From f3e24610ea18eb873dc860f1710432e9aacd27fd Mon Sep 17 00:00:00 2001
From: Mark Michelson
Date: Fri, 6 Sep 2019 10:33:03 -0400
Subject: [PATCH] Remove OVN.
OVN is separated into its own repo. This commit removes the OVN source,
OVN tests, and OVN documentation. It also removes mentions of OVN from
most documentation. The only place where OVN has been left is in
changelogs/NEWS, since we shouldn't mess with the history of the
project.
There is an exception here. The ovsdb-cluster tests rely on ovn-nbctl
and ovn-sbctl to run. Therefore those ovn utilities, as well as their
dependencies remain in the repo with this commit.
Acked-by: Numan Siddique
Signed-off-by: Mark Michelson
Signed-off-by: Ben Pfaff
---
Documentation/automake.mk | 12 -
Documentation/faq/index.rst | 1 -
Documentation/faq/ovn.rst | 90 -
Documentation/howto/docker.rst | 326 -
Documentation/howto/firewalld.rst | 107 -
Documentation/howto/index.rst | 9 -
Documentation/howto/openstack-containers.rst | 135 -
Documentation/index.rst | 20 +-
Documentation/intro/install/fedora.rst | 12 -
Documentation/intro/install/index.rst | 8 -
Documentation/intro/install/ovn-upgrades.rst | 115 -
Documentation/ref/ovs-sim.1.rst | 100 -
Documentation/topics/high-availability.rst | 440 -
Documentation/topics/index.rst | 18 +-
Documentation/topics/ovn-news-2.8.rst | 278 -
.../topics/role-based-access-control.rst | 101 -
Documentation/tutorials/index.rst | 7 +-
Documentation/tutorials/ovn-ipsec.rst | 146 -
Documentation/tutorials/ovn-openstack.rst | 1922 --
Documentation/tutorials/ovn-rbac.rst | 134 -
Documentation/tutorials/ovn-sandbox.rst | 177 -
NEWS | 5 +-
configure.ac | 2 -
debian/.gitignore | 5 -
debian/automake.mk | 22 -
debian/control | 78 -
debian/ovn-central.dirs | 1 -
debian/ovn-central.init | 60 -
debian/ovn-central.install | 3 -
debian/ovn-central.manpages | 1 -
debian/ovn-central.postinst | 49 -
debian/ovn-central.postrm | 48 -
debian/ovn-central.template | 5 -
debian/ovn-common.install | 7 -
debian/ovn-common.manpages | 8 -
debian/ovn-common.postinst | 24 -
debian/ovn-common.postrm | 23 -
debian/ovn-controller-vtep.init | 54 -
debian/ovn-controller-vtep.install | 1 -
debian/ovn-controller-vtep.manpages | 1 -
debian/ovn-docker.install | 2 -
debian/ovn-host.dirs | 1 -
debian/ovn-host.init | 54 -
debian/ovn-host.install | 1 -
debian/ovn-host.manpages | 1 -
debian/ovn-host.postinst | 49 -
debian/ovn-host.postrm | 44 -
debian/ovn-host.template | 5 -
debian/rules | 6 -
include/automake.mk | 1 -
include/ovn/actions.h | 622 -
include/ovn/automake.mk | 6 -
include/ovn/expr.h | 518 -
include/ovn/lex.h | 152 -
include/ovn/logical-fields.h | 130 -
lib/db-ctl-base.xml | 12 +-
manpages.mk | 10 -
ovn/TODO.rst | 147 -
ovn/automake.mk | 10 -
ovn/controller-vtep/.gitignore | 2 -
ovn/controller-vtep/automake.mk | 14 -
ovn/controller-vtep/binding.c | 274 -
ovn/controller-vtep/binding.h | 27 -
ovn/controller-vtep/gateway.c | 230 -
ovn/controller-vtep/gateway.h | 26 -
ovn/controller-vtep/ovn-controller-vtep.8.xml | 80 -
ovn/controller-vtep/ovn-controller-vtep.c | 272 -
ovn/controller-vtep/ovn-controller-vtep.h | 51 -
ovn/controller-vtep/vtep.c | 600 -
ovn/controller-vtep/vtep.h | 27 -
ovn/controller/.gitignore | 2 -
ovn/controller/automake.mk | 32 -
ovn/controller/bfd.c | 268 -
ovn/controller/bfd.h | 41 -
ovn/controller/binding.c | 764 -
ovn/controller/binding.h | 57 -
ovn/controller/chassis.c | 671 -
ovn/controller/chassis.h | 46 -
ovn/controller/encaps.c | 409 -
ovn/controller/encaps.h | 48 -
ovn/controller/ha-chassis.c | 203 -
ovn/controller/ha-chassis.h | 50 -
ovn/controller/ip-mcast.c | 164 -
ovn/controller/ip-mcast.h | 52 -
ovn/controller/lflow.c | 898 -
ovn/controller/lflow.h | 184 -
ovn/controller/lport.c | 102 -
ovn/controller/lport.h | 52 -
ovn/controller/ofctrl.c | 1393 --
ovn/controller/ofctrl.h | 87 -
ovn/controller/ovn-controller.8.xml | 456 -
ovn/controller/ovn-controller.c | 2366 ---
ovn/controller/ovn-controller.h | 85 -
ovn/controller/patch.c | 273 -
ovn/controller/patch.h | 42 -
ovn/controller/physical.c | 1459 --
ovn/controller/physical.h | 74 -
ovn/controller/pinctrl.c | 4342 -----
ovn/controller/pinctrl.h | 51 -
ovn/lib/actions.c | 2902 ---
ovn/lib/automake.mk | 15 -
ovn/lib/chassis-index.c | 67 -
ovn/lib/chassis-index.h | 30 -
ovn/lib/expr.c | 3450 ----
ovn/lib/extend-table.c | 208 -
ovn/lib/extend-table.h | 82 -
ovn/lib/inc-proc-eng.c | 201 -
ovn/lib/inc-proc-eng.h | 234 -
ovn/lib/ip-mcast-index.c | 40 -
ovn/lib/ip-mcast-index.h | 36 -
ovn/lib/lex.c | 1023 --
ovn/lib/logical-fields.c | 261 -
ovn/lib/mcast-group-index.c | 43 -
ovn/lib/mcast-group-index.h | 32 -
ovn/lib/ovn-l7.h | 322 -
ovn/northd/.gitignore | 2 -
ovn/northd/automake.mk | 10 -
ovn/northd/ovn-northd.8.xml | 2544 ---
ovn/northd/ovn-northd.c | 9446 ----------
ovn/ovn-architecture.7.xml | 2074 ---
ovn/utilities/automake.mk | 42 +-
ovn/utilities/bugtool/automake.mk | 9 -
ovn/utilities/bugtool/ovn-bugtool-nbctl-show | 19 -
.../bugtool/ovn-bugtool-sbctl-lflow-list | 19 -
ovn/utilities/bugtool/ovn-bugtool-sbctl-show | 19 -
.../bugtool/plugins/network-status/ovn.xml | 23 -
ovn/utilities/ovn-ctl | 822 -
ovn/utilities/ovn-ctl.8.xml | 215 -
ovn/utilities/ovn-detrace.1.in | 38 -
ovn/utilities/ovn-detrace.in | 215 -
ovn/utilities/ovn-docker-overlay-driver.in | 442 -
ovn/utilities/ovn-docker-underlay-driver.in | 677 -
ovn/utilities/ovn-trace.8.xml | 485 -
ovn/utilities/ovn-trace.c | 2373 ---
ovn/utilities/ovndb-servers.ocf | 642 -
ovsdb/ovsdb-tool.1.in | 23 +-
rhel/automake.mk | 16 +-
rhel/ovn-fedora.spec.in | 432 -
..._services_ovn-central-firewall-service.xml | 7 -
...lld_services_ovn-host-firewall-service.xml | 6 -
...systemd_system_ovn-controller-vtep.service | 50 -
..._lib_systemd_system_ovn-controller.service | 34 -
.../usr_lib_systemd_system_ovn-northd.service | 35 -
tests/atlocal.in | 4 -
tests/automake.mk | 21 +-
tests/ofproto-macros.at | 2 +-
tests/oss-fuzz/automake.mk | 10 -
tests/oss-fuzz/config/expr.dict | 120 -
.../oss-fuzz/config/expr_parse_target.options | 3 -
tests/oss-fuzz/expr_parse_target.c | 464 -
tests/ovn-controller-vtep.at | 467 -
tests/ovn-controller.at | 294 -
tests/ovn-macros.at | 180 -
tests/ovn-nbctl.at | 1660 --
tests/ovn-northd.at | 900 -
tests/ovn-performance.at | 424 -
tests/ovn-sbctl.at | 150 -
tests/ovn.at | 14702 ----------------
tests/system-kmod-testsuite.at | 2 -
tests/system-ovn.at | 1667 --
tests/system-userspace-testsuite.at | 2 -
tests/test-ovn.c | 1584 --
tests/testsuite.at | 8 -
tutorial/automake.mk | 3 +-
tutorial/ovn-setup.sh | 37 -
tutorial/ovs-sandbox | 261 -
utilities/bugtool/automake.mk | 9 +-
utilities/ovs-sim.in | 237 +-
xenserver/openvswitch-xen.spec.in | 7 -
169 files changed, 47 insertions(+), 75436 deletions(-)
delete mode 100644 Documentation/faq/ovn.rst
delete mode 100644 Documentation/howto/docker.rst
delete mode 100644 Documentation/howto/firewalld.rst
delete mode 100644 Documentation/howto/openstack-containers.rst
delete mode 100644 Documentation/intro/install/ovn-upgrades.rst
delete mode 100644 Documentation/topics/high-availability.rst
delete mode 100644 Documentation/topics/ovn-news-2.8.rst
delete mode 100644 Documentation/topics/role-based-access-control.rst
delete mode 100644 Documentation/tutorials/ovn-ipsec.rst
delete mode 100644 Documentation/tutorials/ovn-openstack.rst
delete mode 100644 Documentation/tutorials/ovn-rbac.rst
delete mode 100644 Documentation/tutorials/ovn-sandbox.rst
delete mode 100644 debian/ovn-central.dirs
delete mode 100755 debian/ovn-central.init
delete mode 100644 debian/ovn-central.install
delete mode 100644 debian/ovn-central.manpages
delete mode 100755 debian/ovn-central.postinst
delete mode 100755 debian/ovn-central.postrm
delete mode 100644 debian/ovn-central.template
delete mode 100644 debian/ovn-common.install
delete mode 100644 debian/ovn-common.manpages
delete mode 100644 debian/ovn-common.postinst
delete mode 100644 debian/ovn-common.postrm
delete mode 100755 debian/ovn-controller-vtep.init
delete mode 100644 debian/ovn-controller-vtep.install
delete mode 100644 debian/ovn-controller-vtep.manpages
delete mode 100644 debian/ovn-docker.install
delete mode 100644 debian/ovn-host.dirs
delete mode 100755 debian/ovn-host.init
delete mode 100644 debian/ovn-host.install
delete mode 100644 debian/ovn-host.manpages
delete mode 100755 debian/ovn-host.postinst
delete mode 100755 debian/ovn-host.postrm
delete mode 100644 debian/ovn-host.template
delete mode 100644 include/ovn/actions.h
delete mode 100644 include/ovn/automake.mk
delete mode 100644 include/ovn/expr.h
delete mode 100644 include/ovn/lex.h
delete mode 100644 include/ovn/logical-fields.h
delete mode 100644 ovn/TODO.rst
delete mode 100644 ovn/controller-vtep/.gitignore
delete mode 100644 ovn/controller-vtep/automake.mk
delete mode 100644 ovn/controller-vtep/binding.c
delete mode 100644 ovn/controller-vtep/binding.h
delete mode 100644 ovn/controller-vtep/gateway.c
delete mode 100644 ovn/controller-vtep/gateway.h
delete mode 100644 ovn/controller-vtep/ovn-controller-vtep.8.xml
delete mode 100644 ovn/controller-vtep/ovn-controller-vtep.c
delete mode 100644 ovn/controller-vtep/ovn-controller-vtep.h
delete mode 100644 ovn/controller-vtep/vtep.c
delete mode 100644 ovn/controller-vtep/vtep.h
delete mode 100644 ovn/controller/.gitignore
delete mode 100644 ovn/controller/automake.mk
delete mode 100644 ovn/controller/bfd.c
delete mode 100644 ovn/controller/bfd.h
delete mode 100644 ovn/controller/binding.c
delete mode 100644 ovn/controller/binding.h
delete mode 100644 ovn/controller/chassis.c
delete mode 100644 ovn/controller/chassis.h
delete mode 100644 ovn/controller/encaps.c
delete mode 100644 ovn/controller/encaps.h
delete mode 100644 ovn/controller/ha-chassis.c
delete mode 100644 ovn/controller/ha-chassis.h
delete mode 100644 ovn/controller/ip-mcast.c
delete mode 100644 ovn/controller/ip-mcast.h
delete mode 100644 ovn/controller/lflow.c
delete mode 100644 ovn/controller/lflow.h
delete mode 100644 ovn/controller/lport.c
delete mode 100644 ovn/controller/lport.h
delete mode 100644 ovn/controller/ofctrl.c
delete mode 100644 ovn/controller/ofctrl.h
delete mode 100644 ovn/controller/ovn-controller.8.xml
delete mode 100644 ovn/controller/ovn-controller.c
delete mode 100644 ovn/controller/ovn-controller.h
delete mode 100644 ovn/controller/patch.c
delete mode 100644 ovn/controller/patch.h
delete mode 100644 ovn/controller/physical.c
delete mode 100644 ovn/controller/physical.h
delete mode 100644 ovn/controller/pinctrl.c
delete mode 100644 ovn/controller/pinctrl.h
delete mode 100644 ovn/lib/actions.c
delete mode 100644 ovn/lib/chassis-index.c
delete mode 100644 ovn/lib/chassis-index.h
delete mode 100644 ovn/lib/expr.c
delete mode 100644 ovn/lib/extend-table.c
delete mode 100644 ovn/lib/extend-table.h
delete mode 100644 ovn/lib/inc-proc-eng.c
delete mode 100644 ovn/lib/inc-proc-eng.h
delete mode 100644 ovn/lib/ip-mcast-index.c
delete mode 100644 ovn/lib/ip-mcast-index.h
delete mode 100644 ovn/lib/lex.c
delete mode 100644 ovn/lib/logical-fields.c
delete mode 100644 ovn/lib/mcast-group-index.c
delete mode 100644 ovn/lib/mcast-group-index.h
delete mode 100644 ovn/lib/ovn-l7.h
delete mode 100644 ovn/northd/.gitignore
delete mode 100644 ovn/northd/automake.mk
delete mode 100644 ovn/northd/ovn-northd.8.xml
delete mode 100644 ovn/northd/ovn-northd.c
delete mode 100644 ovn/ovn-architecture.7.xml
delete mode 100644 ovn/utilities/bugtool/automake.mk
delete mode 100644 ovn/utilities/bugtool/ovn-bugtool-nbctl-show
delete mode 100644 ovn/utilities/bugtool/ovn-bugtool-sbctl-lflow-list
delete mode 100644 ovn/utilities/bugtool/ovn-bugtool-sbctl-show
delete mode 100644 ovn/utilities/bugtool/plugins/network-status/ovn.xml
delete mode 100755 ovn/utilities/ovn-ctl
delete mode 100644 ovn/utilities/ovn-ctl.8.xml
delete mode 100644 ovn/utilities/ovn-detrace.1.in
delete mode 100755 ovn/utilities/ovn-detrace.in
delete mode 100755 ovn/utilities/ovn-docker-overlay-driver.in
delete mode 100755 ovn/utilities/ovn-docker-underlay-driver.in
delete mode 100644 ovn/utilities/ovn-trace.8.xml
delete mode 100644 ovn/utilities/ovn-trace.c
delete mode 100755 ovn/utilities/ovndb-servers.ocf
delete mode 100644 rhel/ovn-fedora.spec.in
delete mode 100644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
delete mode 100644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
delete mode 100644 rhel/usr_lib_systemd_system_ovn-controller-vtep.service
delete mode 100644 rhel/usr_lib_systemd_system_ovn-controller.service
delete mode 100644 rhel/usr_lib_systemd_system_ovn-northd.service
delete mode 100644 tests/oss-fuzz/config/expr.dict
delete mode 100644 tests/oss-fuzz/config/expr_parse_target.options
delete mode 100644 tests/oss-fuzz/expr_parse_target.c
delete mode 100644 tests/ovn-controller-vtep.at
delete mode 100644 tests/ovn-controller.at
delete mode 100644 tests/ovn-macros.at
delete mode 100644 tests/ovn-nbctl.at
delete mode 100644 tests/ovn-northd.at
delete mode 100644 tests/ovn-performance.at
delete mode 100644 tests/ovn-sbctl.at
delete mode 100644 tests/ovn.at
delete mode 100644 tests/system-ovn.at
delete mode 100644 tests/test-ovn.c
delete mode 100755 tutorial/ovn-setup.sh
diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 2a3214a3cc7..cd68f3b1571 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -18,7 +18,6 @@ DOC_SOURCE = \
Documentation/intro/install/fedora.rst \
Documentation/intro/install/general.rst \
Documentation/intro/install/netbsd.rst \
- Documentation/intro/install/ovn-upgrades.rst \
Documentation/intro/install/rhel.rst \
Documentation/intro/install/userspace.rst \
Documentation/intro/install/windows.rst \
@@ -26,12 +25,8 @@ DOC_SOURCE = \
Documentation/tutorials/index.rst \
Documentation/tutorials/faucet.rst \
Documentation/tutorials/ovs-advanced.rst \
- Documentation/tutorials/ovn-openstack.rst \
- Documentation/tutorials/ovn-sandbox.rst \
Documentation/tutorials/ovs-conntrack.rst \
Documentation/tutorials/ipsec.rst \
- Documentation/tutorials/ovn-ipsec.rst \
- Documentation/tutorials/ovn-rbac.rst \
Documentation/topics/index.rst \
Documentation/topics/bonding.rst \
Documentation/topics/idl-compound-indexes.rst \
@@ -54,28 +49,22 @@ DOC_SOURCE = \
Documentation/topics/fuzzing/ovs-fuzzers.rst \
Documentation/topics/fuzzing/security-analysis-of-ovs-fuzzers.rst \
Documentation/topics/testing.rst \
- Documentation/topics/high-availability.rst \
Documentation/topics/integration.rst \
Documentation/topics/language-bindings.rst \
Documentation/topics/networking-namespaces.rst \
Documentation/topics/openflow.rst \
- Documentation/topics/ovn-news-2.8.rst \
Documentation/topics/ovsdb-replication.rst \
Documentation/topics/porting.rst \
- Documentation/topics/role-based-access-control.rst \
Documentation/topics/tracing.rst \
Documentation/topics/windows.rst \
Documentation/howto/index.rst \
- Documentation/howto/docker.rst \
Documentation/howto/dpdk.rst \
- Documentation/howto/firewalld.rst \
Documentation/howto/ipsec.rst \
Documentation/howto/kvm.rst \
Documentation/howto/libvirt.rst \
Documentation/howto/selinux.rst \
Documentation/howto/ssl.rst \
Documentation/howto/lisp.rst \
- Documentation/howto/openstack-containers.rst \
Documentation/howto/qos.png \
Documentation/howto/qos.rst \
Documentation/howto/sflow.png \
@@ -94,7 +83,6 @@ DOC_SOURCE = \
Documentation/faq/general.rst \
Documentation/faq/issues.rst \
Documentation/faq/openflow.rst \
- Documentation/faq/ovn.rst \
Documentation/faq/qos.rst \
Documentation/faq/releases.rst \
Documentation/faq/terminology.rst \
diff --git a/Documentation/faq/index.rst b/Documentation/faq/index.rst
index ad3cc2b6faf..334b828b222 100644
--- a/Documentation/faq/index.rst
+++ b/Documentation/faq/index.rst
@@ -41,4 +41,3 @@ Open vSwitch FAQ
terminology
vlan
vxlan
- ovn
diff --git a/Documentation/faq/ovn.rst b/Documentation/faq/ovn.rst
deleted file mode 100644
index 4d96b4aa59d..00000000000
--- a/Documentation/faq/ovn.rst
+++ /dev/null
@@ -1,90 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-===
-OVN
-===
-
-Q: Why does OVN use STT and Geneve instead of VLANs or VXLAN (or GRE)?
-
- A: OVN implements a fairly sophisticated packet processing pipeline in
- "logical datapaths" that can implement switching or routing functionality.
- A logical datapath has an ingress pipeline and an egress pipeline, and each
- of these pipelines can include logic based on packet fields as well as
- packet metadata such as the logical ingress and egress ports (the latter
- only in the egress pipeline).
-
- The processing for a logical datapath can be split across hypervisors. In
- particular, when a logical ingress pipeline executes an "output" action,
- OVN passes the packet to the egress pipeline on the hypervisor (or, in the
- case of output to a logical multicast group, hypervisors) on which the
- logical egress port is located. If this hypervisor is not the same as the
- ingress hypervisor, then the packet has to be transmitted across a physical
- network.
-
- This situation is where tunneling comes in. To send the packet to another
- hypervisor, OVN encapsulates it with a tunnel protocol and sends the
- encapsulated packet across the physical network. When the remote
- hypervisor receives the tunnel packet, it decapsulates it and passes it
- through the logical egress pipeline. To do so, it also needs the metadata,
- that is, the logical ingress and egress ports.
-
- Thus, to implement OVN logical packet processing, at least the following
- metadata must pass across the physical network:
-
- * Logical datapath ID, a 24-bit identifier. In Geneve, OVN uses the VNI to
- hold the logical datapath ID; in STT, OVN uses 24 bits of STT's 64-bit
- context ID.
-
- * Logical ingress port, a 15-bit identifier. In Geneve, OVN uses an option
- to hold the logical ingress port; in STT, 15 bits of the context ID.
-
- * Logical egress port, a 16-bit identifier. In Geneve, OVN uses an option
- to hold the logical egress port; in STT, 16 bits of the context ID.
-
- See ``ovn-architecture(7)``, under "Tunnel Encapsulations", for details.
-
- Together, these metadata require 24 + 15 + 16 = 55 bits. GRE provides 32
- bits, VXLAN provides 24, and VLAN only provides 12. Most notably, if
- logical egress pipelines do not match on the logical ingress port, thereby
- restricting the class of ACLs available to users, then this eliminates 15
- bits, bringing the requirement down to 40 bits. At this point, one can
- choose to limit the size of the OVN logical network in various ways, e.g.:
-
- * 16 bits of logical datapaths + 16 bits of logical egress ports. This
- combination fits within a 32-bit GRE tunnel key.
-
- * 12 bits of logical datapaths + 12 bits of logical egress ports. This
- combination fits within a 24-bit VXLAN VNI.
-
- * It's difficult to identify an acceptable compromise for a VLAN-based
- deployment.
-
- These compromises wouldn't suit every site, since some deployments
- may need to allocate more bits to the datapath or egress port
- identifiers.
-
- As a side note, OVN does support VXLAN for use with ASIC-based top of rack
- switches, using ``ovn-controller-vtep(8)`` and the OVSDB VTEP schema
- described in ``vtep(5)``, but this limits the features available from OVN
- to the subset available from the VTEP schema.
diff --git a/Documentation/howto/docker.rst b/Documentation/howto/docker.rst
deleted file mode 100644
index a68b02fdb09..00000000000
--- a/Documentation/howto/docker.rst
+++ /dev/null
@@ -1,326 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-===================================
-Open Virtual Networking With Docker
-===================================
-
-This document describes how to use Open Virtual Networking with Docker 1.9.0
-or later.
-
-.. important::
-
- Requires Docker version 1.9.0 or later. Only Docker 1.9.0+ comes with support
- for multi-host networking. Consult www.docker.com for instructions on how to
- install Docker.
-
-.. note::
-
- You must build and install Open vSwitch before proceeding with the below
- guide. Refer to :doc:`/intro/install/index` for more information.
-
-Setup
------
-
-For multi-host networking with OVN and Docker, Docker has to be started with a
-distributed key-value store. For example, if you decide to use consul as your
-distributed key-value store and your host IP address is ``$HOST_IP``, start
-your Docker daemon with::
-
- $ docker daemon --cluster-store=consul://127.0.0.1:8500 \
- --cluster-advertise=$HOST_IP:0
-
-OVN provides network virtualization to containers. OVN's integration with
-Docker currently works in two modes - the "underlay" mode or the "overlay"
-mode.
-
-In the "underlay" mode, OVN requires a OpenStack setup to provide container
-networking. In this mode, one can create logical networks and can have
-containers running inside VMs, standalone VMs (without having any containers
-running inside them) and physical machines connected to the same logical
-network. This is a multi-tenant, multi-host solution.
-
-In the "overlay" mode, OVN can create a logical network amongst containers
-running on multiple hosts. This is a single-tenant (extendable to multi-tenants
-depending on the security characteristics of the workloads), multi-host
-solution. In this mode, you do not need a pre-created OpenStack setup.
-
-For both the modes to work, a user has to install and start Open vSwitch in
-each VM/host that they plan to run their containers on.
-
-.. _docker-overlay:
-
-The "overlay" mode
-------------------
-
-.. note::
-
- OVN in "overlay" mode needs a minimum Open vSwitch version of 2.5.
-
-1. Start the central components.
-
- OVN architecture has a central component which stores your networking intent
- in a database. On one of your machines, with an IP Address of
- ``$CENTRAL_IP``, where you have installed and started Open vSwitch, you will
- need to start some central components.
-
- Start ovn-northd daemon. This daemon translates networking intent from Docker
- stored in the OVN\_Northbound database to logical flows in ``OVN_Southbound``
- database. For example::
-
- $ /usr/share/openvswitch/scripts/ovn-ctl start_northd
-
- With Open vSwitch version of 2.7 or greater, you need to run the following
- additional commands (Please read the manpages of ovn-nb for more control
- on the types of connection allowed.) ::
-
- $ ovn-nbctl set-connection ptcp:6641
- $ ovn-sbctl set-connection ptcp:6642
-
-2. One time setup
-
- On each host, where you plan to spawn your containers, you will need to run
- the below command once. You may need to run it again if your OVS database
- gets cleared. It is harmless to run it again in any case::
-
- $ ovs-vsctl set Open_vSwitch . \
- external_ids:ovn-remote="tcp:$CENTRAL_IP:6642" \
- external_ids:ovn-nb="tcp:$CENTRAL_IP:6641" \
- external_ids:ovn-encap-ip=$LOCAL_IP \
- external_ids:ovn-encap-type="$ENCAP_TYPE"
-
- where:
-
- ``$LOCAL_IP``
- is the IP address via which other hosts can reach this host. This acts as
- your local tunnel endpoint.
-
- ``$ENCAP_TYPE``
- is the type of tunnel that you would like to use for overlay networking.
- The options are ``geneve`` or ``stt``. Your kernel must have support for
- your chosen ``$ENCAP_TYPE``. Both ``geneve`` and ``stt`` are part of the
- Open vSwitch kernel module that is compiled from this repo. If you use the
- Open vSwitch kernel module from upstream Linux, you will need a minimum
- kernel version of 3.18 for ``geneve``. There is no ``stt`` support in
- upstream Linux. You can verify whether you have the support in your kernel
- as follows::
-
- $ lsmod | grep $ENCAP_TYPE
-
- In addition, each Open vSwitch instance in an OVN deployment needs a unique,
- persistent identifier, called the ``system-id``. If you install OVS from
- distribution packaging for Open vSwitch (e.g. .deb or .rpm packages), or if
- you use the ovs-ctl utility included with Open vSwitch, it automatically
- configures a system-id. If you start Open vSwitch manually, you should set
- one up yourself. For example::
-
- $ id_file=/etc/openvswitch/system-id.conf
- $ test -e $id_file || uuidgen > $id_file
- $ ovs-vsctl set Open_vSwitch . external_ids:system-id=$(cat $id_file)
-
-3. Start the ``ovn-controller``.
-
- You need to run the below command on every boot::
-
- $ /usr/share/openvswitch/scripts/ovn-ctl start_controller
-
-4. Start the Open vSwitch network driver.
-
- By default Docker uses Linux bridge for networking. But it has support for
- external drivers. To use Open vSwitch instead of the Linux bridge, you will
- need to start the Open vSwitch driver.
-
- The Open vSwitch driver uses the Python's flask module to listen to Docker's
- networking api calls. So, if your host does not have Python's flask module,
- install it::
-
- $ sudo pip install Flask
-
- Start the Open vSwitch driver on every host where you plan to create your
- containers. Refer to the note on ``$OVS_PYTHON_LIBS_PATH`` that is used below
- at the end of this document::
-
- $ PYTHONPATH=$OVS_PYTHON_LIBS_PATH ovn-docker-overlay-driver --detach
-
- .. note::
-
- The ``$OVS_PYTHON_LIBS_PATH`` variable should point to the directory where
- Open vSwitch Python modules are installed. If you installed Open vSwitch
- Python modules via the Debian package of ``python-openvswitch`` or via pip
- by running ``pip install ovs``, you do not need to specify the PATH. If
- you installed it by following the instructions in
- :doc:`/intro/install/general`, then you should specify the PATH. In this
- case, the PATH depends on the options passed to ``./configure``. It is
- usually either ``/usr/share/openvswitch/python`` or
- ``/usr/local/share/openvswitch/python``
-
-Docker has inbuilt primitives that closely match OVN's logical switches and
-logical port concepts. Consult Docker's documentation for all the possible
-commands. Here are some examples.
-
-Create a logical switch
-~~~~~~~~~~~~~~~~~~~~~~~
-
-To create a logical switch with name 'foo', on subnet '192.168.1.0/24', run::
-
- $ NID=`docker network create -d openvswitch --subnet=192.168.1.0/24 foo`
-
-List all logical switches
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- $ docker network ls
-
-You can also look at this logical switch in OVN's northbound database by
-running the following command::
-
- $ ovn-nbctl --db=tcp:$CENTRAL_IP:6640 ls-list
-
-Delete a logical switch
-~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- $ docker network rm bar
-
-
-Create a logical port
-~~~~~~~~~~~~~~~~~~~~~
-
-Docker creates your logical port and attaches it to the logical network in a
-single step. For example, to attach a logical port to network ``foo`` inside
-container busybox, run::
-
- $ docker run -itd --net=foo --name=busybox busybox
-
-List all logical ports
-~~~~~~~~~~~~~~~~~~~~~~
-
-Docker does not currently have a CLI command to list all logical ports but you
-can look at them in the OVN database by running::
-
- $ ovn-nbctl --db=tcp:$CENTRAL_IP:6640 lsp-list $NID
-
-Create and attach a logical port to a running container
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- $ docker network create -d openvswitch --subnet=192.168.2.0/24 bar
- $ docker network connect bar busybox
-
-Detach and delete a logical port from a running container
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-You can delete your logical port and detach it from a running container
-by running:
-
-::
-
- $ docker network disconnect bar busybox
-
-.. _docker-underlay:
-
-The "underlay" mode
--------------------
-
-.. note::
-
- This mode requires that you have a OpenStack setup pre-installed with
- OVN providing the underlay networking.
-
-1. One time setup
-
- A OpenStack tenant creates a VM with a single network interface (or multiple)
- that belongs to management logical networks. The tenant needs to fetch the
- port-id associated with the interface via which he plans to send the container
- traffic inside the spawned VM. This can be obtained by running the below
- command to fetch the 'id' associated with the VM::
-
- $ nova list
-
- and then by running::
-
- $ neutron port-list --device_id=$id
-
- Inside the VM, download the OpenStack RC file that contains the tenant
- information (henceforth referred to as ``openrc.sh``). Edit the file and add the
- previously obtained port-id information to the file by appending the following
- line::
-
- $ export OS_VIF_ID=$port_id
-
- After this edit, the file will look something like::
-
- #!/bin/bash
- export OS_AUTH_URL=http://10.33.75.122:5000/v2.0
- export OS_TENANT_ID=fab106b215d943c3bad519492278443d
- export OS_TENANT_NAME="demo"
- export OS_USERNAME="demo"
- export OS_VIF_ID=e798c371-85f4-4f2d-ad65-d09dd1d3c1c9
-
-2. Create the Open vSwitch bridge
-
- If your VM has one ethernet interface (e.g.: 'eth0'), you will need to add
- that device as a port to an Open vSwitch bridge 'breth0' and move its IP
- address and route related information to that bridge. (If it has multiple
- network interfaces, you will need to create and attach an Open vSwitch
- bridge for the interface via which you plan to send your container
- traffic.)
-
- If you use DHCP to obtain an IP address, then you should kill the DHCP
- client that was listening on the physical Ethernet interface (e.g. eth0) and
- start one listening on the Open vSwitch bridge (e.g. breth0).
-
- Depending on your VM, you can make the above step persistent across reboots.
- For example, if your VM is Debian/Ubuntu-based, read
- `openvswitch-switch.README.Debian` found in `debian` folder. If your VM is
- RHEL-based, refer to :doc:`/intro/install/rhel`.
-
-3. Start the Open vSwitch network driver
-
- The Open vSwitch driver uses the Python's flask module to listen to Docker's
- networking api calls. The driver also uses OpenStack's
- ``python-neutronclient`` libraries. If your host does not have Python's
- ``flask`` module or ``python-neutronclient`` you must install them. For
- example::
-
- $ pip install python-neutronclient
- $ pip install Flask
-
- Once installed, source the ``openrc`` file::
-
- $ . ./openrc.sh
-
- Start the network driver and provide your OpenStack tenant password when
- prompted::
-
- $ PYTHONPATH=$OVS_PYTHON_LIBS_PATH ovn-docker-underlay-driver \
- --bridge breth0 --detach
-
-From here-on you can use the same Docker commands as described in
-`docker-overlay`_.
-
-Refer to the ovs-architecture man pages (``man ovn-architecture``) to
-understand OVN's architecture in detail.
diff --git a/Documentation/howto/firewalld.rst b/Documentation/howto/firewalld.rst
deleted file mode 100644
index 0dc455ea889..00000000000
--- a/Documentation/howto/firewalld.rst
+++ /dev/null
@@ -1,107 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-===================================
-Open Virtual Network With firewalld
-===================================
-
-firewalld is a service that allows for easy administration of firewalls. OVN
-ships with a set of service files that can be used with firewalld to allow
-for remote connections to the northbound and southbound databases.
-
-This guide will describe how you can use these files with your existing
-firewalld setup. Setup and administration of firewalld is outside the scope
-of this document.
-
-Installation
-------------
-
-If you have installed OVN from an RPM, then the service files for firewalld
-will automatically be installed in ``/usr/lib/firewalld/services``.
-Installation from RPM includes installation from the yum or dnf package
-managers.
-
-If you have installed OVN from source, then from the top level source
-directory, issue the following commands to copy the firewalld service files:
-
-::
-
- $ cp rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- /etc/firewalld/services/
- $ cp rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
- /etc/firewalld/services/
-
-
-Activation
-----------
-
-Assuming you are already running firewalld, you can issue the following
-commands to enable the OVN services.
-
-On the central server (the one running ``ovn-northd``), issue the following::
-
-$ firewall-cmd --zone=public --add-service=ovn-central-firewall-service
-
-This will open TCP ports 6641 and 6642, allowing for remote connections to the
-northbound and southbound databases.
-
-On the OVN hosts (the ones running ``ovn-controller``), issue the following::
-
-$ firewall-cmd --zone=public --add-service=ovn-host-firewall-service
-
-This will open UDP port 6081, allowing for geneve traffic to flow between the
-controllers.
-
-Variations
-----------
-
-When installing the XML service files, you have the choice of copying them to
-``/etc/firewalld/services`` or ``/usr/lib/firewalld/services``. The former is
-recommend since the latter can be overwritten if firewalld is upgraded.
-
-The above commands assumed your underlay network interfaces are in the
-"public" firewalld zone. If your underlay network interfaces are in a separate
-zone, then adjust the above commands accordingly.
-
-The ``--permanent`` option may be passed to the above firewall-cmd invocations
-in order for the services to be permanently added to the firewalld
-configuration. This way it is not necessary to re-issue the commands each
-time the firewalld service restarts.
-
-The ovn-host-firewall-service only opens port 6081. This is because the
-default protocol for OVN tunnels is geneve. If you are using a different
-encapsulation protocol, you will need to modify the XML service file to open
-the appropriate port(s). For VXLAN, open port 4789. For STT, open port 7471.
-
-Recommendations
----------------
-
-The firewalld service files included with the OVS repo are meant as a
-convenience for firewalld users. All that the service files do is to open
-the common ports used by OVN. No additional security is provided. To ensure a
-more secure environment, it is a good idea to do the following
-
-* Use tools such as iptables or nftables to restrict access to known hosts.
-* Use SSL for all remote connections to OVN databases.
-* Use role-based access control for connections to the OVN southbound
- database.
diff --git a/Documentation/howto/index.rst b/Documentation/howto/index.rst
index 9a3487be3e9..60fb8a717cf 100644
--- a/Documentation/howto/index.rst
+++ b/Documentation/howto/index.rst
@@ -50,12 +50,3 @@ OVS
sflow
dpdk
-OVN
----
-
-.. toctree::
- :maxdepth: 1
-
- docker
- openstack-containers
- firewalld
diff --git a/Documentation/howto/openstack-containers.rst b/Documentation/howto/openstack-containers.rst
deleted file mode 100644
index 692fe25e564..00000000000
--- a/Documentation/howto/openstack-containers.rst
+++ /dev/null
@@ -1,135 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-================================================
-Integration of Containers with OVN and OpenStack
-================================================
-
-Isolation between containers is weaker than isolation between VMs, so some
-environments deploy containers for different tenants in separate VMs as an
-additional security measure. This document describes creation of containers
-inside VMs and how they can be made part of the logical networks securely. The
-created logical network can include VMs, containers and physical machines as
-endpoints. To better understand the proposed integration of containers with
-OVN and OpenStack, this document describes the end to end workflow with an
-example.
-
-* A OpenStack tenant creates a VM (say VM-A) with a single network interface
- that belongs to a management logical network. The VM is meant to host
- containers. OpenStack Nova chooses the hypervisor on which VM-A is created.
-
-* A Neutron port may have been created in advance and passed in to Nova with
- the request to create a new VM. If not, Nova will issue a request to Neutron
- to create a new port. The ID of the logical port from Neutron will also be
- used as the vif-id for the virtual network interface (VIF) of VM-A.
-
-* When VM-A is created on a hypervisor, its VIF gets added to the Open vSwitch
- integration bridge. This creates a row in the Interface table of the
- ``Open_vSwitch`` database. As explained in the :doc:`integration guide
- `, the vif-id associated with the VM network interface
- gets added in the ``external_ids:iface-id`` column of the newly created row
- in the Interface table.
-
-* Since VM-A belongs to a logical network, it gets an IP address. This IP
- address is used to spawn containers (either manually or through container
- orchestration systems) inside that VM and to monitor the health of the
- created containers.
-
-* The vif-id associated with the VM's network interface can be obtained by
- making a call to Neutron using tenant credentials.
-
-* This flow assumes a component called a "container network plugin". If you
- take Docker as an example for containers, you could envision the plugin to be
- either a wrapper around Docker or a feature of Docker itself that understands
- how to perform part of this workflow to get a container connected to a
- logical network managed by Neutron. The rest of the flow refers to this
- logical component that does not yet exist as the "container network plugin".
-
-* All the calls to Neutron will need tenant credentials. These calls can
- either be made from inside the tenant VM as part of a container network
- plugin or from outside the tenant VM (if the tenant is not comfortable using
- temporary Keystone tokens from inside the tenant VMs). For simplicity, this
- document explains the work flow using the former method.
-
-* The container hosting VM will need Open vSwitch installed in it. The only
- work for Open vSwitch inside the VM is to tag network traffic coming from
- containers.
-
-* When a container needs to be created inside the VM with a container network
- interface that is expected to be attached to a particular logical switch, the
- network plugin in that VM chooses any unused VLAN (This VLAN tag only needs
- to be unique inside that VM. This limits the number of container interfaces
- to 4096 inside a single VM). This VLAN tag is stripped out in the hypervisor
- by OVN and is only useful as a context (or metadata) for OVN.
-
-* The container network plugin then makes a call to Neutron to create a logical
- port. In addition to all the inputs that a call to create a port in Neutron
- that are currently needed, it sends the vif-id and the VLAN tag as inputs.
-
-* Neutron in turn will verify that the vif-id belongs to the tenant in question
- and then uses the OVN specific plugin to create a new row in the
- Logical_Switch_Port table of the OVN Northbound Database. Neutron responds
- back with an IP address and MAC address for that network interface. So
- Neutron becomes the IPAM system and provides unique IP and MAC addresses
- across VMs and containers in the same logical network.
-
-* The Neutron API call above to create a logical port for the container could
- add a relatively significant amount of time to container creation. However,
- an optimization is possible here. Logical ports could be created in advance
- and reused by the container system doing container orchestration. Additional
- Neutron API calls would only be needed if the port needs to be attached to a
- different logical network.
-
-* When a container is eventually deleted, the network plugin in that VM may
- make a call to Neutron to delete that port. Neutron in turn will delete the
- entry in the ``Logical_Switch_Port`` table of the OVN Northbound Database.
-
-As an example, consider Docker containers. Since Docker currently does not
-have a network plugin feature, this example uses a hypothetical wrapper around
-Docker to make calls to Neutron.
-
-* Create a Logical switch::
-
- $ ovn-docker --cred=cca86bd13a564ac2a63ddf14bf45d37f create network LS1
-
- The above command will make a call to Neutron with the credentials to create
- a logical switch. The above is optional if the logical switch has already
- been created from outside the VM.
-
-* List networks available to the tenant::
-
- $ ovn-docker --cred=cca86bd13a564ac2a63ddf14bf45d37f list networks
-
-* Create a container and attach a interface to the previously created switch as
- a logical port::
-
- $ ovn-docker --cred=cca86bd13a564ac2a63ddf14bf45d37f --vif-id=$VIF_ID \
- --network=LS1 run -d --net=none ubuntu:14.04 /bin/sh -c \
- "while true; do echo hello world; sleep 1; done"
-
- The above command will make a call to Neutron with all the inputs it
- currently needs to create a logical port. In addition, it passes the $VIF_ID
- and a unused VLAN. Neutron will add that information in OVN and return back
- a MAC address and IP address for that interface. ovn-docker will then create
- a veth pair, insert one end inside the container as 'eth0' and the other end
- as a port of a local OVS bridge as an access port of the chosen VLAN.
diff --git a/Documentation/index.rst b/Documentation/index.rst
index bace34dbf91..f18f8df1c93 100644
--- a/Documentation/index.rst
+++ b/Documentation/index.rst
@@ -33,22 +33,20 @@ How the Documentation is Organised
The Open vSwitch documentation is organised into multiple sections:
- :doc:`Installation guides ` guide you through
- installing Open vSwitch (OVS) and Open Virtual Network (OVN) on a variety of
- different platforms
+ installing Open vSwitch (OVS) on a variety of different platforms
- :doc:`Tutorials ` take you through a series of steps to
- configure OVS and OVN in sandboxed environments
-- :doc:`Topic guides ` provide a high level overview of OVS and
- OVN internals and operation
-- :doc:`How-to guides ` are recipes or use-cases for OVS and OVN.
+ configure OVS in sandboxed environments
+- :doc:`Topic guides ` provide a high level overview of OVS
+ internals and operation
+- :doc:`How-to guides ` are recipes or use-cases for OVS.
They are more advanced than the tutorials.
- :doc:`Frequently Asked Questions ` provide general insight into
- a variety of topics related to configuration and operation of OVS and OVN.
+ a variety of topics related to configuration and operation of OVS.
First Steps
-----------
-Getting started with Open vSwitch (OVS) or Open Virtual Network (OVN) for Open
-vSwitch? Start here.
+Getting started with Open vSwitch (OVS)? Start here.
- **Overview:** :doc:`intro/what-is-ovs` |
:doc:`intro/why-ovs`
@@ -64,12 +62,8 @@ vSwitch? Start here.
- **Tutorials:** :doc:`tutorials/faucet` |
:doc:`tutorials/ovs-advanced` |
- :doc:`tutorials/ovn-sandbox` |
- :doc:`tutorials/ovn-openstack` |
:doc:`tutorials/ovs-conntrack` |
:doc:`tutorials/ipsec` |
- :doc:`tutorials/ovn-ipsec` |
- :doc:`tutorials/ovn-rbac`
Deeper Dive
-----------
diff --git a/Documentation/intro/install/fedora.rst b/Documentation/intro/install/fedora.rst
index 4e1a9976623..f11d05a0104 100644
--- a/Documentation/intro/install/fedora.rst
+++ b/Documentation/intro/install/fedora.rst
@@ -119,16 +119,6 @@ tests. This can take several minutes.
$ make rpm-fedora RPMBUILD_OPT="--with check"
-To build OVN RPMs, execute the following from the directory in which
-`./configure` was executed:
-
-::
-
- $ make rpm-fedora-ovn
-
-This will create the RPMs `ovn`, `ovn-common`, `ovn-central`, `ovn-host`,
-`ovn-docker` and `ovn-vtep`.
-
Kernel OVS Tree Datapath RPM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -165,8 +155,6 @@ In most cases only the `openvswitch` RPM will need to be installed. The
`openvswitch-debuginfo` RPMs are optional unless required for a specific
purpose.
-The `ovn-*` packages are only needed when using OVN.
-
Refer to the `RHEL README`__ for additional usage and configuration
information.
diff --git a/Documentation/intro/install/index.rst b/Documentation/intro/install/index.rst
index c27a9c9d16f..586ced95fb4 100644
--- a/Documentation/intro/install/index.rst
+++ b/Documentation/intro/install/index.rst
@@ -62,14 +62,6 @@ provided below.
fedora
rhel
-Upgrades
---------
-
-.. toctree::
- :maxdepth: 2
-
- ovn-upgrades
-
Others
------
diff --git a/Documentation/intro/install/ovn-upgrades.rst b/Documentation/intro/install/ovn-upgrades.rst
deleted file mode 100644
index 3e6cd984ee6..00000000000
--- a/Documentation/intro/install/ovn-upgrades.rst
+++ /dev/null
@@ -1,115 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-============
-OVN Upgrades
-============
-
-Since OVN is a distributed system, special consideration must be given to
-the process used to upgrade OVN across a deployment. This document discusses
-the recommended upgrade process.
-
-Release Notes
--------------
-
-You should always check the OVS and OVN release notes (NEWS file) for any
-release specific notes on upgrades.
-
-OVS
----
-
-OVN depends on and is included with OVS. It's expected that OVS and OVN are
-upgraded together, partly for convenience. OVN is included in OVS releases
-so it's easiest to upgrade them together. OVN may also make use of new
-features of OVS only available in that release.
-
-Upgrade ovn-controller
-----------------------
-
-You should start by upgrading ovn-controller on each host it's running on.
-First, you upgrade the OVS and OVN packages. Then, restart the
-ovn-controller service. You can restart with ovn-ctl::
-
- $ sudo /usr/share/openvswitch/scripts/ovn-ctl restart_controller
-
-or with systemd::
-
- $ sudo systemd restart ovn-controller
-
-Upgrade OVN Databases and ovn-northd
-------------------------------------
-
-The OVN databases and ovn-northd should be upgraded next. Since ovn-controller
-has already been upgraded, it will be ready to operate on any new functionality
-specified by the database or logical flows created by ovn-northd.
-
-Upgrading the OVN packages installs everything needed for an upgrade. The only
-step required after upgrading the packages is to restart ovn-northd, which
-automatically restarts the databases and upgrades the database schema, as well.
-
-You may perform this restart using the ovn-ctl script::
-
- $ sudo /usr/share/openvswitch/scripts/ovn-ctl restart_northd
-
-or if you're using a Linux distribution with systemd::
-
- $ sudo systemctl restart ovn-northd
-
-Schema Change
-^^^^^^^^^^^^^
-
-During database upgrading, if there is schema change, the DB file will be
-converted to the new schema automatically, if the schema change is backward
-compatible. OVN tries the best to keep the DB schemas backward compatible.
-
-However, there can be situations that an incompatible change is reasonble. An
-example of such case is to add constraints in the table to ensure correctness.
-If there were already data that violates the new constraints got added somehow,
-it will result in DB upgrade failures. In this case, user should manually
-correct data using ovn-nbctl (for north-bound DB) or ovn-sbctl (for south-
-bound DB), and then upgrade again following previous steps. Below is a list
-of known impactible schema changes and how to fix when error encountered.
-
-#. Release 2.11: index [type, ip] added for Encap table of south-bound DB to
- prevent duplicated IPs being used for same tunnel type. If there are
- duplicated data added already (e.g. due to improper chassis management),
- a convenient way to fix is to find the chassis that is using the IP
- with command::
-
- $ ovn-sbctl show
-
- Then delete the chassis with command::
-
- $ ovn-sbctl chassis-del
-
-
-Upgrading OVN Integration
--------------------------
-
-Lastly, you may also want to upgrade integration with OVN that you may be
-using. For example, this could be the OpenStack Neutron driver or
-ovn-kubernetes.
-
-OVN's northbound database schema is a backwards compatible interface, so
-you should be able to safely complete an OVN upgrade before upgrading
-any integration in use.
diff --git a/Documentation/ref/ovs-sim.1.rst b/Documentation/ref/ovs-sim.1.rst
index 4382598e122..f59cd7af7af 100644
--- a/Documentation/ref/ovs-sim.1.rst
+++ b/Documentation/ref/ovs-sim.1.rst
@@ -142,103 +142,3 @@ with ``main`` directly.
must already have been created by a previous invocation of
``net_add``. The default sandbox must not be ``main``.
-OVN Commands
-------------
-
-These commands interact with OVN, the Open Virtual Network.
-
-``ovn_start`` [*options*]
- Creates and initializes the central OVN databases (both
- ``ovn-sb(5)`` and ``ovn-nb(5)``) and starts an instance of
- ``ovsdb-server`` for each one. Also starts an instance of
- ``ovn-northd``.
-
- The following options are available:
-
- ``--nbdb-model`` *model*
- Uses the given database model for the northbound database.
- The *model* may be ``standalone`` (the default), ``backup``,
- or ``clustered``.
-
- ``--nbdb-servers`` *n*
- For a clustered northbound database, the number of servers in
- the cluster. The default is 3.
-
- ``--sbdb-model`` *model*
- Uses the given database model for the southbound database.
- The *model* may be ``standalone`` (the default), ``backup``,
- or ``clustered``.
-
- ``--sbdb-servers`` *n*
- For a clustered southbound database, the number of servers in
- the cluster. The default is 3.
-
-``ovn_attach`` *network* *bridge* *ip* [*masklen*]
- First, this command attaches bridge to interconnection network
- network, just like ``net_attach`` *network* *bridge*. Second, it
- configures (simulated) IP address *ip* (with network mask length
- *masklen*, which defaults to 24) on *bridge*. Finally, it
- configures the Open vSwitch database to work with OVN and starts
- ``ovn-controller``.
-
-Examples
-========
-
-The following creates a pair of Open vSwitch instances ``hv0`` and
-``hv1``, adds a port named ``vif0`` or ``vif1``, respectively, to each
-one, and then connects the two through an interconnection network
-``n1``::
-
- net_add n1
- for i in 0 1; do
- sim_add hv$i
- as hv$i ovs-vsctl add-br br0 -- add-port br0 vif$i
- as hv$i net_attach n1 br0
- done
-
-Here’s an extended version that also starts OVN::
-
- ovn_start
- ovn-nbctl ls-add lsw0
- net_add n1
- for i in 0 1; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.`expr $i + 1`
- ovs-vsctl add-port br-int vif$i -- set Interface vif$i external-ids:iface-id=lp$i
- ovn-nbctl lsp-add lsw0 lp$i
- ovn-nbctl lsp-set-addresses lp$i f0:00:00:00:00:0$i
- done
-
-Here’s a primitive OVN "scale test" (adjust the scale by changing
-``n`` in the first line::
-
- n=200; export n
- ovn_start --sbdb-model=clustered
- net_add n1
- ovn-nbctl ls-add br0
- for i in `seq $n`; do
- (sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- y=$(expr $i / 256)
- x=$(expr $i % 256)
- ovn_attach n1 br-phys 192.168.$y.$x
- ovs-vsctl add-port br-int vif$i -- set Interface vif$i external-ids:iface-id=lp$i) &
- case $i in
- *50|*00) echo $i; wait ;;
- esac
- done
- wait
- for i in `seq $n`; do
- yy=$(printf %02x $(expr $i / 256))
- xx=$(printf $02x $(expr $i % 256))
- ovn-nbctl lsp-add br0 lp$i
- ovn-nbctl lsp-set-addresses lp$i f0:00:00:00:$yy:$xx
- done
-
-When the scale test has finished initializing, you can watch the
-logical ports come up with a command like this::
-
- watch 'for i in `seq $n`; do if test `ovn-nbctl lsp-get-up lp$i` != up; then echo $i; fi; done'
diff --git a/Documentation/topics/high-availability.rst b/Documentation/topics/high-availability.rst
deleted file mode 100644
index a5cb7638385..00000000000
--- a/Documentation/topics/high-availability.rst
+++ /dev/null
@@ -1,440 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-==================================
-OVN Gateway High Availability Plan
-==================================
-
-::
-
- OVN Gateway
-
- +---------------------------+
- | |
- | External Network |
- | |
- +-------------^-------------+
- |
- |
- +-----------+
- | |
- | Gateway |
- | |
- +-----------+
- ^
- |
- |
- +-------------v-------------+
- | |
- | OVN Virtual Network |
- | |
- +---------------------------+
-
-The OVN gateway is responsible for shuffling traffic between the tunneled
-overlay network (governed by ovn-northd), and the legacy physical network. In
-a naive implementation, the gateway is a single x86 server, or hardware VTEP.
-For most deployments, a single system has enough forwarding capacity to service
-the entire virtualized network, however, it introduces a single point of
-failure. If this system dies, the entire OVN deployment becomes unavailable.
-To mitigate this risk, an HA solution is critical -- by spreading
-responsibility across multiple systems, no single server failure can take down
-the network.
-
-An HA solution is both critical to the manageability of the system, and
-extremely difficult to get right. The purpose of this document, is to propose
-a plan for OVN Gateway High Availability which takes into account our past
-experience building similar systems. It should be considered a fluid changing
-proposal, not a set-in-stone decree.
-
-.. note::
- This document describes a range of options OVN could take to provide
- high availability for gateways. The current implementation provides L3
- gateway high availability by the "Router Specific Active/Backup"
- approach described in this document.
-
-Basic Architecture
-------------------
-
-In an OVN deployment, the set of hypervisors and network elements operating
-under the guidance of ovn-northd are in what's called "logical space". These
-servers use VXLAN, STT, or Geneve to communicate, oblivious to the details of
-the underlying physical network. When these systems need to communicate with
-legacy networks, traffic must be routed through a Gateway which translates from
-OVN controlled tunnel traffic, to raw physical network traffic.
-
-Since the gateway is typically the only system with a connection to the
-physical network all traffic between logical space and the WAN must travel
-through it. This makes it a critical single point of failure -- if the gateway
-dies, communication with the WAN ceases for all systems in logical space.
-
-To mitigate this risk, multiple gateways should be run in a "High Availability
-Cluster" or "HA Cluster". The HA cluster will be responsible for performing
-the duties of a gateways, while being able to recover gracefully from
-individual member failures.
-
-::
-
- OVN Gateway HA Cluster
-
- +---------------------------+
- | |
- | External Network |
- | |
- +-------------^-------------+
- |
- |
- +----------------------v----------------------+
- | |
- | High Availability Cluster |
- | |
- | +-----------+ +-----------+ +-----------+ |
- | | | | | | | |
- | | Gateway | | Gateway | | Gateway | |
- | | | | | | | |
- | +-----------+ +-----------+ +-----------+ |
- +----------------------^----------------------+
- |
- |
- +-------------v-------------+
- | |
- | OVN Virtual Network |
- | |
- +---------------------------+
-
-L2 vs L3 High Availability
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In order to achieve this goal, there are two broad approaches one can take.
-The HA cluster can appear to the network like a giant Layer 2 Ethernet Switch,
-or like a giant IP Router. These approaches are called L2HA, and L3HA
-respectively. L2HA allows ethernet broadcast domains to extend into logical
-space, a significant advantage, but this comes at a cost. The need to avoid
-transient L2 loops during failover significantly complicates their design. On
-the other hand, L3HA works for most use cases, is simpler, and fails more
-gracefully. For these reasons, it is suggested that OVN supports an L3HA
-model, leaving L2HA for future work (or third party VTEP providers). Both
-models are discussed further below.
-
-L3HA
-----
-
-In this section, we'll work through a basic simple L3HA implementation, on top
-of which we'll gradually build more sophisticated features explaining their
-motivations and implementations as we go.
-
-Naive active-backup
-~~~~~~~~~~~~~~~~~~~
-
-Let's assume that there are a collection of logical routers which a tenant has
-asked for, our task is to schedule these logical routers on one of N gateways,
-and gracefully redistribute the routers on gateways which have failed. The
-absolute simplest way to achieve this is what we'll call "naive-active-backup".
-
-::
-
- Naive Active Backup HA Implementation
-
- +----------------+ +----------------+
- | Leader | | Backup |
- | | | |
- | A B C | | |
- | | | |
- +----+-+-+-+----++ +-+--------------+
- ^ ^ ^ ^ | |
- | | | | | |
- | | | | +-+------+---+
- + + + + | ovn-northd |
- Traffic +------------+
-
-In a naive active-backup, one of the Gateways is chosen (arbitrarily) as a
-leader. All logical routers (A, B, C in the figure), are scheduled on this
-leader gateway and all traffic flows through it. ovn-northd monitors this
-gateway via OpenFlow echo requests (or some equivalent), and if the gateway
-dies, it recreates the routers on one of the backups.
-
-This approach basically works in most cases and should likely be the starting
-point for OVN -- it's strictly better than no HA solution and is a good
-foundation for more sophisticated solutions. That said, it's not without it's
-limitations. Specifically, this approach doesn't coordinate with the physical
-network to minimize disruption during failures, and it tightly couples failover
-to ovn-northd (we'll discuss why this is bad in a bit), and wastes resources by
-leaving backup gateways completely unutilized.
-
-Router Failover
-+++++++++++++++
-
-When ovn-northd notices the leader has died and decides to migrate routers to a
-backup gateway, the physical network has to be notified to direct traffic to
-the new gateway. Otherwise, traffic could be blackholed for longer than
-necessary making failovers worse than they need to be.
-
-For now, let's assume that OVN requires all gateways to be on the same IP
-subnet on the physical network. If this isn't the case, gateways would need to
-participate in routing protocols to orchestrate failovers, something which is
-difficult and out of scope of this document.
-
-Since all gateways are on the same IP subnet, we simply need to worry about
-updating the MAC learning tables of the Ethernet switches on that subnet.
-Presumably, they all have entries for each logical router pointing to the old
-leader. If these entries aren't updated, all traffic will be sent to the (now
-defunct) old leader, instead of the new one.
-
-In order to mitigate this issue, it's recommended that the new gateway sends a
-Reverse ARP (RARP) onto the physical network for each logical router it now
-controls. A Reverse ARP is a benign protocol used by many hypervisors when
-virtual machines migrate to update L2 forwarding tables. In this case, the
-ethernet source address of the RARP is that of the logical router it
-corresponds to, and its destination is the broadcast address. This causes the
-RARP to travel to every L2 switch in the broadcast domain, updating forwarding
-tables accordingly. This strategy is recommended in all failover mechanisms
-discussed in this document -- when a router newly boots on a new leader, it
-should RARP its MAC address.
-
-Controller Independent Active-backup
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Controller Independent Active-Backup Implementation
-
- +----------------+ +----------------+
- | Leader | | Backup |
- | | | |
- | A B C | | |
- | | | |
- +----------------+ +----------------+
- ^ ^ ^ ^
- | | | |
- | | | |
- + + + +
- Traffic
-
-The fundamental problem with naive active-backup, is it tightly couples the
-failover solution to ovn-northd. This can significantly increase downtime in
-the event of a failover as the (often already busy) ovn-northd controller has
-to recompute state for the new leader. Worse, if ovn-northd goes down, we can't
-perform gateway failover at all. This violates the principle that control
-plane outages should have no impact on dataplane functionality.
-
-In a controller independent active-backup configuration, ovn-northd is
-responsible for initial configuration while the HA cluster is responsible for
-monitoring the leader, and failing over to a backup if necessary. ovn-northd
-sets HA policy, but doesn't actively participate when failovers occur.
-
-Of course, in this model, ovn-northd is not without some responsibility. Its
-role is to pre-plan what should happen in the event of a failure, leaving it to
-the individual switches to execute this plan. It does this by assigning each
-gateway a unique leadership priority. Once assigned, it communicates this
-priority to each node it controls. Nodes use the leadership priority to
-determine which gateway in the cluster is the active leader by using a simple
-metric: the leader is the gateway that is healthy, with the highest priority.
-If that gateway goes down, leadership falls to the next highest priority, and
-conversely, if a new gateway comes up with a higher priority, it takes over
-leadership.
-
-Thus, in this model, leadership of the HA cluster is determined simply by the
-status of its members. Therefore if we can communicate the status of each
-gateway to each transport node, they can individually figure out which is the
-leader, and direct traffic accordingly.
-
-Tunnel Monitoring
-+++++++++++++++++
-
-Since in this model leadership is determined exclusively by the health status
-of member gateways, a key problem is how do we communicate this information to
-the relevant transport nodes. Luckily, we can do this fairly cheaply using
-tunnel monitoring protocols like BFD.
-
-The basic idea is pretty straightforward. Each transport node maintains a
-tunnel to every gateway in the HA cluster (not just the leader). These tunnels
-are monitored using the BFD protocol to see which are alive. Given this
-information, hypervisors can trivially compute the highest priority live
-gateway, and thus the leader.
-
-In practice, this leadership computation can be performed trivially using the
-bundle or group action. Rather than using OpenFlow to simply output to the
-leader, all gateways could be listed in an active-backup bundle action ordered
-by their priority. The bundle action will automatically take into account the
-tunnel monitoring status to output the packet to the highest priority live
-gateway.
-
-Inter-Gateway Monitoring
-++++++++++++++++++++++++
-
-One somewhat subtle aspect of this model, is that failovers are not globally
-atomic. When a failover occurs, it will take some time for all hypervisors to
-notice and adjust accordingly. Similarly, if a new high priority Gateway comes
-up, it may take some time for all hypervisors to switch over to the new leader.
-In order to avoid confusing the physical network, under these circumstances
-it's important for the backup gateways to drop traffic they've received
-erroneously. In order to do this, each Gateway must know whether or not it is,
-in fact active. This can be achieved by creating a mesh of tunnels between
-gateways. Each gateway monitors the other gateways its cluster to determine
-which are alive, and therefore whether or not that gateway happens to be the
-leader. If leading, the gateway forwards traffic normally, otherwise it drops
-all traffic.
-
-We should note that this method works well under the assumption that there
-are no inter-gateway connectivity failures, in such case this method would fail
-to elect a single master. The simplest example is two gateways which stop seeing
-each other but can still reach the hypervisors. Protocols like VRRP or CARP
-have the same issue. A mitigation for this type of failure mode could be
-achieved by having all network elements (hypervisors and gateways) periodically
-share their link status to other endpoints.
-
-Gateway Leadership Resignation
-++++++++++++++++++++++++++++++
-
-Sometimes a gateway may be healthy, but still may not be suitable to lead the
-HA cluster. This could happen for several reasons including:
-
-* The physical network is unreachable
-
-* BFD (or ping) has detected the next hop router is unreachable
-
-* The Gateway recently booted and isn't fully configured
-
-In this case, the Gateway should resign leadership by holding its tunnels down
-using the ``other_config:cpath_down`` flag. This indicates to participating
-hypervisors and Gateways that this gateway should be treated as if it's down,
-even though its tunnels are still healthy.
-
-Router Specific Active-Backup
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Router Specific Active-Backup
-
- +----------------+ +----------------+
- | | | |
- | A C | | B D E |
- | | | |
- +----------------+ +----------------+
- ^ ^ ^ ^
- | | | |
- | | | |
- + + + +
- Traffic
-
-Controller independent active-backup is a great advance over naive
-active-backup, but it still has one glaring problem -- it under-utilizes the
-backup gateways. In ideal scenario, all traffic would split evenly among the
-live set of gateways. Getting all the way there is somewhat tricky, but as a
-step in the direction, one could use the "Router Specific Active-Backup"
-algorithm. This algorithm looks a lot like active-backup on a per logical
-router basis, with one twist. It chooses a different active Gateway for each
-logical router. Thus, in situations where there are several logical routers,
-all with somewhat balanced load, this algorithm performs better.
-
-Implementation of this strategy is quite straightforward if built on top of
-basic controller independent active-backup. On a per logical router basis, the
-algorithm is the same, leadership is determined by the liveness of the
-gateways. The key difference here is that the gateways must have a different
-leadership priority for each logical router. These leadership priorities can
-be computed by ovn-northd just as they had been in the controller independent
-active-backup model.
-
-Once we have these per logical router priorities, they simply need be
-communicated to the members of the gateway cluster and the hypervisors. The
-hypervisors in particular, need simply have an active-backup bundle action (or
-group action) per logical router listing the gateways in priority order for
-*that router*, rather than having a single bundle action shared for all the
-routers.
-
-Additionally, the gateways need to be updated to take into account individual
-router priorities. Specifically, each gateway should drop traffic of backup
-routers it's running, and forward traffic of active gateways, instead of simply
-dropping or forwarding everything. This should likely be done by having
-ovn-controller recompute OpenFlow for the gateway, though other options exist.
-
-The final complication is that ovn-northd's logic must be updated to choose
-these per logical router leadership priorities in a more sophisticated manner.
-It doesn't matter much exactly what algorithm it chooses to do this, beyond
-that it should provide good balancing in the common case. I.E. each logical
-routers priorities should be different enough that routers balance to different
-gateways even when failures occur.
-
-Preemption
-++++++++++
-
-In an active-backup setup, one issue that users will run into is that of
-gateway leader preemption. If a new Gateway is added to a cluster, or for some
-reason an existing gateway is rebooted, we could end up in a situation where
-the newly activated gateway has higher priority than any other in the HA
-cluster. In this case, as soon as that gateway appears, it will preempt
-leadership from the currently active leader causing an unnecessary failover.
-Since failover can be quite expensive, this preemption may be undesirable.
-
-The controller can optionally avoid preemption by cleverly tweaking the
-leadership priorities. For each router, new gateways should be assigned
-priorities that put them second in line or later when they eventually come up.
-Furthermore, if a gateway goes down for a significant period of time, its old
-leadership priorities should be revoked and new ones should be assigned as if
-it's a brand new gateway. Note that this should only happen if a gateway has
-been down for a while (several minutes), otherwise a flapping gateway could
-have wide ranging, unpredictable, consequences.
-
-Note that preemption avoidance should be optional depending on the deployment.
-One necessarily sacrifices optimal load balancing to satisfy these requirements
-as new gateways will get no traffic on boot. Thus, this feature represents a
-trade-off which must be made on a per installation basis.
-
-Fully Active-Active HA
-~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- Fully Active-Active HA
-
- +----------------+ +----------------+
- | | | |
- | A B C D E | | A B C D E |
- | | | |
- +----------------+ +----------------+
- ^ ^ ^ ^
- | | | |
- | | | |
- + + + +
- Traffic
-
-The final step in L3HA is to have true active-active HA. In this scenario each
-router has an instance on each Gateway, and a mechanism similar to ECMP is used
-to distribute traffic evenly among all instances. This mechanism would require
-Gateways to participate in routing protocols with the physical network to
-attract traffic and alert of failures. It is out of scope of this document,
-but may eventually be necessary.
-
-L2HA
-----
-
-L2HA is very difficult to get right. Unlike L3HA, where the consequences of
-problems are minor, in L2HA if two gateways are both transiently active, an L2
-loop triggers and a broadcast storm results. In practice to get around this,
-gateways end up implementing an overly conservative "when in doubt drop all
-traffic" policy, or they implement something like MLAG.
-
-MLAG has multiple gateways work together to pretend to be a single L2 switch
-with a large LACP bond. In principle, it's the right solution to the problem
-as it solves the broadcast storm problem, and has been deployed successfully in
-other contexts. That said, it's difficult to get right and not recommended.
diff --git a/Documentation/topics/index.rst b/Documentation/topics/index.rst
index 057649dd7a4..fcb741637b8 100644
--- a/Documentation/topics/index.rst
+++ b/Documentation/topics/index.rst
@@ -27,7 +27,7 @@
Deep Dive
=========
-How Open vSwitch and OVN are implemented and, where necessary, why it was
+How Open vSwitch is implemented and, where necessary, why it was
implemented that way.
OVS
@@ -52,19 +52,3 @@ OVS
tracing
idl-compound-indexes
-OVN
----
-
-.. toctree::
- :maxdepth: 2
-
- high-availability
- role-based-access-control
- ovn-news-2.8
-
-.. list-table::
-
- * - ovn-architecture(7)
- - `(pdf) `__
- - `(html) `__
- - `(plain text) `__
diff --git a/Documentation/topics/ovn-news-2.8.rst b/Documentation/topics/ovn-news-2.8.rst
deleted file mode 100644
index fae0a427815..00000000000
--- a/Documentation/topics/ovn-news-2.8.rst
+++ /dev/null
@@ -1,278 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-===============================
-What's New with OVS and OVN 2.8
-===============================
-
-This document is about what was added in Open vSwitch 2.8, which was released
-at the end of August 2017, concentrating on the new features in OVN. It also
-covers some of what is coming up in Open vSwitch and OVN 2.9, which is due to
-be released in February 2018. OVN has many features, and this document does
-not cover every new or enhanced feature (but contributions are welcome).
-
-This document assumes a basic familiarity with Open vSwitch, OVN, and their
-associated tools. For more information, please refer to the Open vSwitch and
-OVN documentation, such as the ``ovn-architecture``\(7) manpage.
-
-Debugging and Troubleshooting
------------------------------
-
-Before version 2.8, Open vSwitch command-line tools were far more painful to
-use than they needed to be. This section covers the improvements made to the
-CLI in the 2.8 release.
-
-User-Hostile UUIDs
-~~~~~~~~~~~~~~~~~~
-
-The OVN CLI, through ``ovn-nbctl``, ``ovn-nbctl``, and ``ovn-trace``, used
-full-length UUIDs almost everywhere. It didn't even provide any assistance
-with completion, etc., which in practice meant always cutting and pasting UUIDs
-from one command or window to another. This problem wasn't limited to the
-places where one would expect to have to see or use a UUID, either. In many
-places where one would expect to be able to use a network, router, or port
-name, a UUID was required instead. In many places where one would want to see
-a name, the UUID was displayed instead. More than anything else, these
-shortcomings made the CLI user-hostile.
-
-There was an underlying problem that the southbound database didn't actually
-contain all the information needed to provide a decent user interface. In some
-cases, for example, the human-friendly names that one would want to use for
-entities simply weren't part of the database. These names weren't necessary
-for correctness, only for usability.
-
-OVN 2.8 eased many of these problems. Most parts of the CLI now allow the user
-to abbreviate UUIDs, as long as the abbreviations are unique within the
-database. Some parts of the CLI where full-length UUIDs make output hard to
-read now abbreviate them themselves. Perhaps more importantly, in many places
-the OVN CLI now displays and accepts human-friendly names for networks,
-routers, ports, and other entities. In the places where the names were not
-previously available, OVN (through ``ovn-northd``) now copies the names into
-the southbound database.
-
-The CLIs for layers below OVN, at the OpenFlow and datapath layers with
-``ovs-ofctl`` and ``ovs-dpctl``, respectively, had some similar problems in
-which numbers were used for entities that had human-friendly names. Open
-vSwitch 2.8 also solves some of those problems. Other than that, the most
-notable enhancement in this area was the ``--no-stats`` option to ``ovs-ofctl
-dump-flows``, which made that command's output more readable for the cases
-where per-flow statistics were not interesting to the reader.
-
-Connections Between Levels
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-OVN and Open vSwitch work almost like a stack of compilers: the OVN Neutron
-plugin translates Neutron configuration into OVN northbound configuration,
-which ``ovn-northd`` translates into logical flows, which ``ovn-controller``
-translates into OpenFlow flows, which ``ovs-vswitchd`` translates into datapath
-flows. For debugging and troubleshooting it is often necessary to understand
-exactly how these translations work. The relationship from a logical flow to
-its OpenFlow flows, or in the other direction, from an OpenFlow flow back to
-the logical flow that produced it, was often of particular interest, but OVN
-didn't provide good tools for the job.
-
-OVN 2.8 added some new features that ease these jobs. ``ovn-sbctl lflow-list``
-has a new option ``--ovs`` that lists the OpenFlow flows on a particular
-chassis that were generated from the logical flows that it lists.
-``ovn-trace`` also added a similar ``--ovs`` option that applies to the logical
-flows it traces.
-
-In the other direction, OVN 2.8 added a new utility ``ovn-detrace`` that, given
-an Open vSwitch trace of OpenFlow flows, annotates it with the logical flows
-that yielded those OpenFlow flows.
-
-Distributed Firewall
-~~~~~~~~~~~~~~~~~~~~
-
-OVN supports a distributed firewall with stateful connection tracking to ensure
-that only packets for established connections, or those that the configuration
-explicitly allows, can ingress a given VM or container. Neutron uses this
-feature by default. Most packets in an OpenStack environment pass through it
-twice, once after egress from the packet's source VM and once before ingress
-into its destination VM. Before OVN 2.8, the ``ovn-trace`` program, which
-shows the path of a packet through an OVN logical network, did not support the
-logical firewall, which in practice made it almost useless for Neutron.
-
-In OVN 2.8, ``ovn-trace`` adds support for the logical firewall. By default it
-assumes that packets are part of an established connection, which is usually
-what the user wants as part of the trace. It also accepts command-line options
-to override that assumption, which allows the user to discover the treatment of
-packets that the firewall should drop.
-
-At the next level deeper, prior to Open vSwitch 2.8, the OpenFlow tracing
-command ``ofproto/trace`` also supported neither the connection tracking
-feature underlying the OVN distributed firewall nor the "recirculation" feature
-that accompanied it. This meant that, even if the user tried to look deeper
-into the distributed firewall mechanism, he or she would encounter a further
-roadblock. Open vSwitch 2.8 added support for both of these features as well.
-
-Summary Display
-~~~~~~~~~~~~~~~
-
-``ovn-nbctl show`` and ``ovn-sbctl show``, for showing an overview of the OVN
-configuration, didn't show a lot of important information. OVN adds some more
-useful information here.
-
-DNS, and IPAM
--------------
-
-OVN 2.8 adds a built-in DNS server designed for assigning names to VMs and
-containers within an OVN logical network. DNS names are assigned using records
-in the OVN northbound database and, like other OVN features, translated into
-logical flows at the OVN southbound layer. DNS requests directed to the OVN
-DNS server never leave the hypervisor from which the request is sent; instead,
-OVN processes and replies to the request from its ``ovn-controller`` local
-agent. The OVN DNS server is not a general-purpose DNS server and cannot be
-used for that purpose.
-
-OVN includes simple built-in support for IP address management (IPAM), in which
-OVN assigns IP addresses to VMs or containers from a pool or pools of IP
-addresses delegated to it by the administrator. Before OVN 2.8, OVN IPAM only
-supported IPv4 addresses; OVN 2.8 adds support for IPv6. OVN 2.8 also enhances
-the address pool support to allow specific addresses to be excluded. Neutron
-assigns IP addresses itself and does not use OVN IPAM.
-
-High Availability
------------------
-
-As a distributed system, in OVN a lot can go wrong. As OVN advances, it adds
-redundancy in places where currently a single failure could disrupt the
-functioning of the system as a whole. OVN 2.8 adds two new kinds of high
-availability.
-
-ovn-northd HA
-~~~~~~~~~~~~~
-
-The ``ovn-northd`` program sits between the OVN northbound and southbound
-databases and translates from a logical network configuration into logical
-flows. If ``ovn-northd`` itself or the host on which it runs fails, then
-updates to the OVN northbound configuration will not propagate to the
-hypervisors and the OVN configuration freezes in place until ``ovn-northd``
-restarts.
-
-OVN 2.8 adds support for active-backup HA to ``ovn-northd``. When more than
-one ``ovn-northd`` instance runs, it uses an OVSDB locking feature to
-automatically choose a single active instance. When that instance dies or
-becomes nonresponsive, the OVSDB server automatically choose one of the
-remaining instance(s) to take over.
-
-L3 Gateway HA
-~~~~~~~~~~~~~
-
-In OVN 2.8, multiple chassis may now be specified for L3 gateways. When more
-than one chassis is specified, OVN manages high availability for that gateway.
-Each hypervisor uses the BFD protocol to keep track of the gateway nodes that
-are currently up. At any given time, a hypervisor uses the highest-priority
-gateway node that is currently up.
-
-OVSDB
------
-
-The OVN architecture relies heavily on OVSDB, the Open vSwitch database, for
-hosting the northbound and southbound databases. OVSDB was originally selected
-for this purpose because it was already used in Open vSwitch for configuring
-OVS itself and, thus, it was well integrated with OVS and well supported in C
-and Python, the two languages that are used in Open vSwitch.
-
-OVSDB was well designed for its original purpose of configuring Open vSwitch.
-It supports ACID transactions, has a small, efficient server, a flexible schema
-system, and good support for troubleshooting and debugging. However, it lacked
-several features that are important for OVN but not for Open vSwitch. As OVN
-advances, these missing features have become more and more of a problem. One
-option would be to switch to a different database that already has many of
-these features, but despite a careful search, no ideal existing database was
-identified, so the project chose instead to improve OVSDB where necessary to
-bring it up to speed. The following sections talk more about recent and future
-improvements.
-
-High Availability
-~~~~~~~~~~~~~~~~~
-
-When ``ovsdb-server`` was only used for OVS configuration, high availability
-was not important. ``ovsdb-server`` was capable of restarting itself
-automatically if it crashed, and if the whole system went down then Open
-vSwitch itself was dead too, so the database server's failure was not
-important.
-
-In contrast, the northbound and southbound databases are centralized components
-of a distributed system, so it is important that they not be a single point of
-failure for the system as a whole. In released versions of OVN,
-``ovsdb-server`` supports only "active-backup replication" across a pair of
-servers. This means that if one server goes down, the other can pick it back
-up approximately where the other one left off. The servers do not have
-built-in support for deciding at any given time which is the active and which
-the backup, so the administrator must configure an external agent to do this
-management.
-
-Active-backup replication is not entirely satisfactory, for multiple reasons.
-Replication is only approximate. Configuring the external agent requires extra
-work. There is no benefit from the backup server except when the active server
-fails. At most two servers can be used.
-
-A new form of high availability for OVSDB is under development for the OVN 2.9
-release, based on the Raft algorithm for distributed consensus. Whereas
-replication uses two servers, clustering using Raft requires three or more
-(typically an odd number) and continues functioning as long as more than half
-of the servers are up. The clustering implementation is built into
-``ovsdb-server`` and does not require an external agent. Clustering preserves
-the ACID properties of the database, so that a transaction that commits is
-guaranteed to persist. Finally, reads (which are the bulk of the OVN workload)
-scale with the size of the cluster, so that adding more servers should improve
-performance as the number of hypervisors in an OVN deployment increases. As of
-this writing, OVSDB support for clustering is undergoing development and early
-deployment testing.
-
-RBAC security
-~~~~~~~~~~~~~
-
-Until Open vSwitch 2.8, ``ovsdb-server`` had little support for access control
-within a database. If an OVSDB client could modify the database at all, it
-could make arbitrary changes. This was sufficient for most uses case to that
-point.
-
-Hypervisors in an OVN deployment need access to the OVN southbound database.
-Most of their access is reads, to find out about the OVN configuration.
-Hypervisors do need some write access to the southbound database, primarily to
-let the other hypervisors know what VMs and containers they are running and how
-to reach them. Thus, OVN gives all of the hypervisors in the OVN deployment
-write access to the OVN southbound database. This is fine when all is well,
-but if any of the hypervisors were compromised then they could disrupt the
-entire OVN deployment by corrupting the database.
-
-The OVN developers considered a few ways to solve this problem. One way would
-be to introduce a new central service (perhaps in ``ovn-northd``) that provided
-only the kinds of writes that the hypervisors legitimately need, and then grant
-hypervisors direct access to the southbound database only for reads. But
-ultimately the developers decided to introduce a new form of more access
-control for OVSDB, called the OVSDB RBAC (role-based access control) feature.
-OVSDB RBAC allows for granular enough control over access that hypervisors can
-be granted only the ability to add, modify, and delete the records that relate
-to themselves, preventing them from corrupting the database as a whole.
-
-Further Directions
-------------------
-
-For more information about new features in OVN and Open vSwitch, please refer
-to the NEWS file distributed with the source tree. If you have questions about
-Open vSwitch or OVN features, please feel free to write to the Open vSwitch
-discussion mailing list at ovs-discuss@openvswitch.org.
diff --git a/Documentation/topics/role-based-access-control.rst b/Documentation/topics/role-based-access-control.rst
deleted file mode 100644
index 8f2a3a99887..00000000000
--- a/Documentation/topics/role-based-access-control.rst
+++ /dev/null
@@ -1,101 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-=========================
-Role Based Access Control
-=========================
-
-Where SSL provides authentication when connecting to an OVS database, role
-based access control (RBAC) provides authorization to operations performed
-by clients connecting to an OVS database. RBAC allows for administrators to
-restrict the database operations a client may perform and thus enhance the
-security already provided by SSL.
-
-In theory, any OVS database could define RBAC roles and permissions, but at
-present only the OVN southbound database has the appropriate tables defined to
-facilitate RBAC.
-
-Mechanics
----------
-RBAC is intended to supplement SSL. In order to enable RBAC, the connection to
-the database must use SSL. Some permissions in RBAC are granted based on the
-certificate common name (CN) of the connecting client.
-
-RBAC is controlled with two database tables, RBAC_Role and RBAC_Permission.
-The RBAC_Permission table contains records that describe a set of permissions
-for a given table in the database.
-
-The RBAC_Permission table contains the following columns:
-
-table
- The table in the database for which permissions are being described.
-insert_delete
- Describes whether insertion and deletion of records is allowed.
-update
- A list of columns that are allowed to be updated.
-authorization
- A list of column names. One of the listed columns must match the SSL
- certificate CN in order for the attempted operation on the table to
- succeed. If a key-value pair is provided, then the key is the column name,
- and the value is the name of a key in that column. An empty string gives
- permission to all clients to perform operations.
-
-The RBAC_Role table contains the following columns:
-
-name
- The name of the role being defined
-permissions
- A list of key-value pairs. The key is the name of a table in the database,
- and the value is a UUID of a record in the RBAC_Permission table that
- describes the permissions the role has for that table.
-
-.. note::
-
- All tables not explicitly referenced in an RBAC_Role record are read-only
-
-In order to enable RBAC, specify the role name as an argument to the
-set-connection command for the database. As an example, to enable the
-"ovn-controller" role on the OVN southbound database, use the following
-command:
-
-::
-
- $ ovn-sbctl set-connection role=ovn-controller ssl:192.168.0.1:6642
-
-Pre-defined Roles
------------------
-This section describes roles that have been defined internally by OVS/OVN.
-
-ovn-controller
-~~~~~~~~~~~~~~
-The ovn-controller role is specified in the OVN southbound database and is
-intended for use by hypervisors running the ovn-controller daemon.
