nbrec_logical_router *lr, struct ds *s) if (nat->external_port_range[0]) { ds_put_cstr(s, " external port(s): "); ds_put_format(s, "\"%s\"\n", nat->external_port_range); + + if (nat->external_port_hash[0]) { + ds_put_cstr(s, " external port_hash: "); + ds_put_format(s, "\"%s\"\n", nat->external_port_hash); + } } ds_put_cstr(s, " logical ip: "); ds_put_format(s, "\"%s\"\n", nat->logical_ip); @@ -4129,6 +4134,16 @@ out: free(nexthop); } +static inline bool +is_valid_port_hash(const char *port_hash) +{ + if (!strcmp(port_hash, "hash") || !strcmp(port_hash, "random")) { + return true; + } + + return false; +} + static bool is_valid_port_range(const char *port_range) { @@ -4246,6 +4261,7 @@ nbctl_lr_nat_add(struct ctl_context *ctx) const char *logical_port = NULL; const char *external_mac = NULL; const char *port_range = NULL; + const char *port_hash = NULL; if (ctx->argc == 6) { if (!is_portrange) { @@ -4259,19 +4275,46 @@ nbctl_lr_nat_add(struct ctl_context *ctx) goto cleanup; } - } else if (ctx->argc >= 7) { - if (strcmp(nat_type, "dnat_and_snat")) { - ctl_error(ctx, "logical_port and external_mac are only valid when " - "type is \"dnat_and_snat\"."); - goto cleanup; - } + } else if (ctx->argc == 7) { + if (is_portrange) { + port_range = ctx->argv[5]; + if (!is_valid_port_range(port_range)) { + ctl_error(ctx, "invalid port range %s.", port_range); + goto cleanup; + } - if (ctx->argc == 7 && is_portrange) { - ctl_error(ctx, "lr-nat-add with logical_port " - "must also specify external_mac."); - goto cleanup; + /* No need to validate the hash value, NBDB set will fail, + * If value is not valid */ + port_hash = ctx->argv[6]; + if (!is_valid_port_hash(port_hash)) { + ctl_error(ctx, "invalid port hash %s.", port_hash); + goto cleanup; + } + } else { + if (strcmp(nat_type, "dnat_and_snat")) { + ctl_error(ctx, "logical_port and external_mac are only valid " + "when type is \"dnat_and_snat\"."); + goto cleanup; + } + + logical_port = ctx->argv[5]; + const struct nbrec_logical_switch_port *lsp; + error = lsp_by_name_or_uuid(ctx, logical_port, true, &lsp); + if (error) { + ctx->error = error; + goto cleanup; + } + + external_mac = ctx->argv[6]; + struct eth_addr ea; + if (!eth_addr_from_string(external_mac, &ea)) { + ctl_error(ctx, "invalid mac address %s.", external_mac); + goto cleanup; + } } + } else if (ctx->argc >= 8) { + logical_port = ctx->argv[5]; const struct nbrec_logical_switch_port *lsp; error = lsp_by_name_or_uuid(ctx, logical_port, true, &lsp); @@ -4286,11 +4329,17 @@ nbctl_lr_nat_add(struct ctl_context *ctx) ctl_error(ctx, "invalid mac address %s.", external_mac); goto cleanup; } - - if (ctx->argc > 7) { - port_range = ctx->argv[7]; - if (!is_valid_port_range(port_range)) { - ctl_error(ctx, "invalid port range %s.", port_range); + port_range = ctx->argv[7]; + if (!is_valid_port_range(port_range)) { + ctl_error(ctx, "invalid port range %s.", port_range); + goto cleanup; + } + if (ctx->argc > 8) { + /* No need to validate the hash value, NBDB set will fail, + * If value is not valid */ + port_hash = ctx->argv[8]; + if (!is_valid_port_hash(port_hash)) { + ctl_error(ctx, "invalid