[ovs-dev] [PATCH 3/5] ovn: extend ovn-nbctl acl-add to take acl_options
Flavio Fernandes
flavio at flaviof.com
Sun Nov 6 09:42:09 UTC 2016
With this change, the newly added options column can be set as
part of the acl creation. Example:
ovn-nbctl acl-add sw0 from-lport 1000 \
'inport == "sw0-port2"' sfc 'sfc-port-chain=chain1 foo=bar'
Reported-at: http://openvswitch.org/pipermail/discuss/2016-March/020628.html
Reported-at: http://openvswitch.org/pipermail/discuss/2016-May/thread.html#21201
Co-authored-by: John McDowall <jmcdowall at paloaltonetworks.com>
Signed-off-by: Flavio Fernandes <flavio at flaviof.com>
---
ovn/utilities/ovn-nbctl.c | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index b45bc08..c1283c7 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -324,7 +324,7 @@ Logical switch commands:\n\
ls-list print the names of all logical switches\n\
\n\
ACL commands:\n\
- acl-add SWITCH DIRECTION PRIORITY MATCH ACTION [log]\n\
+ acl-add SWITCH DIRECTION PRIORITY MATCH ACTION [ACL-OPTIONS] [log]\n\
add an ACL to SWITCH\n\
acl-del SWITCH [DIRECTION [PRIORITY MATCH]]\n\
remove ACLs from SWITCH\n\
@@ -1286,6 +1286,26 @@ nbctl_acl_add(struct ctl_context *ctx)
return;
}
+ /* Validate ACL Options, if there were any provided. */
+ struct smap acl_options = SMAP_INITIALIZER(&acl_options);
+ if (ctx->argc >= 7) {
+ struct sset acl_options_set;
+ sset_from_delimited_string(&acl_options_set, ctx->argv[6], " ");
+
+ const char *acl_option_tuple;
+ SSET_FOR_EACH (acl_option_tuple, &acl_options_set) {
+ char *key, *value;
+ value = xstrdup(acl_option_tuple);
+ key = strsep(&value, "=");
+ if (value) {
+ smap_add(&acl_options, key, value);
+ }
+ free(key);
+ }
+
+ sset_destroy(&acl_options_set);
+ }
+
/* Create the acl. */
struct nbrec_acl *acl = nbrec_acl_insert(ctx->txn);
nbrec_acl_set_priority(acl, priority);
@@ -1295,6 +1315,9 @@ nbctl_acl_add(struct ctl_context *ctx)
if (shash_find(&ctx->options, "--log") != NULL) {
nbrec_acl_set_log(acl, true);
}
+ if (! smap_is_empty(&acl_options)) {
+ nbrec_acl_set_options(acl, &acl_options);
+ }
/* Insert the acl into the logical switch. */
nbrec_logical_switch_verify_acls(ls);
@@ -1303,6 +1326,8 @@ nbctl_acl_add(struct ctl_context *ctx)
new_acls[ls->n_acls] = acl;
nbrec_logical_switch_set_acls(ls, new_acls, ls->n_acls + 1);
free(new_acls);
+
+ smap_destroy(&acl_options);
}
static void
@@ -2911,7 +2936,7 @@ static const struct ctl_command_syntax nbctl_commands[] = {
{ "ls-list", 0, 0, "", NULL, nbctl_ls_list, NULL, "", RO },
/* acl commands. */
- { "acl-add", 5, 5, "SWITCH DIRECTION PRIORITY MATCH ACTION", NULL,
+ { "acl-add", 5, 6, "SWITCH DIRECTION PRIORITY MATCH ACTION [ACL-OPTIONS]", NULL,
nbctl_acl_add, NULL, "--log", RW },
{ "acl-del", 1, 4, "SWITCH [DIRECTION [PRIORITY MATCH]]", NULL,
nbctl_acl_del, NULL, "", RW },
--
2.7.4
More information about the dev
mailing list