-ovn-controller connects to the OVN southbound database mostly to read
-information, but there are a few cases where ovn-controller also needs to
-write. The ovn-controller role was designed to allow for ovn-controllers
-to write to the southbound database only in places where it makes sense to do
-so. This way, if an intruder were to take over a hypervisor running
-ovn-controller, it is more difficult to compromise the entire overlay network.
-
-It is strongly recommended to set the ovn-controller role for the OVN
-southbound database to enhance security.
diff --git a/Documentation/tutorials/index.rst b/Documentation/tutorials/index.rst
index 35340ee56af..5ec62beab26 100644
--- a/Documentation/tutorials/index.rst
+++ b/Documentation/tutorials/index.rst
@@ -27,8 +27,7 @@
Tutorials
=========
-Getting started with Open vSwitch (OVS) and Open Virtual Network (OVN) for Open
-vSwitch.
+Getting started with Open vSwitch (OVS).
.. TODO(stephenfin): We could really do with a few basic tutorials, along with
some more specialized ones (DPDK, XenServer, Windows). The latter could
@@ -42,8 +41,4 @@ vSwitch.
faucet
ipsec
ovs-advanced
- ovn-sandbox
- ovn-openstack
- ovn-rbac
- ovn-ipsec
ovs-conntrack
diff --git a/Documentation/tutorials/ovn-ipsec.rst b/Documentation/tutorials/ovn-ipsec.rst
deleted file mode 100644
index feb695ea3a2..00000000000
--- a/Documentation/tutorials/ovn-ipsec.rst
+++ /dev/null
@@ -1,146 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-==================
-OVN IPsec Tutorial
-==================
-
-This document provides a step-by-step guide for encrypting tunnel traffic with
-IPsec in Open Virtual Network (OVN). OVN tunnel traffic is transported by
-physical routers and switches. These physical devices could be untrusted
-(devices in public network) or might be compromised. Enabling IPsec encryption
-for the tunnel traffic can prevent the traffic data from being monitored and
-manipulated. More details about the OVN IPsec design can be found in
-``ovn-architecture``\(7) manpage.
-
-This document assumes OVN is installed in your system and runs normally. Also,
-you need to install OVS IPsec packages in each chassis (refer to
-:ref:`install-ovs-ipsec`).
-
-Generating Certificates and Keys
---------------------------------
-
-OVN chassis uses CA-signed certificate to authenticate peer chassis for
-building IPsec tunnel. If you have enabled Role-Based Access Control (RBAC) in
-OVN, you can use the RBAC SSL certificates and keys to set up OVN IPsec. Or you
-can generate separate certificates and keys with ``ovs-pki`` (refer to
-:ref:`gen-certs-keys`).
-
-.. note::
-
- OVN IPsec requires x.509 version 3 certificate with the subjectAltName DNS
- field setting the same string as the common name (CN) field. CN should be
- set as the chassis name. ``ovs-pki`` in Open vSwitch 2.10.90 and later
- generates such certificates. Please generate compatible certificates if you
- use another PKI tool, or an older version of ``ovs-pki``, to manage
- certificates.
-
-Configuring OVN IPsec
----------------------
-
-You need to install the CA certificate, chassis certificate and private key in
-each chassis. Use the following command::
-
- $ ovs-vsctl set Open_vSwitch . \
- other_config:certificate=/path/to/chassis-cert.pem \
- other_config:private_key=/path/to/chassis-privkey.pem \
- other_config:ca_cert=/path/to/cacert.pem
-
-Enabling OVN IPsec
-------------------
-
-To enable OVN IPsec, set ``ipsec`` column in ``NB_Global`` table of the
-northbound database to true::
-
- $ ovn-nbctl set nb_global . ipsec=true
-
-With OVN IPsec enabled, all tunnel traffic in OVN will be encrypted with IPsec.
-To disable it, set ``ipsec`` column in ``NB_Global`` table of the northbound
-database to false::
-
- $ ovn-nbctl set nb_global . ipsec=false
-
-Troubleshooting
----------------
-
-The ``ovs-monitor-ipsec`` daemon in each chassis manages and monitors the IPsec
-tunnel state. Use the following ``ovs-appctl`` command to view
-``ovs-monitor-ipsec`` internal representation of tunnel configuration::
-
- $ ovs-appctl -t ovs-monitor-ipsec tunnels/show
-
-If there is a misconfiguration, then ``ovs-appctl`` should indicate why.
-For example::
-
- Interface name: ovn-host_2-0 v1 (CONFIGURED) <--- Should be set
- to CONFIGURED. Otherwise,
- error message will be
- provided
- Tunnel Type: geneve
- Remote IP: 2.2.2.2
- SKB mark: None
- Local cert: /path/to/chassis-cert.pem
- Local name: host_1
- Local key: /path/to/chassis-privkey.pem
- Remote cert: None
- Remote name: host_2
- CA cert: /path/to/cacert.pem
- PSK: None
- Ofport: 2 <--- Whether ovs-vswitchd has assigned Ofport
- number to this Tunnel Port
- CFM state: Disabled <--- Whether CFM declared this tunnel healthy
- Kernel policies installed:
- ... <--- IPsec policies for this OVS tunnel in
- Linux Kernel installed by strongSwan
- Kernel security associations installed:
- ... <--- IPsec security associations for this OVS
- tunnel in Linux Kernel installed by
- strongswan
- IPsec connections that are active:
- ... <--- IPsec "connections" for this OVS
- tunnel
-
-If you don't see any active connections, try to run the following command to
-refresh the ``ovs-monitor-ipsec`` daemon::
-
- $ ovs-appctl -t ovs-monitor-ipsec refresh
-
-You can also check the logs of the ``ovs-monitor-ipsec`` daemon and the IKE
-daemon to locate issues. ``ovs-monitor-ipsec`` outputs log messages to
-``/var/log/openvswitch/ovs-monitor-ipsec.log``.
-
-Bug Reporting
--------------
-
-If you think you may have found a bug with security implications, like
-
-1. IPsec protected tunnel accepted packets that came unencrypted; OR
-2. IPsec protected tunnel allowed packets to leave unencrypted;
-
-Then report such bugs according to :doc:`/internals/security`.
-
-If bug does not have security implications, then report it according to
-instructions in :doc:`/internals/bugs`.
-
-If you have suggestions to improve this tutorial, please send a email to
-ovs-discuss@openvswitch.org.
diff --git a/Documentation/tutorials/ovn-openstack.rst b/Documentation/tutorials/ovn-openstack.rst
deleted file mode 100644
index c6dff5e5513..00000000000
--- a/Documentation/tutorials/ovn-openstack.rst
+++ /dev/null
@@ -1,1922 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-======================
-OVN OpenStack Tutorial
-======================
-
-This tutorial demonstrates how OVN works in an OpenStack "DevStack"
-environment. It was tested with the "master" branches of DevStack and
-Open vSwitch near the beginning of May 2017. Anyone using an earlier
-version is likely to encounter some differences. In particular, we
-noticed some shortcomings in OVN utilities while writing the tutorial
-and pushed out some improvements, so it's best to use recent Open
-vSwitch at least from that point of view.
-
-The goal of this tutorial is to demonstrate OVN in an end-to-end way,
-that is, to show how it works from the cloud management system at the
-top (in this case, OpenStack and specifically its Neutron networking
-subsystem), through the OVN northbound and southbound databases, to
-the bottom at the OVN local controller and Open vSwitch data plane.
-We hope that this demonstration makes it easier for users and
-potential users to understand how OVN works and how to debug and
-troubleshoot it.
-
-In addition to new material, this tutorial incorporates content from
-``testing.rst`` in OpenStack networking-ovn, by Russell Bryant and
-others. Without that example, this tutorial could not have been
-written.
-
-We provide enough details in the tutorial that you should be able to
-fully follow along, by creating a DevStack VM and cloning DevStack and
-so on. If you want to do this, start out from `Setting Up DevStack`_
-below.
-
-Setting Up DevStack
--------------------
-
-This section explains how to install DevStack, a kind of OpenStack
-packaging for developers, in a way that allows you to follow along
-with the tutorial in full.
-
-Unless you have a spare computer laying about, it's easiest to install
-DevStacck in a virtual machine. This tutorial was built using a VM
-implemented by KVM and managed by virt-manager. I recommend
-configuring the VM configured for the x86-64 architecture, 4 GB RAM, 2
-VCPUs, and a 20 GB virtual disk.
-
-.. note::
-
- If you happen to run your Linux-based host with 32-bit userspace,
- then you will have some special issues, even if you use a 64-bit
- kernel:
-
- * You may find that you can get 32-bit DevStack VMs to work to some
- extent, but I personally got tired of finding workarounds. I
- recommend running your VMs in 64-bit mode. To get this to work,
- I had to go to the CPUs tab for the VM configuration in
- virt-manager and change the CPU model from the one originally
- listed to "Hypervisor Default' (it is curious that this is not
- the default!).
-
- * On a host with 32-bit userspace, KVM supports VMs with at most
- 2047 MB RAM. This is adequate, barely, to start DevStack, but it
- is not enough to run multiple (nested) VMs. To prevent
- out-of-memory failures, set up extra swap space in the guest.
- For example, to add 2 GB swap::
-
- $ sudo dd if=/dev/zero of=/swapfile bs=1M count=2048
- $ sudo mkswap /swapfile
- $ sudo swapon /swapfile
-
- and then add a line like this to ``/etc/fstab`` to add the new
- swap automatically upon reboot::
-
- /swapfile swap swap defaults 0 0
-
-Here are step-by-step instructions to get started:
-
-1. Install a VM.
-
- I tested these instructions with Centos 7.3. Download the "minimal
- install" ISO and booted it. The install is straightforward. Be
- sure to enable networking, and set a host name, such as
- "ovn-devstack-1". Add a regular (non-root) user, and check the box
- "Make this user administrator". Also, set your time zone.
-
-2. You can SSH into the DevStack VM, instead of running from a
- console. I recommend it because it's easier to cut and paste
- commands into a terminal than a VM console. You might also
- consider using a very wide terminal, perhaps 160 columns, to keep
- tables from wrapping.
-
- To improve convenience further, you can make it easier to log in
- with the following steps, which are optional:
-
- a. On your host, edit your ``~/.ssh/config``, adding lines like
- the following::
-
- Host ovn-devstack-1
- Hostname VMIP
- User VMUSER
-
- where VMIP is the VM's IP address and VMUSER is your username
- inside the VM. (You can omit the ``User`` line if your
- username is the same in the host and the VM.) After you do
- this, you can SSH to the VM by name, e.g. ``ssh
- ovn-devstack-1``, and if command-line completion is set up in
- your host shell, you can shorten that to something like ``ssh
- ovn`` followed by hitting the Tab key.
-
- b. If you have SSH public key authentication set up, with an SSH
- agent, run on your host::
-
- $ ssh-copy-id ovn-devstack-1
-
- and type your password once. Afterward, you can log in without
- typing your password again.
-
- (If you don't already use SSH public key authentication and an
- agent, consider looking into it--it will save you time in the
- long run.)
-
- c. Optionally, inside the VM, append the following to your
- ``~/.bash_profile``::
-
- . $HOME/devstack/openrc admin
-
- It will save you running it by hand each time you log in. But
- it also prints garbage to the console, which can screw up
- services like ``ssh-copy-id``, so be careful.
-
-2. Boot into the installed system and log in as the regular user, then
- install Git::
-
- $ sudo yum install git
-
- .. note::
-
- If you installed a 32-bit i386 guest (against the advice above),
- install a non-PAE kernel and reboot into it at this point::
-
- $ sudo yum install kernel-core kernel-devel
- $ sudo reboot
-
- Be sure to select the non-PAE kernel from the list at boot.
- Without this step, DevStack will fail to install properly later.
-
-3. Get copies of DevStack and OVN and set them up::
-
- $ git clone http://git.openstack.org/openstack-dev/devstack.git
- $ git clone http://git.openstack.org/openstack/networking-ovn.git
- $ cd devstack
- $ cp ../networking-ovn/devstack/local.conf.sample local.conf
-
- .. note::
-
- If you installed a 32-bit i386 guest (against the advice above),
- at this point edit ``local.conf`` to add the following line::
-
- CIRROS_ARCH=i386
-
-4. Initialize DevStack::
-
- $ ./stack.sh
-
- This will spew many screenfuls of text, and the first time you run
- it, it will download lots of software from the Internet. The
- output should eventually end with something like this::
-
- This is your host IP address: 172.16.189.6
- This is your host IPv6 address: ::1
- Horizon is now available at http://172.16.189.6/dashboard
- Keystone is serving at http://172.16.189.6/identity/
- The default users are: admin and demo
- The password: password
- 2017-03-09 15:10:54.117 | stack.sh completed in 2110 seconds.
-
- If there's some kind of failure, you can restart by running
- ``./stack.sh`` again. It won't restart exactly where it left off,
- but steps up to the one where it failed will skip the download
- steps. (Sometimes blindly restarting after a failure will allow it
- to succeed.) If you reboot your VM, you need to rerun this
- command. (If you run into trouble with ``stack.sh`` after
- rebooting your VM, try running ``./unstack.sh``.)
-
- At this point you can navigate a web browser on your host to the
- Horizon dashboard URL. Many OpenStack operations can be initiated
- from this UI. Feel free to explore, but this tutorial focuses on
- the alternative command-line interfaces because they are easier to
- explain and to cut and paste.
-
-5. As of this writing, you need to run the following to fix a problem
- with using VM consoles from the OpenStack web instance::
-
- $ (cd /opt/stack/noVNC && git checkout v0.6.0)
-
- See
- https://serenity-networks.com/how-to-fix-setkeycodes-00-and-unknown-key-pressed-console-errors-on-openstack/
- for more details.
-
-6. The firewall in the VM by default allows SSH access but not HTTP.
- You will probably want HTTP access to use the OpenStack web
- interface. The following command enables that. (It also enables
- every other kind of network access, so if you're concerned about
- security then you might want to find a more targeted approach.)
-
- ::
-
- $ sudo iptables -F
-
- (You need to re-run this if you reboot the VM.)
-
-7. To use OpenStack command line utilities in the tutorial, run::
-
- $ . ~/devstack/openrc admin
-
- This needs to be re-run each time you log in (but see the following
- section).
-
-DevStack preliminaries
-----------------------
-
-Before we really jump in, let's set up a couple of things in DevStack.
-This is the first real test that DevStack is working, so if you get
-errors from any of these commands, it's a sign that ``stack.sh``
-didn't finish properly, or perhaps that you didn't run the ``openrc
-admin`` command at the end of the previous instructions.
-
-If you stop and restart DevStack via ``unstack.sh`` followed by
-``stack.sh``, you have to rerun these steps.
-
-1. For SSH access to the VMs we're going to create, we'll need a SSH
- keypair. Later on, we'll get OpenStack to install this keypair
- into VMs. Create one with::
-
- $ openstack keypair create demo > ~/id_rsa_demo
- $ chmod 600 ~/id_rsa_demo
-
-2. By default, DevStack security groups drop incoming traffic, but to
- test networking in a reasonable way we need to enable it. You only
- need to actually edit one particular security group, but DevStack
- creates multiple and it's somewhat difficult to figure out which
- one is important because all of them are named "default". So, the
- following adds rules to allow SSH and ICMP traffic into **every**
- security group::
-
- $ for group in $(openstack security group list -f value -c ID); do \
- openstack security group rule create --ingress --ethertype IPv4 --dst-port 22 --protocol tcp $group; \
- openstack security group rule create --ingress --ethertype IPv4 --protocol ICMP $group; \
- done
-
-3. Later on, we're going to create some VMs and we'll need an
- operating system image to install. DevStack comes with a very
- simple image built-in, called "cirros", which works fine. We need
- to get the UUID for this image. Our later commands assume shell
- variable ``IMAGE_ID`` holds this UUID. You can set this by hand,
- e.g.::
-
- $ openstack image list
- +--------------------------------------+--------------------------+--------+
- | ID | Name | Status |
- +--------------------------------------+--------------------------+--------+
- | 77f37d2c-3d6b-4e99-a01b-1fa5d78d1fa1 | cirros-0.3.5-x86_64-disk | active |
- +--------------------------------------+--------------------------+--------+
- $ IMAGE_ID=73ca34f3-63c4-4c10-a62f-4540afc24eaa
-
- or by parsing CLI output::
-
- $ IMAGE_ID=$(openstack image list -f value -c ID)
-
- .. note::
-
- Your image ID will differ from the one above, as will every UUID
- in this tutorial. They will also change every time you run
- ``stack.sh``. The UUIDs are generated randomly.
-
-Shortening UUIDs
-----------------
-
-OpenStack, OVN, and Open vSwitch all really like UUIDs. These are
-great for uniqueness, but 36-character strings are terrible for
-readability. Statistically, just the first few characters are enough
-for uniqueness in small environments, so let's define a helper to make
-things more readable::
-
- $ abbrev() { a='[0-9a-fA-F]' b=$a$a c=$b$b; sed "s/$b-$c-$c-$c-$c$c$c//g"; }
-
-You can use this as a filter to abbreviate UUIDs. For example, use it
-to abbreviate the above image list::
-
- $ openstack image list -f yaml | abbrev
- - ID: 77f37d
- Name: cirros-0.3.5-x86_64-disk
- Status: active
-
-The command above also adds ``-f yaml`` to switch to YAML output
-format, because abbreviating UUIDs screws up the default table-based
-formatting and because YAML output doesn't produce wrap columns across
-lines and therefore is easier to cut and paste.
-
-Overview
---------
-
-Now that DevStack is ready, with OVN set up as the networking
-back-end, here's an overview of what we're going to do in the
-remainder of the demo, all via OpenStack:
-
-1. Switching: Create an OpenStack network ``n1`` and VMs ``a`` and
- ``b`` attached to it.
-
- An OpenStack network is a virtual switch; it corresponds to an OVN
- logical switch.
-
-2. Routing: Create a second OpenStack network ``n2`` and VM ``c``
- attached to it, then connect it to network ``n1`` by creating an
- OpenStack router and attaching ``n1`` and ``n2`` to it.
-
-3. Gateways: Make VMs ``a`` and ``b`` available via an external network.
-
-4. IPv6: Add IPv6 addresses to our VMs to demonstrate OVN support for
- IPv6 routing.
-
-5. ACLs: Add and modify OpenStack stateless and stateful rules in
- security groups.
-
-6. DHCP: How it works in OVN.
-
-7. Further directions: Adding more compute nodes.
-
-At each step, we will take a look at how the features in question work
-from OpenStack's Neutron networking layer at the top to the data plane
-layer at the bottom. From the highest to lowest level, these layers
-and the software components that connect them are:
-
-* OpenStack Neutron, which as the top level in the system is the
- authoritative source of the virtual network configuration.
-
- We will use OpenStack's ``openstack`` utility to observe and modify
- Neutron and other OpenStack configuration.
-
-* networking-ovn, the Neutron driver that interfaces with OVN and
- translates the internal Neutron representation of the virtual
- network into OVN's representation and pushes that representation
- down the OVN northbound database.
-
- In this tutorial it's rarely worth distinguishing Neutron from
- networking-ovn, so we usually don't break out this layer separately.
-
-* The OVN Northbound database, aka NB DB. This is an instance of
- OVSDB, a simple general-purpose database that is used for multiple
- purposes in Open vSwitch and OVN. The NB DB's schema is in terms of
- networking concepts such as switches and routers. The NB DB serves
- the purpose that in other systems might be filled by some kind of
- API; for example, in place of calling an API to create or delete a
- logical switch, networking-ovn performs these operations by
- inserting or deleting a row in the NB DB's Logical_Switch table.
-
- We will use OVN's ``ovn-nbctl`` utility to observe the NB DB. (We
- won't directly modify data at this layer or below. Because
- configuration trickles down from Neutron through the stack, the
- right way to make changes is to use the ``openstack`` utility or
- another OpenStack interface and then wait for them to percolate
- through to lower layers.)
-
-* The ovn-northd daemon, a program that runs centrally and translates
- the NB DB's network representation into the lower-level
- representation used by the OVN Southbound database in the next
- layer. The details of this daemon are usually not of interest,
- although without it OVN will not work, so this tutorial does not
- often mention it.
-
-* The OVN Southbound database, aka SB DB, which is also an OVSDB
- database. Its schema is very different from the NB DB. Instead of
- familiar networking concepts, the SB DB defines the network in terms
- of collections of match-action rules called "logical flows", which
- while similar in concept to OpenFlow flows use logical concepts, such
- as virtual machine instances, in place of physical concepts like
- physical Ethernet ports.
-
- We will use OVN's ``ovn-sbctl`` utility to observe the SB DB.
-
-* The ovn-controller daemon. A copy of ovn-controller runs on each
- hypervisor. It reads logical flows from the SB DB, translates them
- into OpenFlow flows, and sends them to Open vSwitch's ovs-vswitchd
- daemon. Like ovn-northd, usually the details of what this daemon
- are not of interest, even though it's important to the operation of
- the system.
-
-* ovs-vswitchd. This program runs on each hypervisor. It is the core
- of Open vSwitch, which processes packets according to the OpenFlow
- flows set up by ovn-controller.
-
-* Open vSwitch datapath. This is essentially a cache designed to
- accelerate packet processing. Open vSwitch includes a few different
- datapaths but OVN installations typically use one based on the Open
- vSwitch Linux kernel module.
-
-Switching
----------
-
-Switching is the basis of networking in the real world and in virtual
-networking as well. OpenStack calls its concept of a virtual switch a
-"network", and OVN calls its corresponding concept a "logical switch".
-
-In this step, we'll create an OpenStack network ``n1``, then create
-VMs ``a`` and ``b`` and attach them to ``n1``.
-
-Creating network ``n1``
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Let's start by creating the network::
-
- $ openstack network create --project admin --provider-network-type geneve n1
-
-OpenStack needs to know the subnets that a network serves. We inform
-it by creating subnet objects. To keep it simple, let's give our
-network a single subnet for the 10.1.1.0/24 network. We have to give
-it a name, in this case ``n1subnet``::
-
- $ openstack subnet create --subnet-range 10.1.1.0/24 --network n1 n1subnet
-
-If you ask Neutron to show us the available networks, we see ``n1`` as
-well as the two networks that DevStack creates by default::
-
- $ openstack network list -f yaml | abbrev
- - ID: 5b6baf
- Name: n1
- Subnets: 5e67e7
- - ID: c02c4d
- Name: private
- Subnets: d88a34, fd87f9
- - ID: d1ac28
- Name: public
- Subnets: 0b1e79, c87dc1
-
-Neutron pushes this network setup down to the OVN northbound
-database. We can use ``ovn-nbctl show`` to see an overview of what's
-in the NB DB::
-
- $ ovn-nbctl show | abbrev
- switch 5b3d5f (neutron-c02c4d) (aka private)
- port b256dd
- type: router
- router-port: lrp-b256dd
- port f264e7
- type: router
- router-port: lrp-f264e7
- switch 2579f4 (neutron-d1ac28) (aka public)
- port provnet-d1ac28
- type: localnet
- addresses: ["unknown"]
- port ae9b52
- type: router
- router-port: lrp-ae9b52
- switch 3eb263 (neutron-5b6baf) (aka n1)
- router c59ad2 (neutron-9b057f) (aka router1)
- port lrp-ae9b52
- mac: "fa:16:3e:b2:d2:67"
- networks: ["172.24.4.9/24", "2001:db8::b/64"]
- port lrp-b256dd
- mac: "fa:16:3e:35:33:db"
- networks: ["fdb0:5860:4ba8::1/64"]
- port lrp-f264e7
- mac: "fa:16:3e:fc:c8:da"
- networks: ["10.0.0.1/26"]
- nat 80914c
- external ip: "172.24.4.9"
- logical ip: "10.0.0.0/26"
- type: "snat"
-
-This output shows that OVN has three logical switches, each of which
-corresponds to a Neutron network, and a logical router that
-corresponds to the Neutron router that DevStack creates by default.
-The logical switch that corresponds to our new network ``n1`` has no
-ports yet, because we haven't added any. The ``public`` and
-``private`` networks that DevStack creates by default have router
-ports that connect to the logical router.
-
-Using ovn-northd, OVN translates the NB DB's high-level switch and
-router concepts into lower-level concepts of "logical datapaths" and
-logical flows. There's one logical datapath for each logical switch
-or router::
-
- $ ovn-sbctl list datapath_binding | abbrev
- _uuid : 0ad69d
- external_ids : {logical-switch="5b3d5f", name="neutron-c02c4d", "name2"=private}
- tunnel_key : 1
-
- _uuid : a8a758
- external_ids : {logical-switch="3eb263", name="neutron-5b6baf", "name2"="n1"}
- tunnel_key : 4
-
- _uuid : 191256
- external_ids : {logical-switch="2579f4", name="neutron-d1ac28", "name2"=public}
- tunnel_key : 3
-
- _uuid : b87bec
- external_ids : {logical-router="c59ad2", name="neutron-9b057f", "name2"="router1"}
- tunnel_key : 2
-
-This output lists the NB DB UUIDs in external_ids:logical-switch and
-Neutron UUIDs in externals_ids:uuid. We can dive in deeper by viewing
-the OVN logical flows that implement a logical switch. Our new
-logical switch is a simple and almost pathological example given that
-it doesn't yet have any ports attached to it. We'll look at the
-details a bit later::
-
- $ ovn-sbctl lflow-list n1 | abbrev
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: ingress
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;)
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;)
- ...
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: egress
- table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;)
- table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
- ...
-
-We have one hypervisor (aka "compute node", in OpenStack parlance),
-which is the one where we're running all these commands. On this
-hypervisor, ovn-controller is translating OVN logical flows into
-OpenFlow flows ("physical flows"). It makes sense to go deeper, to
-see the OpenFlow flows that get generated from this datapath. By
-adding ``--ovs`` to the ``ovn-sbctl`` command, we can see OpenFlow
-flows listed just below their logical flows. We also need to use
-``sudo`` because connecting to Open vSwitch is privileged. Go ahead
-and try it::
-
- $ sudo ovn-sbctl --ovs lflow-list n1 | abbrev
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: ingress
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;)
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;)
- ...
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: egress
- table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;)
- table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
- ...
-
-You were probably disappointed: the output didn't change, and no
-OpenFlow flows were printed. That's because no OpenFlow flows are
-installed for this logical datapath, which in turn is because there
-are no VIFs for this logical datapath on the local hypervisor. For a
-better example, you can try ``ovn-sbctl --ovs`` on one of the other
-logical datapaths.
-
-Attaching VMs
-~~~~~~~~~~~~~
-
-A switch without any ports is not very interesting. Let's create a
-couple of VMs and attach them to the switch. Run the following
-commands, which create VMs named ``a`` and ``b`` and attaches them to
-our network ``n1`` with IP addresses 10.1.1.5 and 10.1.1.6,
-respectively. It is not actually necessary to manually assign IP
-address assignments, since OpenStack is perfectly happy to assign them
-itself from the subnet's IP address range, but predictable addresses
-are useful for our discussion::
-
- $ openstack server create --nic net-id=n1,v4-fixed-ip=10.1.1.5 --flavor m1.nano --image $IMAGE_ID --key-name demo a
- $ openstack server create --nic net-id=n1,v4-fixed-ip=10.1.1.6 --flavor m1.nano --image $IMAGE_ID --key-name demo b
-
-These commands return before the VMs are really finished being built.
-You can run ``openstack server list`` a few times until each of them
-is shown in the state ACTIVE, which means that they're not just built
-but already running on the local hypervisor.
-
-These operations had the side effect of creating separate "port"
-objects, but without giving those ports any easy-to-read names. It'll
-be easier to deal with them later if we can refer to them by name, so
-let's name ``a``'s port ``ap`` and ``b``'s port ``bp``::
-
- $ openstack port set --name ap $(openstack port list --server a -f value -c ID)
- $ openstack port set --name bp $(openstack port list --server b -f value -c ID)
-
-We'll need to refer to these ports' MAC addresses a few times, so
-let's put them in variables::
-
- $ AP_MAC=$(openstack port show -f value -c mac_address ap)
- $ BP_MAC=$(openstack port show -f value -c mac_address bp)
-
-At this point you can log into the consoles of the VMs if you like.
-You can do that from the OpenStack web interface or get a direct URL
-to paste into a web browser using a command like::
-
- $ openstack console url show -f yaml a
-
-(The option ``-f yaml`` keeps the URL in the output from being broken
-into noncontiguous pieces on a 80-column console.)
-
-The VMs don't have many tools in them but ``ping`` and ``ssh`` from
-one to the other should work fine. The VMs do not have any external
-network access or DNS configuration.
-
-Let's chase down what's changed in OVN. Start with the NB DB at the
-top of the system. It's clear that our logical switch now has the two
-logical ports attached to it::
-
- $ ovn-nbctl show | abbrev
- ...
- switch 3eb263 (neutron-5b6baf) (aka n1)
- port c29d41 (aka bp)
- addresses: ["fa:16:3e:99:7a:17 10.1.1.6"]
- port 820c08 (aka ap)
- addresses: ["fa:16:3e:a9:4c:c7 10.1.1.5"]
- ...
-
-We can get some more details on each of these by looking at their NB
-DB records in the Logical_Switch_Port table. Each port has addressing
-information, port security enabled, and a pointer to DHCP
-configuration (which we'll look at much later in `DHCP`_)::
-
- $ ovn-nbctl list logical_switch_port ap bp | abbrev
- _uuid : ef17e5
- addresses : ["fa:16:3e:a9:4c:c7 10.1.1.5"]
- dhcpv4_options : 165974
- dhcpv6_options : []
- dynamic_addresses : []
- enabled : true
- external_ids : {"neutron:port_name"=ap}
- name : "820c08"
- options : {}
- parent_name : []
- port_security : ["fa:16:3e:a9:4c:c7 10.1.1.5"]
- tag : []
- tag_request : []
- type : ""
- up : true
-
- _uuid : e8af12
- addresses : ["fa:16:3e:99:7a:17 10.1.1.6"]
- dhcpv4_options : 165974
- dhcpv6_options : []
- dynamic_addresses : []
- enabled : true
- external_ids : {"neutron:port_name"=bp}
- name : "c29d41"
- options : {}
- parent_name : []
- port_security : ["fa:16:3e:99:7a:17 10.1.1.6"]
- tag : []
- tag_request : []
- type : ""
- up : true
-
-Now that the logical switch is less pathological, it's worth taking
-another look at the SB DB logical flow table. Try a command like
-this::
-
- $ ovn-sbctl lflow-list n1 | abbrev | less -S
-
-and then glance through the flows. Packets that egress a VM into the
-logical switch travel through the flow table's ingress pipeline
-starting from table 0. At each table, the switch finds the
-highest-priority logical flow that matches and executes its actions,
-or if there's no matching flow then the packet is dropped. The
-``ovn-sb``\(5) manpage gives all the details, but with a little
-thought it's possible to guess a lot without reading the manpage. For
-example, consider the flows in ingress pipeline table 0, which are the
-first flows encountered by a packet traversing the switch::
-
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;)
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;)
- table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "820c08" && eth.src == {fa:16:3e:a9:4c:c7}), action=(next;)
- table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "c29d41" && eth.src == {fa:16:3e:99:7a:17}), action=(next;)
-
-The first two flows, with priority 100, immediately drop two kinds of
-invalid packets: those with a multicast or broadcast Ethernet source
-address (since multicast is only for packet destinations) and those
-with a VLAN tag (because OVN doesn't yet support VLAN tags inside
-logical networks). The next two flows implement L2 port security:
-they advance to the next table for packets with the correct Ethernet
-source addresses for their ingress ports. A packet that does not
-match any flow is implicitly dropped, so there's no need for flows to
-deal with mismatches.
-
-The logical flow table includes many other flows, some of which we
-will look at later. For now, it's most worth looking at ingress table
-13::
-
- table=13(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = "_MC_flood"; output;)
- table=13(ls_in_l2_lkup ), priority=50 , match=(eth.dst == fa:16:3e:99:7a:17), action=(outport = "c29d41"; output;)
- table=13(ls_in_l2_lkup ), priority=50 , match=(eth.dst == fa:16:3e:a9:4c:c7), action=(outport = "820c08"; output;)
-
-The first flow in table 13 checks whether the packet is an Ethernet
-multicast or broadcast and, if so, outputs it to a special port that
-egresses to every logical port (other than the ingress port).
-Otherwise the packet is output to the port corresponding to its
-Ethernet destination address. Packets addressed to any other Ethernet
-destination are implicitly dropped.
-
-(It's common for an OVN logical switch to know all the MAC addresses
-supported by its logical ports, like this one. That's why there's no
-logic here for MAC learning or flooding packets to unknown MAC
-addresses. OVN does support unknown MAC handling but that's not in
-play in our example.)
-
-.. note::
-
- If you're interested in the details for the multicast group, you can
- run a command like the following and then look at the row for the
- correct datapath::
-
- $ ovn-sbctl find multicast_group name=_MC_flood | abbrev
-
-Now if you want to look at the OpenFlow flows, you can actually see
-them. For example, here's the beginning of the output that lists the
-first four logical flows, which we already looked at above, and their
-corresponding OpenFlow flows. If you want to know more about the
-syntax, the ``ovs-fields``\(7) manpage explains OpenFlow matches and
-``ovs-ofctl``\(8) explains OpenFlow actions::
-
- $ sudo ovn-sbctl --ovs lflow-list n1 | abbrev
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: ingress
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;)
- table=8 metadata=0x4,dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
- table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;)
- table=8 metadata=0x4,vlan_tci=0x1000/0x1000 actions=drop
- table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "820c08" && eth.src == {fa:16:3e:a9:4c:c7}), action=(next;)
- table=8 reg14=0x1,metadata=0x4,dl_src=fa:16:3e:a9:4c:c7 actions=resubmit(,9)
- table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "c29d41" && eth.src == {fa:16:3e:99:7a:17}), action=(next;)
- table=8 reg14=0x2,metadata=0x4,dl_src=fa:16:3e:99:7a:17 actions=resubmit(,9)
- ...
-
-Logical Tracing
-+++++++++++++++
-
-Let's go a level deeper. So far, everything we've done has been
-fairly general. We can also look at something more specific: the path
-that a particular packet would take through OVN, logically, and Open
-vSwitch, physically.
-
-Let's use OVN's ovn-trace utility to see what happens to packets from
-a logical point of view. The ``ovn-trace``\(8) manpage has a lot of
-detail on how to do that, but let's just start by building up from a
-simple example. You can start with a command that just specifies the
-logical datapath, an input port, and nothing else; unspecified fields
-default to all-zeros. This doesn't do much::
-
- $ ovn-trace n1 'inport == "ap"'
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2: no match (implicit drop)
-
-We see that the packet was dropped in logical table 0,
-"ls_in_port_sec_l2", the L2 port security stage (as we discussed
-earlier). That's because we didn't use the right Ethernet source
-address for ``a``. Let's see what happens if we do::
-
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "ap" && eth.src == {fa:16:3e:a9:4c:c7}, priority 50, uuid 6dcc418a
- next;
- 13. ls_in_l2_lkup: no match (implicit drop)
-
-Now the packet passes through L2 port security and skips through
-several other tables until it gets dropped in the L2 lookup stage
-(because the destination is unknown). Let's add the Ethernet
-destination for ``b``::
-
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$BP_MAC
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "ap" && eth.src == {fa:16:3e:a9:4c:c7}, priority 50, uuid 6dcc418a
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:99:7a:17, priority 50, uuid 57a4c46f
- outport = "bp";
- output;
-
- egress(dp="n1", inport="ap", outport="bp")
- ------------------------------------------
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "bp" && eth.dst == {fa:16:3e:99:7a:17}, priority 50, uuid 8aa6426d
- output;
- /* output to "bp", type "" */
-
-You can see that in this case the packet gets properly switched from
-``a`` to ``b``.
-
-Physical Tracing for Hypothetical Packets
-+++++++++++++++++++++++++++++++++++++++++
-
-ovn-trace showed us how a hypothetical packet would travel through the
-system in a logical fashion, that is, without regard to how VMs are
-distributed across the physical network. This is a convenient
-representation for understanding how OVN is **supposed** to work
-abstractly, but sometimes we might want to know more about how it
-actually works in the real systems where it is running. For this, we
-can use the tracing tool that Open vSwitch provides, which traces
-a hypothetical packet through the OpenFlow tables.
-
-We can actually get two levels of detail. Let's start with the
-version that's easier to interpret, by physically tracing a packet
-that looks like the one we logically traced before. One obstacle is
-that we need to know the OpenFlow port number of the input port. One
-way to do that is to look for a port whose "attached-mac" is the one
-we expect and print its ofport number::
-
- $ AP_PORT=$(ovs-vsctl --bare --columns=ofport find interface external-ids:attached-mac=\"$AP_MAC\")
- $ echo $AP_PORT
- 3
-
-(You could also just do a plain ``ovs-vsctl list interface`` and then
-look through for the right row and pick its ``ofport`` value.)
-
-Now we can feed this input port number into ``ovs-appctl
-ofproto/trace`` along with the correct Ethernet source and
-destination addresses and get a physical trace::
-
- $ sudo ovs-appctl ofproto/trace br-int in_port=$AP_PORT,dl_src=$AP_MAC,dl_dst=$BP_MAC
- Flow: in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:a9:4c:c7,dl_dst=fa:16:3e:99:7a:17,dl_type=0x0000
-
- bridge("br-int")
- ----------------
- 0. in_port=3, priority 100
- set_field:0x8->reg13
- set_field:0x9->reg11
- set_field:0xa->reg12
- set_field:0x4->metadata
- set_field:0x1->reg14
- resubmit(,8)
- 8. reg14=0x1,metadata=0x4,dl_src=fa:16:3e:a9:4c:c7, priority 50, cookie 0x6dcc418a
- resubmit(,9)
- 9. metadata=0x4, priority 0, cookie 0x8fe8689e
- resubmit(,10)
- 10. metadata=0x4, priority 0, cookie 0x719549d1
- resubmit(,11)
- 11. metadata=0x4, priority 0, cookie 0x39c99e6f
- resubmit(,12)
- 12. metadata=0x4, priority 0, cookie 0x838152a3
- resubmit(,13)
- 13. metadata=0x4, priority 0, cookie 0x918259e3
- resubmit(,14)
- 14. metadata=0x4, priority 0, cookie 0xcad14db2
- resubmit(,15)
- 15. metadata=0x4, priority 0, cookie 0x7834d912
- resubmit(,16)
- 16. metadata=0x4, priority 0, cookie 0x87745210
- resubmit(,17)
- 17. metadata=0x4, priority 0, cookie 0x34951929
- resubmit(,18)
- 18. metadata=0x4, priority 0, cookie 0xd7a8c9fb
- resubmit(,19)
- 19. metadata=0x4, priority 0, cookie 0xd02e9578
- resubmit(,20)
- 20. metadata=0x4, priority 0, cookie 0x42d35507
- resubmit(,21)
- 21. metadata=0x4,dl_dst=fa:16:3e:99:7a:17, priority 50, cookie 0x57a4c46f
- set_field:0x2->reg15
- resubmit(,32)
- 32. priority 0
- resubmit(,33)
- 33. reg15=0x2,metadata=0x4, priority 100
- set_field:0xb->reg13
- set_field:0x9->reg11
- set_field:0xa->reg12
- resubmit(,34)
- 34. priority 0
- set_field:0->reg0
- set_field:0->reg1
- set_field:0->reg2
- set_field:0->reg3
- set_field:0->reg4
- set_field:0->reg5
- set_field:0->reg6
- set_field:0->reg7
- set_field:0->reg8
- set_field:0->reg9
- resubmit(,40)
- 40. metadata=0x4, priority 0, cookie 0xde9f3899
- resubmit(,41)
- 41. metadata=0x4, priority 0, cookie 0x74074eff
- resubmit(,42)
- 42. metadata=0x4, priority 0, cookie 0x7789c8b1
- resubmit(,43)
- 43. metadata=0x4, priority 0, cookie 0xa6b002c0
- resubmit(,44)
- 44. metadata=0x4, priority 0, cookie 0xaeab2b45
- resubmit(,45)
- 45. metadata=0x4, priority 0, cookie 0x290cc4d4
- resubmit(,46)
- 46. metadata=0x4, priority 0, cookie 0xa3223b88
- resubmit(,47)
- 47. metadata=0x4, priority 0, cookie 0x7ac2132e
- resubmit(,48)
- 48. reg15=0x2,metadata=0x4,dl_dst=fa:16:3e:99:7a:17, priority 50, cookie 0x8aa6426d
- resubmit(,64)
- 64. priority 0
- resubmit(,65)
- 65. reg15=0x2,metadata=0x4, priority 100
- output:4
-
- Final flow: reg11=0x9,reg12=0xa,reg13=0xb,reg14=0x1,reg15=0x2,metadata=0x4,in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:a9:4c:c7,dl_dst=fa:16:3e:99:7a:17,dl_type=0x0000
- Megaflow: recirc_id=0,ct_state=-new-est-rel-rpl-inv-trk,ct_label=0/0x1,in_port=3,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:a9:4c:c7,dl_dst=fa:16:3e:99:7a:17,dl_type=0x0000
- Datapath actions: 4
-
-There's a lot there, which you can read through if you like, but the
-important part is::
-
- 65. reg15=0x2,metadata=0x4, priority 100
- output:4
-
-which means that the packet is ultimately being output to OpenFlow
-port 4. That's port ``b``, which you can confirm with::
-
- $ sudo ovs-vsctl find interface ofport=4
- _uuid : 840a5aca-ea8d-4c16-a11b-a94e0f408091
- admin_state : up
- bfd : {}
- bfd_status : {}
- cfm_fault : []
- cfm_fault_status : []
- cfm_flap_count : []
- cfm_health : []
- cfm_mpid : []
- cfm_remote_mpids : []
- cfm_remote_opstate : []
- duplex : full
- error : []
- external_ids : {attached-mac="fa:16:3e:99:7a:17", iface-id="c29d4120-20a4-4c44-bd83-8d91f5f447fd", iface-status=active, vm-id="2db969ca-ca2a-4d9a-b49e-f287d39c5645"}
- ifindex : 9
- ingress_policing_burst: 0
- ingress_policing_rate: 0
- lacp_current : []
- link_resets : 1
- link_speed : 10000000
- link_state : up
- lldp : {}
- mac : []
- mac_in_use : "fe:16:3e:99:7a:17"
- mtu : 1500
- mtu_request : []
- name : "tapc29d4120-20"
- ofport : 4
- ofport_request : []
- options : {}
- other_config : {}
- statistics : {collisions=0, rx_bytes=4254, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=39, tx_bytes=4188, tx_dropped=0, tx_errors=0, tx_packets=39}
- status : {driver_name=tun, driver_version="1.6", firmware_version=""}
- type : ""
-
-or::
-
- $ BP_PORT=$(ovs-vsctl --bare --columns=ofport find interface external-ids:attached-mac=\"$BP_MAC\")
- $ echo $BP_PORT
- 4
-
-Physical Tracing for Real Packets
-+++++++++++++++++++++++++++++++++
-
-In the previous sections we traced a hypothetical L2 packet, one
-that's honestly not very realistic: we didn't even supply an Ethernet
-type, so it defaulted to zero, which isn't anything one would see on a
-real network. We could refine our packet so that it becomes a more
-realistic TCP or UDP or ICMP, etc. packet, but let's try a different
-approach: working from a real packet.
-
-Pull up a console for VM ``a`` and start ``ping 10.1.1.6``, then leave
-it running for the rest of our experiment.
-
-Now go back to your DevStack session and run::
-
- $ sudo watch ovs-dpctl dump-flows
-
-We're working with a new program. ovn-dpctl is an interface to Open
-vSwitch datapaths, in this case to the Linux kernel datapath. Its
-``dump-flows`` command displays the contents of the in-kernel flow
-cache, and by running it under the ``watch`` program we see a new
-snapshot of the flow table every 2 seconds.
-
-Look through the output for a flow that begins with ``recirc_id(0)``
-and matches the Ethernet source address for ``a``. There is one flow
-per line, but the lines are very long, so it's easier to read if you
-make the window very wide. This flow's packet counter should be
-increasing at a rate of 1 packet per second. It looks something like
-this::
-
- recirc_id(0),in_port(3),eth(src=fa:16:3e:f5:2a:90),eth_type(0x0800),ipv4(src=10.1.1.5,frag=no), packets:388, bytes:38024, used:0.977s, actions:ct(zone=8),recirc(0x18)
-
-We can hand the first part of this (everything up to the first space)
-to ``ofproto/trace``, and it will tell us what happens::
-
- $ sudo ovs-appctl ofproto/trace 'recirc_id(0),in_port(3),eth(src=fa:16:3e:a9:4c:c7),eth_type(0x0800),ipv4(src=10.1.1.5,dst=10.1.0.0/255.255.0.0,frag=no)'
- Flow: ip,in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:a9:4c:c7,dl_dst=00:00:00:00:00:00,nw_src=10.1.1.5,nw_dst=10.1.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
-
- bridge("br-int")
- ----------------
- 0. in_port=3, priority 100
- set_field:0x8->reg13
- set_field:0x9->reg11
- set_field:0xa->reg12
- set_field:0x4->metadata
- set_field:0x1->reg14
- resubmit(,8)
- 8. reg14=0x1,metadata=0x4,dl_src=fa:16:3e:a9:4c:c7, priority 50, cookie 0x6dcc418a
- resubmit(,9)
- 9. ip,reg14=0x1,metadata=0x4,dl_src=fa:16:3e:a9:4c:c7,nw_src=10.1.1.5, priority 90, cookie 0x343af48c
- resubmit(,10)
- 10. metadata=0x4, priority 0, cookie 0x719549d1
- resubmit(,11)
- 11. ip,metadata=0x4, priority 100, cookie 0x46c089e6
- load:0x1->NXM_NX_XXREG0[96]
- resubmit(,12)
- 12. metadata=0x4, priority 0, cookie 0x838152a3
- resubmit(,13)
- 13. ip,reg0=0x1/0x1,metadata=0x4, priority 100, cookie 0xd1941634
- ct(table=22,zone=NXM_NX_REG13[0..15])
- drop
-
- Final flow: ip,reg0=0x1,reg11=0x9,reg12=0xa,reg13=0x8,reg14=0x1,metadata=0x4,in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:a9:4c:c7,dl_dst=00:00:00:00:00:00,nw_src=10.1.1.5,nw_dst=10.1.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
- Megaflow: recirc_id=0,ip,in_port=3,vlan_tci=0x0000/0x1000,dl_src=fa:16:3e:a9:4c:c7,nw_src=10.1.1.5,nw_dst=10.1.0.0/16,nw_frag=no
- Datapath actions: ct(zone=8),recirc(0xb)
-
-.. note::
- Be careful cutting and pasting ``ovs-dpctl dump-flows`` output into
- ``ofproto/trace`` because the latter has terrible error reporting.
- If you add an extra line break, etc., it will likely give you a
- useless error message.
-
-There's no ``output`` action in the output, but there are ``ct`` and
-``recirc`` actions (which you can see in the ``Datapath actions`` at
-the end). The ``ct`` action tells the kernel to pass the packet
-through the kernel connection tracking for firewalling purposes and
-the ``recirc`` says to go back to the flow cache for another pass
-based on the firewall results. The ``0xb`` value inside the
-``recirc`` gives us a hint to look at the kernel flows for a cached
-flow with ``recirc_id(0xb)``. Indeed, there is one::
-
- recirc_id(0xb),in_port(3),ct_state(-new+est-rel-rpl-inv+trk),ct_label(0/0x1),eth(src=fa:16:3e:a9:4c:c7,dst=fa:16:3e:99:7a:17),eth_type(0x0800),ipv4(dst=10.1.1.4/255.255.255.252,frag=no), packets:171, bytes:16758, used:0.271s, actions:ct(zone=11),recirc(0xc)
-
-We can then repeat our command with the match part of this kernel
-flow::
-
- $ sudo ovs-appctl ofproto/trace 'recirc_id(0xb),in_port(3),ct_state(-new+est-rel-rpl-inv+trk),ct_label(0/0x1),eth(src=fa:16:3e:a9:4c:c7,dst=fa:16:3e:99:7a:17),eth_type(0x0800),ipv4(dst=10.1.1.4/255.255.255.252,frag=no)'
- ...
- Datapath actions: ct(zone=11),recirc(0xc)
-
-In other words, the flow passes through the connection tracker a
-second time. The first time was for ``a``'s outgoing firewall; this
-second time is for ``b``'s incoming firewall. Again, we continue
-tracing with ``recirc_id(0xc)``::
-
- $ sudo ovs-appctl ofproto/trace 'recirc_id(0xc),in_port(3),ct_state(-new+est-rel-rpl-inv+trk),ct_label(0/0x1),eth(src=fa:16:3e:a9:4c:c7,dst=fa:16:3e:99:7a:17),eth_type(0x0800),ipv4(dst=10.1.1.6,proto=1,frag=no)'
- ...
- Datapath actions: 4
-
-It was took multiple hops, but we finally came to the end of the line
-where the packet was output to ``b`` after passing through both
-firewalls. The port number here is a datapath port number, which is
-usually different from an OpenFlow port number. To check that it is
-``b``'s port, we first list the datapath ports to get the name
-corresponding to the port number::
-
- $ sudo ovs-dpctl show
- system@ovs-system:
- lookups: hit:1994 missed:56 lost:0
- flows: 6
- masks: hit:2340 total:4 hit/pkt:1.14
- port 0: ovs-system (internal)
- port 1: br-int (internal)
- port 2: br-ex (internal)
- port 3: tap820c0888-13
- port 4: tapc29d4120-20
-
-and then confirm that this is the port we think it is with a command
-like this::
-
- $ ovs-vsctl --columns=external-ids list interface tapc29d4120-20
- external_ids : {attached-mac="fa:16:3e:99:7a:17", iface-id="c29d4120-20a4-4c44-bd83-8d91f5f447fd", iface-status=active, vm-id="2db969ca-ca2a-4d9a-b49e-f287d39c5645"}
-
-Finally, we can relate the OpenFlow flows from our traces back to OVN
-logical flows. For individual flows, cut and paste a "cookie" value
-from ``ofproto/trace`` output into ``ovn-sbctl lflow-list``, e.g.::
-
- $ ovn-sbctl lflow-list 0x6dcc418a|abbrev
- Datapath: "neutron-5b6baf" aka "n1" (a8a758) Pipeline: ingress
- table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "820c08" && eth.src == {fa:16:3e:a9:4c:c7}), action=(next;)
-
-Or, you can pipe ``ofproto/trace`` output through ``ovn-detrace`` to
-annotate every flow::
-
- $ sudo ovs-appctl ofproto/trace 'recirc_id(0xc),in_port(3),ct_state(-new+est-rel-rpl-inv+trk),ct_label(0/0x1),eth(src=fa:16:3e:a9:4c:c7,dst=fa:16:3e:99:7a:17),eth_type(0x0800),ipv4(dst=10.1.1.6,proto=1,frag=no)' | ovn-detrace
- ...
-
-Routing
--------
-
-Previously we set up a pair of VMs ``a`` and ``b`` on a network ``n1``
-and demonstrated how packets make their way between them. In this
-step, we'll set up a second network ``n2`` with a new VM ``c``,
-connect a router ``r`` to both networks, and demonstrate how routing
-works in OVN.
-
-There's nothing really new for the network and the VM so let's just go
-ahead and create them::
-
- $ openstack network create --project admin --provider-network-type geneve n2
- $ openstack subnet create --subnet-range 10.1.2.0/24 --network n2 n2subnet
- $ openstack server create --nic net-id=n2,v4-fixed-ip=10.1.2.7 --flavor m1.nano --image $IMAGE_ID --key-name demo c
- $ openstack port set --name cp $(openstack port list --server c -f value -c ID)
- $ CP_MAC=$(openstack port show -f value -c mac_address cp)
-
-The new network ``n2`` is not yet connected to ``n1`` in any way. You
-can try tracing a broadcast packet from ``a`` to see, for example,
-that it doesn't make it to ``c``::
-
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$CP_MAC
- ...
-
-Now create an OpenStack router and connect it to ``n1`` and ``n2``::
-
- $ openstack router create r
- $ openstack router add subnet r n1subnet
- $ openstack router add subnet r n2subnet
-
-Now ``a``, ``b``, and ``c`` should all be able to reach other. You
-can get some verification that routing is taking place by running you
-``ping`` between ``c`` and one of the other VMs: the reported TTL
-should be one less than between ``a`` and ``b`` (63 instead of 64).
-
-Observe via ``ovn-nbctl`` the new OVN logical switch and router and
-then ports that connect them together::
-
- $ ovn-nbctl show|abbrev
- ...
- switch f51234 (neutron-332346) (aka n2)
- port 82b983
- type: router
- router-port: lrp-82b983
- port 2e585f (aka cp)
- addresses: ["fa:16:3e:89:f2:36 10.1.2.7"]
- switch 3eb263 (neutron-5b6baf) (aka n1)
- port c29d41 (aka bp)
- addresses: ["fa:16:3e:99:7a:17 10.1.1.6"]
- port 820c08 (aka ap)
- addresses: ["fa:16:3e:a9:4c:c7 10.1.1.5"]
- port 17d870
- type: router
- router-port: lrp-17d870
- ...
- router dde06c (neutron-f88ebc) (aka r)
- port lrp-82b983
- mac: "fa:16:3e:19:9f:46"
- networks: ["10.1.2.1/24"]
- port lrp-17d870
- mac: "fa:16:3e:f6:e2:8f"
- networks: ["10.1.1.1/24"]
-
-We have not yet looked at the logical flows for an OVN logical router.
-You might find it of interest to look at them on your own::
-
- $ ovn-sbctl lflow-list r | abbrev | less -S
- ...
-
-Let's grab the ``n1subnet`` router porter MAC address to simplify
-later commands::
-
- $ N1SUBNET_MAC=$(ovn-nbctl --bare --columns=mac find logical_router_port networks=10.1.1.1/24)
-
-Let's see what happens at the logical flow level for an ICMP packet
-from ``a`` to ``c``. This generates a long trace but an interesting
-one, so we'll look at it bit by bit. The first three stanzas in the
-output show the packet's ingress into ``n1`` and processing through
-the firewall on that side (via the "ct_next" connection-tracking
-action), and then the selection of the port that leads to router ``r``
-as the output port::
-
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$N1SUBNET_MAC' && ip4.src == 10.1.1.5 && ip4.dst == 10.1.2.7 && ip.ttl == 64 && icmp4.type == 8'
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "ap" && eth.src == {fa:16:3e:a9:4c:c7}, priority 50, uuid 6dcc418a
- next;
- 1. ls_in_port_sec_ip (ovn-northd.c:2364): inport == "ap" && eth.src == fa:16:3e:a9:4c:c7 && ip4.src == {10.1.1.5}, priority 90, uuid 343af48c
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2646): ip, priority 100, uuid 46c089e6
- reg0[0] = 1;
- next;
- 5. ls_in_pre_stateful (ovn-northd.c:2764): reg0[0] == 1, priority 100, uuid d1941634
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == "ap" && ip4), priority 2002, uuid a12b39f0
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:f6:e2:8f, priority 50, uuid c43ead31
- outport = "17d870";
- output;
-
- egress(dp="n1", inport="ap", outport="17d870")
- ----------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2626): ip && outport == "17d870", priority 110, uuid 60395450
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "17d870", priority 50, uuid 91b5cab0
- output;
- /* output to "17d870", type "patch" */
-
-The next two stanzas represent processing through logical router
-``r``. The processing in table 5 is the core of the routing
-implementation: it recognizes that the packet is destined for an
-attached subnet, decrements the TTL and updates the Ethernet source
-address. Table 6 then selects the Ethernet destination address based
-on the IP destination. The packet then passes to switch ``n2`` via an
-OVN "logical patch port"::
-
- ingress(dp="r", inport="lrp-17d870")
- ------------------------------------
- 0. lr_in_admission (ovn-northd.c:4071): eth.dst == fa:16:3e:f6:e2:8f && inport == "lrp-17d870", priority 50, uuid fa5270b0
- next;
- 5. lr_in_ip_routing (ovn-northd.c:3782): ip4.dst == 10.1.2.0/24, priority 49, uuid 5f9d469f
- ip.ttl--;
- reg0 = ip4.dst;
- reg1 = 10.1.2.1;
- eth.src = fa:16:3e:19:9f:46;
- outport = "lrp-82b983";
- flags.loopback = 1;
- next;
- 6. lr_in_arp_resolve (ovn-northd.c:5088): outport == "lrp-82b983" && reg0 == 10.1.2.7, priority 100, uuid 03d506d3
- eth.dst = fa:16:3e:89:f2:36;
- next;
- 8. lr_in_arp_request (ovn-northd.c:5260): 1, priority 0, uuid 6dacdd82
- output;
-
- egress(dp="r", inport="lrp-17d870", outport="lrp-82b983")
- ---------------------------------------------------------
- 3. lr_out_delivery (ovn-northd.c:5288): outport == "lrp-82b983", priority 100, uuid 00bea4f2
- output;
- /* output to "lrp-82b983", type "patch" */
-
-Finally the logical switch for ``n2`` runs through the same logic as
-``n1`` and the packet is delivered to VM ``c``::
-
- ingress(dp="n2", inport="82b983")
- ---------------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "82b983", priority 50, uuid 9a789e06
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2624): ip && inport == "82b983", priority 110, uuid ab52f21a
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:89:f2:36, priority 50, uuid dcafb3e9
- outport = "cp";
- output;
-
- egress(dp="n2", inport="82b983", outport="cp")
- ----------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2648): ip, priority 100, uuid cd9cfa74
- reg0[0] = 1;
- next;
- 2. ls_out_pre_stateful (ovn-northd.c:2766): reg0[0] == 1, priority 100, uuid 9e8e22c5
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (outport == "cp" && ip4 && ip4.src == $as_ip4_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid a746fa0d
- next;
- 7. ls_out_port_sec_ip (ovn-northd.c:2364): outport == "cp" && eth.dst == fa:16:3e:89:f2:36 && ip4.dst == {255.255.255.255, 224.0.0.0/4, 10.1.2.7}, priority 90, uuid 4d9862b5
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "cp" && eth.dst == {fa:16:3e:89:f2:36}, priority 50, uuid 0242cdc3
- output;
- /* output to "cp", type "" */
-
-Physical Tracing
-~~~~~~~~~~~~~~~~
-
-It's possible to use ``ofproto/trace``, just as before, to trace a
-packet through OpenFlow tables, either for a hypothetical packet or
-one that you get from a real test case using ``ovs-dpctl``. The
-process is just the same as before and the output is almost the same,
-too. Using a router doesn't actually introduce any interesting new
-wrinkles, so we'll skip over this for this case and for the remainder
-of the tutorial, but you can follow the steps on your own if you like.
-
-Adding a Gateway
-----------------
-
-The VMs that we've created can access each other but they are isolated
-from the physical world. In OpenStack, the dominant way to connect a
-VM to external networks is by creating what is called a "floating IP
-address", which uses network address translation to connect an
-external address to an internal one.
-
-DevStack created a pair of networks named "private" and "public". To
-use a floating IP address from a VM, we first add a port to the VM
-with an IP address from the "private" network, then we create a
-floating IP address on the "public" network, then we associate the
-port with the floating IP address.
-
-Let's add a new VM ``d`` with a floating IP::
-
- $ openstack server create --nic net-id=private --flavor m1.nano --image $IMAGE_ID --key-name demo d
- $ openstack port set --name dp $(openstack port list --server d -f value -c ID)
- $ DP_MAC=$(openstack port show -f value -c mac_address dp)
- $ openstack floating ip create --floating-ip-address 172.24.4.8 public
- $ openstack server add floating ip d 172.24.4.8
-
-(We specified a particular floating IP address to make the examples
-easier to follow, but without that OpenStack will automatically
-allocate one.)
-
-It's also necessary to configure the "public" network because DevStack
-does not do it automatically::
-
- $ sudo ip link set br-ex up
- $ sudo ip route add 172.24.4.0/24 dev br-ex
- $ sudo ip addr add 172.24.4.1/24 dev br-ex
-
-Now you should be able to "ping" VM ``d`` from the OpenStack host::
-
- $ ping 172.24.4.8
- PING 172.24.4.8 (172.24.4.8) 56(84) bytes of data.
- 64 bytes from 172.24.4.8: icmp_seq=1 ttl=63 time=56.0 ms
- 64 bytes from 172.24.4.8: icmp_seq=2 ttl=63 time=1.44 ms
- 64 bytes from 172.24.4.8: icmp_seq=3 ttl=63 time=1.04 ms
- 64 bytes from 172.24.4.8: icmp_seq=4 ttl=63 time=0.403 ms
- ^C
- --- 172.24.4.8 ping statistics ---
- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms
- rtt min/avg/max/mdev = 0.403/14.731/56.028/23.845 ms
-
-You can also SSH in with the key that we created during setup::
-
- $ ssh -i ~/id_rsa_demo cirros@172.24.4.8
-
-Let's dive in and see how this gets implemented in OVN. First, the
-relevant parts of the NB DB for the "public" and "private" networks
-and the router between them::
-
- $ ovn-nbctl show | abbrev
- switch 2579f4 (neutron-d1ac28) (aka public)
- port provnet-d1ac28
- type: localnet
- addresses: ["unknown"]
- port ae9b52
- type: router
- router-port: lrp-ae9b52
- switch 5b3d5f (neutron-c02c4d) (aka private)
- port b256dd
- type: router
- router-port: lrp-b256dd
- port f264e7
- type: router
- router-port: lrp-f264e7
- port cae25b (aka dp)
- addresses: ["fa:16:3e:c1:f5:a2 10.0.0.6 fdb0:5860:4ba8:0:f816:3eff:fec1:f5a2"]
- ...
- router c59ad2 (neutron-9b057f) (aka router1)
- port lrp-ae9b52
- mac: "fa:16:3e:b2:d2:67"
- networks: ["172.24.4.9/24", "2001:db8::b/64"]
- port lrp-b256dd
- mac: "fa:16:3e:35:33:db"
- networks: ["fdb0:5860:4ba8::1/64"]
- port lrp-f264e7
- mac: "fa:16:3e:fc:c8:da"
- networks: ["10.0.0.1/26"]
- nat 788c6d
- external ip: "172.24.4.8"
- logical ip: "10.0.0.6"
- type: "dnat_and_snat"
- nat 80914c
- external ip: "172.24.4.9"
- logical ip: "10.0.0.0/26"
- type: "snat"
- ...
-
-What we see is:
-
-* VM ``d`` is on the "private" switch under its private IP address
- 10.0.0.8. The "private" switch is connected to "router1" via two
- router ports (one for IPv4, one for IPv6).
-
-* The "public" switch is connected to "router1" and to the physical
- network via a "localnet" port.
-
-* "router1" is in the middle between "private" and "public". In
- addition to the router ports that connect to these switches, it has
- "nat" entries that direct network address translation. The
- translation between floating IP address 172.24.4.8 and private
- address 10.0.0.8 makes perfect sense.
-
-When the NB DB gets translated into logical flows at the southbound
-layer, the "nat" entries get translated into IP matches that then
-invoke "ct_snat" and "ct_dnat" actions. The details are intricate,
-but you can get some of the idea by just looking for relevant flows::
-
- $ ovn-sbctl lflow-list router1 | abbrev | grep nat | grep -E '172.24.4.8|10.0.0.8'
- table=3 (lr_in_unsnat ), priority=100 , match=(ip && ip4.dst == 172.24.4.8 && inport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52")), action=(ct_snat;)
- table=3 (lr_in_unsnat ), priority=50 , match=(ip && ip4.dst == 172.24.4.8), action=(reg9[0] = 1; next;)
- table=4 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 172.24.4.8 && inport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52")), action=(ct_dnat(10.0.0.6);)
- table=4 (lr_in_dnat ), priority=50 , match=(ip && ip4.dst == 172.24.4.8), action=(reg9[0] = 1; next;)
- table=1 (lr_out_snat ), priority=33 , match=(ip && ip4.src == 10.0.0.6 && outport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52")), action=(ct_snat(172.24.4.8);)
-
-Let's take a look at how a packet passes through this whole gauntlet.
-The first two stanzas just show the packet traveling through the
-"public" network and being forwarded to the "router1" network::
-
- $ ovn-trace public 'inport == "provnet-d1ac2896-18a7-4bca-8f46-b21e2370e5b1" && eth.src == 00:01:02:03:04:05 && eth.dst == fa:16:3e:b2:d2:67 && ip4.src == 172.24.4.1 && ip4.dst == 172.24.4.8 && ip.ttl == 64 && icmp4.type==8'
- ...
- ingress(dp="public", inport="provnet-d1ac28")
- ---------------------------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "provnet-d1ac28", priority 50, uuid 8d86fb06
- next;
- 10. ls_in_arp_rsp (ovn-northd.c:3266): inport == "provnet-d1ac28", priority 100, uuid 21313eff
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3571): eth.dst == fa:16:3e:b2:d2:67 && is_chassis_resident("cr-lrp-ae9b52"), priority 50, uuid 7f28f51f
- outport = "ae9b52";
- output;
-
- egress(dp="public", inport="provnet-d1ac28", outport="ae9b52")
- --------------------------------------------------------------
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "ae9b52", priority 50, uuid 72fea396
- output;
- /* output to "ae9b52", type "patch" */
-
-In "router1", first the ``ct_snat`` action without an argument
-attempts to "un-SNAT" the packet. ovn-trace treats this as a no-op,
-because it doesn't have any state for tracking connections. As an
-alternative, it invokes ``ct_dnat(10.0.0.8)`` to NAT the destination
-IP::
-
- ingress(dp="router1", inport="lrp-ae9b52")
- ------------------------------------------
- 0. lr_in_admission (ovn-northd.c:4071): eth.dst == fa:16:3e:b2:d2:67 && inport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52"), priority 50, uuid 8c6945c2
- next;
- 3. lr_in_unsnat (ovn-northd.c:4591): ip && ip4.dst == 172.24.4.8 && inport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52"), priority 100, uuid e922f541
- ct_snat;
-
- ct_snat /* assuming no un-snat entry, so no change */
- -----------------------------------------------------
- 4. lr_in_dnat (ovn-northd.c:4649): ip && ip4.dst == 172.24.4.8 && inport == "lrp-ae9b52" && is_chassis_resident("cr-lrp-ae9b52"), priority 100, uuid 02f41b79
- ct_dnat(10.0.0.6);
-
-Still in "router1", the routing and output steps transmit the packet
-to the "private" network::
-
- ct_dnat(ip4.dst=10.0.0.6)
- -------------------------
- 5. lr_in_ip_routing (ovn-northd.c:3782): ip4.dst == 10.0.0.0/26, priority 53, uuid 86e005b0
- ip.ttl--;
- reg0 = ip4.dst;
- reg1 = 10.0.0.1;
- eth.src = fa:16:3e:fc:c8:da;
- outport = "lrp-f264e7";
- flags.loopback = 1;
- next;
- 6. lr_in_arp_resolve (ovn-northd.c:5088): outport == "lrp-f264e7" && reg0 == 10.0.0.6, priority 100, uuid 2963d67c
- eth.dst = fa:16:3e:c1:f5:a2;
- next;
- 8. lr_in_arp_request (ovn-northd.c:5260): 1, priority 0, uuid eea419b7
- output;
-
- egress(dp="router1", inport="lrp-ae9b52", outport="lrp-f264e7")
- ---------------------------------------------------------------
- 3. lr_out_delivery (ovn-northd.c:5288): outport == "lrp-f264e7", priority 100, uuid 42dadc23
- output;
- /* output to "lrp-f264e7", type "patch" */
-
-In the "private" network, the packet passes through VM ``d``'s
-firewall and is output to ``d``::
-
- ingress(dp="private", inport="f264e7")
- --------------------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "f264e7", priority 50, uuid 5b721214
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2624): ip && inport == "f264e7", priority 110, uuid 5bdc3209
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:c1:f5:a2, priority 50, uuid 7957f80f
- outport = "dp";
- output;
-
- egress(dp="private", inport="f264e7", outport="dp")
- ---------------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2648): ip, priority 100, uuid 4981c79d
- reg0[0] = 1;
- next;
- 2. ls_out_pre_stateful (ovn-northd.c:2766): reg0[0] == 1, priority 100, uuid 247e02eb
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (outport == "dp" && ip4 && ip4.src == 0.0.0.0/0 && icmp4), priority 2002, uuid b860fc9f
- next;
- 7. ls_out_port_sec_ip (ovn-northd.c:2364): outport == "dp" && eth.dst == fa:16:3e:c1:f5:a2 && ip4.dst == {255.255.255.255, 224.0.0.0/4, 10.0.0.6}, priority 90, uuid 15655a98
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "dp" && eth.dst == {fa:16:3e:c1:f5:a2}, priority 50, uuid 5916f94b
- output;
- /* output to "dp", type "" */
-
-IPv6
-----
-
-OVN supports IPv6 logical routing. Let's try it out.
-
-The first step is to add an IPv6 subnet to networks ``n1`` and ``n2``,
-then attach those subnets to our router ``r``. As usual, though
-OpenStack can assign addresses itself, we use fixed ones to make the
-discussion easier::
-
- $ openstack subnet create --ip-version 6 --subnet-range fc11::/64 --network n1 n1subnet6
- $ openstack subnet create --ip-version 6 --subnet-range fc22::/64 --network n2 n2subnet6
- $ openstack router add subnet r n1subnet6
- $ openstack router add subnet r n2subnet6
-
-Then we add an IPv6 address to each of our VMs::
-
- $ A_PORT_ID=$(openstack port list --server a -f value -c ID)
- $ openstack port set --fixed-ip subnet=n1subnet6,ip-address=fc11::5 $A_PORT_ID
- $ B_PORT_ID=$(openstack port list --server b -f value -c ID)
- $ openstack port set --fixed-ip subnet=n1subnet6,ip-address=fc11::6 $B_PORT_ID
- $ C_PORT_ID=$(openstack port list --server c -f value -c ID)
- $ openstack port set --fixed-ip subnet=n2subnet6,ip-address=fc22::7 $C_PORT_ID
-
-At least for me, the new IPv6 addresses didn't automatically get
-propagated into the VMs. To do it by hand, pull up the console for
-``a`` and run::
-
- $ sudo ip addr add fc11::5/64 dev eth0
- $ sudo ip route add via fc11::1
-
-Then in ``b``::
-
- $ sudo ip addr add fc11::6/64 dev eth0
- $ sudo ip route add via fc11::1
-
-Finally in ``c``::
-
- $ sudo ip addr add fc22::7/64 dev eth0
- $ sudo ip route add via fc22::1
-
-Now you should have working IPv6 routing through router ``r``. The
-relevant parts of the NB DB look like the following. The interesting
-parts are the new ``fc11::`` and ``fc22::`` addresses on the ports in
-``n1`` and ``n2`` and the new IPv6 router ports in ``r``::
-
- $ ovn-nbctl show | abbrev
- ...
- switch f51234 (neutron-332346) (aka n2)
- port 1a8162
- type: router
- router-port: lrp-1a8162
- port 82b983
- type: router
- router-port: lrp-82b983
- port 2e585f (aka cp)
- addresses: ["fa:16:3e:89:f2:36 10.1.2.7 fc22::7"]
- switch 3eb263 (neutron-5b6baf) (aka n1)
- port ad952e
- type: router
- router-port: lrp-ad952e
- port c29d41 (aka bp)
- addresses: ["fa:16:3e:99:7a:17 10.1.1.6 fc11::6"]
- port 820c08 (aka ap)
- addresses: ["fa:16:3e:a9:4c:c7 10.1.1.5 fc11::5"]
- port 17d870
- type: router
- router-port: lrp-17d870
- ...
- router dde06c (neutron-f88ebc) (aka r)
- port lrp-1a8162
- mac: "fa:16:3e:06:de:ad"
- networks: ["fc22::1/64"]
- port lrp-82b983
- mac: "fa:16:3e:19:9f:46"
- networks: ["10.1.2.1/24"]
- port lrp-ad952e
- mac: "fa:16:3e:ef:2f:8b"
- networks: ["fc11::1/64"]
- port lrp-17d870
- mac: "fa:16:3e:f6:e2:8f"
- networks: ["10.1.1.1/24"]
-
-Try tracing a packet from ``a`` to ``c``. The results correspond
-closely to those for IPv4 which we already discussed back under
-`Routing`_::
-
- $ N1SUBNET6_MAC=$(ovn-nbctl --bare --columns=mac find logical_router_port networks=\"fc11::1/64\")
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$N1SUBNET6_MAC' && ip6.src == fc11::5 && ip6.dst == fc22::7 && ip.ttl == 64 && icmp6.type == 8'
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "ap" && eth.src == {fa:16:3e:a9:4c:c7}, priority 50, uuid 6dcc418a
- next;
- 1. ls_in_port_sec_ip (ovn-northd.c:2390): inport == "ap" && eth.src == fa:16:3e:a9:4c:c7 && ip6.src == {fe80::f816:3eff:fea9:4cc7, fc11::5}, priority 90, uuid 604810ea
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2646): ip, priority 100, uuid 46c089e6
- reg0[0] = 1;
- next;
- 5. ls_in_pre_stateful (ovn-northd.c:2764): reg0[0] == 1, priority 100, uuid d1941634
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == "ap" && ip6), priority 2002, uuid 7fdd607e
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:ef:2f:8b, priority 50, uuid e1d87fc5
- outport = "ad952e";
- output;
-
- egress(dp="n1", inport="ap", outport="ad952e")
- ----------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2626): ip && outport == "ad952e", priority 110, uuid 88f68988
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "ad952e", priority 50, uuid 5935755e
- output;
- /* output to "ad952e", type "patch" */
-
- ingress(dp="r", inport="lrp-ad952e")
- ------------------------------------
- 0. lr_in_admission (ovn-northd.c:4071): eth.dst == fa:16:3e:ef:2f:8b && inport == "lrp-ad952e", priority 50, uuid ddfeb712
- next;
- 5. lr_in_ip_routing (ovn-northd.c:3782): ip6.dst == fc22::/64, priority 129, uuid cc2130ec
- ip.ttl--;
- xxreg0 = ip6.dst;
- xxreg1 = fc22::1;
- eth.src = fa:16:3e:06:de:ad;
- outport = "lrp-1a8162";
- flags.loopback = 1;
- next;
- 6. lr_in_arp_resolve (ovn-northd.c:5122): outport == "lrp-1a8162" && xxreg0 == fc22::7, priority 100, uuid bcf75288
- eth.dst = fa:16:3e:89:f2:36;
- next;
- 8. lr_in_arp_request (ovn-northd.c:5260): 1, priority 0, uuid 6dacdd82
- output;
-
- egress(dp="r", inport="lrp-ad952e", outport="lrp-1a8162")
- ---------------------------------------------------------
- 3. lr_out_delivery (ovn-northd.c:5288): outport == "lrp-1a8162", priority 100, uuid 5260dfc5
- output;
- /* output to "lrp-1a8162", type "patch" */
-
- ingress(dp="n2", inport="1a8162")
- ---------------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "1a8162", priority 50, uuid 10957d1b
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2624): ip && inport == "1a8162", priority 110, uuid a27ebd00
- next;
- 13. ls_in_l2_lkup (ovn-northd.c:3529): eth.dst == fa:16:3e:89:f2:36, priority 50, uuid dcafb3e9
- outport = "cp";
- output;
-
- egress(dp="n2", inport="1a8162", outport="cp")
- ----------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2648): ip, priority 100, uuid cd9cfa74
- reg0[0] = 1;
- next;
- 2. ls_out_pre_stateful (ovn-northd.c:2766): reg0[0] == 1, priority 100, uuid 9e8e22c5
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 4. ls_out_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (outport == "cp" && ip6 && ip6.src == $as_ip6_0fc1b6cf_f925_49e6_8f00_6dd13beca9dc), priority 2002, uuid 12fc96f9
- next;
- 7. ls_out_port_sec_ip (ovn-northd.c:2390): outport == "cp" && eth.dst == fa:16:3e:89:f2:36 && ip6.dst == {fe80::f816:3eff:fe89:f236, ff00::/8, fc22::7}, priority 90, uuid c622596a
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "cp" && eth.dst == {fa:16:3e:89:f2:36}, priority 50, uuid 0242cdc3
- output;
- /* output to "cp", type "" */
-
-ACLs
-----
-
-Let's explore how ACLs work in OpenStack and OVN. In OpenStack, ACL
-rules are part of "security groups", which are "default deny", that
-is, packets are not allowed by default and the rules added to security
-groups serve to allow different classes of packets. The default group
-(named "default") that is assigned to each of our VMs so far allows
-all traffic from our other VMs, which isn't very interesting for
-testing. So, let's create a new security group, which we'll name
-"custom", add rules to it that allow incoming SSH and ICMP traffic,
-and apply this security group to VM ``c``::
-
- $ openstack security group create custom
- $ openstack security group rule create --dst-port 22 custom
- $ openstack security group rule create --protocol icmp custom
- $ openstack server remove security group c default
- $ openstack server add security group c custom
-
-Now we can do some experiments to test security groups. From the
-console on ``a`` or ``b``, it should now be possible to "ping" ``c``
-or to SSH to it, but attempts to initiate connections on other ports
-should be blocked. (You can try to connect on another port with
-``ssh -p PORT IP`` or ``nc PORT IP``.) Connection attempts should
-time out rather than receive the "connection refused" or "connection
-reset" error that you would see between ``a`` and ``b``.
-
-It's also possible to test ACLs via ovn-trace, with one new wrinkle.
-ovn-trace can't simulate connection tracking state in the network, so
-by default it assumes that every packet represents an established
-connection. That's good enough for what we've been doing so far, but
-for checking properties of security groups we want to look at more
-detail.
-
-If you look back at the VM-to-VM traces we've done until now, you can
-see that they execute two ``ct_next`` actions:
-
-* The first of these is for the packet passing outward through the
- source VM's firewall. We can tell ovn-trace to treat the packet as
- starting a new connection or adding to an established connection by
- adding a ``--ct`` option: ``--ct new`` or ``--ct est``,
- respectively. The latter is the default and therefore what we've
- been using so far. We can also use ``--ct est,rpl``, which in
- addition to ``--ct est`` means that the connection was initiated by
- the destination VM rather than by the VM sending this packet.
-
-* The second is for the packet passing inward through the destination
- VM's firewall. For this one, it makes sense to tell ovn-trace that
- the packet is starting a new connection, with ``--ct new``, or that
- it is a packet sent in reply to a connection established by the
- destination VM, with ``--ct est,rpl``.
-
-ovn-trace uses the ``--ct`` options in order, so if we want to
-override the second ``ct_next`` behavior we have to specify two
-options.
-
-Another useful ovn-trace option for this testing is ``--minimal``,
-which reduces the amount of output. In this case we're really just
-interested in finding out whether the packet reaches the destination
-VM, that is, whether there's an eventual ``output`` action to ``c``,
-so ``--minimal`` works fine and the output is easier to read.
-
-Try a few traces. For example:
-
-* VM ``a`` initiates a new SSH connection to ``c``::
-
- $ ovn-trace --ct new --ct new --minimal n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$N1SUBNET6_MAC' && ip4.src == 10.1.1.5 && ip4.dst == 10.1.2.7 && ip.ttl == 64 && tcp.dst == 22'
- ...
- ct_next(ct_state=new|trk) {
- ip.ttl--;
- eth.src = fa:16:3e:19:9f:46;
- eth.dst = fa:16:3e:89:f2:36;
- ct_next(ct_state=new|trk) {
- output("cp");
- };
- };
-
- This succeeds, as you can see since there is an ``output`` action.
-
-* VM ``a`` initiates a new Telnet connection to ``c``::
-
- $ ovn-trace --ct new --ct new --minimal n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$N1SUBNET6_MAC' && ip4.src == 10.1.1.5 && ip4.dst == 10.1.2.7 && ip.ttl == 64 && tcp.dst == 23'
- ct_next(ct_state=new|trk) {
- ip.ttl--;
- eth.src = fa:16:3e:19:9f:46;
- eth.dst = fa:16:3e:89:f2:36;
- ct_next(ct_state=new|trk);
- };
-
- This fails, as you can see from the lack of an ``output`` action.
-
-* VM ``a`` replies to a packet that is part of a Telnet connection
- originally initiated by ``c``::
-
- $ ovn-trace --ct est,rpl --ct est,rpl --minimal n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == '$N1SUBNET6_MAC' && ip4.src == 10.1.1.5 && ip4.dst == 10.1.2.7 && ip.ttl == 64 && tcp.dst == 23'
- ...
- ct_next(ct_state=est|rpl|trk) {
- ip.ttl--;
- eth.src = fa:16:3e:19:9f:46;
- eth.dst = fa:16:3e:89:f2:36;
- ct_next(ct_state=est|rpl|trk) {
- output("cp");
- };
- };
-
- This succeeds, as you can see from the ``output`` action, since
- traffic received in reply to an outgoing connection is always
- allowed.
-
-DHCP
-----
-
-As a final demonstration of the OVN architecture, let's examine the
-DHCP implementation. Like switching, routing, and NAT, the OVN
-implementation of DHCP involves configuration in the NB DB and logical
-flows in the SB DB.
-
-Let's look at the DHCP support for ``a``'s port ``ap``. The port's
-Logical_Switch_Port record shows that ``ap`` has DHCPv4 options::
-
- $ ovn-nbctl list logical_switch_port ap | abbrev
- _uuid : ef17e5
- addresses : ["fa:16:3e:a9:4c:c7 10.1.1.5 fc11::5"]
- dhcpv4_options : 165974
- dhcpv6_options : 26f7cd
- dynamic_addresses : []
- enabled : true
- external_ids : {"neutron:port_name"=ap}
- name : "820c08"
- options : {}
- parent_name : []
- port_security : ["fa:16:3e:a9:4c:c7 10.1.1.5 fc11::5"]
- tag : []
- tag_request : []
- type : ""
- up : true
-
-We can then list them either by UUID or, more easily, by port name::
-
- $ ovn-nbctl list dhcp_options ap | abbrev
- _uuid : 165974
- cidr : "10.1.1.0/24"
- external_ids : {subnet_id="5e67e7"}
- options : {lease_time="43200", mtu="1442", router="10.1.1.1", server_id="10.1.1.1", server_mac="fa:16:3e:bb:94:72"}
-
-These options show the basic DHCP configuration for the subnet. They
-do not include the IP address itself, which comes from the
-Logical_Switch_Port record. This allows a whole Neutron subnet to
-share a single DHCP_Options record. You can see this sharing in
-action, if you like, by listing the record for port ``bp``, which is
-on the same subnet as ``ap``, and see that it is the same record as before::
-
- $ ovn-nbctl list dhcp_options bp | abbrev
- _uuid : 165974
- cidr : "10.1.1.0/24"
- external_ids : {subnet_id="5e67e7"}
- options : {lease_time="43200", mtu="1442", router="10.1.1.1", server_id="10.1.1.1", server_mac="fa:16:3e:bb:94:72"}
-
-You can take another look at the southbound flow table if you like,
-but the best demonstration is to trace a DHCP packet. The following
-is a trace of a DHCP request inbound from ``ap``. The first part is
-just the usual travel through the firewall::
-
- $ ovn-trace n1 'inport == "ap" && eth.src == '$AP_MAC' && eth.dst == ff:ff:ff:ff:ff:ff && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67 && ip.ttl == 1'
- ...