port hash %s.", port_hash); goto cleanup; } } @@ -4299,6 +4348,7 @@ nbctl_lr_nat_add(struct ctl_context *ctx) port_range = NULL; logical_port = NULL; external_mac = NULL; + port_hash = NULL; } bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL; @@ -4387,6 +4437,9 @@ nbctl_lr_nat_add(struct ctl_context *ctx) if (port_range) { nbrec_nat_set_external_port_range(nat, port_range); + if (port_hash) { + nbrec_nat_set_external_port_hash(nat, port_hash); + } } smap_add(&nat_options, "stateless", stateless ? "true":"false"); @@ -4507,13 +4560,15 @@ nbctl_lr_nat_list(struct ctl_context *ctx) const struct nbrec_nat *nat = lr->nat[i]; char *key = xasprintf("%-17.13s%s", nat->type, nat->external_ip); if (nat->external_mac && nat->logical_port) { - smap_add_format(&lr_nats, key, "%-17.13s%-22.18s%-21.17s%s", - nat->external_port_range, + smap_add_format(&lr_nats, key, "%-17.13s%-22.18s%-" + "22.18s%-21.17s%s",nat->external_port_range, + nat->external_port_hash, nat->logical_ip, nat->external_mac, nat->logical_port); } else { - smap_add_format(&lr_nats, key, "%-17.13s%s", + smap_add_format(&lr_nats, key, "%-17.13s%-22.18s%s", nat->external_port_range, + nat->external_port_hash, nat->logical_ip); } free(key); @@ -4522,9 +4577,9 @@ nbctl_lr_nat_list(struct ctl_context *ctx) const struct smap_node **nodes = smap_sort(&lr_nats); if (nodes) { ds_put_format(&ctx->output, - "%-17.13s%-19.15s%-17.13s%-22.18s%-21.17s%s\n", - "TYPE", "EXTERNAL_IP", "EXTERNAL_PORT", "LOGICAL_IP", - "EXTERNAL_MAC", "LOGICAL_PORT"); + "%-17.13s%-19.15s%-17.13s%-22.18s%-22.18s%-21.17s%s\n", + "TYPE", "EXTERNAL_IP", "EXTERNAL_PORT", "EXTERNAL_PORT_HASH", + "LOGICAL_IP","EXTERNAL_MAC", "LOGICAL_PORT"); for (size_t i = 0; i < smap_count(&lr_nats); i++) { const struct smap_node *node = nodes[i]; ds_put_format(&ctx->output, "%-36.32s%s\n", @@ -6538,8 +6593,9 @@ static const struct ctl_command_syntax nbctl_commands[] = { /* NAT commands. */ { "lr-nat-add", 4, 7, "ROUTER TYPE EXTERNAL_IP LOGICAL_IP" - "[LOGICAL_PORT EXTERNAL_MAC] [EXTERNAL_PORT_RANGE]", NULL, - nbctl_lr_nat_add, NULL, "--may-exist,--stateless,--portrange", RW }, + "[LOGICAL_PORT EXTERNAL_MAC] [EXTERNAL_PORT_RANGE EXTERNAL_PORT_HASH]", + NULL, nbctl_lr_nat_add, NULL, "--may-exist,--stateless,--portrange", + RW }, { "lr-nat-del", 1, 3, "ROUTER [TYPE [IP]]", NULL, nbctl_lr_nat_del, NULL, "--if-exists", RW }, { "lr-nat-list", 1, 1, "ROUTER", NULL, nbctl_lr_nat_list, NULL, "", RO }, From patchwork Thu Sep 17 02:16:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1365774 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=NshV2Ws5; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BsLGB17ffz9sRR for ; Thu, 17 Sep 2020 12:17:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A994D873B4; Thu, 17 Sep 2020 02:17:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gEG+HRMjv6m7; Thu, 17 Sep 2020 02:17:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 538DA873D0; Thu, 17 Sep 2020 02:17:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 28654C0895; Thu, 17 Sep 2020 02:17:32 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id BFF33C0859 for ; Thu, 17 Sep 2020 02:17:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A8FFF8718E for ; Thu, 17 Sep 2020 02:17:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LiOvZALWonO for ; Thu, 17 Sep 2020 02:17:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by whitealder.osuosl.org (Postfix) with ESMTPS id 8258A87695 for ; Thu, 17 Sep 2020 02:17:29 +0000 (UTC) Received: from pps.filterd (m0127843.