[ovs-dev] [PATCH 1/2] ovn-northd: Store name of the logical flow stage in external-ids.

Alex Wang alexw at nicira.com
Thu Aug 13 05:12:34 UTC 2015


Acked-by: Alex Wang <alexw at nicira.com>

On Wed, Aug 12, 2015 at 6:02 PM, Justin Pettit <jpettit at nicira.com> wrote:

> This will be useful in a future commit.
>
> It also introduces #define's for logical stages instead of in-place
> constants.
>
> Signed-off-by: Justin Pettit <jpettit at nicira.com>
> ---
>  ovn/northd/ovn-northd.c |   86
> ++++++++++++++++++++++++++++++++++++++++------
>  ovn/ovn-sb.ovsschema    |    5 ++-
>  ovn/ovn-sb.xml          |   11 ++++++
>  3 files changed, 89 insertions(+), 13 deletions(-)
>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index 796070f..d70ba39 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -54,6 +54,35 @@ static const char *ovnsb_db;
>
>  static const char *default_db(void);
>
> +
> +/* Ingress pipeline stages.
> + *
> + * These must be listed in the order that the stages will be executed. */
> +#define INGRESS_STAGES                         \
> +    INGRESS_STAGE(PORT_SEC, port_sec)          \
> +    INGRESS_STAGE(L2_LKUP, l2_lkup)
> +
> +enum ingress_stage {
> +#define INGRESS_STAGE(NAME, STR) S_IN_##NAME,
> +    INGRESS_STAGES
> +#undef INGRESS_STAGE
> +    INGRESS_N_STAGES
> +};
> +
> +/* Egress pipeline stages.
> + *
> + * These must be listed in the order that the stages will be executed. */
> +#define EGRESS_STAGES                         \
> +    EGRESS_STAGE(ACL, acl)                    \
> +    EGRESS_STAGE(PORT_SEC, port_sec)
> +
> +enum egress_stage {
> +#define EGRESS_STAGE(NAME, STR) S_OUT_##NAME,
> +    EGRESS_STAGES
> +#undef EGRESS_STAGE
> +    EGRESS_N_STAGES
> +};
> +
>  static void
>  usage(void)
>  {
> @@ -596,6 +625,26 @@ ovn_lflow_init(struct ovn_lflow *lflow, struct
> ovn_datapath *od,
>      lflow->actions = actions;
>  }
>
> +static const char *
> +ingress_stage_to_str(int stage) {
> +    switch (stage) {
> +#define INGRESS_STAGE(NAME, STR) case S_IN_##NAME: return #STR;
> +    INGRESS_STAGES
> +#undef INGRESS_STAGE
> +        default: return "<unknown>";
> +    }
> +}
> +
> +static const char *
> +egress_stage_to_str(int stage) {
> +    switch (stage) {
> +#define EGRESS_STAGE(NAME, STR) case S_OUT_##NAME: return #STR;
> +    EGRESS_STAGES
> +#undef EGRESS_STAGE
> +        default: return "<unknown>";
> +    }
> +}
> +
>  /* Adds a row with the specified contents to the Logical_Flow table. */
>  static void
>  ovn_lflow_add(struct hmap *lflow_map, struct ovn_datapath *od,
> @@ -687,16 +736,18 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>      struct ovn_datapath *od;
>      HMAP_FOR_EACH (od, key_node, datapaths) {
>          /* Logical VLANs not supported. */
> -        ovn_lflow_add(&lflows, od, P_IN, 0, 100, "vlan.present", "drop;");
> +        ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 100,
> "vlan.present",
> +                      "drop;");
>
>          /* Broadcast/multicast source address is invalid. */
> -        ovn_lflow_add(&lflows, od, P_IN, 0, 100, "eth.src[40]", "drop;");
> +        ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 100,
> "eth.src[40]",
> +                      "drop;");
>
>          /* Port security flows have priority 50 (see below) and will
> continue
>           * to the next table if packet source is acceptable. */
>
>          /* Otherwise drop the packet. */
> -        ovn_lflow_add(&lflows, od, P_IN, 0, 0, "1", "drop;");
> +        ovn_lflow_add(&lflows, od, P_IN, S_IN_PORT_SEC, 0, "1", "drop;");
>      }
>
>      /* Ingress table 0: Ingress port security (priority 50). */
> @@ -708,7 +759,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>          build_port_security("eth.src",
>                              op->nb->port_security,
> op->nb->n_port_security,
>                              &match);
> -        ovn_lflow_add(&lflows, op->od, P_IN, 0, 50, ds_cstr(&match),
> +        ovn_lflow_add(&lflows, op->od, P_IN, S_IN_PORT_SEC, 50,
> ds_cstr(&match),
>                        lport_is_enabled(op->nb) ? "next;" : "drop;");
>          ds_destroy(&match);
>      }
> @@ -721,7 +772,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>          }
>      }
>      HMAP_FOR_EACH (od, key_node, datapaths) {
> -        ovn_lflow_add(&lflows, od, P_IN, 1, 100, "eth.dst[40]",
> +        ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 100, "eth.dst[40]",
>                        "outport = \""MC_FLOOD"\"; output;");
>      }
>
> @@ -740,7 +791,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>                  ds_put_cstr(&actions, "outport = ");
>                  json_string_escape(op->nb->name, &actions);
>                  ds_put_cstr(&actions, "; output;");