- ingress(dp="n1", inport="ap")
- -----------------------------
- 0. ls_in_port_sec_l2 (ovn-northd.c:3234): inport == "ap" && eth.src == {fa:16:3e:a9:4c:c7}, priority 50, uuid 6dcc418a
- next;
- 1. ls_in_port_sec_ip (ovn-northd.c:2325): inport == "ap" && eth.src == fa:16:3e:a9:4c:c7 && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67, priority 90, uuid e46bed6f
- next;
- 3. ls_in_pre_acl (ovn-northd.c:2646): ip, priority 100, uuid 46c089e6
- reg0[0] = 1;
- next;
- 5. ls_in_pre_stateful (ovn-northd.c:2764): reg0[0] == 1, priority 100, uuid d1941634
- ct_next;
-
-The next part is the new part. First, an ACL in table 6 allows a DHCP
-request to pass through. In table 11, the special ``put_dhcp_opts``
-action replaces a DHCPDISCOVER or DHCPREQUEST packet by a
-reply. Table 12 flips the packet's source and destination and sends
-it back the way it came in::
-
- 6. ls_in_acl (ovn-northd.c:2925): !ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (inport == "ap" && ip4 && ip4.dst == {255.255.255.255, 10.1.1.0/24} && udp && udp.src == 68 && udp.dst == 67), priority 2002, uuid 9c90245d
- next;
- 11. ls_in_dhcp_options (ovn-northd.c:3409): inport == "ap" && eth.src == fa:16:3e:a9:4c:c7 && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67, priority 100, uuid 8d63f29c
- reg0[3] = put_dhcp_opts(offerip = 10.1.1.5, lease_time = 43200, mtu = 1442, netmask = 255.255.255.0, router = 10.1.1.1, server_id = 10.1.1.1);
- /* We assume that this packet is DHCPDISCOVER or DHCPREQUEST. */
- next;
- 12. ls_in_dhcp_response (ovn-northd.c:3438): inport == "ap" && eth.src == fa:16:3e:a9:4c:c7 && ip4 && udp.src == 68 && udp.dst == 67 && reg0[3], priority 100, uuid 995eeaa9
- eth.dst = eth.src;
- eth.src = fa:16:3e:bb:94:72;
- ip4.dst = 10.1.1.5;
- ip4.src = 10.1.1.1;
- udp.src = 67;
- udp.dst = 68;
- outport = inport;
- flags.loopback = 1;
- output;
-
-Then the last part is just traveling back through the firewall to VM
-``a``::
-
- egress(dp="n1", inport="ap", outport="ap")
- ------------------------------------------
- 1. ls_out_pre_acl (ovn-northd.c:2648): ip, priority 100, uuid 3752b746
- reg0[0] = 1;
- next;
- 2. ls_out_pre_stateful (ovn-northd.c:2766): reg0[0] == 1, priority 100, uuid 0c066ea1
- ct_next;
-
- ct_next(ct_state=est|trk /* default (use --ct to customize) */)
- ---------------------------------------------------------------
- 4. ls_out_acl (ovn-northd.c:3008): outport == "ap" && eth.src == fa:16:3e:bb:94:72 && ip4.src == 10.1.1.1 && udp && udp.src == 67 && udp.dst == 68, priority 34000, uuid 0b383e77
- ct_commit;
- next;
- 7. ls_out_port_sec_ip (ovn-northd.c:2364): outport == "ap" && eth.dst == fa:16:3e:a9:4c:c7 && ip4.dst == {255.255.255.255, 224.0.0.0/4, 10.1.1.5}, priority 90, uuid 7b8cbcd5
- next;
- 8. ls_out_port_sec_l2 (ovn-northd.c:3654): outport == "ap" && eth.dst == {fa:16:3e:a9:4c:c7}, priority 50, uuid b874ece8
- output;
- /* output to "ap", type "" */
-
-Further Directions
-------------------
-
-We've looked at a fair bit of how OVN works and how it interacts with
-OpenStack. If you still have some interest, then you might want to
-explore some of these directions:
-
-* Adding more than one hypervisor ("compute node", in OpenStack
- parlance). OVN connects compute nodes by tunneling packets with the
- STT or Geneve protocols. OVN scales to 1000 compute nodes or more,
- but two compute nodes demonstrate the principle. All of the tools
- and techniques we demonstrated also work with multiple compute
- nodes.
-
-* Container support. OVN supports seamlessly connecting VMs to
- containers, whether the containers are hosted on "bare metal" or
- nested inside VMs. OpenStack support for containers, however, is
- still evolving, and too difficult to incorporate into the tutorial
- at this point.
-
-* Other kinds of gateways. In addition to floating IPs with NAT, OVN
- supports directly attaching VMs to a physical network and connecting
- logical switches to VTEP hardware.
diff --git a/Documentation/tutorials/ovn-rbac.rst b/Documentation/tutorials/ovn-rbac.rst
deleted file mode 100644
index ec163e2df36..00000000000
--- a/Documentation/tutorials/ovn-rbac.rst
+++ /dev/null
@@ -1,134 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-=============================================
-OVN Role-Based Access Control (RBAC) Tutorial
-=============================================
-
-This document provides a step-by-step guide for setting up role-based access
-control (RBAC) in OVN. In OVN, hypervisors (chassis) read and write the
-southbound database to do configuration. Without restricting hypervisor's
-access to the southbound database, a compromised hypervisor might disrupt the
-entire OVN deployment by corrupting the database. RBAC ensures that each
-hypervisor can only modify its own data and thus improves the security of OVN.
-More details about the RBAC design can be found in ``ovn-architecture``\(7)
-manpage.
-
-This document assumes OVN is installed in your system and runs normally.
-
-.. _gen-certs-keys:
-
-Generating Certificates and Keys
---------------------------------
-
-In the OVN RBAC deployment, ovn-controller connects to the southbound database
-via SSL connection. The southbound database uses CA-signed certificate to
-authenticate ovn-controller.
-
-Suppose there are three machines in your deployment. `machine_1` runs
-`chassis_1` and has IP address `machine_1-ip`. `machine_2` runs `chassis_2` and
-has IP address `machine_2-ip`. `machine_3` hosts southbound database and has IP
-address `machine_3-ip`. `machine_3` also hosts public key infrastructure (PKI).
-
-1. Initiate PKI.
-
- In `machine_3`::
-
- $ ovs-pki init
-
-2. Generate southbound database's certificate request. Sign the certificate
- request with the CA key.
-
- In `machine_3`::
-
- $ ovs-pki req -u sbdb
- $ ovs-pki sign sbdb switch
-
-3. Generate chassis certificate requests. Copy the certificate requests to
- `machine_3`.
-
- In `machine_1`::
-
- $ ovs-pki req -u chassis_1
- $ scp chassis_1-req.pem \
- machine_3@machine_3-ip:/path/to/chassis_1-req.pem
-
- In `machine_2`::
-
- $ ovs-pki req -u chassis_2
- $ scp chassis_2-req.pem \
- machine_3@machine_3-ip:/path/to/chassis_2-req.pem
-
- .. note::
-
- chassis_1 must be the same string as ``external_ids:system-id`` in the
- Open_vSwitch table (the chassis name) of machine_1. Same applies for
- chassis_2.
-
-4. Sign the chassis certificate requests with the CA key. Copy `chassis_1`'s
- signed certificate and the CA certificate to `machine_1`. Copy `chassis_2`'s
- signed certificate and the CA certificate to `machine_2`.
-
- In `machine_3`::
-
- $ ovs-pki sign chassis_1 switch
- $ ovs-pki sign chassis_2 switch
- $ scp chassis_1-cert.pem \
- machine_1@machine_1-ip:/path/to/chassis_1-cert.pem
- $ scp /var/lib/openvswitch/pki/switchca/cacert.pem \
- machine_1@machine_1-ip:/path/to/cacert.pem
- $ scp chassis_2-cert.pem \
- machine_2@machine_2-ip:/path/to/chassis_2-cert.pem
- $ scp /var/lib/openvswitch/pki/switchca/cacert.pem \
- machine_2@machine_2-ip:/path/to/cacert.pem
-
-Configuring RBAC
-----------------
-
-1. Set certificate, private key, and CA certificate for the southbound
- database. Configure the southbound database to listen on SSL connection and
- enforce role-based access control.
-
- In `machine_3`::
-
- $ ovn-sbctl set-ssl /path/to/sbdb-privkey.pem \
- /path/to/sbdb-cert.pem /path/to/cacert.pem
- $ ovn-sbctl set-connection role=ovn-controller pssl:6642
-
-2. Set certificate, private key, and CA certificate for `chassis_1` and
- `chassis_2`. Configure `chassis_1` and `chassis_2` to connect southbound
- database via SSL.
-
- In `machine_1`::
-
- $ ovs-vsctl set-ssl /path/to/chassis_1-privkey.pem \
- /path/to/chassis_1-cert.pem /path/to/cacert.pem
- $ ovs-vsctl set open_vswitch . \
- external_ids:ovn-remote=ssl:machine_3-ip:6642
-
- In `machine_2`::
-
- $ ovs-vsctl set-ssl /path/to/chassis_2-privkey.pem \
- /path/to/chassis_2-cert.pem /path/to/cacert.pem
- $ ovs-vsctl set open_vswitch . \
- external_ids:ovn-remote=ssl:machine_3-ip:6642
diff --git a/Documentation/tutorials/ovn-sandbox.rst b/Documentation/tutorials/ovn-sandbox.rst
deleted file mode 100644
index b906b799d3e..00000000000
--- a/Documentation/tutorials/ovn-sandbox.rst
+++ /dev/null
@@ -1,177 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-===========
-OVN Sandbox
-===========
-
-This tutorial shows you how to explore features using ``ovs-sandbox`` as a
-simulated test environment. It's assumed that you have an understanding of OVS
-before going through this tutorial. Detail about OVN is covered in
-ovn-architecture_, but this tutorial lets you quickly see it in action.
-
-Getting Started
----------------
-
-For some general information about ``ovs-sandbox``, see the "Getting Started"
-section of :doc:`ovs-advanced`.
-
-``ovs-sandbox`` does not include OVN support by default. To enable OVN, you
-must pass the ``--ovn`` flag. For example, if running it straight from the OVS
-git tree you would run::
-
- $ make sandbox SANDBOXFLAGS="--ovn"
-
-Running the sandbox with OVN enabled does the following additional steps to the
-environment:
-
-1. Creates the ``OVN_Northbound`` and ``OVN_Southbound`` databases as described in
- `ovn-nb(5)`_ and `ovn-sb(5)`_.
-
-2. Creates a backup server for ``OVN_Southbond`` database. Sandbox launch
- screen provides the instructions on accessing the backup database. However
- access to the backup server is not required to go through the tutorial.
-
-3. Creates the ``hardware_vtep`` database as described in `vtep(5)`_.
-
-4. Runs the `ovn-northd(8)`_, `ovn-controller(8)`_, and
- `ovn-controller-vtep(8)`_ daemons.
-
-5. Makes OVN and VTEP utilities available for use in the environment, including
- `vtep-ctl(8)`_, `ovn-nbctl(8)`_, and `ovn-sbctl(8)`_.
-
-Using GDB
----------
-
-GDB support is not required to go through the tutorial. See the "Using GDB"
-section of :doc:`ovs-advanced` for more info. Additional flags exist for
-launching the debugger for the OVN programs::
-
- --gdb-ovn-northd
- --gdb-ovn-controller
- --gdb-ovn-controller-vtep
-
-Creating OVN Resources
-----------------------
-
-Once you have ``ovs-sandbox`` running with OVN enabled, you can start using OVN
-utilities to create resources in OVN. As an example, we will create an
-environment that has two logical switches connected by a logical router.
-
-Create the first logical switch with one port::
-
- $ ovn-nbctl ls-add sw0
- $ ovn-nbctl lsp-add sw0 sw0-port1
- $ ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2"
-
-Create the second logical switch with one port::
-
- $ ovn-nbctl ls-add sw1
- $ ovn-nbctl lsp-add sw1 sw1-port1
- $ ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2"
-
-Create the logical router and attach both logical switches::
-
- $ ovn-nbctl lr-add lr0
- $ ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24
- $ ovn-nbctl lsp-add sw0 lrp0-attachment
- $ ovn-nbctl lsp-set-type lrp0-attachment router
- $ ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01
- $ ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0
- $ ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24
- $ ovn-nbctl lsp-add sw1 lrp1-attachment
- $ ovn-nbctl lsp-set-type lrp1-attachment router
- $ ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02
- $ ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1
-
-View a summary of OVN's current logical configuration::
-
- $ ovn-nbctl show
- switch 1396cf55-d176-4082-9a55-1c06cef626e4 (sw1)
- port lrp1-attachment
- addresses: ["00:00:00:00:ff:02"]
- port sw1-port1
- addresses: ["50:54:00:00:00:03 11.0.0.2"]
- switch 2c9d6d03-09fc-4e32-8da6-305f129b0d53 (sw0)
- port lrp0-attachment
- addresses: ["00:00:00:00:ff:01"]
- port sw0-port1
- addresses: ["50:54:00:00:00:01 192.168.0.2"]
- router f8377e8c-f75e-4fc8-8751-f3ea03c6dd98 (lr0)
- port lrp0
- mac: "00:00:00:00:ff:01"
- networks: ["192.168.0.1/24"]
- port lrp1
- mac: "00:00:00:00:ff:02"
- networks: ["11.0.0.1/24"]
-
-The ``tutorial`` directory of the OVS source tree includes a script
-that runs all of the commands for you::
-
- $ ./ovn-setup.sh
-
-Using ovn-trace
----------------
-
-Once you have configured resources in OVN, try using ``ovn-trace`` to see
-how OVN would process a sample packet through its logical pipeline.
-
-For example, we can trace an IP packet from ``sw0-port1`` to ``sw1-port1``.
-The ``--minimal`` output shows each visible action performed on the packet,
-which includes:
-
-#. The logical router will decrement the IP TTL field.
-#. The logical router will change the source and destination
- MAC addresses to reflect the next hop.
-#. The packet will be output to ``sw1-port1``.
-
-::
-
- $ ovn-trace --minimal sw0 'inport == "sw0-port1" \
- > && eth.src == 50:54:00:00:00:01 && ip4.src == 192.168.0.2 \
- > && eth.dst == 00:00:00:00:ff:01 && ip4.dst == 11.0.0.2 \
- > && ip.ttl == 64'
-
- # ip,reg14=0x1,vlan_tci=0x0000,dl_src=50:54:00:00:00:01,dl_dst=00:00:00:00:ff:01,nw_src=192.168.0.2,nw_dst=11.0.0.2,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=64
- ip.ttl--;
- eth.src = 00:00:00:00:ff:02;
- eth.dst = 50:54:00:00:00:03;
- output("sw1-port1");
-
-The ``ovn-trace`` utility can also provide much more detail on how the packet
-would be processed through OVN's logical pipeline, as well as correlate that
-to OpenFlow flows programmed by ``ovn-controller``. See the `ovn-trace(8)`_
-man page for more detail.
-
-
-.. _ovn-architecture: http://openvswitch.org/support/dist-docs/ovn-architecture.7.html
-.. _ovn-nb(5): http://openvswitch.org/support/dist-docs/ovn-nb.5.html
-.. _ovn-sb(5): http://openvswitch.org/support/dist-docs/ovn-sb.5.html
-.. _vtep(5): http://openvswitch.org/support/dist-docs/vtep.5.html
-.. _ovn-northd(8): http://openvswitch.org/support/dist-docs/ovn-northd.8.html
-.. _ovn-controller(8): http://openvswitch.org/support/dist-docs/ovn-controller.8.html
-.. _ovn-controller-vtep(8): http://openvswitch.org/support/dist-docs/ovn-controller-vtep.8.html
-.. _vtep-ctl(8): http://openvswitch.org/support/dist-docs/vtep-ctl.8.html
-.. _ovn-nbctl(8): http://openvswitch.org/support/dist-docs/ovn-nbctl.8.html
-.. _ovn-sbctl(8): http://openvswitch.org/support/dist-docs/ovn-sbctl.8.html
-.. _ovn-trace(8): http://openvswitch.org/support/dist-docs/ovn-trace.8.html
diff --git a/NEWS b/NEWS
index d58a671416b..f5a0b8faf5d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
Post-v2.12.0
---------------------
-
+ - OVN:
+ * OVN has been removed from this repository. It now exists as a
+ separate project. You can find it at
+ https://github.com/ovn-org/ovn.git
v2.12.0 - 03 Sep 2019
---------------------
diff --git a/configure.ac b/configure.ac
index e3603926bad..1d45c4fdd15 100644
--- a/configure.ac
+++ b/configure.ac
@@ -210,8 +210,6 @@ dnl This makes sure that include/openflow gets created in the build directory.
AC_CONFIG_COMMANDS([include/openflow/openflow.h.stamp])
AC_CONFIG_COMMANDS([utilities/bugtool/dummy], [:])
-AC_CONFIG_COMMANDS([ovn/dummy], [:])
-AC_CONFIG_COMMANDS([ovn/utilities/dummy], [:])
AC_CONFIG_COMMANDS([ipsec/dummy], [:])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
diff --git a/debian/.gitignore b/debian/.gitignore
index 9ec70eb9ccd..441a8ffb702 100644
--- a/debian/.gitignore
+++ b/debian/.gitignore
@@ -22,10 +22,5 @@
/openvswitch-test
/openvswitch-testcontroller
/openvswitch-vtep
-/ovn-common
-/ovn-controller-vtep
-/ovn-host
-/ovn-central
-/ovn-docker
/python-openvswitch
/tmp
diff --git a/debian/automake.mk b/debian/automake.mk
index 8a8d43c9f65..03a1d68c263 100644
--- a/debian/automake.mk
+++ b/debian/automake.mk
@@ -52,28 +52,6 @@ EXTRA_DIST += \
debian/openvswitch-vtep.init \
debian/openvswitch-vtep.install \
debian/openvswitch-vtep.manpages \
- debian/ovn-central.dirs \
- debian/ovn-central.init \
- debian/ovn-central.install \
- debian/ovn-central.manpages \
- debian/ovn-central.postinst \
- debian/ovn-central.postrm \
- debian/ovn-central.template \
- debian/ovn-controller-vtep.init \
- debian/ovn-controller-vtep.install \
- debian/ovn-controller-vtep.manpages \
- debian/ovn-common.install \
- debian/ovn-common.manpages \
- debian/ovn-common.postinst \
- debian/ovn-common.postrm \
- debian/ovn-docker.install \
- debian/ovn-host.dirs \
- debian/ovn-host.init \
- debian/ovn-host.install \
- debian/ovn-host.manpages \
- debian/ovn-host.postinst \
- debian/ovn-host.postrm \
- debian/ovn-host.template \
debian/python-openvswitch.dirs \
debian/python-openvswitch.install \
debian/rules \
diff --git a/debian/control b/debian/control
index b97e99b9202..2ad35f2cea6 100644
--- a/debian/control
+++ b/debian/control
@@ -119,84 +119,6 @@ Description: Open vSwitch switch implementations
openvswitch-switch provides the userspace components and utilities for
the Open vSwitch kernel-based switch.
-Package: ovn-common
-Architecture: linux-any
-Depends: openvswitch-common (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends}
-Description: OVN common components
- OVN, the Open Virtual Network, is a system to support virtual network
- abstraction. OVN complements the existing capabilities of OVS to add
- native support for virtual network abstractions, such as virtual L2 and L3
- overlays and security groups.
- .
- ovn-common provides components required by other OVN packages.
-
-Package: ovn-controller-vtep
-Architecture: linux-any
-Depends: ovn-common (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends}
-Description: OVN vtep controller
- ovn-controller-vtep is the local controller daemon in
- OVN, the Open Virtual Network, for VTEP enabled physical switches.
- It connects up to the OVN Southbound database over the OVSDB protocol,
- and down to the VTEP database over the OVSDB protocol.
- .
- ovn-controller-vtep provides the ovn-controller-vtep binary for controlling
- vtep gateways.
-
-
-Package: ovn-host
-Architecture: linux-any
-Depends: openvswitch-switch (= ${binary:Version}),
- openvswitch-common (= ${binary:Version}),
- ovn-common (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends}
-Description: OVN host components
- OVN, the Open Virtual Network, is a system to support virtual network
- abstraction. OVN complements the existing capabilities of OVS to add
- native support for virtual network abstractions, such as virtual L2 and L3
- overlays and security groups.
- .
- ovn-host provides the userspace components and utilities for
- OVN that can be run on every host/hypervisor.
-
-Package: ovn-central
-Architecture: linux-any
-Depends: openvswitch-switch (= ${binary:Version}),
- openvswitch-common (= ${binary:Version}),
- ovn-common (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends}
-Description: OVN central components
- OVN, the Open Virtual Network, is a system to support virtual network
- abstraction. OVN complements the existing capabilities of OVS to add
- native support for virtual network abstractions, such as virtual L2 and L3
- overlays and security groups.
- .
- ovn-central provides the userspace daemons, utilities and
- databases for OVN that is run at a central location.
-
-Package: ovn-docker
-Architecture: linux-any
-Depends: openvswitch-switch (= ${binary:Version}),
- openvswitch-common (= ${binary:Version}),
- python (>= 2.7),
- python-openvswitch (= ${source:Version}),
- ovn-common (= ${binary:Version}),
- ${misc:Depends},
- ${python:Depends},
- ${shlibs:Depends}
-Description: OVN Docker drivers
- OVN, the Open Virtual Network, is a system to support virtual network
- abstraction. OVN complements the existing capabilities of OVS to add
- native support for virtual network abstractions, such as virtual L2 and L3
- overlays and security groups.
- .
- ovn-docker provides the docker drivers for OVN.
-
Package: openvswitch-pki
Architecture: all
Depends: openvswitch-common (<< ${source:Version}.1~),
diff --git a/debian/ovn-central.dirs b/debian/ovn-central.dirs
deleted file mode 100644
index 6394883cecc..00000000000
--- a/debian/ovn-central.dirs
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/ovn/central
diff --git a/debian/ovn-central.init b/debian/ovn-central.init
deleted file mode 100755
index 60cee95a387..00000000000
--- a/debian/ovn-central.init
+++ /dev/null
@@ -1,60 +0,0 @@
-#! /bin/sh
-#
-### BEGIN INIT INFO
-# Provides: ovn-central
-# Required-Start: openvswitch-switch $remote_fs $syslog
-# Required-Stop: $remote_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: OVN central components
-# Description: ovn-central provides the userspace daemons,
-# utilities and databases for OVN that is run at a central
-# location.
-### END INIT INFO
-
-test -x /usr/bin/ovn-northd || exit 0
-test -x /usr/share/openvswitch/scripts/ovn-ctl || exit 0
-
-_SYSTEMCTL_SKIP_REDIRECT=yes
-SYSTEMCTL_SKIP_REDIRECT=yes
-
-. /usr/share/openvswitch/scripts/ovs-lib
-if [ -e /etc/default/ovn-central ]; then
- . /etc/default/ovn-central
-fi
-
-start () {
- set /usr/share/openvswitch/scripts/ovn-ctl ${1-start_northd}
- set "$@" $OVN_CTL_OPTS
- "$@" || exit $?
-}
-
-stop_northd () {
- set /usr/share/openvswitch/scripts/ovn-ctl ${1-stop_northd}
- set "$@" $OVN_CTL_OPTS
- "$@" || exit $?
-}
-
-case $1 in
- start)
- start
- ;;
- stop)
- stop_northd
- ;;
- restart)
- start restart_northd
- ;;
- reload | force-reload)
- ;;
- status)
- /usr/share/openvswitch/scripts/ovn-ctl status_northd
- exit $?
- ;;
- *)
- echo "Usage: $0 {start|stop|reload|force-reload|restart|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/debian/ovn-central.install b/debian/ovn-central.install
deleted file mode 100644
index 733d3fc5eea..00000000000
--- a/debian/ovn-central.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/bin/ovn-northd
-usr/share/openvswitch/ovn-nb.ovsschema
-usr/share/openvswitch/ovn-sb.ovsschema
diff --git a/debian/ovn-central.manpages b/debian/ovn-central.manpages
deleted file mode 100644
index 2ddb43784f6..00000000000
--- a/debian/ovn-central.manpages
+++ /dev/null
@@ -1 +0,0 @@
-ovn/northd/ovn-northd.8
diff --git a/debian/ovn-central.postinst b/debian/ovn-central.postinst
deleted file mode 100755
index 10e07ece46f..00000000000
--- a/debian/ovn-central.postinst
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-# postinst script for ovn-central
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * `configure'
-# * `abort-upgrade'
-# * `abort-remove' `in-favour'
-#
-# * `abort-remove'
-# * `abort-deconfigure' `in-favour'
-# `removing'
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- DEFAULT=/etc/default/ovn-central
- TEMPLATE=/usr/share/ovn/central/default.template
- if ! test -e $DEFAULT; then
- cp $TEMPLATE $DEFAULT
- else
- for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE)
- do
- if ! grep $var $DEFAULT >/dev/null 2>&1; then
- echo >> $DEFAULT
- sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT
- fi
- done
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/ovn-central.postrm b/debian/ovn-central.postrm
deleted file mode 100755
index 0e654a37aea..00000000000
--- a/debian/ovn-central.postrm
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-# postrm script for ovn-central
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * `remove'
-# * `purge'
-# * `upgrade'
-# * `failed-upgrade'
-# * `abort-install'
-# * `abort-install'
-# * `abort-upgrade'
-# * `disappear'
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- purge)
- rm -f /etc/default/ovn-central
- rm -f /etc/openvswitch/ovnnb.db*
- rm -f /etc/openvswitch/.ovnnb.db.~lock~
- rm -f /etc/openvswitch/ovnsb.db*
- rm -f /etc/openvswitch/.ovnsb.db.~lock~
- rm -f /var/log/openvswitch/ovn-northd.log* || true
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-
diff --git a/debian/ovn-central.template b/debian/ovn-central.template
deleted file mode 100644
index 7cea13e5096..00000000000
--- a/debian/ovn-central.template
+++ /dev/null
@@ -1,5 +0,0 @@
-# This is a POSIX shell fragment -*- sh -*-
-
-# OVN_CTL_OPTS: Extra options to pass to ovs-ctl. This is, for example,
-# a suitable place to specify --ovn-northd-wrapper=valgrind.
-# OVN_CTL_OPTS=
diff --git a/debian/ovn-common.install b/debian/ovn-common.install
deleted file mode 100644
index 90484d2feee..00000000000
--- a/debian/ovn-common.install
+++ /dev/null
@@ -1,7 +0,0 @@
-usr/bin/ovn-nbctl
-usr/bin/ovn-sbctl
-usr/bin/ovn-trace
-usr/bin/ovn-detrace
-usr/share/openvswitch/scripts/ovn-ctl
-usr/share/openvswitch/scripts/ovndb-servers.ocf
-usr/lib/*/libovn*.so.*
diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages
deleted file mode 100644
index 249349ed80c..00000000000
--- a/debian/ovn-common.manpages
+++ /dev/null
@@ -1,8 +0,0 @@
-ovn/ovn-architecture.7
-ovn/ovn-nb.5
-ovn/ovn-sb.5
-ovn/utilities/ovn-ctl.8
-ovn/utilities/ovn-nbctl.8
-ovn/utilities/ovn-sbctl.8
-ovn/utilities/ovn-trace.8
-ovn/utilities/ovn-detrace.1
diff --git a/debian/ovn-common.postinst b/debian/ovn-common.postinst
deleted file mode 100644
index 588044fbce6..00000000000
--- a/debian/ovn-common.postinst
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-# postinst script for ovn-common
-#
-# see: dh_installdeb(1)
-
-set -e
-
-case "$1" in
- configure)
- mkdir -p /usr/lib/ocf/resource.d/ovn
- ln -sf /usr/share/openvswitch/scripts/ovndb-servers.ocf /usr/lib/ocf/resource.d/ovn/ovndb-servers
- ;;
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/ovn-common.postrm b/debian/ovn-common.postrm
deleted file mode 100644
index 9face726bdc..00000000000
--- a/debian/ovn-common.postrm
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-# postrm script for openvswitch-testcontroller
-#
-# see: dh_installdeb(1)
-
-set -e
-
-case "$1" in
- purge|remove)
- rm -rf /usr/lib/ocf/resource.d/ovn
- ;;
- upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/ovn-controller-vtep.init b/debian/ovn-controller-vtep.init
deleted file mode 100755
index be0a2435812..00000000000
--- a/debian/ovn-controller-vtep.init
+++ /dev/null
@@ -1,54 +0,0 @@
-#! /bin/sh
-#
-### BEGIN INIT INFO
-# Provides: ovn-controller-vtep
-# Required-Start: openvswitch-switch $remote_fs $syslog
-# Required-Stop: $remote_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: OVN Controller for VTEP enabled devices
-# Description: ovn-controller-vtep provides the userspace
-# components and utilities for OVN that can be run on
-# hosts taht connect to VTEP enabled devices.
-### END INIT INFO
-
-test -x /usr/bin/ovn-controller-vtep || exit 0
-test -x /usr/share/openvswitch/scripts/ovn-ctl || exit 0
-
-_SYSTEMCTL_SKIP_REDIRECT=yes
-SYSTEMCTL_SKIP_REDIRECT=yes
-
-. /usr/share/openvswitch/scripts/ovs-lib
-if [ -e /etc/default/ovn-controller-vtep ]; then
- . /etc/default/ovn-controller-vtep
-fi
-
-start () {
- set /usr/share/openvswitch/scripts/ovn-ctl ${1-start_controller_vtep}
- set "$@" $OVN_CTL_OPTS
- "$@" || exit $?
-}
-
-case $1 in
- start)
- start
- ;;
- stop | force-stop)
- /usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep
- ;;
- restart)
- start restart_controller_vtep
- ;;
- status)
- /usr/share/openvswitch/scripts/ovn-ctl status_controller_vtep
- exit $?
- ;;
- reload | force-reload)
- ;;
- *)
- echo "Usage: $0 {start|stop|reload|force-reload|restart|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/debian/ovn-controller-vtep.install b/debian/ovn-controller-vtep.install
deleted file mode 100644
index 1d208f37e6a..00000000000
--- a/debian/ovn-controller-vtep.install
+++ /dev/null
@@ -1 +0,0 @@
-usr/bin/ovn-controller-vtep
diff --git a/debian/ovn-controller-vtep.manpages b/debian/ovn-controller-vtep.manpages
deleted file mode 100644
index 787301704e4..00000000000
--- a/debian/ovn-controller-vtep.manpages
+++ /dev/null
@@ -1 +0,0 @@
-ovn/controller-vtep/ovn-controller-vtep.8
diff --git a/debian/ovn-docker.install b/debian/ovn-docker.install
deleted file mode 100644
index 5833067320d..00000000000
--- a/debian/ovn-docker.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/bin/ovn-docker-overlay-driver
-usr/bin/ovn-docker-underlay-driver
diff --git a/debian/ovn-host.dirs b/debian/ovn-host.dirs
deleted file mode 100644
index 7d3c761e1b6..00000000000
--- a/debian/ovn-host.dirs
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/ovn/host
diff --git a/debian/ovn-host.init b/debian/ovn-host.init
deleted file mode 100755
index 39c3bcf162d..00000000000
--- a/debian/ovn-host.init
+++ /dev/null
@@ -1,54 +0,0 @@
-#! /bin/sh
-#
-### BEGIN INIT INFO
-# Provides: ovn-host
-# Required-Start: openvswitch-switch $remote_fs $syslog
-# Required-Stop: $remote_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: OVN host components
-# Description: ovn-host provides the userspace
-# components and utilities for OVN that can be run on
-# every host/hypervisor.
-### END INIT INFO
-
-test -x /usr/bin/ovn-controller || exit 0
-test -x /usr/share/openvswitch/scripts/ovn-ctl || exit 0
-
-_SYSTEMCTL_SKIP_REDIRECT=yes
-SYSTEMCTL_SKIP_REDIRECT=yes
-
-. /usr/share/openvswitch/scripts/ovs-lib
-if [ -e /etc/default/ovn-host ]; then
- . /etc/default/ovn-host
-fi
-
-start () {
- set /usr/share/openvswitch/scripts/ovn-ctl ${1-start_controller}
- set "$@" $OVN_CTL_OPTS
- "$@" || exit $?
-}
-
-case $1 in
- start)
- start
- ;;
- stop | force-stop)
- /usr/share/openvswitch/scripts/ovn-ctl stop_controller
- ;;
- restart)
- start restart_controller
- ;;
- status)
- /usr/share/openvswitch/scripts/ovn-ctl status_controller
- exit $?
- ;;
- reload | force-reload)
- ;;
- *)
- echo "Usage: $0 {start|stop|reload|force-reload|restart|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/debian/ovn-host.install b/debian/ovn-host.install
deleted file mode 100644
index d2de82fd989..00000000000
--- a/debian/ovn-host.install
+++ /dev/null
@@ -1 +0,0 @@
-usr/bin/ovn-controller
diff --git a/debian/ovn-host.manpages b/debian/ovn-host.manpages
deleted file mode 100644
index 4f9e7bc90c1..00000000000
--- a/debian/ovn-host.manpages
+++ /dev/null
@@ -1 +0,0 @@
-ovn/controller/ovn-controller.8
diff --git a/debian/ovn-host.postinst b/debian/ovn-host.postinst
deleted file mode 100755
index 4b3edeb7549..00000000000
--- a/debian/ovn-host.postinst
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-# postinst script for ovn-host
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * `configure'
-# * `abort-upgrade'
-# * `abort-remove' `in-favour'
-#
-# * `abort-remove'
-# * `abort-deconfigure' `in-favour'
-# `removing'
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- DEFAULT=/etc/default/ovn-host
- TEMPLATE=/usr/share/ovn/host/default.template
- if ! test -e $DEFAULT; then
- cp $TEMPLATE $DEFAULT
- else
- for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE)
- do
- if ! grep $var $DEFAULT >/dev/null 2>&1; then
- echo >> $DEFAULT
- sed -n "/$var:/,/$var=/p" $TEMPLATE >> $DEFAULT
- fi
- done
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/ovn-host.postrm b/debian/ovn-host.postrm
deleted file mode 100755
index 4cceb908713..00000000000
--- a/debian/ovn-host.postrm
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-# postrm script for ovn-host
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * `remove'
-# * `purge'
-# * `upgrade'
-# * `failed-upgrade'
-# * `abort-install'
-# * `abort-install'
-# * `abort-upgrade'
-# * `disappear'
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- purge)
- rm -f /etc/default/ovn-host
- rm -f /var/log/openvswitch/ovn-controller.log* || true
- ;;
-
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-
diff --git a/debian/ovn-host.template b/debian/ovn-host.template
deleted file mode 100644
index 7fd54efda5d..00000000000
--- a/debian/ovn-host.template
+++ /dev/null
@@ -1,5 +0,0 @@
-# This is a POSIX shell fragment -*- sh -*-
-
-# OVN_CTL_OPTS: Extra options to pass to ovs-ctl. This is, for example,
-# a suitable place to specify --ovn-controller-wrapper=valgrind.
-# OVN_CTL_OPTS=
diff --git a/debian/rules b/debian/rules
index 9d0a81f1a73..77f3a19841e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,12 +53,6 @@ override_dh_install-arch:
# openvswitch-switch
cp debian/openvswitch-switch.template debian/openvswitch-switch/usr/share/openvswitch/switch/default.template
- # ovn-host
- cp debian/ovn-host.template debian/ovn-host/usr/share/ovn/host/default.template
-
- # ovn-central
- cp debian/ovn-central.template debian/ovn-central/usr/share/ovn/central/default.template
-
override_dh_install-indep:
dh_install
diff --git a/include/automake.mk b/include/automake.mk
index 01031e88dac..e982da87d78 100644
--- a/include/automake.mk
+++ b/include/automake.mk
@@ -11,7 +11,6 @@ include/odp-netlink-macros.h: include/odp-netlink.h \
EXTRA_DIST += build-aux/extract-odp-netlink-h build-aux/extract-odp-netlink-macros-h
CLEANFILES += include/odp-netlink.h include/odp-netlink-macros.h
-include include/ovn/automake.mk
include include/openflow/automake.mk
include include/openvswitch/automake.mk
include include/sparse/automake.mk
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
deleted file mode 100644
index 63d3907d866..00000000000
--- a/include/ovn/actions.h
+++ /dev/null
@@ -1,622 +0,0 @@
-/*
- * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_ACTIONS_H
-#define OVN_ACTIONS_H 1
-
-#include
-#include
-#include "compiler.h"
-#include "expr.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/uuid.h"
-#include "util.h"
-
-struct expr;
-struct lexer;
-struct ofpbuf;
-struct shash;
-struct simap;
-struct ovn_extend_table;
-
-/* List of OVN logical actions.
- *
- * This macro is used directly only internally by this header and its
- * corresponding .c file, but the list is still of interest to developers.
- *
- * Each OVNACT invocation has the following parameters:
- *
- * 1. , used below in the enum definition of OVNACT_, and
- * elsewhere.
- *
- * 2. corresponding to a structure "struct ", that must be a
- * defined below. This structure must be an abstract definition of the
- * action. Its first member must have type "struct ovnact" and name
- * "ovnact". The structure must have a fixed length, that is, it may not
- * end with a flexible array member.
- */
-#define OVNACTS \
- OVNACT(OUTPUT, ovnact_null) \
- OVNACT(NEXT, ovnact_next) \
- OVNACT(LOAD, ovnact_load) \
- OVNACT(MOVE, ovnact_move) \
- OVNACT(EXCHANGE, ovnact_move) \
- OVNACT(DEC_TTL, ovnact_null) \
- OVNACT(CT_NEXT, ovnact_ct_next) \
- OVNACT(CT_COMMIT, ovnact_ct_commit) \
- OVNACT(CT_DNAT, ovnact_ct_nat) \
- OVNACT(CT_SNAT, ovnact_ct_nat) \
- OVNACT(CT_LB, ovnact_ct_lb) \
- OVNACT(CT_CLEAR, ovnact_null) \
- OVNACT(CLONE, ovnact_nest) \
- OVNACT(ARP, ovnact_nest) \
- OVNACT(ICMP4, ovnact_nest) \
- OVNACT(ICMP4_ERROR, ovnact_nest) \
- OVNACT(ICMP6, ovnact_nest) \
- OVNACT(IGMP, ovnact_null) \
- OVNACT(TCP_RESET, ovnact_nest) \
- OVNACT(ND_NA, ovnact_nest) \
- OVNACT(ND_NA_ROUTER, ovnact_nest) \
- OVNACT(GET_ARP, ovnact_get_mac_bind) \
- OVNACT(PUT_ARP, ovnact_put_mac_bind) \
- OVNACT(GET_ND, ovnact_get_mac_bind) \
- OVNACT(PUT_ND, ovnact_put_mac_bind) \
- OVNACT(PUT_DHCPV4_OPTS, ovnact_put_opts) \
- OVNACT(PUT_DHCPV6_OPTS, ovnact_put_opts) \
- OVNACT(SET_QUEUE, ovnact_set_queue) \
- OVNACT(DNS_LOOKUP, ovnact_dns_lookup) \
- OVNACT(LOG, ovnact_log) \
- OVNACT(PUT_ND_RA_OPTS, ovnact_put_opts) \
- OVNACT(ND_NS, ovnact_nest) \
- OVNACT(SET_METER, ovnact_set_meter) \
- OVNACT(OVNFIELD_LOAD, ovnact_load) \
- OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger) \
- OVNACT(TRIGGER_EVENT, ovnact_controller_event)
-
-/* enum ovnact_type, with a member OVNACT_ for each action. */
-enum OVS_PACKED_ENUM ovnact_type {
-#define OVNACT(ENUM, STRUCT) OVNACT_##ENUM,
- OVNACTS
-#undef OVNACT
-};
-
-/* Define N_OVNACTS to the number of types of ovnacts. */
-enum {
-#define OVNACT(ENUM, STRUCT) + 1
- N_OVNACTS = OVNACTS
-#undef OVNACT
-};
-
-/* Header for an action.
- *
- * Each action is a structure "struct ovnact_*" that begins with "struct
- * ovnact", usually followed by other data that describes the action. Actions
- * are padded out to a multiple of OVNACT_ALIGNTO bytes in length.
- */
-struct ovnact {
- /* We want the space advantage of an 8-bit type here on every
- * implementation, without giving up the advantage of having a useful type
- * on implementations that support packed enums. */
-#ifdef HAVE_PACKED_ENUM
- enum ovnact_type type; /* OVNACT_*. */
-#else
- uint8_t type; /* OVNACT_* */
-#endif
- uint8_t pad; /* Pad to multiple of 16 bits. */
-
- uint16_t len; /* Length of the action, in bytes, including
- * struct ovnact, excluding padding. */
-};
-BUILD_ASSERT_DECL(sizeof(struct ovnact) == 4);
-
-/* Alignment. */
-#define OVNACT_ALIGNTO 8
-#define OVNACT_ALIGN(SIZE) ROUND_UP(SIZE, OVNACT_ALIGNTO)
-
-/* Returns the ovnact following 'ovnact'. */
-static inline struct ovnact *
-ovnact_next(const struct ovnact *ovnact)
-{
- return (void *) ((uint8_t *) ovnact + OVNACT_ALIGN(ovnact->len));
-}
-
-struct ovnact *ovnact_next_flattened(const struct ovnact *);
-
-static inline struct ovnact *
-ovnact_end(const struct ovnact *ovnacts, size_t ovnacts_len)
-{
- return (void *) ((uint8_t *) ovnacts + ovnacts_len);
-}
-
-/* Assigns POS to each ovnact, in turn, in the OVNACTS_LEN bytes of ovnacts
- * starting at OVNACTS. */
-#define OVNACT_FOR_EACH(POS, OVNACTS, OVNACTS_LEN) \
- for ((POS) = (OVNACTS); (POS) < ovnact_end(OVNACTS, OVNACTS_LEN); \
- (POS) = ovnact_next(POS))
-
-static inline int
-ovnacts_count(const struct ovnact *ovnacts, size_t ovnacts_len)
-{
- uint8_t n_ovnacts = 0;
- if (ovnacts) {
- const struct ovnact *a;
-
- OVNACT_FOR_EACH (a, ovnacts, ovnacts_len) {
- n_ovnacts++;
- }
- }
- return n_ovnacts;
-}
-
-/* Action structure for each OVNACT_*. */
-
-/* Action structure for actions that do not have any extra data beyond the
- * action type. */
-struct ovnact_null {
- struct ovnact ovnact;
-};
-
-/* Logical pipeline in which a set of actions is executed. */
-enum ovnact_pipeline {
- OVNACT_P_INGRESS,
- OVNACT_P_EGRESS,
-};
-
-/* OVNACT_NEXT. */
-struct ovnact_next {
- struct ovnact ovnact;
-
- /* Arguments. */
- uint8_t ltable; /* Logical table ID of next table. */
- enum ovnact_pipeline pipeline; /* Pipeline of next table. */
-
- /* Information about the flow that the action is in. This does not affect
- * behavior, since the implementation of "next" doesn't depend on the
- * source table or pipeline. It does affect how ovnacts_format() prints
- * the action. */
- uint8_t src_ltable; /* Logical table ID of source table. */
- enum ovnact_pipeline src_pipeline; /* Pipeline of source table. */
-};
-
-/* OVNACT_LOAD. */
-struct ovnact_load {
- struct ovnact ovnact;
- struct expr_field dst;
- union expr_constant imm;
-};
-
-/* OVNACT_MOVE, OVNACT_EXCHANGE. */
-struct ovnact_move {
- struct ovnact ovnact;
- struct expr_field lhs;
- struct expr_field rhs;
-};
-
-/* OVNACT_CT_NEXT. */
-struct ovnact_ct_next {
- struct ovnact ovnact;
- uint8_t ltable; /* Logical table ID of next table. */
-};
-
-/* OVNACT_CT_COMMIT. */
-struct ovnact_ct_commit {
- struct ovnact ovnact;
- uint32_t ct_mark, ct_mark_mask;
- ovs_be128 ct_label, ct_label_mask;
-};
-
-/* OVNACT_CT_DNAT, OVNACT_CT_SNAT. */
-struct ovnact_ct_nat {
- struct ovnact ovnact;
- ovs_be32 ip;
- uint8_t ltable; /* Logical table ID of next table. */
-};
-
-struct ovnact_ct_lb_dst {
- int family;
- union {
- struct in6_addr ipv6;
- ovs_be32 ipv4;
- };
- uint16_t port;
-};
-
-/* OVNACT_CT_LB. */
-struct ovnact_ct_lb {
- struct ovnact ovnact;
- struct ovnact_ct_lb_dst *dsts;
- size_t n_dsts;
- uint8_t ltable; /* Logical table ID of next table. */
-};
-
-/* OVNACT_ARP, OVNACT_ND_NA, OVNACT_CLONE. */
-struct ovnact_nest {
- struct ovnact ovnact;
- struct ovnact *nested;
- size_t nested_len;
-};
-
-/* OVNACT_GET_ARP, OVNACT_GET_ND. */
-struct ovnact_get_mac_bind {
- struct ovnact ovnact;
- struct expr_field port; /* Logical port name. */
- struct expr_field ip; /* 32-bit or 128-bit IP address. */
-};
-
-/* OVNACT_PUT_ARP, ONVACT_PUT_ND. */
-struct ovnact_put_mac_bind {
- struct ovnact ovnact;
- struct expr_field port; /* Logical port name. */
- struct expr_field ip; /* 32-bit or 128-bit IP address. */
- struct expr_field mac; /* 48-bit Ethernet address. */
-};
-
-struct ovnact_gen_option {
- const struct gen_opts_map *option;
- struct expr_constant_set value;
-};
-
-/* OVNACT_PUT_DHCPV4_OPTS, OVNACT_PUT_DHCPV6_OPTS. */
-struct ovnact_put_opts {
- struct ovnact ovnact;
- struct expr_field dst; /* 1-bit destination field. */
- struct ovnact_gen_option *options;
- size_t n_options;
-};
-
-/* Valid arguments to SET_QUEUE action.
- *
- * QDISC_MIN_QUEUE_ID is the default queue, so user-defined queues should
- * start at QDISC_MIN_QUEUE_ID+1. */
-#define QDISC_MIN_QUEUE_ID 0
-#define QDISC_MAX_QUEUE_ID 0xf000
-
-/* OVNACT_SET_QUEUE. */
-struct ovnact_set_queue {
- struct ovnact ovnact;
- uint16_t queue_id;
-};
-
-/* OVNACT_DNS_LOOKUP. */
-struct ovnact_dns_lookup {
- struct ovnact ovnact;
- struct expr_field dst; /* 1-bit destination field. */
-};
-
-/* OVNACT_LOG. */
-struct ovnact_log {
- struct ovnact ovnact;
- uint8_t verdict; /* One of LOG_VERDICT_*. */
- uint8_t severity; /* One of LOG_SEVERITY_*. */
- char *name;
- char *meter;
-};
-
-/* OVNACT_SET_METER. */
-struct ovnact_set_meter {
- struct ovnact ovnact;
- uint64_t rate; /* rate field, in kbps. */
- uint64_t burst; /* burst rate field, in kbps. */
-};
-
-/* OVNACT_CHECK_IP_PKT_LARGER. */
-struct ovnact_check_pkt_larger {
- struct ovnact ovnact;
- uint16_t pkt_len;
- struct expr_field dst; /* 1-bit destination field. */
-};
-
-/* OVNACT_EVENT. */
-struct ovnact_controller_event {
- struct ovnact ovnact;
- int event_type; /* controller event type */
- struct ovnact_gen_option *options;
- size_t n_options;
-};
-
-/* Internal use by the helpers below. */
-void ovnact_init(struct ovnact *, enum ovnact_type, size_t len);
-void *ovnact_put(struct ofpbuf *, enum ovnact_type, size_t len);
-
-/* For each OVNACT_ with a corresponding struct , this defines
- * the following commonly useful functions:
- *
- * struct *ovnact_put_(struct ofpbuf *ovnacts);
- *
- * Appends a new 'ovnact', of length OVNACT__SIZE, to 'ovnacts',
- * initializes it with ovnact_init_(), and returns it. Also sets
- * 'ovnacts->header' to the returned action.
- *
- * struct *ovnact_get_(const struct ovnact *ovnact);
- *
- * Returns 'ovnact' cast to "struct *". 'ovnact->type' must be
- * OVNACT_.
- *
- * as well as the following more rarely useful definitions:
- *
- * void ovnact_init_(struct *ovnact);
- *
- * Initializes the parts of 'ovnact' that identify it as having type
- * OVNACT_ and length OVNACT__SIZE and zeros the rest.
- *
- * _SIZE
- *
- * The size of the action structure, that is, sizeof(struct )
- * rounded up to a multiple of OVNACT_ALIGNTO.
- */
-#define OVNACT(ENUM, STRUCT) \
- BUILD_ASSERT_DECL(offsetof(struct STRUCT, ovnact) == 0); \
- \
- enum { OVNACT_##ENUM##_SIZE = OVNACT_ALIGN(sizeof(struct STRUCT)) }; \
- \
- static inline struct STRUCT * \
- ovnact_get_##ENUM(const struct ovnact *ovnact) \
- { \
- ovs_assert(ovnact->type == OVNACT_##ENUM); \
- return ALIGNED_CAST(struct STRUCT *, ovnact); \
- } \
- \
- static inline struct STRUCT * \
- ovnact_put_##ENUM(struct ofpbuf *ovnacts) \
- { \
- return ovnact_put(ovnacts, OVNACT_##ENUM, \
- OVNACT_##ENUM##_SIZE); \
- } \
- \
- static inline void \
- ovnact_init_##ENUM(struct STRUCT *ovnact) \
- { \
- ovnact_init(&ovnact->ovnact, OVNACT_##ENUM, \
- OVNACT_##ENUM##_SIZE); \
- }
-OVNACTS
-#undef OVNACT
-
-enum action_opcode {
- /* "arp { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ARP,
-
- /* "put_arp(port, ip, mac)"
- *
- * Arguments are passed through the packet metadata and data, as follows:
- *
- * MFF_REG0 = ip
- * MFF_LOG_INPORT = port
- * MFF_ETH_SRC = mac
- */
- ACTION_OPCODE_PUT_ARP,
-
- /* "result = put_dhcp_opts(offer_ip, option, ...)".
- *
- * Arguments follow the action_header, in this format:
- * - A 32-bit or 64-bit OXM header designating the result field.
- * - A 32-bit integer specifying a bit offset within the result field.
- * - The 32-bit DHCP offer IP.
- * - Any number of DHCP options.
- */
- ACTION_OPCODE_PUT_DHCP_OPTS,
-
- /* "nd_na { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ND_NA,
-
- /* "put_nd(port, ip6, mac)"
- *
- * Arguments are passed through the packet metadata and data, as follows:
- *
- * MFF_XXREG0 = ip6
- * MFF_LOG_INPORT = port
- * MFF_ETH_SRC = mac
- */
- ACTION_OPCODE_PUT_ND,
-
- /* "result = put_dhcpv6_opts(option, ...)".
- *
- * Arguments follow the action_header, in this format:
- * - A 32-bit or 64-bit OXM header designating the result field.
- * - A 32-bit integer specifying a bit offset within the result field.
- * - Any number of DHCPv6 options.
- */
- ACTION_OPCODE_PUT_DHCPV6_OPTS,
-
- /* "result = dns_lookup()".
- * Arguments follow the action_header, in this format:
- * - A 32-bit or 64-bit OXM header designating the result field.
- * - A 32-bit integer specifying a bit offset within the result field.
- *
- */
- ACTION_OPCODE_DNS_LOOKUP,
-
- /* "log(arguments)".
- *
- * Arguments are as follows:
- * - An 8-bit verdict.
- * - An 8-bit severity.
- * - A variable length string containing the name.
- */
- ACTION_OPCODE_LOG,
-
- /* "result = put_nd_ra_opts(option, ...)".
- * Arguments follow the action_header, in this format:
- * - A 32-bit or 64-bit OXM header designating the result field.
- * - A 32-bit integer specifying a bit offset within the result field.
- * - Any number of ICMPv6 options.
- */
- ACTION_OPCODE_PUT_ND_RA_OPTS,
-
- /* "nd_ns { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ND_NS,
-
- /* "icmp4 { ...actions... } and icmp6 { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ICMP,
-
- /* "tcp_reset { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_TCP_RESET,
-
- /* "nd_na_router { ...actions... }" with rso flag 'ND_RSO_ROUTER' set.
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ND_NA_ROUTER,
-
- /* MTU value (to put in the icmp4 header field - frag_mtu) follow the
- * action header. */
- ACTION_OPCODE_PUT_ICMP4_FRAG_MTU,
-
- /* "icmp4_error { ...actions... }".
- *
- * The actions, in OpenFlow 1.3 format, follow the action_header.
- */
- ACTION_OPCODE_ICMP4_ERROR,
-
- /* "trigger_event (event_type)" */
- ACTION_OPCODE_EVENT,
-
- /* "igmp".
- *
- * Snoop IGMP, learn the multicast participants
- */
- ACTION_OPCODE_IGMP,
-};
-
-/* Header. */
-struct action_header {
- ovs_be32 opcode; /* One of ACTION_OPCODE_* */
- uint8_t pad[4];
-};
-BUILD_ASSERT_DECL(sizeof(struct action_header) == 8);
-
-OVS_PACKED(
-struct ovnfield_act_header {
- ovs_be16 id; /* one of enum ovnfield_id. */
- ovs_be16 len; /* Length of the ovnfield data. */
-});
-
-struct ovnact_parse_params {
- /* A table of "struct expr_symbol"s to support (as one would provide to
- * expr_parse()). */
- const struct shash *symtab;
-
- /* hmap of 'struct gen_opts_map' to support 'put_dhcp_opts' action */
- const struct hmap *dhcp_opts;
-
- /* hmap of 'struct gen_opts_map' to support 'put_dhcpv6_opts' action */
- const struct hmap *dhcpv6_opts;
-
- /* hmap of 'struct gen_opts_map' to support 'put_nd_ra_opts' action */
- const struct hmap *nd_ra_opts;
-
- /* Array of hmap of 'struct gen_opts_map' to support 'trigger_event'
- * action */
- const struct controller_event_options *controller_event_opts;
-
- /* Each OVN flow exists in a logical table within a logical pipeline.
- * These parameters express this context for a set of OVN actions being
- * parsed:
- *
- * - 'n_tables' is the number of tables in the logical ingress and
- * egress pipelines, that is, "next" may specify a table less than
- * or equal to 'n_tables'. If 'n_tables' is 0 then "next" is
- * disallowed entirely.
- *
- * - 'cur_ltable' is the logical table of the current flow, within
- * 'pipeline'. If cur_ltable + 1 < n_tables, then this defines the
- * default table that "next" will jump to.
- *
- * - 'pipeline' is the logical pipeline. It is the default pipeline to
- * which 'next' will jump. If 'pipeline' is OVNACT_P_EGRESS, then
- * 'next' will also be able to jump into the ingress pipeline, but
- * the reverse is not true. */
- enum ovnact_pipeline pipeline; /* Logical pipeline. */
- uint8_t n_tables; /* Number of logical flow tables. */
- uint8_t cur_ltable; /* 0 <= cur_ltable < n_tables. */
-};
-
-bool ovnacts_parse(struct lexer *, const struct ovnact_parse_params *,
- struct ofpbuf *ovnacts, struct expr **prereqsp);
-char *ovnacts_parse_string(const char *s, const struct ovnact_parse_params *,
- struct ofpbuf *ovnacts, struct expr **prereqsp)
- OVS_WARN_UNUSED_RESULT;
-
-void ovnacts_format(const struct ovnact[], size_t ovnacts_len, struct ds *);
-
-struct ovnact_encode_params {
- /* Looks up logical port 'port_name'. If found, stores its port number in
- * '*portp' and returns true; otherwise, returns false. */
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp);
- const void *aux;
-
- /* 'true' if the flow is for a switch. */
- bool is_switch;
-
- /* A struct to figure out the group_id for group actions. */
- struct ovn_extend_table *group_table;
-
- /* A struct to figure out the meter_id for meter actions. */
- struct ovn_extend_table *meter_table;
-
- /* The logical flow uuid that drove this action. */
- struct uuid lflow_uuid;
-
- /* OVN maps each logical flow table (ltable), one-to-one, onto a physical
- * OpenFlow flow table (ptable). A number of parameters describe this
- * mapping and data related to flow tables:
- *
- * - 'pipeline' is the logical pipeline in which the actions are
- * executing.
- *
- * - 'ingress_ptable' is the OpenFlow table that corresponds to OVN
- * ingress table 0.
- *
- * - 'egress_ptable' is the OpenFlow table that corresponds to OVN
- * egress table 0.
- *
- * - 'output_ptable' should be the OpenFlow table to which the logical
- * "output" action will resubmit.
- *
- * - 'mac_bind_ptable' should be the OpenFlow table used to track MAC
- * bindings. */
- enum ovnact_pipeline pipeline; /* Logical pipeline. */
- uint8_t ingress_ptable; /* First OpenFlow ingress table. */
- uint8_t egress_ptable; /* First OpenFlow egress table. */
- uint8_t output_ptable; /* OpenFlow table for 'output' to resubmit. */
- uint8_t mac_bind_ptable; /* OpenFlow table for 'get_arp'/'get_nd' to
- resubmit. */
-};
-
-void ovnacts_encode(const struct ovnact[], size_t ovnacts_len,
- const struct ovnact_encode_params *,
- struct ofpbuf *ofpacts);
-
-void ovnacts_free(struct ovnact[], size_t ovnacts_len);
-
-#endif /* ovn/actions.h */
diff --git a/include/ovn/automake.mk b/include/ovn/automake.mk
deleted file mode 100644
index 54b0e2c0e61..00000000000
--- a/include/ovn/automake.mk
+++ /dev/null
@@ -1,6 +0,0 @@
-ovnincludedir = $(includedir)/ovn
-ovninclude_HEADERS = \
- include/ovn/actions.h \
- include/ovn/expr.h \
- include/ovn/lex.h \
- include/ovn/logical-fields.h
diff --git a/include/ovn/expr.h b/include/ovn/expr.h
deleted file mode 100644
index 22f633e5776..00000000000
--- a/include/ovn/expr.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/*
- * Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_EXPR_H
-#define OVN_EXPR_H 1
-
-/* OVN matching expression tree
- * ============================
- *
- * The data structures here form an abstract expression tree for matching
- * expressions in OVN.
- *
- * The abstract syntax tree representation of a matching expression is one of:
- *
- * - A Boolean literal ("true" or "false").
- *
- * - A comparison of a field (or part of a field) against a constant
- * with one of the operators == != < <= > >=.
- *
- * - The logical AND or OR of two or more matching expressions.
- *
- * Literals and comparisons are called "terminal" nodes, logical AND and OR
- * nodes are "nonterminal" nodes.
- *
- * The syntax for expressions includes a few other concepts that are not part
- * of the abstract syntax tree. In these examples, x is a field, a, b, and c
- * are constants, and e1 and e2 are arbitrary expressions:
- *
- * - Logical NOT. The parser implements NOT by inverting the sense of the
- * operand: !(x == a) becomes x != a, !(e1 && e2) becomes !e1 || !e2, and
- * so on.
- *
- * - Set membership. The parser translates x == {a, b, c} into
- * x == a || x == b || x == c.
- *
- * - Reversed comparisons. The parser translates a < x into x > a.
- *
- * - Range expressions. The parser translates a < x < b into
- * x > a && x < b.
- */
-
-#include "classifier.h"
-#include "lex.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/list.h"
-#include "openvswitch/match.h"
-#include "openvswitch/meta-flow.h"
-#include "logical-fields.h"
-
-struct ds;
-struct expr;
-struct flow;
-struct ofpbuf;
-struct shash;
-struct simap;
-struct sset;
-
-/* "Measurement level" of a field. See "Level of Measurement" in the large
- * comment on struct expr_symbol below for more information. */
-enum expr_level {
- EXPR_L_NOMINAL,
-
- /* Boolean values are nominal, however because of their simple nature OVN
- * can allow both equality and inequality tests on them. */
- EXPR_L_BOOLEAN,
-
- /* Ordinal values can at least be ordered on a scale. OVN allows equality
- * and inequality and relational tests on ordinal values. These are the
- * fields on which OVS allows bitwise matching. */
- EXPR_L_ORDINAL
-};
-
-const char *expr_level_to_string(enum expr_level);
-
-/* A symbol.
- *
- *
- * Name
- * ====
- *
- * Every symbol must have a name. To be useful, the name must satisfy the
- * lexer's syntax for an identifier.
- *
- *
- * Width
- * =====
- *
- * Every symbol has a width. For integer symbols, this is the number of bits
- * in the value; for string symbols, this is 0.
- *
- *
- * Types
- * =====
- *
- * There are three kinds of symbols:
- *
- * Fields:
- *
- * One might, for example, define a field named "vlan.tci" to refer to
- * MFF_VLAN_TCI. 'field' specifies the field.
- *
- * 'parent' and 'predicate' are NULL, and 'parent_ofs' is 0.
- *
- * Integer fields can be nominal or ordinal (see below). String fields are
- * always nominal.
- *
- * Subfields:
- *
- * 'parent' specifies the field (which may itself be a subfield,
- * recursively) in which the subfield is embedded, and 'parent_ofs' a
- * bitwise offset from the least-significant bit of the parent. The
- * subfield can contain a subset of the bits of the parent or all of them
- * (in the latter case the subfield is really just a synonym for the
- * parent).
- *
- * 'field' and 'predicate' are NULL.
- *
- * Only ordinal fields (see below) may have subfields, and subfields are
- * always ordinal.
- *
- * Predicates:
- *
- * A predicate is an arbitrary Boolean expression that can be used in an
- * expression much like a 1-bit field. 'predicate' specifies the Boolean
- * expression, e.g. "ip4" might expand to "eth.type == 0x800". The
- * epxression might refer to other predicates, e.g. "icmp4" might expand to
- * "ip4 && ip4.proto == 1".
- *
- * 'field' and 'parent' are NULL, and 'parent_ofs' is 0.
- *
- * A predicate that refers to any nominal field or predicate (see below) is
- * nominal; other predicates have Boolean level of measurement.
- *
- *
- * Level of Measurement
- * ====================
- *
- * See http://en.wikipedia.org/wiki/Level_of_measurement for the statistical
- * concept on which this classification is based. There are three levels:
- *
- * Ordinal:
- *
- * In statistics, ordinal values can be ordered on a scale. Here, we
- * consider a field (or subfield) to be ordinal if its bits can be examined
- * individually. This is true for the OpenFlow fields that OpenFlow or
- * Open vSwitch makes "maskable".
- *
- * OVN supports all the usual arithmetic relations (== != < <= > >=) on
- * ordinal fields and their subfields, because all of these can be
- * implemented as collections of bitwise tests.
- *
- * Nominal:
- *
- * In statistics, nominal values cannot be usefully compared except for
- * equality. This is true of OpenFlow port numbers, Ethernet types, and IP
- * protocols are examples: all of these are just identifiers assigned
- * arbitrarily with no deeper meaning. In OpenFlow and Open vSwitch, bits
- * in these fields generally aren't individually addressable.
- *
- * OVN only supports arithmetic tests for equality on nominal fields,
- * because OpenFlow and Open vSwitch provide no way for a flow to
- * efficiently implement other comparisons on them. (A test for inequality
- * can be sort of built out of two flows with different priorities, but OVN
- * matching expressions always generate flows with a single priority.)
- *
- * String fields are always nominal.
- *
- * Boolean:
- *
- * A nominal field that has only two values, 0 and 1, is somewhat
- * exceptional, since it is easy to support both equality and inequality
- * tests on such a field: either one can be implemented as a test for 0 or
- * 1.
- *
- * Only predicates (see above) have a Boolean level of measurement.
- *
- * This isn't a standard level of measurement.
- *
- *
- * Prerequisites
- * =============
- *
- * Any symbol can have prerequisites, which are specified as a string giving an
- * additional expression that must be true whenever the symbol is referenced.
- * For example, the "icmp4.type" symbol might have prerequisite "icmp4", which
- * would cause an expression "icmp4.type == 0" to be interpreted as "icmp4.type
- * == 0 && icmp4", which would in turn expand to "icmp4.type == 0 && eth.type
- * == 0x800 && ip4.proto == 1" (assuming "icmp4" is a predicate defined as
- * suggested under "Types" above).
- *
- *
- * Crossproducting
- * ===============
- *
- * Ordinarily OVN is willing to consider using any field as a dimension in the
- * Open vSwitch "conjunctive match" extension (see ovs-ofctl(8)). However,
- * some fields can't actually be used that way because they are necessary as
- * prerequisites. For example, from an expression like "tcp.src == {1,2,3}
- * && tcp.dst == {4,5,6}", OVN might naturally generate flows like this:
- *
- * conj_id=1,actions=...
- * ip,actions=conjunction(1,1/3)
- * ip6,actions=conjunction(1,1/3)
- * tp_src=1,actions=conjunction(1,2/3)
- * tp_src=2,actions=conjunction(1,2/3)
- * tp_src=3,actions=conjunction(1,2/3)
- * tp_dst=4,actions=conjunction(1,3/3)
- * tp_dst=5,actions=conjunction(1,3/3)
- * tp_dst=6,actions=conjunction(1,3/3)
- *
- * but that's not valid because any flow that matches on tp_src or tp_dst must
- * also match on either ip or ip6. Thus, one would mark eth.type as "must
- * crossproduct", to force generating flows like this:
- *
- * conj_id=1,actions=...
- * ip,tp_src=1,actions=conjunction(1,1/2)
- * ip,tp_src=2,actions=conjunction(1,1/2)
- * ip,tp_src=3,actions=conjunction(1,1/2)
- * ip6,tp_src=1,actions=conjunction(1,1/2)
- * ip6,tp_src=2,actions=conjunction(1,1/2)
- * ip6,tp_src=3,actions=conjunction(1,1/2)
- * ip,tp_dst=4,actions=conjunction(1,2/2)
- * ip,tp_dst=5,actions=conjunction(1,2/2)
- * ip,tp_dst=6,actions=conjunction(1,2/2)
- * ip6,tp_dst=4,actions=conjunction(1,2/2)
- * ip6,tp_dst=5,actions=conjunction(1,2/2)
- * ip6,tp_dst=6,actions=conjunction(1,2/2)
- *
- * which are acceptable.
- */
-struct expr_symbol {
- char *name;
- int width;
-
- const struct mf_field *field; /* Fields only, otherwise NULL. */
- const struct ovn_field *ovn_field; /* OVN Fields only, otherwise NULL. */
- const struct expr_symbol *parent; /* Subfields only, otherwise NULL. */
- int parent_ofs; /* Subfields only, otherwise 0. */
- char *predicate; /* Predicates only, otherwise NULL. */
-
- enum expr_level level;
-
- char *prereqs;
- bool must_crossproduct;
- bool rw;
-};
-
-void expr_symbol_format(const struct expr_symbol *, struct ds *);
-
-/* A reference to a symbol or a subfield of a symbol.
- *
- * For string fields, ofs and n_bits are 0. */
-struct expr_field {
- const struct expr_symbol *symbol; /* The symbol. */
- int ofs; /* Starting bit offset. */
- int n_bits; /* Number of bits. */
-};
-
-bool expr_field_parse(struct lexer *, const struct shash *symtab,
- struct expr_field *, struct expr **prereqsp);
-void expr_field_format(const struct expr_field *, struct ds *);
-
-struct expr_symbol *expr_symtab_add_field(struct shash *symtab,
- const char *name, enum mf_field_id,
- const char *prereqs,
- bool must_crossproduct);
-struct expr_symbol *expr_symtab_add_subfield(struct shash *symtab,
- const char *name,
- const char *prereqs,
- const char *subfield);
-struct expr_symbol *expr_symtab_add_string(struct shash *symtab,
- const char *name, enum mf_field_id,
- const char *prereqs);
-struct expr_symbol *expr_symtab_add_predicate(struct shash *symtab,
- const char *name,
- const char *expansion);
-struct expr_symbol *expr_symtab_add_ovn_field(struct shash *symtab,
- const char *name,
- enum ovn_field_id id);
-void expr_symtab_destroy(struct shash *symtab);
-
-/* Expression type. */
-enum expr_type {
- EXPR_T_CMP, /* Compare symbol with constant. */
- EXPR_T_AND, /* Logical AND of 2 or more subexpressions. */
- EXPR_T_OR, /* Logical OR of 2 or more subexpressions. */
- EXPR_T_BOOLEAN, /* True or false constant. */
- EXPR_T_CONDITION, /* Conditional to be evaluated in the
- * controller during expr_simplify(),
- * prior to constructing OpenFlow matches. */
-};
-
-/* Expression condition type. */
-enum expr_cond_type {
- EXPR_COND_CHASSIS_RESIDENT, /* Check if specified logical port name is
- * resident on the controller chassis. */
-};
-
-/* Relational operator. */
-enum expr_relop {
- EXPR_R_EQ, /* == */
- EXPR_R_NE, /* != */
- EXPR_R_LT, /* < */
- EXPR_R_LE, /* <= */
- EXPR_R_GT, /* > */
- EXPR_R_GE, /* >= */
-};
-const char *expr_relop_to_string(enum expr_relop);
-bool expr_relop_from_token(enum lex_type type, enum expr_relop *relop);
-
-/* An abstract syntax tree for a matching expression.
- *
- * The expression code maintains and relies on a few important invariants:
- *
- * - An EXPR_T_AND or EXPR_T_OR node never has a child of the same type.
- * (Any such children could be merged into their parent.) A node may
- * have grandchildren of its own type.
- *
- * As a consequence, every nonterminal node at the same distance from the
- * root has the same type.
- *
- * - EXPR_T_AND and EXPR_T_OR nodes must have at least two children.
- *
- * - An EXPR_T_CMP node always has a nonzero mask, and never has a 1-bit
- * in its value in a position where the mask is a 0-bit.
- *
- * The expr_honors_invariants() function can check invariants. */
-struct expr {
- struct ovs_list node; /* In parent EXPR_T_AND or EXPR_T_OR if any. */
- enum expr_type type; /* Expression type. */
-
- union {
- /* EXPR_T_CMP.
- *
- * The symbol is on the left, e.g. "field < constant". */
- struct {
- const struct expr_symbol *symbol;
- enum expr_relop relop;
-
- union {
- char *string;
- struct {
- union mf_subvalue value;
- union mf_subvalue mask;
- };
- };
- } cmp;
-
- /* EXPR_T_AND, EXPR_T_OR. */
- struct ovs_list andor;
-
- /* EXPR_T_BOOLEAN. */
- bool boolean;
-
- /* EXPR_T_CONDITION. */
- struct {
- enum expr_cond_type type;
- bool not;
- /* XXX Should arguments for conditions be generic? */
- char *string;
- } cond;
- };
-};
-
-struct expr *expr_create_boolean(bool b);
-struct expr *expr_create_andor(enum expr_type);
-struct expr *expr_combine(enum expr_type, struct expr *a, struct expr *b);
-
-static inline struct expr *
-expr_from_node(const struct ovs_list *node)
-{
- return CONTAINER_OF(node, struct expr, node);
-}
-
-void expr_format(const struct expr *, struct ds *);
-void expr_print(const struct expr *);
-struct expr *expr_parse(struct lexer *, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- struct sset *addr_sets_ref);
-struct expr *expr_parse_string(const char *, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- struct sset *addr_sets_ref,
- char **errorp);
-
-struct expr *expr_clone(struct expr *);
-void expr_destroy(struct expr *);
-
-struct expr *expr_annotate(struct expr *, const struct shash *symtab,
- char **errorp);
-struct expr *expr_simplify(struct expr *,
- bool (*is_chassis_resident)(const void *c_aux,
- const char *port_name),
- const void *c_aux);
-struct expr *expr_normalize(struct expr *);
-
-bool expr_honors_invariants(const struct expr *);
-bool expr_is_simplified(const struct expr *);
-bool expr_is_normalized(const struct expr *);
-
-char *expr_parse_microflow(const char *, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- bool (*lookup_port)(const void *aux,
- const char *port_name,
- unsigned int *portp),
- const void *aux, struct flow *uflow)
- OVS_WARN_UNUSED_RESULT;
-
-bool expr_evaluate(const struct expr *, const struct flow *uflow,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux);
-
-/* Converting expressions to OpenFlow flows. */
-
-/* An OpenFlow match generated from a Boolean expression. See
- * expr_to_matches() for more information. */
-struct expr_match {
- struct hmap_node hmap_node;
- struct match match;
- struct cls_conjunction *conjunctions;
- size_t n, allocated;
-};
-
-uint32_t expr_to_matches(const struct expr *,
- bool (*lookup_port)(const void *aux,
- const char *port_name,
- unsigned int *portp),
- const void *aux,
- struct hmap *matches);
-void expr_matches_destroy(struct hmap *matches);
-void expr_matches_print(const struct hmap *matches, FILE *);
-
-/* Action parsing helper. */
-
-char *expr_type_check(const struct expr_field *, int n_bits, bool rw)
- OVS_WARN_UNUSED_RESULT;
-struct mf_subfield expr_resolve_field(const struct expr_field *);
-
-/* Type of a "union expr_constant" or "struct expr_constant_set". */
-enum expr_constant_type {
- EXPR_C_INTEGER,
- EXPR_C_STRING
-};
-
-/* A string or integer constant (one must know which from context). */
-union expr_constant {
- /* Integer constant.
- *
- * The width of a constant isn't always clear, e.g. if you write "1",
- * there's no way to tell whether you mean for that to be a 1-bit constant
- * or a 128-bit constant or somewhere in between. */
- struct {
- union mf_subvalue value;
- union mf_subvalue mask; /* Only initialized if 'masked'. */
- bool masked;
-
- enum lex_format format; /* From the constant's lex_token. */
- };
-
- /* Null-terminated string constant. */
- char *string;
-};
-
-bool expr_constant_parse(struct lexer *, const struct expr_field *,
- union expr_constant *);
-void expr_constant_format(const union expr_constant *,
- enum expr_constant_type, struct ds *);
-void expr_constant_destroy(const union expr_constant *,
- enum expr_constant_type);
-
-/* A collection of "union expr_constant"s of the same type. */
-struct expr_constant_set {
- union expr_constant *values; /* Constants. */
- size_t n_values; /* Number of constants. */
- enum expr_constant_type type; /* Type of the constants. */
- bool in_curlies; /* Whether the constants were in {}. */
-};
-
-bool expr_constant_set_parse(struct lexer *, struct expr_constant_set *);
-void expr_constant_set_format(const struct expr_constant_set *, struct ds *);
-void expr_constant_set_destroy(struct expr_constant_set *cs);
-
-
-/* Constant sets.
- *
- * For example, instead of referring to a set of IP addresses as:
- * {addr1, addr2, ..., addrN}
- * You can register a set of values and refer to them as:
- * $name
- *
- * If convert_to_integer is true, the set must contain
- * integer/masked-integer values. The values that don't qualify
- * are ignored.
- */
-
-void expr_const_sets_add(struct shash *const_sets, const char *name,
- const char * const *values, size_t n_values,
- bool convert_to_integer);
-void expr_const_sets_remove(struct shash *const_sets, const char *name);
-void expr_const_sets_destroy(struct shash *const_sets);
-
-#endif /* ovn/expr.h */
diff --git a/include/ovn/lex.h b/include/ovn/lex.h
deleted file mode 100644
index 8d5585766e9..00000000000
--- a/include/ovn/lex.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_LEX_H
-#define OVN_LEX_H 1
-
-/* OVN lexical analyzer
- * ====================
- *
- * This is a simple lexical analyzer (or tokenizer) for OVN match expressions
- * and ACLs. */
-
-#include "openvswitch/meta-flow.h"
-
-struct ds;
-
-/* Token type. */
-enum lex_type {
- LEX_T_END, /* end of input */
-
- /* Tokens with auxiliary data. */
- LEX_T_ID, /* foo */
- LEX_T_STRING, /* "foo" */
- LEX_T_INTEGER, /* 12345 or 1.2.3.4 or ::1 or 01:02:03:04:05 */
- LEX_T_MASKED_INTEGER, /* 12345/10 or 1.2.0.0/16 or ::2/127 or... */
- LEX_T_MACRO, /* $NAME */
- LEX_T_PORT_GROUP, /* @NAME */
- LEX_T_ERROR, /* invalid input */
-
- /* Bare tokens. */
- LEX_T_LPAREN, /* ( */
- LEX_T_RPAREN, /* ) */
- LEX_T_LCURLY, /* { */
- LEX_T_RCURLY, /* } */
- LEX_T_LSQUARE, /* [ */
- LEX_T_RSQUARE, /* ] */
- LEX_T_EQ, /* == */
- LEX_T_NE, /* != */
- LEX_T_LT, /* < */
- LEX_T_LE, /* <= */
- LEX_T_GT, /* > */
- LEX_T_GE, /* >= */
- LEX_T_LOG_NOT, /* ! */
- LEX_T_LOG_AND, /* && */
- LEX_T_LOG_OR, /* || */
- LEX_T_ELLIPSIS, /* .. */
- LEX_T_COMMA, /* , */
- LEX_T_SEMICOLON, /* ; */
- LEX_T_EQUALS, /* = */
- LEX_T_EXCHANGE, /* <-> */
- LEX_T_DECREMENT, /* -- */
- LEX_T_COLON, /* : */
-};
-
-/* Subtype for LEX_T_INTEGER and LEX_T_MASKED_INTEGER tokens.
- *
- * These do not change the semantics of a token; instead, they determine the
- * format used when a token is serialized back to a text form. That's
- * important because 3232268289 is meaningless to a human whereas 192.168.128.1
- * has some actual significance. */
-enum lex_format {
- LEX_F_DECIMAL,
- LEX_F_HEXADECIMAL,
- LEX_F_IPV4,
- LEX_F_IPV6,
- LEX_F_ETHERNET,
-};
-const char *lex_format_to_string(enum lex_format);
-
-/* A token. */
-struct lex_token {
- /* One of LEX_*. */
- enum lex_type type;
-
- /* Meaningful for LEX_T_ID, LEX_T_STRING, LEX_T_ERROR, LEX_T_MACRO only.
- * For these token types, 's' may point to 'buffer'; otherwise, it points
- * to malloc()ed memory owned by the token.
- *
- * Must be NULL for other token types.
- *
- * For LEX_T_MACRO, 's' does not include the leading $. */
- char *s;
-
- /* LEX_T_INTEGER, LEX_T_MASKED_INTEGER only. */
- enum lex_format format;
-
- union {
- /* LEX_T_INTEGER, LEX_T_MASKED_INTEGER only. */
- struct {
- union mf_subvalue value; /* LEX_T_INTEGER, LEX_T_MASKED_INTEGER. */
- union mf_subvalue mask; /* LEX_T_MASKED_INTEGER only. */
- };
-
- /* LEX_T_ID, LEX_T_STRING, LEX_T_ERROR, LEX_T_MACRO only. */
- char buffer[256];
- };
-};
-
-void lex_token_init(struct lex_token *);
-void lex_token_destroy(struct lex_token *);
-void lex_token_swap(struct lex_token *, struct lex_token *);
-void lex_token_strcpy(struct lex_token *, const char *s, size_t length);
-void lex_token_strset(struct lex_token *, char *s);
-void lex_token_vsprintf(struct lex_token *, const char *format, va_list args);
-
-void lex_token_format(const struct lex_token *, struct ds *);
-const char *lex_token_parse(struct lex_token *, const char *input,
- const char **startp);
-
-/* A lexical analyzer. */
-struct lexer {
- const char *input; /* Remaining input (not owned by lexer). */
- const char *start; /* Start of current token in 'input'. */
- struct lex_token token; /* Current token (owned by lexer). */
- char *error; /* Error message, if any (owned by lexer). */
-};
-
-void lexer_init(struct lexer *, const char *input);
-void lexer_destroy(struct lexer *);
-
-enum lex_type lexer_get(struct lexer *);
-enum lex_type lexer_lookahead(const struct lexer *);
-bool lexer_match(struct lexer *, enum lex_type);
-bool lexer_force_match(struct lexer *, enum lex_type);
-bool lexer_match_id(struct lexer *, const char *id);
-bool lexer_is_int(const struct lexer *);
-bool lexer_get_int(struct lexer *, int *value);
-bool lexer_force_int(struct lexer *, int *value);
-
-bool lexer_force_end(struct lexer *);
-
-void lexer_error(struct lexer *, const char *message, ...)
- OVS_PRINTF_FORMAT(2, 3);
-void lexer_syntax_error(struct lexer *, const char *message, ...)
- OVS_PRINTF_FORMAT(2, 3);
-
-char *lexer_steal_error(struct lexer *);
-
-#endif /* ovn/lex.h */
diff --git a/include/ovn/logical-fields.h b/include/ovn/logical-fields.h
deleted file mode 100644
index 9bac8e027d2..00000000000
--- a/include/ovn/logical-fields.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_LOGICAL_FIELDS_H
-#define OVN_LOGICAL_FIELDS_H 1
-
-#include "openvswitch/meta-flow.h"
-
-struct shash;
-
-enum ovn_controller_event {
- OVN_EVENT_EMPTY_LB_BACKENDS = 0,
- OVN_EVENT_MAX,
-};
-
-/* Logical fields.
- *
- * These values are documented in ovn-architecture(7), please update the
- * documentation if you change any of them. */
-#define MFF_LOG_DATAPATH MFF_METADATA /* Logical datapath (64 bits). */
-#define MFF_LOG_FLAGS MFF_REG10 /* One of MLF_* (32 bits). */
-#define MFF_LOG_DNAT_ZONE MFF_REG11 /* conntrack dnat zone for gateway router
- * (32 bits). */
-#define MFF_LOG_SNAT_ZONE MFF_REG12 /* conntrack snat zone for gateway router
- * (32 bits). */
-#define MFF_LOG_CT_ZONE MFF_REG13 /* Logical conntrack zone for lports
- * (32 bits). */
-#define MFF_LOG_INPORT MFF_REG14 /* Logical input port (32 bits). */
-#define MFF_LOG_OUTPORT MFF_REG15 /* Logical output port (32 bits). */
-
-/* Logical registers.
- *
- * Make sure these don't overlap with the logical fields! */
-#define MFF_LOG_REG0 MFF_REG0
-#define MFF_N_LOG_REGS 10
-
-void ovn_init_symtab(struct shash *symtab);
-
-/* MFF_LOG_FLAGS_REG bit assignments */
-enum mff_log_flags_bits {
- MLF_ALLOW_LOOPBACK_BIT = 0,
- MLF_RCV_FROM_VXLAN_BIT = 1,
- MLF_FORCE_SNAT_FOR_DNAT_BIT = 2,
- MLF_FORCE_SNAT_FOR_LB_BIT = 3,
- MLF_LOCAL_ONLY_BIT = 4,
- MLF_NESTED_CONTAINER_BIT = 5,
-};
-
-/* MFF_LOG_FLAGS_REG flag assignments */
-enum mff_log_flags {
- /* Allow outputting back to inport. */
- MLF_ALLOW_LOOPBACK = (1 << MLF_ALLOW_LOOPBACK_BIT),
-
- /* Indicate that a packet was received from a VXLAN tunnel to
- * compensate for the lack of egress port information available in
- * VXLAN encapsulation. Egress port information is available for
- * Geneve and STT tunnel types. */
- MLF_RCV_FROM_VXLAN = (1 << MLF_RCV_FROM_VXLAN_BIT),
-
- /* Indicate that a packet needs a force SNAT in the gateway router when
- * DNAT has taken place. */
- MLF_FORCE_SNAT_FOR_DNAT = (1 << MLF_FORCE_SNAT_FOR_DNAT_BIT),
-
- /* Indicate that a packet needs a force SNAT in the gateway router when
- * load-balancing has taken place. */
- MLF_FORCE_SNAT_FOR_LB = (1 << MLF_FORCE_SNAT_FOR_LB_BIT),
-
- /* Indicate that a packet that should be distributed across multiple
- * hypervisors should instead only be output to local targets
- */
- MLF_LOCAL_ONLY = (1 << MLF_LOCAL_ONLY_BIT),
-
- /* Indicate that a packet was received from a nested container. */
- MLF_NESTED_CONTAINER = (1 << MLF_NESTED_CONTAINER_BIT),
-};
-
-/* OVN logical fields
- * ===================
- * These are the fields which OVN supports modifying which gets translated
- * to OFFlow controller action.
