Acked-by: Alex Wang <al...@nicira.com>
On Wed, Aug 12, 2015 at 6:02 PM, Justin Pettit <jpet...@nicira.com> wrote:
> This will be useful in a future commit.
>
> It also introduces #define's for logical stages instead of in-place
> constants.
>
> Signed-off-by: Justin Pettit <jpet...@nicira.com>
> ---
> ovn/northd/ovn-northd.c | 86
> ++++++++++++++++++++++++++++++++++++++++------
> ovn/ovn-sb.ovsschema | 5 ++-
> ovn/ovn-sb.xml | 11 ++++++
> 3 files changed, 89 insertions(+), 13 deletions(-)
>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index 796070f..d70ba39 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -54,6 +54,35 @@ static const char *ovnsb_db;
>
> static const char *default_db(void);
>
> +
> +/* Ingress pipeline stages.
> + *
> + * These must be listed in the order that the stages will be executed. */
> +#define INGRESS_STAGES \
> + INGRESS_STAGE(PORT_SEC, port_sec) \
> + INGRESS_STAGE(L2_LKUP, l2_lkup)
> +
> +enum ingress_stage {
> +#define INGRESS_STAGE(NAME, STR) S_IN_##NAME,
> + INGRESS_STAGES
> +#undef INGRESS_STAGE
> + INGRESS_N_STAGES
> +};
> +
> +/* Egress pipeline stages.
> + *
> + * These must be listed in the order that the stages will be executed. */
> +#define EGRESS_STAGES \
> + EGRESS_STAGE(ACL, acl) \
> + EGRESS_STAGE(PORT_SEC, port_sec)
> +
> +enum egress_stage {
> +#define EGRESS_STAGE(NAME, STR) S_OUT_##NAME,
> + EGRESS_STAGES
> +#undef EGRESS_STAGE
> + EGRESS_N_STAGES
> +};
> +
> static void
> usage(void)
> {
> @@ -596,6 +625,26 @@ ovn_lflow_init(struct ovn_lflow *lflow, struct
> ovn_datapath *od,
> lflow->actions = actions;
> }
>
> +static const char *
> +ingress_stage_to_str(int stage) {
> + switch (stage) {
> +#define INGRESS_STAGE(NAME, STR) case S_IN_##NAME: return #STR;
> + INGRESS_STAGES
> +#undef INGRESS_STAGE
> + default: return "<unknown>";
> + }
> +}
> +
> +static const char *
> +egress_stage_to_str(int stage) {
> + switch (stage) {
> +#define EGRESS_STAGE(NAME, STR) case S_OUT_##NAME: return #STR;
> + EGRESS_STAGES
> +#undef EGRESS_STAGE
> + default: return "<unknown>";
> + }
> +}
> +
> /* Adds a row with the specified contents to the Logical_Flow table. */
> static void
> ovn_lflow_add(struct hmap *lflow_map, struct ovn_datapath *od,
> @@ -687,16 +736,18 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> struct ovn_datapath *od;
> HMAP_FOR_EACH (od, key_node, datapaths) {
> /* Logical VLANs not supported. */
> - ovn_lflow_add(&lflows, od, P_IN, 0, 100, "vlan.present", "drop;");
> + ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 100,
> "vlan.present",
> + "drop;");
>
> /* Broadcast/multicast source address is invalid. */
> - ovn_lflow_add(&lflows, od, P_IN, 0, 100, "eth.src[40]", "drop;");
> + ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 100,
> "eth.src[40]",
> + "drop;");
>
> /* Port security flows have priority 50 (see below) and will
> continue
> * to the next table if packet source is acceptable. */
>
> /* Otherwise drop the packet. */
> - ovn_lflow_add(&lflows, od, P_IN, 0, 0, "1", "drop;");
> + ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 0, "1", "drop;");
> }
>
> /* Ingress table 0: Ingress port security (priority 50). */
> @@ -708,7 +759,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> build_port_security("eth.src",
> op->nb->port_security,
> op->nb->n_port_security,
> &match);
> - ovn_lflow_add(&lflows, op->od, P_IN, 0, 50, ds_cstr(&match),
> + ovn_lflow_add(&lflows, op->od, P_IN, S_IN_PORT_SEC, 50,
> ds_cstr(&match),
> lport_is_enabled(op->nb) ? "next;" : "drop;");
> ds_destroy(&match);
> }
> @@ -721,7 +772,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> }
> }
> HMAP_FOR_EACH (od, key_node, datapaths) {
> - ovn_lflow_add(&lflows, od, P_IN, 1, 100, "eth.dst[40]",
> + ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 100, "eth.dst[40]",
> "outport = \""MC_FLOOD"\"; output;");
> }
>
> @@ -740,7 +791,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> ds_put_cstr(&actions, "outport = ");
> json_string_escape(op->nb->name, &actions);
> ds_put_cstr(&actions, "; output;");
> - ovn_lflow_add(&lflows, op->od, P_IN, 1, 50,
> + ovn_lflow_add(&lflows, op->od, P_IN, S_IN_L2_LKUP, 50,
> ds_cstr(&match), ds_cstr(&actions));
> ds_destroy(&actions);
> ds_destroy(&match);
> @@ -759,7 +810,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> /* Ingress table 1: Destination lookup for unknown MACs (priority 0).