> -                ovn_lflow_add(&lflows, op->od, P_IN, 1, 50,
> +                ovn_lflow_add(&lflows, op->od, P_IN, S_IN_L2_LKUP, 50,
>                                ds_cstr(&match), ds_cstr(&actions));
>                  ds_destroy(&actions);
>                  ds_destroy(&match);
> @@ -759,7 +810,7 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>      /* Ingress table 1: Destination lookup for unknown MACs (priority 0).
> */
>      HMAP_FOR_EACH (od, key_node, datapaths) {
>          if (od->has_unknown) {
> -            ovn_lflow_add(&lflows, od, P_IN, 1, 0, "1",
> +            ovn_lflow_add(&lflows, od, P_IN, S_IN_L2_LKUP, 0, "1",
>                            "outport = \""MC_UNKNOWN"\"; output;");
>          }
>      }
> @@ -773,18 +824,19 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>              action = (!strcmp(acl->action, "allow") ||
>                        !strcmp(acl->action, "allow-related"))
>                  ? "next;" : "drop;";
> -            ovn_lflow_add(&lflows, od, P_OUT, 0, acl->priority,
> acl->match,
> -                          action);
> +            ovn_lflow_add(&lflows, od, P_OUT, S_OUT_ACL, acl->priority,
> +                          acl->match, action);
>          }
>      }
>      HMAP_FOR_EACH (od, key_node, datapaths) {
> -        ovn_lflow_add(&lflows, od, P_OUT, 0, 0, "1", "next;");
> +        ovn_lflow_add(&lflows, od, P_OUT, S_OUT_ACL, 0, "1", "next;");
>      }
>
>      /* Egress table 1: Egress port security multicast/broadcast (priority
>       * 100). */
>      HMAP_FOR_EACH (od, key_node, datapaths) {
> -        ovn_lflow_add(&lflows, od, P_OUT, 1, 100, "eth.dst[40]",
> "output;");
> +        ovn_lflow_add(&lflows, od, P_OUT, S_OUT_PORT_SEC, 100,
> "eth.dst[40]",
> +                      "output;");
>      }
>
>      /* Egress table 1: Egress port security (priority 50). */
> @@ -798,7 +850,8 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>                              op->nb->port_security,
> op->nb->n_port_security,
>                              &match);
>
> -        ovn_lflow_add(&lflows, op->od, P_OUT, 1, 50, ds_cstr(&match),
> +        ovn_lflow_add(&lflows, op->od, P_OUT, S_OUT_PORT_SEC, 50,
> +                      ds_cstr(&match),
>                        lport_is_enabled(op->nb) ? "output;" : "drop;");
>
>          ds_destroy(&match);
> @@ -834,6 +887,15 @@ build_lflows(struct northd_context *ctx, struct hmap
> *datapaths,
>          sbrec_logical_flow_set_priority(sbflow, lflow->priority);
>          sbrec_logical_flow_set_match(sbflow, lflow->match);
>          sbrec_logical_flow_set_actions(sbflow, lflow->actions);
> +
> +        struct smap external_ids = SMAP_INITIALIZER(&external_ids);
> +        smap_add(&external_ids, "stage-name",
> +                 lflow->pipeline == P_IN ?
> +                  ingress_stage_to_str(lflow->table_id) :
> +                  egress_stage_to_str(lflow->table_id));
> +        sbrec_logical_flow_set_external_ids(sbflow, &external_ids);
> +        smap_destroy(&external_ids);
> +
>          ovn_lflow_destroy(&lflows, lflow);
>      }
>      hmap_destroy(&lflows);
> diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema
> index 9ee7431..1ffd1b4 100644
> --- a/ovn/ovn-sb.ovsschema
> +++ b/ovn/ovn-sb.ovsschema
> @@ -36,7 +36,10 @@
>                                                "minInteger": 0,
>                                                "maxInteger": 65535}}},
>                  "match": {"type": "string"},
> -                "actions": {"type": "string"}},
> +                "actions": {"type": "string"},
> +                "external_ids": {
> +                    "type": {"key": "string", "value": "string",
> +                             "min": 0, "max": "unlimited"}}},
>              "isRoot": true},
>          "Multicast_Group": {
>              "columns": {
> diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
> index 7defad9..57e9689 100644
> --- a/ovn/ovn-sb.xml
> +++ b/ovn/ovn-sb.xml
> @@ -755,6 +755,17 @@
>          <dd>generate ARP from packet, execute <var>action</var>s</dd>
>        </dl>
>      </column>
> +
> +    <column name="external_ids" key="stage-name">
> +      Human-readable name for this flow's stage in the pipeline.
> +    </column>
> +
> +    <group title="Common Columns">
> +      The overall purpose of these columns is described under <code>Common
> +      Columns</code> at the beginning of this document.
> +
> +      <column name="external_ids"/>
> +    </group>
>    </table>
>
>    <table name="Multicast_Group" title="Logical Port Multicast Groups">
> --
> 1.7.5.4
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>



More information about the dev mailing list