- *
- * OpenvSwitch doesn't support modifying these fields yet. If a field is
- * supported later by OpenvSwitch, it can be deleted from here.
- */
-
-enum ovn_field_id {
- /*
- * Name: "icmp4.frag_mtu" -
- * Type: be16
- * Description: Sets the low-order 16 bits of the ICMP4 header field
- * (that is labelled "unused" in the ICMP specification) of the ICMP4
- * packet as per the RFC 1191.
- */
- OVN_ICMP4_FRAG_MTU,
-
- OVN_FIELD_N_IDS
-};
-
-struct ovn_field {
- enum ovn_field_id id;
- const char *name;
- unsigned int n_bytes; /* Width of the field in bytes. */
- unsigned int n_bits; /* Number of significant bits in field. */
-};
-
-static inline const struct ovn_field *
-ovn_field_from_id(enum ovn_field_id id)
-{
- extern const struct ovn_field ovn_fields[OVN_FIELD_N_IDS];
- ovs_assert((unsigned int) id < OVN_FIELD_N_IDS);
- return &ovn_fields[id];
-}
-
-const char *event_to_string(enum ovn_controller_event event);
-int string_to_event(const char *s);
-const struct ovn_field *ovn_field_from_name(const char *name);
-void ovn_destroy_ovnfields(void);
-#endif /* ovn/lib/logical-fields.h */
diff --git a/lib/db-ctl-base.xml b/lib/db-ctl-base.xml
index a5fcc901c1b..10124c3ad01 100644
--- a/lib/db-ctl-base.xml
+++ b/lib/db-ctl-base.xml
@@ -40,8 +40,8 @@
Either a universally unique identifier in the style of RFC 4122,
e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6
, or an @
name
- defined by a get
or create
command within the same ovn-nbctl
- invocation.
+ defined by a get
or create
command within the
+ same ovs-vsctl
invocation.
@@ -177,7 +177,7 @@
- The UUIDs shown for rows created in the same ovn-nbctl
+ The UUIDs shown for rows created in the same ovs-vsctl
invocation will be wrong.
@@ -199,7 +199,7 @@
If @
name is specified, then the UUID for record may be
- referred to by that name later in the same ovn-nbctl
+ referred to by that name later in the same ovs-vsctl
invocation in contexts where a UUID is expected.
@@ -379,8 +379,8 @@
Consider specifying --timeout=0
along with
- --wait-until
, to prevent ovn-nbctl
from terminating
- after waiting only at most 5 seconds.
+ --wait-until
, to prevent ovs-vsctl
from
+ terminating after waiting only at most 5 seconds.
diff --git a/manpages.mk b/manpages.mk
index 5f43aa3874d..a66d109e347 100644
--- a/manpages.mk
+++ b/manpages.mk
@@ -1,15 +1,5 @@
# Generated automatically -- do not modify! -*- buffer-read-only: t -*-
-ovn/utilities/ovn-detrace.1: \
- ovn/utilities/ovn-detrace.1.in \
- lib/common-syn.man \
- lib/common.man \
- lib/ovs.tmac
-ovn/utilities/ovn-detrace.1.in:
-lib/common-syn.man:
-lib/common.man:
-lib/ovs.tmac:
-
ovn/utilities/ovn-sbctl.8: \
ovn/utilities/ovn-sbctl.8.in \
lib/common.man \
diff --git a/ovn/TODO.rst b/ovn/TODO.rst
deleted file mode 100644
index 33489174f7f..00000000000
--- a/ovn/TODO.rst
+++ /dev/null
@@ -1,147 +0,0 @@
-..
- Licensed under the Apache License, Version 2.0 (the "License"); you may
- not use this file except in compliance with the License. You may obtain
- a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- License for the specific language governing permissions and limitations
- under the License.
-
- Convention for heading levels in Open vSwitch documentation:
-
- ======= Heading 0 (reserved for the title in a document)
- ------- Heading 1
- ~~~~~~~ Heading 2
- +++++++ Heading 3
- ''''''' Heading 4
-
- Avoid deeper levels because they do not render well.
-
-==============
-OVN To-do List
-==============
-
-* Get incremental updates in ovn-controller and ovn-northd in some
- sensible way.
-
-* Live migration.
-
- Russell Bryant: "When you're ready to have the destination take over, you
- have to remove the iface-id from the source and add it at the destination and
- I think it'd typically be configured on both ends, since it's a clone of the
- source VM (and it's config)."
-
-* VLAN trunk ports.
-
- Russell Bryant: "Today that would require creating 4096 ports for the VM and
- attach to 4096 OVN networks, so doable, but not quite ideal."
-
-* Service function chaining.
-
-* MAC learning.
-
- Han Zhou: "To support VMs that hosts workloads with their own macs, e.g.
- containers, if not using OVN native container support."
-
-* Finish up ARP/ND support: re-checking bindings, expiring bindings.
-
-* Hitless upgrade, especially for data plane.
-
-* Use OpenFlow "bundles" for transactional data plane updates.
-
-* Dynamic IP to MAC binding enhancements.
-
- OVN has basic support for establishing IP to MAC bindings dynamically, using
- ARP.
-
- * Ratelimiting.
-
- From casual observation, Linux appears to generate at most one ARP per
- second per destination.
-
- This might be supported by adding a new OVN logical action for
- rate-limiting.
-
- * Tracking queries
-
- It's probably best to only record in the database responses to queries
- actually issued by an L3 logical router, so somehow they have to be
- tracked, probably by putting a tentative binding without a MAC address
- into the database.
-
- * Renewal and expiration.
-
- Something needs to make sure that bindings remain valid and expire those
- that become stale.
-
- One way to do this might be to add some support for time to the database
- server itself.
-
- * Table size limiting.
-
- The table of MAC bindings must not be allowed to grow unreasonably large.
-
- * MTU handling (fragmentation on output)
-
-* ovsdb-server
-
- ovsdb-server should have adequate features for OVN but it probably needs work
- for scale and possibly for availability as deployments grow. Here are some
- thoughts.
-
- * Multithreading.
-
- If it turns out that other changes don't let ovsdb-server scale
- adequately, we can multithread ovsdb-server. Initially one might
- only break protocol handling into separate threads, leaving the
- actual database work serialized through a lock.
-
- * Reducing startup time.
-
- As-is, if ovsdb-server restarts, every client will fetch a fresh copy of
- the part of the database that it cares about. With hundreds of clients,
- this could cause heavy CPU load on ovsdb-server and use excessive network
- bandwidth. It would be better to allow incremental updates even across
- connection loss. One way might be to use "Difference Digests" as described
- in Epstein et al., "What's the Difference? Efficient Set Reconciliation
- Without Prior Context". (I'm not yet aware of previous non-academic use of
- this technique.)
-
-* Support multiple tunnel encapsulations in Chassis.
-
- So far, both ovn-controller and ovn-controller-vtep only allow chassis to
- have one tunnel encapsulation entry. We should extend the implementation
- to support multiple tunnel encapsulations.
-
-* Update learned MAC addresses from VTEP to OVN
-
- The VTEP gateway stores all MAC addresses learned from its physical
- interfaces in the 'Ucast_Macs_Local' and the 'Mcast_Macs_Local' tables.
- ovn-controller-vtep should be able to update that information back to
- ovn-sb database, so that other chassis know where to send packets destined
- to the extended external network instead of broadcasting.
-
-* Translate ovn-sb Multicast_Group table into VTEP config
-
- The ovn-controller-vtep daemon should be able to translate the
- Multicast_Group table entry in ovn-sb database into Mcast_Macs_Remote table
- configuration in VTEP database.
-
-* OVN OCF pacemaker script to support Active / Passive HA for OVN dbs provides
- the option to configure the inactivity_probe value. The default 5 seconds
- inactivity_probe value is not sufficient and ovsdb-server drops the client
- IDL connections for openstack deployments when the neutron server is heavily
- loaded.
-
- We need to find a proper solution to solve this issue instead of increasing
- the inactivity_probe value.
-
-* ACL
-
- * Support FTP ALGs.
-
- * Support reject action.
diff --git a/ovn/automake.mk b/ovn/automake.mk
index b33112ef14e..afaf0688c0d 100644
--- a/ovn/automake.mk
+++ b/ovn/automake.mk
@@ -66,13 +66,6 @@ ovn/ovn-nb.5: \
$(srcdir)/ovn/ovn-nb.xml > $@.tmp && \
mv $@.tmp $@
-man_MANS += ovn/ovn-architecture.7
-EXTRA_DIST += ovn/ovn-architecture.7.xml
-CLEANFILES += ovn/ovn-architecture.7
-
-EXTRA_DIST += \
- ovn/TODO.rst
-
# Version checking for ovn-nb.ovsschema.
ALL_LOCAL += ovn/ovn-nb.ovsschema.stamp
ovn/ovn-nb.ovsschema.stamp: ovn/ovn-nb.ovsschema
@@ -85,8 +78,5 @@ ovn/ovn-sb.ovsschema.stamp: ovn/ovn-sb.ovsschema
$(srcdir)/build-aux/cksum-schema-check $? $@
CLEANFILES += ovn/ovn-sb.ovsschema.stamp
-include ovn/controller/automake.mk
-include ovn/controller-vtep/automake.mk
include ovn/lib/automake.mk
-include ovn/northd/automake.mk
include ovn/utilities/automake.mk
diff --git a/ovn/controller-vtep/.gitignore b/ovn/controller-vtep/.gitignore
deleted file mode 100644
index 3ec8072c72b..00000000000
--- a/ovn/controller-vtep/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/ovn-controller-vtep
-/ovn-controller-vtep.8
diff --git a/ovn/controller-vtep/automake.mk b/ovn/controller-vtep/automake.mk
deleted file mode 100644
index 0c83dc70a18..00000000000
--- a/ovn/controller-vtep/automake.mk
+++ /dev/null
@@ -1,14 +0,0 @@
-bin_PROGRAMS += ovn/controller-vtep/ovn-controller-vtep
-ovn_controller_vtep_ovn_controller_vtep_SOURCES = \
- ovn/controller-vtep/binding.c \
- ovn/controller-vtep/binding.h \
- ovn/controller-vtep/gateway.c \
- ovn/controller-vtep/gateway.h \
- ovn/controller-vtep/ovn-controller-vtep.c \
- ovn/controller-vtep/ovn-controller-vtep.h \
- ovn/controller-vtep/vtep.c \
- ovn/controller-vtep/vtep.h
-ovn_controller_vtep_ovn_controller_vtep_LDADD = ovn/lib/libovn.la lib/libopenvswitch.la vtep/libvtep.la
-man_MANS += ovn/controller-vtep/ovn-controller-vtep.8
-EXTRA_DIST += ovn/controller-vtep/ovn-controller-vtep.8.xml
-CLEANFILES += ovn/controller-vtep/ovn-controller-vtep.8
diff --git a/ovn/controller-vtep/binding.c b/ovn/controller-vtep/binding.c
deleted file mode 100644
index 9cbfadc71c0..00000000000
--- a/ovn/controller-vtep/binding.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "binding.h"
-
-#include "openvswitch/shash.h"
-#include "lib/smap.h"
-#include "lib/util.h"
-#include "openvswitch/vlog.h"
-#include "ovn-controller-vtep.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "vtep/vtep-idl.h"
-
-VLOG_DEFINE_THIS_MODULE(binding);
-
-/*
- * This module scans through the Port_Binding table in ovnsb. If there is a
- * logical port binding entry for logical switch in vtep gateway chassis's
- * 'vtep_logical_switches' column, sets the binding's chassis column to the
- * corresponding vtep gateway chassis.
- *
- */
-
-
-/* Returns true if the 'vtep_lswitch' specified in 'port_binding_rec'
- * has already been bound to another port binding entry, and resets
- * 'port_binding_rec''s chassis column. Otherwise, updates 'ls_to_pb'
- * and returns false. */
-static bool
-check_pb_conflict(struct shash *ls_to_pb,
- const struct sbrec_port_binding *port_binding_rec,
- const char *chassis_name,
- const char *vtep_lswitch)
-{
- const struct sbrec_port_binding *pb_conflict =
- shash_find_data(ls_to_pb, vtep_lswitch);
-
- if (pb_conflict) {
- VLOG_WARN("logical switch (%s), on vtep gateway chassis "
- "(%s) has already been associated with logical "
- "port (%s), ignore logical port (%s)",
- vtep_lswitch, chassis_name,
- pb_conflict->logical_port,
- port_binding_rec->logical_port);
- sbrec_port_binding_set_chassis(port_binding_rec, NULL);
-
- return true;
- }
-
- shash_add(ls_to_pb, vtep_lswitch, port_binding_rec);
- return false;
-}
-
-/* Returns true if the 'vtep_lswitch' specified in 'port_binding_rec'
- * has already been bound to a different datapath, and resets
- * 'port_binding_rec''s chassis column. Otherwise, updates 'ls_to_db' and
- * returns false. */
-static bool
-check_db_conflict(struct shash *ls_to_db,
- const struct sbrec_port_binding *port_binding_rec,
- const char *chassis_name,
- const char *vtep_lswitch)
-{
- const struct sbrec_datapath_binding *db_conflict =
- shash_find_data(ls_to_db, vtep_lswitch);
-
- if (db_conflict && db_conflict != port_binding_rec->datapath) {
- VLOG_WARN("logical switch (%s), on vtep gateway chassis "
- "(%s) has already been associated with logical "
- "datapath (with tunnel key %"PRId64"), ignore "
- "logical port (%s) which belongs to logical "
- "datapath (with tunnel key %"PRId64")",
- vtep_lswitch, chassis_name,
- db_conflict->tunnel_key,
- port_binding_rec->logical_port,
- port_binding_rec->datapath->tunnel_key);
- sbrec_port_binding_set_chassis(port_binding_rec, NULL);
-
- return true;
- }
-
- shash_replace(ls_to_db, vtep_lswitch, port_binding_rec->datapath);
- return false;
-}
-
-/* Updates the 'port_binding_rec''s chassis column to 'chassis_rec'. */
-static void
-update_pb_chassis(const struct sbrec_port_binding *port_binding_rec,
- const struct sbrec_chassis *chassis_rec)
-{
- if (port_binding_rec->chassis != chassis_rec) {
- if (chassis_rec && port_binding_rec->chassis) {
- VLOG_DBG("Changing chassis association of logical "
- "port (%s) from (%s) to (%s)",
- port_binding_rec->logical_port,
- port_binding_rec->chassis->name,
- chassis_rec->name);
- }
- sbrec_port_binding_set_chassis(port_binding_rec, chassis_rec);
- }
-}
-
-
-/* Checks and updates logical port to vtep logical switch bindings for each
- * physical switch in VTEP. */
-void
-binding_run(struct controller_vtep_ctx *ctx)
-{
- if (!ctx->ovnsb_idl_txn) {
- return;
- }
-
- /* 'ls_to_db'
- *
- * Maps vtep logical switch name to the datapath binding entry. This is
- * used to guarantee that each vtep logical switch is only included
- * in only one ovn datapath (ovn logical switch). See check_db_conflict()
- * for details.
- *
- * 'ls_to_pb'
- *
- * Maps vtep logical switch name to the port binding entry. This is used
- * to guarantee that each vtep logical switch on a vtep physical switch
- * is only bound to one logical port. See check_pb_conflict() for
- * details.
- *
- */
- struct shash ls_to_db = SHASH_INITIALIZER(&ls_to_db);
-
- /* Stores the 'chassis' and the 'ls_to_pb' map related to
- * a vtep physcial switch. */
- struct ps {
- const struct sbrec_chassis *chassis_rec;
- struct shash ls_to_pb;
- };
- struct shash ps_map = SHASH_INITIALIZER(&ps_map);
- const struct vteprec_physical_switch *pswitch;
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (pswitch, ctx->vtep_idl) {
- const struct sbrec_chassis *chassis_rec
- = get_chassis_by_name(ctx->ovnsb_idl, pswitch->name);
- struct ps *ps = xmalloc(sizeof *ps);
- size_t i;
-
- /* 'chassis_rec' must exist. */
- ovs_assert(chassis_rec);
- ps->chassis_rec = chassis_rec;
- shash_init(&ps->ls_to_pb);
- for (i = 0; i < chassis_rec->n_vtep_logical_switches; i++) {
- shash_add(&ps->ls_to_pb, chassis_rec->vtep_logical_switches[i],
- NULL);
- }
- shash_add(&ps_map, chassis_rec->name, ps);
- }
-
- ovsdb_idl_txn_add_comment(ctx->ovnsb_idl_txn,
- "ovn-controller-vtep: updating bindings");
-
- const struct sbrec_port_binding *port_binding_rec;
- /* Port binding for vtep gateway chassis must have type "vtep",
- * and matched physical switch name and logical switch name. */
- SBREC_PORT_BINDING_FOR_EACH(port_binding_rec, ctx->ovnsb_idl) {
- const char *type = port_binding_rec->type;
- const char *vtep_pswitch = smap_get(&port_binding_rec->options,
- "vtep-physical-switch");
- const char *vtep_lswitch = smap_get(&port_binding_rec->options,
- "vtep-logical-switch");
- struct ps *ps
- = vtep_pswitch ? shash_find_data(&ps_map, vtep_pswitch) : NULL;
- bool found_ls
- = ps && vtep_lswitch && shash_find(&ps->ls_to_pb, vtep_lswitch);
-
- if (!strcmp(type, "vtep") && found_ls) {
- bool pb_conflict, db_conflict;
-
- pb_conflict = check_pb_conflict(&ps->ls_to_pb, port_binding_rec,
- ps->chassis_rec->name,
- vtep_lswitch);
- db_conflict = check_db_conflict(&ls_to_db, port_binding_rec,
- ps->chassis_rec->name,
- vtep_lswitch);
- /* Updates port binding's chassis column when there
- * is no conflict. */
- if (!pb_conflict && !db_conflict) {
- update_pb_chassis(port_binding_rec, ps->chassis_rec);
- }
- } else if (port_binding_rec->chassis
- && shash_find(&ps_map, port_binding_rec->chassis->name)) {
- /* Resets 'port_binding_rec' since it is no longer bound to
- * any vtep logical switch. */
- update_pb_chassis(port_binding_rec, NULL);
- }
- }
-
- struct shash_node *iter, *next;
- SHASH_FOR_EACH_SAFE (iter, next, &ps_map) {
- struct ps *ps = iter->data;
- struct shash_node *node;
-
- SHASH_FOR_EACH (node, &ps->ls_to_pb) {
- if (!node->data) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_DBG_RL(&rl, "No port binding entry for logical switch (%s)"
- "on vtep gateway chassis (%s)", node->name,
- ps->chassis_rec->name);
- }
- }
- shash_delete(&ps_map, iter);
- shash_destroy(&ps->ls_to_pb);
- free(ps);
- }
- shash_destroy(&ls_to_db);
- shash_destroy(&ps_map);
-}
-
-/* Removes all port binding association with vtep gateway chassis.
- * Returns true when done (i.e. there is no change made to 'ctx->ovnsb_idl'),
- * otherwise returns false. */
-bool
-binding_cleanup(struct controller_vtep_ctx *ctx)
-{
- if (!ctx->ovnsb_idl_txn) {
- return false;
- }
-
- struct shash ch_to_pb = SHASH_INITIALIZER(&ch_to_pb);
- const struct sbrec_port_binding *port_binding_rec;
- bool all_done = true;
- /* Hashs all port binding entries using the associated chassis name. */
- SBREC_PORT_BINDING_FOR_EACH(port_binding_rec, ctx->ovnsb_idl) {
- if (port_binding_rec->chassis) {
- shash_add(&ch_to_pb, port_binding_rec->chassis->name,
- port_binding_rec);
- }
- }
-
- ovsdb_idl_txn_add_comment(ctx->ovnsb_idl_txn,
- "ovn-controller-vtep: removing bindings");
-
- const struct vteprec_physical_switch *pswitch;
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (pswitch, ctx->vtep_idl) {
- const struct sbrec_chassis *chassis_rec
- = get_chassis_by_name(ctx->ovnsb_idl, pswitch->name);
-
- if (!chassis_rec) {
- continue;
- }
-
- for (;;) {
- port_binding_rec = shash_find_and_delete(&ch_to_pb,
- chassis_rec->name);
- if (!port_binding_rec) {
- break;
- }
- all_done = false;
- update_pb_chassis(port_binding_rec, NULL);
- }
- }
- shash_destroy(&ch_to_pb);
-
- return all_done;
-}
diff --git a/ovn/controller-vtep/binding.h b/ovn/controller-vtep/binding.h
deleted file mode 100644
index 374c1ccf8fa..00000000000
--- a/ovn/controller-vtep/binding.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OVN_BINDING_H
-#define OVN_BINDING_H 1
-
-#include
-
-struct controller_vtep_ctx;
-
-void binding_run(struct controller_vtep_ctx *);
-bool binding_cleanup(struct controller_vtep_ctx *);
-
-#endif /* ovn/controller-gw/binding.h */
diff --git a/ovn/controller-vtep/gateway.c b/ovn/controller-vtep/gateway.c
deleted file mode 100644
index 619c3c49a44..00000000000
--- a/ovn/controller-vtep/gateway.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "gateway.h"
-
-#include "openvswitch/poll-loop.h"
-#include "lib/simap.h"
-#include "lib/sset.h"
-#include "lib/util.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "vtep/vtep-idl.h"
-#include "ovn-controller-vtep.h"
-
-VLOG_DEFINE_THIS_MODULE(gateway);
-
-/*
- * Registers the physical switches in vtep to ovnsb as chassis. For each
- * physical switch in the vtep database, finds all vtep logical switches that
- * are associated with the physical switch, and updates the corresponding
- * chassis's 'vtep_logical_switches' column.
- *
- */
-
-/* Global revalidation sequence number, incremented at each call to
- * 'revalidate_gateway()'. */
-static unsigned int gw_reval_seq;
-
-/* Maps all chassis created by the gateway module to their own reval_seq. */
-static struct simap gw_chassis_map = SIMAP_INITIALIZER(&gw_chassis_map);
-
-/* Creates and returns a new instance of 'struct sbrec_chassis'. */
-static const struct sbrec_chassis *
-create_chassis_rec(struct ovsdb_idl_txn *txn, const char *name,
- const char *encap_ip)
-{
- const struct sbrec_chassis *chassis_rec;
- struct sbrec_encap *encap_rec;
-
- VLOG_INFO("add Chassis row for VTEP physical switch (%s)", name);
-
- chassis_rec = sbrec_chassis_insert(txn);
- sbrec_chassis_set_name(chassis_rec, name);
- encap_rec = sbrec_encap_insert(txn);
- sbrec_encap_set_type(encap_rec, OVN_SB_ENCAP_TYPE);
- sbrec_encap_set_ip(encap_rec, encap_ip);
- const struct smap options = SMAP_CONST1(&options, "csum", "false");
- sbrec_encap_set_options(encap_rec, &options);
- sbrec_chassis_set_encaps(chassis_rec, &encap_rec, 1);
-
- return chassis_rec;
-}
-
-/* Revalidates chassis in ovnsb against vtep database. Creates chassis for
- * new vtep physical switch. And removes chassis which no longer have
- * physical switch in vtep.
- *
- * xxx: Support multiple tunnel encaps.
- *
- * */
-static void
-revalidate_gateway(struct controller_vtep_ctx *ctx)
-{
- const struct vteprec_physical_switch *pswitch;
-
- /* Increments the global revalidation sequence number. */
- gw_reval_seq++;
-
- ovsdb_idl_txn_add_comment(ctx->ovnsb_idl_txn,
- "ovn-controller-vtep: updating vtep chassis");
-
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (pswitch, ctx->vtep_idl) {
- const struct sbrec_chassis *chassis_rec;
- struct simap_node *gw_node;
- const char *encap_ip;
-
- encap_ip = pswitch->n_tunnel_ips ? pswitch->tunnel_ips[0] : "";
- gw_node = simap_find(&gw_chassis_map, pswitch->name);
- chassis_rec = get_chassis_by_name(ctx->ovnsb_idl, pswitch->name);
- if (chassis_rec) {
- if (!gw_node &&
- (strcmp(chassis_rec->encaps[0]->type, OVN_SB_ENCAP_TYPE)
- || strcmp(chassis_rec->encaps[0]->ip, encap_ip))) {
- VLOG_WARN("Chassis config changing on startup, make sure "
- "multiple chassis are not configured : %s/%s->%s/%s",
- chassis_rec->encaps[0]->type,
- chassis_rec->encaps[0]->ip,
- OVN_SB_ENCAP_TYPE, encap_ip);
- }
- /* Updates chassis's encap if anything changed. */
- if (strcmp(chassis_rec->encaps[0]->type, OVN_SB_ENCAP_TYPE)) {
- VLOG_WARN("Chassis for VTEP physical switch (%s) can only have "
- "encap type \"%s\"", pswitch->name, OVN_SB_ENCAP_TYPE);
- sbrec_encap_set_type(chassis_rec->encaps[0], OVN_SB_ENCAP_TYPE);
- }
- if (strcmp(chassis_rec->encaps[0]->ip, encap_ip)) {
- sbrec_encap_set_ip(chassis_rec->encaps[0], encap_ip);
- }
- if (smap_get_bool(&chassis_rec->encaps[0]->options, "csum", true)) {
- const struct smap options = SMAP_CONST1(&options, "csum",
- "false");
- sbrec_encap_set_options(chassis_rec->encaps[0], &options);
- }
- } else {
- if (gw_node) {
- VLOG_WARN("Chassis for VTEP physical switch (%s) disappears, "
- "maybe deleted by ovn-sbctl, adding it back",
- pswitch->name);
- }
- /* Creates a new chassis for the VTEP physical switch. */
- create_chassis_rec(ctx->ovnsb_idl_txn, pswitch->name, encap_ip);
- }
- /* Updates or creates the simap node for 'pswitch->name'. */
- simap_put(&gw_chassis_map, pswitch->name, gw_reval_seq);
- }
-
- struct simap_node *iter, *next;
- /* For 'gw_node' in 'gw_chassis_map' whose data is not
- * 'gw_reval_seq', it means the corresponding physical switch no
- * longer exist. So, garbage collects them. */
- SIMAP_FOR_EACH_SAFE (iter, next, &gw_chassis_map) {
- if (iter->data != gw_reval_seq) {
- const struct sbrec_chassis *chassis_rec;
-
- chassis_rec = get_chassis_by_name(ctx->ovnsb_idl, iter->name);
- if (chassis_rec) {
- sbrec_chassis_delete(chassis_rec);
- }
- simap_delete(&gw_chassis_map, iter);
- }
- }
-}
-
-/* Updates the 'vtep_logical_switches' column in the Chassis table based
- * on vtep database configuration. */
-static void
-update_vtep_logical_switches(struct controller_vtep_ctx *ctx)
-{
- const struct vteprec_physical_switch *pswitch;
-
- ovsdb_idl_txn_add_comment(ctx->ovnsb_idl_txn, "ovn-controller-vtep: "
- "updating chassis's vtep_logical_switches");
-
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (pswitch, ctx->vtep_idl) {
- const struct sbrec_chassis *chassis_rec =
- get_chassis_by_name(ctx->ovnsb_idl, pswitch->name);
- struct sset lswitches = SSET_INITIALIZER(&lswitches);
- size_t i;
-
- for (i = 0; i < pswitch->n_ports; i++) {
- const struct vteprec_physical_port *port = pswitch->ports[i];
- size_t j;
-
- for (j = 0; j < port->n_vlan_bindings; j++) {
- const struct vteprec_logical_switch *vtep_lswitch;
-
- vtep_lswitch = port->value_vlan_bindings[j];
- /* If not already in 'lswitches', records it. */
- if (!sset_find(&lswitches, vtep_lswitch->name)) {
- sset_add(&lswitches, vtep_lswitch->name);
- }
- }
- }
-
- const char **ls_arr = sset_array(&lswitches);
- sbrec_chassis_set_vtep_logical_switches(chassis_rec, ls_arr,
- sset_count(&lswitches));
- free(ls_arr);
- sset_destroy(&lswitches);
- }
-}
-
-
-void
-gateway_run(struct controller_vtep_ctx *ctx)
-{
- if (!ctx->ovnsb_idl_txn) {
- return;
- }
-
- revalidate_gateway(ctx);
- update_vtep_logical_switches(ctx);
-}
-
-/* Destroys the chassis table entries for vtep physical switches.
- * Returns true when done (i.e. there is no change made to 'ctx->ovnsb_idl'),
- * otherwise returns false. */
-bool
-gateway_cleanup(struct controller_vtep_ctx *ctx)
-{
- static bool simap_destroyed = false;
- const struct vteprec_physical_switch *pswitch;
-
- if (!ctx->ovnsb_idl_txn) {
- return false;
- }
-
- bool all_done = true;
- ovsdb_idl_txn_add_comment(ctx->ovnsb_idl_txn, "ovn-controller-vtep: "
- "unregistering vtep chassis");
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (pswitch, ctx->vtep_idl) {
- const struct sbrec_chassis *chassis_rec;
-
- chassis_rec = get_chassis_by_name(ctx->ovnsb_idl, pswitch->name);
- if (!chassis_rec) {
- continue;
- }
- all_done = false;
- sbrec_chassis_delete(chassis_rec);
- }
- if (!simap_destroyed) {
- simap_destroy(&gw_chassis_map);
- simap_destroyed = true;
- }
-
- return all_done;
-}
diff --git a/ovn/controller-vtep/gateway.h b/ovn/controller-vtep/gateway.h
deleted file mode 100644
index 0086191d90f..00000000000
--- a/ovn/controller-vtep/gateway.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_GATEWAY_H
-#define OVN_GATEWAY_H 1
-
-#include
-
-struct controller_vtep_ctx;
-
-void gateway_run(struct controller_vtep_ctx *);
-bool gateway_cleanup(struct controller_vtep_ctx *);
-
-#endif /* ovn/controller-gw/gateway.h */
diff --git a/ovn/controller-vtep/ovn-controller-vtep.8.xml b/ovn/controller-vtep/ovn-controller-vtep.8.xml
deleted file mode 100644
index 2c706e46ea0..00000000000
--- a/ovn/controller-vtep/ovn-controller-vtep.8.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-
-
- Name
- ovn-controller-vtep -- Open Virtual Network local controller for
- vtep enabled physical switches.
-
-
- Synopsis
- ovn-controller-vtep
[options]
- [--vtep-db=vtep-database] [--ovnsb-db=ovnsb-database]
-
-
- Description
-
- ovn-controller-vtep
is the local controller daemon in
- OVN, the Open Virtual Network, for VTEP enabled physical switches.
- It connects up to the OVN Southbound database (see
- ovn-sb
(5)) over the OVSDB protocol, and down to the VTEP
- database (see vtep
(5)) over the OVSDB protocol.
-
-
- PKI Options
-
- PKI configuration is required in order to use SSL for the connections to
- the VTEP and Southbound databases.
-
-
-
-
-
- Configuration
-
- ovn-controller-vtep
retrieves its configuration
- information from both the ovnsb and the vtep database. If the
- database locations are not given from command line, the default
- is the db.sock
in local OVSDB's 'run' directory.
- The datapath location must take one of the following forms:
-
-
- -
-
- ssl:host:port
-
-
- The specified SSL port on the give host, which
- can either be a DNS name (if built with unbound library) or an IP
- address (IPv4 or IPv6). If host is an IPv6 address, then
- wrap host with square brackets, e.g.: ssl:[::1]:6640
.
- The --private-key
, --certificate
and either
- of --ca-cert
or --bootstrap-ca-cert
options
- are mandatory when this form is used.
-
-
- -
-
- tcp:host:port
-
-
- Connect to the given TCP port on host, where
- host can be a DNS name (if built with unbound library) or
- IP address (IPv4 or IPv6). If host is an IPv6 address,
- then wrap host with square brackets,
- e.g.: tcp:[::1]:6640
.
-
-
- -
-
- unix:file
-
-
- On POSIX, connect to the Unix domain server socket named
- file.
-
-
- On Windows, connect to a localhost TCP port whose value is written
- in file.
-
-
-
-
diff --git a/ovn/controller-vtep/ovn-controller-vtep.c b/ovn/controller-vtep/ovn-controller-vtep.c
deleted file mode 100644
index 292a3f464d3..00000000000
--- a/ovn/controller-vtep/ovn-controller-vtep.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include
-#include
-#include
-#include
-#include
-
-#include "command-line.h"
-#include "compiler.h"
-#include "daemon.h"
-#include "dirs.h"
-#include "openvswitch/dynamic-string.h"
-#include "fatal-signal.h"
-#include "openvswitch/poll-loop.h"
-#include "stream.h"
-#include "stream-ssl.h"
-#include "unixctl.h"
-#include "util.h"
-#include "openvswitch/vconn.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/ovn-util.h"
-#include "vtep/vtep-idl.h"
-
-#include "binding.h"
-#include "gateway.h"
-#include "vtep.h"
-#include "ovn-controller-vtep.h"
-
-static unixctl_cb_func ovn_controller_vtep_exit;
-
-static void parse_options(int argc, char *argv[]);
-OVS_NO_RETURN static void usage(void);
-
-static char *vtep_remote;
-static char *ovnsb_remote;
-static char *default_db_;
-
-int
-main(int argc, char *argv[])
-{
- struct unixctl_server *unixctl;
- bool exiting;
- int retval;
-
- ovs_cmdl_proctitle_init(argc, argv);
- set_program_name(argv[0]);
- service_start(&argc, &argv);
- parse_options(argc, argv);
- fatal_ignore_sigpipe();
-
- daemonize_start(false);
-
- retval = unixctl_server_create(NULL, &unixctl);
- if (retval) {
- exit(EXIT_FAILURE);
- }
- unixctl_command_register("exit", "", 0, 0, ovn_controller_vtep_exit,
- &exiting);
-
- daemonize_complete();
-
- /* Connect to VTEP database. */
- struct ovsdb_idl_loop vtep_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create(vtep_remote, &vteprec_idl_class, true, true));
- ovsdb_idl_get_initial_snapshot(vtep_idl_loop.idl);
-
- /* Connect to OVN SB database. */
- struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create(ovnsb_remote, &sbrec_idl_class, true, true));
- ovsdb_idl_get_initial_snapshot(ovnsb_idl_loop.idl);
-
- /* Main loop. */
- exiting = false;
- while (!exiting) {
- struct controller_vtep_ctx ctx = {
- .vtep_idl = vtep_idl_loop.idl,
- .vtep_idl_txn = ovsdb_idl_loop_run(&vtep_idl_loop),
- .ovnsb_idl = ovnsb_idl_loop.idl,
- .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
- };
-
- gateway_run(&ctx);
- binding_run(&ctx);
- vtep_run(&ctx);
- unixctl_server_run(unixctl);
-
- unixctl_server_wait(unixctl);
- if (exiting) {
- poll_immediate_wake();
- }
- ovsdb_idl_loop_commit_and_wait(&vtep_idl_loop);
- ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
- poll_block();
- if (should_service_stop()) {
- exiting = true;
- }
- }
-
- /* It's time to exit. Clean up the databases. */
- bool done = false;
- while (!done) {
- struct controller_vtep_ctx ctx = {
- .vtep_idl = vtep_idl_loop.idl,
- .vtep_idl_txn = ovsdb_idl_loop_run(&vtep_idl_loop),
- .ovnsb_idl = ovnsb_idl_loop.idl,
- .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
- };
-
- /* Run all of the cleanup functions, even if one of them returns false.
- * We're done if all of them return true. */
- done = binding_cleanup(&ctx);
- done = gateway_cleanup(&ctx) && done;
- done = vtep_cleanup(&ctx) && done;
- if (done) {
- poll_immediate_wake();
- }
-
- ovsdb_idl_loop_commit_and_wait(&vtep_idl_loop);
- ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
- poll_block();
- }
-
- unixctl_server_destroy(unixctl);
-
- ovsdb_idl_loop_destroy(&vtep_idl_loop);
- ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
-
- free(ovnsb_remote);
- free(vtep_remote);
- free(default_db_);
- service_stop();
-
- exit(retval);
-}
-
-static const char *
-default_db(void)
-{
- if (!default_db_) {
- default_db_ = xasprintf("unix:%s/db.sock", ovs_rundir());
- }
- return default_db_;
-}
-
-static void
-parse_options(int argc, char *argv[])
-{
- enum {
- OPT_PEER_CA_CERT = UCHAR_MAX + 1,
- OPT_BOOTSTRAP_CA_CERT,
- VLOG_OPTION_ENUMS,
- DAEMON_OPTION_ENUMS,
- SSL_OPTION_ENUMS,
- };
-
- static struct option long_options[] = {
- {"ovnsb-db", required_argument, NULL, 'd'},
- {"vtep-db", required_argument, NULL, 'D'},
- {"help", no_argument, NULL, 'h'},
- {"version", no_argument, NULL, 'V'},
- VLOG_LONG_OPTIONS,
- DAEMON_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS,
- {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
- {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
- {NULL, 0, NULL, 0}
- };
- char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
-
- for (;;) {
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, NULL);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case 'd':
- ovnsb_remote = xstrdup(optarg);
- break;
-
- case 'D':
- vtep_remote = xstrdup(optarg);
- break;
-
- case 'h':
- usage();
-
- case 'V':
- ovs_print_version(OFP13_VERSION, OFP13_VERSION);
- exit(EXIT_SUCCESS);
-
- VLOG_OPTION_HANDLERS
- DAEMON_OPTION_HANDLERS
- STREAM_SSL_OPTION_HANDLERS
-
- case OPT_PEER_CA_CERT:
- stream_ssl_set_peer_ca_cert_file(optarg);
- break;
-
- case OPT_BOOTSTRAP_CA_CERT:
- stream_ssl_set_ca_cert_file(optarg, true);
- break;
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-
- if (!ovnsb_remote) {
- ovnsb_remote = xstrdup(default_sb_db());
- }
-
- if (!vtep_remote) {
- vtep_remote = xstrdup(default_db());
- }
-}
-
-static void
-usage(void)
-{
- printf("\
-%s: OVN controller VTEP\n\
-usage %s [OPTIONS]\n\
-\n\
-Options:\n\
- --vtep-db=DATABASE connect to vtep database at DATABASE\n\
- (default: %s)\n\
- --ovnsb-db=DATABASE connect to ovn-sb database at DATABASE\n\
- (default: %s)\n\
- -h, --help display this help message\n\
- -o, --options list available options\n\
- -V, --version display version information\n\
-", program_name, program_name, default_db(), default_sb_db());
- stream_usage("database", true, false, true);
- daemon_usage();
- vlog_usage();
- exit(EXIT_SUCCESS);
-}
-
-
-static void
-ovn_controller_vtep_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *exiting_)
-{
- bool *exiting = exiting_;
- *exiting = true;
-
- unixctl_command_reply(conn, NULL);
-}
diff --git a/ovn/controller-vtep/ovn-controller-vtep.h b/ovn/controller-vtep/ovn-controller-vtep.h
deleted file mode 100644
index 435a730d920..00000000000
--- a/ovn/controller-vtep/ovn-controller-vtep.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OVN_CONTROLLER_VTEP_H
-#define OVN_CONTROLLER_VTEP_H 1
-
-#include "ovn/lib/ovn-sb-idl.h"
-
-struct ovsdb_idl;
-struct ovsdb_idl_txn;
-
-struct controller_vtep_ctx {
- struct ovsdb_idl *ovnsb_idl;
- struct ovsdb_idl_txn *ovnsb_idl_txn;
-
- struct ovsdb_idl *vtep_idl;
- struct ovsdb_idl_txn *vtep_idl_txn;
-};
-
-/* VTEP needs what VTEP needs. */
-#define OVN_SB_ENCAP_TYPE "vxlan"
-#define VTEP_ENCAP_TYPE "vxlan_over_ipv4"
-
-static inline const struct sbrec_chassis *
-get_chassis_by_name(struct ovsdb_idl *ovnsb_idl, const char *chassis_id)
-{
- const struct sbrec_chassis *chassis_rec;
-
- SBREC_CHASSIS_FOR_EACH(chassis_rec, ovnsb_idl) {
- if (!strcmp(chassis_rec->name, chassis_id)) {
- break;
- }
- }
-
- return chassis_rec;
-}
-
-#endif /* ovn/ovn-controller-vtep.h */
diff --git a/ovn/controller-vtep/vtep.c b/ovn/controller-vtep/vtep.c
deleted file mode 100644
index a72b149ebde..00000000000
--- a/ovn/controller-vtep/vtep.c
+++ /dev/null
@@ -1,600 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "vtep.h"
-
-#include "lib/hash.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/shash.h"
-#include "lib/smap.h"
-#include "lib/sset.h"
-#include "lib/util.h"
-#include "ovn-controller-vtep.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "vtep/vtep-idl.h"
-
-VLOG_DEFINE_THIS_MODULE(vtep);
-
-struct vtep_rec_physical_locator_list_entry {
- struct ovs_list locators_node;
- const struct vteprec_physical_locator *vteprec_ploc;
-};
-
-struct mmr_hash_node_data {
- const struct vteprec_mcast_macs_remote *mmr;
- struct shash physical_locators;
-};
-
-/*
- * Scans through the Binding table in ovnsb, and updates the vtep logical
- * switch tunnel keys and the 'Ucast_Macs_Remote' table in the VTEP
- * database.
- *
- */
-
-/* Searches the 'chassis_rec->encaps' for the first vtep tunnel
- * configuration, returns the 'ip'. Unless duplicated, the returned
- * pointer cannot live past current vtep_run() execution. */
-static const char *
-get_chassis_vtep_ip(const struct sbrec_chassis *chassis_rec)
-{
- if (chassis_rec) {
- size_t i;
-
- for (i = 0; i < chassis_rec->n_encaps; i++) {
- if (!strcmp(chassis_rec->encaps[i]->type, "vxlan")) {
- return chassis_rec->encaps[i]->ip;
- }
- }
- }
-
- return NULL;
-}
-
-/* Creates a new 'Ucast_Macs_Remote'. */
-static struct vteprec_ucast_macs_remote *
-create_umr(struct ovsdb_idl_txn *vtep_idl_txn, const char *mac,
- const struct vteprec_logical_switch *vtep_ls)
-{
- struct vteprec_ucast_macs_remote *new_umr =
- vteprec_ucast_macs_remote_insert(vtep_idl_txn);
-
- vteprec_ucast_macs_remote_set_MAC(new_umr, mac);
- vteprec_ucast_macs_remote_set_logical_switch(new_umr, vtep_ls);
-
- return new_umr;
-}
-
-/* Creates a new 'Physical_Locator'. */
-static struct vteprec_physical_locator *
-create_pl(struct ovsdb_idl_txn *vtep_idl_txn, const char *chassis_ip)
-{
- struct vteprec_physical_locator *new_pl =
- vteprec_physical_locator_insert(vtep_idl_txn);
-
- vteprec_physical_locator_set_dst_ip(new_pl, chassis_ip);
- vteprec_physical_locator_set_encapsulation_type(new_pl, VTEP_ENCAP_TYPE);
-
- return new_pl;
-}
-
-/* Creates a new 'Mcast_Macs_Remote'. */
-static void
-vtep_create_mmr(struct ovsdb_idl_txn *vtep_idl_txn, const char *mac,
- const struct vteprec_logical_switch *vtep_ls,
- const struct vteprec_physical_locator_set *ploc_set)
-{
- struct vteprec_mcast_macs_remote *new_mmr =
- vteprec_mcast_macs_remote_insert(vtep_idl_txn);
-
- vteprec_mcast_macs_remote_set_MAC(new_mmr, mac);
- vteprec_mcast_macs_remote_set_logical_switch(new_mmr, vtep_ls);
- vteprec_mcast_macs_remote_set_locator_set(new_mmr, ploc_set);
-}
-
-/* Compares previous and new mmr locator sets and returns true if they
- * differ and false otherwise. This function also preps a new locator
- * set for database write.
- *
- * 'locators_list' is the new set of locators for the associated
- * 'Mcast_Macs_Remote' entry passed in and is queried to generate the
- * new set of locators in vtep database format. */
-static bool
-vtep_process_pls(const struct ovs_list *locators_list,
- const struct mmr_hash_node_data *mmr_ext,
- struct vteprec_physical_locator **locators)
-{
- size_t n_locators_prev = 0;
- size_t n_locators_new = ovs_list_size(locators_list);
- bool locator_lists_differ = false;
-
- if (mmr_ext) {
- n_locators_prev = mmr_ext->mmr->locator_set->n_locators;
- }
- if (n_locators_prev != n_locators_new) {
- locator_lists_differ = true;
- }
-
- if (n_locators_new) {
- int i = 0;
- struct vtep_rec_physical_locator_list_entry *ploc_entry;
- LIST_FOR_EACH (ploc_entry, locators_node, locators_list) {
- locators[i] = (struct vteprec_physical_locator *)
- ploc_entry->vteprec_ploc;
- if (mmr_ext && !shash_find_data(&mmr_ext->physical_locators,
- locators[i]->dst_ip)) {
- locator_lists_differ = true;
- }
- i++;
- }
- }
-
- return locator_lists_differ;
-}
-
-/* Creates a new 'Mcast_Macs_Remote' entry if needed and also cleans up
- * out-dated remote mcast mac entries as needed. */
-static void
-vtep_update_mmr(struct ovsdb_idl_txn *vtep_idl_txn,
- struct ovs_list *locators_list,
- const struct vteprec_logical_switch *vtep_ls,
- const struct mmr_hash_node_data *mmr_ext)
-{
- struct vteprec_physical_locator **locators = NULL;
- size_t n_locators_new = ovs_list_size(locators_list);
- bool mmr_changed;
-
- locators = xmalloc(n_locators_new * sizeof *locators);
-
- mmr_changed = vtep_process_pls(locators_list, mmr_ext, locators);
-
- if (mmr_ext && !n_locators_new) {
- vteprec_mcast_macs_remote_delete(mmr_ext->mmr);
- } else if ((mmr_ext && mmr_changed) ||
- (!mmr_ext && n_locators_new)) {
-
- const struct vteprec_physical_locator_set *ploc_set =
- vteprec_physical_locator_set_insert(vtep_idl_txn);
-
- vtep_create_mmr(vtep_idl_txn, "unknown-dst", vtep_ls, ploc_set);
-
- vteprec_physical_locator_set_set_locators(ploc_set, locators,
- n_locators_new);
- }
- free(locators);
-}
-
-/* Updates the vtep Logical_Switch table entries' tunnel keys based
- * on the port bindings. */
-static void
-vtep_lswitch_run(struct shash *vtep_pbs, struct sset *vtep_pswitches,
- struct shash *vtep_lswitches)
-{
- struct sset used_ls = SSET_INITIALIZER(&used_ls);
- struct shash_node *node;
-
- /* Collects the logical switch bindings from port binding entries.
- * Since the binding module has already guaranteed that each vtep
- * logical switch is bound only to one ovn-sb logical datapath,
- * we can just iterate and assign tunnel key to vtep logical switch. */
- SHASH_FOR_EACH (node, vtep_pbs) {
- const struct sbrec_port_binding *port_binding_rec = node->data;
- const char *pswitch_name = smap_get(&port_binding_rec->options,
- "vtep-physical-switch");
- const char *lswitch_name = smap_get(&port_binding_rec->options,
- "vtep-logical-switch");
- const struct vteprec_logical_switch *vtep_ls;
-
- /* If 'port_binding_rec->chassis' exists then 'pswitch_name'
- * and 'lswitch_name' must also exist. */
- if (!pswitch_name || !lswitch_name) {
- /* This could only happen when someone directly modifies the
- * database, (e.g. using ovn-sbctl). */
- VLOG_ERR("logical port (%s) with no 'options:vtep-physical-"
- "switch' or 'options:vtep-logical-switch' specified "
- "is bound to chassis (%s).",
- port_binding_rec->logical_port,
- port_binding_rec->chassis->name);
- continue;
- }
- vtep_ls = shash_find_data(vtep_lswitches, lswitch_name);
- /* Also checks 'pswitch_name' since the same 'lswitch_name' could
- * exist in multiple vtep database instances and be bound to different
- * ovn logical networks. */
- if (vtep_ls && sset_find(vtep_pswitches, pswitch_name)) {
- int64_t tnl_key;
-
- if (sset_find(&used_ls, lswitch_name)) {
- continue;
- }
-
- tnl_key = port_binding_rec->datapath->tunnel_key;
- if (vtep_ls->n_tunnel_key
- && vtep_ls->tunnel_key[0] != tnl_key) {
- VLOG_DBG("set vtep logical switch (%s) tunnel key from "
- "(%"PRId64") to (%"PRId64")", vtep_ls->name,
- vtep_ls->tunnel_key[0], tnl_key);
- }
- vteprec_logical_switch_set_tunnel_key(vtep_ls, &tnl_key, 1);
-
- /* OVN is expected to always use source node replication mode,
- * hence the replication mode is hard-coded for each logical
- * switch in the context of ovn-controller-vtep. */
- vteprec_logical_switch_set_replication_mode(vtep_ls, "source_node");
- sset_add(&used_ls, lswitch_name);
- }
- }
- /* Resets the tunnel keys for unused vtep logical switches. */
- SHASH_FOR_EACH (node, vtep_lswitches) {
- if (!sset_find(&used_ls, node->name)) {
- int64_t tnl_key = 0;
- vteprec_logical_switch_set_tunnel_key(node->data, &tnl_key, 1);
- }
- }
- sset_destroy(&used_ls);
-}
-
-/* Updates the vtep 'Ucast_Macs_Remote' and 'Mcast_Macs_Remote' tables based
- * on non-vtep port bindings. */
-static void
-vtep_macs_run(struct ovsdb_idl_txn *vtep_idl_txn, struct shash *ucast_macs_rmts,
- struct shash *mcast_macs_rmts, struct shash *physical_locators,
- struct shash *vtep_lswitches, struct shash *non_vtep_pbs)
-{
- struct shash_node *node;
- struct hmap ls_map;
-
- /* Maps from ovn logical datapath tunnel key (which is also the vtep
- * logical switch tunnel key) to the corresponding vtep logical switch
- * instance. Also, the shash map 'added_macs' is used for checking
- * duplicated MAC addresses in the same ovn logical datapath. 'mmr_ext'
- * is used to track mmr info per LS that needs creation/update and
- * 'locators_list' collects the new physical locators to be bound for
- * an mmr_ext; 'physical_locators' is used to track existing locators and
- * filter duplicates per logical switch. */
- struct ls_hash_node {
- struct hmap_node hmap_node;
-
- const struct vteprec_logical_switch *vtep_ls;
- struct shash added_macs;
-
- struct ovs_list locators_list;
- struct shash physical_locators;
- struct mmr_hash_node_data *mmr_ext;
- };
-
- hmap_init(&ls_map);
- SHASH_FOR_EACH (node, vtep_lswitches) {
- const struct vteprec_logical_switch *vtep_ls = node->data;
- struct ls_hash_node *ls_node;
-
- if (!vtep_ls->n_tunnel_key) {
- continue;
- }
- ls_node = xmalloc(sizeof *ls_node);
- ls_node->vtep_ls = vtep_ls;
- shash_init(&ls_node->added_macs);
- shash_init(&ls_node->physical_locators);
- ovs_list_init(&ls_node->locators_list);
- ls_node->mmr_ext = NULL;
- hmap_insert(&ls_map, &ls_node->hmap_node,
- hash_uint64((uint64_t) vtep_ls->tunnel_key[0]));
- }
-
- SHASH_FOR_EACH (node, non_vtep_pbs) {
- const struct sbrec_port_binding *port_binding_rec = node->data;
- const struct sbrec_chassis *chassis_rec;
- struct ls_hash_node *ls_node;
- const char *chassis_ip;
- int64_t tnl_key;
- size_t i;
-
- chassis_rec = port_binding_rec->chassis;
- if (!chassis_rec) {
- continue;
- }
-
- tnl_key = port_binding_rec->datapath->tunnel_key;
- HMAP_FOR_EACH_WITH_HASH (ls_node, hmap_node,
- hash_uint64((uint64_t) tnl_key),
- &ls_map) {
- if (ls_node->vtep_ls->tunnel_key[0] == tnl_key) {
- break;
- }
- }
- /* If 'ls_node' is NULL, that means no vtep logical switch is
- * attached to the corresponding ovn logical datapath, so pass.
- */
- if (!ls_node) {
- continue;
- }
-
- chassis_ip = get_chassis_vtep_ip(chassis_rec);
- /* Unreachable chassis, continue. */
- if (!chassis_ip) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_INFO_RL(&rl, "VTEP tunnel encap on chassis (%s) not found",
- chassis_rec->name);
- continue;
- }
-
- const struct vteprec_physical_locator *pl =
- shash_find_data(physical_locators, chassis_ip);
- if (!pl) {
- pl = create_pl(vtep_idl_txn, chassis_ip);
- shash_add(physical_locators, chassis_ip, pl);
- }
-
- const struct vteprec_physical_locator *ls_pl =
- shash_find_data(&ls_node->physical_locators, chassis_ip);
- if (!ls_pl) {
- struct vtep_rec_physical_locator_list_entry *ploc_entry =
- xmalloc(sizeof *ploc_entry);
- ploc_entry->vteprec_ploc = pl;
- ovs_list_push_back(&ls_node->locators_list,
- &ploc_entry->locators_node);
- shash_add(&ls_node->physical_locators, chassis_ip, pl);
- }
-
- char *mac_tnlkey = xasprintf("%s_%"PRId64, "unknown-dst", tnl_key);
- ls_node->mmr_ext = shash_find_data(mcast_macs_rmts, mac_tnlkey);
-
- if (ls_node->mmr_ext &&
- ls_node->mmr_ext->mmr->logical_switch == ls_node->vtep_ls) {
-
- /* Delete the entry from the hash table so the mmr does not get
- * removed from the DB later on during stale checking. */
- shash_find_and_delete(mcast_macs_rmts, mac_tnlkey);
- }
- free(mac_tnlkey);
-
- for (i = 0; i < port_binding_rec->n_mac; i++) {
- const struct vteprec_ucast_macs_remote *umr;
- const struct sbrec_port_binding *conflict;
- char *mac = port_binding_rec->mac[i];
-
- /* Checks for duplicate MAC in the same vtep logical switch. */
- conflict = shash_find_data(&ls_node->added_macs, mac);
- if (conflict) {
- VLOG_WARN("MAC address (%s) has already been known to be "
- "on logical port (%s) in the same logical "
- "datapath, so just ignore this logical port (%s)",
- mac, conflict->logical_port,
- port_binding_rec->logical_port);
- continue;
- }
- shash_add(&ls_node->added_macs, mac, port_binding_rec);
-
- char *mac_ip_tnlkey = xasprintf("%s_%s_%"PRId64, mac, chassis_ip,
- tnl_key);
- umr = shash_find_data(ucast_macs_rmts, mac_ip_tnlkey);
- /* If finds the 'umr' entry for the mac, ip, and tnl_key, deletes
- * the entry from shash so that it is not gargage collected.
- *
- * If not found, creates a new 'umr' entry. */
- if (umr && umr->logical_switch == ls_node->vtep_ls) {
- shash_find_and_delete(ucast_macs_rmts, mac_ip_tnlkey);
- } else {
- const struct vteprec_ucast_macs_remote *new_umr;
- new_umr = create_umr(vtep_idl_txn, mac, ls_node->vtep_ls);
- vteprec_ucast_macs_remote_set_locator(new_umr, pl);
- }
- free(mac_ip_tnlkey);
- }
- }
-
- /* Removes all remaining 'umr's, since they do not exist anymore. */
- SHASH_FOR_EACH (node, ucast_macs_rmts) {
- vteprec_ucast_macs_remote_delete(node->data);
- }
- struct ls_hash_node *iter, *next;
- HMAP_FOR_EACH_SAFE (iter, next, hmap_node, &ls_map) {
- struct vtep_rec_physical_locator_list_entry *ploc_entry;
- vtep_update_mmr(vtep_idl_txn, &iter->locators_list,
- iter->vtep_ls, iter->mmr_ext);
- LIST_FOR_EACH_POP(ploc_entry, locators_node,
- &iter->locators_list) {
- free(ploc_entry);
- }
- hmap_remove(&ls_map, &iter->hmap_node);
- shash_destroy(&iter->added_macs);
- shash_destroy(&iter->physical_locators);
- free(iter);
- }
- hmap_destroy(&ls_map);
-
- /* Clean stale 'Mcast_Macs_Remote' */
- struct mmr_hash_node_data *mmr_ext;
- SHASH_FOR_EACH (node, mcast_macs_rmts) {
- mmr_ext = node->data;
- vteprec_mcast_macs_remote_delete(mmr_ext->mmr);
- }
-}
-
-/* Resets all logical switches' 'tunnel_key' to NULL */
-static bool
-vtep_lswitch_cleanup(struct ovsdb_idl *vtep_idl)
-{
- const struct vteprec_logical_switch *vtep_ls;
- bool done = true;
-
- VTEPREC_LOGICAL_SWITCH_FOR_EACH (vtep_ls, vtep_idl) {
- if (vtep_ls->n_tunnel_key) {
- vteprec_logical_switch_set_tunnel_key(vtep_ls, NULL, 0);
- done = false;
- }
- }
-
- return done;
-}
-
-/* Removes all entries in the 'Ucast_Macs_Remote' table in the vtep database.
- * Returns true when all done (i.e. no entry to remove). */
-static bool
-vtep_ucast_macs_cleanup(struct ovsdb_idl *vtep_idl)
-{
- const struct vteprec_ucast_macs_remote *umr;
-
- VTEPREC_UCAST_MACS_REMOTE_FOR_EACH (umr, vtep_idl) {
- vteprec_ucast_macs_remote_delete(umr);
- return false;
- }
-
- return true;
-}
-
-/* Removes all entries in the 'Mcast_Macs_Remote' table in vtep database.
- * Returns true when all done (i.e. no entry to remove). */
-static bool
-vtep_mcast_macs_cleanup(struct ovsdb_idl *vtep_idl)
-{
- const struct vteprec_mcast_macs_remote *mmr;
-
- VTEPREC_MCAST_MACS_REMOTE_FOR_EACH (mmr, vtep_idl) {
- vteprec_mcast_macs_remote_delete(mmr);
- return false;
- }
-
- return true;
-}
-
-/* Updates vtep logical switch tunnel keys. */
-void
-vtep_run(struct controller_vtep_ctx *ctx)
-{
- if (!ctx->vtep_idl_txn) {
- return;
- }
-
- struct sset vtep_pswitches = SSET_INITIALIZER(&vtep_pswitches);
- struct shash vtep_lswitches = SHASH_INITIALIZER(&vtep_lswitches);
- struct shash ucast_macs_rmts = SHASH_INITIALIZER(&ucast_macs_rmts);
- struct shash mcast_macs_rmts = SHASH_INITIALIZER(&mcast_macs_rmts);
- struct shash physical_locators = SHASH_INITIALIZER(&physical_locators);
- struct shash vtep_pbs = SHASH_INITIALIZER(&vtep_pbs);
- struct shash non_vtep_pbs = SHASH_INITIALIZER(&non_vtep_pbs);
- const struct vteprec_physical_switch *vtep_ps;
- const struct vteprec_logical_switch *vtep_ls;
- const struct vteprec_ucast_macs_remote *umr;
- const struct sbrec_port_binding *port_binding_rec;
- const struct vteprec_mcast_macs_remote *mmr;
- struct shash_node *node;
-
- /* Collects 'Physical_Switch's. */
- VTEPREC_PHYSICAL_SWITCH_FOR_EACH (vtep_ps, ctx->vtep_idl) {
- sset_add(&vtep_pswitches, vtep_ps->name);
- }
-
- /* Collects 'Logical_Switch's. */
- VTEPREC_LOGICAL_SWITCH_FOR_EACH (vtep_ls, ctx->vtep_idl) {
- shash_add(&vtep_lswitches, vtep_ls->name, vtep_ls);
- }
-
- /* Collects 'Ucast_Macs_Remote's. */
- VTEPREC_UCAST_MACS_REMOTE_FOR_EACH (umr, ctx->vtep_idl) {
- char *mac_ip_tnlkey =
- xasprintf("%s_%s_%"PRId64, umr->MAC,
- umr->locator ? umr->locator->dst_ip : "",
- umr->logical_switch && umr->logical_switch->n_tunnel_key
- ? umr->logical_switch->tunnel_key[0] : INT64_MAX);
-
- shash_add(&ucast_macs_rmts, mac_ip_tnlkey, umr);
- free(mac_ip_tnlkey);
- }
-
- /* Collects 'Mcast_Macs_Remote's. */
- VTEPREC_MCAST_MACS_REMOTE_FOR_EACH (mmr, ctx->vtep_idl) {
- struct mmr_hash_node_data *mmr_ext = xmalloc(sizeof *mmr_ext);;
- char *mac_tnlkey =
- xasprintf("%s_%"PRId64, mmr->MAC,
- mmr->logical_switch && mmr->logical_switch->n_tunnel_key
- ? mmr->logical_switch->tunnel_key[0] : INT64_MAX);
-
- shash_add(&mcast_macs_rmts, mac_tnlkey, mmr_ext);
- mmr_ext->mmr = mmr;
-
- shash_init(&mmr_ext->physical_locators);
- for (size_t i = 0; i < mmr->locator_set->n_locators; i++) {
- shash_add(&mmr_ext->physical_locators,
- mmr->locator_set->locators[i]->dst_ip,
- mmr->locator_set->locators[i]);
- }
-
- free(mac_tnlkey);
- }
-
- /* Collects 'Physical_Locator's. */
- const struct vteprec_physical_locator *pl;
- VTEPREC_PHYSICAL_LOCATOR_FOR_EACH (pl, ctx->vtep_idl) {
- shash_add(&physical_locators, pl->dst_ip, pl);
- }
-
- /* Collects and classifies 'Port_Binding's. */
- SBREC_PORT_BINDING_FOR_EACH(port_binding_rec, ctx->ovnsb_idl) {
- struct shash *target =
- !strcmp(port_binding_rec->type, "vtep") ? &vtep_pbs : &non_vtep_pbs;
-
- if (!port_binding_rec->chassis) {
- continue;
- }
- shash_add(target, port_binding_rec->logical_port, port_binding_rec);
- }
-
- ovsdb_idl_txn_add_comment(ctx->vtep_idl_txn,
- "ovn-controller-vtep: update logical switch "
- "tunnel keys and 'ucast_macs_remote's");
-
- vtep_lswitch_run(&vtep_pbs, &vtep_pswitches, &vtep_lswitches);
- vtep_macs_run(ctx->vtep_idl_txn, &ucast_macs_rmts,
- &mcast_macs_rmts, &physical_locators,
- &vtep_lswitches, &non_vtep_pbs);
-
- sset_destroy(&vtep_pswitches);
- shash_destroy(&vtep_lswitches);
- shash_destroy(&ucast_macs_rmts);
- SHASH_FOR_EACH (node, &mcast_macs_rmts) {
- struct mmr_hash_node_data *mmr_ext = node->data;
- shash_destroy(&mmr_ext->physical_locators);
- free(mmr_ext);
- }
- shash_destroy(&mcast_macs_rmts);
- shash_destroy(&physical_locators);
- shash_destroy(&vtep_pbs);
- shash_destroy(&non_vtep_pbs);
-}
-
-/* Cleans up all related entries in vtep. Returns true when done (i.e. there
- * is no change made to 'ctx->vtep_idl'), otherwise returns false. */
-bool
-vtep_cleanup(struct controller_vtep_ctx *ctx)
-{
- if (!ctx->vtep_idl_txn) {
- return false;
- }
-
- bool all_done;
-
- ovsdb_idl_txn_add_comment(ctx->vtep_idl_txn,
- "ovn-controller-vtep: cleaning up vtep "
- "configuration");
- all_done = vtep_lswitch_cleanup(ctx->vtep_idl);
- all_done = vtep_ucast_macs_cleanup(ctx->vtep_idl) && all_done;
- all_done = vtep_mcast_macs_cleanup(ctx->vtep_idl) && all_done;
-
- return all_done;
-}
diff --git a/ovn/controller-vtep/vtep.h b/ovn/controller-vtep/vtep.h
deleted file mode 100644
index 97c87b7a708..00000000000
--- a/ovn/controller-vtep/vtep.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OVN_VTEP_H
-#define OVN_VTEP_H 1
-
-#include
-
-struct controller_vtep_ctx;
-
-void vtep_run(struct controller_vtep_ctx *);
-bool vtep_cleanup(struct controller_vtep_ctx *);
-
-#endif /* ovn/controller-vtep/vtep.h */
diff --git a/ovn/controller/.gitignore b/ovn/controller/.gitignore
deleted file mode 100644
index 4199a3741ea..00000000000
--- a/ovn/controller/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/ovn-controller
-/ovn-controller.8
diff --git a/ovn/controller/automake.mk b/ovn/controller/automake.mk
deleted file mode 100644
index 193ea690bcd..00000000000
--- a/ovn/controller/automake.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-bin_PROGRAMS += ovn/controller/ovn-controller
-ovn_controller_ovn_controller_SOURCES = \
- ovn/controller/bfd.c \
- ovn/controller/bfd.h \
- ovn/controller/binding.c \
- ovn/controller/binding.h \
- ovn/controller/chassis.c \
- ovn/controller/chassis.h \
- ovn/controller/encaps.c \
- ovn/controller/encaps.h \
- ovn/controller/ha-chassis.c \
- ovn/controller/ha-chassis.h \
- ovn/controller/ip-mcast.c \
- ovn/controller/ip-mcast.h \
- ovn/controller/lflow.c \
- ovn/controller/lflow.h \
- ovn/controller/lport.c \
- ovn/controller/lport.h \
- ovn/controller/ofctrl.c \
- ovn/controller/ofctrl.h \
- ovn/controller/pinctrl.c \
- ovn/controller/pinctrl.h \
- ovn/controller/patch.c \
- ovn/controller/patch.h \
- ovn/controller/ovn-controller.c \
- ovn/controller/ovn-controller.h \
- ovn/controller/physical.c \
- ovn/controller/physical.h
-ovn_controller_ovn_controller_LDADD = ovn/lib/libovn.la lib/libopenvswitch.la
-man_MANS += ovn/controller/ovn-controller.8
-EXTRA_DIST += ovn/controller/ovn-controller.8.xml
-CLEANFILES += ovn/controller/ovn-controller.8
diff --git a/ovn/controller/bfd.c b/ovn/controller/bfd.c
deleted file mode 100644
index 22db00af74c..00000000000
--- a/ovn/controller/bfd.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* Copyright (c) 2017 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "bfd.h"
-#include "encaps.h"
-#include "lport.h"
-#include "ovn-controller.h"
-
-#include "lib/hash.h"
-#include "lib/sset.h"
-#include "lib/util.h"
-#include "lib/vswitch-idl.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn-controller.h"
-
-VLOG_DEFINE_THIS_MODULE(ovn_bfd);
-
-void
-bfd_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- /* NOTE: this assumes that binding.c has added the
- * ovsrec_interface table */
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd_status);
-}
-
-void
-bfd_calculate_active_tunnels(const struct ovsrec_bridge *br_int,
- struct sset *active_tunnels)
-{
- int i;
-
- if (!br_int) {
- /* Nothing to do if integration bridge doesn't exist. */
- return;
- }
-
- for (i = 0; i < br_int->n_ports; i++) {
- const struct ovsrec_port *port_rec = br_int->ports[i];
-
- if (!strcmp(port_rec->name, br_int->name)) {
- continue;
- }
-
- int j;
- for (j = 0; j < port_rec->n_interfaces; j++) {
- const struct ovsrec_interface *iface_rec;
- iface_rec = port_rec->interfaces[j];
-
- /* Check if this is a tunnel interface. */
- if (smap_get(&iface_rec->options, "remote_ip")) {
- /* Add ovn-chassis-id if the bfd_status of the tunnel
- * is active */
- const char *bfd = smap_get(&iface_rec->bfd, "enable");
- if (bfd && !strcmp(bfd, "true")) {
- const char *status = smap_get(&iface_rec->bfd_status,
- "state");
- if (status && !strcmp(status, "up")) {
- const char *id = smap_get(&port_rec->external_ids,
- "ovn-chassis-id");
- if (id) {
- char *chassis_name = NULL;
-
- if (encaps_tunnel_id_parse(id, &chassis_name,
- NULL)) {
- if (!sset_contains(active_tunnels,
- chassis_name)) {
- sset_add(active_tunnels, chassis_name);
- }
- free(chassis_name);
- }
- }
- }
- }
- }
- }
- }
-}
-
-/* Loops through the HA chassis groups in the SB DB and returns
- * the set of chassis which the call can establish the BFD sessions
- * with.
- * Eg.
- * If there are 2 HA chassis groups.
- * Group name - hapgrp1
- * - HA chassis - (HA1, HA2, HA3)
- * - ref chassis - (C1, C2)
- *
- * Group name - hapgrp2
- * - HA chassis - (HA1, HA4, HA5)
- * - ref chassis - (C1, C3, C4)
- *
- * If 'our_chassis' is HA1 then this function returns
- * bfd chassis set - (HA2, HA3, HA4 HA5, C1, C2, C3, C4)
- *
- * If 'our_chassis' is C1 then this function returns
- * bfd chassis set - (HA1, HA2, HA3, HA4, HA5)
- *
- * If 'our_chassis' is HA5 then this function returns
- * bfd chassis set - (HA1, HA4, C1, C3, C4)
- *
- * If 'our_chassis' is C2 then this function returns
- * bfd chassis set - (HA1, HA2, HA3)
- *
- * If 'our_chassis' is C5 then this function returns empty bfd set.
- */
-static void
-bfd_calculate_chassis(
- const struct sbrec_chassis *our_chassis,
- const struct sbrec_ha_chassis_group_table *ha_chassis_grp_table,
- struct sset *bfd_chassis)
-{
- const struct sbrec_ha_chassis_group *ha_chassis_grp;
- SBREC_HA_CHASSIS_GROUP_TABLE_FOR_EACH (ha_chassis_grp,
- ha_chassis_grp_table) {
- bool is_ha_chassis = false;
- struct sset grp_chassis = SSET_INITIALIZER(&grp_chassis);
- const struct sbrec_ha_chassis *ha_ch;
- bool bfd_setup_required = false;
- if (ha_chassis_grp->n_ha_chassis < 2) {
- /* No need to consider the chassis group for BFD if
- * there is 1 or no chassis in it. */
- continue;
- }
- for (size_t i = 0; i < ha_chassis_grp->n_ha_chassis; i++) {
- ha_ch = ha_chassis_grp->ha_chassis[i];
- if (!ha_ch->chassis) {
- continue;
- }
- sset_add(&grp_chassis, ha_ch->chassis->name);
- if (our_chassis == ha_ch->chassis) {
- is_ha_chassis = true;
- bfd_setup_required = true;
- }
- }
-
- if (is_ha_chassis) {
- /* It's an HA chassis. So add the ref_chassis to the bfd set. */
- for (size_t i = 0; i < ha_chassis_grp->n_ref_chassis; i++) {
- sset_add(&grp_chassis, ha_chassis_grp->ref_chassis[i]->name);
- }
- } else {
- /* This is not an HA chassis. Check if this chassis is present
- * in the ref_chassis list. If so add the ha_chassis to the
- * sset .*/
- for (size_t i = 0; i < ha_chassis_grp->n_ref_chassis; i++) {
- if (our_chassis == ha_chassis_grp->ref_chassis[i]) {
- bfd_setup_required = true;
- break;
- }
- }
- }
-
- if (bfd_setup_required) {
- const char *name;
- SSET_FOR_EACH (name, &grp_chassis) {
- sset_add(bfd_chassis, name);
- }
- }
- sset_destroy(&grp_chassis);
- }
-}
-
-void
-bfd_run(const struct ovsrec_interface_table *interface_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis_rec,
- const struct sbrec_ha_chassis_group_table *ha_chassis_grp_table,
- const struct sbrec_sb_global_table *sb_global_table)
-{
- if (!chassis_rec) {
- return;
- }
- struct sset bfd_chassis = SSET_INITIALIZER(&bfd_chassis);
- bfd_calculate_chassis(chassis_rec, ha_chassis_grp_table,
- &bfd_chassis);
-
- /* Identify tunnels ports(connected to remote chassis id) to enable bfd */
- struct sset tunnels = SSET_INITIALIZER(&tunnels);
- struct sset bfd_ifaces = SSET_INITIALIZER(&bfd_ifaces);
- for (size_t k = 0; k < br_int->n_ports; k++) {
- const char *tunnel_id = smap_get(&br_int->ports[k]->external_ids,
- "ovn-chassis-id");
- if (tunnel_id) {
- char *chassis_name = NULL;
- char *port_name = br_int->ports[k]->name;
-
- sset_add(&tunnels, port_name);
-
- if (encaps_tunnel_id_parse(tunnel_id, &chassis_name, NULL)) {
- if (sset_contains(&bfd_chassis, chassis_name)) {
- sset_add(&bfd_ifaces, port_name);
- }
- free(chassis_name);
- }
- }
- }
-
- const struct sbrec_sb_global *sb
- = sbrec_sb_global_table_first(sb_global_table);
- struct smap bfd = SMAP_INITIALIZER(&bfd);
- smap_add(&bfd, "enable", "true");
-
- if (sb) {
- const char *min_rx = smap_get(&sb->options, "bfd-min-rx");
- const char *decay_min_rx = smap_get(&sb->options, "bfd-decay-min-rx");
- const char *min_tx = smap_get(&sb->options, "bfd-min-tx");
- const char *mult = smap_get(&sb->options, "bfd-mult");
- if (min_rx) {
- smap_add(&bfd, "min_rx", min_rx);
- }
- if (decay_min_rx) {
- smap_add(&bfd, "decay_min_rx", decay_min_rx);
- }
- if (min_tx) {
- smap_add(&bfd, "min_tx", min_tx);
- }
- if (mult) {
- smap_add(&bfd, "mult", mult);
- }
- }
-
- /* Enable or disable bfd */
- const struct ovsrec_interface *iface;
- OVSREC_INTERFACE_TABLE_FOR_EACH (iface, interface_table) {
- if (sset_contains(&tunnels, iface->name)) {
- if (sset_contains(&bfd_ifaces, iface->name)) {
- /* We need to enable BFD for this interface. Configure the
- * BFD params if
- * - If BFD was disabled earlier
- * - Or if CMS has updated BFD config options.
- */
- if (!smap_equal(&iface->bfd, &bfd)) {
- ovsrec_interface_verify_bfd(iface);
- ovsrec_interface_set_bfd(iface, &bfd);
- VLOG_INFO("Enabled BFD on interface %s", iface->name);
- }
- } else {
- /* We need to disable BFD for this interface if it was enabled
- * earlier. */
- if (smap_count(&iface->bfd)) {
- ovsrec_interface_verify_bfd(iface);
- ovsrec_interface_set_bfd(iface, NULL);
- VLOG_INFO("Disabled BFD on interface %s", iface->name);
- }
- }
- }
- }
-
- smap_destroy(&bfd);
- sset_destroy(&tunnels);
- sset_destroy(&bfd_ifaces);
- sset_destroy(&bfd_chassis);
-}
diff --git a/ovn/controller/bfd.h b/ovn/controller/bfd.h
deleted file mode 100644
index 17fab532348..00000000000
--- a/ovn/controller/bfd.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* Copyright (c) 2017 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_BFD_H
-#define OVN_BFD_H 1
-
-struct hmap;
-struct ovsdb_idl;
-struct ovsdb_idl_index;
-struct ovsrec_bridge;
-struct ovsrec_interface_table;
-struct ovsrec_open_vswitch_table;
-struct sbrec_chassis;
-struct sbrec_sb_global_table;
-struct sbrec_ha_chassis_group_table;
-struct sset;
-
-void bfd_register_ovs_idl(struct ovsdb_idl *);
-
-void bfd_run(const struct ovsrec_interface_table *,
- const struct ovsrec_bridge *,
- const struct sbrec_chassis *,
- const struct sbrec_ha_chassis_group_table *,
- const struct sbrec_sb_global_table *);
-
-void bfd_calculate_active_tunnels(const struct ovsrec_bridge *br_int,
- struct sset *active_tunnels);
-
-#endif
diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
deleted file mode 100644
index ace0f811b0b..00000000000
--- a/ovn/controller/binding.c
+++ /dev/null
@@ -1,764 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "binding.h"
-#include "ha-chassis.h"
-#include "lflow.h"
-#include "lport.h"
-
-#include "lib/bitmap.h"
-#include "openvswitch/poll-loop.h"
-#include "lib/sset.h"
-#include "lib/util.h"
-#include "lib/netdev.h"
-#include "lib/vswitch-idl.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn-controller.h"
-
-VLOG_DEFINE_THIS_MODULE(binding);
-
-#define OVN_QOS_TYPE "linux-htb"
-
-struct qos_queue {
- struct hmap_node node;
- uint32_t queue_id;
- uint32_t max_rate;
- uint32_t burst;
-};
-
-void
-binding_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_open_vswitch);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_bridges);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_name);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_ports);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_port);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_interfaces);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_qos);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_external_ids);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd_status);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_status);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_qos);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_qos_col_type);
-}
-
-static void
-get_local_iface_ids(const struct ovsrec_bridge *br_int,
- struct shash *lport_to_iface,
- struct sset *local_lports,
- struct sset *egress_ifaces)
-{
- int i;
-
- for (i = 0; i < br_int->n_ports; i++) {
- const struct ovsrec_port *port_rec = br_int->ports[i];
- const char *iface_id;
- int j;
-
- if (!strcmp(port_rec->name, br_int->name)) {
- continue;
- }
-
- for (j = 0; j < port_rec->n_interfaces; j++) {
- const struct ovsrec_interface *iface_rec;
-
- iface_rec = port_rec->interfaces[j];
- iface_id = smap_get(&iface_rec->external_ids, "iface-id");
- int64_t ofport = iface_rec->n_ofport ? *iface_rec->ofport : 0;
-
- if (iface_id && ofport > 0) {
- shash_add(lport_to_iface, iface_id, iface_rec);
- sset_add(local_lports, iface_id);
- }
-
- /* Check if this is a tunnel interface. */
- if (smap_get(&iface_rec->options, "remote_ip")) {
- const char *tunnel_iface
- = smap_get(&iface_rec->status, "tunnel_egress_iface");
- if (tunnel_iface) {
- sset_add(egress_ifaces, tunnel_iface);
- }
- }
- }
- }
-}
-
-static void
-add_local_datapath__(struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_datapath_binding *datapath,
- bool has_local_l3gateway, int depth,
- struct hmap *local_datapaths)
-{
- uint32_t dp_key = datapath->tunnel_key;
- struct local_datapath *ld = get_local_datapath(local_datapaths, dp_key);
- if (ld) {
- if (has_local_l3gateway) {
- ld->has_local_l3gateway = true;
- }
- return;
- }
-
- ld = xzalloc(sizeof *ld);
- hmap_insert(local_datapaths, &ld->hmap_node, dp_key);
- ld->datapath = datapath;
- ld->localnet_port = NULL;
- ld->has_local_l3gateway = has_local_l3gateway;
-
- if (depth >= 100) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "datapaths nested too deep");
- return;
- }
-
- struct sbrec_port_binding *target =
- sbrec_port_binding_index_init_row(sbrec_port_binding_by_datapath);
- sbrec_port_binding_index_set_datapath(target, datapath);
-
- const struct sbrec_port_binding *pb;
- SBREC_PORT_BINDING_FOR_EACH_EQUAL (pb, target,
- sbrec_port_binding_by_datapath) {
- if (!strcmp(pb->type, "patch")) {
- const char *peer_name = smap_get(&pb->options, "peer");
- if (peer_name) {
- const struct sbrec_port_binding *peer;
-
- peer = lport_lookup_by_name(sbrec_port_binding_by_name,
- peer_name);
-
- if (peer && peer->datapath) {
- add_local_datapath__(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- peer->datapath, false,
- depth + 1, local_datapaths);
- ld->n_peer_ports++;
- ld->peer_ports = xrealloc(ld->peer_ports,
- ld->n_peer_ports *
- sizeof *ld->peer_ports);
- ld->peer_ports[ld->n_peer_ports - 1] = peer;
- }
- }
- }
- }
- sbrec_port_binding_index_destroy_row(target);
-}
-
-static void
-add_local_datapath(struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_datapath_binding *datapath,
- bool has_local_l3gateway, struct hmap *local_datapaths)
-{
- add_local_datapath__(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- datapath, has_local_l3gateway, 0, local_datapaths);
-}
-
-static void
-get_qos_params(const struct sbrec_port_binding *pb, struct hmap *queue_map)
-{
- uint32_t max_rate = smap_get_int(&pb->options, "qos_max_rate", 0);
- uint32_t burst = smap_get_int(&pb->options, "qos_burst", 0);
- uint32_t queue_id = smap_get_int(&pb->options, "qdisc_queue_id", 0);
-
- if ((!max_rate && !burst) || !queue_id) {
- /* Qos is not configured for this port. */
- return;
- }
-
- struct qos_queue *node = xzalloc(sizeof *node);
- hmap_insert(queue_map, &node->node, hash_int(queue_id, 0));
- node->max_rate = max_rate;
- node->burst = burst;
- node->queue_id = queue_id;
-}
-
-static const struct ovsrec_qos *
-get_noop_qos(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_qos_table *qos_table)
-{
- const struct ovsrec_qos *qos;
- OVSREC_QOS_TABLE_FOR_EACH (qos, qos_table) {
- if (!strcmp(qos->type, "linux-noop")) {
- return qos;
- }
- }
-
- if (!ovs_idl_txn) {
- return NULL;
- }
- qos = ovsrec_qos_insert(ovs_idl_txn);
- ovsrec_qos_set_type(qos, "linux-noop");
- return qos;
-}
-
-static bool
-set_noop_qos(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_port_table *port_table,
- const struct ovsrec_qos_table *qos_table,
- struct sset *egress_ifaces)
-{
- if (!ovs_idl_txn) {
- return false;
- }
-
- const struct ovsrec_qos *noop_qos = get_noop_qos(ovs_idl_txn, qos_table);
- if (!noop_qos) {
- return false;
- }
-
- const struct ovsrec_port *port;
- size_t count = 0;
-
- OVSREC_PORT_TABLE_FOR_EACH (port, port_table) {
- if (sset_contains(egress_ifaces, port->name)) {
- ovsrec_port_set_qos(port, noop_qos);
- count++;
- }
- if (sset_count(egress_ifaces) == count) {
- break;
- }
- }
- return true;
-}
-
-static void
-set_qos_type(struct netdev *netdev, const char *type)
-{
- int error = netdev_set_qos(netdev, type, NULL);
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "%s: could not set qdisc type \"%s\" (%s)",
- netdev_get_name(netdev), type, ovs_strerror(error));
- }
-}
-
-static void
-setup_qos(const char *egress_iface, struct hmap *queue_map)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 5);
- struct netdev *netdev_phy;
-
- if (!egress_iface) {
- /* Queues cannot be configured. */
- return;
- }
-
- int error = netdev_open(egress_iface, NULL, &netdev_phy);
- if (error) {
- VLOG_WARN_RL(&rl, "%s: could not open netdev (%s)",
- egress_iface, ovs_strerror(error));
- return;
- }
-
- /* Check current qdisc. */
- const char *qdisc_type;
- struct smap qdisc_details;
-
- smap_init(&qdisc_details);
- if (netdev_get_qos(netdev_phy, &qdisc_type, &qdisc_details) != 0 ||
- qdisc_type[0] == '\0') {
- smap_destroy(&qdisc_details);
- netdev_close(netdev_phy);
- /* Qos is not supported. */
- return;
- }
- smap_destroy(&qdisc_details);
-
- /* If we're not actually being requested to do any QoS:
- *
- * - If the current qdisc type is OVN_QOS_TYPE, then we clear the qdisc
- * type to "". Otherwise, it's possible that our own leftover qdisc
- * settings could cause strange behavior on egress. Also, QoS is
- * expensive and may waste CPU time even if it's not really in use.