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 08H28gGU014941 for ; Wed, 16 Sep 2020 19:17:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-type : mime-version; s=proofpoint20171006; bh=WTfNhf/bMIQ+fAel6sXPLTc/f5K1Jy9N2g5ZuTNpTi8=; b=NshV2Ws5kbUsPAhqehnkj69/Y6fOIROtC2B6idbulSG3vrVVBbndybNvh8ZKxYZ95ZgT FBUzOxI5nrHCenvA1NaIrxKXoJPTqrcqQ6VDsZviXmD8mabkiztH8iSE+bqRUvGUljMO LLpXdPfBumodTTthMxl4A2AIHg7xdJMozxiTE+dl32jzC/WaZ5mrKG8JILbMuMdhC+4T rSMouCRy9A/P2I4IS+Ifc1zXLCF3yMElQWD0KZwHFSFpPCbxTUSYMTjCwXjwhjFBMQFa AX3aaad0UzsT2C3nEPTIx0pRNm+5DnSnrGexuz1+3tA96KtqWL2Xm99kPwDfHRpGxpP7 xA== Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2053.outbound.protection.outlook.com [104.47.36.53]) by mx0b-002c1b01.pphosted.com with ESMTP id 33k5qkk2wu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 19:17:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YDd/7u51LSzD2zJ4F5Ae+GMF7tazINsrYh3MGMmGCgUD3fcT0pdlxBwPlf1ld7jNxhboLsZ2DZ8sH11VAZIqAUshtIvSZcFqxLFxIo9vtD9u4xUfoAh2dUPRTRYXda/FaARg2ELWTpVhFWMZ5RXZnztDaq7YlFOFoHz68PqKK6pUEgZCS4+WPfTn5PfL54WGSMHW6drTnx32CbH28gq5mInrCUqx0buMXOQCNwYWcf7GfyZgtV/jxg7CvUtbEy0863wGdP1sXCgrvVeGMAtT22p4CISlTFgnl5/cY0qI2uwhM2mI2AdTgUZdq0RP+IcYjfvKMX2snvzFvTKuMXjueA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WTfNhf/bMIQ+fAel6sXPLTc/f5K1Jy9N2g5ZuTNpTi8=; b=Qd2NYAPgIMJooYhf707Jbt7Gk13uuYHpOmMjrG1S99BNWNAx35JKCosnaTGLghNBJeI9MPHljx0FsLT+nSrk7etBasjk6BRDWpF4bq43rwNDto+B1fK3UrlW4gLsYLpkbMEn4ZEQwby3C5OxDYkpgB3IeNYh0B9uZSJCM9kdNVze68WO/RT1WikZ2TwpDvi85Qs/AsUxpzFREOhqVsQPMgyDhVVcBcP1Q/ayUxIlz8XCrotKNBJtzktEPdNAqa8cOdoKwXqAI3TquZjzfdnacZvaQ5tKIJKuOGk45DYDLEBDxSqQ0zdL9Ukl2VLKsQRmqRp5z2G6nNRTWdQ8v0DagQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from MN2PR02MB6896.namprd02.prod.outlook.com (2603:10b6:208:20a::11) by BL0PR02MB4306.namprd02.prod.outlook.com (2603:10b6:208:27::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Thu, 17 Sep 2020 02:17:26 +0000 Received: from MN2PR02MB6896.namprd02.prod.outlook.com ([fe80::9bf:7e6c:ff41:f27e]) by MN2PR02MB6896.namprd02.prod.outlook.com ([fe80::9bf:7e6c:ff41:f27e%6]) with mapi id 15.20.3391.011; Thu, 17 Sep 2020 02:17:26 +0000 From: Ankur Sharma To: ovs-dev@openvswitch.org Date: Wed, 16 Sep 2020 19:16:59 -0700 Message-Id: <1600309019-99938-3-git-send-email-svc.mail.git@nutanix.