> */
> HMAP_FOR_EACH (od, key_node, datapaths) {
> if (od->has_unknown) {
> - ovn_lflow_add(&lflows, od, P_IN, 1, 0, "1",
> + ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 0, "1",
> "outport = \""MC_UNKNOWN"\"; output;");
> }
> }
> @@ -773,18 +824,19 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> action = (!strcmp(acl->action, "allow") ||
> !strcmp(acl->action, "allow-related"))
> ? "next;" : "drop;";
> - ovn_lflow_add(&lflows, od, P_OUT, 0, acl->priority,
> acl->match,
> - action);
> + ovn_lflow_add(&lflows, od, P_OUT, S_OUT_ACL, acl->priority,
> + acl->match, action);
> }
> }
> HMAP_FOR_EACH (od, key_node, datapaths) {
> - ovn_lflow_add(&lflows, od, P_OUT, 0, 0, "1", "next;");
> + ovn_lflow_add(&lflows, od, P_OUT, S_OUT_ACL, 0, "1", "next;");
> }
>
> /* Egress table 1: Egress port security multicast/broadcast (priority
> * 100). */
> HMAP_FOR_EACH (od, key_node, datapaths) {
> - ovn_lflow_add(&lflows, od, P_OUT, 1, 100, "eth.dst[40]",
> "output;");
> + ovn_lflow_add(&lflows, od, P_OUT, S_OUT_PORT_SEC, 100,
> "eth.dst[40]",
> + "output;");
> }
>
> /* Egress table 1: Egress port security (priority 50). */
> @@ -798,7 +850,8 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> op->nb->port_security,
> op->nb->n_port_security,
> &match);
>
> - ovn_lflow_add(&lflows, op->od, P_OUT, 1, 50, ds_cstr(&match),
> + ovn_lflow_add(&lflows, op->od, P_OUT, S_OUT_PORT_SEC, 50,
> + ds_cstr(&match),
> lport_is_enabled(op->nb) ? "output;" : "drop;");
>
> ds_destroy(&match);
> @@ -834,6 +887,15 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
> sbrec_logical_flow_set_priority(sbflow, lflow->priority);
> sbrec_logical_flow_set_match(sbflow, lflow->match);
> sbrec_logical_flow_set_actions(sbflow, lflow->actions);
> +
> + struct smap external_ids = SMAP_INITIALIZER(&external_ids);
> + smap_add(&external_ids, "stage-name",
> + lflow->pipeline == P_IN ?
> + ingress_stage_to_str(lflow->table_id) :
> + egress_stage_to_str(lflow->table_id));
> + sbrec_logical_flow_set_external_ids(sbflow, &external_ids);
> + smap_destroy(&external_ids);
> +
> ovn_lflow_destroy(&lflows, lflow);
> }
> hmap_destroy(&lflows);
> diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema
> index 9ee7431..1ffd1b4 100644
> --- a/ovn/ovn-sb.ovsschema
> +++ b/ovn/ovn-sb.ovsschema
> @@ -36,7 +36,10 @@
> "minInteger": 0,
> "maxInteger": 65535}}},
> "match": {"type": "string"},
> - "actions": {"type": "string"}},
> + "actions": {"type": "string"},
> + "external_ids": {
> + "type": {"key": "string", "value": "string",
> + "min": 0, "max": "unlimited"}}},
> "isRoot": true},
> "Multicast_Group": {
> "columns": {
> diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
> index 7defad9..57e9689 100644
> --- a/ovn/ovn-sb.xml
> +++ b/ovn/ovn-sb.xml
> @@ -755,6 +755,17 @@
> <dd>generate ARP from packet, execute <var>action</var>s</dd>
> </dl>
> </column>
> +
> + <column name="external_ids" key="stage-name">
> + Human-readable name for this flow's stage in the pipeline.
> + </column>
> +
> + <group title="Common Columns">
> + The overall purpose of these columns is described under <code>Common
> + Columns</code> at the beginning of this document.
> +
> + <column name="external_ids"/>
> + </group>
> </table>
>
> <table name="Multicast_Group" title="Logical Port Multicast Groups">
> --
> 1.7.5.4
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