- *
- * OVN isn't the only software that can configure qdiscs, and
- * physical interfaces are shared resources, so there is some risk in
- * this strategy: we could disrupt some other program's QoS.
- * Probably, to entirely avoid this possibility we would need to add
- * a configuration setting.
- *
- * - Otherwise leave the qdisc alone. */
- if (hmap_is_empty(queue_map)) {
- if (!strcmp(qdisc_type, OVN_QOS_TYPE)) {
- set_qos_type(netdev_phy, "");
- }
- netdev_close(netdev_phy);
- return;
- }
-
- /* Configure qdisc. */
- if (strcmp(qdisc_type, OVN_QOS_TYPE)) {
- set_qos_type(netdev_phy, OVN_QOS_TYPE);
- }
-
- /* Check and delete if needed. */
- struct netdev_queue_dump dump;
- unsigned int queue_id;
- struct smap queue_details;
- struct qos_queue *sb_info;
- struct hmap consistent_queues;
-
- smap_init(&queue_details);
- hmap_init(&consistent_queues);
- NETDEV_QUEUE_FOR_EACH (&queue_id, &queue_details, &dump, netdev_phy) {
- bool is_queue_needed = false;
-
- HMAP_FOR_EACH_WITH_HASH (sb_info, node, hash_int(queue_id, 0),
- queue_map) {
- is_queue_needed = true;
- if (sb_info->max_rate ==
- smap_get_int(&queue_details, "max-rate", 0)
- && sb_info->burst == smap_get_int(&queue_details, "burst", 0)) {
- /* This queue is consistent. */
- hmap_insert(&consistent_queues, &sb_info->node,
- hash_int(queue_id, 0));
- break;
- }
- }
-
- if (!is_queue_needed) {
- error = netdev_delete_queue(netdev_phy, queue_id);
- if (error) {
- VLOG_WARN_RL(&rl, "%s: could not delete queue %u (%s)",
- egress_iface, queue_id, ovs_strerror(error));
- }
- }
- }
-
- /* Create/Update queues. */
- HMAP_FOR_EACH (sb_info, node, queue_map) {
- if (hmap_contains(&consistent_queues, &sb_info->node)) {
- hmap_remove(&consistent_queues, &sb_info->node);
- continue;
- }
-
- smap_clear(&queue_details);
- smap_add_format(&queue_details, "max-rate", "%d", sb_info->max_rate);
- smap_add_format(&queue_details, "burst", "%d", sb_info->burst);
- error = netdev_set_queue(netdev_phy, sb_info->queue_id,
- &queue_details);
- if (error) {
- VLOG_WARN_RL(&rl, "%s: could not configure queue %u (%s)",
- egress_iface, sb_info->queue_id, ovs_strerror(error));
- }
- }
- smap_destroy(&queue_details);
- hmap_destroy(&consistent_queues);
- netdev_close(netdev_phy);
-}
-
-static void
-update_local_lport_ids(struct sset *local_lport_ids,
- const struct sbrec_port_binding *binding_rec)
-{
- char buf[16];
- snprintf(buf, sizeof(buf), "%"PRId64"_%"PRId64,
- binding_rec->datapath->tunnel_key,
- binding_rec->tunnel_key);
- sset_add(local_lport_ids, buf);
-}
-
-/*
- * Get the encap from the chassis for this port. The interface
- * may have an external_ids:encap-ip= set; if so we
- * get the corresponding encap from the chassis.
- * If "encap-ip" external-ids is not set, we'll not bind the port
- * to any specific encap rec. and we'll pick up a tunnel port based on
- * the chassis name alone for the port.
- */
-static struct sbrec_encap *
-sbrec_get_port_encap(const struct sbrec_chassis *chassis_rec,
- const struct ovsrec_interface *iface_rec)
-{
-
- if (!iface_rec) {
- return NULL;
- }
-
- const char *encap_ip = smap_get(&iface_rec->external_ids, "encap-ip");
- if (!encap_ip) {
- return NULL;
- }
-
- struct sbrec_encap *best_encap = NULL;
- uint32_t best_type = 0;
- for (int i = 0; i < chassis_rec->n_encaps; i++) {
- if (!strcmp(chassis_rec->encaps[i]->ip, encap_ip)) {
- uint32_t tun_type = get_tunnel_type(chassis_rec->encaps[i]->type);
- if (tun_type > best_type) {
- best_type = tun_type;
- best_encap = chassis_rec->encaps[i];
- }
- }
- }
- return best_encap;
-}
-
-static bool
-is_our_chassis(const struct sbrec_chassis *chassis_rec,
- const struct sbrec_port_binding *binding_rec,
- const struct sset *active_tunnels,
- const struct shash *lport_to_iface,
- const struct sset *local_lports)
-{
- const struct ovsrec_interface *iface_rec
- = shash_find_data(lport_to_iface, binding_rec->logical_port);
-
- bool our_chassis = false;
- if (iface_rec
- || (binding_rec->parent_port && binding_rec->parent_port[0] &&
- sset_contains(local_lports, binding_rec->parent_port))) {
- /* This port is in our chassis unless it is a localport. */
- our_chassis = strcmp(binding_rec->type, "localport");
- } else if (!strcmp(binding_rec->type, "l2gateway")) {
- const char *chassis_id = smap_get(&binding_rec->options,
- "l2gateway-chassis");
- our_chassis = chassis_id && !strcmp(chassis_id, chassis_rec->name);
- } else if (!strcmp(binding_rec->type, "chassisredirect") ||
- !strcmp(binding_rec->type, "external")) {
- our_chassis = ha_chassis_group_contains(binding_rec->ha_chassis_group,
- chassis_rec) &&
- ha_chassis_group_is_active(binding_rec->ha_chassis_group,
- active_tunnels, chassis_rec);
- } else if (!strcmp(binding_rec->type, "l3gateway")) {
- const char *chassis_id = smap_get(&binding_rec->options,
- "l3gateway-chassis");
- our_chassis = chassis_id && !strcmp(chassis_id, chassis_rec->name);
- }
-
- return our_chassis;
-}
-
-static void
-consider_local_datapath(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_txn *ovs_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sset *active_tunnels,
- const struct sbrec_chassis *chassis_rec,
- const struct sbrec_port_binding *binding_rec,
- struct hmap *qos_map,
- struct hmap *local_datapaths,
- struct shash *lport_to_iface,
- struct sset *local_lports,
- struct sset *local_lport_ids)
-{
- const struct ovsrec_interface *iface_rec
- = shash_find_data(lport_to_iface, binding_rec->logical_port);
-
- bool our_chassis = is_our_chassis(chassis_rec, binding_rec, active_tunnels,
- lport_to_iface, local_lports);
- if (iface_rec
- || (binding_rec->parent_port && binding_rec->parent_port[0] &&
- sset_contains(local_lports, binding_rec->parent_port))) {
- if (binding_rec->parent_port && binding_rec->parent_port[0]) {
- /* Add child logical port to the set of all local ports. */
- sset_add(local_lports, binding_rec->logical_port);
- }
- add_local_datapath(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- binding_rec->datapath, false, local_datapaths);
- if (iface_rec && qos_map && ovs_idl_txn) {
- get_qos_params(binding_rec, qos_map);
- }
- } else if (!strcmp(binding_rec->type, "l2gateway")) {
- if (our_chassis) {
- sset_add(local_lports, binding_rec->logical_port);
- add_local_datapath(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- binding_rec->datapath, false, local_datapaths);
- }
- } else if (!strcmp(binding_rec->type, "chassisredirect")) {
- if (ha_chassis_group_contains(binding_rec->ha_chassis_group,
- chassis_rec)) {
- add_local_datapath(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- binding_rec->datapath, false, local_datapaths);
- }
- } else if (!strcmp(binding_rec->type, "l3gateway")) {
- if (our_chassis) {
- add_local_datapath(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- binding_rec->datapath, true, local_datapaths);
- }
- } else if (!strcmp(binding_rec->type, "localnet")) {
- /* Add all localnet ports to local_lports so that we allocate ct zones
- * for them. */
- sset_add(local_lports, binding_rec->logical_port);
- } else if (!strcmp(binding_rec->type, "external")) {
- if (ha_chassis_group_contains(binding_rec->ha_chassis_group,
- chassis_rec)) {
- add_local_datapath(sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- binding_rec->datapath, false, local_datapaths);
- }
- }
-
- if (our_chassis
- || !strcmp(binding_rec->type, "patch")
- || !strcmp(binding_rec->type, "localport")
- || !strcmp(binding_rec->type, "vtep")
- || !strcmp(binding_rec->type, "localnet")) {
- update_local_lport_ids(local_lport_ids, binding_rec);
- }
-
- ovs_assert(ovnsb_idl_txn);
- if (ovnsb_idl_txn) {
- const char *vif_chassis = smap_get(&binding_rec->options,
- "requested-chassis");
- bool can_bind = !vif_chassis || !vif_chassis[0]
- || !strcmp(vif_chassis, chassis_rec->name)
- || !strcmp(vif_chassis, chassis_rec->hostname);
-
- if (can_bind && our_chassis) {
- if (binding_rec->chassis != chassis_rec) {
- if (binding_rec->chassis) {
- VLOG_INFO("Changing chassis for lport %s from %s to %s.",
- binding_rec->logical_port,
- binding_rec->chassis->name,
- chassis_rec->name);
- } else {
- VLOG_INFO("Claiming lport %s for this chassis.",
- binding_rec->logical_port);
- }
- for (int i = 0; i < binding_rec->n_mac; i++) {
- VLOG_INFO("%s: Claiming %s",
- binding_rec->logical_port, binding_rec->mac[i]);
- }
- sbrec_port_binding_set_chassis(binding_rec, chassis_rec);
- }
- /* Check if the port encap binding, if any, has changed */
- struct sbrec_encap *encap_rec = sbrec_get_port_encap(
- chassis_rec, iface_rec);
- if (encap_rec && binding_rec->encap != encap_rec) {
- sbrec_port_binding_set_encap(binding_rec, encap_rec);
- }
- } else if (binding_rec->chassis == chassis_rec) {
- VLOG_INFO("Releasing lport %s from this chassis.",
- binding_rec->logical_port);
- if (binding_rec->encap)
- sbrec_port_binding_set_encap(binding_rec, NULL);
- sbrec_port_binding_set_chassis(binding_rec, NULL);
- } else if (our_chassis) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_INFO_RL(&rl,
- "Not claiming lport %s, chassis %s "
- "requested-chassis %s",
- binding_rec->logical_port,
- chassis_rec->name,
- vif_chassis);
- }
- }
-}
-
-static void
-consider_localnet_port(const struct sbrec_port_binding *binding_rec,
- struct hmap *local_datapaths)
-{
- struct local_datapath *ld
- = get_local_datapath(local_datapaths,
- binding_rec->datapath->tunnel_key);
- if (!ld) {
- return;
- }
-
- if (ld->localnet_port && strcmp(ld->localnet_port->logical_port,
- binding_rec->logical_port)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "localnet port '%s' already set for datapath "
- "'%"PRId64"', skipping the new port '%s'.",
- ld->localnet_port->logical_port,
- binding_rec->datapath->tunnel_key,
- binding_rec->logical_port);
- return;
- }
- ld->localnet_port = binding_rec;
-}
-
-void
-binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_txn *ovs_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct ovsrec_port_table *port_table,
- const struct ovsrec_qos_table *qos_table,
- const struct sbrec_port_binding_table *port_binding_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis_rec,
- const struct sset *active_tunnels,
- struct hmap *local_datapaths, struct sset *local_lports,
- struct sset *local_lport_ids)
-{
- if (!chassis_rec) {
- return;
- }
-
- const struct sbrec_port_binding *binding_rec;
- struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface);
- struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces);
- struct hmap qos_map;
-
- hmap_init(&qos_map);
- if (br_int) {
- get_local_iface_ids(br_int, &lport_to_iface, local_lports,
- &egress_ifaces);
- }
-
- /* Run through each binding record to see if it is resident on this
- * chassis and update the binding accordingly. This includes both
- * directly connected logical ports and children of those ports. */
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
- consider_local_datapath(ovnsb_idl_txn, ovs_idl_txn,
- sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- active_tunnels, chassis_rec, binding_rec,
- sset_is_empty(&egress_ifaces) ? NULL :
- &qos_map, local_datapaths, &lport_to_iface,
- local_lports, local_lport_ids);
-
- }
-
- /* Run through each binding record to see if it is a localnet port
- * on local datapaths discovered from above loop, and update the
- * corresponding local datapath accordingly. */
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
- if (!strcmp(binding_rec->type, "localnet")) {
- consider_localnet_port(binding_rec, local_datapaths);
- }
- }
-
- if (!sset_is_empty(&egress_ifaces)
- && set_noop_qos(ovs_idl_txn, port_table, qos_table, &egress_ifaces)) {
- const char *entry;
- SSET_FOR_EACH (entry, &egress_ifaces) {
- setup_qos(entry, &qos_map);
- }
- }
-
- shash_destroy(&lport_to_iface);
- sset_destroy(&egress_ifaces);
- hmap_destroy(&qos_map);
-}
-
-/* Returns true if port-binding changes potentially require flow changes on
- * the current chassis. Returns false if we are sure there is no impact. */
-bool
-binding_evaluate_port_binding_changes(
- const struct sbrec_port_binding_table *pb_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis_rec,
- struct sset *active_tunnels,
- struct sset *local_lports)
-{
- if (!chassis_rec) {
- return true;
- }
-
- bool changed = false;
-
- const struct sbrec_port_binding *binding_rec;
- struct shash lport_to_iface = SHASH_INITIALIZER(&lport_to_iface);
- struct sset egress_ifaces = SSET_INITIALIZER(&egress_ifaces);
- if (br_int) {
- get_local_iface_ids(br_int, &lport_to_iface, local_lports,
- &egress_ifaces);
- }
- SBREC_PORT_BINDING_TABLE_FOR_EACH_TRACKED (binding_rec, pb_table) {
- /* XXX: currently OVSDB change tracking doesn't support getting old
- * data when the operation is update, so if a port-binding moved from
- * this chassis to another, there is no easy way to find out the
- * change. To workaround this problem, we just makes sure if
- * any port *related to* this chassis has any change, then trigger
- * recompute.
- *
- * - If a regular VIF is unbound from this chassis, the local ovsdb
- * interface table will be updated, which will trigger recompute.
- *
- * - If the port is not a regular VIF, always trigger recompute. */
- if (binding_rec->chassis == chassis_rec
- || is_our_chassis(chassis_rec, binding_rec,
- active_tunnels, &lport_to_iface, local_lports)
- || strcmp(binding_rec->type, "")) {
- changed = true;
- break;
- }
- }
-
- shash_destroy(&lport_to_iface);
- sset_destroy(&egress_ifaces);
- return changed;
-}
-
-/* Returns true if the database is all cleaned up, false if more work is
- * required. */
-bool
-binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_port_binding_table *port_binding_table,
- const struct sbrec_chassis *chassis_rec)
-{
- if (!ovnsb_idl_txn) {
- return false;
- }
- if (!chassis_rec) {
- return true;
- }
-
- const struct sbrec_port_binding *binding_rec;
- bool any_changes = false;
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding_rec, port_binding_table) {
- if (binding_rec->chassis == chassis_rec) {
- if (binding_rec->encap)
- sbrec_port_binding_set_encap(binding_rec, NULL);
- sbrec_port_binding_set_chassis(binding_rec, NULL);
- any_changes = true;
- }
- }
-
- if (any_changes) {
- ovsdb_idl_txn_add_comment(
- ovnsb_idl_txn,
- "ovn-controller: removing all port bindings for '%s'",
- chassis_rec->name);
- }
-
- return !any_changes;
-}
diff --git a/ovn/controller/binding.h b/ovn/controller/binding.h
deleted file mode 100644
index 8d949263099..00000000000
--- a/ovn/controller/binding.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OVN_BINDING_H
-#define OVN_BINDING_H 1
-
-#include
-
-struct hmap;
-struct ovsdb_idl;
-struct ovsdb_idl_index;
-struct ovsdb_idl_txn;
-struct ovsrec_bridge;
-struct ovsrec_port_table;
-struct ovsrec_qos_table;
-struct sbrec_chassis;
-struct sbrec_port_binding_table;
-struct sset;
-
-void binding_register_ovs_idl(struct ovsdb_idl *);
-void binding_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_txn *ovs_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct ovsrec_port_table *,
- const struct ovsrec_qos_table *,
- const struct sbrec_port_binding_table *,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *,
- const struct sset *active_tunnels,
- struct hmap *local_datapaths,
- struct sset *local_lports, struct sset *local_lport_ids);
-bool binding_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_port_binding_table *,
- const struct sbrec_chassis *);
-bool binding_evaluate_port_binding_changes(
- const struct sbrec_port_binding_table *,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *,
- struct sset *active_tunnels,
- struct sset *local_lports);
-
-#endif /* ovn/binding.h */
diff --git a/ovn/controller/chassis.c b/ovn/controller/chassis.c
deleted file mode 100644
index 04b98d86c98..00000000000
--- a/ovn/controller/chassis.c
+++ /dev/null
@@ -1,671 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include
-
-#include "chassis.h"
-
-#include "lib/smap.h"
-#include "lib/sset.h"
-#include "lib/vswitch-idl.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/vlog.h"
-#include "openvswitch/ofp-parse.h"
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn-controller.h"
-#include "lib/util.h"
-
-VLOG_DEFINE_THIS_MODULE(chassis);
-
-#ifndef HOST_NAME_MAX
-/* For windows. */
-#define HOST_NAME_MAX 255
-#endif /* HOST_NAME_MAX */
-
-/*
- * Structure to hold chassis specific state (currently just chassis-id)
- * to avoid database lookups when changes happen while the controller is
- * running.
- */
-struct chassis_info {
- /* Last ID we initialized the Chassis SB record with. */
- struct ds id;
-
- /* True if Chassis SB record is initialized, false otherwise. */
- uint32_t id_inited : 1;
-};
-
-static struct chassis_info chassis_state = {
- .id = DS_EMPTY_INITIALIZER,
- .id_inited = false,
-};
-
-static void
-chassis_info_set_id(struct chassis_info *info, const char *id)
-{
- ds_clear(&info->id);
- ds_put_cstr(&info->id, id);
- info->id_inited = true;
-}
-
-static bool
-chassis_info_id_inited(const struct chassis_info *info)
-{
- return info->id_inited;
-}
-
-static const char *
-chassis_info_id(const struct chassis_info *info)
-{
- return ds_cstr_ro(&info->id);
-}
-
-/*
- * Structure for storing the chassis config parsed from the ovs table.
- */
-struct ovs_chassis_cfg {
- /* Single string fields parsed from external-ids. */
- const char *hostname;
- const char *bridge_mappings;
- const char *datapath_type;
- const char *encap_csum;
- const char *cms_options;
- const char *chassis_macs;
-
- /* Set of encap types parsed from the 'ovn-encap-type' external-id. */
- struct sset encap_type_set;
- /* Set of encap IPs parsed from the 'ovn-encap-type' external-id. */
- struct sset encap_ip_set;
- /* Interface type list formatted in the OVN-SB Chassis required format. */
- struct ds iface_types;
-};
-
-static void
-ovs_chassis_cfg_init(struct ovs_chassis_cfg *cfg)
-{
- sset_init(&cfg->encap_type_set);
- sset_init(&cfg->encap_ip_set);
- ds_init(&cfg->iface_types);
-}
-
-static void
-ovs_chassis_cfg_destroy(struct ovs_chassis_cfg *cfg)
-{
- sset_destroy(&cfg->encap_type_set);
- sset_destroy(&cfg->encap_ip_set);
- ds_destroy(&cfg->iface_types);
-}
-
-void
-chassis_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_open_vswitch);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_external_ids);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_iface_types);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_datapath_type);
-}
-
-static const char *
-get_hostname(const struct smap *ext_ids)
-{
- const char *hostname = smap_get_def(ext_ids, "hostname", "");
-
- if (strlen(hostname) == 0) {
- static char hostname_[HOST_NAME_MAX + 1];
-
- if (gethostname(hostname_, sizeof(hostname_))) {
- hostname_[0] = 0;
- }
-
- return &hostname_[0];
- }
-
- return hostname;
-}
-
-static const char *
-get_bridge_mappings(const struct smap *ext_ids)
-{
- return smap_get_def(ext_ids, "ovn-bridge-mappings", "");
-}
-
-static const char *
-get_chassis_mac_mappings(const struct smap *ext_ids)
-{
- return smap_get_def(ext_ids, "ovn-chassis-mac-mappings", "");
-}
-
-static const char *
-get_cms_options(const struct smap *ext_ids)
-{
- return smap_get_def(ext_ids, "ovn-cms-options", "");
-}
-
-static const char *
-get_encap_csum(const struct smap *ext_ids)
-{
- return smap_get_def(ext_ids, "ovn-encap-csum", "true");
-}
-
-static const char *
-get_datapath_type(const struct ovsrec_bridge *br_int)
-{
- if (br_int && br_int->datapath_type) {
- return br_int->datapath_type;
- }
-
- return "";
-}
-
-static void
-update_chassis_transport_zones(const struct sset *transport_zones,
- const struct sbrec_chassis *chassis_rec)
-{
- struct sset chassis_tzones_set = SSET_INITIALIZER(&chassis_tzones_set);
- for (int i = 0; i < chassis_rec->n_transport_zones; i++) {
- sset_add(&chassis_tzones_set, chassis_rec->transport_zones[i]);
- }
-
- /* Only update the transport zones if something changed */
- if (!sset_equals(transport_zones, &chassis_tzones_set)) {
- const char **ls_arr = sset_array(transport_zones);
- sbrec_chassis_set_transport_zones(chassis_rec, ls_arr,
- sset_count(transport_zones));
- free(ls_arr);
- }
-
- sset_destroy(&chassis_tzones_set);
-}
-
-/*
- * Parse an ovs 'encap_type' string and stores the resulting types in the
- * 'encap_type_set' string set.
- */
-static bool
-chassis_parse_ovs_encap_type(const char *encap_type,
- struct sset *encap_type_set)
-{
- sset_from_delimited_string(encap_type_set, encap_type, ",");
-
- const char *type;
-
- SSET_FOR_EACH (type, encap_type_set) {
- if (!get_tunnel_type(type)) {
- VLOG_INFO("Unknown tunnel type: %s", type);
- }
- }
-
- return true;
-}
-
-/*
- * Parse an ovs 'encap_ip' string and stores the resulting IP representations
- * in the 'encap_ip_set' string set.
- */
-static bool
-chassis_parse_ovs_encap_ip(const char *encap_ip, struct sset *encap_ip_set)
-{
- sset_from_delimited_string(encap_ip_set, encap_ip, ",");
- return true;
-}
-
-/*
- * Parse the ovs 'iface_types' and store them in the format required by the
- * Chassis record.
- */
-static bool
-chassis_parse_ovs_iface_types(char **iface_types, size_t n_iface_types,
- struct ds *iface_types_str)
-{
- for (size_t i = 0; i < n_iface_types; i++) {
- ds_put_format(iface_types_str, "%s,", iface_types[i]);
- }
- ds_chomp(iface_types_str, ',');
- return true;
-}
-
-/*
- * Parse the 'ovs_table' entry and populate 'ovs_cfg'.
- */
-static bool
-chassis_parse_ovs_config(const struct ovsrec_open_vswitch_table *ovs_table,
- const struct ovsrec_bridge *br_int,
- struct ovs_chassis_cfg *ovs_cfg)
-{
- const struct ovsrec_open_vswitch *cfg =
- ovsrec_open_vswitch_table_first(ovs_table);
-
- if (!cfg) {
- VLOG_INFO("No Open_vSwitch row defined.");
- return false;
- }
-
- const char *encap_type = smap_get(&cfg->external_ids, "ovn-encap-type");
- const char *encap_ips = smap_get(&cfg->external_ids, "ovn-encap-ip");
- if (!encap_type || !encap_ips) {
- VLOG_INFO("Need to specify an encap type and ip");
- return false;
- }
-
- ovs_cfg->hostname = get_hostname(&cfg->external_ids);
- ovs_cfg->bridge_mappings = get_bridge_mappings(&cfg->external_ids);
- ovs_cfg->datapath_type = get_datapath_type(br_int);
- ovs_cfg->encap_csum = get_encap_csum(&cfg->external_ids);
- ovs_cfg->cms_options = get_cms_options(&cfg->external_ids);
- ovs_cfg->chassis_macs = get_chassis_mac_mappings(&cfg->external_ids);
-
- if (!chassis_parse_ovs_encap_type(encap_type, &ovs_cfg->encap_type_set)) {
- return false;
- }
-
- if (!chassis_parse_ovs_encap_ip(encap_ips, &ovs_cfg->encap_ip_set)) {
- sset_destroy(&ovs_cfg->encap_type_set);
- return false;
- }
-
- if (!chassis_parse_ovs_iface_types(cfg->iface_types,
- cfg->n_iface_types,
- &ovs_cfg->iface_types)) {
- sset_destroy(&ovs_cfg->encap_type_set);
- sset_destroy(&ovs_cfg->encap_ip_set);
- }
-
- return true;
-}
-
-static void
-chassis_build_external_ids(struct smap *ext_ids, const char *bridge_mappings,
- const char *datapath_type, const char *cms_options,
- const char *chassis_macs, const char *iface_types)
-{
- smap_replace(ext_ids, "ovn-bridge-mappings", bridge_mappings);
- smap_replace(ext_ids, "datapath-type", datapath_type);
- smap_replace(ext_ids, "ovn-cms-options", cms_options);
- smap_replace(ext_ids, "iface-types", iface_types);
- smap_replace(ext_ids, "ovn-chassis-mac-mappings", chassis_macs);
-}
-
-/*
- * Returns true if any external-id doesn't match the values in 'chassis-rec'.
- */
-static bool
-chassis_external_ids_changed(const char *bridge_mappings,
- const char *datapath_type,
- const char *cms_options,
- const char *chassis_macs,
- const struct ds *iface_types,
- const struct sbrec_chassis *chassis_rec)
-{
- const char *chassis_bridge_mappings =
- get_bridge_mappings(&chassis_rec->external_ids);
-
- if (strcmp(bridge_mappings, chassis_bridge_mappings)) {
- return true;
- }
-
- const char *chassis_datapath_type =
- smap_get_def(&chassis_rec->external_ids, "datapath-type", "");
-
- if (strcmp(datapath_type, chassis_datapath_type)) {
- return true;
- }
-
- const char *chassis_cms_options =
- get_cms_options(&chassis_rec->external_ids);
-
- if (strcmp(cms_options, chassis_cms_options)) {
- return true;
- }
-
- const char *chassis_mac_mappings =
- get_chassis_mac_mappings(&chassis_rec->external_ids);
- if (strcmp(chassis_macs, chassis_mac_mappings)) {
- return true;
- }
-
- const char *chassis_iface_types =
- smap_get_def(&chassis_rec->external_ids, "iface-types", "");
-
- if (strcmp(ds_cstr_ro(iface_types), chassis_iface_types)) {
- return true;
- }
-
- return false;
-}
-
-/*
- * Returns true if the tunnel config obtained by combining 'encap_type_set'
- * with 'encap_ip_set' and 'encap_csum' doesn't match the values in
- * 'chassis-rec'.
- */
-static bool
-chassis_tunnels_changed(const struct sset *encap_type_set,
- const struct sset *encap_ip_set,
- const char *encap_csum,
- const struct sbrec_chassis *chassis_rec)
-{
- size_t encap_type_count = 0;
-
- for (int i = 0; i < chassis_rec->n_encaps; i++) {
- if (strcmp(chassis_rec->name, chassis_rec->encaps[i]->chassis_name)) {
- return true;
- }
-
- if (!sset_contains(encap_type_set, chassis_rec->encaps[i]->type)) {
- return true;
- }
- encap_type_count++;
-
- if (!sset_contains(encap_ip_set, chassis_rec->encaps[i]->ip)) {
- return true;
- }
-
- if (strcmp(smap_get_def(&chassis_rec->encaps[i]->options, "csum", ""),
- encap_csum)) {
- return true;
- }
- }
-
- size_t tunnel_count =
- sset_count(encap_type_set) * sset_count(encap_ip_set);
-
- if (tunnel_count != chassis_rec->n_encaps) {
- return true;
- }
-
- if (sset_count(encap_type_set) != encap_type_count) {
- return true;
- }
-
- return false;
-}
-
-/*
- * Build the new encaps config (full mesh of 'encap_type_set' and
- * 'encap_ip_set'). Allocates and stores the new 'n_encap' Encap records in
- * 'encaps'.
- */
-static struct sbrec_encap **
-chassis_build_encaps(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sset *encap_type_set,
- const struct sset *encap_ip_set,
- const char *chassis_id,
- const char *encap_csum,
- size_t *n_encap)
-{
- size_t tunnel_count = 0;
-
- struct sbrec_encap **encaps =
- xmalloc(sset_count(encap_type_set) * sset_count(encap_ip_set) *
- sizeof(*encaps));
- const struct smap options = SMAP_CONST1(&options, "csum", encap_csum);
-
- const char *encap_ip;
- const char *encap_type;
-
- SSET_FOR_EACH (encap_ip, encap_ip_set) {
- SSET_FOR_EACH (encap_type, encap_type_set) {
- struct sbrec_encap *encap = sbrec_encap_insert(ovnsb_idl_txn);
-
- sbrec_encap_set_type(encap, encap_type);
- sbrec_encap_set_ip(encap, encap_ip);
- sbrec_encap_set_options(encap, &options);
- sbrec_encap_set_chassis_name(encap, chassis_id);
-
- encaps[tunnel_count] = encap;
- tunnel_count++;
- }
- }
-
- *n_encap = tunnel_count;
- return encaps;
-}
-
-/*
- * Returns a pointer to a chassis record from 'chassis_table' that
- * matches at least one tunnel config.
- */
-static const struct sbrec_chassis *
-chassis_get_stale_record(const struct sbrec_chassis_table *chassis_table,
- const struct ovs_chassis_cfg *ovs_cfg,
- const char *chassis_id)
-{
- const struct sbrec_chassis *chassis_rec;
-
- SBREC_CHASSIS_TABLE_FOR_EACH (chassis_rec, chassis_table) {
- for (size_t i = 0; i < chassis_rec->n_encaps; i++) {
- if (sset_contains(&ovs_cfg->encap_type_set,
- chassis_rec->encaps[i]->type) &&
- sset_contains(&ovs_cfg->encap_ip_set,
- chassis_rec->encaps[i]->ip)) {
- return chassis_rec;
- }
- if (strcmp(chassis_rec->name, chassis_id) == 0) {
- return chassis_rec;
- }
- }
- }
-
- return NULL;
-}
-
-/* If this is a chassis config update after we initialized the record once
- * then we should always be able to find it with the ID we saved in
- * chassis_state.
- * Otherwise (i.e., first time we create the record) then we check if there's
- * a stale record from a previous controller run that didn't end gracefully
- * and reuse it. If not then we create a new record.
- */
-static const struct sbrec_chassis *
-chassis_get_record(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct sbrec_chassis_table *chassis_table,
- const struct ovs_chassis_cfg *ovs_cfg,
- const char *chassis_id)
-{
- const struct sbrec_chassis *chassis_rec;
-
- if (chassis_info_id_inited(&chassis_state)) {
- chassis_rec = chassis_lookup_by_name(sbrec_chassis_by_name,
- chassis_info_id(&chassis_state));
- if (!chassis_rec) {
- VLOG_WARN("Could not find Chassis : stored (%s) ovs (%s)",
- chassis_info_id(&chassis_state), chassis_id);
- }
- } else {
- chassis_rec =
- chassis_get_stale_record(chassis_table, ovs_cfg, chassis_id);
-
- if (!chassis_rec && ovnsb_idl_txn) {
- chassis_rec = sbrec_chassis_insert(ovnsb_idl_txn);
- }
- }
- return chassis_rec;
-}
-
-/* Update a Chassis record based on the config in the ovs config. */
-static void
-chassis_update(const struct sbrec_chassis *chassis_rec,
- struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct ovs_chassis_cfg *ovs_cfg,
- const char *chassis_id,
- const struct sset *transport_zones)
-{
- if (strcmp(chassis_id, chassis_rec->name)) {
- sbrec_chassis_set_name(chassis_rec, chassis_id);
- }
-
- if (strcmp(ovs_cfg->hostname, chassis_rec->hostname)) {
- sbrec_chassis_set_hostname(chassis_rec, ovs_cfg->hostname);
- }
-
- if (chassis_external_ids_changed(ovs_cfg->bridge_mappings,
- ovs_cfg->datapath_type,
- ovs_cfg->cms_options,
- ovs_cfg->chassis_macs,
- &ovs_cfg->iface_types,
- chassis_rec)) {
- struct smap ext_ids;
-
- smap_clone(&ext_ids, &chassis_rec->external_ids);
- chassis_build_external_ids(&ext_ids, ovs_cfg->bridge_mappings,
- ovs_cfg->datapath_type,
- ovs_cfg->cms_options,
- ovs_cfg->chassis_macs,
- ds_cstr_ro(&ovs_cfg->iface_types));
- sbrec_chassis_verify_external_ids(chassis_rec);
- sbrec_chassis_set_external_ids(chassis_rec, &ext_ids);
- smap_destroy(&ext_ids);
- }
-
- update_chassis_transport_zones(transport_zones, chassis_rec);
-
- /* If any of the encaps should change, update them. */
- bool tunnels_changed =
- chassis_tunnels_changed(&ovs_cfg->encap_type_set,
- &ovs_cfg->encap_ip_set, ovs_cfg->encap_csum,
- chassis_rec);
- if (!tunnels_changed) {
- return;
- }
-
- struct sbrec_encap **encaps;
- size_t n_encap;
-
- encaps =
- chassis_build_encaps(ovnsb_idl_txn, &ovs_cfg->encap_type_set,
- &ovs_cfg->encap_ip_set, chassis_id,
- ovs_cfg->encap_csum, &n_encap);
- sbrec_chassis_set_encaps(chassis_rec, encaps, n_encap);
- free(encaps);
-}
-
-/* Returns this chassis's Chassis record, if it is available. */
-const struct sbrec_chassis *
-chassis_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct ovsrec_open_vswitch_table *ovs_table,
- const struct sbrec_chassis_table *chassis_table,
- const char *chassis_id,
- const struct ovsrec_bridge *br_int,
- const struct sset *transport_zones)
-{
- struct ovs_chassis_cfg ovs_cfg;
-
- /* Get the chassis config from the ovs table. */
- ovs_chassis_cfg_init(&ovs_cfg);
- if (!chassis_parse_ovs_config(ovs_table, br_int, &ovs_cfg)) {
- return NULL;
- }
-
- const struct sbrec_chassis *chassis_rec =
- chassis_get_record(ovnsb_idl_txn, sbrec_chassis_by_name,
- chassis_table, &ovs_cfg, chassis_id);
-
- /* If we found (or created) a record, update it with the correct config
- * and store the current chassis_id for fast lookup in case it gets
- * modified in the ovs table.
- */
- if (chassis_rec && ovnsb_idl_txn) {
- chassis_update(chassis_rec, ovnsb_idl_txn, &ovs_cfg, chassis_id,
- transport_zones);
- chassis_info_set_id(&chassis_state, chassis_id);
- ovsdb_idl_txn_add_comment(ovnsb_idl_txn,
- "ovn-controller: registering chassis '%s'",
- chassis_id);
- }
-
- ovs_chassis_cfg_destroy(&ovs_cfg);
- return chassis_rec;
-}
-
-bool
-chassis_get_mac(const struct sbrec_chassis *chassis_rec,
- const char *bridge_mapping,
- struct eth_addr *chassis_mac)
-{
- const char *tokens
- = get_chassis_mac_mappings(&chassis_rec->external_ids);
- if (!tokens[0]) {
- return false;
- }
-
- char *save_ptr = NULL;
- bool ret = false;
- char *tokstr = xstrdup(tokens);
-
- /* Format for a chassis mac configuration is:
- * ovn-chassis-mac-mappings="bridge-name1:MAC1,bridge-name2:MAC2"
- */
- for (char *token = strtok_r(tokstr, ",", &save_ptr);
- token != NULL;
- token = strtok_r(NULL, ",", &save_ptr)) {
- char *save_ptr2 = NULL;
- char *chassis_mac_bridge = strtok_r(token, ":", &save_ptr2);
- char *chassis_mac_str = strtok_r(NULL, "", &save_ptr2);
-
- if (!strcmp(chassis_mac_bridge, bridge_mapping)) {
- struct eth_addr temp_mac;
-
- /* Return the first chassis mac. */
- char *err_str = str_to_mac(chassis_mac_str, &temp_mac);
- if (err_str) {
- free(err_str);
- continue;
- }
-
- ret = true;
- *chassis_mac = temp_mac;
- break;
- }
- }
-
- free(tokstr);
- return ret;
-}
-
-/* Returns true if the database is all cleaned up, false if more work is
- * required. */
-bool
-chassis_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_chassis *chassis_rec)
-{
- if (!chassis_rec) {
- return true;
- }
- if (ovnsb_idl_txn) {
- ovsdb_idl_txn_add_comment(ovnsb_idl_txn,
- "ovn-controller: unregistering chassis '%s'",
- chassis_rec->name);
- sbrec_chassis_delete(chassis_rec);
- }
- return false;
-}
-
-/*
- * Returns the last initialized chassis-id.
- */
-const char *
-chassis_get_id(void)
-{
- if (chassis_info_id_inited(&chassis_state)) {
- return chassis_info_id(&chassis_state);
- }
-
- return NULL;
-}
diff --git a/ovn/controller/chassis.h b/ovn/controller/chassis.h
deleted file mode 100644
index 16a131a3bfb..00000000000
--- a/ovn/controller/chassis.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_CHASSIS_H
-#define OVN_CHASSIS_H 1
-
-#include
-
-struct ovsdb_idl;
-struct ovsdb_idl_index;
-struct ovsdb_idl_txn;
-struct ovsrec_bridge;
-struct ovsrec_open_vswitch_table;
-struct sbrec_chassis;
-struct sbrec_chassis_table;
-struct sset;
-struct eth_addr;
-
-void chassis_register_ovs_idl(struct ovsdb_idl *);
-const struct sbrec_chassis *chassis_run(
- struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct ovsrec_open_vswitch_table *,
- const struct sbrec_chassis_table *,
- const char *chassis_id, const struct ovsrec_bridge *br_int,
- const struct sset *transport_zones);
-bool chassis_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_chassis *);
-bool chassis_get_mac(const struct sbrec_chassis *chassis,
- const char *bridge_mapping,
- struct eth_addr *chassis_mac);
-const char *chassis_get_id(void);
-
-#endif /* ovn/chassis.h */
diff --git a/ovn/controller/encaps.c b/ovn/controller/encaps.c
deleted file mode 100644
index d4a436df318..00000000000
--- a/ovn/controller/encaps.c
+++ /dev/null
@@ -1,409 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "encaps.h"
-
-#include "lib/hash.h"
-#include "lib/sset.h"
-#include "lib/util.h"
-#include "lib/vswitch-idl.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn-controller.h"
-
-VLOG_DEFINE_THIS_MODULE(encaps);
-
-/*
- * Given there could be multiple tunnels with different IPs to the same
- * chassis we annotate the ovn-chassis-id with
- * OVN_MVTEP_CHASSISID_DELIM.
- */
-#define OVN_MVTEP_CHASSISID_DELIM '@'
-
-void
-encaps_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_ports);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_port);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_interfaces);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_external_ids);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_type);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_options);
-}
-
-/* Enough context to create a new tunnel, using tunnel_add(). */
-struct tunnel_ctx {
- /* Maps from a chassis name to "struct chassis_node *". */
- struct shash chassis;
-
- /* Names of all ports in the bridge, to allow checking uniqueness when
- * adding a new tunnel. */
- struct sset port_names;
-
- struct ovsdb_idl_txn *ovs_txn;
- const struct ovsrec_bridge *br_int;
-};
-
-struct chassis_node {
- const struct ovsrec_port *port;
- const struct ovsrec_bridge *bridge;
-};
-
-static char *
-tunnel_create_name(struct tunnel_ctx *tc, const char *chassis_id)
-{
- int i;
-
- for (i = 0; i < UINT16_MAX; i++) {
- char *port_name;
- port_name = xasprintf("ovn-%.6s-%x", chassis_id, i);
-
- if (!sset_contains(&tc->port_names, port_name)) {
- return port_name;
- }
-
- free(port_name);
- }
-
- return NULL;
-}
-
-/*
- * Returns a tunnel-id of the form 'chassis_id'-delimiter-'encap_ip'.
- */
-char *
-encaps_tunnel_id_create(const char *chassis_id, const char *encap_ip)
-{
- return xasprintf("%s%c%s", chassis_id, OVN_MVTEP_CHASSISID_DELIM,
- encap_ip);
-}
-
-/*
- * Parses a 'tunnel_id' of the form .
- * If the 'chassis_id' argument is not NULL the function will allocate memory
- * and store the chassis-id part of the tunnel-id at '*chassis_id'.
- * If the 'encap_ip' argument is not NULL the function will allocate memory
- * and store the encapsulation IP part of the tunnel-id at '*encap_ip'.
- */
-bool
-encaps_tunnel_id_parse(const char *tunnel_id, char **chassis_id,
- char **encap_ip)
-{
- /* Find the delimiter. Fail if there is no delimiter or if
- * or is the empty string.*/
- const char *d = strchr(tunnel_id, OVN_MVTEP_CHASSISID_DELIM);
- if (d == tunnel_id || !d || !d[1]) {
- return false;
- }
-
- if (chassis_id) {
- *chassis_id = xmemdup0(tunnel_id, d - tunnel_id);
- }
- if (encap_ip) {
- *encap_ip = xstrdup(d + 1);
- }
- return true;
-}
-
-/*
- * Returns true if 'tunnel_id' contains 'chassis_id' and, if specified, the
- * given 'encap_ip'. Returns false otherwise.
- */
-bool
-encaps_tunnel_id_match(const char *tunnel_id, const char *chassis_id,
- const char *encap_ip)
-{
- while (*tunnel_id == *chassis_id) {
- if (!*tunnel_id) {
- /* 'tunnel_id' and 'chassis_id' are equal strings. This is a
- * mismatch because 'tunnel_id' is missing the delimiter and IP. */
- return false;
- }
- tunnel_id++;
- chassis_id++;
- }
-
- /* We found the first byte that disagrees between 'tunnel_id' and
- * 'chassis_id'. If we consumed all of 'chassis_id' and arrived at the
- * delimiter in 'tunnel_id' (and if 'encap_ip' is correct, if it was
- * supplied), it's a match. */
- return (*tunnel_id == OVN_MVTEP_CHASSISID_DELIM
- && *chassis_id == '\0'
- && (!encap_ip || !strcmp(tunnel_id + 1, encap_ip)));
-}
-
-static void
-tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg,
- const char *new_chassis_id, const struct sbrec_encap *encap)
-{
- struct smap options = SMAP_INITIALIZER(&options);
- smap_add(&options, "remote_ip", encap->ip);
- smap_add(&options, "key", "flow");
- const char *dst_port = smap_get(&encap->options, "dst_port");
- const char *csum = smap_get(&encap->options, "csum");
- char *tunnel_entry_id = NULL;
-
- /*
- * Since a chassis may have multiple encap-ip, we can't just add the
- * chassis name as as the "ovn-chassis-id" for the port; we use the
- * combination of the chassis_name and the encap-ip to identify
- * a specific tunnel to the chassis.
- */
- tunnel_entry_id = encaps_tunnel_id_create(new_chassis_id, encap->ip);
- if (csum && (!strcmp(csum, "true") || !strcmp(csum, "false"))) {
- smap_add(&options, "csum", csum);
- }
- if (dst_port) {
- smap_add(&options, "dst_port", dst_port);
- }
-
- /* Add auth info if ipsec is enabled. */
- if (sbg->ipsec) {
- smap_add(&options, "remote_name", new_chassis_id);
- }
-
- /* If there's an existing chassis record that does not need any change,
- * keep it. Otherwise, create a new record (if there was an existing
- * record, the new record will supplant it and encaps_run() will delete
- * it). */
- struct chassis_node *chassis = shash_find_data(&tc->chassis,
- tunnel_entry_id);
- if (chassis
- && chassis->port->n_interfaces == 1
- && !strcmp(chassis->port->interfaces[0]->type, encap->type)
- && smap_equal(&chassis->port->interfaces[0]->options, &options)) {
- shash_find_and_delete(&tc->chassis, tunnel_entry_id);
- free(chassis);
- goto exit;
- }
-
- /* Choose a name for the new port. If we're replacing an old port, reuse
- * its name, otherwise generate a new, unique name. */
- char *port_name = (chassis
- ? xstrdup(chassis->port->name)
- : tunnel_create_name(tc, new_chassis_id));
- if (!port_name) {
- VLOG_WARN("Unable to allocate unique name for '%s' tunnel",
- new_chassis_id);
- goto exit;
- }
-
- struct ovsrec_interface *iface = ovsrec_interface_insert(tc->ovs_txn);
- ovsrec_interface_set_name(iface, port_name);
- ovsrec_interface_set_type(iface, encap->type);
- ovsrec_interface_set_options(iface, &options);
-
- struct ovsrec_port *port = ovsrec_port_insert(tc->ovs_txn);
- ovsrec_port_set_name(port, port_name);
- ovsrec_port_set_interfaces(port, &iface, 1);
- const struct smap id = SMAP_CONST1(&id, "ovn-chassis-id", tunnel_entry_id);
- ovsrec_port_set_external_ids(port, &id);
-
- ovsrec_bridge_update_ports_addvalue(tc->br_int, port);
-
- sset_add_and_free(&tc->port_names, port_name);
-
-exit:
- free(tunnel_entry_id);
- smap_destroy(&options);
-}
-
-struct sbrec_encap *
-preferred_encap(const struct sbrec_chassis *chassis_rec)
-{
- struct sbrec_encap *best_encap = NULL;
- uint32_t best_type = 0;
-
- for (int i = 0; i < chassis_rec->n_encaps; i++) {
- uint32_t tun_type = get_tunnel_type(chassis_rec->encaps[i]->type);
- if (tun_type > best_type) {
- best_type = tun_type;
- best_encap = chassis_rec->encaps[i];
- }
- }
-
- return best_encap;
-}
-
-/*
- * For each peer chassis, get a preferred tunnel type and create as many tunnels
- * as there are VTEP of that type (differentiated by remote_ip) on that chassis.
- */
-static int
-chassis_tunnel_add(const struct sbrec_chassis *chassis_rec, const struct sbrec_sb_global *sbg, struct tunnel_ctx *tc)
-{
- struct sbrec_encap *encap = preferred_encap(chassis_rec);
- int tuncnt = 0;
-
- if (!encap) {
- VLOG_INFO("chassis_tunnel_add: No supported encaps for '%s'", chassis_rec->name);
- return tuncnt;
- }
-
- uint32_t pref_type = get_tunnel_type(encap->type);
- for (int i = 0; i < chassis_rec->n_encaps; i++) {
- uint32_t tun_type = get_tunnel_type(chassis_rec->encaps[i]->type);
- if (tun_type != pref_type) {
- continue;
- }
- tunnel_add(tc, sbg, chassis_rec->name, chassis_rec->encaps[i]);
- tuncnt++;
- }
- return tuncnt;
-}
-
-/*
-* Returns true if transport_zones and chassis_rec->transport_zones
-* have at least one common transport zone.
-*/
-static bool
-chassis_tzones_overlap(const struct sset *transport_zones,
- const struct sbrec_chassis *chassis_rec)
-{
- /* If neither Chassis belongs to any transport zones, return true to
- * form a tunnel between them */
- if (!chassis_rec->n_transport_zones && sset_is_empty(transport_zones)) {
- return true;
- }
-
- for (int i = 0; i < chassis_rec->n_transport_zones; i++) {
- if (sset_contains(transport_zones, chassis_rec->transport_zones[i])) {
- return true;
- }
- }
- return false;
-}
-
-void
-encaps_run(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis_table *chassis_table,
- const char *chassis_id,
- const struct sbrec_sb_global *sbg,
- const struct sset *transport_zones)
-{
- if (!ovs_idl_txn || !br_int) {
- return;
- }
-
- const struct sbrec_chassis *chassis_rec;
- const struct ovsrec_bridge *br;
-
- struct tunnel_ctx tc = {
- .chassis = SHASH_INITIALIZER(&tc.chassis),
- .port_names = SSET_INITIALIZER(&tc.port_names),
- .br_int = br_int
- };
-
- tc.ovs_txn = ovs_idl_txn;
- ovsdb_idl_txn_add_comment(tc.ovs_txn,
- "ovn-controller: modifying OVS tunnels '%s'",
- chassis_id);
-
- /* Collect all port names into tc.port_names.
- *
- * Collect all the OVN-created tunnels into tc.tunnel_hmap. */
- OVSREC_BRIDGE_TABLE_FOR_EACH (br, bridge_table) {
- for (size_t i = 0; i < br->n_ports; i++) {
- const struct ovsrec_port *port = br->ports[i];
- sset_add(&tc.port_names, port->name);
-
- /*
- * note that the id here is not just the chassis name, but the
- * combination of
- */
- const char *id = smap_get(&port->external_ids, "ovn-chassis-id");
- if (id) {
- if (!shash_find(&tc.chassis, id)) {
- struct chassis_node *chassis = xzalloc(sizeof *chassis);
- chassis->bridge = br;
- chassis->port = port;
- shash_add_assert(&tc.chassis, id, chassis);
- } else {
- /* Duplicate port for ovn-chassis-id. Arbitrarily choose
- * to delete this one. */
- ovsrec_bridge_update_ports_delvalue(br, port);
- }
- }
- }
- }
-
- SBREC_CHASSIS_TABLE_FOR_EACH (chassis_rec, chassis_table) {
- if (strcmp(chassis_rec->name, chassis_id)) {
- /* Create tunnels to the other Chassis belonging to the
- * same transport zone */
- if (!chassis_tzones_overlap(transport_zones, chassis_rec)) {
- VLOG_DBG("Skipping encap creation for Chassis '%s' because "
- "it belongs to different transport zones",
- chassis_rec->name);
- continue;
- }
-
- if (chassis_tunnel_add(chassis_rec, sbg, &tc) == 0) {
- VLOG_INFO("Creating encap for '%s' failed", chassis_rec->name);
- continue;
- }
- }
- }
-
- /* Delete any existing OVN tunnels that were not still around. */
- struct shash_node *node, *next_node;
- SHASH_FOR_EACH_SAFE (node, next_node, &tc.chassis) {
- struct chassis_node *chassis = node->data;
- ovsrec_bridge_update_ports_delvalue(chassis->bridge, chassis->port);
- shash_delete(&tc.chassis, node);
- free(chassis);
- }
- shash_destroy(&tc.chassis);
- sset_destroy(&tc.port_names);
-}
-
-/* Returns true if the database is all cleaned up, false if more work is
- * required. */
-bool
-encaps_cleanup(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge *br_int)
-{
- if (!br_int) {
- return true;
- }
-
- /* Delete all the OVS-created tunnels from the integration bridge. */
- struct ovsrec_port **ports
- = xmalloc(sizeof *br_int->ports * br_int->n_ports);
- size_t n = 0;
- for (size_t i = 0; i < br_int->n_ports; i++) {
- if (!smap_get(&br_int->ports[i]->external_ids, "ovn-chassis-id")) {
- ports[n++] = br_int->ports[i];
- }
- }
-
- bool any_changes = n != br_int->n_ports;
- if (any_changes && ovs_idl_txn) {
- ovsdb_idl_txn_add_comment(ovs_idl_txn,
- "ovn-controller: destroying tunnels");
- ovsrec_bridge_verify_ports(br_int);
- ovsrec_bridge_set_ports(br_int, ports, n);
- }
- free(ports);
-
- return !any_changes;
-}
diff --git a/ovn/controller/encaps.h b/ovn/controller/encaps.h
deleted file mode 100644
index afa41830ae5..00000000000
--- a/ovn/controller/encaps.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* Copyright (c) 2015 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_ENCAPS_H
-#define OVN_ENCAPS_H 1
-
-#include
-
-struct ovsdb_idl;
-struct ovsdb_idl_txn;
-struct ovsrec_bridge;
-struct ovsrec_bridge_table;
-struct sbrec_chassis_table;
-struct sbrec_sb_global;
-struct ovsrec_open_vswitch_table;
-struct sset;
-
-void encaps_register_ovs_idl(struct ovsdb_idl *);
-void encaps_run(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis_table *,
- const char *chassis_id,
- const struct sbrec_sb_global *,
- const struct sset *transport_zones);
-
-bool encaps_cleanup(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge *br_int);
-
-char *encaps_tunnel_id_create(const char *chassis_id, const char *encap_ip);
-bool encaps_tunnel_id_parse(const char *tunnel_id, char **chassis_id,
- char **encap_ip);
-bool encaps_tunnel_id_match(const char *tunnel_id, const char *chassis_id,
- const char *encap_ip);
-
-#endif /* ovn/encaps.h */
diff --git a/ovn/controller/ha-chassis.c b/ovn/controller/ha-chassis.c
deleted file mode 100644
index 498e5ce5a5f..00000000000
--- a/ovn/controller/ha-chassis.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/* Copyright (c) 2019 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "ha-chassis.h"
-#include "lib/sset.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-VLOG_DEFINE_THIS_MODULE(ha_chassis);
-
-static int
-compare_chassis_prio_(const void *a_, const void *b_)
-{
- const struct sbrec_ha_chassis *ch_a = a_;
- const struct sbrec_ha_chassis *ch_b = b_;
- int prio_diff = ch_b->priority - ch_a->priority;
- if (!prio_diff) {
- return strcmp(ch_b->chassis->name, ch_a->chassis->name);
- }
- return prio_diff;
-}
-
-/* Returns the ordered HA chassis list in the HA chassis group.
- * Eg. If an HA chassis group has 3 HA chassis
- * - HA1 - pri 30
- * - HA2 - pri 40 and
- * - HA3 - pri 20
- * and the ref_chassis of HA chassis group is set to - C1 and C2.
- *
- * If active_tunnels is NULL, then it returns the ordered list
- * - (HA2, HA1, HA3)
- *
- * If active_tunnels is set to - (HA1, HA2, C1, C2) and
- * local_chassis is HA3, then it returns the ordered list
- * - (HA2, HA1, HA3)
- *
- * If active_tunnels is set to - (HA1, C1, C2) and
- * local_chassis is HA3, then it returns the ordered list
- * - (HA1, HA3)
- *
- * If active_tunnels is set to - (C1, C2) and
- * local_chassis is HA3, then it returns the ordered list
- * - (HA3)
- *
- * If active_tunnels is set is empty and local_chassis is HA3,
- * then it returns NULL.
- */
-static struct ha_chassis_ordered *
-get_ordered_ha_chassis_list(const struct sbrec_ha_chassis_group *ha_ch_grp,
- const struct sset *active_tunnels,
- const struct sbrec_chassis *local_chassis)
-{
- struct sbrec_ha_chassis *ha_ch_order =
- xzalloc(sizeof *ha_ch_order * ha_ch_grp->n_ha_chassis);
-
- size_t n_ha_ch = 0;
-
- for (size_t i = 0; i < ha_ch_grp->n_ha_chassis; i++) {
- if (!ha_ch_grp->ha_chassis[i]->chassis) {
- continue;
- }
-
- /* Don't add it to the list for ordering if it is not active. */
- if (ha_ch_grp->ha_chassis[i]->chassis != local_chassis &&
- active_tunnels &&
- !sset_contains(active_tunnels,
- ha_ch_grp->ha_chassis[i]->chassis->name)) {
- continue;
- }
-
- ha_ch_order[n_ha_ch].chassis = ha_ch_grp->ha_chassis[i]->chassis;
- ha_ch_order[n_ha_ch].priority = ha_ch_grp->ha_chassis[i]->priority;
- n_ha_ch++;
- }
-
- if (!n_ha_ch) {
- free(ha_ch_order);
- return NULL;
- }
-
- struct ha_chassis_ordered *ordered_ha_ch;
- if (n_ha_ch == 1) {
- if (active_tunnels) {
- /* If n_ha_ch is 1, it means only the local chassis is in the
- * ha_ch_order list. Check if this local chassis has active
- * bfd session with any of the referenced chassis. If so,
- * then the local chassis can be active. Otherwise it can't.
- * This can happen in the following scenario.
- * Lets say we have chassis HA1 (prioirty 20) and HA2 (priority 10)
- * in the ha_chasis_group and compute chassis C1 and C2 are in the
- * reference chassis list. If HA1 chassis has lost the link and
- * when this function is called for HA2 we need to consider
- * HA2 as active since it has active BFD sessions with C1 and C2.
- * On HA1 chassis, this function won't be called since
- * active_tunnels set will be empty.
- * */
- bool can_local_chassis_be_active = false;
- for (size_t i = 0; i < ha_ch_grp->n_ref_chassis; i++) {
- if (sset_contains(active_tunnels,
- ha_ch_grp->ref_chassis[i]->name)) {
- can_local_chassis_be_active = true;
- break;
- }
- }
- if (!can_local_chassis_be_active) {
- free(ha_ch_order);
- return NULL;
- }
- }
- } else {
- qsort(ha_ch_order, n_ha_ch, sizeof *ha_ch_order,
- compare_chassis_prio_);
- }
-
- ordered_ha_ch = xmalloc(sizeof *ordered_ha_ch);
- ordered_ha_ch->ha_ch = ha_ch_order;
- ordered_ha_ch->n_ha_ch = n_ha_ch;
-
- return ordered_ha_ch;
-}
-
-void
-ha_chassis_destroy_ordered(struct ha_chassis_ordered *ordered_ha_ch)
-{
- if (ordered_ha_ch) {
- free(ordered_ha_ch->ha_ch);
- free(ordered_ha_ch);
- }
-}
-
-
-/* Returns true if the local_chassis is the master of
- * the HA chassis group, false otherwise. */
-bool
-ha_chassis_group_is_active(
- const struct sbrec_ha_chassis_group *ha_ch_grp,
- const struct sset *active_tunnels,
- const struct sbrec_chassis *local_chassis)
-{
- if (!ha_ch_grp || !ha_ch_grp->n_ha_chassis) {
- return false;
- }
-
- if (ha_ch_grp->n_ha_chassis == 1) {
- return (ha_ch_grp->ha_chassis[0]->chassis == local_chassis);
- }
-
- if (sset_is_empty(active_tunnels)) {
- /* If active tunnel sset is empty, it means it has lost
- * connectivity with other chassis. */
- return false;
- }
-
- struct ha_chassis_ordered *ordered_ha_ch =
- get_ordered_ha_chassis_list(ha_ch_grp, active_tunnels, local_chassis);
- if (!ordered_ha_ch) {
- return false;
- }
-
- struct sbrec_chassis *active_ch = ordered_ha_ch->ha_ch[0].chassis;
- ha_chassis_destroy_ordered(ordered_ha_ch);
-
- return (active_ch == local_chassis);
-}
-
-bool
-ha_chassis_group_contains(
- const struct sbrec_ha_chassis_group *ha_chassis_grp,
- const struct sbrec_chassis *chassis)
-{
- if (ha_chassis_grp && chassis) {
- for (size_t i = 0; i < ha_chassis_grp->n_ha_chassis; i++) {
- if (ha_chassis_grp->ha_chassis[i]->chassis == chassis) {
- return true;
- }
- }
- }
- return false;
-}
-
-struct ha_chassis_ordered *
-ha_chassis_get_ordered(const struct sbrec_ha_chassis_group *ha_chassis_grp)
-{
- if (!ha_chassis_grp || !ha_chassis_grp->n_ha_chassis) {
- return NULL;
- }
-
- return get_ordered_ha_chassis_list(ha_chassis_grp, NULL, NULL);
-}
diff --git a/ovn/controller/ha-chassis.h b/ovn/controller/ha-chassis.h
deleted file mode 100644
index 3768c2a5c05..00000000000
--- a/ovn/controller/ha-chassis.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* Copyright (c) 2019 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_HA_CHASSIS_H
-#define OVN_HA_CHASSIS_H 1
-
-#include
-#include "openvswitch/hmap.h"
-#include "openvswitch/list.h"
-
-struct sbrec_chassis;
-struct sbrec_ha_chassis_group;
-struct sset;
-
-struct ha_chassis_ordered {
- struct sbrec_ha_chassis *ha_ch;
- size_t n_ha_ch;
-};
-
-/* Returns true if the local chassis is the active gateway among a set
- * of gateway_chassis. Return false if the local chassis is currently a
- * backup in a set of multiple gateway_chassis. */
-bool ha_chassis_group_is_active(
- const struct sbrec_ha_chassis_group *ha_chassis_grp,
- const struct sset *active_tunnels,
- const struct sbrec_chassis *local_chassis);
-
-bool ha_chassis_group_contains(
- const struct sbrec_ha_chassis_group *ha_chassis_grp,
- const struct sbrec_chassis *chassis);
-
-struct ha_chassis_ordered *ha_chassis_get_ordered(
- const struct sbrec_ha_chassis_group *ha_chassis_grp);
-
-void ha_chassis_destroy_ordered(
- struct ha_chassis_ordered *ordered_ha_ch);
-
-#endif /* OVN_HA_CHASSIS_H */
diff --git a/ovn/controller/ip-mcast.c b/ovn/controller/ip-mcast.c
deleted file mode 100644
index ef36be2ca46..00000000000
--- a/ovn/controller/ip-mcast.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "ip-mcast.h"
-#include "lport.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-/*
- * Used for (faster) updating of IGMP_Group ports.
- */
-struct igmp_group_port {
- struct hmap_node hmap_node;
- const struct sbrec_port_binding *port;
-};
-
-struct ovsdb_idl_index *
-igmp_group_index_create(struct ovsdb_idl *idl)
-{
- const struct ovsdb_idl_index_column cols[] = {
- { .column = &sbrec_igmp_group_col_address },
- { .column = &sbrec_igmp_group_col_datapath },
- { .column = &sbrec_igmp_group_col_chassis },
- };
-
- return ovsdb_idl_index_create(idl, cols, ARRAY_SIZE(cols));
-}
-
-/* Looks up an IGMP group based on an IPv4 (mapped in IPv6) or IPv6 'address'
- * and 'datapath'.
- */
-const struct sbrec_igmp_group *
-igmp_group_lookup(struct ovsdb_idl_index *igmp_groups,
- const struct in6_addr *address,
- const struct sbrec_datapath_binding *datapath,
- const struct sbrec_chassis *chassis)
-{
- char addr_str[INET6_ADDRSTRLEN];
-
- if (!ipv6_string_mapped(addr_str, address)) {
- return NULL;
- }
-
- struct sbrec_igmp_group *target =
- sbrec_igmp_group_index_init_row(igmp_groups);
-
- sbrec_igmp_group_index_set_address(target, addr_str);
- sbrec_igmp_group_index_set_datapath(target, datapath);
- sbrec_igmp_group_index_set_chassis(target, chassis);
-
- const struct sbrec_igmp_group *g =
- sbrec_igmp_group_index_find(igmp_groups, target);
- sbrec_igmp_group_index_destroy_row(target);
- return g;
-}
-
-/* Creates and returns a new IGMP group based on an IPv4 (mapped in IPv6) or
- * IPv6 'address', 'datapath' and 'chassis'.
- */
-struct sbrec_igmp_group *
-igmp_group_create(struct ovsdb_idl_txn *idl_txn,
- const struct in6_addr *address,
- const struct sbrec_datapath_binding *datapath,
- const struct sbrec_chassis *chassis)
-{
- char addr_str[INET6_ADDRSTRLEN];
-
- if (!ipv6_string_mapped(addr_str, address)) {
- return NULL;
- }
-
- struct sbrec_igmp_group *g = sbrec_igmp_group_insert(idl_txn);
-
- sbrec_igmp_group_set_address(g, addr_str);
- sbrec_igmp_group_set_datapath(g, datapath);
- sbrec_igmp_group_set_chassis(g, chassis);
-
- return g;
-}
-
-void
-igmp_group_update_ports(const struct sbrec_igmp_group *g,
- struct ovsdb_idl_index *datapaths,
- struct ovsdb_idl_index *port_bindings,
- const struct mcast_snooping *ms OVS_UNUSED,
- const struct mcast_group *mc_group)
- OVS_REQ_RDLOCK(ms->rwlock)
-{
- struct igmp_group_port *old_ports_storage =
- (g->n_ports ? xmalloc(g->n_ports * sizeof *old_ports_storage) : NULL);
-
- struct hmap old_ports = HMAP_INITIALIZER(&old_ports);
-
- for (size_t i = 0; i < g->n_ports; i++) {
- struct igmp_group_port *old_port = &old_ports_storage[i];
-
- old_port->port = g->ports[i];
- hmap_insert(&old_ports, &old_port->hmap_node,
- old_port->port->tunnel_key);
- }
-
- struct mcast_group_bundle *bundle;
- uint64_t dp_key = g->datapath->tunnel_key;
-
- LIST_FOR_EACH (bundle, bundle_node, &mc_group->bundle_lru) {
- uint32_t port_key = (uintptr_t)bundle->port;
- const struct sbrec_port_binding *sbrec_port =
- lport_lookup_by_key(datapaths, port_bindings, dp_key, port_key);
- if (!sbrec_port) {
- continue;
- }
-
- struct hmap_node *node = hmap_first_with_hash(&old_ports, port_key);
- if (!node) {
- sbrec_igmp_group_update_ports_addvalue(g, sbrec_port);
- } else {
- hmap_remove(&old_ports, node);
- }
- }
-
- struct igmp_group_port *igmp_port;
- HMAP_FOR_EACH_POP (igmp_port, hmap_node, &old_ports) {
- sbrec_igmp_group_update_ports_delvalue(g, igmp_port->port);
- }
-
- free(old_ports_storage);
- hmap_destroy(&old_ports);
-}
-
-void
-igmp_group_delete(const struct sbrec_igmp_group *g)
-{
- sbrec_igmp_group_delete(g);
-}
-
-bool
-igmp_group_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *igmp_groups)
-{
- const struct sbrec_igmp_group *g;
-
- if (!ovnsb_idl_txn) {
- return true;
- }
-
- SBREC_IGMP_GROUP_FOR_EACH_BYINDEX (g, igmp_groups) {
- igmp_group_delete(g);
- }
-
- return true;
-}
diff --git a/ovn/controller/ip-mcast.h b/ovn/controller/ip-mcast.h
deleted file mode 100644
index 6014f43d504..00000000000
--- a/ovn/controller/ip-mcast.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_IP_MCAST_H
-#define OVN_IP_MCAST_H 1
-
-#include "mcast-snooping.h"
-
-struct ovsdb_idl;
-struct ovsdb_idl_txn;
-
-struct sbrec_chassis;
-struct sbrec_datapath_binding;
-
-struct ovsdb_idl_index *igmp_group_index_create(struct ovsdb_idl *);
-const struct sbrec_igmp_group *igmp_group_lookup(
- struct ovsdb_idl_index *igmp_groups,
- const struct in6_addr *address,
- const struct sbrec_datapath_binding *datapath,
- const struct sbrec_chassis *chassis);
-
-struct sbrec_igmp_group *igmp_group_create(
- struct ovsdb_idl_txn *idl_txn,
- const struct in6_addr *address,
- const struct sbrec_datapath_binding *datapath,
- const struct sbrec_chassis *chassis);
-
-void igmp_group_update_ports(const struct sbrec_igmp_group *g,
- struct ovsdb_idl_index *datapaths,
- struct ovsdb_idl_index *port_bindings,
- const struct mcast_snooping *ms,
- const struct mcast_group *mc_group)
- OVS_REQ_RDLOCK(ms->rwlock);
-
-void igmp_group_delete(const struct sbrec_igmp_group *g);
-
-bool igmp_group_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *igmp_groups);
-
-#endif /* ovn/controller/ip-mcast.h */
diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
deleted file mode 100644
index 1aafafb33ce..00000000000
--- a/ovn/controller/lflow.c
+++ /dev/null
@@ -1,898 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "lflow.h"
-#include "coverage.h"
-#include "ha-chassis.h"
-#include "lport.h"
-#include "ofctrl.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofpbuf.h"
-#include "openvswitch/vlog.h"
-#include "ovn-controller.h"
-#include "ovn/actions.h"
-#include "ovn/expr.h"
-#include "ovn/lib/ovn-l7.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/extend-table.h"
-#include "packets.h"
-#include "physical.h"
-#include "simap.h"
-#include "sset.h"
-
-VLOG_DEFINE_THIS_MODULE(lflow);
-
-COVERAGE_DEFINE(lflow_run);
-
-/* Symbol table. */
-
-/* Contains "struct expr_symbol"s for fields supported by OVN lflows. */
-static struct shash symtab;
-
-void
-lflow_init(void)
-{
- ovn_init_symtab(&symtab);
-}
-
-struct lookup_port_aux {
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath;
- struct ovsdb_idl_index *sbrec_port_binding_by_name;
- const struct sbrec_datapath_binding *dp;
-};
-
-struct condition_aux {
- struct ovsdb_idl_index *sbrec_port_binding_by_name;
- const struct sbrec_chassis *chassis;
- const struct sset *active_tunnels;
-};
-
-static bool consider_logical_flow(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_logical_flow *,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *,
- struct hmap *dhcp_opts,
- struct hmap *dhcpv6_opts,
- struct hmap *nd_ra_opts,
- struct controller_event_options *controller_event_opts,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs);
-
-static bool
-lookup_port_cb(const void *aux_, const char *port_name, unsigned int *portp)
-{
- const struct lookup_port_aux *aux = aux_;
-
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(aux->sbrec_port_binding_by_name, port_name);
- if (pb && pb->datapath == aux->dp) {
- *portp = pb->tunnel_key;
- return true;
- }
-
- const struct sbrec_multicast_group *mg = mcgroup_lookup_by_dp_name(
- aux->sbrec_multicast_group_by_name_datapath, aux->dp, port_name);
- if (mg) {
- *portp = mg->tunnel_key;
- return true;
- }
-
- return false;
-}
-
-static bool
-is_chassis_resident_cb(const void *c_aux_, const char *port_name)
-{
- const struct condition_aux *c_aux = c_aux_;
-
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(c_aux->sbrec_port_binding_by_name, port_name);
- if (!pb) {
- return false;
- }
- if (strcmp(pb->type, "chassisredirect")) {
- /* for non-chassisredirect ports */
- return pb->chassis && pb->chassis == c_aux->chassis;
- } else {
- if (ha_chassis_group_contains(pb->ha_chassis_group,
- c_aux->chassis)) {
- bool active = ha_chassis_group_is_active(pb->ha_chassis_group,
- c_aux->active_tunnels,
- c_aux->chassis);
- return active;
- }
- return false;
- }
-}
-
-static bool
-is_switch(const struct sbrec_datapath_binding *ldp)
-{
- return smap_get(&ldp->external_ids, "logical-switch") != NULL;
-
-}
-
-void
-lflow_resource_init(struct lflow_resource_ref *lfrr)
-{
- hmap_init(&lfrr->ref_lflow_table);
- hmap_init(&lfrr->lflow_ref_table);
-}
-
-void
-lflow_resource_destroy(struct lflow_resource_ref *lfrr)
-{
- struct ref_lflow_node *rlfn, *rlfn_next;
- HMAP_FOR_EACH_SAFE (rlfn, rlfn_next, node, &lfrr->ref_lflow_table) {
- free(rlfn->ref_name);
- struct lflow_ref_list_node *lrln, *next;
- LIST_FOR_EACH_SAFE (lrln, next, ref_list, &rlfn->ref_lflow_head) {
- ovs_list_remove(&lrln->ref_list);
- ovs_list_remove(&lrln->lflow_list);
- free(lrln);
- }
- hmap_remove(&lfrr->ref_lflow_table, &rlfn->node);
- free(rlfn);
- }
- hmap_destroy(&lfrr->ref_lflow_table);
-
- struct lflow_ref_node *lfrn, *lfrn_next;
- HMAP_FOR_EACH_SAFE (lfrn, lfrn_next, node, &lfrr->lflow_ref_table) {
- hmap_remove(&lfrr->lflow_ref_table, &lfrn->node);
- free(lfrn);
- }
- hmap_destroy(&lfrr->lflow_ref_table);
-}
-
-void
-lflow_resource_clear(struct lflow_resource_ref *lfrr)
-{
- lflow_resource_destroy(lfrr);
- lflow_resource_init(lfrr);
-}
-
-static struct ref_lflow_node*
-ref_lflow_lookup(struct hmap *ref_lflow_table,
- enum ref_type type, const char *ref_name)
-{
- struct ref_lflow_node *rlfn;
-
- HMAP_FOR_EACH_WITH_HASH (rlfn, node, hash_string(ref_name, type),
- ref_lflow_table) {
- if (rlfn->type == type && !strcmp(rlfn->ref_name, ref_name)) {
- return rlfn;
- }
- }
- return NULL;
-}
-
-static struct lflow_ref_node*
-lflow_ref_lookup(struct hmap *lflow_ref_table,
- const struct uuid *lflow_uuid)
-{
- struct lflow_ref_node *lfrn;
-
- HMAP_FOR_EACH_WITH_HASH (lfrn, node, uuid_hash(lflow_uuid),
- lflow_ref_table) {
- if (uuid_equals(&lfrn->lflow_uuid, lflow_uuid)) {
- return lfrn;
- }
- }
- return NULL;
-}
-
-static void
-lflow_resource_add(struct lflow_resource_ref *lfrr, enum ref_type type,
- const char *ref_name, const struct uuid *lflow_uuid)
-{
- struct ref_lflow_node *rlfn = ref_lflow_lookup(&lfrr->ref_lflow_table,
- type, ref_name);
- if (!rlfn) {
- rlfn = xzalloc(sizeof *rlfn);
- rlfn->node.hash = hash_string(ref_name, type);
- rlfn->type = type;
- rlfn->ref_name = xstrdup(ref_name);
- ovs_list_init(&rlfn->ref_lflow_head);
- hmap_insert(&lfrr->ref_lflow_table, &rlfn->node, rlfn->node.hash);
- }
-
- struct lflow_ref_node *lfrn = lflow_ref_lookup(&lfrr->lflow_ref_table,
- lflow_uuid);
- if (!lfrn) {
- lfrn = xzalloc(sizeof *lfrn);
- lfrn->node.hash = uuid_hash(lflow_uuid);
- lfrn->lflow_uuid = *lflow_uuid;
- ovs_list_init(&lfrn->lflow_ref_head);
- hmap_insert(&lfrr->lflow_ref_table, &lfrn->node, lfrn->node.hash);
- }
-
- struct lflow_ref_list_node *lrln = xzalloc(sizeof *lrln);
- lrln->type = type;
- lrln->ref_name = xstrdup(ref_name);
- lrln->lflow_uuid = *lflow_uuid;
- ovs_list_push_back(&rlfn->ref_lflow_head, &lrln->ref_list);
- ovs_list_push_back(&lfrn->lflow_ref_head, &lrln->lflow_list);
-}
-
-static void
-lflow_resource_destroy_lflow(struct lflow_resource_ref *lfrr,
- const struct uuid *lflow_uuid)
-{
- struct lflow_ref_node *lfrn = lflow_ref_lookup(&lfrr->lflow_ref_table,
- lflow_uuid);
- if (!lfrn) {
- return;
- }
-
- hmap_remove(&lfrr->lflow_ref_table, &lfrn->node);
- struct lflow_ref_list_node *lrln, *next;
- LIST_FOR_EACH_SAFE (lrln, next, lflow_list, &lfrn->lflow_ref_head) {
- ovs_list_remove(&lrln->ref_list);
- ovs_list_remove(&lrln->lflow_list);
- free(lrln);
- }
- free(lfrn);
-}
-
-/* Adds the logical flows from the Logical_Flow table to flow tables. */
-static void
-add_logical_flows(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *dhcp_options_table,
- const struct sbrec_dhcpv6_options_table *dhcpv6_options_table,
- const struct sbrec_logical_flow_table *logical_flow_table,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *chassis,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *flow_table,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs)
-{
- const struct sbrec_logical_flow *lflow;
-
- struct hmap dhcp_opts = HMAP_INITIALIZER(&dhcp_opts);
- struct hmap dhcpv6_opts = HMAP_INITIALIZER(&dhcpv6_opts);
- const struct sbrec_dhcp_options *dhcp_opt_row;
- SBREC_DHCP_OPTIONS_TABLE_FOR_EACH (dhcp_opt_row, dhcp_options_table) {
- dhcp_opt_add(&dhcp_opts, dhcp_opt_row->name, dhcp_opt_row->code,
- dhcp_opt_row->type);
- }
-
-
- const struct sbrec_dhcpv6_options *dhcpv6_opt_row;
- SBREC_DHCPV6_OPTIONS_TABLE_FOR_EACH (dhcpv6_opt_row,
- dhcpv6_options_table) {
- dhcp_opt_add(&dhcpv6_opts, dhcpv6_opt_row->name, dhcpv6_opt_row->code,
- dhcpv6_opt_row->type);
- }
-
- struct hmap nd_ra_opts = HMAP_INITIALIZER(&nd_ra_opts);
- nd_ra_opts_init(&nd_ra_opts);
-
- struct controller_event_options controller_event_opts;
- controller_event_opts_init(&controller_event_opts);
-
- SBREC_LOGICAL_FLOW_TABLE_FOR_EACH (lflow, logical_flow_table) {
- if (!consider_logical_flow(sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,
- lflow, local_datapaths,
- chassis, &dhcp_opts, &dhcpv6_opts,
- &nd_ra_opts, &controller_event_opts,
- addr_sets, port_groups,
- active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table,
- lfrr, conj_id_ofs)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 5);
- VLOG_ERR_RL(&rl, "Conjunction id overflow when processing lflow "
- UUID_FMT, UUID_ARGS(&lflow->header_.uuid));
- }
- }
-
- dhcp_opts_destroy(&dhcp_opts);
- dhcp_opts_destroy(&dhcpv6_opts);
- nd_ra_opts_destroy(&nd_ra_opts);
- controller_event_opts_destroy(&controller_event_opts);
-}
-
-bool
-lflow_handle_changed_flows(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *dhcp_options_table,
- const struct sbrec_dhcpv6_options_table *dhcpv6_options_table,
- const struct sbrec_logical_flow_table *logical_flow_table,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *chassis,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *flow_table,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs)
-{
- bool ret = true;
- const struct sbrec_logical_flow *lflow;
-
- struct hmap dhcp_opts = HMAP_INITIALIZER(&dhcp_opts);
- struct hmap dhcpv6_opts = HMAP_INITIALIZER(&dhcpv6_opts);
- const struct sbrec_dhcp_options *dhcp_opt_row;
- SBREC_DHCP_OPTIONS_TABLE_FOR_EACH (dhcp_opt_row, dhcp_options_table) {
- dhcp_opt_add(&dhcp_opts, dhcp_opt_row->name, dhcp_opt_row->code,
- dhcp_opt_row->type);
- }
-
-
- const struct sbrec_dhcpv6_options *dhcpv6_opt_row;
- SBREC_DHCPV6_OPTIONS_TABLE_FOR_EACH (dhcpv6_opt_row,
- dhcpv6_options_table) {
- dhcp_opt_add(&dhcpv6_opts, dhcpv6_opt_row->name, dhcpv6_opt_row->code,
- dhcpv6_opt_row->type);
- }
-
- struct hmap nd_ra_opts = HMAP_INITIALIZER(&nd_ra_opts);
- nd_ra_opts_init(&nd_ra_opts);
-
- /* Handle removed flows first, and then other flows, so that when
- * the flows being added and removed have same match conditions
- * can be processed in the proper order */
- SBREC_LOGICAL_FLOW_TABLE_FOR_EACH_TRACKED (lflow, logical_flow_table) {
- /* Remove any flows that should be removed. */
- if (sbrec_logical_flow_is_deleted(lflow)) {
- VLOG_DBG("handle deleted lflow "UUID_FMT,
- UUID_ARGS(&lflow->header_.uuid));
- ofctrl_remove_flows(flow_table, &lflow->header_.uuid);
- /* Delete entries from lflow resource reference. */
- lflow_resource_destroy_lflow(lfrr, &lflow->header_.uuid);
- }
- }
-
- struct controller_event_options controller_event_opts;
- controller_event_opts_init(&controller_event_opts);
-
- SBREC_LOGICAL_FLOW_TABLE_FOR_EACH_TRACKED (lflow, logical_flow_table) {
- if (!sbrec_logical_flow_is_deleted(lflow)) {
- /* Now, add/modify existing flows. If the logical
- * flow is a modification, just remove the flows
- * for this row, and then add new flows. */
- if (!sbrec_logical_flow_is_new(lflow)) {
- VLOG_DBG("handle updated lflow "UUID_FMT,
- UUID_ARGS(&lflow->header_.uuid));
- ofctrl_remove_flows(flow_table, &lflow->header_.uuid);
- /* Delete entries from lflow resource reference. */
- lflow_resource_destroy_lflow(lfrr, &lflow->header_.uuid);
- }
- VLOG_DBG("handle new lflow "UUID_FMT,
- UUID_ARGS(&lflow->header_.uuid));
- if (!consider_logical_flow(sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,
- lflow, local_datapaths,
- chassis, &dhcp_opts, &dhcpv6_opts,
- &nd_ra_opts, &controller_event_opts,
- addr_sets, port_groups,
- active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table,
- lfrr, conj_id_ofs)) {
- ret = false;
- break;
- }
- }
- }
- dhcp_opts_destroy(&dhcp_opts);
- dhcp_opts_destroy(&dhcpv6_opts);
- nd_ra_opts_destroy(&nd_ra_opts);
- controller_event_opts_destroy(&controller_event_opts);
- return ret;
-}
-
-bool
-lflow_handle_changed_ref(
- enum ref_type ref_type,
- const char *ref_name,
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *dhcp_options_table,
- const struct sbrec_dhcpv6_options_table *dhcpv6_options_table,
- const struct sbrec_logical_flow_table *logical_flow_table,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *chassis,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *flow_table,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs,
- bool *changed)
-{
- struct ref_lflow_node *rlfn = ref_lflow_lookup(&lfrr->ref_lflow_table,
- ref_type, ref_name);
- if (!rlfn) {
- *changed = false;
- return true;
- }
- VLOG_DBG("Handle changed lflow reference for resource type: %d,"
- " name: %s.", ref_type, ref_name);
- *changed = false;
- bool ret = true;
-
- hmap_remove(&lfrr->ref_lflow_table, &rlfn->node);
-
- struct lflow_ref_list_node *lrln, *next;
- /* Detach the rlfn->ref_lflow_head nodes from the lfrr table and clean
- * up all other nodes related to the lflows that uses the resource,
- * so that the old nodes won't interfere with updating the lfrr table
- * when reparsing the lflows. */
- LIST_FOR_EACH (lrln, ref_list, &rlfn->ref_lflow_head) {
- ovs_list_remove(&lrln->lflow_list);
- lflow_resource_destroy_lflow(lfrr, &lrln->lflow_uuid);
- }
-
- struct hmap dhcp_opts = HMAP_INITIALIZER(&dhcp_opts);
- struct hmap dhcpv6_opts = HMAP_INITIALIZER(&dhcpv6_opts);
- const struct sbrec_dhcp_options *dhcp_opt_row;
- SBREC_DHCP_OPTIONS_TABLE_FOR_EACH (dhcp_opt_row, dhcp_options_table) {
- dhcp_opt_add(&dhcp_opts, dhcp_opt_row->name, dhcp_opt_row->code,
- dhcp_opt_row->type);
- }
-
- const struct sbrec_dhcpv6_options *dhcpv6_opt_row;
- SBREC_DHCPV6_OPTIONS_TABLE_FOR_EACH(dhcpv6_opt_row, dhcpv6_options_table) {
- dhcp_opt_add(&dhcpv6_opts, dhcpv6_opt_row->name, dhcpv6_opt_row->code,
- dhcpv6_opt_row->type);
- }
-
- struct hmap nd_ra_opts = HMAP_INITIALIZER(&nd_ra_opts);
- nd_ra_opts_init(&nd_ra_opts);
-
- struct controller_event_options controller_event_opts;
- controller_event_opts_init(&controller_event_opts);
-
- /* Re-parse the related lflows. */
- LIST_FOR_EACH (lrln, ref_list, &rlfn->ref_lflow_head) {
- const struct sbrec_logical_flow *lflow =
- sbrec_logical_flow_table_get_for_uuid(logical_flow_table,
- &lrln->lflow_uuid);
- if (!lflow) {
- VLOG_DBG("Reprocess lflow "UUID_FMT" for resource type: %d,"
- " name: %s - not found.",
- UUID_ARGS(&lrln->lflow_uuid),
- ref_type, ref_name);
- continue;
- }
- VLOG_DBG("Reprocess lflow "UUID_FMT" for resource type: %d,"
- " name: %s.",
- UUID_ARGS(&lrln->lflow_uuid),
- ref_type, ref_name);
- ofctrl_remove_flows(flow_table, &lrln->lflow_uuid);
-
- if (!consider_logical_flow(sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,
- lflow, local_datapaths,
- chassis, &dhcp_opts, &dhcpv6_opts,
- &nd_ra_opts, &controller_event_opts,
- addr_sets, port_groups,
- active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table,
- lfrr, conj_id_ofs)) {
- ret = false;
- break;
- }
- *changed = true;
- }
-
- LIST_FOR_EACH_SAFE (lrln, next, ref_list, &rlfn->ref_lflow_head) {
- ovs_list_remove(&lrln->ref_list);
- free(lrln);
- }
- free(rlfn);
-
- dhcp_opts_destroy(&dhcp_opts);
- dhcp_opts_destroy(&dhcpv6_opts);
- nd_ra_opts_destroy(&nd_ra_opts);
- controller_event_opts_destroy(&controller_event_opts);
- return ret;
-}
-
-static bool
-update_conj_id_ofs(uint32_t *conj_id_ofs, uint32_t n_conjs)
-{
- if (*conj_id_ofs + n_conjs < *conj_id_ofs) {
- /* overflow */
- return false;
- }
- *conj_id_ofs += n_conjs;
- return true;
-}
-
-static bool
-consider_logical_flow(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_logical_flow *lflow,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *chassis,
- struct hmap *dhcp_opts,
- struct hmap *dhcpv6_opts,
- struct hmap *nd_ra_opts,
- struct controller_event_options *controller_event_opts,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *flow_table,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs)
-{
- /* Determine translation of logical table IDs to physical table IDs. */
- bool ingress = !strcmp(lflow->pipeline, "ingress");
-
- const struct sbrec_datapath_binding *ldp = lflow->logical_datapath;
- if (!ldp) {
- VLOG_DBG("lflow "UUID_FMT" has no datapath binding, skip",
- UUID_ARGS(&lflow->header_.uuid));
- return true;
- }
- if (!get_local_datapath(local_datapaths, ldp->tunnel_key)) {
- VLOG_DBG("lflow "UUID_FMT" is not for local datapath, skip",
- UUID_ARGS(&lflow->header_.uuid));
- return true;
- }
-
- /* Determine translation of logical table IDs to physical table IDs. */
- uint8_t first_ptable = (ingress
- ? OFTABLE_LOG_INGRESS_PIPELINE
- : OFTABLE_LOG_EGRESS_PIPELINE);
- uint8_t ptable = first_ptable + lflow->table_id;
- uint8_t output_ptable = (ingress
- ? OFTABLE_REMOTE_OUTPUT
- : OFTABLE_SAVE_INPORT);
-
- /* Parse OVN logical actions.