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1600309019-99938-1-git-send-email-svc.mail.git@nutanix.com> References: <1600309019-99938-1-git-send-email-svc.mail.git@nutanix.com> X-ClientProxiedBy: BYAPR21CA0021.namprd21.prod.outlook.com (2603:10b6:a03:114::31) To MN2PR02MB6896.namprd02.prod.outlook.com (2603:10b6:208:20a::11) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from northd.localdomain (192.146.154.98) by BYAPR21CA0021.namprd21.prod.outlook.com (2603:10b6:a03:114::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.1 via Frontend Transport; Thu, 17 Sep 2020 02:17:24 +0000 X-Mailer: git-send-email 1.8.3.1 X-Originating-IP: [192.146.154.98] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: deb66d6c-e321-47ef-b8c4-08d85aafd14c X-MS-TrafficTypeDiagnostic: BL0PR02MB4306: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:220; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vSnL47bo+fJNLu6xVZ4vgjomZMbhiuAmG/oPuTRSCbpnGkQ35Ts2mexy1K5yexaF/OM8y6/Ue3rJwn+Xb5ky3fwLZq3GIn6RCEhjuPrlABq5Tjo3l/Nxggrlc16pbNyNh1ZXslivjzzPazbYJLD+fbmbtQwHJI6tcVdZljZkG7+3KLdzrDof0I4u4X1GDp1eg6PV2NzbXpIKsXKnaEnKttNu9FyyiJqDGOvbeo4A7Duq7XsYcML5AX9FbqqnHf9hLT3ucRqbX1YRQPs9g9Sg3mvNEWaw2eZNc5kDa7BDkPbuToKn/8KSCCEpmMbvGeNVUMXRiuC842dBHoHoS0ibN0yRW/86hX9Gs7r+4yRyilA= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR02MB6896.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(376002)(39850400004)(346002)(366004)(478600001)(66556008)(36756003)(6666004)(66946007)(66476007)(316002)(2616005)(6486002)(956004)(8936002)(86362001)(6506007)(8676002)(6916009)(2906002)(52116002)(4326008)(5660300002)(107886003)(83380400001)(66574015)(16526019)(30864003)(6512007)(26005)(186003); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: YkUu9cNz1bHuYrOZQM0WR0BQzlDf9IFBYj7th0b7X480zTXqLhAwIbi14pXp8szh7lpW3awZWN6jvkxXxMHresV8qhf+SCopiAQvHw2cy5SywSHaHNTKTCRCuumKnfsJNoTq1DDh48oA93ZFDHvtpucXPll4vot2sxRzeggSV33OQBbc52Lv/NA3h+0tqGiL8iJdN3o76R+/Pg08Y2zFsSRBLcoBXB8a8Mq+VQB4SomGHOFMalNmOIaGFmkFyZVZqqupPELRr9kRKpg+IF7UIQqXDP1U8++qf2K3lmTnPpBB5BtrEMq+VV30z+j/pQ/r/m1o09iBDIiaamCgILVcylJY0MwepnEKAOB3ImywIWqYcdPMBZxhdVncBfKRJgWFsFfRWORiGiR7YG23W66osOvN0b22f2FSSzJG0ZzM9uQ6i845Ff7bJKlffwqvguo4DsnkkqjBhR1ehOiGRSiNNxYu/zMd5k1Jj92mgmYHF4Qfoj3pv1W6/hgkTDtFRONZn5P5fQmxh52LZhXA1KX1AhXXqPtsZynQE5ogdQzTPohxJ48I9QmH9zAEir38m2SseFcagfkQL162RIlyfbkSjdehL9rV09ixj9dsueTLRp4VhK3eiKlYze3omxvPDHu/OjTJIv++eiorUO5Pbij11A== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: deb66d6c-e321-47ef-b8c4-08d85aafd14c X-MS-Exchange-CrossTenant-AuthSource: MN2PR02MB6896.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Sep 2020 02:17:26.5440 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bvcyJ4Vfc6diC+qY6C4flfnevEqNp2TwQVnG+Un64ewumtG4QJmk/uNtFdo8Ddj0n9tmevgYhBYTrHy7gnuFMYxIRcWluq6zLNCje75R5bo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB4306 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-17_02:2020-09-16, 2020-09-17 signatures=0 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH v4 2/2 ovn] NAT: Northd and parser changes to support port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Ankur Sharma This patch has following changes: a. Northd changes to put port range hash in the logical flow based on configuration. b. Changes to parse the logical flow, which specifies port_range_hash along with port_range for ct_nat action. Example logical flow: ct_snat(10.15.24.135,1-30000, hash) Signed-off-by: Ankur Sharma --- include/ovn/actions.h | 1 + lib/actions.c | 51 +++++++++++++++++++++++++++++++++++++-- northd/ovn-northd.c | 16 +++++++++++++ tests/ovn-northd.at | 31 ++++++++++++++++++++++++ tests/ovn.at | 66 ++++++++++++++++++++++++++++++++++++++++++++------- 5 files changed, 155 insertions(+), 10 deletions(-) diff --git a/include/ovn/actions.h b/include/ovn/actions.h index 636cb4b..101cd7a 100644 --- a/include/ovn/actions.h +++ b/include/ovn/actions.h @@ -235,6 +235,7 @@ struct ovnact_ct_nat { bool exists; uint16_t port_lo; uint16_t port_hi; + char *port_hash; } port_range; uint8_t ltable; /* Logical table ID of next table. */ diff --git a/lib/actions.c b/lib/actions.c index 5fe0a38..c8e0767 100644 --- a/lib/actions.c +++ b/lib/actions.c @@ -707,6 +707,8 @@ parse_ct_nat(struct action_context *ctx, const char *name, if (lexer_match(ctx->lexer, LEX_T_COMMA)) { + cn->port_range.port_hash = NULL; + if (ctx->lexer->token.type != LEX_T_INTEGER || ctx->lexer->token.format != LEX_F_DECIMAL) { lexer_syntax_error(ctx->lexer, "expecting Integer for port " @@ -733,8 +735,40 @@ parse_ct_nat(struct action_context *ctx, const char *name, "greater than range low"); } lexer_get(ctx->lexer); + + if (lexer_match(ctx->lexer, LEX_T_COMMA)) { + if (ctx->lexer->token.type != LEX_T_ID) { + lexer_syntax_error(ctx->lexer, "expecting string for " + "port hash"); + } + + if (strcmp(ctx->lexer->token.s, "hash") && + strcmp(ctx->lexer->token.s, "random")) { + lexer_syntax_error(ctx->lexer, "Invalid value for " + "port hash"); + } + + cn->port_range.port_hash = xstrdup(ctx->lexer->token.s); + lexer_get(ctx->lexer); + } } else { cn->port_range.port_hi = 0; + + if (lexer_match(ctx->lexer, LEX_T_COMMA)) { + if (ctx->lexer->token.type != LEX_T_ID) { + lexer_syntax_error(ctx->lexer, "expecting string for " + "port hash"); + } + + if (strcmp(ctx->lexer->token.s, "hash") && + strcmp(ctx->lexer->token.s, "random")) { + lexer_syntax_error(ctx->lexer, "Invalid value for " + "port hash"); + } + + cn->port_range.port_hash = xstrdup(ctx->lexer->token.s); + lexer_get(ctx->lexer); + } } cn->port_range.exists = true; @@ -777,6 +811,10 @@ format_ct_nat(const struct ovnact_ct_nat *cn, const char *name, struct ds *s) if (cn->port_range.port_hi) { ds_put_format(s, "-%d", cn->port_range.port_hi); } + + if (cn->port_range.port_hash) { + ds_put_format(s, ",%s", cn->port_range.port_hash); + } ds_put_char(s, ')'); } @@ -843,8 +881,17 @@ encode_ct_nat(const struct ovnact_ct_nat *cn, } if (cn->port_range.exists) { - nat->range.proto.min = cn->port_range.port_lo; - nat->range.proto.max = cn->port_range.port_hi; + const char *port_hash = cn->port_range.port_hash; + nat->range.proto.min = cn->port_range.port_lo; + nat->range.proto.max = cn->port_range.port_hi; + + if (port_hash) { + if (!strcmp(port_hash, "hash")) { + nat->flags |= NX_NAT_F_PROTO_HASH; + } else { + nat->flags |= NX_NAT_F_PROTO_RANDOM; + } + } } ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset); diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index db14909..2d8bc8b 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9601,6 +9601,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); + if (nat->external_port_hash[0]) { + ds_put_format(&actions, ",%s", + nat->external_port_hash); + } } ds_put_format(&actions, ");"); } @@ -9638,6 +9642,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); + if (nat->external_port_hash[0]) { + ds_put_format(&actions, ",%s", + nat->external_port_hash); + } } ds_put_format(&actions, ");"); } @@ -9755,6 +9763,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); + if (nat->external_port_hash[0]) { + ds_put_format(&actions, ",%s", + nat->external_port_hash); + } } ds_put_format(&actions, ");"); } @@ -9804,6 +9816,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); + if (nat->external_port_hash[0]) { + ds_put_format(&actions, ",%s", + nat->external_port_hash); + } } ds_put_format(&actions, ");"); } diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 99a9204..960ce00 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -2010,3 +2010,34 @@ ovn-nbctl --wait=sb set NB_Global . options:ignore_lsp_down=true AT_CHECK([ovn-sbctl lflow-list | grep arp | grep 10\.0\.0\.1], [0], [ignore]) AT_CLEANUP + +AT_SETUP([ovn -- Port Range and Hash in NAT entries]) +AT_SKIP_IF([test $HAVE_PYTHON = no]) +ovn_start + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lr0-public 00:00:01:01:02:04 192.168.2.1/24 +ovn-nbctl lrp-add lr0 lr0-join 00:00:01:01:02:04 10.10.0.1/24 + +ovn-nbctl set logical_router lr0 options:chassis=ch1 + +ovn-nbctl --portrange lr-nat-add lr0 snat 192.168.2.1 10.0.0.0/24 1-1000 hash +ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 192.168.2.4 10.0.0.4 1100-2000 random +ovn-nbctl --portrange lr-nat-add lr0 dnat 192.168.2.5 10.0.0.5 2100-3000 + +ovn-sbctl dump-flows lr0 + +AT_CHECK([ovn-sbctl dump-flows lr0 | grep lr_out_snat | \ +grep "ct_snat(192.168.2.1,1-1000,hash)" | wc -l], [0], [1 +]) +AT_CHECK([ovn-sbctl dump-flows lr0 | grep lr_in_dnat | \ +grep "ct_dnat(10.0.0.4,1100-2000,random)" | wc -l], [0], [1 +]) +AT_CHECK([ovn-sbctl dump-flows lr0 | grep lr_out_snat | \ +grep "ct_snat(192.168.2.4,1100-2000,random)" | wc -l], [0], [1 +]) +AT_CHECK([ovn-sbctl dump-flows lr0 | grep lr_in_dnat | \ +grep "ct_dnat(10.0.0.5,2100-3000)" | wc -l], [0], [1 +]) + +AT_CLEANUP diff --git a/tests/ovn.at b/tests/ovn.at index 41fe577..75b79b0 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1123,6 +1123,22 @@ ct_dnat(192.168.1.2, 1-3000); formats as ct_dnat(192.168.1.2,1-3000); encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1-3000)) has prereqs ip +ct_dnat(192.168.1.2, 1000); + formats as ct_dnat(192.168.1.2,1000); + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1000)) + has prereqs ip +ct_dnat(192.168.1.2, 1-3000, hash); + formats as ct_dnat(192.168.1.2,1-3000,hash); + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1-3000,hash)) + has prereqs ip +ct_dnat(192.168.1.2, 1-3000, random); + formats as ct_dnat(192.168.1.2,1-3000,random); + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1-3000,random)) + has prereqs ip +ct_dnat(192.168.1.2, 1000, hash); + formats as ct_dnat(192.168.1.2,1000,hash); + encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1000,hash)) + has prereqs ip ct_dnat(192.168.1.2, 192.168.1.3); Syntax