- *
- * XXX Deny changes to 'outport' in egress pipeline. */
- uint64_t ovnacts_stub[1024 / 8];
- struct ofpbuf ovnacts = OFPBUF_STUB_INITIALIZER(ovnacts_stub);
- struct ovnact_parse_params pp = {
- .symtab = &symtab,
- .dhcp_opts = dhcp_opts,
- .dhcpv6_opts = dhcpv6_opts,
- .nd_ra_opts = nd_ra_opts,
- .controller_event_opts = controller_event_opts,
-
- .pipeline = ingress ? OVNACT_P_INGRESS : OVNACT_P_EGRESS,
- .n_tables = LOG_PIPELINE_LEN,
- .cur_ltable = lflow->table_id,
- };
- struct expr *prereqs;
- char *error;
-
- error = ovnacts_parse_string(lflow->actions, &pp, &ovnacts, &prereqs);
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "error parsing actions \"%s\": %s",
- lflow->actions, error);
- free(error);
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
- return true;
- }
-
- /* Translate OVN match into table of OpenFlow matches. */
- struct hmap matches;
- struct expr *expr;
-
- struct sset addr_sets_ref = SSET_INITIALIZER(&addr_sets_ref);
- expr = expr_parse_string(lflow->match, &symtab, addr_sets, port_groups,
- &addr_sets_ref, &error);
- const char *addr_set_name;
- SSET_FOR_EACH (addr_set_name, &addr_sets_ref) {
- lflow_resource_add(lfrr, REF_TYPE_ADDRSET, addr_set_name,
- &lflow->header_.uuid);
- }
- sset_destroy(&addr_sets_ref);
-
- if (!error) {
- if (prereqs) {
- expr = expr_combine(EXPR_T_AND, expr, prereqs);
- prereqs = NULL;
- }
- expr = expr_annotate(expr, &symtab, &error);
- }
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "error parsing match \"%s\": %s",
- lflow->match, error);
- expr_destroy(prereqs);
- free(error);
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
- return true;
- }
-
- struct lookup_port_aux aux = {
- .sbrec_multicast_group_by_name_datapath
- = sbrec_multicast_group_by_name_datapath,
- .sbrec_port_binding_by_name = sbrec_port_binding_by_name,
- .dp = lflow->logical_datapath
- };
- struct condition_aux cond_aux = {
- .sbrec_port_binding_by_name = sbrec_port_binding_by_name,
- .chassis = chassis,
- .active_tunnels = active_tunnels,
- };
- expr = expr_simplify(expr, is_chassis_resident_cb, &cond_aux);
- expr = expr_normalize(expr);
- uint32_t n_conjs = expr_to_matches(expr, lookup_port_cb, &aux,
- &matches);
- expr_destroy(expr);
-
- if (hmap_is_empty(&matches)) {
- VLOG_DBG("lflow "UUID_FMT" matches are empty, skip",
- UUID_ARGS(&lflow->header_.uuid));
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
- expr_matches_destroy(&matches);
- return true;
- }
-
- /* Encode OVN logical actions into OpenFlow. */
- uint64_t ofpacts_stub[1024 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
- struct ovnact_encode_params ep = {
- .lookup_port = lookup_port_cb,
- .aux = &aux,
- .is_switch = is_switch(ldp),
- .group_table = group_table,
- .meter_table = meter_table,
- .lflow_uuid = lflow->header_.uuid,
-
- .pipeline = ingress ? OVNACT_P_INGRESS : OVNACT_P_EGRESS,
- .ingress_ptable = OFTABLE_LOG_INGRESS_PIPELINE,
- .egress_ptable = OFTABLE_LOG_EGRESS_PIPELINE,
- .output_ptable = output_ptable,
- .mac_bind_ptable = OFTABLE_MAC_BINDING,
- };
- ovnacts_encode(ovnacts.data, ovnacts.size, &ep, &ofpacts);
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
-
- /* Prepare the OpenFlow matches for adding to the flow table. */
- struct expr_match *m;
- HMAP_FOR_EACH (m, hmap_node, &matches) {
- match_set_metadata(&m->match,
- htonll(lflow->logical_datapath->tunnel_key));
- if (m->match.wc.masks.conj_id) {
- m->match.flow.conj_id += *conj_id_ofs;
- }
- if (is_switch(ldp)) {
- unsigned int reg_index
- = (ingress ? MFF_LOG_INPORT : MFF_LOG_OUTPORT) - MFF_REG0;
- int64_t port_id = m->match.flow.regs[reg_index];
- if (port_id) {
- int64_t dp_id = lflow->logical_datapath->tunnel_key;
- char buf[16];
- snprintf(buf, sizeof(buf), "%"PRId64"_%"PRId64, dp_id, port_id);
- if (!sset_contains(local_lport_ids, buf)) {
- VLOG_DBG("lflow "UUID_FMT
- " port %s in match is not local, skip",
- UUID_ARGS(&lflow->header_.uuid),
- buf);
- continue;
- }
- }
- }
- if (!m->n) {
- ofctrl_add_flow(flow_table, ptable, lflow->priority,
- lflow->header_.uuid.parts[0], &m->match, &ofpacts,
- &lflow->header_.uuid);
- } else {
- uint64_t conj_stubs[64 / 8];
- struct ofpbuf conj;
-
- ofpbuf_use_stub(&conj, conj_stubs, sizeof conj_stubs);
- for (int i = 0; i < m->n; i++) {
- const struct cls_conjunction *src = &m->conjunctions[i];
- struct ofpact_conjunction *dst;
-
- dst = ofpact_put_CONJUNCTION(&conj);
- dst->id = src->id + *conj_id_ofs;
- dst->clause = src->clause;
- dst->n_clauses = src->n_clauses;
- }
- ofctrl_add_flow(flow_table, ptable, lflow->priority, 0, &m->match,
- &conj, &lflow->header_.uuid);
- ofpbuf_uninit(&conj);
- }
- }
-
- /* Clean up. */
- expr_matches_destroy(&matches);
- ofpbuf_uninit(&ofpacts);
- return update_conj_id_ofs(conj_id_ofs, n_conjs);
-}
-
-static void
-put_load(const uint8_t *data, size_t len,
- enum mf_field_id dst, int ofs, int n_bits,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_set_field *sf = ofpact_put_set_field(ofpacts,
- mf_from_id(dst), NULL,
- NULL);
- bitwise_copy(data, len, 0, sf->value, sf->field->n_bytes, ofs, n_bits);
- bitwise_one(ofpact_set_field_mask(sf), sf->field->n_bytes, ofs, n_bits);
-}
-
-static void
-consider_neighbor_flow(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_mac_binding *b,
- struct ovn_desired_flow_table *flow_table)
-{
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(sbrec_port_binding_by_name, b->logical_port);
- if (!pb) {
- return;
- }
-
- struct eth_addr mac;
- if (!eth_addr_from_string(b->mac, &mac)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'mac' %s", b->mac);
- return;
- }
-
- struct match match = MATCH_CATCHALL_INITIALIZER;
- if (strchr(b->ip, '.')) {
- ovs_be32 ip;
- if (!ip_parse(b->ip, &ip)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'ip' %s", b->ip);
- return;
- }
- match_set_reg(&match, 0, ntohl(ip));
- } else {
- struct in6_addr ip6;
- if (!ipv6_parse(b->ip, &ip6)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'ip' %s", b->ip);
- return;
- }
- ovs_be128 value;
- memcpy(&value, &ip6, sizeof(value));
- match_set_xxreg(&match, 0, ntoh128(value));
- }
-
- match_set_metadata(&match, htonll(pb->datapath->tunnel_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
-
- uint64_t stub[1024 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
- put_load(mac.ea, sizeof mac.ea, MFF_ETH_DST, 0, 48, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_MAC_BINDING, 100, 0, &match, &ofpacts,
- &b->header_.uuid);
- ofpbuf_uninit(&ofpacts);
-}
-
-/* Adds an OpenFlow flow to flow tables for each MAC binding in the OVN
- * southbound database. */
-static void
-add_neighbor_flows(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_mac_binding_table *mac_binding_table,
- struct ovn_desired_flow_table *flow_table)
-{
- const struct sbrec_mac_binding *b;
- SBREC_MAC_BINDING_TABLE_FOR_EACH (b, mac_binding_table) {
- consider_neighbor_flow(sbrec_port_binding_by_name, b, flow_table);
- }
-}
-
-/* Handles neighbor changes in mac_binding table. */
-void
-lflow_handle_changed_neighbors(
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_mac_binding_table *mac_binding_table,
- struct ovn_desired_flow_table *flow_table)
-{
-
- const struct sbrec_mac_binding *mb;
- /* Handle deleted mac_bindings first, to avoid *duplicated flow* problem
- * when same flow needs to be added. */
- SBREC_MAC_BINDING_TABLE_FOR_EACH_TRACKED (mb, mac_binding_table) {
- /* Remove any flows that should be removed. */
- if (sbrec_mac_binding_is_deleted(mb)) {
- VLOG_DBG("handle deleted mac_binding "UUID_FMT,
- UUID_ARGS(&mb->header_.uuid));
- ofctrl_remove_flows(flow_table, &mb->header_.uuid);
- }
- }
- SBREC_MAC_BINDING_TABLE_FOR_EACH_TRACKED (mb, mac_binding_table) {
- if (!sbrec_mac_binding_is_deleted(mb)) {
- if (!sbrec_mac_binding_is_new(mb)) {
- VLOG_DBG("handle updated mac_binding "UUID_FMT,
- UUID_ARGS(&mb->header_.uuid));
- ofctrl_remove_flows(flow_table, &mb->header_.uuid);
- }
- VLOG_DBG("handle new mac_binding "UUID_FMT,
- UUID_ARGS(&mb->header_.uuid));
- consider_neighbor_flow(sbrec_port_binding_by_name, mb, flow_table);
- }
- }
-}
-
-
-/* Translates logical flows in the Logical_Flow table in the OVN_SB database
- * into OpenFlow flows. See ovn-architecture(7) for more information. */
-void
-lflow_run(struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *dhcp_options_table,
- const struct sbrec_dhcpv6_options_table *dhcpv6_options_table,
- const struct sbrec_logical_flow_table *logical_flow_table,
- const struct sbrec_mac_binding_table *mac_binding_table,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *flow_table,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *lfrr,
- uint32_t *conj_id_ofs)
-{
- COVERAGE_INC(lflow_run);
-
- add_logical_flows(sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name, dhcp_options_table,
- dhcpv6_options_table, logical_flow_table,
- local_datapaths, chassis, addr_sets, port_groups,
- active_tunnels, local_lport_ids, flow_table, group_table,
- meter_table, lfrr, conj_id_ofs);
- add_neighbor_flows(sbrec_port_binding_by_name, mac_binding_table,
- flow_table);
-}
-
-void
-lflow_destroy(void)
-{
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
- ovn_destroy_ovnfields();
-}
diff --git a/ovn/controller/lflow.h b/ovn/controller/lflow.h
deleted file mode 100644
index 4e1086eb682..00000000000
--- a/ovn/controller/lflow.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_LFLOW_H
-#define OVN_LFLOW_H 1
-
-#include "ovn/logical-fields.h"
-
-/* Logical_Flow table translation to OpenFlow
- * ==========================================
- *
- * The Logical_Flow table obtained from the OVN_Southbound database works in
- * terms of logical entities, that is, logical flows among logical datapaths
- * and logical ports. This code translates these logical flows into OpenFlow
- * flows that, again, work in terms of logical entities implemented through
- * OpenFlow extensions (e.g. registers represent the logical input and output
- * ports).
- *
- * Physical-to-logical and logical-to-physical translation are implemented in
- * physical.[ch] as separate OpenFlow tables that run before and after,
- * respectively, the logical pipeline OpenFlow tables.
- */
-
-#include
-#include "openvswitch/hmap.h"
-#include "openvswitch/uuid.h"
-#include "openvswitch/list.h"
-
-struct ovn_extend_table;
-struct ovsdb_idl_index;
-struct ovn_desired_flow_table;
-struct hmap;
-struct hmap_node;
-struct sbrec_chassis;
-struct sbrec_dhcp_options_table;
-struct sbrec_dhcpv6_options_table;
-struct sbrec_logical_flow_table;
-struct sbrec_mac_binding_table;
-struct simap;
-struct sset;
-struct uuid;
-
-/* OpenFlow table numbers.
- *
- * These are heavily documented in ovn-architecture(7), please update it if
- * you make any changes. */
-#define OFTABLE_PHY_TO_LOG 0
-#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN tables. */
-#define OFTABLE_REMOTE_OUTPUT 32
-#define OFTABLE_LOCAL_OUTPUT 33
-#define OFTABLE_CHECK_LOOPBACK 34
-#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN tables. */
-#define OFTABLE_SAVE_INPORT 64
-#define OFTABLE_LOG_TO_PHY 65
-#define OFTABLE_MAC_BINDING 66
-
-/* The number of tables for the ingress and egress pipelines. */
-#define LOG_PIPELINE_LEN 24
-
-enum ref_type {
- REF_TYPE_ADDRSET,
- REF_TYPE_PORTGROUP
-};
-
-/* Maintains the relationship for a pair of named resource and
- * a lflow, indexed by both ref_lflow_table and lflow_ref_table. */
-struct lflow_ref_list_node {
- struct ovs_list lflow_list; /* list for same lflow */
- struct ovs_list ref_list; /* list for same ref */
- enum ref_type type;
- char *ref_name;
- struct uuid lflow_uuid;
-};
-
-struct ref_lflow_node {
- struct hmap_node node;
- enum ref_type type; /* key */
- char *ref_name; /* key */
- struct ovs_list ref_lflow_head;
-};
-
-struct lflow_ref_node {
- struct hmap_node node;
- struct uuid lflow_uuid; /* key */
- struct ovs_list lflow_ref_head;
-};
-
-struct lflow_resource_ref {
- /* A map from a referenced resource type & name (e.g. address_set AS1)
- * to a list of lflows that are referencing the named resource. Data
- * type of each node in this hmap is struct ref_lflow_node. The
- * ref_lflow_head in each node points to a list of
- * lflow_ref_list_node.ref_list. */
- struct hmap ref_lflow_table;
-
- /* A map from a lflow uuid to a list of named resources that are
- * referenced by the lflow. Data type of each node in this hmap is
- * struct lflow_ref_node. The lflow_ref_head in each node points to
- * a list of lflow_ref_list_node.lflow_list. */
- struct hmap lflow_ref_table;
-};
-
-void lflow_resource_init(struct lflow_resource_ref *);
-void lflow_resource_destroy(struct lflow_resource_ref *);
-void lflow_resource_clear(struct lflow_resource_ref *);
-
-void lflow_init(void);
-void lflow_run(struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *,
- const struct sbrec_dhcpv6_options_table *,
- const struct sbrec_logical_flow_table *,
- const struct sbrec_mac_binding_table *,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *,
- uint32_t *conj_id_ofs);
-
-bool lflow_handle_changed_flows(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *,
- const struct sbrec_dhcpv6_options_table *,
- const struct sbrec_logical_flow_table *,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *,
- uint32_t *conj_id_ofs);
-
-bool lflow_handle_changed_ref(
- enum ref_type,
- const char *ref_name,
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_dhcp_options_table *,
- const struct sbrec_dhcpv6_options_table *,
- const struct sbrec_logical_flow_table *,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- const struct sset *active_tunnels,
- const struct sset *local_lport_ids,
- struct ovn_desired_flow_table *,
- struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- struct lflow_resource_ref *,
- uint32_t *conj_id_ofs,
- bool *changed);
-
-void lflow_handle_changed_neighbors(
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_mac_binding_table *,
- struct ovn_desired_flow_table *);
-
-void lflow_destroy(void);
-
-#endif /* ovn/lflow.h */
diff --git a/ovn/controller/lport.c b/ovn/controller/lport.c
deleted file mode 100644
index cc5c5fbb20e..00000000000
--- a/ovn/controller/lport.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "lib/sset.h"
-#include "lport.h"
-#include "hash.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-sb-idl.h"
-VLOG_DEFINE_THIS_MODULE(lport);
-
-const struct sbrec_port_binding *
-lport_lookup_by_name(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const char *name)
-{
- struct sbrec_port_binding *pb = sbrec_port_binding_index_init_row(
- sbrec_port_binding_by_name);
- sbrec_port_binding_index_set_logical_port(pb, name);
-
- const struct sbrec_port_binding *retval = sbrec_port_binding_index_find(
- sbrec_port_binding_by_name, pb);
-
- sbrec_port_binding_index_destroy_row(pb);
-
- return retval;
-}
-
-const struct sbrec_port_binding *
-lport_lookup_by_key(struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- uint64_t dp_key, uint64_t port_key)
-{
- /* Lookup datapath corresponding to dp_key. */
- const struct sbrec_datapath_binding *db = datapath_lookup_by_key(
- sbrec_datapath_binding_by_key, dp_key);
- if (!db) {
- return NULL;
- }
-
- /* Build key for an indexed lookup. */
- struct sbrec_port_binding *pb = sbrec_port_binding_index_init_row(
- sbrec_port_binding_by_key);
- sbrec_port_binding_index_set_datapath(pb, db);
- sbrec_port_binding_index_set_tunnel_key(pb, port_key);
-
- const struct sbrec_port_binding *retval = sbrec_port_binding_index_find(
- sbrec_port_binding_by_key, pb);
-
- sbrec_port_binding_index_destroy_row(pb);
-
- return retval;
-}
-
-const struct sbrec_datapath_binding *
-datapath_lookup_by_key(struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- uint64_t dp_key)
-{
- struct sbrec_datapath_binding *db = sbrec_datapath_binding_index_init_row(
- sbrec_datapath_binding_by_key);
- sbrec_datapath_binding_index_set_tunnel_key(db, dp_key);
-
- const struct sbrec_datapath_binding *retval
- = sbrec_datapath_binding_index_find(sbrec_datapath_binding_by_key,
- db);
-
- sbrec_datapath_binding_index_destroy_row(db);
-
- return retval;
-}
-
-const struct sbrec_multicast_group *
-mcgroup_lookup_by_dp_name(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- const struct sbrec_datapath_binding *db, const char *name)
-{
- /* Build key for an indexed lookup. */
- struct sbrec_multicast_group *mc = sbrec_multicast_group_index_init_row(
- sbrec_multicast_group_by_name_datapath);
- sbrec_multicast_group_index_set_name(mc, name);
- sbrec_multicast_group_index_set_datapath(mc, db);
-
- const struct sbrec_multicast_group *retval
- = sbrec_multicast_group_index_find(
- sbrec_multicast_group_by_name_datapath, mc);
-
- sbrec_multicast_group_index_destroy_row(mc);
-
- return retval;
-}
diff --git a/ovn/controller/lport.h b/ovn/controller/lport.h
deleted file mode 100644
index 7dcd5bee0aa..00000000000
--- a/ovn/controller/lport.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_LPORT_H
-#define OVN_LPORT_H 1
-
-#include
-
-struct ovsdb_idl_index;
-struct sbrec_chassis;
-struct sbrec_datapath_binding;
-struct sbrec_multicast_group;
-struct sbrec_port_binding;
-
-
-/* Database indexes.
- * =================
- *
- * If the database IDL were a little smarter, it would allow us to directly
- * look up data based on values of its fields. It's not that smart (yet), so
- * instead we define our own indexes.
- */
-
-const struct sbrec_port_binding *lport_lookup_by_name(
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const char *name);
-
-const struct sbrec_port_binding *lport_lookup_by_key(
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- uint64_t dp_key, uint64_t port_key);
-
-const struct sbrec_datapath_binding *datapath_lookup_by_key(
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key, uint64_t dp_key);
-
-const struct sbrec_multicast_group *mcgroup_lookup_by_dp_name(
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
- const struct sbrec_datapath_binding *, const char *name);
-
-#endif /* ovn/lport.h */
diff --git a/ovn/controller/ofctrl.c b/ovn/controller/ofctrl.c
deleted file mode 100644
index 043abd69d88..00000000000
--- a/ovn/controller/ofctrl.c
+++ /dev/null
@@ -1,1393 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "bitmap.h"
-#include "byte-order.h"
-#include "dirs.h"
-#include "dp-packet.h"
-#include "flow.h"
-#include "hash.h"
-#include "hindex.h"
-#include "lflow.h"
-#include "ofctrl.h"
-#include "openflow/openflow.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/list.h"
-#include "openvswitch/match.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofp-flow.h"
-#include "openvswitch/ofp-group.h"
-#include "openvswitch/ofp-match.h"
-#include "openvswitch/ofp-msgs.h"
-#include "openvswitch/ofp-meter.h"
-#include "openvswitch/ofp-packet.h"
-#include "openvswitch/ofp-print.h"
-#include "openvswitch/ofp-util.h"
-#include "openvswitch/ofpbuf.h"
-#include "openvswitch/vlog.h"
-#include "ovn-controller.h"
-#include "ovn/actions.h"
-#include "ovn/lib/extend-table.h"
-#include "openvswitch/poll-loop.h"
-#include "physical.h"
-#include "openvswitch/rconn.h"
-#include "socket-util.h"
-#include "util.h"
-#include "vswitch-idl.h"
-
-VLOG_DEFINE_THIS_MODULE(ofctrl);
-
-/* An OpenFlow flow. */
-struct ovn_flow {
- struct hmap_node match_hmap_node; /* For match based hashing. */
- struct hindex_node uuid_hindex_node; /* For uuid based hashing. */
- struct ovs_list list_node; /* For handling lists of flows. */
-
- /* Key. */
- uint8_t table_id;
- uint16_t priority;
- struct minimatch match;
-
- /* Data. */
- struct uuid sb_uuid;
- struct ofpact *ofpacts;
- size_t ofpacts_len;
- uint64_t cookie;
-};
-
-static uint32_t ovn_flow_match_hash(const struct ovn_flow *);
-static struct ovn_flow *ovn_flow_lookup(struct hmap *flow_table,
- const struct ovn_flow *target,
- bool cmp_sb_uuid);
-static char *ovn_flow_to_string(const struct ovn_flow *);
-static void ovn_flow_log(const struct ovn_flow *, const char *action);
-static void ovn_flow_destroy(struct ovn_flow *);
-
-/* OpenFlow connection to the switch. */
-static struct rconn *swconn;
-
-/* Symbol table for OVN expressions. */
-static struct shash symtab;
-
-/* Last seen sequence number for 'swconn'. When this differs from
- * rconn_get_connection_seqno(rconn), 'swconn' has reconnected. */
-static unsigned int seqno;
-
-/* Connection state machine. */
-#define STATES \
- STATE(S_NEW) \
- STATE(S_TLV_TABLE_REQUESTED) \
- STATE(S_TLV_TABLE_MOD_SENT) \
- STATE(S_CLEAR_FLOWS) \
- STATE(S_UPDATE_FLOWS)
-enum ofctrl_state {
-#define STATE(NAME) NAME,
- STATES
-#undef STATE
-};
-
-/* An in-flight update to the switch's flow table.
- *
- * When we receive a barrier reply from the switch with the given 'xid', we
- * know that the switch is caught up to northbound database sequence number
- * 'nb_cfg' (and make that available to the client via ofctrl_get_cur_cfg(), so
- * that it can store it into our Chassis record's nb_cfg column). */
-struct ofctrl_flow_update {
- struct ovs_list list_node; /* In 'flow_updates'. */
- ovs_be32 xid; /* OpenFlow transaction ID for barrier. */
- int64_t nb_cfg; /* Northbound database sequence number. */
-};
-
-static struct ofctrl_flow_update *
-ofctrl_flow_update_from_list_node(const struct ovs_list *list_node)
-{
- return CONTAINER_OF(list_node, struct ofctrl_flow_update, list_node);
-}
-
-/* Currently in-flight updates. */
-static struct ovs_list flow_updates;
-
-/* nb_cfg of latest committed flow update. */
-static int64_t cur_cfg;
-
-/* Current state. */
-static enum ofctrl_state state;
-
-/* Transaction IDs for messages in flight to the switch. */
-static ovs_be32 xid, xid2;
-
-/* Counter for in-flight OpenFlow messages on 'swconn'. We only send a new
- * round of flow table modifications to the switch when the counter falls to
- * zero, to avoid unbounded buffering. */
-static struct rconn_packet_counter *tx_counter;
-
-/* Flow table of "struct ovn_flow"s, that holds the flow table currently
- * installed in the switch. */
-static struct hmap installed_flows;
-
-/* A reference to the group_table. */
-static struct ovn_extend_table *groups;
-
-/* A reference to the meter_table. */
-static struct ovn_extend_table *meters;
-
-/* MFF_* field ID for our Geneve option. In S_TLV_TABLE_MOD_SENT, this is
- * the option we requested (we don't know whether we obtained it yet). In
- * S_CLEAR_FLOWS or S_UPDATE_FLOWS, this is really the option we have. */
-static enum mf_field_id mff_ovn_geneve;
-
-/* Indicates if flows need to be reinstalled for scenarios when ovs
- * is restarted, even if there is no change in the desired flow table. */
-static bool need_reinstall_flows;
-
-static ovs_be32 queue_msg(struct ofpbuf *);
-
-static struct ofpbuf *encode_flow_mod(struct ofputil_flow_mod *);
-
-static struct ofpbuf *encode_group_mod(const struct ofputil_group_mod *);
-
-static struct ofpbuf *encode_meter_mod(const struct ofputil_meter_mod *);
-
-static void ovn_installed_flow_table_clear(void);
-static void ovn_installed_flow_table_destroy(void);
-
-static void ofctrl_recv(const struct ofp_header *, enum ofptype);
-
-void
-ofctrl_init(struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- int inactivity_probe_interval)
-{
- swconn = rconn_create(inactivity_probe_interval, 0,
- DSCP_DEFAULT, 1 << OFP13_VERSION);
- tx_counter = rconn_packet_counter_create();
- hmap_init(&installed_flows);
- ovs_list_init(&flow_updates);
- ovn_init_symtab(&symtab);
- groups = group_table;
- meters = meter_table;
-}
-
-/* S_NEW, for a new connection.
- *
- * Sends NXT_TLV_TABLE_REQUEST and transitions to
- * S_TLV_TABLE_REQUESTED. */
-
-static void
-run_S_NEW(void)
-{
- struct ofpbuf *buf = ofpraw_alloc(OFPRAW_NXT_TLV_TABLE_REQUEST,
- rconn_get_version(swconn), 0);
- xid = queue_msg(buf);
- state = S_TLV_TABLE_REQUESTED;
-}
-
-static void
-recv_S_NEW(const struct ofp_header *oh OVS_UNUSED,
- enum ofptype type OVS_UNUSED,
- struct shash *pending_ct_zones OVS_UNUSED)
-{
- OVS_NOT_REACHED();
-}
-
-/* S_TLV_TABLE_REQUESTED, when NXT_TLV_TABLE_REQUEST has been sent
- * and we're waiting for a reply.
- *
- * If we receive an NXT_TLV_TABLE_REPLY:
- *
- * - If it contains our tunnel metadata option, assign its field ID to
- * mff_ovn_geneve and transition to S_CLEAR_FLOWS.
- *
- * - Otherwise, if there is an unused tunnel metadata field ID, send
- * NXT_TLV_TABLE_MOD and OFPT_BARRIER_REQUEST, and transition to
- * S_TLV_TABLE_MOD_SENT.
- *
- * - Otherwise, log an error, disable Geneve, and transition to
- * S_CLEAR_FLOWS.
- *
- * If we receive an OFPT_ERROR:
- *
- * - Log an error, disable Geneve, and transition to S_CLEAR_FLOWS. */
-
-static void
-run_S_TLV_TABLE_REQUESTED(void)
-{
-}
-
-static bool
-process_tlv_table_reply(const struct ofputil_tlv_table_reply *reply)
-{
- const struct ofputil_tlv_map *map;
- uint64_t md_free = UINT64_MAX;
- BUILD_ASSERT(TUN_METADATA_NUM_OPTS == 64);
-
- LIST_FOR_EACH (map, list_node, &reply->mappings) {
- if (map->option_class == OVN_GENEVE_CLASS
- && map->option_type == OVN_GENEVE_TYPE
- && map->option_len == OVN_GENEVE_LEN) {
- if (map->index >= TUN_METADATA_NUM_OPTS) {
- VLOG_ERR("desired Geneve tunnel option 0x%"PRIx16","
- "%"PRIu8",%"PRIu8" already in use with "
- "unsupported index %"PRIu16,
- map->option_class, map->option_type,
- map->option_len, map->index);
- return false;
- } else {
- mff_ovn_geneve = MFF_TUN_METADATA0 + map->index;
- state = S_CLEAR_FLOWS;
- return true;
- }
- }
-
- if (map->index < TUN_METADATA_NUM_OPTS) {
- md_free &= ~(UINT64_C(1) << map->index);
- }
- }
-
- VLOG_DBG("OVN Geneve option not found");
- if (!md_free) {
- VLOG_ERR("no Geneve options free for use by OVN");
- return false;
- }
-
- unsigned int index = rightmost_1bit_idx(md_free);
- mff_ovn_geneve = MFF_TUN_METADATA0 + index;
- struct ofputil_tlv_map tm;
- tm.option_class = OVN_GENEVE_CLASS;
- tm.option_type = OVN_GENEVE_TYPE;
- tm.option_len = OVN_GENEVE_LEN;
- tm.index = index;
-
- struct ofputil_tlv_table_mod ttm;
- ttm.command = NXTTMC_ADD;
- ovs_list_init(&ttm.mappings);
- ovs_list_push_back(&ttm.mappings, &tm.list_node);
-
- xid = queue_msg(ofputil_encode_tlv_table_mod(OFP13_VERSION, &ttm));
- xid2 = queue_msg(ofputil_encode_barrier_request(OFP13_VERSION));
- state = S_TLV_TABLE_MOD_SENT;
-
- return true;
-}
-
-static void
-recv_S_TLV_TABLE_REQUESTED(const struct ofp_header *oh, enum ofptype type,
- struct shash *pending_ct_zones OVS_UNUSED)
-{
- if (oh->xid != xid) {
- ofctrl_recv(oh, type);
- return;
- } else if (type == OFPTYPE_NXT_TLV_TABLE_REPLY) {
- struct ofputil_tlv_table_reply reply;
- enum ofperr error = ofputil_decode_tlv_table_reply(oh, &reply);
- if (!error) {
- bool ok = process_tlv_table_reply(&reply);
- ofputil_uninit_tlv_table(&reply.mappings);
- if (ok) {
- return;
- }
- } else {
- VLOG_ERR("failed to decode TLV table request (%s)",
- ofperr_to_string(error));
- }
- } else if (type == OFPTYPE_ERROR) {
- VLOG_ERR("switch refused to allocate Geneve option (%s)",
- ofperr_to_string(ofperr_decode_msg(oh, NULL)));
- } else {
- char *s = ofp_to_string(oh, ntohs(oh->length), NULL, NULL, 1);
- VLOG_ERR("unexpected reply to TLV table request (%s)", s);
- free(s);
- }
-
- /* Error path. */
- mff_ovn_geneve = 0;
- state = S_CLEAR_FLOWS;
-}
-
-/* S_TLV_TABLE_MOD_SENT, when NXT_TLV_TABLE_MOD and OFPT_BARRIER_REQUEST
- * have been sent and we're waiting for a reply to one or the other.
- *
- * If we receive an OFPT_ERROR:
- *
- * - If the error is NXTTMFC_ALREADY_MAPPED or NXTTMFC_DUP_ENTRY, we
- * raced with some other controller. Transition to S_NEW.
- *
- * - Otherwise, log an error, disable Geneve, and transition to
- * S_CLEAR_FLOWS.
- *
- * If we receive OFPT_BARRIER_REPLY:
- *
- * - Set the tunnel metadata field ID to the one that we requested.
- * Transition to S_CLEAR_FLOWS.
- */
-
-static void
-run_S_TLV_TABLE_MOD_SENT(void)
-{
-}
-
-static void
-recv_S_TLV_TABLE_MOD_SENT(const struct ofp_header *oh, enum ofptype type,
- struct shash *pending_ct_zones OVS_UNUSED)
-{
- if (oh->xid != xid && oh->xid != xid2) {
- ofctrl_recv(oh, type);
- } else if (oh->xid == xid2 && type == OFPTYPE_BARRIER_REPLY) {
- state = S_CLEAR_FLOWS;
- } else if (oh->xid == xid && type == OFPTYPE_ERROR) {
- enum ofperr error = ofperr_decode_msg(oh, NULL);
- if (error == OFPERR_NXTTMFC_ALREADY_MAPPED ||
- error == OFPERR_NXTTMFC_DUP_ENTRY) {
- VLOG_INFO("raced with another controller adding "
- "Geneve option (%s); trying again",
- ofperr_to_string(error));
- state = S_NEW;
- } else {
- VLOG_ERR("error adding Geneve option (%s)",
- ofperr_to_string(error));
- goto error;
- }
- } else {
- char *s = ofp_to_string(oh, ntohs(oh->length), NULL, NULL, 1);
- VLOG_ERR("unexpected reply to Geneve option allocation request (%s)",
- s);
- free(s);
- goto error;
- }
- return;
-
-error:
- state = S_CLEAR_FLOWS;
-}
-
-/* S_CLEAR_FLOWS, after we've established a Geneve metadata field ID and it's
- * time to set up some flows.
- *
- * Sends an OFPT_TABLE_MOD to clear all flows, then transitions to
- * S_UPDATE_FLOWS. */
-
-static void
-run_S_CLEAR_FLOWS(void)
-{
- VLOG_DBG("clearing all flows");
-
- need_reinstall_flows = true;
- /* Send a flow_mod to delete all flows. */
- struct ofputil_flow_mod fm = {
- .table_id = OFPTT_ALL,
- .command = OFPFC_DELETE,
- };
- minimatch_init_catchall(&fm.match);
- queue_msg(encode_flow_mod(&fm));
- minimatch_destroy(&fm.match);
-
- /* Send a group_mod to delete all groups. */
- struct ofputil_group_mod gm;
- memset(&gm, 0, sizeof gm);
- gm.command = OFPGC11_DELETE;
- gm.group_id = OFPG_ALL;
- gm.command_bucket_id = OFPG15_BUCKET_ALL;
- ovs_list_init(&gm.buckets);
- queue_msg(encode_group_mod(&gm));
- ofputil_uninit_group_mod(&gm);
-
- /* Clear installed_flows, to match the state of the switch. */
- ovn_installed_flow_table_clear();
-
- /* Clear existing groups, to match the state of the switch. */
- if (groups) {
- ovn_extend_table_clear(groups, true);
- }
-
- /* Send a meter_mod to delete all meters. */
- struct ofputil_meter_mod mm;
- memset(&mm, 0, sizeof mm);
- mm.command = OFPMC13_DELETE;
- mm.meter.meter_id = OFPM13_ALL;
- queue_msg(encode_meter_mod(&mm));
-
- /* Clear existing meters, to match the state of the switch. */
- if (meters) {
- ovn_extend_table_clear(meters, true);
- }
-
- /* All flow updates are irrelevant now. */
- struct ofctrl_flow_update *fup, *next;
- LIST_FOR_EACH_SAFE (fup, next, list_node, &flow_updates) {
- ovs_list_remove(&fup->list_node);
- free(fup);
- }
-
- state = S_UPDATE_FLOWS;
-}
-
-static void
-recv_S_CLEAR_FLOWS(const struct ofp_header *oh, enum ofptype type,
- struct shash *pending_ct_zones OVS_UNUSED)
-{
- ofctrl_recv(oh, type);
-}
-
-/* S_UPDATE_FLOWS, for maintaining the flow table over time.
- *
- * Compare the installed flows to the ones we want. Send OFPT_FLOW_MOD as
- * necessary.
- *
- * This is a terminal state. We only transition out of it if the connection
- * drops. */
-
-static void
-run_S_UPDATE_FLOWS(void)
-{
- /* Nothing to do here.
- *
- * Being in this state enables ofctrl_put() to work, however. */
-}
-
-static void
-recv_S_UPDATE_FLOWS(const struct ofp_header *oh, enum ofptype type,
- struct shash *pending_ct_zones)
-{
- if (type == OFPTYPE_BARRIER_REPLY && !ovs_list_is_empty(&flow_updates)) {
- struct ofctrl_flow_update *fup = ofctrl_flow_update_from_list_node(
- ovs_list_front(&flow_updates));
- if (fup->xid == oh->xid) {
- if (fup->nb_cfg >= cur_cfg) {
- cur_cfg = fup->nb_cfg;
- }
- ovs_list_remove(&fup->list_node);
- free(fup);
- }
-
- /* If the barrier xid is associated with an outstanding conntrack
- * flush, the flush succeeded. Move the pending ct zone entry
- * to the next stage. */
- struct shash_node *iter;
- SHASH_FOR_EACH(iter, pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
- if (ctzpe->state == CT_ZONE_OF_SENT && ctzpe->of_xid == oh->xid) {
- ctzpe->state = CT_ZONE_DB_QUEUED;
- }
- }
- } else {
- ofctrl_recv(oh, type);
- }
-}
-
-
-enum mf_field_id
-ofctrl_get_mf_field_id(void)
-{
- if (!rconn_is_connected(swconn)) {
- return 0;
- }
- return (state == S_CLEAR_FLOWS || state == S_UPDATE_FLOWS
- ? mff_ovn_geneve : 0);
-}
-
-/* Runs the OpenFlow state machine against 'br_int', which is local to the
- * hypervisor on which we are running. Attempts to negotiate a Geneve option
- * field for class OVN_GENEVE_CLASS, type OVN_GENEVE_TYPE. */
-void
-ofctrl_run(const struct ovsrec_bridge *br_int, struct shash *pending_ct_zones)
-{
- char *target = xasprintf("unix:%s/%s.mgmt", ovs_rundir(), br_int->name);
- if (strcmp(target, rconn_get_target(swconn))) {
- VLOG_INFO("%s: connecting to switch", target);
- rconn_connect(swconn, target, target);
- }
- free(target);
-
- rconn_run(swconn);
-
- if (!rconn_is_connected(swconn)) {
- return;
- }
- if (seqno != rconn_get_connection_seqno(swconn)) {
- seqno = rconn_get_connection_seqno(swconn);
- state = S_NEW;
-
- /* Reset the state of any outstanding ct flushes to resend them. */
- struct shash_node *iter;
- SHASH_FOR_EACH(iter, pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
- if (ctzpe->state == CT_ZONE_OF_SENT) {
- ctzpe->state = CT_ZONE_OF_QUEUED;
- }
- }
- }
-
- bool progress = true;
- for (int i = 0; progress && i < 50; i++) {
- /* Allow the state machine to run. */
- enum ofctrl_state old_state = state;
- switch (state) {
-#define STATE(NAME) case NAME: run_##NAME(); break;
- STATES
-#undef STATE
- default:
- OVS_NOT_REACHED();
- }
-
- /* Try to process a received packet. */
- struct ofpbuf *msg = rconn_recv(swconn);
- if (msg) {
- const struct ofp_header *oh = msg->data;
- enum ofptype type;
- enum ofperr error;
-
- error = ofptype_decode(&type, oh);
- if (!error) {
- switch (state) {
-#define STATE(NAME) case NAME: recv_##NAME(oh, type, pending_ct_zones); break;
- STATES
-#undef STATE
- default:
- OVS_NOT_REACHED();
- }
- } else {
- char *s = ofp_to_string(oh, ntohs(oh->length), NULL, NULL, 1);
- VLOG_WARN("could not decode OpenFlow message (%s): %s",
- ofperr_to_string(error), s);
- free(s);
- }
-
- ofpbuf_delete(msg);
- }
-
- /* If we did some work, plan to go around again. */
- progress = old_state != state || msg;
- }
- if (progress) {
- /* We bailed out to limit the amount of work we do in one go, to allow
- * other code a chance to run. We were still making progress at that
- * point, so ensure that we come back again without waiting. */
- poll_immediate_wake();
- }
-}
-
-void
-ofctrl_wait(void)
-{
- rconn_run_wait(swconn);
- rconn_recv_wait(swconn);
-}
-
-void
-ofctrl_destroy(void)
-{
- rconn_destroy(swconn);
- ovn_installed_flow_table_destroy();
- rconn_packet_counter_destroy(tx_counter);
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
-}
-
-int64_t
-ofctrl_get_cur_cfg(void)
-{
- return cur_cfg;
-}
-
-static ovs_be32
-queue_msg(struct ofpbuf *msg)
-{
- const struct ofp_header *oh = msg->data;
- ovs_be32 xid_ = oh->xid;
- rconn_send(swconn, msg, tx_counter);
- return xid_;
-}
-
-static void
-log_openflow_rl(struct vlog_rate_limit *rl, enum vlog_level level,
- const struct ofp_header *oh, const char *title)
-{
- if (!vlog_should_drop(&this_module, level, rl)) {
- char *s = ofp_to_string(oh, ntohs(oh->length), NULL, NULL, 2);
- vlog(&this_module, level, "%s: %s", title, s);
- free(s);
- }
-}
-
-static void
-ofctrl_recv(const struct ofp_header *oh, enum ofptype type)
-{
- if (type == OFPTYPE_ECHO_REQUEST) {
- queue_msg(ofputil_encode_echo_reply(oh));
- } else if (type == OFPTYPE_ERROR) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
- log_openflow_rl(&rl, VLL_INFO, oh, "OpenFlow error");
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
- log_openflow_rl(&rl, VLL_DBG, oh, "OpenFlow packet ignored");
- }
-}
-
-/* Flow table interfaces to the rest of ovn-controller. */
-
-/* Adds a flow to 'desired_flows' with the specified 'match' and 'actions' to
- * the OpenFlow table numbered 'table_id' with the given 'priority' and
- * OpenFlow 'cookie'. The caller retains ownership of 'match' and 'actions'.
- *
- * The flow is also added to a hash index based on sb_uuid.
- *
- * This just assembles the desired flow table in memory. Nothing is actually
- * sent to the switch until a later call to ofctrl_put().
- *
- * The caller should initialize its own hmap to hold the flows. */
-void
-ofctrl_check_and_add_flow(struct ovn_desired_flow_table *flow_table,
- uint8_t table_id, uint16_t priority,
- uint64_t cookie, const struct match *match,
- const struct ofpbuf *actions,
- const struct uuid *sb_uuid,
- bool log_duplicate_flow)
-{
- struct ovn_flow *f = xmalloc(sizeof *f);
- f->table_id = table_id;
- f->priority = priority;
- minimatch_init(&f->match, match);
- f->ofpacts = xmemdup(actions->data, actions->size);
- f->ofpacts_len = actions->size;
- f->sb_uuid = *sb_uuid;
- f->match_hmap_node.hash = ovn_flow_match_hash(f);
- f->uuid_hindex_node.hash = uuid_hash(&f->sb_uuid);
- f->cookie = cookie;
-
- ovn_flow_log(f, "ofctrl_add_flow");
-
- if (ovn_flow_lookup(&flow_table->match_flow_table, f, true)) {
- if (log_duplicate_flow) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 5);
- if (!VLOG_DROP_DBG(&rl)) {
- char *s = ovn_flow_to_string(f);
- VLOG_DBG("dropping duplicate flow: %s", s);
- free(s);
- }
- }
- ovn_flow_destroy(f);
- return;
- }
-
- hmap_insert(&flow_table->match_flow_table, &f->match_hmap_node,
- f->match_hmap_node.hash);
- hindex_insert(&flow_table->uuid_flow_table, &f->uuid_hindex_node,
- f->uuid_hindex_node.hash);
-}
-
-/* Removes a bundles of flows from the flow table. */
-void
-ofctrl_remove_flows(struct ovn_desired_flow_table *flow_table,
- const struct uuid *sb_uuid)
-{
- struct ovn_flow *f, *next;
- HINDEX_FOR_EACH_WITH_HASH_SAFE (f, next, uuid_hindex_node,
- uuid_hash(sb_uuid),
- &flow_table->uuid_flow_table) {
- if (uuid_equals(&f->sb_uuid, sb_uuid)) {
- ovn_flow_log(f, "ofctrl_remove_flow");
- hmap_remove(&flow_table->match_flow_table,
- &f->match_hmap_node);
- hindex_remove(&flow_table->uuid_flow_table, &f->uuid_hindex_node);
- ovn_flow_destroy(f);
- }
- }
-
- /* remove any related group and meter info */
- ovn_extend_table_remove_desired(groups, sb_uuid);
- ovn_extend_table_remove_desired(meters, sb_uuid);
-}
-
-void
-ofctrl_add_flow(struct ovn_desired_flow_table *desired_flows,
- uint8_t table_id, uint16_t priority, uint64_t cookie,
- const struct match *match, const struct ofpbuf *actions,
- const struct uuid *sb_uuid)
-{
- ofctrl_check_and_add_flow(desired_flows, table_id, priority, cookie,
- match, actions, sb_uuid, true);
-}
-
-/* ovn_flow. */
-
-/* Returns a hash of the match key in 'f'. */
-static uint32_t
-ovn_flow_match_hash(const struct ovn_flow *f)
-{
- return hash_2words((f->table_id << 16) | f->priority,
- minimatch_hash(&f->match, 0));
-}
-
-/* Duplicate an ovn_flow structure. */
-struct ovn_flow *
-ofctrl_dup_flow(struct ovn_flow *src)
-{
- struct ovn_flow *dst = xmalloc(sizeof *dst);
- dst->table_id = src->table_id;
- dst->priority = src->priority;
- minimatch_clone(&dst->match, &src->match);
- dst->ofpacts = xmemdup(src->ofpacts, src->ofpacts_len);
- dst->ofpacts_len = src->ofpacts_len;
- dst->sb_uuid = src->sb_uuid;
- dst->match_hmap_node.hash = ovn_flow_match_hash(dst);
- dst->uuid_hindex_node.hash = uuid_hash(&src->sb_uuid);
- return dst;
-}
-
-/* Finds and returns an ovn_flow in 'flow_table' whose key is identical to
- * 'target''s key, or NULL if there is none. */
-static struct ovn_flow *
-ovn_flow_lookup(struct hmap *flow_table, const struct ovn_flow *target,
- bool cmp_sb_uuid)
-{
- struct ovn_flow *f;
-
- HMAP_FOR_EACH_WITH_HASH (f, match_hmap_node, target->match_hmap_node.hash,
- flow_table) {
- if (f->table_id == target->table_id
- && f->priority == target->priority
- && minimatch_equal(&f->match, &target->match)) {
- if (!cmp_sb_uuid || uuid_equals(&target->sb_uuid, &f->sb_uuid)) {
- return f;
- }
- }
- }
- return NULL;
-}
-
-static char *
-ovn_flow_to_string(const struct ovn_flow *f)
-{
- struct ds s = DS_EMPTY_INITIALIZER;
- ds_put_format(&s, "sb_uuid="UUID_FMT", ", UUID_ARGS(&f->sb_uuid));
- ds_put_format(&s, "table_id=%"PRIu8", ", f->table_id);
- ds_put_format(&s, "priority=%"PRIu16", ", f->priority);
- minimatch_format(&f->match, NULL, NULL, &s, OFP_DEFAULT_PRIORITY);
- ds_put_cstr(&s, ", actions=");
- struct ofpact_format_params fp = { .s = &s };
- ofpacts_format(f->ofpacts, f->ofpacts_len, &fp);
- return ds_steal_cstr(&s);
-}
-
-static void
-ovn_flow_log(const struct ovn_flow *f, const char *action)
-{
- if (VLOG_IS_DBG_ENABLED()) {
- char *s = ovn_flow_to_string(f);
- VLOG_DBG("%s flow: %s", action, s);
- free(s);
- }
-}
-
-static void
-ovn_flow_destroy(struct ovn_flow *f)
-{
- if (f) {
- minimatch_destroy(&f->match);
- free(f->ofpacts);
- free(f);
- }
-}
-
-/* Flow tables of struct ovn_flow. */
-void
-ovn_desired_flow_table_init(struct ovn_desired_flow_table *flow_table)
-{
- hmap_init(&flow_table->match_flow_table);
- hindex_init(&flow_table->uuid_flow_table);
-}
-
-void
-ovn_desired_flow_table_clear(struct ovn_desired_flow_table *flow_table)
-{
- struct ovn_flow *f, *next;
- HMAP_FOR_EACH_SAFE (f, next, match_hmap_node,
- &flow_table->match_flow_table) {
- hmap_remove(&flow_table->match_flow_table, &f->match_hmap_node);
- hindex_remove(&flow_table->uuid_flow_table, &f->uuid_hindex_node);
- ovn_flow_destroy(f);
- }
-}
-
-void
-ovn_desired_flow_table_destroy(struct ovn_desired_flow_table *flow_table)
-{
- ovn_desired_flow_table_clear(flow_table);
- hmap_destroy(&flow_table->match_flow_table);
- hindex_destroy(&flow_table->uuid_flow_table);
-}
-
-static void
-ovn_installed_flow_table_clear(void)
-{
- struct ovn_flow *f, *next;
- HMAP_FOR_EACH_SAFE (f, next, match_hmap_node, &installed_flows) {
- hmap_remove(&installed_flows, &f->match_hmap_node);
- ovn_flow_destroy(f);
- }
-}
-
-static void
-ovn_installed_flow_table_destroy(void)
-{
- ovn_installed_flow_table_clear();
- hmap_destroy(&installed_flows);
-}
-
-/* Flow table update. */
-
-static struct ofpbuf *
-encode_flow_mod(struct ofputil_flow_mod *fm)
-{
- fm->buffer_id = UINT32_MAX;
- fm->out_port = OFPP_ANY;
- fm->out_group = OFPG_ANY;
- return ofputil_encode_flow_mod(fm, OFPUTIL_P_OF13_OXM);
-}
-
-static void
-add_flow_mod(struct ofputil_flow_mod *fm, struct ovs_list *msgs)
-{
- struct ofpbuf *msg = encode_flow_mod(fm);
- ovs_list_push_back(msgs, &msg->list_node);
-}
-
-/* group_table. */
-
-static struct ofpbuf *
-encode_group_mod(const struct ofputil_group_mod *gm)
-{
- return ofputil_encode_group_mod(OFP13_VERSION, gm, NULL, -1);
-}
-
-static void
-add_group_mod(const struct ofputil_group_mod *gm, struct ovs_list *msgs)
-{
- struct ofpbuf *msg = encode_group_mod(gm);
- ovs_list_push_back(msgs, &msg->list_node);
-}
-
-
-static struct ofpbuf *
-encode_meter_mod(const struct ofputil_meter_mod *mm)
-{
- return ofputil_encode_meter_mod(OFP13_VERSION, mm);
-}
-
-static void
-add_meter_mod(const struct ofputil_meter_mod *mm, struct ovs_list *msgs)
-{
- struct ofpbuf *msg = encode_meter_mod(mm);
- ovs_list_push_back(msgs, &msg->list_node);
-}
-
-static void
-add_ct_flush_zone(uint16_t zone_id, struct ovs_list *msgs)
-{
- struct ofpbuf *msg = ofpraw_alloc(OFPRAW_NXT_CT_FLUSH_ZONE,
- rconn_get_version(swconn), 0);
- struct nx_zone_id *nzi = ofpbuf_put_zeros(msg, sizeof *nzi);
- nzi->zone_id = htons(zone_id);
-
- ovs_list_push_back(msgs, &msg->list_node);
-}
-
-static void
-add_meter_string(struct ovn_extend_table_info *m_desired,
- struct ovs_list *msgs)
-{
- /* Create and install new meter. */
- struct ofputil_meter_mod mm;
- enum ofputil_protocol usable_protocols;
- char *meter_string = xasprintf("meter=%"PRIu32",%s",
- m_desired->table_id,
- &m_desired->name[9]);
- char *error = parse_ofp_meter_mod_str(&mm, meter_string, OFPMC13_ADD,
- &usable_protocols);
- if (!error) {
- add_meter_mod(&mm, msgs);
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "new meter %s %s", error, meter_string);
- free(error);
- }
- free(meter_string);
-}
-
-static void
-add_meter(struct ovn_extend_table_info *m_desired,
- const struct sbrec_meter_table *meter_table,
- struct ovs_list *msgs)
-{
- const struct sbrec_meter *sb_meter;
- SBREC_METER_TABLE_FOR_EACH (sb_meter, meter_table) {
- if (!strcmp(m_desired->name, sb_meter->name)) {
- break;
- }
- }
-
- if (!sb_meter) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "could not find meter named \"%s\"", m_desired->name);
- return;
- }
-
- struct ofputil_meter_mod mm;
- mm.command = OFPMC13_ADD;
- mm.meter.meter_id = m_desired->table_id;
- mm.meter.flags = OFPMF13_STATS;
-
- if (!strcmp(sb_meter->unit, "pktps")) {
- mm.meter.flags |= OFPMF13_PKTPS;
- } else {
- mm.meter.flags |= OFPMF13_KBPS;
- }
-
- mm.meter.n_bands = sb_meter->n_bands;
- mm.meter.bands = xcalloc(mm.meter.n_bands, sizeof *mm.meter.bands);
-
- for (size_t i = 0; i < sb_meter->n_bands; i++) {
- struct sbrec_meter_band *sb_band = sb_meter->bands[i];
- struct ofputil_meter_band *mm_band = &mm.meter.bands[i];
-
- if (!strcmp(sb_band->action, "drop")) {
- mm_band->type = OFPMBT13_DROP;
- }
-
- mm_band->prec_level = 0;
- mm_band->rate = sb_band->rate;
- mm_band->burst_size = sb_band->burst_size;
-
- if (mm_band->burst_size) {
- mm.meter.flags |= OFPMF13_BURST;
- }
- }
-
- add_meter_mod(&mm, msgs);
- free(mm.meter.bands);
-}
-
-/* The flow table can be updated if the connection to the switch is up and
- * in the correct state and not backlogged with existing flow_mods. (Our
- * criteria for being backlogged appear very conservative, but the socket
- * between ovn-controller and OVS provides some buffering.) */
-static bool
-ofctrl_can_put(void)
-{
- if (state != S_UPDATE_FLOWS
- || rconn_packet_counter_n_packets(tx_counter)
- || rconn_get_version(swconn) < 0) {
- return false;
- }
- return true;
-}
-
-/* Replaces the flow table on the switch, if possible, by the flows added
- * with ofctrl_add_flow().
- *
- * Replaces the group table and meter table on the switch, if possible,
- * by the contents of '->desired'.
- *
- * Sends conntrack flush messages to each zone in 'pending_ct_zones' that
- * is in the CT_ZONE_OF_QUEUED state and then moves the zone into the
- * CT_ZONE_OF_SENT state.
- *
- * This should be called after ofctrl_run() within the main loop. */
-void
-ofctrl_put(struct ovn_desired_flow_table *flow_table,
- struct shash *pending_ct_zones,
- const struct sbrec_meter_table *meter_table,
- int64_t nb_cfg,
- bool flow_changed)
-{
- static bool skipped_last_time = false;
- static int64_t old_nb_cfg = 0;
- bool need_put = false;
- if (flow_changed || skipped_last_time || need_reinstall_flows) {
- need_put = true;
- } else if (nb_cfg != old_nb_cfg) {
- /* nb_cfg changed since last ofctrl_put() call */
- if (cur_cfg == old_nb_cfg) {
- /* we were up-to-date already, so just update with the
- * new nb_cfg */
- cur_cfg = nb_cfg;
- } else {
- need_put = true;
- }
- }
-
- old_nb_cfg = nb_cfg;
-
- if (!need_put) {
- VLOG_DBG("ofctrl_put not needed");
- return;
- }
- if (!ofctrl_can_put()) {
- VLOG_DBG("ofctrl_put can't be performed");
- skipped_last_time = true;
- return;
- }
-
- skipped_last_time = false;
- need_reinstall_flows = false;
-
- /* OpenFlow messages to send to the switch to bring it up-to-date. */
- struct ovs_list msgs = OVS_LIST_INITIALIZER(&msgs);
-
- /* Iterate through ct zones that need to be flushed. */
- struct shash_node *iter;
- SHASH_FOR_EACH(iter, pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
- if (ctzpe->state == CT_ZONE_OF_QUEUED) {
- add_ct_flush_zone(ctzpe->zone, &msgs);
- ctzpe->state = CT_ZONE_OF_SENT;
- ctzpe->of_xid = 0;
- }
- }
-
- /* Iterate through all the desired groups. If there are new ones,
- * add them to the switch. */
- struct ovn_extend_table_info *desired;
- EXTEND_TABLE_FOR_EACH_UNINSTALLED (desired, groups) {
- /* Create and install new group. */
- struct ofputil_group_mod gm;
- enum ofputil_protocol usable_protocols;
- char *group_string = xasprintf("group_id=%"PRIu32",%s",
- desired->table_id,
- desired->name);
- char *error = parse_ofp_group_mod_str(&gm, OFPGC11_ADD, group_string,
- NULL, NULL, &usable_protocols);
- if (!error) {
- add_group_mod(&gm, &msgs);
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "new group %s %s", error, group_string);
- free(error);
- }
- free(group_string);
- ofputil_uninit_group_mod(&gm);
- }
-
- /* Iterate through all the desired meters. If there are new ones,
- * add them to the switch. */
- struct ovn_extend_table_info *m_desired;
- EXTEND_TABLE_FOR_EACH_UNINSTALLED (m_desired, meters) {
- if (!strncmp(m_desired->name, "__string: ", 10)) {
- /* The "set-meter" action creates a meter entry name that
- * describes the meter itself. */
- add_meter_string(m_desired, &msgs);
- } else {
- add_meter(m_desired, meter_table, &msgs);
- }
- }
-
- /* Iterate through all of the installed flows. If any of them are no
- * longer desired, delete them; if any of them should have different
- * actions, update them. */
- struct ovn_flow *i, *next;
- HMAP_FOR_EACH_SAFE (i, next, match_hmap_node, &installed_flows) {
- struct ovn_flow *d = ovn_flow_lookup(&flow_table->match_flow_table,
- i, false);
- if (!d) {
- /* Installed flow is no longer desirable. Delete it from the
- * switch and from installed_flows. */
- struct ofputil_flow_mod fm = {
- .match = i->match,
- .priority = i->priority,
- .table_id = i->table_id,
- .command = OFPFC_DELETE_STRICT,
- };
- add_flow_mod(&fm, &msgs);
- ovn_flow_log(i, "removing installed");
-
- hmap_remove(&installed_flows, &i->match_hmap_node);
- ovn_flow_destroy(i);
- } else {
- if (!uuid_equals(&i->sb_uuid, &d->sb_uuid)) {
- /* Update installed flow's UUID. */
- i->sb_uuid = d->sb_uuid;
- }
- if (!ofpacts_equal(i->ofpacts, i->ofpacts_len,
- d->ofpacts, d->ofpacts_len)) {
- /* Update actions in installed flow. */
- struct ofputil_flow_mod fm = {
- .match = i->match,
- .priority = i->priority,
- .table_id = i->table_id,
- .ofpacts = d->ofpacts,
- .ofpacts_len = d->ofpacts_len,
- .command = OFPFC_MODIFY_STRICT,
- };
- add_flow_mod(&fm, &msgs);
- ovn_flow_log(i, "updating installed");
-
- /* Replace 'i''s actions by 'd''s. */
- free(i->ofpacts);
- i->ofpacts = xmemdup(d->ofpacts, d->ofpacts_len);
- i->ofpacts_len = d->ofpacts_len;
- }
-
- }
- }
-
- /* Iterate through the desired flows and add those that aren't found
- * in the installed flow table. */
- struct ovn_flow *d;
- HMAP_FOR_EACH (d, match_hmap_node, &flow_table->match_flow_table) {
- i = ovn_flow_lookup(&installed_flows, d, false);
- if (!i) {
- /* Send flow_mod to add flow. */
- struct ofputil_flow_mod fm = {
- .match = d->match,
- .priority = d->priority,
- .table_id = d->table_id,
- .ofpacts = d->ofpacts,
- .ofpacts_len = d->ofpacts_len,
- .new_cookie = htonll(d->cookie),
- .command = OFPFC_ADD,
- };
- add_flow_mod(&fm, &msgs);
- ovn_flow_log(d, "adding installed");
-
- /* Copy 'd' from 'flow_table' to installed_flows. */
- struct ovn_flow *new_node = ofctrl_dup_flow(d);
- hmap_insert(&installed_flows, &new_node->match_hmap_node,
- new_node->match_hmap_node.hash);
- }
- }
-
- /* Iterate through the installed groups from previous runs. If they
- * are not needed delete them. */
- struct ovn_extend_table_info *installed, *next_group;
- EXTEND_TABLE_FOR_EACH_INSTALLED (installed, next_group, groups) {
- /* Delete the group. */
- struct ofputil_group_mod gm;
- enum ofputil_protocol usable_protocols;
- char *group_string = xasprintf("group_id=%"PRIu32"",
- installed->table_id);
- char *error = parse_ofp_group_mod_str(&gm, OFPGC11_DELETE,
- group_string, NULL, NULL,
- &usable_protocols);
- if (!error) {
- add_group_mod(&gm, &msgs);
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "Error deleting group %d: %s",
- installed->table_id, error);
- free(error);
- }
- free(group_string);
- ofputil_uninit_group_mod(&gm);
- ovn_extend_table_remove_existing(groups, installed);
- }
-
- /* Sync the contents of groups->desired to groups->existing. */
- ovn_extend_table_sync(groups);
-
- /* Iterate through the installed meters from previous runs. If they
- * are not needed delete them. */
- struct ovn_extend_table_info *m_installed, *next_meter;
- EXTEND_TABLE_FOR_EACH_INSTALLED (m_installed, next_meter, meters) {
- /* Delete the meter. */
- struct ofputil_meter_mod mm = {
- .command = OFPMC13_DELETE,
- .meter = { .meter_id = m_installed->table_id },
- };
- add_meter_mod(&mm, &msgs);
-
- ovn_extend_table_remove_existing(meters, m_installed);
- }
-
- /* Sync the contents of meters->desired to meters->existing. */
- ovn_extend_table_sync(meters);
-
- if (!ovs_list_is_empty(&msgs)) {
- /* Add a barrier to the list of messages. */
- struct ofpbuf *barrier = ofputil_encode_barrier_request(OFP13_VERSION);
- const struct ofp_header *oh = barrier->data;
- ovs_be32 xid_ = oh->xid;
- ovs_list_push_back(&msgs, &barrier->list_node);
-
- /* Queue the messages. */
- struct ofpbuf *msg;
- LIST_FOR_EACH_POP (msg, list_node, &msgs) {
- queue_msg(msg);
- }
-
- /* Store the barrier's xid with any newly sent ct flushes. */
- SHASH_FOR_EACH(iter, pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
- if (ctzpe->state == CT_ZONE_OF_SENT && !ctzpe->of_xid) {
- ctzpe->of_xid = xid_;
- }
- }
-
- /* Track the flow update. */
- struct ofctrl_flow_update *fup, *prev;
- LIST_FOR_EACH_REVERSE_SAFE (fup, prev, list_node, &flow_updates) {
- if (nb_cfg < fup->nb_cfg) {
- /* This ofctrl_flow_update is for a configuration later than
- * 'nb_cfg'. This should not normally happen, because it means
- * that 'nb_cfg' in the SB_Global table of the southbound
- * database decreased, and it should normally be monotonically
- * increasing. */
- VLOG_WARN("nb_cfg regressed from %"PRId64" to %"PRId64,
- fup->nb_cfg, nb_cfg);
- ovs_list_remove(&fup->list_node);
- free(fup);
- } else if (nb_cfg == fup->nb_cfg) {
- /* This ofctrl_flow_update is for the same configuration as
- * 'nb_cfg'. Probably, some change to the physical topology
- * means that we had to revise the OpenFlow flow table even
- * though the logical topology did not change. Update fp->xid,
- * so that we don't send a notification that we're up-to-date
- * until we're really caught up. */
- VLOG_DBG("advanced xid target for nb_cfg=%"PRId64, nb_cfg);
- fup->xid = xid_;
- goto done;
- } else {
- break;
- }
- }
-
- /* Add a flow update. */
- fup = xmalloc(sizeof *fup);
- ovs_list_push_back(&flow_updates, &fup->list_node);
- fup->xid = xid_;
- fup->nb_cfg = nb_cfg;
- done:;
- } else if (!ovs_list_is_empty(&flow_updates)) {
- /* Getting up-to-date with 'nb_cfg' didn't require any extra flow table
- * changes, so whenever we get up-to-date with the most recent flow
- * table update, we're also up-to-date with 'nb_cfg'. */
- struct ofctrl_flow_update *fup = ofctrl_flow_update_from_list_node(
- ovs_list_back(&flow_updates));
- fup->nb_cfg = nb_cfg;
- } else {
- /* We were completely up-to-date before and still are. */
- cur_cfg = nb_cfg;
- }
-}
-
-/* Looks up the logical port with the name 'port_name' in 'br_int_'. If
- * found, returns true and sets '*portp' to the OpenFlow port number
- * assigned to the port. Otherwise, returns false. */
-static bool
-ofctrl_lookup_port(const void *br_int_, const char *port_name,
- unsigned int *portp)
-{
- const struct ovsrec_bridge *br_int = br_int_;
-
- for (int i = 0; i < br_int->n_ports; i++) {
- const struct ovsrec_port *port_rec = br_int->ports[i];
- for (int j = 0; j < port_rec->n_interfaces; j++) {
- const struct ovsrec_interface *iface_rec = port_rec->interfaces[j];
- const char *iface_id = smap_get(&iface_rec->external_ids,
- "iface-id");
-
- if (iface_id && !strcmp(iface_id, port_name)) {
- if (!iface_rec->n_ofport) {
- continue;
- }
-
- int64_t ofport = iface_rec->ofport[0];
- if (ofport < 1 || ofport > ofp_to_u16(OFPP_MAX)) {
- continue;
- }
- *portp = ofport;
- return true;
- }
- }
- }
-
- return false;
-}
-
-/* Generates a packet described by 'flow_s' in the syntax of an OVN
- * logical expression and injects it into 'br_int'. The flow
- * description must contain an ingress logical port that is present on
- * 'br_int'.
- *
- * Returns NULL if successful, otherwise an error message that the caller
- * must free(). */
-char *
-ofctrl_inject_pkt(const struct ovsrec_bridge *br_int, const char *flow_s,
- const struct shash *addr_sets,
- const struct shash *port_groups)
-{
- int version = rconn_get_version(swconn);
- if (version < 0) {
- return xstrdup("OpenFlow channel not ready.");
- }
-
- struct flow uflow;
- char *error = expr_parse_microflow(flow_s, &symtab, addr_sets,
- port_groups, ofctrl_lookup_port,
- br_int, &uflow);
- if (error) {
- return error;
- }
-
- /* The physical OpenFlow port was stored in the logical ingress
- * port, so put it in the correct location for a flow structure. */
- uflow.in_port.ofp_port = u16_to_ofp(uflow.regs[MFF_LOG_INPORT - MFF_REG0]);
- uflow.regs[MFF_LOG_INPORT - MFF_REG0] = 0;
-
- if (!uflow.in_port.ofp_port) {
- return xstrdup("ingress port not found on hypervisor.");
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- flow_compose(&packet, &uflow, NULL, 64);
-
- uint64_t ofpacts_stub[1024 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts);
- resubmit->in_port = OFPP_IN_PORT;
- resubmit->table_id = 0;
-
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(&packet),
- .packet_len = dp_packet_size(&packet),
- .buffer_id = UINT32_MAX,
- .ofpacts = ofpacts.data,
- .ofpacts_len = ofpacts.size,
- };
- match_set_in_port(&po.flow_metadata, uflow.in_port.ofp_port);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- queue_msg(ofputil_encode_packet_out(&po, proto));
- dp_packet_uninit(&packet);
- ofpbuf_uninit(&ofpacts);
-
- return NULL;
-}
-
-bool
-ofctrl_is_connected(void)
-{
- return rconn_is_connected(swconn);
-}
-
-void
-ofctrl_set_probe_interval(int probe_interval)
-{
- if (swconn) {
- rconn_set_probe_interval(swconn, probe_interval);
- }
-}
diff --git a/ovn/controller/ofctrl.h b/ovn/controller/ofctrl.h
deleted file mode 100644
index ed8918aae76..00000000000
--- a/ovn/controller/ofctrl.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OFCTRL_H
-#define OFCTRL_H 1
-
-#include
-
-#include "openvswitch/meta-flow.h"
-#include "ovsdb-idl.h"
-#include "hindex.h"
-
-struct ovn_extend_table;
-struct hmap;
-struct match;
-struct ofpbuf;
-struct ovsrec_bridge;
-struct sbrec_meter_table;
-struct shash;
-
-struct ovn_desired_flow_table {
- /* Hash map flow table using flow match conditions as hash key.*/
- struct hmap match_flow_table;
-
- /* SB uuid index for the nodes in match_flow_table.*/
- struct hindex uuid_flow_table;
-};
-
-/* Interface for OVN main loop. */
-void ofctrl_init(struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table,
- int inactivity_probe_interval);
-void ofctrl_run(const struct ovsrec_bridge *br_int,
- struct shash *pending_ct_zones);
-enum mf_field_id ofctrl_get_mf_field_id(void);
-void ofctrl_put(struct ovn_desired_flow_table *,
- struct shash *pending_ct_zones,
- const struct sbrec_meter_table *,
- int64_t nb_cfg,
- bool flow_changed);
-void ofctrl_wait(void);
-void ofctrl_destroy(void);
-int64_t ofctrl_get_cur_cfg(void);
-
-struct ovn_flow *ofctrl_dup_flow(struct ovn_flow *source);
-
-void ofctrl_ct_flush_zone(uint16_t zone_id);
-
-char *ofctrl_inject_pkt(const struct ovsrec_bridge *br_int,
- const char *flow_s, const struct shash *addr_sets,
- const struct shash *port_groups);
-
-/* Flow table interfaces to the rest of ovn-controller. */
-void ofctrl_add_flow(struct ovn_desired_flow_table *, uint8_t table_id,
- uint16_t priority, uint64_t cookie,
- const struct match *, const struct ofpbuf *ofpacts,
- const struct uuid *);
-
-void ofctrl_remove_flows(struct ovn_desired_flow_table *, const struct uuid *);
-
-void ovn_desired_flow_table_init(struct ovn_desired_flow_table *);
-void ovn_desired_flow_table_clear(struct ovn_desired_flow_table *);
-void ovn_desired_flow_table_destroy(struct ovn_desired_flow_table *);
-
-void ofctrl_check_and_add_flow(struct ovn_desired_flow_table *,
- uint8_t table_id, uint16_t priority,
- uint64_t cookie, const struct match *,
- const struct ofpbuf *ofpacts,
- const struct uuid *, bool log_duplicate_flow);
-
-bool ofctrl_is_connected(void);
-void ofctrl_set_probe_interval(int probe_interval);
-
-#endif /* ovn/ofctrl.h */
diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml
deleted file mode 100644
index 780625ff860..00000000000
--- a/ovn/controller/ovn-controller.8.xml
+++ /dev/null
@@ -1,456 +0,0 @@
-
-
- Name
- ovn-controller -- Open Virtual Network local controller
-
- Synopsis
- ovn-controller
[options] [ovs-database]
-
- Description
-
- ovn-controller
is the local controller daemon for
- OVN, the Open Virtual Network. It connects up to the OVN
- Southbound database (see ovn-sb
(5)) over the OVSDB
- protocol, and down to the Open vSwitch database (see
- ovs-vswitchd.conf.db
(5)) over the OVSDB protocol and
- to ovs-vswitchd
(8) via OpenFlow. Each hypervisor and
- software gateway in an OVN deployment runs its own independent
- copy of ovn-controller
; thus,
- ovn-controller
's downward connections are
- machine-local and do not run over a physical network.
-
-
- ACL Logging
-
- ACL log messages are logged through ovn-controller
's
- logging mechanism. ACL log entries have the module
- acl_log
at log level info
. Configuring
- logging is described below in the Logging Options
- section.
-
-
- Options
-
- Daemon Options
-
-
- Logging Options
-
-
- PKI Options
-
- PKI configuration is required in order to use SSL for the connections to
- the Northbound and Southbound databases.
-
-
-
-
-
- Other Options
-
-
-
-
- Configuration
-
- ovn-controller
retrieves most of its configuration
- information from the local Open vSwitch's ovsdb-server instance.
- The default location is db.sock
in the local Open
- vSwitch's "run" directory. It may be overridden by specifying the
- ovs-database argument as an OVSDB active or passive
- connection method, as described in ovsdb
(7).
-
-
-
- ovn-controller
assumes it gets configuration
- information from the following keys in the Open_vSwitch
- table of the local OVS instance:
-
-
- external_ids:system-id
- - The chassis name to use in the Chassis table.
-
- external_ids:hostname
- - The hostname to use in the Chassis table.
-
- external_ids:ovn-bridge
- -
- The integration bridge to which logical ports are attached. The
- default is
br-int
. If this bridge does not exist when
- ovn-controller starts, it will be created automatically with the
- default configuration suggested in ovn-architecture
(7).
-
-
- external_ids:ovn-bridge-datapath-type
- -
- This configuration is optional. If set, then the datapath type of
- the integration bridge will be set to the configured value. If this
- option is not set, then
ovn-controller
will not modify
- the existing datapath-type
of the integration bridge.
-
-
- external_ids:ovn-remote
- -
-
- The OVN database that this system should connect to for its
- configuration, in one of the same forms documented above for the
- ovs-database.
-
-
-
- external_ids:ovn-remote-probe-interval
- -
-
- The inactivity probe interval of the connection to the OVN database,
- in milliseconds.
- If the value is zero, it disables the connection keepalive feature.
-
-
-
- If the value is nonzero, then it will be forced to a value of
- at least 1000 ms.
-
-
-
- external_ids:ovn-openflow-probe-interval
- -
-
- The inactivity probe interval of the OpenFlow connection to the
- OpenvSwitch integration bridge, in seconds.
- If the value is zero, it disables the connection keepalive feature.
-
-
-
- If the value is nonzero, then it will be forced to a value of
- at least 5s.
-
-
-
- external_ids:ovn-encap-type
- -
-
- The encapsulation type that a chassis should use to connect to
- this node. Multiple encapsulation types may be specified with
- a comma-separated list. Each listed encapsulation type will
- be paired with ovn-encap-ip
.
-
-
-
- Supported tunnel types for connecting hypervisors
- are geneve
and stt
. Gateways may
- use geneve
, vxlan
, or
- stt
.
-
-
-
- Due to the limited amount of metadata in vxlan
,
- the capabilities and performance of connected gateways will be
- reduced versus other tunnel formats.
-
-
-
- external_ids:ovn-encap-ip
- -
- The IP address that a chassis should use to connect to this node
- using encapsulation types specified by
-
external_ids:ovn-encap-type
.
-
-
- external_ids:ovn-bridge-mappings
- -
- A list of key-value pairs that map a physical network name to a local
- ovs bridge that provides connectivity to that network. An example
- value mapping two physical network names to two ovs bridges would be:
-
physnet1:br-eth0,physnet2:br-eth1
.
-
-
- external_ids:ovn-encap-csum
- -
-
ovn-encap-csum
indicates that encapsulation checksums can
- be transmitted and received with reasonable performance. It is a hint
- to senders transmitting data to this chassis that they should use
- checksums to protect OVN metadata. Set to true
to enable
- or false
to disable. Depending on the capabilities of the
- network interface card, enabling encapsulation checksum may incur
- performance loss. In such cases, encapsulation checksums can be disabled.
-
-
- external_ids:ovn-cms-options
- -
- A list of options that will be consumed by the CMS Plugin and which
- specific to this particular chassis. An example would be:
-
cms_option1,cms_option2:foo
.
-
-
- external_ids:ovn-transport-zones
- -
-
- The transport zone(s) that this chassis belongs to. Transport
- zones is a way to group different chassis so that tunnels are only
- formed between members of the same group(s). Multiple transport
- zones may be specified with a comma-separated list. For example:
- tz1,tz2,tz3.
-
-
- If not set, the Chassis will be considered part of a default
- transport zone.
-
-
- external_ids:ovn-chassis-mac-mappings
- -
- A list of key-value pairs that map a chassis specific mac to
- a physical network name. An example
- value mapping two chassis macs to two physical network names would be:
-
physnet1:aa:bb:cc:dd:ee:ff,physnet2:a1:b2:c3:d4:e5:f6
.
- These are the macs that ovn-controller will replace a router port
- mac with, if packet is going from a distributed router port on
- vlan type logical switch.
-
-
-
-
- ovn-controller
reads the following values from the
- Open_vSwitch
database of the local OVS instance:
-
-
-
- datapath-type
from table
- -
- This value is read from local OVS integration bridge row of
-
table and populated in
- of the
- table in the OVN_Southbound database.
-
-
- iface-types
from table
- -
- This value is populated in
of the
- table in the OVN_Southbound
- database.
-
-
- private_key
, certificate
,
- ca_cert
, and bootstrap_ca_cert
- from table
- -
- These values provide the SSL configuration used for connecting
- to the OVN southbound database server when an SSL connection type
- is configured via
external_ids:ovn-remote
. Note that
- this SSL configuration can also be provided via command-line options,
- the configuration in the database takes precedence if both are present.
-
-
-
- Open vSwitch Database Usage
-
-
- ovn-controller
uses a number of external_ids
- keys in the Open vSwitch database to keep track of ports and interfaces.
- For proper operation, users should not change or clear these keys:
-
-
-
- -
-
external_ids:ovn-chassis-id
in the Port
table
-
- -
- The presence of this key identifies a tunnel port within the
- integration bridge as one created by
ovn-controller
to
- reach a remote chassis. Its value is the chassis ID of the remote
- chassis.
-
-
- -
-
external_ids:ct-zone-*
in the Bridge
table
-
- -
- Logical ports and gateway routers are assigned a connection
- tracking zone by
ovn-controller
for stateful
- services. To keep state across restarts of
- ovn-controller
, these keys are stored in the
- integration bridge's Bridge table. The name contains a prefix
- of ct-zone-
followed by the name of the logical
- port or gateway router's zone key. The value for this key
- identifies the zone used for this port.
-
-
- -
-
external_ids:ovn-localnet-port
in the Port
- table
-
- -
-
- The presence of this key identifies a patch port as one created by
- ovn-controller
to connect the integration bridge and
- another bridge to implement a localnet
logical port.
- Its value is the name of the logical port with type
- set to localnet
that the port implements. See
- external_ids:ovn-bridge-mappings
, above, for more
- information.
-
-
-
- Each localnet
logical port is implemented as a pair of
- patch ports, one in the integration bridge, one in a different
- bridge, with the same external_ids:ovn-localnet-port
- value.
-
-
-
- -
-
external_ids:ovn-l2gateway-port
in the Port
- table
-
- -
-
- The presence of this key identifies a patch port as one created by
- ovn-controller
to connect the integration bridge and
- another bridge to implement a l2gateway
logical port.
- Its value is the name of the logical port with type
- set to l2gateway
that the port implements. See
- external_ids:ovn-bridge-mappings
, above, for more
- information.
-
-
-
- Each l2gateway
logical port is implemented as a pair
- of patch ports, one in the integration bridge, one in a different
- bridge, with the same external_ids:ovn-l2gateway-port
- value.