error at `192.168.1.3' expecting Integer for port range. @@ -1136,12 +1152,20 @@ ct_dnat(192.168.1.2, foo); Syntax error at `foo' expecting Integer for port range. ct_dnat(192.168.1.2, 1000-foo); Syntax error at `foo' expecting Integer for port range. -ct_dnat(192.168.1.2, 1000); - formats as ct_dnat(192.168.1.2,1000); - encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1000)) - has prereqs ip ct_dnat(192.168.1.2, 1000-100); Syntax error at `100' range high should be greater than range low. +ct_dnat(192.168.1.2, hash); + Syntax error at `hash' expecting Integer for port range. +ct_dnat(192.168.1.2, random); + Syntax error at `random' expecting Integer for port range. +ct_dnat(192.168.1.2, 192.168.1.3, hash); + Syntax error at `192.168.1.3' expecting Integer for port range. +ct_dnat(192.168.1.2, foo, hash); + Syntax error at `foo' expecting Integer for port range. +ct_dnat(192.168.1.2, 1000-foo, hash); + Syntax error at `foo' expecting Integer for port range. +ct_dnat(192.168.1.2, 1000-100, hash); + Syntax error at `100' range high should be greater than range low. # ct_snat ct_snat; @@ -1157,6 +1181,22 @@ ct_snat(192.168.1.2, 1-3000); formats as ct_snat(192.168.1.2,1-3000); encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1-3000)) has prereqs ip +ct_snat(192.168.1.2, 1000); + formats as ct_snat(192.168.1.2,1000); + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1000)) + has prereqs ip +ct_snat(192.168.1.2, 1-3000, hash); + formats as ct_snat(192.168.1.2,1-3000,hash); + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1-3000,hash)) + has prereqs ip +ct_snat(192.168.1.2, 1-3000, random); + formats as ct_snat(192.168.1.2,1-3000,random); + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1-3000,random)) + has prereqs ip +ct_snat(192.168.1.2, 1000, hash); + formats as ct_snat(192.168.1.2,1000,hash); + encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1000,hash)) + has prereqs ip ct_snat(192.168.1.2, 192.168.1.3); Syntax error at `192.168.1.3' expecting Integer for port range. @@ -1170,12 +1210,22 @@ ct_snat(192.168.1.2, foo); Syntax error at `foo' expecting Integer for port range. ct_snat(192.168.1.2, 1000-foo); Syntax error at `foo' expecting Integer for port range. -ct_snat(192.168.1.2, 1000); - formats as ct_snat(192.168.1.2,1000); - encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1000)) - has prereqs ip ct_snat(192.168.1.2, 1000-100); Syntax error at `100' range high should be greater than range low. +ct_snat(192.168.1.2, hash); + Syntax error at `hash' expecting Integer for port range. +ct_snat(192.168.1.2, random); + Syntax error at `random' expecting Integer for port range. +ct_snat(192.168.1.2, 192.168.1.3, hash); + Syntax error at `192.168.1.3' expecting Integer for port range. +ct_snat(192.168.1.2, foo, hash); + Syntax error at `foo' expecting Integer for port range. +ct_snat(192.168.1.2, 1000-foo, hash); + Syntax error at `foo' expecting Integer for port range. +ct_snat(192.168.1.2, 1000-100, hash); + Syntax error at `100' range high should be greater than range low. + + # ct_clear ct_clear; encodes as ct_clear