-
-
-
- -
-
external-ids:ovn-l3gateway-port
in the Port
- table
-
-
- -
-
- This key identifies a patch port as one created by
- ovn-controller
to implement a l3gateway
- logical port. Its value is the name of the logical port with type
- set to l3gateway
. This patch port is similar to
- the OVN logical patch port, except that l3gateway
- port can only be bound to a paticular chassis.
-
-
-
- -
-
external-ids:ovn-logical-patch-port
in the
- Port
table
-
-
- -
-
- This key identifies a patch port as one created by
- ovn-controller
to implement an OVN logical patch port
- within the integration bridge. Its value is the name of the OVN
- logical patch port that it implements.
-
-
-
-
- OVN Southbound Database Usage
-
-
- ovn-controller
reads from much of the
- OVN_Southbound
database to guide its operation.
- ovn-controller
also writes to the following tables:
-
-
-
- Chassis
- -
- Upon startup,
ovn-controller
creates a row in this table
- to represent its own chassis. Upon graceful termination, e.g. with
- ovs-appctl -t ovn-controller exit
(but not
- SIGTERM
), ovn-controller
removes its row.
-
-
- Encap
- -
- Upon startup,
ovn-controller
creates a row or rows in this
- table that represent the tunnel encapsulations by which its chassis can
- be reached, and points its Chassis
row to them. Upon
- graceful termination, ovn-controller
removes these rows.
-
-
- Port_Binding
- -
- At runtime,
ovn-controller
sets the chassis
- columns of ports that are resident on its chassis to point to its
- Chassis
row, and, conversely, clears the
- chassis
column of ports that point to its
- Chassis
row but are no longer resident on its chassis.
- The chassis
column has a weak reference type, so when
- ovn-controller
gracefully exits and removes its
- Chassis
row, the database server automatically clears any
- remaining references to that row.
-
-
- MAC_Binding
- -
- At runtime,
ovn-controller
updates the
- MAC_Binding
table as instructed by put_arp
- and put_nd
logical actions. These changes persist beyond
- the lifetime of ovn-controller
.
-
-
-
- Runtime Management Commands
-
- ovs-appctl
can send commands to a running
- ovn-controller
process. The currently supported
- commands are described below.
-
- exit
- -
- Causes
ovn-controller
to gracefully terminate.
-
-
- ct-zone-list
- -
- Lists each local logical port and its connection tracking zone.
-
-
- meter-table-list
- -
- Lists each meter table entry and its local meter id.
-
-
- group-table-list
- -
- Lists each group table entry and its local group id.
-
-
- inject-pkt
microflow
- -
-
- Injects microflow into the connected Open vSwitch
- instance. microflow must contain an ingress logical
- port (inport
argument) that is present on the Open
- vSwitch instance.
-
-
-
- The microflow argument describes the packet whose
- forwarding is to be simulated, in the syntax of an OVN logical
- expression, as described in ovn-sb
(5), to express
- constraints. The parser understands prerequisites; for example,
- if the expression refers to ip4.src
, there is no
- need to explicitly state ip4
or eth.type ==
- 0x800
.
-
-
-
- connection-status
- -
- Show OVN SBDB connection status for the chassis.
-
-
-
-
-
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
deleted file mode 100644
index cf6c8ae7922..00000000000
--- a/ovn/controller/ovn-controller.c
+++ /dev/null
@@ -1,2366 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "ovn-controller.h"
-
-#include
-#include
-#include
-#include
-#include
-
-#include "bfd.h"
-#include "binding.h"
-#include "chassis.h"
-#include "command-line.h"
-#include "compiler.h"
-#include "daemon.h"
-#include "dirs.h"
-#include "openvswitch/dynamic-string.h"
-#include "encaps.h"
-#include "fatal-signal.h"
-#include "ip-mcast.h"
-#include "openvswitch/hmap.h"
-#include "lflow.h"
-#include "lib/vswitch-idl.h"
-#include "lport.h"
-#include "ofctrl.h"
-#include "openvswitch/vconn.h"
-#include "openvswitch/vlog.h"
-#include "ovn/actions.h"
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/extend-table.h"
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/mcast-group-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/ovn-util.h"
-#include "patch.h"
-#include "physical.h"
-#include "pinctrl.h"
-#include "openvswitch/poll-loop.h"
-#include "lib/bitmap.h"
-#include "lib/hash.h"
-#include "smap.h"
-#include "sset.h"
-#include "stream-ssl.h"
-#include "stream.h"
-#include "unixctl.h"
-#include "util.h"
-#include "timeval.h"
-#include "timer.h"
-#include "stopwatch.h"
-#include "ovn/lib/inc-proc-eng.h"
-
-VLOG_DEFINE_THIS_MODULE(main);
-
-static unixctl_cb_func ovn_controller_exit;
-static unixctl_cb_func ct_zone_list;
-static unixctl_cb_func meter_table_list;
-static unixctl_cb_func group_table_list;
-static unixctl_cb_func inject_pkt;
-static unixctl_cb_func ovn_controller_conn_show;
-
-#define DEFAULT_BRIDGE_NAME "br-int"
-#define DEFAULT_PROBE_INTERVAL_MSEC 5000
-#define OFCTRL_DEFAULT_PROBE_INTERVAL_SEC 5
-
-#define CONTROLLER_LOOP_STOPWATCH_NAME "ovn-controller-flow-generation"
-
-static char *parse_options(int argc, char *argv[]);
-OVS_NO_RETURN static void usage(void);
-
-/* Pending packet to be injected into connected OVS. */
-struct pending_pkt {
- /* Setting 'conn' indicates that a request is pending. */
- struct unixctl_conn *conn;
- char *flow_s;
-};
-
-struct local_datapath *
-get_local_datapath(const struct hmap *local_datapaths, uint32_t tunnel_key)
-{
- struct hmap_node *node = hmap_first_with_hash(local_datapaths, tunnel_key);
- return (node
- ? CONTAINER_OF(node, struct local_datapath, hmap_node)
- : NULL);
-}
-
-uint32_t
-get_tunnel_type(const char *name)
-{
- if (!strcmp(name, "geneve")) {
- return GENEVE;
- } else if (!strcmp(name, "stt")) {
- return STT;
- } else if (!strcmp(name, "vxlan")) {
- return VXLAN;
- }
-
- return 0;
-}
-
-const struct ovsrec_bridge *
-get_bridge(const struct ovsrec_bridge_table *bridge_table, const char *br_name)
-{
- const struct ovsrec_bridge *br;
- OVSREC_BRIDGE_TABLE_FOR_EACH (br, bridge_table) {
- if (!strcmp(br->name, br_name)) {
- return br;
- }
- }
- return NULL;
-}
-
-static void
-update_sb_monitors(struct ovsdb_idl *ovnsb_idl,
- const struct sbrec_chassis *chassis,
- const struct sset *local_ifaces,
- struct hmap *local_datapaths)
-{
- /* Monitor Port_Bindings rows for local interfaces and local datapaths.
- *
- * Monitor Logical_Flow, MAC_Binding, Multicast_Group, and DNS tables for
- * local datapaths.
- *
- * Monitor Controller_Event rows for local chassis.
- *
- * Monitor IP_Multicast for local datapaths.
- *
- * Monitor IGMP_Groups for local chassis.
- *
- * We always monitor patch ports because they allow us to see the linkages
- * between related logical datapaths. That way, when we know that we have
- * a VIF on a particular logical switch, we immediately know to monitor all
- * the connected logical routers and logical switches. */
- struct ovsdb_idl_condition pb = OVSDB_IDL_CONDITION_INIT(&pb);
- struct ovsdb_idl_condition lf = OVSDB_IDL_CONDITION_INIT(&lf);
- struct ovsdb_idl_condition mb = OVSDB_IDL_CONDITION_INIT(&mb);
- struct ovsdb_idl_condition mg = OVSDB_IDL_CONDITION_INIT(&mg);
- struct ovsdb_idl_condition dns = OVSDB_IDL_CONDITION_INIT(&dns);
- struct ovsdb_idl_condition ce = OVSDB_IDL_CONDITION_INIT(&ce);
- struct ovsdb_idl_condition ip_mcast = OVSDB_IDL_CONDITION_INIT(&ip_mcast);
- struct ovsdb_idl_condition igmp = OVSDB_IDL_CONDITION_INIT(&igmp);
- sbrec_port_binding_add_clause_type(&pb, OVSDB_F_EQ, "patch");
- /* XXX: We can optimize this, if we find a way to only monitor
- * ports that have a Gateway_Chassis that point's to our own
- * chassis */
- sbrec_port_binding_add_clause_type(&pb, OVSDB_F_EQ, "chassisredirect");
- sbrec_port_binding_add_clause_type(&pb, OVSDB_F_EQ, "external");
- if (chassis) {
- /* This should be mostly redundant with the other clauses for port
- * bindings, but it allows us to catch any ports that are assigned to
- * us but should not be. That way, we can clear their chassis
- * assignments. */
- sbrec_port_binding_add_clause_chassis(&pb, OVSDB_F_EQ,
- &chassis->header_.uuid);
-
- /* Ensure that we find out about l2gateway and l3gateway ports that
- * should be present on this chassis. Otherwise, we might never find
- * out about those ports, if their datapaths don't otherwise have a VIF
- * in this chassis. */
- const char *id = chassis->name;
- const struct smap l2 = SMAP_CONST1(&l2, "l2gateway-chassis", id);
- sbrec_port_binding_add_clause_options(&pb, OVSDB_F_INCLUDES, &l2);
- const struct smap l3 = SMAP_CONST1(&l3, "l3gateway-chassis", id);
- sbrec_port_binding_add_clause_options(&pb, OVSDB_F_INCLUDES, &l3);
-
- sbrec_controller_event_add_clause_chassis(&ce, OVSDB_F_EQ,
- &chassis->header_.uuid);
- sbrec_igmp_group_add_clause_chassis(&igmp, OVSDB_F_EQ,
- &chassis->header_.uuid);
- }
- if (local_ifaces) {
- const char *name;
- SSET_FOR_EACH (name, local_ifaces) {
- sbrec_port_binding_add_clause_logical_port(&pb, OVSDB_F_EQ, name);
- sbrec_port_binding_add_clause_parent_port(&pb, OVSDB_F_EQ, name);
- }
- }
- if (local_datapaths) {
- const struct local_datapath *ld;
- HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
- struct uuid *uuid = CONST_CAST(struct uuid *,
- &ld->datapath->header_.uuid);
- sbrec_port_binding_add_clause_datapath(&pb, OVSDB_F_EQ, uuid);
- sbrec_logical_flow_add_clause_logical_datapath(&lf, OVSDB_F_EQ,
- uuid);
- sbrec_mac_binding_add_clause_datapath(&mb, OVSDB_F_EQ, uuid);
- sbrec_multicast_group_add_clause_datapath(&mg, OVSDB_F_EQ, uuid);
- sbrec_dns_add_clause_datapaths(&dns, OVSDB_F_INCLUDES, &uuid, 1);
- sbrec_ip_multicast_add_clause_datapath(&ip_mcast, OVSDB_F_EQ,
- uuid);
- }
- }
- sbrec_port_binding_set_condition(ovnsb_idl, &pb);
- sbrec_logical_flow_set_condition(ovnsb_idl, &lf);
- sbrec_mac_binding_set_condition(ovnsb_idl, &mb);
- sbrec_multicast_group_set_condition(ovnsb_idl, &mg);
- sbrec_dns_set_condition(ovnsb_idl, &dns);
- sbrec_controller_event_set_condition(ovnsb_idl, &ce);
- sbrec_ip_multicast_set_condition(ovnsb_idl, &ip_mcast);
- sbrec_igmp_group_set_condition(ovnsb_idl, &igmp);
- ovsdb_idl_condition_destroy(&pb);
- ovsdb_idl_condition_destroy(&lf);
- ovsdb_idl_condition_destroy(&mb);
- ovsdb_idl_condition_destroy(&mg);
- ovsdb_idl_condition_destroy(&dns);
- ovsdb_idl_condition_destroy(&ce);
- ovsdb_idl_condition_destroy(&ip_mcast);
- ovsdb_idl_condition_destroy(&igmp);
-}
-
-static const char *
-br_int_name(const struct ovsrec_open_vswitch *cfg)
-{
- return smap_get_def(&cfg->external_ids, "ovn-bridge", DEFAULT_BRIDGE_NAME);
-}
-
-static const struct ovsrec_bridge *
-create_br_int(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_open_vswitch_table *ovs_table)
-{
- if (!ovs_idl_txn) {
- return NULL;
- }
-
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (!cfg) {
- return NULL;
- }
- const char *bridge_name = br_int_name(cfg);
-
- ovsdb_idl_txn_add_comment(ovs_idl_txn,
- "ovn-controller: creating integration bridge '%s'", bridge_name);
-
- struct ovsrec_interface *iface;
- iface = ovsrec_interface_insert(ovs_idl_txn);
- ovsrec_interface_set_name(iface, bridge_name);
- ovsrec_interface_set_type(iface, "internal");
-
- struct ovsrec_port *port;
- port = ovsrec_port_insert(ovs_idl_txn);
- ovsrec_port_set_name(port, bridge_name);
- ovsrec_port_set_interfaces(port, &iface, 1);
-
- struct ovsrec_bridge *bridge;
- bridge = ovsrec_bridge_insert(ovs_idl_txn);
- ovsrec_bridge_set_name(bridge, bridge_name);
- ovsrec_bridge_set_fail_mode(bridge, "secure");
- const struct smap oc = SMAP_CONST1(&oc, "disable-in-band", "true");
- ovsrec_bridge_set_other_config(bridge, &oc);
- ovsrec_bridge_set_ports(bridge, &port, 1);
-
- struct ovsrec_bridge **bridges;
- size_t bytes = sizeof *bridges * cfg->n_bridges;
- bridges = xmalloc(bytes + sizeof *bridges);
- memcpy(bridges, cfg->bridges, bytes);
- bridges[cfg->n_bridges] = bridge;
- ovsrec_open_vswitch_verify_bridges(cfg);
- ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
- free(bridges);
-
- return bridge;
-}
-
-static const struct ovsrec_bridge *
-get_br_int(const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_open_vswitch_table *ovs_table)
-{
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (!cfg) {
- return NULL;
- }
-
- return get_bridge(bridge_table, br_int_name(cfg));
-}
-
-static const struct ovsrec_bridge *
-process_br_int(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_open_vswitch_table *ovs_table)
-{
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table,
- ovs_table);
- if (!br_int) {
- br_int = create_br_int(ovs_idl_txn, ovs_table);
- }
- if (br_int && ovs_idl_txn) {
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- ovs_assert(cfg);
- const char *datapath_type = smap_get(&cfg->external_ids,
- "ovn-bridge-datapath-type");
- /* Check for the datapath_type and set it only if it is defined in
- * cfg. */
- if (datapath_type && strcmp(br_int->datapath_type, datapath_type)) {
- ovsrec_bridge_set_datapath_type(br_int, datapath_type);
- }
- }
- return br_int;
-}
-
-static const char *
-get_ovs_chassis_id(const struct ovsrec_open_vswitch_table *ovs_table)
-{
- const struct ovsrec_open_vswitch *cfg
- = ovsrec_open_vswitch_table_first(ovs_table);
- const char *chassis_id = cfg ? smap_get(&cfg->external_ids, "system-id")
- : NULL;
-
- if (!chassis_id) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "'system-id' in Open_vSwitch database is missing.");
- }
-
- return chassis_id;
-}
-
-/* Iterate address sets in the southbound database. Create and update the
- * corresponding symtab entries as necessary. */
-static void
-addr_sets_init(const struct sbrec_address_set_table *address_set_table,
- struct shash *addr_sets)
-{
- const struct sbrec_address_set *as;
- SBREC_ADDRESS_SET_TABLE_FOR_EACH (as, address_set_table) {
- expr_const_sets_add(addr_sets, as->name,
- (const char *const *) as->addresses,
- as->n_addresses, true);
- }
-}
-
-static void
-addr_sets_update(const struct sbrec_address_set_table *address_set_table,
- struct shash *addr_sets, struct sset *new,
- struct sset *deleted, struct sset *updated)
-{
- const struct sbrec_address_set *as;
- SBREC_ADDRESS_SET_TABLE_FOR_EACH_TRACKED (as, address_set_table) {
- if (sbrec_address_set_is_deleted(as)) {
- expr_const_sets_remove(addr_sets, as->name);
- sset_add(deleted, as->name);
- } else {
- expr_const_sets_add(addr_sets, as->name,
- (const char *const *) as->addresses,
- as->n_addresses, true);
- if (sbrec_address_set_is_new(as)) {
- sset_add(new, as->name);
- } else {
- sset_add(updated, as->name);
- }
- }
- }
-}
-
-/* Iterate port groups in the southbound database. Create and update the
- * corresponding symtab entries as necessary. */
- static void
-port_groups_init(const struct sbrec_port_group_table *port_group_table,
- struct shash *port_groups)
-{
- const struct sbrec_port_group *pg;
- SBREC_PORT_GROUP_TABLE_FOR_EACH (pg, port_group_table) {
- expr_const_sets_add(port_groups, pg->name,
- (const char *const *) pg->ports,
- pg->n_ports, false);
- }
-}
-
-static void
-port_groups_update(const struct sbrec_port_group_table *port_group_table,
- struct shash *port_groups, struct sset *new,
- struct sset *deleted, struct sset *updated)
-{
- const struct sbrec_port_group *pg;
- SBREC_PORT_GROUP_TABLE_FOR_EACH_TRACKED (pg, port_group_table) {
- if (sbrec_port_group_is_deleted(pg)) {
- expr_const_sets_remove(port_groups, pg->name);
- sset_add(deleted, pg->name);
- } else {
- expr_const_sets_add(port_groups, pg->name,
- (const char *const *) pg->ports,
- pg->n_ports, false);
- if (sbrec_port_group_is_new(pg)) {
- sset_add(new, pg->name);
- } else {
- sset_add(updated, pg->name);
- }
- }
- }
-}
-
-static void
-update_ssl_config(const struct ovsrec_ssl_table *ssl_table)
-{
- const struct ovsrec_ssl *ssl = ovsrec_ssl_table_first(ssl_table);
-
- if (ssl) {
- stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
- stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
- }
-}
-
-static int
-get_ofctrl_probe_interval(struct ovsdb_idl *ovs_idl)
-{
- const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
- return smap_get_int(&cfg->external_ids,
- "ovn-openflow-probe-interval",
- OFCTRL_DEFAULT_PROBE_INTERVAL_SEC);
-}
-
-/* Retrieves the pointer to the OVN Southbound database from 'ovs_idl' and
- * updates 'sbdb_idl' with that pointer. */
-static void
-update_sb_db(struct ovsdb_idl *ovs_idl, struct ovsdb_idl *ovnsb_idl)
-{
- const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
-
- /* Set remote based on user configuration. */
- const char *remote = NULL;
- if (cfg) {
- remote = smap_get(&cfg->external_ids, "ovn-remote");
- }
- ovsdb_idl_set_remote(ovnsb_idl, remote, true);
-
- /* Set probe interval, based on user configuration and the remote. */
- int default_interval = (remote && !stream_or_pstream_needs_probes(remote)
- ? 0 : DEFAULT_PROBE_INTERVAL_MSEC);
- int interval = smap_get_int(&cfg->external_ids,
- "ovn-remote-probe-interval", default_interval);
- ovsdb_idl_set_probe_interval(ovnsb_idl, interval);
-}
-
-static void
-update_ct_zones(const struct sset *lports, const struct hmap *local_datapaths,
- struct simap *ct_zones, unsigned long *ct_zone_bitmap,
- struct shash *pending_ct_zones)
-{
- struct simap_node *ct_zone, *ct_zone_next;
- int scan_start = 1;
- const char *user;
- struct sset all_users = SSET_INITIALIZER(&all_users);
-
- SSET_FOR_EACH(user, lports) {
- sset_add(&all_users, user);
- }
-
- /* Local patched datapath (gateway routers) need zones assigned. */
- const struct local_datapath *ld;
- HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
- /* XXX Add method to limit zone assignment to logical router
- * datapaths with NAT */
- char *dnat = alloc_nat_zone_key(&ld->datapath->header_.uuid, "dnat");
- char *snat = alloc_nat_zone_key(&ld->datapath->header_.uuid, "snat");
- sset_add(&all_users, dnat);
- sset_add(&all_users, snat);
- free(dnat);
- free(snat);
- }
-
- /* Delete zones that do not exist in above sset. */
- SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
- if (!sset_contains(&all_users, ct_zone->name)) {
- VLOG_DBG("removing ct zone %"PRId32" for '%s'",
- ct_zone->data, ct_zone->name);
-
- struct ct_zone_pending_entry *pending = xmalloc(sizeof *pending);
- pending->state = CT_ZONE_DB_QUEUED; /* Skip flushing zone. */
- pending->zone = ct_zone->data;
- pending->add = false;
- shash_add(pending_ct_zones, ct_zone->name, pending);
-
- bitmap_set0(ct_zone_bitmap, ct_zone->data);
- simap_delete(ct_zones, ct_zone);
- }
- }
-
- /* xxx This is wasteful to assign a zone to each port--even if no
- * xxx security policy is applied. */
-
- /* Assign a unique zone id for each logical port and two zones
- * to a gateway router. */
- SSET_FOR_EACH(user, &all_users) {
- int zone;
-
- if (simap_contains(ct_zones, user)) {
- continue;
- }
-
- /* We assume that there are 64K zones and that we own them all. */
- zone = bitmap_scan(ct_zone_bitmap, 0, scan_start, MAX_CT_ZONES + 1);
- if (zone == MAX_CT_ZONES + 1) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "exhausted all ct zones");
- return;
- }
- scan_start = zone + 1;
-
- VLOG_DBG("assigning ct zone %"PRId32" to '%s'", zone, user);
-
- struct ct_zone_pending_entry *pending = xmalloc(sizeof *pending);
- pending->state = CT_ZONE_OF_QUEUED;
- pending->zone = zone;
- pending->add = true;
- shash_add(pending_ct_zones, user, pending);
-
- bitmap_set1(ct_zone_bitmap, zone);
- simap_put(ct_zones, user, zone);
- }
-
- sset_destroy(&all_users);
-}
-
-static void
-commit_ct_zones(const struct ovsrec_bridge *br_int,
- struct shash *pending_ct_zones)
-{
- struct smap new_ids;
- smap_clone(&new_ids, &br_int->external_ids);
-
- bool updated = false;
- struct shash_node *iter;
- SHASH_FOR_EACH(iter, pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
-
- /* The transaction is open, so any pending entries in the
- * CT_ZONE_DB_QUEUED must be sent and any in CT_ZONE_DB_QUEUED
- * need to be retried. */
- if (ctzpe->state != CT_ZONE_DB_QUEUED
- && ctzpe->state != CT_ZONE_DB_SENT) {
- continue;
- }
-
- char *user_str = xasprintf("ct-zone-%s", iter->name);
- if (ctzpe->add) {
- char *zone_str = xasprintf("%"PRId32, ctzpe->zone);
- smap_replace(&new_ids, user_str, zone_str);
- free(zone_str);
- } else {
- smap_remove(&new_ids, user_str);
- }
- free(user_str);
-
- ctzpe->state = CT_ZONE_DB_SENT;
- updated = true;
- }
-
- if (updated) {
- ovsrec_bridge_verify_external_ids(br_int);
- ovsrec_bridge_set_external_ids(br_int, &new_ids);
- }
- smap_destroy(&new_ids);
-}
-
-static void
-restore_ct_zones(const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_open_vswitch_table *ovs_table,
- struct simap *ct_zones, unsigned long *ct_zone_bitmap)
-{
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (!cfg) {
- return;
- }
-
- const struct ovsrec_bridge *br_int;
- br_int = get_bridge(bridge_table, br_int_name(cfg));
- if (!br_int) {
- /* If the integration bridge hasn't been defined, assume that
- * any existing ct-zone definitions aren't valid. */
- return;
- }
-
- struct smap_node *node;
- SMAP_FOR_EACH(node, &br_int->external_ids) {
- if (strncmp(node->key, "ct-zone-", 8)) {
- continue;
- }
-
- const char *user = node->key + 8;
- int zone = atoi(node->value);
-
- if (user[0] && zone) {
- VLOG_DBG("restoring ct zone %"PRId32" for '%s'", zone, user);
- bitmap_set1(ct_zone_bitmap, zone);
- simap_put(ct_zones, user, zone);
- }
- }
-}
-
-static int64_t
-get_nb_cfg(const struct sbrec_sb_global_table *sb_global_table)
-{
- const struct sbrec_sb_global *sb
- = sbrec_sb_global_table_first(sb_global_table);
- return sb ? sb->nb_cfg : 0;
-}
-
-static const char *
-get_transport_zones(const struct ovsrec_open_vswitch_table *ovs_table)
-{
- const struct ovsrec_open_vswitch *cfg
- = ovsrec_open_vswitch_table_first(ovs_table);
- return smap_get_def(&cfg->external_ids, "ovn-transport-zones", "");
-}
-
-static void
-ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- /* We do not monitor all tables by default, so modules must register
- * their interest explicitly. */
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_open_vswitch);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_external_ids);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_bridges);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd_status);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_type);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_options);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_ofport);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_port);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_interfaces);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_external_ids);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_ports);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_name);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_fail_mode);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_other_config);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_external_ids);
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_ssl);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_bootstrap_ca_cert);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_ca_cert);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_certificate);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_private_key);
- chassis_register_ovs_idl(ovs_idl);
- encaps_register_ovs_idl(ovs_idl);
- binding_register_ovs_idl(ovs_idl);
- bfd_register_ovs_idl(ovs_idl);
- physical_register_ovs_idl(ovs_idl);
-}
-
-#define SB_NODES \
- SB_NODE(chassis, "chassis") \
- SB_NODE(encap, "encap") \
- SB_NODE(address_set, "address_set") \
- SB_NODE(port_group, "port_group") \
- SB_NODE(multicast_group, "multicast_group") \
- SB_NODE(datapath_binding, "datapath_binding") \
- SB_NODE(port_binding, "port_binding") \
- SB_NODE(mac_binding, "mac_binding") \
- SB_NODE(logical_flow, "logical_flow") \
- SB_NODE(dhcp_options, "dhcp_options") \
- SB_NODE(dhcpv6_options, "dhcpv6_options") \
- SB_NODE(dns, "dns")
-
-enum sb_engine_node {
-#define SB_NODE(NAME, NAME_STR) SB_##NAME,
- SB_NODES
-#undef SB_NODE
-};
-
-#define SB_NODE(NAME, NAME_STR) ENGINE_FUNC_SB(NAME);
- SB_NODES
-#undef SB_NODE
-
-#define OVS_NODES \
- OVS_NODE(open_vswitch, "open_vswitch") \
- OVS_NODE(bridge, "bridge") \
- OVS_NODE(port, "port") \
- OVS_NODE(qos, "qos")
-
-enum ovs_engine_node {
-#define OVS_NODE(NAME, NAME_STR) OVS_##NAME,
- OVS_NODES
-#undef OVS_NODE
-};
-
-#define OVS_NODE(NAME, NAME_STR) ENGINE_FUNC_OVS(NAME);
- OVS_NODES
-#undef OVS_NODE
-
-struct ed_type_ofctrl_is_connected {
- bool connected;
-};
-
-static void
-en_ofctrl_is_connected_init(struct engine_node *node)
-{
- struct ed_type_ofctrl_is_connected *data =
- (struct ed_type_ofctrl_is_connected *)node->data;
- data->connected = false;
-}
-
-static void
-en_ofctrl_is_connected_cleanup(struct engine_node *node OVS_UNUSED)
-{
-}
-
-static void
-en_ofctrl_is_connected_run(struct engine_node *node)
-{
- struct ed_type_ofctrl_is_connected *data =
- (struct ed_type_ofctrl_is_connected *)node->data;
- if (data->connected != ofctrl_is_connected()) {
- data->connected = !data->connected;
- node->changed = true;
- return;
- }
- node->changed = false;
-}
-
-struct ed_type_addr_sets {
- struct shash addr_sets;
- bool change_tracked;
- struct sset new;
- struct sset deleted;
- struct sset updated;
-};
-
-static void
-en_addr_sets_init(struct engine_node *node)
-{
- struct ed_type_addr_sets *as = (struct ed_type_addr_sets *)node->data;
- shash_init(&as->addr_sets);
- as->change_tracked = false;
- sset_init(&as->new);
- sset_init(&as->deleted);
- sset_init(&as->updated);
-}
-
-static void
-en_addr_sets_cleanup(struct engine_node *node)
-{
- struct ed_type_addr_sets *as = (struct ed_type_addr_sets *)node->data;
- expr_const_sets_destroy(&as->addr_sets);
- shash_destroy(&as->addr_sets);
- sset_destroy(&as->new);
- sset_destroy(&as->deleted);
- sset_destroy(&as->updated);
-}
-
-static void
-en_addr_sets_run(struct engine_node *node)
-{
- struct ed_type_addr_sets *as = (struct ed_type_addr_sets *)node->data;
-
- sset_clear(&as->new);
- sset_clear(&as->deleted);
- sset_clear(&as->updated);
- expr_const_sets_destroy(&as->addr_sets);
-
- struct sbrec_address_set_table *as_table =
- (struct sbrec_address_set_table *)EN_OVSDB_GET(
- engine_get_input("SB_address_set", node));
-
- addr_sets_init(as_table, &as->addr_sets);
-
- as->change_tracked = false;
- node->changed = true;
-}
-
-static bool
-addr_sets_sb_address_set_handler(struct engine_node *node)
-{
- struct ed_type_addr_sets *as = (struct ed_type_addr_sets *)node->data;
-
- sset_clear(&as->new);
- sset_clear(&as->deleted);
- sset_clear(&as->updated);
-
- struct sbrec_address_set_table *as_table =
- (struct sbrec_address_set_table *)EN_OVSDB_GET(
- engine_get_input("SB_address_set", node));
-
- addr_sets_update(as_table, &as->addr_sets, &as->new,
- &as->deleted, &as->updated);
-
- node->changed = !sset_is_empty(&as->new) || !sset_is_empty(&as->deleted)
- || !sset_is_empty(&as->updated);
-
- as->change_tracked = true;
- node->changed = true;
- return true;
-}
-
-struct ed_type_port_groups{
- struct shash port_groups;
- bool change_tracked;
- struct sset new;
- struct sset deleted;
- struct sset updated;
-};
-
-static void
-en_port_groups_init(struct engine_node *node)
-{
- struct ed_type_port_groups *pg = (struct ed_type_port_groups *)node->data;
- shash_init(&pg->port_groups);
- pg->change_tracked = false;
- sset_init(&pg->new);
- sset_init(&pg->deleted);
- sset_init(&pg->updated);
-}
-
-static void
-en_port_groups_cleanup(struct engine_node *node)
-{
- struct ed_type_port_groups *pg = (struct ed_type_port_groups *)node->data;
- expr_const_sets_destroy(&pg->port_groups);
- shash_destroy(&pg->port_groups);
- sset_destroy(&pg->new);
- sset_destroy(&pg->deleted);
- sset_destroy(&pg->updated);
-}
-
-static void
-en_port_groups_run(struct engine_node *node)
-{
- struct ed_type_port_groups *pg = (struct ed_type_port_groups *)node->data;
-
- sset_clear(&pg->new);
- sset_clear(&pg->deleted);
- sset_clear(&pg->updated);
- expr_const_sets_destroy(&pg->port_groups);
-
- struct sbrec_port_group_table *pg_table =
- (struct sbrec_port_group_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_group", node));
-
- port_groups_init(pg_table, &pg->port_groups);
-
- pg->change_tracked = false;
- node->changed = true;
-}
-
-static bool
-port_groups_sb_port_group_handler(struct engine_node *node)
-{
- struct ed_type_port_groups *pg = (struct ed_type_port_groups *)node->data;
-
- sset_clear(&pg->new);
- sset_clear(&pg->deleted);
- sset_clear(&pg->updated);
-
- struct sbrec_port_group_table *pg_table =
- (struct sbrec_port_group_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_group", node));
-
- port_groups_update(pg_table, &pg->port_groups, &pg->new,
- &pg->deleted, &pg->updated);
-
- node->changed = !sset_is_empty(&pg->new) || !sset_is_empty(&pg->deleted)
- || !sset_is_empty(&pg->updated);
-
- pg->change_tracked = true;
- node->changed = true;
- return true;
-}
-
-struct ed_type_runtime_data {
- /* Contains "struct local_datapath" nodes. */
- struct hmap local_datapaths;
-
- /* Contains the name of each logical port resident on the local
- * hypervisor. These logical ports include the VIFs (and their child
- * logical ports, if any) that belong to VMs running on the hypervisor,
- * l2gateway ports for which options:l2gateway-chassis designates the
- * local hypervisor, and localnet ports. */
- struct sset local_lports;
-
- /* Contains the same ports as local_lports, but in the format:
- * _ */
- struct sset local_lport_ids;
- struct sset active_tunnels;
-
- /* connection tracking zones. */
- unsigned long ct_zone_bitmap[BITMAP_N_LONGS(MAX_CT_ZONES)];
- struct shash pending_ct_zones;
- struct simap ct_zones;
-};
-
-static void
-en_runtime_data_init(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)node->data;
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- hmap_init(&data->local_datapaths);
- sset_init(&data->local_lports);
- sset_init(&data->local_lport_ids);
- sset_init(&data->active_tunnels);
- shash_init(&data->pending_ct_zones);
- simap_init(&data->ct_zones);
-
- /* Initialize connection tracking zones. */
- memset(data->ct_zone_bitmap, 0, sizeof data->ct_zone_bitmap);
- bitmap_set1(data->ct_zone_bitmap, 0); /* Zone 0 is reserved. */
- restore_ct_zones(bridge_table, ovs_table,
- &data->ct_zones, data->ct_zone_bitmap);
-}
-
-static void
-en_runtime_data_cleanup(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)node->data;
-
- sset_destroy(&data->local_lports);
- sset_destroy(&data->local_lport_ids);
- sset_destroy(&data->active_tunnels);
- struct local_datapath *cur_node, *next_node;
- HMAP_FOR_EACH_SAFE (cur_node, next_node, hmap_node,
- &data->local_datapaths) {
- free(cur_node->peer_ports);
- hmap_remove(&data->local_datapaths, &cur_node->hmap_node);
- free(cur_node);
- }
- hmap_destroy(&data->local_datapaths);
-
- simap_destroy(&data->ct_zones);
- shash_destroy(&data->pending_ct_zones);
-}
-
-static void
-en_runtime_data_run(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)node->data;
- struct hmap *local_datapaths = &data->local_datapaths;
- struct sset *local_lports = &data->local_lports;
- struct sset *local_lport_ids = &data->local_lport_ids;
- struct sset *active_tunnels = &data->active_tunnels;
- unsigned long *ct_zone_bitmap = data->ct_zone_bitmap;
- struct shash *pending_ct_zones = &data->pending_ct_zones;
- struct simap *ct_zones = &data->ct_zones;
-
- static bool first_run = true;
- if (first_run) {
- /* don't cleanup since there is no data yet */
- first_run = false;
- } else {
- struct local_datapath *cur_node, *next_node;
- HMAP_FOR_EACH_SAFE (cur_node, next_node, hmap_node, local_datapaths) {
- free(cur_node->peer_ports);
- hmap_remove(local_datapaths, &cur_node->hmap_node);
- free(cur_node);
- }
- hmap_clear(local_datapaths);
- sset_destroy(local_lports);
- sset_destroy(local_lport_ids);
- sset_destroy(active_tunnels);
- sset_init(local_lports);
- sset_init(local_lport_ids);
- sset_init(active_tunnels);
- }
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const char *chassis_id = get_ovs_chassis_id(ovs_table);
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
-
- ovs_assert(br_int && chassis_id);
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
-
- const struct sbrec_chassis *chassis
- = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- ovs_assert(chassis);
-
- struct ed_type_ofctrl_is_connected *ed_ofctrl_is_connected =
- (struct ed_type_ofctrl_is_connected *)engine_get_input(
- "ofctrl_is_connected", node)->data;
- if (ed_ofctrl_is_connected->connected) {
- /* Calculate the active tunnels only if have an an active
- * OpenFlow connection to br-int.
- * If we don't have a connection to br-int, it could mean
- * ovs-vswitchd is down for some reason and the BFD status
- * in the Interface rows could be stale. So its better to
- * consider 'active_tunnels' set to be empty if it's not
- * connected. */
- bfd_calculate_active_tunnels(br_int, active_tunnels);
- }
-
- struct ovsrec_port_table *port_table =
- (struct ovsrec_port_table *)EN_OVSDB_GET(
- engine_get_input("OVS_port", node));
-
- struct ovsrec_qos_table *qos_table =
- (struct ovsrec_qos_table *)EN_OVSDB_GET(
- engine_get_input("OVS_qos", node));
-
- struct sbrec_port_binding_table *pb_table =
- (struct sbrec_port_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_binding", node));
-
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_datapath_binding", node),
- "key");
-
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "datapath");
-
- binding_run(engine_get_context()->ovnsb_idl_txn,
- engine_get_context()->ovs_idl_txn,
- sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- port_table, qos_table, pb_table,
- br_int, chassis,
- active_tunnels, local_datapaths,
- local_lports, local_lport_ids);
-
- update_ct_zones(local_lports, local_datapaths, ct_zones,
- ct_zone_bitmap, pending_ct_zones);
-
- node->changed = true;
-}
-
-static bool
-runtime_data_sb_port_binding_handler(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)node->data;
- struct sset *local_lports = &data->local_lports;
- struct sset *active_tunnels = &data->active_tunnels;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const char *chassis_id = chassis_get_id();
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
-
- ovs_assert(br_int && chassis_id);
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
-
- const struct sbrec_chassis *chassis
- = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- ovs_assert(chassis);
-
- struct sbrec_port_binding_table *pb_table =
- (struct sbrec_port_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_binding", node));
-
- bool changed = binding_evaluate_port_binding_changes(
- pb_table, br_int, chassis, active_tunnels, local_lports);
-
- return !changed;
-}
-
-struct ed_type_mff_ovn_geneve {
- enum mf_field_id mff_ovn_geneve;
-};
-
-static void
-en_mff_ovn_geneve_init(struct engine_node *node)
-{
- struct ed_type_mff_ovn_geneve *data =
- (struct ed_type_mff_ovn_geneve *)node->data;
- data->mff_ovn_geneve = 0;
-}
-
-static void
-en_mff_ovn_geneve_cleanup(struct engine_node *node OVS_UNUSED)
-{
-}
-
-static void
-en_mff_ovn_geneve_run(struct engine_node *node)
-{
- struct ed_type_mff_ovn_geneve *data =
- (struct ed_type_mff_ovn_geneve *)node->data;
- enum mf_field_id mff_ovn_geneve = ofctrl_get_mf_field_id();
- if (data->mff_ovn_geneve != mff_ovn_geneve) {
- data->mff_ovn_geneve = mff_ovn_geneve;
- node->changed = true;
- return;
- }
- node->changed = false;
-}
-
-struct ed_type_flow_output {
- /* desired flows */
- struct ovn_desired_flow_table flow_table;
- /* group ids for load balancing */
- struct ovn_extend_table group_table;
- /* meter ids for QoS */
- struct ovn_extend_table meter_table;
- /* conjunction id offset */
- uint32_t conj_id_ofs;
- /* lflow resource cross reference */
- struct lflow_resource_ref lflow_resource_ref;
-};
-
-static void
-en_flow_output_init(struct engine_node *node)
-{
- struct ed_type_flow_output *data =
- (struct ed_type_flow_output *)node->data;
- ovn_desired_flow_table_init(&data->flow_table);
- ovn_extend_table_init(&data->group_table);
- ovn_extend_table_init(&data->meter_table);
- data->conj_id_ofs = 1;
- lflow_resource_init(&data->lflow_resource_ref);
-}
-
-static void
-en_flow_output_cleanup(struct engine_node *node)
-{
- struct ed_type_flow_output *data =
- (struct ed_type_flow_output *)node->data;
- ovn_desired_flow_table_destroy(&data->flow_table);
- ovn_extend_table_destroy(&data->group_table);
- ovn_extend_table_destroy(&data->meter_table);
- lflow_resource_destroy(&data->lflow_resource_ref);
-}
-
-static void
-en_flow_output_run(struct engine_node *node)
-{
- struct ed_type_runtime_data *rt_data =
- (struct ed_type_runtime_data *)engine_get_input(
- "runtime_data", node)->data;
- struct hmap *local_datapaths = &rt_data->local_datapaths;
- struct sset *local_lports = &rt_data->local_lports;
- struct sset *local_lport_ids = &rt_data->local_lport_ids;
- struct sset *active_tunnels = &rt_data->active_tunnels;
- struct simap *ct_zones = &rt_data->ct_zones;
-
- struct ed_type_mff_ovn_geneve *ed_mff_ovn_geneve =
- (struct ed_type_mff_ovn_geneve *)engine_get_input(
- "mff_ovn_geneve", node)->data;
- enum mf_field_id mff_ovn_geneve = ed_mff_ovn_geneve->mff_ovn_geneve;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
- const char *chassis_id = chassis_get_id();
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
- struct ed_type_addr_sets *as_data =
- (struct ed_type_addr_sets *)engine_get_input("addr_sets", node)->data;
- struct shash *addr_sets = &as_data->addr_sets;
-
- struct ed_type_port_groups *pg_data =
- (struct ed_type_port_groups *)engine_get_input(
- "port_groups", node)->data;
- struct shash *port_groups = &pg_data->port_groups;
-
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- }
-
- ovs_assert(br_int && chassis);
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
- struct ovn_extend_table *group_table = &fo->group_table;
- struct ovn_extend_table *meter_table = &fo->meter_table;
- uint32_t *conj_id_ofs = &fo->conj_id_ofs;
- struct lflow_resource_ref *lfrr = &fo->lflow_resource_ref;
-
- static bool first_run = true;
- if (first_run) {
- first_run = false;
- } else {
- ovn_desired_flow_table_clear(flow_table);
- ovn_extend_table_clear(group_table, false /* desired */);
- ovn_extend_table_clear(meter_table, false /* desired */);
- lflow_resource_clear(lfrr);
- }
-
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_multicast_group", node),
- "name_datapath");
-
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct sbrec_dhcp_options_table *dhcp_table =
- (struct sbrec_dhcp_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcp_options", node));
-
- struct sbrec_dhcpv6_options_table *dhcpv6_table =
- (struct sbrec_dhcpv6_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcpv6_options", node));
-
- struct sbrec_logical_flow_table *logical_flow_table =
- (struct sbrec_logical_flow_table *)EN_OVSDB_GET(
- engine_get_input("SB_logical_flow", node));
-
- struct sbrec_mac_binding_table *mac_binding_table =
- (struct sbrec_mac_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_mac_binding", node));
-
- *conj_id_ofs = 1;
- lflow_run(sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,
- dhcp_table, dhcpv6_table,
- logical_flow_table,
- mac_binding_table,
- chassis, local_datapaths, addr_sets,
- port_groups, active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table, lfrr,
- conj_id_ofs);
-
- struct sbrec_multicast_group_table *multicast_group_table =
- (struct sbrec_multicast_group_table *)EN_OVSDB_GET(
- engine_get_input("SB_multicast_group", node));
-
- struct sbrec_port_binding_table *port_binding_table =
- (struct sbrec_port_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_binding", node));
-
- physical_run(sbrec_port_binding_by_name,
- multicast_group_table,
- port_binding_table,
- mff_ovn_geneve,
- br_int, chassis, ct_zones,
- local_datapaths, local_lports,
- active_tunnels,
- flow_table);
-
- node->changed = true;
-}
-
-static bool
-flow_output_sb_logical_flow_handler(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)engine_get_input(
- "runtime_data", node)->data;
- struct hmap *local_datapaths = &data->local_datapaths;
- struct sset *local_lport_ids = &data->local_lport_ids;
- struct sset *active_tunnels = &data->active_tunnels;
- struct ed_type_addr_sets *as_data =
- (struct ed_type_addr_sets *)engine_get_input("addr_sets", node)->data;
- struct shash *addr_sets = &as_data->addr_sets;
-
- struct ed_type_port_groups *pg_data =
- (struct ed_type_port_groups *)engine_get_input(
- "port_groups", node)->data;
- struct shash *port_groups = &pg_data->port_groups;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
- const char *chassis_id = chassis_get_id();
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
-
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- }
-
- ovs_assert(br_int && chassis);
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
- struct ovn_extend_table *group_table = &fo->group_table;
- struct ovn_extend_table *meter_table = &fo->meter_table;
- uint32_t *conj_id_ofs = &fo->conj_id_ofs;
- struct lflow_resource_ref *lfrr = &fo->lflow_resource_ref;
-
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_multicast_group", node),
- "name_datapath");
-
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct sbrec_dhcp_options_table *dhcp_table =
- (struct sbrec_dhcp_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcp_options", node));
-
- struct sbrec_dhcpv6_options_table *dhcpv6_table =
- (struct sbrec_dhcpv6_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcpv6_options", node));
-
- struct sbrec_logical_flow_table *logical_flow_table =
- (struct sbrec_logical_flow_table *)EN_OVSDB_GET(
- engine_get_input("SB_logical_flow", node));
-
- bool handled = lflow_handle_changed_flows(
- sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,
- dhcp_table, dhcpv6_table,
- logical_flow_table,
- local_datapaths, chassis, addr_sets,
- port_groups, active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table, lfrr,
- conj_id_ofs);
-
- node->changed = true;
- return handled;
-}
-
-static bool
-flow_output_sb_mac_binding_handler(struct engine_node *node)
-{
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct sbrec_mac_binding_table *mac_binding_table =
- (struct sbrec_mac_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_mac_binding", node));
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
-
- lflow_handle_changed_neighbors(sbrec_port_binding_by_name,
- mac_binding_table, flow_table);
-
- node->changed = true;
- return true;
-}
-
-static bool
-flow_output_sb_port_binding_handler(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)engine_get_input(
- "runtime_data", node)->data;
- struct hmap *local_datapaths = &data->local_datapaths;
- struct sset *active_tunnels = &data->active_tunnels;
- struct simap *ct_zones = &data->ct_zones;
-
- struct ed_type_mff_ovn_geneve *ed_mff_ovn_geneve =
- (struct ed_type_mff_ovn_geneve *)engine_get_input(
- "mff_ovn_geneve", node)->data;
- enum mf_field_id mff_ovn_geneve = ed_mff_ovn_geneve->mff_ovn_geneve;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
- const char *chassis_id = chassis_get_id();
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- }
- ovs_assert(br_int && chassis);
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
-
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct sbrec_port_binding_table *port_binding_table =
- (struct sbrec_port_binding_table *)EN_OVSDB_GET(
- engine_get_input("SB_port_binding", node));
-
- /* XXX: now we handle port-binding changes for physical flow processing
- * only, but port-binding change can have impact to logical flow
- * processing, too, in below circumstances:
- *
- * - When a port-binding for a lport is inserted/deleted but the lflow
- * using that lport doesn't change.
- *
- * This can happen only when the lport name is used by ACL match
- * condition, which is specified by user. Even in that case, if the port
- * is actually bound on the current chassis it will trigger recompute on
- * that chassis since ovs interface would be updated. So the only
- * situation this would have real impact is when user defines an ACL
- * that includes lport that is not on current chassis, and there is a
- * port-binding creation/deletion related to that lport.e.g.: an ACL is
- * defined:
- *
- * to-lport 1000 'outport=="A" && inport=="B"' allow-related
- *
- * If "A" is on current chassis, but "B" is lport that hasn't been
- * created yet. When a lport "B" is created and bound on another
- * chassis, the ACL will not take effect on the current chassis until a
- * recompute is triggered later. This case doesn't seem to be a problem
- * for real world use cases because usually lport is created before
- * being referenced by name in ACLs.
- *
- * - When is_chassis_resident() is used in lflow. In this case the
- * port binding is not a regular VIF. It can be either "patch" or
- * "external", with ha-chassis-group assigned. In current
- * "runtime_data" handling, port-binding changes for these types always
- * trigger recomputing. So it is fine even if we do not handle it here.
- * (due to the ovsdb tracking support for referenced table changes,
- * ha-chassis-group changes will appear as port-binding change).
- *
- * - When a mac-binding doesn't change but the port-binding related to
- * that mac-binding is deleted. In this case the neighbor flow generated
- * for the mac-binding should be deleted. This would not cause any real
- * issue for now, since the port-binding related to mac-binding is
- * always logical router port, and any change to logical router port
- * would just trigger recompute.
- *
- * Although there is no correctness issue so far (except the unusual ACL
- * use case, which doesn't seem to be a real problem), it might be better
- * to handle this more gracefully, without the need to consider these
- * tricky scenarios. One approach is to maintain a mapping between lport
- * names and the lflows that uses them, and reprocess the related lflows
- * when related port-bindings change.
- */
- physical_handle_port_binding_changes(
- sbrec_port_binding_by_name,
- port_binding_table, mff_ovn_geneve,
- chassis, ct_zones, local_datapaths,
- active_tunnels, flow_table);
-
- node->changed = true;
- return true;
-}
-
-static bool
-flow_output_sb_multicast_group_handler(struct engine_node *node)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)engine_get_input(
- "runtime_data", node)->data;
- struct hmap *local_datapaths = &data->local_datapaths;
- struct simap *ct_zones = &data->ct_zones;
-
- struct ed_type_mff_ovn_geneve *ed_mff_ovn_geneve =
- (struct ed_type_mff_ovn_geneve *)engine_get_input(
- "mff_ovn_geneve", node)->data;
- enum mf_field_id mff_ovn_geneve = ed_mff_ovn_geneve->mff_ovn_geneve;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
- const char *chassis_id = chassis_get_id();
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- }
- ovs_assert(br_int && chassis);
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
-
- struct sbrec_multicast_group_table *multicast_group_table =
- (struct sbrec_multicast_group_table *)EN_OVSDB_GET(
- engine_get_input("SB_multicast_group", node));
-
- physical_handle_mc_group_changes(multicast_group_table,
- mff_ovn_geneve, chassis, ct_zones, local_datapaths,
- flow_table);
-
- node->changed = true;
- return true;
-
-}
-
-static bool
-_flow_output_resource_ref_handler(struct engine_node *node,
- enum ref_type ref_type)
-{
- struct ed_type_runtime_data *data =
- (struct ed_type_runtime_data *)engine_get_input(
- "runtime_data", node)->data;
- struct hmap *local_datapaths = &data->local_datapaths;
- struct sset *local_lport_ids = &data->local_lport_ids;
- struct sset *active_tunnels = &data->active_tunnels;
-
- struct ed_type_addr_sets *as_data =
- (struct ed_type_addr_sets *)engine_get_input("addr_sets", node)->data;
- struct shash *addr_sets = &as_data->addr_sets;
-
- struct ed_type_port_groups *pg_data =
- (struct ed_type_port_groups *)engine_get_input(
- "port_groups", node)->data;
- struct shash *port_groups = &pg_data->port_groups;
-
- struct ovsrec_open_vswitch_table *ovs_table =
- (struct ovsrec_open_vswitch_table *)EN_OVSDB_GET(
- engine_get_input("OVS_open_vswitch", node));
- struct ovsrec_bridge_table *bridge_table =
- (struct ovsrec_bridge_table *)EN_OVSDB_GET(
- engine_get_input("OVS_bridge", node));
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table);
- const char *chassis_id = chassis_get_id();
-
- struct ovsdb_idl_index *sbrec_chassis_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_chassis", node),
- "name");
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id);
- }
-
- ovs_assert(br_int && chassis);
-
- struct ed_type_flow_output *fo =
- (struct ed_type_flow_output *)node->data;
- struct ovn_desired_flow_table *flow_table = &fo->flow_table;
- struct ovn_extend_table *group_table = &fo->group_table;
- struct ovn_extend_table *meter_table = &fo->meter_table;
- uint32_t *conj_id_ofs = &fo->conj_id_ofs;
- struct lflow_resource_ref *lfrr = &fo->lflow_resource_ref;
-
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_multicast_group", node),
- "name_datapath");
-
- struct ovsdb_idl_index *sbrec_port_binding_by_name =
- engine_ovsdb_node_get_index(
- engine_get_input("SB_port_binding", node),
- "name");
-
- struct sbrec_dhcp_options_table *dhcp_table =
- (struct sbrec_dhcp_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcp_options", node));
-
- struct sbrec_dhcpv6_options_table *dhcpv6_table =
- (struct sbrec_dhcpv6_options_table *)EN_OVSDB_GET(
- engine_get_input("SB_dhcpv6_options", node));
-
- struct sbrec_logical_flow_table *logical_flow_table =
- (struct sbrec_logical_flow_table *)EN_OVSDB_GET(
- engine_get_input("SB_logical_flow", node));
-
- bool changed;
- const char *ref_name;
- struct sset *new, *updated, *deleted;
-
- switch (ref_type) {
- case REF_TYPE_ADDRSET:
- /* XXX: The change_tracked check may be added to inc-proc
- * framework. */
- if (!as_data->change_tracked) {
- return false;
- }
- new = &as_data->new;
- updated = &as_data->updated;
- deleted = &as_data->deleted;
- break;
- case REF_TYPE_PORTGROUP:
- if (!pg_data->change_tracked) {
- return false;
- }
- new = &pg_data->new;
- updated = &pg_data->updated;
- deleted = &pg_data->deleted;
- break;
- default:
- OVS_NOT_REACHED();
- }
-
-
- SSET_FOR_EACH (ref_name, deleted) {
- if (!lflow_handle_changed_ref(ref_type, ref_name,
- sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,dhcp_table,
- dhcpv6_table, logical_flow_table,
- local_datapaths, chassis, addr_sets,
- port_groups, active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table, lfrr,
- conj_id_ofs, &changed)) {
- return false;
- }
- node->changed = changed || node->changed;
- }
- SSET_FOR_EACH (ref_name, updated) {
- if (!lflow_handle_changed_ref(ref_type, ref_name,
- sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,dhcp_table,
- dhcpv6_table, logical_flow_table,
- local_datapaths, chassis, addr_sets,
- port_groups, active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table, lfrr,
- conj_id_ofs, &changed)) {
- return false;
- }
- node->changed = changed || node->changed;
- }
- SSET_FOR_EACH (ref_name, new) {
- if (!lflow_handle_changed_ref(ref_type, ref_name,
- sbrec_multicast_group_by_name_datapath,
- sbrec_port_binding_by_name,dhcp_table,
- dhcpv6_table, logical_flow_table,
- local_datapaths, chassis, addr_sets,
- port_groups, active_tunnels, local_lport_ids,
- flow_table, group_table, meter_table, lfrr,
- conj_id_ofs, &changed)) {
- return false;
- }
- node->changed = changed || node->changed;
- }
-
- return true;
-}
-
-static bool
-flow_output_addr_sets_handler(struct engine_node *node)
-{
- return _flow_output_resource_ref_handler(node, REF_TYPE_ADDRSET);
-}
-
-static bool
-flow_output_port_groups_handler(struct engine_node *node)
-{
- return _flow_output_resource_ref_handler(node, REF_TYPE_PORTGROUP);
-}
-
-struct ovn_controller_exit_args {
- bool *exiting;
- bool *restart;
-};
-
-int
-main(int argc, char *argv[])
-{
- struct unixctl_server *unixctl;
- bool exiting;
- bool restart;
- struct ovn_controller_exit_args exit_args = {&exiting, &restart};
- int retval;
-
- ovs_cmdl_proctitle_init(argc, argv);
- set_program_name(argv[0]);
- service_start(&argc, &argv);
- char *ovs_remote = parse_options(argc, argv);
- fatal_ignore_sigpipe();
-
- daemonize_start(false);
-
- retval = unixctl_server_create(NULL, &unixctl);
- if (retval) {
- exit(EXIT_FAILURE);
- }
- unixctl_command_register("exit", "", 0, 1, ovn_controller_exit,
- &exit_args);
-
- daemonize_complete();
-
- pinctrl_init();
- lflow_init();
-
- /* Connect to OVS OVSDB instance. */
- struct ovsdb_idl_loop ovs_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create(ovs_remote, &ovsrec_idl_class, false, true));
- ctrl_register_ovs_idl(ovs_idl_loop.idl);
- ovsdb_idl_get_initial_snapshot(ovs_idl_loop.idl);
-
- /* Configure OVN SB database. */
- struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create_unconnected(&sbrec_idl_class, true));
- ovsdb_idl_set_leader_only(ovnsb_idl_loop.idl, false);
-
- unixctl_command_register("connection-status", "", 0, 0,
- ovn_controller_conn_show, ovnsb_idl_loop.idl);
-
- struct ovsdb_idl_index *sbrec_chassis_by_name
- = chassis_index_create(ovnsb_idl_loop.idl);
- struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath
- = mcast_group_index_create(ovnsb_idl_loop.idl);
- struct ovsdb_idl_index *sbrec_port_binding_by_name
- = ovsdb_idl_index_create1(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_logical_port);
- struct ovsdb_idl_index *sbrec_port_binding_by_key
- = ovsdb_idl_index_create2(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_tunnel_key,
- &sbrec_port_binding_col_datapath);
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath
- = ovsdb_idl_index_create1(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_datapath);
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key
- = ovsdb_idl_index_create1(ovnsb_idl_loop.idl,
- &sbrec_datapath_binding_col_tunnel_key);
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip
- = ovsdb_idl_index_create2(ovnsb_idl_loop.idl,
- &sbrec_mac_binding_col_logical_port,
- &sbrec_mac_binding_col_ip);
- struct ovsdb_idl_index *sbrec_ip_multicast
- = ip_mcast_index_create(ovnsb_idl_loop.idl);
- struct ovsdb_idl_index *sbrec_igmp_group
- = igmp_group_index_create(ovnsb_idl_loop.idl);
-
- ovsdb_idl_track_add_all(ovnsb_idl_loop.idl);
- ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, &sbrec_chassis_col_nb_cfg);
-
- /* Omit the external_ids column of all the tables except for -
- * - DNS. pinctrl.c uses the external_ids column of DNS,
- * which it shouldn't. This should be removed.
- *
- * - Chassis - chassis.c copies the chassis configuration from
- * local open_vswitch table to the external_ids of
- * chassis.
- *
- * - Datapath_binding - lflow.c is using this to check if the datapath
- * is switch or not. This should be removed.
- * */
-
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_sb_global_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_port_binding_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_connection_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_ssl_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl,
- &sbrec_gateway_chassis_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl, &sbrec_ha_chassis_col_external_ids);
- ovsdb_idl_omit(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_group_col_external_ids);
-
- update_sb_monitors(ovnsb_idl_loop.idl, NULL, NULL, NULL);
-
- stopwatch_create(CONTROLLER_LOOP_STOPWATCH_NAME, SW_MS);
-
- /* Define inc-proc-engine nodes. */
- struct ed_type_runtime_data ed_runtime_data;
- struct ed_type_mff_ovn_geneve ed_mff_ovn_geneve;
- struct ed_type_ofctrl_is_connected ed_ofctrl_is_connected;
- struct ed_type_flow_output ed_flow_output;
- struct ed_type_addr_sets ed_addr_sets;
- struct ed_type_port_groups ed_port_groups;
-
- ENGINE_NODE(runtime_data, "runtime_data");
- ENGINE_NODE(mff_ovn_geneve, "mff_ovn_geneve");
- ENGINE_NODE(ofctrl_is_connected, "ofctrl_is_connected");
- ENGINE_NODE(flow_output, "flow_output");
- ENGINE_NODE(addr_sets, "addr_sets");
- ENGINE_NODE(port_groups, "port_groups");
-
-#define SB_NODE(NAME, NAME_STR) ENGINE_NODE_SB(NAME, NAME_STR);
- SB_NODES
-#undef SB_NODE
-
-#define OVS_NODE(NAME, NAME_STR) ENGINE_NODE_OVS(NAME, NAME_STR);
- OVS_NODES
-#undef OVS_NODE
-
- engine_ovsdb_node_add_index(&en_sb_chassis, "name", sbrec_chassis_by_name);
- engine_ovsdb_node_add_index(&en_sb_multicast_group, "name_datapath",
- sbrec_multicast_group_by_name_datapath);
- engine_ovsdb_node_add_index(&en_sb_port_binding, "name",
- sbrec_port_binding_by_name);
- engine_ovsdb_node_add_index(&en_sb_port_binding, "key",
- sbrec_port_binding_by_key);
- engine_ovsdb_node_add_index(&en_sb_port_binding, "datapath",
- sbrec_port_binding_by_datapath);
- engine_ovsdb_node_add_index(&en_sb_datapath_binding, "key",
- sbrec_datapath_binding_by_key);
-
- /* Add dependencies between inc-proc-engine nodes. */
-
- engine_add_input(&en_addr_sets, &en_sb_address_set,
- addr_sets_sb_address_set_handler);
- engine_add_input(&en_port_groups, &en_sb_port_group,
- port_groups_sb_port_group_handler);
-
- engine_add_input(&en_flow_output, &en_addr_sets,
- flow_output_addr_sets_handler);
- engine_add_input(&en_flow_output, &en_port_groups,
- flow_output_port_groups_handler);
- engine_add_input(&en_flow_output, &en_runtime_data, NULL);
- engine_add_input(&en_flow_output, &en_mff_ovn_geneve, NULL);
-
- engine_add_input(&en_flow_output, &en_ovs_open_vswitch, NULL);
- engine_add_input(&en_flow_output, &en_ovs_bridge, NULL);
-
- engine_add_input(&en_flow_output, &en_sb_chassis, NULL);
- engine_add_input(&en_flow_output, &en_sb_encap, NULL);
- engine_add_input(&en_flow_output, &en_sb_multicast_group,
- flow_output_sb_multicast_group_handler);
- engine_add_input(&en_flow_output, &en_sb_port_binding,
- flow_output_sb_port_binding_handler);
- engine_add_input(&en_flow_output, &en_sb_mac_binding,
- flow_output_sb_mac_binding_handler);
- engine_add_input(&en_flow_output, &en_sb_logical_flow,
- flow_output_sb_logical_flow_handler);
- engine_add_input(&en_flow_output, &en_sb_dhcp_options, NULL);
- engine_add_input(&en_flow_output, &en_sb_dhcpv6_options, NULL);
- engine_add_input(&en_flow_output, &en_sb_dns, NULL);
-
- engine_add_input(&en_runtime_data, &en_ofctrl_is_connected, NULL);
-
- engine_add_input(&en_runtime_data, &en_ovs_open_vswitch, NULL);
- engine_add_input(&en_runtime_data, &en_ovs_bridge, NULL);
- engine_add_input(&en_runtime_data, &en_ovs_port, NULL);
- engine_add_input(&en_runtime_data, &en_ovs_qos, NULL);
-
- engine_add_input(&en_runtime_data, &en_sb_chassis, NULL);
- engine_add_input(&en_runtime_data, &en_sb_datapath_binding, NULL);
- engine_add_input(&en_runtime_data, &en_sb_port_binding,
- runtime_data_sb_port_binding_handler);
-
- engine_init(&en_flow_output);
-
- ofctrl_init(&ed_flow_output.group_table,
- &ed_flow_output.meter_table,
- get_ofctrl_probe_interval(ovs_idl_loop.idl));
-
- unixctl_command_register("group-table-list", "", 0, 0,
- group_table_list, &ed_flow_output.group_table);
-
- unixctl_command_register("meter-table-list", "", 0, 0,
- meter_table_list, &ed_flow_output.meter_table);
-
- unixctl_command_register("ct-zone-list", "", 0, 0,
- ct_zone_list, &ed_runtime_data.ct_zones);
-
- struct pending_pkt pending_pkt = { .conn = NULL };
- unixctl_command_register("inject-pkt", "MICROFLOW", 1, 1, inject_pkt,
- &pending_pkt);
-
- uint64_t engine_run_id = 0;
- uint64_t old_engine_run_id = 0;
-
- unsigned int ovs_cond_seqno = UINT_MAX;
- unsigned int ovnsb_cond_seqno = UINT_MAX;
-
- /* Main loop. */
- exiting = false;
- restart = false;
- while (!exiting) {
- update_sb_db(ovs_idl_loop.idl, ovnsb_idl_loop.idl);
- update_ssl_config(ovsrec_ssl_table_get(ovs_idl_loop.idl));
- ofctrl_set_probe_interval(get_ofctrl_probe_interval(ovs_idl_loop.idl));
- old_engine_run_id = engine_run_id;
-
- struct ovsdb_idl_txn *ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop);
- unsigned int new_ovs_cond_seqno
- = ovsdb_idl_get_condition_seqno(ovs_idl_loop.idl);
- if (new_ovs_cond_seqno != ovs_cond_seqno) {
- if (!new_ovs_cond_seqno) {
- VLOG_INFO("OVS IDL reconnected, force recompute.");
- engine_set_force_recompute(true);
- }
- ovs_cond_seqno = new_ovs_cond_seqno;
- }
-
- struct ovsdb_idl_txn *ovnsb_idl_txn
- = ovsdb_idl_loop_run(&ovnsb_idl_loop);
- unsigned int new_ovnsb_cond_seqno
- = ovsdb_idl_get_condition_seqno(ovnsb_idl_loop.idl);
- if (new_ovnsb_cond_seqno != ovnsb_cond_seqno) {
- if (!new_ovnsb_cond_seqno) {
- VLOG_INFO("OVNSB IDL reconnected, force recompute.");
- engine_set_force_recompute(true);
- }
- ovnsb_cond_seqno = new_ovnsb_cond_seqno;
- }
-
- struct engine_context eng_ctx = {
- .ovs_idl_txn = ovs_idl_txn,
- .ovnsb_idl_txn = ovnsb_idl_txn
- };
-
- engine_set_context(&eng_ctx);
-
- if (ovsdb_idl_has_ever_connected(ovnsb_idl_loop.idl)) {
- /* Contains the transport zones that this Chassis belongs to */
- struct sset transport_zones = SSET_INITIALIZER(&transport_zones);
- sset_from_delimited_string(&transport_zones,
- get_transport_zones(ovsrec_open_vswitch_table_get(
- ovs_idl_loop.idl)), ",");
-
- const struct ovsrec_bridge_table *bridge_table =
- ovsrec_bridge_table_get(ovs_idl_loop.idl);
- const struct ovsrec_open_vswitch_table *ovs_table =
- ovsrec_open_vswitch_table_get(ovs_idl_loop.idl);
- const struct sbrec_chassis_table *chassis_table =
- sbrec_chassis_table_get(ovnsb_idl_loop.idl);
- const struct ovsrec_bridge *br_int =
- process_br_int(ovs_idl_txn, bridge_table, ovs_table);
- const char *chassis_id = get_ovs_chassis_id(ovs_table);
- const struct sbrec_chassis *chassis = NULL;
- if (chassis_id) {
- chassis = chassis_run(ovnsb_idl_txn, sbrec_chassis_by_name,
- ovs_table, chassis_table, chassis_id,
- br_int, &transport_zones);
- }
-
- if (br_int) {
- ofctrl_run(br_int, &ed_runtime_data.pending_ct_zones);
-
- if (chassis) {
- patch_run(ovs_idl_txn,
- ovsrec_bridge_table_get(ovs_idl_loop.idl),
- ovsrec_open_vswitch_table_get(ovs_idl_loop.idl),
- ovsrec_port_table_get(ovs_idl_loop.idl),
- sbrec_port_binding_table_get(ovnsb_idl_loop.idl),
- br_int, chassis);
- encaps_run(ovs_idl_txn,
- bridge_table, br_int,
- sbrec_chassis_table_get(ovnsb_idl_loop.idl),
- chassis_id,
- sbrec_sb_global_first(ovnsb_idl_loop.idl),
- &transport_zones);
-
- stopwatch_start(CONTROLLER_LOOP_STOPWATCH_NAME,
- time_msec());
- if (ovnsb_idl_txn) {
- engine_run(&en_flow_output, ++engine_run_id);
- }
- stopwatch_stop(CONTROLLER_LOOP_STOPWATCH_NAME,
- time_msec());
- if (ovs_idl_txn) {
- commit_ct_zones(br_int,
- &ed_runtime_data.pending_ct_zones);
- bfd_run(ovsrec_interface_table_get(ovs_idl_loop.idl),
- br_int, chassis,
- sbrec_ha_chassis_group_table_get(
- ovnsb_idl_loop.idl),
- sbrec_sb_global_table_get(ovnsb_idl_loop.idl));
- }
- ofctrl_put(&ed_flow_output.flow_table,
- &ed_runtime_data.pending_ct_zones,
- sbrec_meter_table_get(ovnsb_idl_loop.idl),
- get_nb_cfg(sbrec_sb_global_table_get(
- ovnsb_idl_loop.idl)),
- en_flow_output.changed);
- pinctrl_run(ovnsb_idl_txn,
- sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_key,
- sbrec_port_binding_by_name,
- sbrec_mac_binding_by_lport_ip,
- sbrec_igmp_group,
- sbrec_ip_multicast,
- sbrec_dns_table_get(ovnsb_idl_loop.idl),
- sbrec_controller_event_table_get(
- ovnsb_idl_loop.idl),
- br_int, chassis,
- &ed_runtime_data.local_datapaths,
- &ed_runtime_data.active_tunnels);
-
- if (en_runtime_data.changed) {
- update_sb_monitors(ovnsb_idl_loop.idl, chassis,
- &ed_runtime_data.local_lports,
- &ed_runtime_data.local_datapaths);
- }
- }
-
- }
- if (old_engine_run_id == engine_run_id) {
- if (engine_need_run(&en_flow_output)) {
- VLOG_DBG("engine did not run, force recompute next time: "
- "br_int %p, chassis %p", br_int, chassis);
- engine_set_force_recompute(true);
- poll_immediate_wake();
- } else {
- VLOG_DBG("engine did not run, and it was not needed"
- " either: br_int %p, chassis %p",
- br_int, chassis);
- }
- } else {
- engine_set_force_recompute(false);
- }
-
- if (ovnsb_idl_txn && chassis) {
- int64_t cur_cfg = ofctrl_get_cur_cfg();
- if (cur_cfg && cur_cfg != chassis->nb_cfg) {
- sbrec_chassis_set_nb_cfg(chassis, cur_cfg);
- }
- }
-
-
- if (pending_pkt.conn) {
- if (br_int && chassis) {
- char *error = ofctrl_inject_pkt(br_int, pending_pkt.flow_s,
- &ed_addr_sets.addr_sets, &ed_port_groups.port_groups);
- if (error) {
- unixctl_command_reply_error(pending_pkt.conn, error);
- free(error);
- } else {
- VLOG_DBG("Pending_pkt conn but br_int %p or chassis "
- "%p not ready. run-id: %"PRIu64, br_int,
- chassis, engine_run_id);
- unixctl_command_reply_error(pending_pkt.conn,
- "ovn-controller not ready.");
- }
- }
- pending_pkt.conn = NULL;
- free(pending_pkt.flow_s);
- }
-
- sset_destroy(&transport_zones);
-
- if (br_int) {
- ofctrl_wait();
- pinctrl_wait(ovnsb_idl_txn);
- }
- }
-
- unixctl_server_run(unixctl);
-
- unixctl_server_wait(unixctl);
- if (exiting || pending_pkt.conn) {
- poll_immediate_wake();
- }
-
- if (!ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop)) {
- VLOG_INFO("OVNSB commit failed, force recompute next time.");
- engine_set_force_recompute(true);
- }
-
- if (ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop) == 1) {
- struct shash_node *iter, *iter_next;
- SHASH_FOR_EACH_SAFE (iter, iter_next,
- &ed_runtime_data.pending_ct_zones) {
- struct ct_zone_pending_entry *ctzpe = iter->data;
- if (ctzpe->state == CT_ZONE_DB_SENT) {
- shash_delete(&ed_runtime_data.pending_ct_zones, iter);
- free(ctzpe);
- }
- }
- }
-
- ovsdb_idl_track_clear(ovnsb_idl_loop.idl);
- ovsdb_idl_track_clear(ovs_idl_loop.idl);
- poll_block();
- if (should_service_stop()) {
- exiting = true;
- }
- }
-
- engine_set_context(NULL);
- engine_cleanup(&en_flow_output);
-
- /* It's time to exit. Clean up the databases if we are not restarting */
- if (!restart) {
- bool done = !ovsdb_idl_has_ever_connected(ovnsb_idl_loop.idl);
- while (!done) {
- update_sb_db(ovs_idl_loop.idl, ovnsb_idl_loop.idl);
- update_ssl_config(ovsrec_ssl_table_get(ovs_idl_loop.idl));
-
- struct ovsdb_idl_txn *ovs_idl_txn
- = ovsdb_idl_loop_run(&ovs_idl_loop);
- struct ovsdb_idl_txn *ovnsb_idl_txn
- = ovsdb_idl_loop_run(&ovnsb_idl_loop);
-
- const struct ovsrec_bridge_table *bridge_table
- = ovsrec_bridge_table_get(ovs_idl_loop.idl);
- const struct ovsrec_open_vswitch_table *ovs_table
- = ovsrec_open_vswitch_table_get(ovs_idl_loop.idl);
-
- const struct sbrec_port_binding_table *port_binding_table
- = sbrec_port_binding_table_get(ovnsb_idl_loop.idl);
-
- const struct ovsrec_bridge *br_int = get_br_int(bridge_table,
- ovs_table);
- const char *chassis_id = chassis_get_id();
- const struct sbrec_chassis *chassis
- = (chassis_id
- ? chassis_lookup_by_name(sbrec_chassis_by_name, chassis_id)
- : NULL);
-
- /* Run all of the cleanup functions, even if one of them returns
- * false. We're done if all of them return true. */
- done = binding_cleanup(ovnsb_idl_txn, port_binding_table, chassis);
- done = chassis_cleanup(ovnsb_idl_txn, chassis) && done;
- done = encaps_cleanup(ovs_idl_txn, br_int) && done;
- done = igmp_group_cleanup(ovnsb_idl_txn, sbrec_igmp_group) && done;
- if (done) {
- poll_immediate_wake();
- }
-
- ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
- ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
- poll_block();
- }
- }
-
- unixctl_server_destroy(unixctl);
- lflow_destroy();
- ofctrl_destroy();
- pinctrl_destroy();
-
- ovsdb_idl_loop_destroy(&ovs_idl_loop);
- ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
-
- free(ovs_remote);
- service_stop();
-
- exit(retval);
-}
-
-static char *
-parse_options(int argc, char *argv[])
-{
- enum {
- OPT_PEER_CA_CERT = UCHAR_MAX + 1,
- OPT_BOOTSTRAP_CA_CERT,
- VLOG_OPTION_ENUMS,
- DAEMON_OPTION_ENUMS,
- SSL_OPTION_ENUMS,
- };
-
- static struct option long_options[] = {
- {"help", no_argument, NULL, 'h'},
- {"version", no_argument, NULL, 'V'},
- VLOG_LONG_OPTIONS,
- DAEMON_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS,
- {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
- {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
- {NULL, 0, NULL, 0}
- };
- char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
-
- for (;;) {
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, NULL);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case 'h':
- usage();
-
- case 'V':
- ovs_print_version(OFP13_VERSION, OFP13_VERSION);
- exit(EXIT_SUCCESS);
-
- VLOG_OPTION_HANDLERS
- DAEMON_OPTION_HANDLERS
- STREAM_SSL_OPTION_HANDLERS
-
- case OPT_PEER_CA_CERT:
- stream_ssl_set_peer_ca_cert_file(optarg);
- break;
-
- case OPT_BOOTSTRAP_CA_CERT:
- stream_ssl_set_ca_cert_file(optarg, true);
- break;
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-
- argc -= optind;
- argv += optind;
-
- char *ovs_remote;
- if (argc == 0) {
- ovs_remote = xasprintf("unix:%s/db.sock", ovs_rundir());
- } else if (argc == 1) {
- ovs_remote = xstrdup(argv[0]);
- } else {
- VLOG_FATAL("exactly zero or one non-option argument required; "
- "use --help for usage");
- }
- return ovs_remote;
-}
-
-static void
-usage(void)
-{
- printf("%s: OVN controller\n"
- "usage %s [OPTIONS] [OVS-DATABASE]\n"
- "where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
- program_name, program_name);
- stream_usage("OVS-DATABASE", true, false, true);
- daemon_usage();
- vlog_usage();
- printf("\nOther options:\n"
- " -h, --help display this help message\n"
- " -V, --version display version information\n");
- exit(EXIT_SUCCESS);
-}
-
-static void
-ovn_controller_exit(struct unixctl_conn *conn, int argc,
- const char *argv[], void *exit_args_)
-{
- struct ovn_controller_exit_args *exit_args = exit_args_;
- *exit_args->exiting = true;
- *exit_args->restart = argc == 2 && !strcmp(argv[1], "--restart");
- unixctl_command_reply(conn, NULL);
-}
-
-static void
-ct_zone_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *ct_zones_)
-{
- struct simap *ct_zones = ct_zones_;
- struct ds ds = DS_EMPTY_INITIALIZER;
- struct simap_node *zone;
-
- SIMAP_FOR_EACH(zone, ct_zones) {
- ds_put_format(&ds, "%s %d\n", zone->name, zone->data);
- }
-
- unixctl_command_reply(conn, ds_cstr(&ds));
- ds_destroy(&ds);
-}
-
-static void
-meter_table_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *meter_table_)
-{
- struct ovn_extend_table *meter_table = meter_table_;
- struct ds ds = DS_EMPTY_INITIALIZER;
- struct simap meters = SIMAP_INITIALIZER(&meters);
-
- struct ovn_extend_table_info *m_installed, *next_meter;
- EXTEND_TABLE_FOR_EACH_INSTALLED (m_installed, next_meter, meter_table) {
- simap_put(&meters, m_installed->name, m_installed->table_id);
- }
-
- const struct simap_node **nodes = simap_sort(&meters);
- size_t n_nodes = simap_count(&meters);
- for (size_t i = 0; i < n_nodes; i++) {
- const struct simap_node *node = nodes[i];
- ds_put_format(&ds, "%s: %d\n", node->name, node->data);
- }
-
- free(nodes);
- simap_destroy(&meters);
-
- unixctl_command_reply(conn, ds_cstr(&ds));
- ds_destroy(&ds);
-}
-
-static void
-group_table_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *group_table_)
-{
- struct ovn_extend_table *group_table = group_table_;
- struct ds ds = DS_EMPTY_INITIALIZER;
- struct simap groups = SIMAP_INITIALIZER(&groups);
-
- struct ovn_extend_table_info *m_installed, *next_group;
- EXTEND_TABLE_FOR_EACH_INSTALLED (m_installed, next_group, group_table) {
- simap_put(&groups, m_installed->name, m_installed->table_id);
- }
-
- const struct simap_node **nodes = simap_sort(&groups);
- size_t n_nodes = simap_count(&groups);
- for (size_t i = 0; i < n_nodes; i++) {
- const struct simap_node *node = nodes[i];
- ds_put_format(&ds, "%s: %d\n", node->name, node->data);
- }
-
- free(nodes);
- simap_destroy(&groups);
-
- unixctl_command_reply(conn, ds_cstr(&ds));
- ds_destroy(&ds);
-}
-
-static void
-inject_pkt(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[], void *pending_pkt_)
-{
- struct pending_pkt *pending_pkt = pending_pkt_;
-
- if (pending_pkt->conn) {
- unixctl_command_reply_error(conn, "already pending packet injection");
- return;
- }
- pending_pkt->conn = conn;
- pending_pkt->flow_s = xstrdup(argv[1]);
-}
-
-static void
-ovn_controller_conn_show(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *idl_)
-{
- const char *result = "not connected";
- const struct ovsdb_idl *idl = idl_;
-
- if (ovsdb_idl_is_connected(idl)) {
- result = "connected";
- }
- unixctl_command_reply(conn, result);
-}
diff --git a/ovn/controller/ovn-controller.h b/ovn/controller/ovn-controller.h
deleted file mode 100644
index 078c9eabef6..00000000000
--- a/ovn/controller/ovn-controller.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#ifndef OVN_CONTROLLER_H
-#define OVN_CONTROLLER_H 1
-
-#include "simap.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-struct ovsrec_bridge_table;
-
-/* Linux supports a maximum of 64K zones, which seems like a fine default. */
-#define MAX_CT_ZONES 65535
-
-/* States to move through when a new conntrack zone has been allocated. */
-enum ct_zone_pending_state {
- CT_ZONE_OF_QUEUED, /* Waiting to send conntrack flush command. */
- CT_ZONE_OF_SENT, /* Sent and waiting for confirmation on flush. */
- CT_ZONE_DB_QUEUED, /* Waiting for DB transaction to open. */
- CT_ZONE_DB_SENT, /* Sent and waiting for confirmation from DB. */
-};
-
-struct ct_zone_pending_entry {
- int zone;
- bool add; /* Is the entry being added? */
- ovs_be32 of_xid; /* Transaction id for barrier. */
- enum ct_zone_pending_state state;
-};
-
-/* A logical datapath that has some relevance to this hypervisor. A logical
- * datapath D is relevant to hypervisor H if:
- *
- * - Some VIF or l2gateway or l3gateway port in D is located on H.
- *
- * - D is reachable over a series of hops across patch ports, starting from
- * a datapath relevant to H.
- *
- * The 'hmap_node''s hash value is 'datapath->tunnel_key'. */
-struct local_datapath {
- struct hmap_node hmap_node;
- const struct sbrec_datapath_binding *datapath;
-
- /* The localnet port in this datapath, if any (at most one is allowed). */
- const struct sbrec_port_binding *localnet_port;
-
- /* True if this datapath contains an l3gateway port located on this
- * hypervisor. */
- bool has_local_l3gateway;
-
- const struct sbrec_port_binding **peer_ports;
- size_t n_peer_ports;
-};
-
-struct local_datapath *get_local_datapath(const struct hmap *,
- uint32_t tunnel_key);
-
-const struct ovsrec_bridge *get_bridge(const struct ovsrec_bridge_table *,
- const char *br_name);
-
-struct sbrec_encap *preferred_encap(const struct sbrec_chassis *);
-
-/* Must be a bit-field ordered from most-preferred (higher number) to
- * least-preferred (lower number). */
-enum chassis_tunnel_type {
- GENEVE = 1 << 2,
- STT = 1 << 1,
- VXLAN = 1 << 0
-};
-
-uint32_t get_tunnel_type(const char *name);
-
-#endif /* ovn/ovn-controller.h */
diff --git a/ovn/controller/patch.c b/ovn/controller/patch.c
deleted file mode 100644
index a6770c6d5bd..00000000000
--- a/ovn/controller/patch.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "patch.h"
-
-#include "hash.h"
-#include "lflow.h"
-#include "lib/vswitch-idl.h"
-#include "lport.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/vlog.h"
-#include "ovn-controller.h"
-
-VLOG_DEFINE_THIS_MODULE(patch);
-
-static char *
-patch_port_name(const char *src, const char *dst)
-{
- return xasprintf("patch-%s-to-%s", src, dst);
-}
-
-/* Return true if 'port' is a patch port with the specified 'peer'. */
-static bool
-match_patch_port(const struct ovsrec_port *port, const char *peer)
-{
- for (size_t i = 0; i < port->n_interfaces; i++) {
- struct ovsrec_interface *iface = port->interfaces[i];
- if (strcmp(iface->type, "patch")) {
- continue;
- }
- const char *iface_peer = smap_get(&iface->options, "peer");
- if (iface_peer && !strcmp(iface_peer, peer)) {
- return true;
- }
- }
- return false;
-}
-
-/* Creates a patch port in bridge 'src' named 'src_name', whose peer is
- * 'dst_name' in bridge 'dst'. Initializes the patch port's external-ids:'key'
- * to 'key'.
- *
- * If such a patch port already exists, removes it from 'existing_ports'. */
-static void
-create_patch_port(struct ovsdb_idl_txn *ovs_idl_txn,
- const char *key, const char *value,
- const struct ovsrec_bridge *src, const char *src_name,
- const struct ovsrec_bridge *dst, const char *dst_name,
- struct shash *existing_ports)
-{
- for (size_t i = 0; i < src->n_ports; i++) {
- if (match_patch_port(src->ports[i], dst_name)) {
- /* Patch port already exists on 'src'. */
- shash_find_and_delete(existing_ports, src->ports[i]->name);
- return;
- }
- }
-
- ovsdb_idl_txn_add_comment(ovs_idl_txn,
- "ovn-controller: creating patch port '%s' from '%s' to '%s'",
- src_name, src->name, dst->name);
-
- struct ovsrec_interface *iface;
- iface = ovsrec_interface_insert(ovs_idl_txn);
- ovsrec_interface_set_name(iface, src_name);
- ovsrec_interface_set_type(iface, "patch");
- const struct smap options = SMAP_CONST1(&options, "peer", dst_name);
- ovsrec_interface_set_options(iface, &options);
-
- struct ovsrec_port *port;
- port = ovsrec_port_insert(ovs_idl_txn);
- ovsrec_port_set_name(port, src_name);
- ovsrec_port_set_interfaces(port, &iface, 1);
- const struct smap ids = SMAP_CONST1(&ids, key, value);
- ovsrec_port_set_external_ids(port, &ids);
-
- struct ovsrec_port **ports;
- ports = xmalloc(sizeof *ports * (src->n_ports + 1));
- memcpy(ports, src->ports, sizeof *ports * src->n_ports);
- ports[src->n_ports] = port;
- ovsrec_bridge_verify_ports(src);
- ovsrec_bridge_set_ports(src, ports, src->n_ports + 1);
-
- free(ports);
-}
-
-static void
-remove_port(const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_port *port)
-{
- const struct ovsrec_bridge *bridge;
-
- /* We know the port we want to delete, but we have to find the bridge its
- * on to do so. Note this only runs on a config change that should be
- * pretty rare. */
- OVSREC_BRIDGE_TABLE_FOR_EACH (bridge, bridge_table) {
- size_t i;
- for (i = 0; i < bridge->n_ports; i++) {
- if (bridge->ports[i] != port) {
- continue;
- }
- struct ovsrec_port **new_ports;
- new_ports = xmemdup(bridge->ports,
- sizeof *new_ports * (bridge->n_ports - 1));
- if (i != bridge->n_ports - 1) {
- /* Removed port was not last */
- new_ports[i] = bridge->ports[bridge->n_ports - 1];
- }
- ovsrec_bridge_verify_ports(bridge);
- ovsrec_bridge_set_ports(bridge, new_ports, bridge->n_ports - 1);
- free(new_ports);
- ovsrec_port_delete(port);
- return;
- }
- }
-}
-
-/* Obtains external-ids:ovn-bridge-mappings from OVSDB and adds patch ports for
- * the local bridge mappings. Removes any patch ports for bridge mappings that
- * already existed from 'existing_ports'. */
-static void
-add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_open_vswitch_table *ovs_table,
- const struct sbrec_port_binding_table *port_binding_table,
- const struct ovsrec_bridge *br_int,
- struct shash *existing_ports,
- const struct sbrec_chassis *chassis)
-{
- /* Get ovn-bridge-mappings. */
- const char *mappings_cfg = "";
- const struct ovsrec_open_vswitch *cfg;
- cfg = ovsrec_open_vswitch_table_first(ovs_table);
- if (cfg) {
- mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
- if (!mappings_cfg || !mappings_cfg[0]) {
- return;
- }
- }
-
- /* Parse bridge mappings. */
- struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings);
- char *cur, *next, *start;
- next = start = xstrdup(mappings_cfg);
- while ((cur = strsep(&next, ",")) && *cur) {
- char *network, *bridge = cur;
- const struct ovsrec_bridge *ovs_bridge;
-
- network = strsep(&bridge, ":");
- if (!bridge || !*network || !*bridge) {
- VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
- mappings_cfg);
- break;
- }
-
- ovs_bridge = get_bridge(bridge_table, bridge);
- if (!ovs_bridge) {
- VLOG_WARN("Bridge '%s' not found for network '%s'",
- bridge, network);
- continue;
- }
-
- shash_add(&bridge_mappings, network, ovs_bridge);
- }
- free(start);
-
- const struct sbrec_port_binding *binding;
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) {
- const char *patch_port_id;
- if (!strcmp(binding->type, "localnet")) {
- patch_port_id = "ovn-localnet-port";
- } else if (!strcmp(binding->type, "l2gateway")) {
- if (!binding->chassis
- || strcmp(chassis->name, binding->chassis->name)) {
- /* This L2 gateway port is not bound to this chassis,
- * so we should not create any patch ports for it. */
- continue;
- }
- patch_port_id = "ovn-l2gateway-port";
- } else {
- /* not a localnet or L2 gateway port. */
- continue;
- }
-
- const char *network = smap_get(&binding->options, "network_name");
- if (!network) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "%s port '%s' has no network name.",
- binding->type, binding->logical_port);
- continue;
- }
- struct ovsrec_bridge *br_ln = shash_find_data(&bridge_mappings, network);
- if (!br_ln) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' "
- "with network name '%s'",
- binding->type, binding->logical_port, network);
- continue;
- }
-
- char *name1 = patch_port_name(br_int->name, binding->logical_port);
- char *name2 = patch_port_name(binding->logical_port, br_int->name);
- create_patch_port(ovs_idl_txn, patch_port_id, binding->logical_port,
- br_int, name1, br_ln, name2, existing_ports);
- create_patch_port(ovs_idl_txn, patch_port_id, binding->logical_port,
- br_ln, name2, br_int, name1, existing_ports);
- free(name1);
- free(name2);
- }
-
- shash_destroy(&bridge_mappings);
-}
-
-void
-patch_run(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *bridge_table,
- const struct ovsrec_open_vswitch_table *ovs_table,
- const struct ovsrec_port_table *port_table,
- const struct sbrec_port_binding_table *port_binding_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis)
-{
- if (!ovs_idl_txn) {
- return;
- }
-
- /* Figure out what patch ports already exist.
- *
- * ovn-controller does not create or use ports of type "ovn-l3gateway-port"
- * or "ovn-logical-patch-port", but older version did. We still recognize
- * them here, so that we delete them at the end of this function, to avoid
- * leaving useless ports on upgrade. */
- struct shash existing_ports = SHASH_INITIALIZER(&existing_ports);
- const struct ovsrec_port *port;
- OVSREC_PORT_TABLE_FOR_EACH (port, port_table) {
- if (smap_get(&port->external_ids, "ovn-localnet-port")
- || smap_get(&port->external_ids, "ovn-l2gateway-port")
- || smap_get(&port->external_ids, "ovn-l3gateway-port")
- || smap_get(&port->external_ids, "ovn-logical-patch-port")) {
- shash_add(&existing_ports, port->name, port);
- }
- }
-
- /* Create in the database any patch ports that should exist. Remove from
- * 'existing_ports' any patch ports that do exist in the database and
- * should be there. */
- add_bridge_mappings(ovs_idl_txn, bridge_table, ovs_table,
- port_binding_table, br_int, &existing_ports, chassis);
-
- /* Now 'existing_ports' only still contains patch ports that exist in the
- * database but shouldn't. Delete them from the database. */
- struct shash_node *port_node, *port_next_node;
- SHASH_FOR_EACH_SAFE (port_node, port_next_node, &existing_ports) {
- port = port_node->data;
- shash_delete(&existing_ports, port_node);
- remove_port(bridge_table, port);
- }
- shash_destroy(&existing_ports);
-}
diff --git a/ovn/controller/patch.h b/ovn/controller/patch.h
deleted file mode 100644
index dd052cfd875..00000000000
--- a/ovn/controller/patch.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_PATCH_H
-#define OVN_PATCH_H 1
-
-/* Patch Ports
- * ===========
- *
- * This module adds and removes patch ports between the integration bridge and
- * physical bridges, as directed by other-config:ovn-bridge-mappings. */
-
-struct hmap;
-struct ovsdb_idl_txn;
-struct ovsrec_bridge;
-struct ovsrec_bridge_table;
-struct ovsrec_open_vswitch_table;
-struct ovsrec_port_table;
-struct sbrec_port_binding_table;
-struct sbrec_chassis;
-
-void patch_run(struct ovsdb_idl_txn *ovs_idl_txn,
- const struct ovsrec_bridge_table *,
- const struct ovsrec_open_vswitch_table *,
- const struct ovsrec_port_table *,
- const struct sbrec_port_binding_table *,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *);
-
-#endif /* ovn/patch.h */
diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
deleted file mode 100644
index 316d3738c52..00000000000
--- a/ovn/controller/physical.c
+++ /dev/null
@@ -1,1459 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "binding.h"
-#include "byte-order.h"
-#include "encaps.h"
-#include "flow.h"
-#include "ha-chassis.h"
-#include "lflow.h"
-#include "lport.h"
-#include "chassis.h"
-#include "lib/bundle.h"
-#include "openvswitch/poll-loop.h"
-#include "lib/uuid.h"
-#include "ofctrl.h"
-#include "openvswitch/list.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/match.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofpbuf.h"
-#include "openvswitch/vlog.h"
-#include "openvswitch/ofp-parse.h"
-#include "ovn-controller.h"
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/ovn-util.h"
-#include "physical.h"
-#include "openvswitch/shash.h"
-#include "simap.h"
-#include "smap.h"
-#include "sset.h"
-#include "util.h"
-#include "vswitch-idl.h"
-
-VLOG_DEFINE_THIS_MODULE(physical);
-
-/* UUID to identify OF flows not associated with ovsdb rows. */
-static struct uuid *hc_uuid = NULL;
-
-void
-physical_register_ovs_idl(struct ovsdb_idl *ovs_idl)
-{
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
- ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_ports);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_port);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_interfaces);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_port_col_external_ids);
-
- ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_ofport);
- ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_external_ids);
-}
-
-static struct simap localvif_to_ofport =
- SIMAP_INITIALIZER(&localvif_to_ofport);
-static struct hmap tunnels = HMAP_INITIALIZER(&tunnels);
-
-/* Maps from a chassis to the OpenFlow port number of the tunnel that can be
- * used to reach that chassis. */
-struct chassis_tunnel {
- struct hmap_node hmap_node;
- char *chassis_id;
- ofp_port_t ofport;
- enum chassis_tunnel_type type;
-};
-
-/*
- * This function looks up the list of tunnel ports (provided by
- * ovn-chassis-id ports) and returns the tunnel for the given chassid-id and
- * encap-ip. The ovn-chassis-id is formed using the chassis-id and encap-ip.
- * The list is hashed using the chassis-id. If the encap-ip is not specified,
- * it means we'll just return a tunnel for that chassis-id, i.e. we just check
- * for chassis-id and if there is a match, we'll return the tunnel.
- * If encap-ip is also provided we use both chassis-id and encap-ip to do
- * a more specific lookup.
- */
-static struct chassis_tunnel *
-chassis_tunnel_find(const char *chassis_id, char *encap_ip)
-{
- /*
- * If the specific encap_ip is given, look for the chassisid_ip entry,
- * else return the 1st found entry for the chassis.
- */
- struct chassis_tunnel *tun = NULL;
- HMAP_FOR_EACH_WITH_HASH (tun, hmap_node, hash_string(chassis_id, 0),
- &tunnels) {
- if (encaps_tunnel_id_match(tun->chassis_id, chassis_id, encap_ip)) {
- return tun;
- }
- }
- return NULL;
-}
-
-static void
-put_load(uint64_t value, enum mf_field_id dst, int ofs, int n_bits,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_set_field *sf = ofpact_put_set_field(ofpacts,
- mf_from_id(dst), NULL,
- NULL);
- ovs_be64 n_value = htonll(value);
- bitwise_copy(&n_value, 8, 0, sf->value, sf->field->n_bytes, ofs, n_bits);
- bitwise_one(ofpact_set_field_mask(sf), sf->field->n_bytes, ofs, n_bits);
-}
-
-static void
-put_move(enum mf_field_id src, int src_ofs,
- enum mf_field_id dst, int dst_ofs,
- int n_bits,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_reg_move *move = ofpact_put_REG_MOVE(ofpacts);
- move->src.field = mf_from_id(src);
- move->src.ofs = src_ofs;
- move->src.n_bits = n_bits;
- move->dst.field = mf_from_id(dst);
- move->dst.ofs = dst_ofs;
- move->dst.n_bits = n_bits;
-}
-
-static void
-put_resubmit(uint8_t table_id, struct ofpbuf *ofpacts)
-{
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(ofpacts);
- resubmit->in_port = OFPP_IN_PORT;
- resubmit->table_id = table_id;
-}
-
-/*
- * For a port binding, get the corresponding ovn-chassis-id tunnel port
- * from the associated encap.
- */
-static struct chassis_tunnel *
-get_port_binding_tun(const struct sbrec_port_binding *binding)
-{
- struct sbrec_encap *encap = binding->encap;
- struct sbrec_chassis *chassis = binding->chassis;
- struct chassis_tunnel *tun = NULL;
-
- if (encap) {
- tun = chassis_tunnel_find(chassis->name, encap->ip);
- }
- if (!tun) {
- tun = chassis_tunnel_find(chassis->name, NULL);
- }
- return tun;
-}
-
-static void
-put_encapsulation(enum mf_field_id mff_ovn_geneve,
- const struct chassis_tunnel *tun,
- const struct sbrec_datapath_binding *datapath,
- uint16_t outport, struct ofpbuf *ofpacts)
-{
- if (tun->type == GENEVE) {
- put_load(datapath->tunnel_key, MFF_TUN_ID, 0, 24, ofpacts);
- put_load(outport, mff_ovn_geneve, 0, 32, ofpacts);
- put_move(MFF_LOG_INPORT, 0, mff_ovn_geneve, 16, 15, ofpacts);
- } else if (tun->type == STT) {
- put_load(datapath->tunnel_key | ((uint64_t) outport << 24),
- MFF_TUN_ID, 0, 64, ofpacts);
- put_move(MFF_LOG_INPORT, 0, MFF_TUN_ID, 40, 15, ofpacts);
- } else if (tun->type == VXLAN) {
- put_load(datapath->tunnel_key, MFF_TUN_ID, 0, 24, ofpacts);
- } else {
- OVS_NOT_REACHED();
- }
-}
-
-static void
-put_stack(enum mf_field_id field, struct ofpact_stack *stack)
-{
- stack->subfield.field = mf_from_id(field);
- stack->subfield.ofs = 0;
- stack->subfield.n_bits = stack->subfield.field->n_bits;
-}
-
-static const struct sbrec_port_binding *
-get_localnet_port(const struct hmap *local_datapaths, int64_t tunnel_key)
-{
- const struct local_datapath *ld = get_local_datapath(local_datapaths,
- tunnel_key);
- return ld ? ld->localnet_port : NULL;
-}
-
-/* Datapath zone IDs for connection tracking and NAT */
-struct zone_ids {
- int ct; /* MFF_LOG_CT_ZONE. */
- int dnat; /* MFF_LOG_DNAT_ZONE. */
- int snat; /* MFF_LOG_SNAT_ZONE. */
-};
-
-static struct zone_ids
-get_zone_ids(const struct sbrec_port_binding *binding,
- const struct simap *ct_zones)
-{
- struct zone_ids zone_ids;
-
- zone_ids.ct = simap_get(ct_zones, binding->logical_port);
-
- const struct uuid *key = &binding->datapath->header_.uuid;
-
- char *dnat = alloc_nat_zone_key(key, "dnat");
- zone_ids.dnat = simap_get(ct_zones, dnat);
- free(dnat);
-
- char *snat = alloc_nat_zone_key(key, "snat");
- zone_ids.snat = simap_get(ct_zones, snat);
- free(snat);
-
- return zone_ids;
-}
-
-static void
-put_replace_router_port_mac_flows(const struct
- sbrec_port_binding *localnet_port,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- struct ofpbuf *ofpacts_p,
- ofp_port_t ofport,
- struct ovn_desired_flow_table *flow_table)
-{
- struct local_datapath *ld = get_local_datapath(local_datapaths,
- localnet_port->datapath->
- tunnel_key);
- ovs_assert(ld);
-
- uint32_t dp_key = localnet_port->datapath->tunnel_key;
- uint32_t port_key = localnet_port->tunnel_key;
- int tag = localnet_port->tag ? *localnet_port->tag : 0;
- const char *network = smap_get(&localnet_port->options, "network_name");
- struct eth_addr chassis_mac;
-
- if (!network) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Physical network not configured for datapath:"
- "%"PRId64" with localnet port",
- localnet_port->datapath->tunnel_key);
- return;
- }
-
- /* Get chassis mac */
- if (!chassis_get_mac(chassis, network, &chassis_mac)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- /* Keeping the log level low for backward compatibility.
- * Chassis mac is a new configuration.
- */
- VLOG_DBG_RL(&rl, "Could not get chassis mac for network: %s", network);
- return;
- }
-
- for (int i = 0; i < ld->n_peer_ports; i++) {
- const struct sbrec_port_binding *rport_binding = ld->peer_ports[i];
- struct eth_addr router_port_mac;
- struct match match;
- struct ofpact_mac *replace_mac;
-
- /* Table 65, priority 150.
- * =======================
- *
- * Implements output to localnet port.
- * a. Flow replaces ingress router port mac with a chassis mac.
- * b. Flow appends the vlan id localnet port is configured with.
- */
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
-
- ovs_assert(rport_binding->n_mac == 1);
- char *err_str = str_to_mac(rport_binding->mac[0], &router_port_mac);
- if (err_str) {
- /* Parsing of mac failed. */
- VLOG_WARN("Parsing or router port mac failed for router port: %s, "
- "with error: %s", rport_binding->logical_port, err_str);
- free(err_str);
- return;
- }
-
- /* Replace Router mac flow */
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
- match_set_dl_src(&match, router_port_mac);
-
- replace_mac = ofpact_put_SET_ETH_SRC(ofpacts_p);
- replace_mac->mac = chassis_mac;
-
- if (tag) {
- struct ofpact_vlan_vid *vlan_vid;
- vlan_vid = ofpact_put_SET_VLAN_VID(ofpacts_p);
- vlan_vid->vlan_vid = tag;
- vlan_vid->push_vlan_if_needed = true;
- }
-
- ofpact_put_OUTPUT(ofpacts_p)->port = ofport;
-
- ofctrl_add_flow(flow_table, OFTABLE_LOG_TO_PHY, 150, 0,
- &match, ofpacts_p, &localnet_port->header_.uuid);
- }
-}
-
-static void
-put_local_common_flows(uint32_t dp_key, uint32_t port_key,
- uint32_t parent_port_key,
- const struct zone_ids *zone_ids,
- struct ofpbuf *ofpacts_p,
- struct ovn_desired_flow_table *flow_table)
-{
- struct match match;
-
- /* Table 33, priority 100.
- * =======================
- *
- * Implements output to local hypervisor. Each flow matches a
- * logical output port on the local hypervisor, and resubmits to
- * table 34.
- */
-
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
-
- /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
-
- if (zone_ids) {
- if (zone_ids->ct) {
- put_load(zone_ids->ct, MFF_LOG_CT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids->dnat) {
- put_load(zone_ids->dnat, MFF_LOG_DNAT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids->snat) {
- put_load(zone_ids->snat, MFF_LOG_SNAT_ZONE, 0, 32, ofpacts_p);
- }
- }
-
- /* Resubmit to table 34. */
- put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p);
- ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
- &match, ofpacts_p, hc_uuid);
-
- /* Table 34, Priority 100.
- * =======================
- *
- * Drop packets whose logical inport and outport are the same
- * and the MLF_ALLOW_LOOPBACK flag is not set. */
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
- 0, MLF_ALLOW_LOOPBACK);
- match_set_reg(&match, MFF_LOG_INPORT - MFF_REG0, port_key);
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
- ofctrl_add_flow(flow_table, OFTABLE_CHECK_LOOPBACK, 100, 0,
- &match, ofpacts_p, hc_uuid);
-
- /* Table 64, Priority 100.
- * =======================
- *
- * If the packet is supposed to hair-pin because the
- * - "loopback" flag is set
- * - or if the destination is a nested container
- * - or if "nested_container" flag is set and the destination is the
- * parent port,
- * temporarily set the in_port to zero, resubmit to
- * table 65 for logical-to-physical translation, then restore
- * the port number.
- *
- * If 'parent_port_key' is set, then the 'port_key' represents a nested
- * container. */
-
- bool nested_container = parent_port_key ? true: false;
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
- if (!nested_container) {
- match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
- MLF_ALLOW_LOOPBACK, MLF_ALLOW_LOOPBACK);
- }
-
- put_stack(MFF_IN_PORT, ofpact_put_STACK_PUSH(ofpacts_p));
- put_load(0, MFF_IN_PORT, 0, 16, ofpacts_p);
- put_resubmit(OFTABLE_LOG_TO_PHY, ofpacts_p);
- put_stack(MFF_IN_PORT, ofpact_put_STACK_POP(ofpacts_p));
- ofctrl_add_flow(flow_table, OFTABLE_SAVE_INPORT, 100, 0,
- &match, ofpacts_p, hc_uuid);
-
- if (nested_container) {
- /* It's a nested container and when the packet from the nested
- * container is to be sent to the parent port, "nested_container"
- * flag will be set. We need to temporarily set the in_port to zero
- * as mentioned in the comment above.
- *
- * If a parent port has multiple child ports, then this if condition
- * will be hit multiple times, but we want to add only one flow.
- * ofctrl_add_flow() logs a warning message for duplicate flows.
- * So use the function 'ofctrl_check_and_add_flow' which doesn't
- * log a warning.
- *
- * Other option is to add this flow for all the ports which are not
- * nested containers. In which case we will add this flow for all the
- * ports even if they don't have any child ports which is
- * unnecessary.
- */
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, parent_port_key);
- match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
- MLF_NESTED_CONTAINER, MLF_NESTED_CONTAINER);
-
- put_stack(MFF_IN_PORT, ofpact_put_STACK_PUSH(ofpacts_p));
- put_load(0, MFF_IN_PORT, 0, 16, ofpacts_p);
- put_resubmit(OFTABLE_LOG_TO_PHY, ofpacts_p);
- put_stack(MFF_IN_PORT, ofpact_put_STACK_POP(ofpacts_p));
- ofctrl_check_and_add_flow(flow_table, OFTABLE_SAVE_INPORT, 100, 0,
- &match, ofpacts_p, hc_uuid, false);
- }
-}
-
-static void
-load_logical_ingress_metadata(const struct sbrec_port_binding *binding,
- const struct zone_ids *zone_ids,
- struct ofpbuf *ofpacts_p)
-{
- if (zone_ids) {
- if (zone_ids->ct) {
- put_load(zone_ids->ct, MFF_LOG_CT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids->dnat) {
- put_load(zone_ids->dnat, MFF_LOG_DNAT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids->snat) {
- put_load(zone_ids->snat, MFF_LOG_SNAT_ZONE, 0, 32, ofpacts_p);
- }
- }
-
- /* Set MFF_LOG_DATAPATH and MFF_LOG_INPORT. */
- uint32_t dp_key = binding->datapath->tunnel_key;
- uint32_t port_key = binding->tunnel_key;
- put_load(dp_key, MFF_LOG_DATAPATH, 0, 64, ofpacts_p);
- put_load(port_key, MFF_LOG_INPORT, 0, 32, ofpacts_p);
-}
-
-static void
-consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- enum mf_field_id mff_ovn_geneve,
- const struct simap *ct_zones,
- const struct sset *active_tunnels,
- const struct hmap *local_datapaths,
- const struct sbrec_port_binding *binding,
- const struct sbrec_chassis *chassis,
- struct ovn_desired_flow_table *flow_table,
- struct ofpbuf *ofpacts_p)
-{
- uint32_t dp_key = binding->datapath->tunnel_key;
- uint32_t port_key = binding->tunnel_key;
- if (!get_local_datapath(local_datapaths, dp_key)) {
- return;
- }
-
- struct match match;
- if (!strcmp(binding->type, "patch")
- || (!strcmp(binding->type, "l3gateway")
- && binding->chassis == chassis)) {
- const char *peer_name = smap_get(&binding->options, "peer");
- if (!peer_name) {
- return;
- }
-
- const struct sbrec_port_binding *peer = lport_lookup_by_name(
- sbrec_port_binding_by_name, peer_name);
- if (!peer || strcmp(peer->type, binding->type)) {
- return;
- }
- const char *peer_peer_name = smap_get(&peer->options, "peer");
- if (!peer_peer_name || strcmp(peer_peer_name, binding->logical_port)) {
- return;
- }
-
- struct zone_ids binding_zones = get_zone_ids(binding, ct_zones);
- put_local_common_flows(dp_key, port_key, 0, &binding_zones,
- ofpacts_p, flow_table);
-
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
-
- size_t clone_ofs = ofpacts_p->size;
- struct ofpact_nest *clone = ofpact_put_CLONE(ofpacts_p);
- ofpact_put_CT_CLEAR(ofpacts_p);
- put_load(0, MFF_LOG_DNAT_ZONE, 0, 32, ofpacts_p);
- put_load(0, MFF_LOG_SNAT_ZONE, 0, 32, ofpacts_p);
- put_load(0, MFF_LOG_CT_ZONE, 0, 32, ofpacts_p);
- struct zone_ids peer_zones = get_zone_ids(peer, ct_zones);
- load_logical_ingress_metadata(peer, &peer_zones, ofpacts_p);
- put_load(0, MFF_LOG_FLAGS, 0, 32, ofpacts_p);
- put_load(0, MFF_LOG_OUTPORT, 0, 32, ofpacts_p);
- for (int i = 0; i < MFF_N_LOG_REGS; i++) {
- put_load(0, MFF_LOG_REG0 + i, 0, 32, ofpacts_p);
- }
- put_load(0, MFF_IN_PORT, 0, 16, ofpacts_p);
- put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, ofpacts_p);
- clone = ofpbuf_at_assert(ofpacts_p, clone_ofs, sizeof *clone);
- ofpacts_p->header = clone;
- ofpact_finish_CLONE(ofpacts_p, &clone);
-
- ofctrl_add_flow(flow_table, OFTABLE_LOG_TO_PHY, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
- return;
- }
-
- struct ha_chassis_ordered *ha_ch_ordered
- = ha_chassis_get_ordered(binding->ha_chassis_group);
-
- if (!strcmp(binding->type, "chassisredirect")
- && (binding->chassis == chassis
- || ha_chassis_group_is_active(binding->ha_chassis_group,
- active_tunnels, chassis))) {
-
- /* Table 33, priority 100.
- * =======================
- *
- * Implements output to local hypervisor. Each flow matches a
- * logical output port on the local hypervisor, and resubmits to
- * table 34. For ports of type "chassisredirect", the logical
- * output port is changed from the "chassisredirect" port to the
- * underlying distributed port. */
-
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
-
- const char *distributed_port = smap_get_def(&binding->options,
- "distributed-port", "");
- const struct sbrec_port_binding *distributed_binding
- = lport_lookup_by_name(sbrec_port_binding_by_name,
- distributed_port);
-
- if (!distributed_binding) {
- /* Packet will be dropped. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "No port binding record for distributed "
- "port %s referred by chassisredirect port %s",
- distributed_port,
- binding->logical_port);
- } else if (binding->datapath !=
- distributed_binding->datapath) {
- /* Packet will be dropped. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl,
- "chassisredirect port %s refers to "
- "distributed port %s in wrong datapath",
- binding->logical_port,
- distributed_port);
- } else {
- put_load(distributed_binding->tunnel_key,
- MFF_LOG_OUTPORT, 0, 32, ofpacts_p);
-
- struct zone_ids zone_ids = get_zone_ids(distributed_binding,
- ct_zones);
- if (zone_ids.ct) {
- put_load(zone_ids.ct, MFF_LOG_CT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids.dnat) {
- put_load(zone_ids.dnat, MFF_LOG_DNAT_ZONE, 0, 32, ofpacts_p);
- }
- if (zone_ids.snat) {
- put_load(zone_ids.snat, MFF_LOG_SNAT_ZONE, 0, 32, ofpacts_p);
- }
-
- /* Resubmit to table 34. */
- put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p);
- }
-
- ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
-
- goto out;
- }
-
- /* Find the OpenFlow port for the logical port, as 'ofport'. This is
- * one of:
- *
- * - If the port is a VIF on the chassis we're managing, the
- * OpenFlow port for the VIF. 'tun' will be NULL.
- *
- * The same logic handles ports that OVN implements as Open vSwitch
- * patch ports, that is, "localnet" and "l2gateway" ports.
- *
- * For a container nested inside a VM and accessible via a VLAN,
- * 'tag' is the VLAN ID; otherwise 'tag' is 0.
- *
- * For a localnet or l2gateway patch port, if a VLAN ID was
- * configured, 'tag' is set to that VLAN ID; otherwise 'tag' is 0.
- *
- * - If the port is on a remote chassis, the OpenFlow port for a
- * tunnel to the VIF's remote chassis. 'tun' identifies that
- * tunnel.
- */
-
- int tag = 0;
- bool nested_container = false;
- const struct sbrec_port_binding *parent_port = NULL;
- ofp_port_t ofport;
- bool is_remote = false;
- if (binding->parent_port && *binding->parent_port) {
- if (!binding->tag) {
- goto out;
- }
- ofport = u16_to_ofp(simap_get(&localvif_to_ofport,
- binding->parent_port));
- if (ofport) {
- tag = *binding->tag;
- nested_container = true;
- parent_port = lport_lookup_by_name(
- sbrec_port_binding_by_name, binding->parent_port);
- }
- } else {
- ofport = u16_to_ofp(simap_get(&localvif_to_ofport,
- binding->logical_port));
- const char *requested_chassis = smap_get(&binding->options,
- "requested-chassis");
- if (ofport && requested_chassis && requested_chassis[0] &&
- strcmp(requested_chassis, chassis->name) &&
- strcmp(requested_chassis, chassis->hostname)) {
- /* Even though there is an ofport for this port_binding, it is
- * requested on a different chassis. So ignore this ofport.
- */
- ofport = 0;
- }
-
- if ((!strcmp(binding->type, "localnet")
- || !strcmp(binding->type, "l2gateway"))
- && ofport && binding->tag) {
- tag = *binding->tag;
- }
- }
-
- bool is_ha_remote = false;
- const struct chassis_tunnel *tun = NULL;
- const struct sbrec_port_binding *localnet_port =
- get_localnet_port(local_datapaths, dp_key);
- if (!ofport) {
- /* It is remote port, may be reached by tunnel or localnet port */
- is_remote = true;
- if (localnet_port) {
- ofport = u16_to_ofp(simap_get(&localvif_to_ofport,
- localnet_port->logical_port));
- if (!ofport) {
- goto out;
- }
- } else {
- if (!ha_ch_ordered || ha_ch_ordered->n_ha_ch < 2) {
- /* It's on a single remote chassis */
- if (!binding->chassis) {
- goto out;
- }
- tun = chassis_tunnel_find(binding->chassis->name, NULL);
- if (!tun) {
- goto out;
- }
- ofport = tun->ofport;
- } else {
- /* It's distributed across the chassis belonging to
- * an HA chassis group. */
- is_ha_remote = true;
- }
- }
- }
-
- if (!is_remote) {
- /* Packets that arrive from a vif can belong to a VM or
- * to a container located inside that VM. Packets that
- * arrive from containers have a tag (vlan) associated with them.
- */
-
- struct zone_ids zone_ids = get_zone_ids(binding, ct_zones);
- uint32_t parent_port_key = parent_port ? parent_port->tunnel_key : 0;
- /* Pass the parent port tunnel key if the port is a nested
- * container. */
- put_local_common_flows(dp_key, port_key, parent_port_key, &zone_ids,
- ofpacts_p, flow_table);
-
- /* Table 0, Priority 150 and 100.
- * ==============================
- *
- * Priority 150 is for tagged traffic. This may be containers in a
- * VM or a VLAN on a local network. For such traffic, match on the
- * tags and then strip the tag.
- *
- * Priority 100 is for traffic belonging to VMs or untagged locally
- * connected networks.
- *
- * For both types of traffic: set MFF_LOG_INPORT to the logical
- * input port, MFF_LOG_DATAPATH to the logical datapath, and
- * resubmit into the logical ingress pipeline starting at table
- * 16. */
- ofpbuf_clear(ofpacts_p);
- match_init_catchall(&match);
- match_set_in_port(&match, ofport);
-
- /* Match a VLAN tag and strip it, including stripping priority tags
- * (e.g. VLAN ID 0). In the latter case we'll add a second flow
- * for frames that lack any 802.1Q header later. */
- if (tag || !strcmp(binding->type, "localnet")
- || !strcmp(binding->type, "l2gateway")) {
- match_set_dl_vlan(&match, htons(tag), 0);
- if (nested_container) {
- /* When a packet comes from a container sitting behind a
- * parent_port, we should let it loopback to other containers
- * or the parent_port itself. Indicate this by setting the
- * MLF_NESTED_CONTAINER_BIT in MFF_LOG_FLAGS.*/
- put_load(1, MFF_LOG_FLAGS, MLF_NESTED_CONTAINER_BIT, 1,
- ofpacts_p);
- }
- ofpact_put_STRIP_VLAN(ofpacts_p);
- }
-
- /* Remember the size with just strip vlan added so far,
- * as we're going to remove this with ofpbuf_pull() later. */
- uint32_t ofpacts_orig_size = ofpacts_p->size;
-
- load_logical_ingress_metadata(binding, &zone_ids, ofpacts_p);
-
- /* Resubmit to first logical ingress pipeline table. */
- put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, ofpacts_p);
- ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG,
- tag ? 150 : 100, 0, &match, ofpacts_p,
- &binding->header_.uuid);
-
- if (!tag && (!strcmp(binding->type, "localnet")
- || !strcmp(binding->type, "l2gateway"))) {
-
- /* Add a second flow for frames that lack any 802.1Q
- * header. For these, drop the OFPACT_STRIP_VLAN
- * action. */
- ofpbuf_pull(ofpacts_p, ofpacts_orig_size);
- match_set_dl_tci_masked(&match, 0, htons(VLAN_CFI));
- ofctrl_add_flow(flow_table, 0, 100, 0, &match, ofpacts_p,
- &binding->header_.uuid);
- }
-
- /* Table 65, Priority 100.
- * =======================
- *
- * Deliver the packet to the local vif. */
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
- if (tag) {
- /* For containers sitting behind a local vif, tag the packets
- * before delivering them. */
- struct ofpact_vlan_vid *vlan_vid;
- vlan_vid = ofpact_put_SET_VLAN_VID(ofpacts_p);
- vlan_vid->vlan_vid = tag;
- vlan_vid->push_vlan_if_needed = true;
- }
- ofpact_put_OUTPUT(ofpacts_p)->port = ofport;
- if (tag) {
- /* Revert the tag added to the packets headed to containers
- * in the previous step. If we don't do this, the packets
- * that are to be broadcasted to a VM in the same logical
- * switch will also contain the tag. */
- ofpact_put_STRIP_VLAN(ofpacts_p);
- }
- ofctrl_add_flow(flow_table, OFTABLE_LOG_TO_PHY, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
-
- if (!strcmp(binding->type, "localnet")) {
- put_replace_router_port_mac_flows(binding, chassis,
- local_datapaths, ofpacts_p,
- ofport, flow_table);
- }
-
- } else if (!tun && !is_ha_remote) {
- /* Remote port connected by localnet port */
- /* Table 33, priority 100.
- * =======================
- *
- * Implements switching to localnet port. Each flow matches a
- * logical output port on remote hypervisor, switch the output port
- * to connected localnet port and resubmits to same table.
- */
-
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
-
- /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
-
- put_load(localnet_port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, ofpacts_p);
-
- /* Resubmit to table 33. */
- put_resubmit(OFTABLE_LOCAL_OUTPUT, ofpacts_p);
- ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
- } else {
- /* Remote port connected by tunnel */
-
- /* Table 32, priority 100.
- * =======================
- *
- * Handles traffic that needs to be sent to a remote hypervisor. Each
- * flow matches an output port that includes a logical port on a remote
- * hypervisor, and tunnels the packet to that hypervisor.
- */
- match_init_catchall(&match);
- ofpbuf_clear(ofpacts_p);
-
- /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
-
- if (!is_ha_remote) {
- /* Setup encapsulation */
- const struct chassis_tunnel *rem_tun =
- get_port_binding_tun(binding);
- if (!rem_tun) {
- goto out;
- }
- put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
- port_key, ofpacts_p);
- /* Output to tunnel. */
- ofpact_put_OUTPUT(ofpacts_p)->port = rem_tun->ofport;
- } else {
- /* Make sure all tunnel endpoints use the same encapsulation,
- * and set it up */
- for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
- const struct sbrec_chassis *ch =
- ha_ch_ordered->ha_ch[i].chassis;
- if (!ch) {
- continue;
- }
- if (!tun) {
- tun = chassis_tunnel_find(ch->name, NULL);
- } else {
- struct chassis_tunnel *chassis_tunnel =
- chassis_tunnel_find(ch->name, NULL);
- if (chassis_tunnel &&
- tun->type != chassis_tunnel->type) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "Port %s has Gateway_Chassis "
- "with mixed encapsulations, only "
- "uniform encapsulations are "
- "supported.",
- binding->logical_port);
- goto out;
- }
- }
- }
- if (!tun) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "No tunnel endpoint found for HA chassis in "
- "HA chassis group of port %s",
- binding->logical_port);
- goto out;
- }
-
- put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
- port_key, ofpacts_p);
-
- /* Output to tunnels with active/backup */
- struct ofpact_bundle *bundle = ofpact_put_BUNDLE(ofpacts_p);
-
- for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
- const struct sbrec_chassis *ch =
- ha_ch_ordered->ha_ch[i].chassis;
- if (!ch) {
- continue;
- }
- tun = chassis_tunnel_find(ch->name, NULL);
- if (!tun) {
- continue;
- }
- if (bundle->n_slaves >= BUNDLE_MAX_SLAVES) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Remote endpoints for port beyond "
- "BUNDLE_MAX_SLAVES");
- break;
- }
- ofpbuf_put(ofpacts_p, &tun->ofport,
- sizeof tun->ofport);
- bundle = ofpacts_p->header;
- bundle->n_slaves++;
- }
-
- bundle->algorithm = NX_BD_ALG_ACTIVE_BACKUP;
- /* Although ACTIVE_BACKUP bundle algorithm seems to ignore
- * the next two fields, those are always set */
- bundle->basis = 0;
- bundle->fields = NX_HASH_FIELDS_ETH_SRC;
- ofpact_finish_BUNDLE(ofpacts_p, &bundle);
- }
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
- }
-out:
- if (ha_ch_ordered) {
- ha_chassis_destroy_ordered(ha_ch_ordered);
- }
-}
-
-static void
-consider_mc_group(enum mf_field_id mff_ovn_geneve,
- const struct simap *ct_zones,
- const struct hmap *local_datapaths,
- const struct sbrec_chassis *chassis,
- const struct sbrec_multicast_group *mc,
- struct ovn_desired_flow_table *flow_table)
-{
- uint32_t dp_key = mc->datapath->tunnel_key;
- if (!get_local_datapath(local_datapaths, dp_key)) {
- return;
- }
-
- struct sset remote_chassis = SSET_INITIALIZER(&remote_chassis);
- struct match match;
-
- match_init_catchall(&match);
- match_set_metadata(&match, htonll(dp_key));
- match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, mc->tunnel_key);
-
- /* Go through all of the ports in the multicast group:
- *
- * - For remote ports, add the chassis to 'remote_chassis'.
- *
- * - For local ports (other than logical patch ports), add actions
- * to 'ofpacts' to set the output port and resubmit.
- *
- * - For logical patch ports, add actions to 'remote_ofpacts'
- * instead. (If we put them in 'ofpacts', then the output
- * would happen on every hypervisor in the multicast group,
- * effectively duplicating the packet.)
- */
- struct ofpbuf ofpacts;
- ofpbuf_init(&ofpacts, 0);
- struct ofpbuf remote_ofpacts;
- ofpbuf_init(&remote_ofpacts, 0);
- for (size_t i = 0; i < mc->n_ports; i++) {
- struct sbrec_port_binding *port = mc->ports[i];
-
- if (port->datapath != mc->datapath) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, UUID_FMT": multicast group contains ports "
- "in wrong datapath",
- UUID_ARGS(&mc->header_.uuid));
- continue;
- }
-
- int zone_id = simap_get(ct_zones, port->logical_port);
- if (zone_id) {
- put_load(zone_id, MFF_LOG_CT_ZONE, 0, 32, &ofpacts);
- }
-
- if (!strcmp(port->type, "patch")) {
- put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32,
- &remote_ofpacts);
- put_resubmit(OFTABLE_CHECK_LOOPBACK, &remote_ofpacts);
- } else if (simap_contains(&localvif_to_ofport,
- (port->parent_port && *port->parent_port)
- ? port->parent_port : port->logical_port)
- || (!strcmp(port->type, "l3gateway")
- && port->chassis == chassis)) {
- put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
- put_resubmit(OFTABLE_CHECK_LOOPBACK, &ofpacts);
- } else if (port->chassis && !get_localnet_port(local_datapaths,
- mc->datapath->tunnel_key)) {
- /* Add remote chassis only when localnet port not exist,
- * otherwise multicast will reach remote ports through localnet
- * port. */
- sset_add(&remote_chassis, port->chassis->name);
- }
- }
-
- /* Table 33, priority 100.
- * =======================
- *
- * Handle output to the local logical ports in the multicast group, if
- * any. */
- bool local_ports = ofpacts.size > 0;
- if (local_ports) {
- /* Following delivery to local logical ports, restore the multicast
- * group as the logical output port. */
- put_load(mc->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
-
- ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
- &match, &ofpacts, &mc->header_.uuid);
- }
-
- /* Table 32, priority 100.
- * =======================
- *
- * Handle output to the remote chassis in the multicast group, if
- * any. */
- if (!sset_is_empty(&remote_chassis) || remote_ofpacts.size > 0) {
- if (remote_ofpacts.size > 0) {
- /* Following delivery to logical patch ports, restore the
- * multicast group as the logical output port. */
- put_load(mc->tunnel_key, MFF_LOG_OUTPORT, 0, 32,
- &remote_ofpacts);
- }
-
- const char *chassis_name;
- const struct chassis_tunnel *prev = NULL;
- SSET_FOR_EACH (chassis_name, &remote_chassis) {
- const struct chassis_tunnel *tun
- = chassis_tunnel_find(chassis_name, NULL);
- if (!tun) {
- continue;
- }
-
- if (!prev || tun->type != prev->type) {
- put_encapsulation(mff_ovn_geneve, tun, mc->datapath,
- mc->tunnel_key, &remote_ofpacts);
- prev = tun;
- }
- ofpact_put_OUTPUT(&remote_ofpacts)->port = tun->ofport;
- }
-
- if (remote_ofpacts.size) {
- if (local_ports) {
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &remote_ofpacts);
- }
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0,
- &match, &remote_ofpacts, &mc->header_.uuid);
- }
- }
- ofpbuf_uninit(&ofpacts);
- ofpbuf_uninit(&remote_ofpacts);
- sset_destroy(&remote_chassis);
-}
-
-/* Replaces 'old' by 'new' (destroying 'new'). Returns true if 'old' and 'new'
- * contained different data, false if they were the same. */
-static bool
-update_ofports(struct simap *old, struct simap *new)
-{
- bool changed = !simap_equal(old, new);
- simap_swap(old, new);
- simap_destroy(new);
- return changed;
-}
-
-void physical_handle_port_binding_changes(
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_port_binding_table *pb_table,
- enum mf_field_id mff_ovn_geneve,
- const struct sbrec_chassis *chassis,
- const struct simap *ct_zones,
- struct hmap *local_datapaths,
- struct sset *active_tunnels,
- struct ovn_desired_flow_table *flow_table)
-{
- const struct sbrec_port_binding *binding;
- struct ofpbuf ofpacts;
- ofpbuf_init(&ofpacts, 0);
- SBREC_PORT_BINDING_TABLE_FOR_EACH_TRACKED (binding, pb_table) {
- if (sbrec_port_binding_is_deleted(binding)) {
- ofctrl_remove_flows(flow_table, &binding->header_.uuid);
- } else {
- if (!sbrec_port_binding_is_new(binding)) {
- ofctrl_remove_flows(flow_table, &binding->header_.uuid);
- }
- consider_port_binding(sbrec_port_binding_by_name,
- mff_ovn_geneve, ct_zones,
- active_tunnels, local_datapaths,
- binding, chassis,
- flow_table, &ofpacts);
- }
- }
-
-}
-
-void
-physical_handle_mc_group_changes(
- const struct sbrec_multicast_group_table *multicast_group_table,
- enum mf_field_id mff_ovn_geneve,
- const struct sbrec_chassis *chassis,
- const struct simap *ct_zones,
- const struct hmap *local_datapaths,
- struct ovn_desired_flow_table *flow_table)
-{
- const struct sbrec_multicast_group *mc;
- SBREC_MULTICAST_GROUP_TABLE_FOR_EACH_TRACKED (mc, multicast_group_table) {
- if (sbrec_multicast_group_is_deleted(mc)) {
- ofctrl_remove_flows(flow_table, &mc->header_.uuid);
- } else {
- if (!sbrec_multicast_group_is_new(mc)) {
- ofctrl_remove_flows(flow_table, &mc->header_.uuid);
- }
- consider_mc_group(mff_ovn_geneve, ct_zones, local_datapaths,
- chassis, mc, flow_table);
- }
- }
-}
-
-void
-physical_run(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_multicast_group_table *multicast_group_table,
- const struct sbrec_port_binding_table *port_binding_table,
- enum mf_field_id mff_ovn_geneve,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis,
- const struct simap *ct_zones,
- const struct hmap *local_datapaths,
- const struct sset *local_lports,
- const struct sset *active_tunnels,
- struct ovn_desired_flow_table *flow_table)
-{
- if (!hc_uuid) {
- hc_uuid = xmalloc(sizeof(struct uuid));
- uuid_generate(hc_uuid);
- }
-
- /* This bool tracks physical mapping changes. */
- bool physical_map_changed = false;
-
- struct simap new_localvif_to_ofport =
- SIMAP_INITIALIZER(&new_localvif_to_ofport);
- struct simap new_tunnel_to_ofport =
- SIMAP_INITIALIZER(&new_tunnel_to_ofport);
- for (int i = 0; i < br_int->n_ports; i++) {
- const struct ovsrec_port *port_rec = br_int->ports[i];
- if (!strcmp(port_rec->name, br_int->name)) {
- continue;
- }
-
- const char *tunnel_id = smap_get(&port_rec->external_ids,
- "ovn-chassis-id");
- if (tunnel_id &&
- encaps_tunnel_id_match(tunnel_id, chassis->name, NULL)) {
- continue;
- }
-
- const char *localnet = smap_get(&port_rec->external_ids,
- "ovn-localnet-port");
- const char *l2gateway = smap_get(&port_rec->external_ids,
- "ovn-l2gateway-port");
-
- for (int j = 0; j < port_rec->n_interfaces; j++) {
- const struct ovsrec_interface *iface_rec = port_rec->interfaces[j];
-
- /* Get OpenFlow port number. */
- if (!iface_rec->n_ofport) {
- continue;
- }
- int64_t ofport = iface_rec->ofport[0];
- if (ofport < 1 || ofport > ofp_to_u16(OFPP_MAX)) {
- continue;
- }
-
- /* Record as patch to local net, logical patch port, chassis, or
- * local logical port. */
- bool is_patch = !strcmp(iface_rec->type, "patch");
- if (is_patch && localnet) {
- /* localnet patch ports can be handled just like VIFs. */
- simap_put(&new_localvif_to_ofport, localnet, ofport);
- break;
- } else if (is_patch && l2gateway) {
- /* L2 gateway patch ports can be handled just like VIFs. */
- simap_put(&new_localvif_to_ofport, l2gateway, ofport);
- break;
- } else if (tunnel_id) {
- enum chassis_tunnel_type tunnel_type;
- if (!strcmp(iface_rec->type, "geneve")) {
- tunnel_type = GENEVE;
- if (!mff_ovn_geneve) {
- continue;
- }
- } else if (!strcmp(iface_rec->type, "stt")) {
- tunnel_type = STT;
- } else if (!strcmp(iface_rec->type, "vxlan")) {
- tunnel_type = VXLAN;
- } else {
- continue;
- }
-
- simap_put(&new_tunnel_to_ofport, tunnel_id, ofport);
- /*
- * We split the tunnel_id to get the chassis-id
- * and hash the tunnel list on the chassis-id. The
- * reason to use the chassis-id alone is because
- * there might be cases (multicast, gateway chassis)
- * where we need to tunnel to the chassis, but won't
- * have the encap-ip specifically.
- */
- char *hash_id = NULL;
- char *ip = NULL;
-
- if (!encaps_tunnel_id_parse(tunnel_id, &hash_id, &ip)) {
- continue;
- }
- struct chassis_tunnel *tun = chassis_tunnel_find(hash_id, ip);
- if (tun) {
- /* If the tunnel's ofport has changed, update. */
- if (tun->ofport != u16_to_ofp(ofport) ||
- tun->type != tunnel_type) {
- tun->ofport = u16_to_ofp(ofport);
- tun->type = tunnel_type;
- physical_map_changed = true;
- }
- } else {
- tun = xmalloc(sizeof *tun);
- hmap_insert(&tunnels, &tun->hmap_node,
- hash_string(hash_id, 0));
- tun->chassis_id = xstrdup(tunnel_id);
- tun->ofport = u16_to_ofp(ofport);
- tun->type = tunnel_type;
- physical_map_changed = true;
- }
- free(hash_id);
- free(ip);
- break;
- } else {
- const char *iface_id = smap_get(&iface_rec->external_ids,
- "iface-id");
- if (iface_id) {
- simap_put(&new_localvif_to_ofport, iface_id, ofport);
- }
- }
- }
- }
-
- /* Remove tunnels that are no longer here. */
- struct chassis_tunnel *tun, *tun_next;
- HMAP_FOR_EACH_SAFE (tun, tun_next, hmap_node, &tunnels) {
- if (!simap_find(&new_tunnel_to_ofport, tun->chassis_id)) {
- hmap_remove(&tunnels, &tun->hmap_node);
- physical_map_changed = true;
- free(tun->chassis_id);
- free(tun);
- }
- }
-
- /* Capture changed or removed openflow ports. */
- physical_map_changed |= update_ofports(&localvif_to_ofport,
- &new_localvif_to_ofport);
- if (physical_map_changed) {
- /* Reprocess logical flow table immediately. */
- poll_immediate_wake();
- }
-
- struct ofpbuf ofpacts;
- ofpbuf_init(&ofpacts, 0);
-
- /* Set up flows in table 0 for physical-to-logical translation and in table
- * 64 for logical-to-physical translation. */
- const struct sbrec_port_binding *binding;
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) {
- consider_port_binding(sbrec_port_binding_by_name,
- mff_ovn_geneve, ct_zones,
- active_tunnels, local_datapaths,
- binding, chassis,
- flow_table, &ofpacts);
- }
-
- /* Handle output to multicast groups, in tables 32 and 33. */
- const struct sbrec_multicast_group *mc;
- SBREC_MULTICAST_GROUP_TABLE_FOR_EACH (mc, multicast_group_table) {
- consider_mc_group(mff_ovn_geneve, ct_zones, local_datapaths,
- chassis, mc, flow_table);
- }
-
- /* Table 0, priority 100.
- * ======================
- *
- * Process packets that arrive from a remote hypervisor (by matching
- * on tunnel in_port). */
-
- /* Add flows for Geneve and STT encapsulations. These
- * encapsulations have metadata about the ingress and egress logical
- * ports. We set MFF_LOG_DATAPATH, MFF_LOG_INPORT, and
- * MFF_LOG_OUTPORT from the tunnel key data, then resubmit to table
- * 33 to handle packets to the local hypervisor. */
- HMAP_FOR_EACH (tun, hmap_node, &tunnels) {
- struct match match = MATCH_CATCHALL_INITIALIZER;
- match_set_in_port(&match, tun->ofport);
-
- ofpbuf_clear(&ofpacts);
- if (tun->type == GENEVE) {
- put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
- put_move(mff_ovn_geneve, 16, MFF_LOG_INPORT, 0, 15,
- &ofpacts);
- put_move(mff_ovn_geneve, 0, MFF_LOG_OUTPORT, 0, 16,
- &ofpacts);
- } else if (tun->type == STT) {
- put_move(MFF_TUN_ID, 40, MFF_LOG_INPORT, 0, 15, &ofpacts);
- put_move(MFF_TUN_ID, 24, MFF_LOG_OUTPORT, 0, 16, &ofpacts);
- put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
- } else if (tun->type == VXLAN) {
- /* We'll handle VXLAN later. */
- continue;
- } else {
- OVS_NOT_REACHED();
- }
-
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
-
- ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 100, 0, &match,
- &ofpacts, hc_uuid);
- }
-
- /* Add flows for VXLAN encapsulations. Due to the limited amount of
- * metadata, we only support VXLAN for connections to gateways. The
- * VNI is used to populate MFF_LOG_DATAPATH. The gateway's logical
- * port is set to MFF_LOG_INPORT. Then the packet is resubmitted to
- * table 16 to determine the logical egress port. */
- HMAP_FOR_EACH (tun, hmap_node, &tunnels) {
- if (tun->type != VXLAN) {
- continue;
- }
-
- SBREC_PORT_BINDING_TABLE_FOR_EACH (binding, port_binding_table) {
- struct match match = MATCH_CATCHALL_INITIALIZER;
-
- if (!binding->chassis ||
- !encaps_tunnel_id_match(tun->chassis_id,
- binding->chassis->name, NULL)) {
- continue;
- }
-
- match_set_in_port(&match, tun->ofport);
- match_set_tun_id(&match, htonll(binding->datapath->tunnel_key));
-
- ofpbuf_clear(&ofpacts);
- put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
- put_load(binding->tunnel_key, MFF_LOG_INPORT, 0, 15, &ofpacts);
- /* For packets received from a vxlan tunnel, set a flag to that
- * effect. */
- put_load(1, MFF_LOG_FLAGS, MLF_RCV_FROM_VXLAN_BIT, 1, &ofpacts);
- put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
-
- ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 100, 0, &match,
- &ofpacts, hc_uuid);
- }
- }
-
- /* Table 32, priority 150.
- * =======================
- *
- * Handles packets received from a VXLAN tunnel which get resubmitted to
- * OFTABLE_LOG_INGRESS_PIPELINE due to lack of needed metadata in VXLAN,
- * explicitly skip sending back out any tunnels and resubmit to table 33
- * for local delivery.
- */
- struct match match;
- match_init_catchall(&match);
- match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
- MLF_RCV_FROM_VXLAN, MLF_RCV_FROM_VXLAN);
-
- /* Resubmit to table 33. */
- ofpbuf_clear(&ofpacts);
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0,
- &match, &ofpacts, hc_uuid);
-
- /* Table 32, priority 150.
- * =======================
- *
- * Packets that should not be sent to other hypervisors.
- */
- match_init_catchall(&match);
- match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
- MLF_LOCAL_ONLY, MLF_LOCAL_ONLY);
- /* Resubmit to table 33. */
- ofpbuf_clear(&ofpacts);
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0,
- &match, &ofpacts, hc_uuid);
-
- /* Table 32, priority 150.
- * =======================
- *
- * Handles packets received from ports of type "localport". These ports
- * are present on every hypervisor. Traffic that originates at one should
- * never go over a tunnel to a remote hypervisor, so resubmit them to table
- * 33 for local delivery. */
- match_init_catchall(&match);
- ofpbuf_clear(&ofpacts);
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
- const char *localport;
- SSET_FOR_EACH (localport, local_lports) {
- /* Iterate over all local logical ports and insert a drop
- * rule with higher priority for every localport in this
- * datapath. */
- const struct sbrec_port_binding *pb = lport_lookup_by_name(
- sbrec_port_binding_by_name, localport);
- if (pb && !strcmp(pb->type, "localport")) {
- match_set_reg(&match, MFF_LOG_INPORT - MFF_REG0, pb->tunnel_key);
- match_set_metadata(&match, htonll(pb->datapath->tunnel_key));
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0,
- &match, &ofpacts, hc_uuid);
- }
- }
-
- /* Table 32, Priority 0.
- * =======================
- *
- * Resubmit packets that are not directed at tunnels or part of a
- * multicast group to the local output table. */
- match_init_catchall(&match);
- ofpbuf_clear(&ofpacts);
- put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 0, 0, &match, &ofpacts,
- hc_uuid);
-
- /* Table 34, Priority 0.
- * =======================
- *
- * Resubmit packets that don't output to the ingress port (already checked
- * in table 33) to the logical egress pipeline, clearing the logical
- * registers (for consistent behavior with packets that get tunneled). */
- match_init_catchall(&match);
- ofpbuf_clear(&ofpacts);
- for (int i = 0; i < MFF_N_LOG_REGS; i++) {
- put_load(0, MFF_REG0 + i, 0, 32, &ofpacts);
- }
- put_resubmit(OFTABLE_LOG_EGRESS_PIPELINE, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_CHECK_LOOPBACK, 0, 0, &match,
- &ofpacts, hc_uuid);
-
- /* Table 64, Priority 0.
- * =======================
- *
- * Resubmit packets that do not have the MLF_ALLOW_LOOPBACK flag set
- * to table 65 for logical-to-physical translation. */
- match_init_catchall(&match);
- ofpbuf_clear(&ofpacts);
- put_resubmit(OFTABLE_LOG_TO_PHY, &ofpacts);
- ofctrl_add_flow(flow_table, OFTABLE_SAVE_INPORT, 0, 0, &match, &ofpacts,
- hc_uuid);
-
- ofpbuf_uninit(&ofpacts);
-
- simap_destroy(&new_tunnel_to_ofport);
-}
diff --git a/ovn/controller/physical.h b/ovn/controller/physical.h
deleted file mode 100644
index c5544e8de48..00000000000
--- a/ovn/controller/physical.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_PHYSICAL_H
-#define OVN_PHYSICAL_H 1
-
-/* Logical/Physical Translation
- * ============================
- *
- * This module implements physical-to-logical and logical-to-physical
- * translation as separate OpenFlow tables that run before the ingress pipeline
- * and after the egress pipeline, respectively, as well as to connect the
- * two pipelines.
- */
-
-#include "openvswitch/meta-flow.h"
-
-struct hmap;
-struct ovsdb_idl_index;
-struct ovsrec_bridge;
-struct simap;
-struct sbrec_multicast_group_table;
-struct sbrec_port_binding_table;
-struct sset;
-
-/* OVN Geneve option information.
- *
- * Keep these in sync with the documentation in ovn-architecture(7). */
-#define OVN_GENEVE_CLASS 0x0102 /* Assigned Geneve class for OVN. */
-#define OVN_GENEVE_TYPE 0x80 /* Critical option. */
-#define OVN_GENEVE_LEN 4
-
-void physical_register_ovs_idl(struct ovsdb_idl *);
-void physical_run(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_multicast_group_table *,
- const struct sbrec_port_binding_table *,
- enum mf_field_id mff_ovn_geneve,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis,
- const struct simap *ct_zones,
- const struct hmap *local_datapaths,
- const struct sset *local_lports,
- const struct sset *active_tunnels,
- struct ovn_desired_flow_table *);
-void physical_handle_port_binding_changes(
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_port_binding_table *,
- enum mf_field_id mff_ovn_geneve,
- const struct sbrec_chassis *,
- const struct simap *ct_zones,
- struct hmap *local_datapaths,
- struct sset *active_tunnels,
- struct ovn_desired_flow_table *);
-
-void physical_handle_mc_group_changes(
- const struct sbrec_multicast_group_table *,
- enum mf_field_id mff_ovn_geneve,
- const struct sbrec_chassis *,
- const struct simap *ct_zones,
- const struct hmap *local_datapaths,
- struct ovn_desired_flow_table *);
-#endif /* ovn/physical.h */
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
deleted file mode 100644
index b115d1a57d8..00000000000
--- a/ovn/controller/pinctrl.c
+++ /dev/null
@@ -1,4342 +0,0 @@
-/* Copyright (c) 2015, 2016, 2017 Red Hat, Inc.
- * Copyright (c) 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "pinctrl.h"
-
-#include "coverage.h"
-#include "csum.h"
-#include "dirs.h"
-#include "dp-packet.h"
-#include "encaps.h"
-#include "flow.h"
-#include "ha-chassis.h"
-#include "lport.h"
-#include "nx-match.h"
-#include "ovn-controller.h"
-#include "latch.h"
-#include "lib/packets.h"
-#include "lib/sset.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofp-msgs.h"
-#include "openvswitch/ofp-packet.h"
-#include "openvswitch/ofp-print.h"
-#include "openvswitch/ofp-switch.h"
-#include "openvswitch/ofp-util.h"
-#include "openvswitch/vlog.h"
-
-#include "lib/dhcp.h"
-#include "ovn-controller.h"
-#include "ovn/actions.h"
-#include "ovn/lex.h"
-#include "ovn/lib/acl-log.h"
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/mcast-group-index.h"
-#include "ovn/lib/ovn-l7.h"
-#include "ovn/lib/ovn-util.h"
-#include "ovn/logical-fields.h"
-#include "openvswitch/poll-loop.h"
-#include "openvswitch/rconn.h"
-#include "socket-util.h"
-#include "seq.h"
-#include "timeval.h"
-#include "vswitch-idl.h"
-#include "lflow.h"
-#include "ip-mcast.h"
-
-VLOG_DEFINE_THIS_MODULE(pinctrl);
-
-/* pinctrl module creates a thread - pinctrl_handler to handle
- * the packet-ins from ovs-vswitchd. Some of the OVN actions
- * are translated to OF 'controller' actions. See include/ovn/actions.h
- * for more details.
- *
- * pinctrl_handler thread doesn't access the Southbound IDL object. But
- * some of the OVN actions which gets translated to 'controller'
- * OF action, require data from Southbound DB. Below are the details
- * on how these actions are implemented.
- *
- * pinctrl_run() function is called by ovn-controller main thread.
- * A Mutex - 'pinctrl_mutex' is used between the pinctrl_handler() thread
- * and pinctrl_run().
- *
- * - dns_lookup - In order to do a DNS lookup, this action needs
- * to access the 'DNS' table. pinctrl_run() builds a
- * local DNS cache - 'dns_cache'. See sync_dns_cache()
- * for more details.
- * The function 'pinctrl_handle_dns_lookup()' (which is
- * called with in the pinctrl_handler thread) looks into
- * the local DNS cache to resolve the DNS requests.
- *
- * - put_arp/put_nd - These actions stores the IPv4/IPv6 and MAC addresses
- * in the 'MAC_Binding' table.
- * The function 'pinctrl_handle_put_mac_binding()' (which
- * is called with in the pinctrl_handler thread), stores
- * the IPv4/IPv6 and MAC addresses in the
- * hmap - put_mac_bindings.
- *
- * pinctrl_run(), reads these mac bindings from the hmap
- * 'put_mac_bindings' and writes to the 'MAC_Binding'
- * table in the Southbound DB.
- *
- * - arp/nd_ns - These actions generate an ARP/IPv6 Neighbor solicit
- * requests. The original packets are buffered and
- * injected back when put_arp/put_nd resolves
- * corresponding ARP/IPv6 Neighbor solicit requests.
- * When pinctrl_run(), writes the mac bindings from the
- * 'put_mac_bindings' hmap to the MAC_Binding table in
- * SB DB, run_buffered_binding will add the buffered
- * packets to buffered_mac_bindings and notify
- * pinctrl_handler.
- *
- * The pinctrl_handler thread calls the function -
- * send_mac_binding_buffered_pkts(), which uses
- * the hmap - 'buffered_mac_bindings' and reinjects the
- * buffered packets.
- *
- * - igmp - This action punts an IGMP packet to the controller
- * which maintains multicast group information. The
- * multicast groups (mcast_snoop_map) are synced to
- * the 'IGMP_Group' table by ip_mcast_sync().
- * ip_mcast_sync() also reads the 'IP_Multicast'
- * (snooping and querier) configuration and builds a
- * local configuration mcast_cfg_map.
- * ip_mcast_snoop_run() which runs in the
- * pinctrl_handler() thread configures the per datapath
- * mcast_snoop_map entries according to mcast_cfg_map.
- *
- * pinctrl module also periodically sends IPv6 Router Solicitation requests
- * and gARPs (for the router gateway IPs and configured NAT addresses).
- *
- * IPv6 RA handling - pinctrl_run() prepares the IPv6 RA information
- * (see prepare_ipv6_ras()) in the shash 'ipv6_ras' by
- * looking into the Southbound DB table - Port_Binding.
- *
- * pinctrl_handler thread sends the periodic IPv6 RAs using
- * the shash - 'ipv6_ras'
- *
- * gARP handling - pinctrl_run() prepares the gARP information
- * (see send_garp_prepare()) in the shash 'send_garp_data'
- * by looking into the Southbound DB table Port_Binding.
- *
- * pinctrl_handler() thread sends these gARPs using the
- * shash 'send_garp_data'.
- *
- * IGMP Queries - pinctrl_run() prepares the IGMP queries (at most one
- * per local datapath) based on the mcast_snoop_map
- * contents and stores them in mcast_query_list.
- *
- * pinctrl_handler thread sends the periodic IGMP queries
- * by walking the mcast_query_list.
- *
- * Notification between pinctrl_handler() and pinctrl_run()
- * -------------------------------------------------------
- * 'struct seq' is used for notification between pinctrl_handler() thread
- * and pinctrl_run().
- * 'pinctrl_handler_seq' is used by pinctrl_run() to
- * wake up pinctrl_handler thread from poll_block() if any changes happened
- * in 'send_garp_data', 'ipv6_ras' and 'buffered_mac_bindings' structures.
- *
- * 'pinctrl_main_seq' is used by pinctrl_handler() thread to wake up
- * the main thread from poll_block() when mac bindings/igmp groups need to
- * be updated in the Southboubd DB.
- * */
-
-static struct ovs_mutex pinctrl_mutex = OVS_MUTEX_INITIALIZER;
-static struct seq *pinctrl_handler_seq;
-static struct seq *pinctrl_main_seq;
-
-static void *pinctrl_handler(void *arg);
-
-struct pinctrl {
- char *br_int_name;
- pthread_t pinctrl_thread;
- /* Latch to destroy the 'pinctrl_thread' */
- struct latch pinctrl_thread_exit;
-};
-
-static struct pinctrl pinctrl;
-
-static void init_buffered_packets_map(void);
-static void destroy_buffered_packets_map(void);
-static void
-run_buffered_binding(struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- const struct hmap *local_datapaths)
- OVS_REQUIRES(pinctrl_mutex);
-
-static void pinctrl_handle_put_mac_binding(const struct flow *md,
- const struct flow *headers,
- bool is_arp)
- OVS_REQUIRES(pinctrl_mutex);
-static void init_put_mac_bindings(void);
-static void destroy_put_mac_bindings(void);
-static void run_put_mac_bindings(
- struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip)
- OVS_REQUIRES(pinctrl_mutex);
-static void wait_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn);
-static void flush_put_mac_bindings(void);
-static void send_mac_binding_buffered_pkts(struct rconn *swconn)
- OVS_REQUIRES(pinctrl_mutex);
-
-static void init_send_garps(void);
-static void destroy_send_garps(void);
-static void send_garp_wait(long long int send_garp_time);
-static void send_garp_prepare(
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct ovsrec_bridge *,
- const struct sbrec_chassis *,
- const struct hmap *local_datapaths,
- const struct sset *active_tunnels)
- OVS_REQUIRES(pinctrl_mutex);
-static void send_garp_run(struct rconn *swconn, long long int *send_garp_time)
- OVS_REQUIRES(pinctrl_mutex);
-static void pinctrl_handle_nd_na(struct rconn *swconn,
- const struct flow *ip_flow,
- const struct match *md,
- struct ofpbuf *userdata,
- bool is_router);
-static void reload_metadata(struct ofpbuf *ofpacts,
- const struct match *md);
-static void pinctrl_handle_put_nd_ra_opts(
- struct rconn *swconn,
- const struct flow *ip_flow, struct dp_packet *pkt_in,
- struct ofputil_packet_in *pin, struct ofpbuf *userdata,
- struct ofpbuf *continuation);
-static void pinctrl_handle_nd_ns(struct rconn *swconn,
- const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md,
- struct ofpbuf *userdata);
-static void pinctrl_handle_put_icmp4_frag_mtu(struct rconn *swconn,
- const struct flow *in_flow,
- struct dp_packet *pkt_in,
- struct ofputil_packet_in *pin,
- struct ofpbuf *userdata,
- struct ofpbuf *continuation);
-static void
-pinctrl_handle_event(struct ofpbuf *userdata)
- OVS_REQUIRES(pinctrl_mutex);
-static void wait_controller_event(struct ovsdb_idl_txn *ovnsb_idl_txn);
-static void init_ipv6_ras(void);
-static void destroy_ipv6_ras(void);
-static void ipv6_ra_wait(long long int send_ipv6_ra_time);
-static void prepare_ipv6_ras(
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct hmap *local_datapaths)
- OVS_REQUIRES(pinctrl_mutex);
-static void send_ipv6_ras(struct rconn *swconn,
- long long int *send_ipv6_ra_time)
- OVS_REQUIRES(pinctrl_mutex);
-
-static void ip_mcast_snoop_init(void);
-static void ip_mcast_snoop_destroy(void);
-static void ip_mcast_snoop_run(void)
- OVS_REQUIRES(pinctrl_mutex);
-static void ip_mcast_querier_run(struct rconn *swconn,
- long long int *query_time);
-static void ip_mcast_querier_wait(long long int query_time);
-static void ip_mcast_sync(
- struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_igmp_groups,
- struct ovsdb_idl_index *sbrec_ip_multicast)
- OVS_REQUIRES(pinctrl_mutex);
-static void pinctrl_ip_mcast_handle_igmp(
- struct rconn *swconn,
- const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md,
- struct ofpbuf *userdata);
-
-static bool may_inject_pkts(void);
-
-COVERAGE_DEFINE(pinctrl_drop_put_mac_binding);
-COVERAGE_DEFINE(pinctrl_drop_buffered_packets_map);
-COVERAGE_DEFINE(pinctrl_drop_controller_event);
-
-struct empty_lb_backends_event {
- struct hmap_node hmap_node;
- long long int timestamp;
-
- char *vip;
- char *protocol;
- char *load_balancer;
-};
-
-static struct hmap event_table[OVN_EVENT_MAX];
-static int64_t event_seq_num;
-
-static void
-init_event_table(void)
-{
- for (size_t i = 0; i < OVN_EVENT_MAX; i++) {
- hmap_init(&event_table[i]);
- }
-}
-
-#define EVENT_TIMEOUT 10000
-static void
-empty_lb_backends_event_gc(bool flush)
-{
- struct empty_lb_backends_event *cur_ce, *next_ce;
- long long int now = time_msec();
-
- HMAP_FOR_EACH_SAFE (cur_ce, next_ce, hmap_node,
- &event_table[OVN_EVENT_EMPTY_LB_BACKENDS]) {
- if ((now < cur_ce->timestamp + EVENT_TIMEOUT) && !flush) {
- continue;
- }
-
- free(cur_ce->vip);
- free(cur_ce->protocol);
- free(cur_ce->load_balancer);
- hmap_remove(&event_table[OVN_EVENT_EMPTY_LB_BACKENDS],
- &cur_ce->hmap_node);
- free(cur_ce);
- }
-}
-
-static void
-event_table_gc(bool flush)
-{
- empty_lb_backends_event_gc(flush);
-}
-
-static void
-event_table_destroy(void)
-{
- event_table_gc(true);
- for (size_t i = 0; i < OVN_EVENT_MAX; i++) {
- hmap_destroy(&event_table[i]);
- }
-}
-
-static struct empty_lb_backends_event *
-pinctrl_find_empty_lb_backends_event(char *vip, char *protocol,
- char *load_balancer, uint32_t hash)
-{
- struct empty_lb_backends_event *ce;
- HMAP_FOR_EACH_WITH_HASH (ce, hmap_node, hash,
- &event_table[OVN_EVENT_EMPTY_LB_BACKENDS]) {
- if (!strcmp(ce->vip, vip) &&
- !strcmp(ce->protocol, protocol) &&
- !strcmp(ce->load_balancer, load_balancer)) {
- return ce;
- }
- }
- return NULL;
-}
-
-static const struct sbrec_controller_event *
-empty_lb_backends_lookup(struct empty_lb_backends_event *event,
- const struct sbrec_controller_event_table *ce_table,
- const struct sbrec_chassis *chassis)
-{
- const struct sbrec_controller_event *sbrec_event;
- const char *event_type = event_to_string(OVN_EVENT_EMPTY_LB_BACKENDS);
- char ref_uuid[UUID_LEN + 1];
- sprintf(ref_uuid, UUID_FMT, UUID_ARGS(&chassis->header_.uuid));
-
- SBREC_CONTROLLER_EVENT_TABLE_FOR_EACH (sbrec_event, ce_table) {
- if (strcmp(sbrec_event->event_type, event_type)) {
- continue;
- }
-
- char chassis_uuid[UUID_LEN + 1];
- sprintf(chassis_uuid, UUID_FMT,
- UUID_ARGS(&sbrec_event->chassis->header_.uuid));
- if (strcmp(ref_uuid, chassis_uuid)) {
- continue;
- }
-
- const char *vip = smap_get(&sbrec_event->event_info, "vip");
- const char *protocol = smap_get(&sbrec_event->event_info, "protocol");
- const char *load_balancer = smap_get(&sbrec_event->event_info,
- "load_balancer");
-
- if (!strcmp(event->vip, vip) &&
- !strcmp(event->protocol, protocol) &&
- !strcmp(event->load_balancer, load_balancer)) {
- return sbrec_event;
- }
- }
-
- return NULL;
-}
-
-static void
-controller_event_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_controller_event_table *ce_table,
- const struct sbrec_chassis *chassis)
- OVS_REQUIRES(pinctrl_mutex)
-{
- if (!ovnsb_idl_txn) {
- goto out;
- }
-
- struct empty_lb_backends_event *empty_lbs;
- HMAP_FOR_EACH (empty_lbs, hmap_node,
- &event_table[OVN_EVENT_EMPTY_LB_BACKENDS]) {
- const struct sbrec_controller_event *event;
-
- event = empty_lb_backends_lookup(empty_lbs, ce_table, chassis);
- if (!event) {
- struct smap event_info = SMAP_INITIALIZER(&event_info);
-
- smap_add(&event_info, "vip", empty_lbs->vip);
- smap_add(&event_info, "protocol", empty_lbs->protocol);
- smap_add(&event_info, "load_balancer", empty_lbs->load_balancer);
-
- event = sbrec_controller_event_insert(ovnsb_idl_txn);
- sbrec_controller_event_set_event_type(event,
- event_to_string(OVN_EVENT_EMPTY_LB_BACKENDS));
- sbrec_controller_event_set_seq_num(event, ++event_seq_num);
- sbrec_controller_event_set_event_info(event, &event_info);
- sbrec_controller_event_set_chassis(event, chassis);
- }
- }
-
-out:
- event_table_gc(!!ovnsb_idl_txn);
-}
-
-void
-pinctrl_init(void)
-{
- init_put_mac_bindings();
- init_send_garps();
- init_ipv6_ras();
- init_buffered_packets_map();
- init_event_table();
- ip_mcast_snoop_init();
- pinctrl.br_int_name = NULL;
- pinctrl_handler_seq = seq_create();
- pinctrl_main_seq = seq_create();
-
- latch_init(&pinctrl.pinctrl_thread_exit);
- pinctrl.pinctrl_thread = ovs_thread_create("ovn_pinctrl", pinctrl_handler,
- &pinctrl);
-}
-
-static ovs_be32
-queue_msg(struct rconn *swconn, struct ofpbuf *msg)
-{
- const struct ofp_header *oh = msg->data;
- ovs_be32 xid = oh->xid;
-
- rconn_send(swconn, msg, NULL);
- return xid;
-}
-
-/* Sets up 'swconn', a newly (re)connected connection to a switch. */
-static void
-pinctrl_setup(struct rconn *swconn)
-{
- /* Fetch the switch configuration. The response later will allow us to
- * change the miss_send_len to UINT16_MAX, so that we can enable
- * asynchronous messages. */
- queue_msg(swconn, ofpraw_alloc(OFPRAW_OFPT_GET_CONFIG_REQUEST,
- rconn_get_version(swconn), 0));
-
- /* Set a packet-in format that supports userdata. */
- queue_msg(swconn,
- ofputil_encode_set_packet_in_format(rconn_get_version(swconn),
- OFPUTIL_PACKET_IN_NXT2));
-}
-
-static void
-set_switch_config(struct rconn *swconn,
- const struct ofputil_switch_config *config)
-{
- enum ofp_version version = rconn_get_version(swconn);
- struct ofpbuf *request = ofputil_encode_set_config(config, version);
- queue_msg(swconn, request);
-}
-
-static void
-set_actions_and_enqueue_msg(struct rconn *swconn,
- const struct dp_packet *packet,
- const struct match *md,
- struct ofpbuf *userdata)
-{
- /* Copy metadata from 'md' into the packet-out via "set_field"
- * actions, then add actions from 'userdata'.
- */
- uint64_t ofpacts_stub[4096 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
- enum ofp_version version = rconn_get_version(swconn);
-
- reload_metadata(&ofpacts, md);
- enum ofperr error = ofpacts_pull_openflow_actions(userdata, userdata->size,
- version, NULL, NULL,
- &ofpacts);
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "failed to parse actions from userdata (%s)",
- ofperr_to_string(error));
- ofpbuf_uninit(&ofpacts);
- return;
- }
-
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(packet),
- .packet_len = dp_packet_size(packet),
- .buffer_id = UINT32_MAX,
- .ofpacts = ofpacts.data,
- .ofpacts_len = ofpacts.size,
- };
- match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
- ofpbuf_uninit(&ofpacts);
-}
-
-struct buffer_info {
- struct ofpbuf ofpacts;
- struct dp_packet *p;
-};
-
-#define BUFFER_QUEUE_DEPTH 4
-struct buffered_packets {
- struct hmap_node hmap_node;
- struct ovs_list list;
-
- /* key */
- struct in6_addr ip;
- struct eth_addr ea;
-
- long long int timestamp;
-
- struct buffer_info data[BUFFER_QUEUE_DEPTH];
- uint32_t head, tail;
-};
-
-static struct hmap buffered_packets_map;
-static struct ovs_list buffered_mac_bindings;
-
-static void
-init_buffered_packets_map(void)
-{
- hmap_init(&buffered_packets_map);
- ovs_list_init(&buffered_mac_bindings);
-}
-
-static void
-destroy_buffered_packets(struct buffered_packets *bp)
-{
- struct buffer_info *bi;
-
- while (bp->head != bp->tail) {
- bi = &bp->data[bp->head];
- dp_packet_delete(bi->p);
- ofpbuf_uninit(&bi->ofpacts);
-
- bp->head = (bp->head + 1) % BUFFER_QUEUE_DEPTH;
- }
-}
-
-static void
-destroy_buffered_packets_map(void)
-{
- struct buffered_packets *bp, *next;
- HMAP_FOR_EACH_SAFE (bp, next, hmap_node, &buffered_packets_map) {
- destroy_buffered_packets(bp);
- hmap_remove(&buffered_packets_map, &bp->hmap_node);
- free(bp);
- }
- hmap_destroy(&buffered_packets_map);
-
- LIST_FOR_EACH_POP (bp, list, &buffered_mac_bindings) {
- destroy_buffered_packets(bp);
- free(bp);
- }
-}
-
-static void
-buffered_push_packet(struct buffered_packets *bp,
- struct dp_packet *packet,
- const struct match *md)
-{
- uint32_t next = (bp->tail + 1) % BUFFER_QUEUE_DEPTH;
- struct buffer_info *bi = &bp->data[bp->tail];
-
- ofpbuf_init(&bi->ofpacts, 4096);
-
- reload_metadata(&bi->ofpacts, md);
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&bi->ofpacts);
- resubmit->in_port = OFPP_CONTROLLER;
- resubmit->table_id = OFTABLE_REMOTE_OUTPUT;
-
- bi->p = packet;
-
- if (next == bp->head) {
- bi = &bp->data[bp->head];
- dp_packet_delete(bi->p);
- ofpbuf_uninit(&bi->ofpacts);
- bp->head = (bp->head + 1) % BUFFER_QUEUE_DEPTH;
- }
- bp->tail = next;
-}
-
-static void
-buffered_send_packets(struct rconn *swconn, struct buffered_packets *bp,
- struct eth_addr *addr)
-{
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
-
- while (bp->head != bp->tail) {
- struct buffer_info *bi = &bp->data[bp->head];
- struct eth_header *eth = dp_packet_data(bi->p);
-
- eth->eth_dst = *addr;
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(bi->p),
- .packet_len = dp_packet_size(bi->p),
- .buffer_id = UINT32_MAX,
- .ofpacts = bi->ofpacts.data,
- .ofpacts_len = bi->ofpacts.size,
- };
- match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
- queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
-
- ofpbuf_uninit(&bi->ofpacts);
- dp_packet_delete(bi->p);
-
- bp->head = (bp->head + 1) % BUFFER_QUEUE_DEPTH;
- }
-}
-
-#define BUFFER_MAP_TIMEOUT 10000
-static void
-buffered_packets_map_gc(void)
-{
- struct buffered_packets *cur_qp, *next_qp;
- long long int now = time_msec();
-
- HMAP_FOR_EACH_SAFE (cur_qp, next_qp, hmap_node, &buffered_packets_map) {
- if (now > cur_qp->timestamp + BUFFER_MAP_TIMEOUT) {
- destroy_buffered_packets(cur_qp);
- hmap_remove(&buffered_packets_map, &cur_qp->hmap_node);
- free(cur_qp);
- }
- }
-}
-
-static struct buffered_packets *
-pinctrl_find_buffered_packets(const struct in6_addr *ip, uint32_t hash)
-{
- struct buffered_packets *qp;
-
- HMAP_FOR_EACH_WITH_HASH (qp, hmap_node, hash,
- &buffered_packets_map) {
- if (IN6_ARE_ADDR_EQUAL(&qp->ip, ip)) {
- return qp;
- }
- }
- return NULL;
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static int
-pinctrl_handle_buffered_packets(const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md, bool is_arp)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct buffered_packets *bp;
- struct dp_packet *clone;
- struct in6_addr addr;
-
- if (is_arp) {
- addr = in6_addr_mapped_ipv4(ip_flow->nw_dst);
- } else {
- addr = ip_flow->ipv6_dst;
- }
-
- uint32_t hash = hash_bytes(&addr, sizeof addr, 0);
- bp = pinctrl_find_buffered_packets(&addr, hash);
- if (!bp) {
- if (hmap_count(&buffered_packets_map) >= 1000) {
- COVERAGE_INC(pinctrl_drop_buffered_packets_map);
- return -ENOMEM;
- }
-
- bp = xmalloc(sizeof *bp);
- hmap_insert(&buffered_packets_map, &bp->hmap_node, hash);
- bp->head = bp->tail = 0;
- bp->ip = addr;
- }
- bp->timestamp = time_msec();
- /* clone the packet to send it later with correct L2 address */
- clone = dp_packet_clone_data(dp_packet_data(pkt_in),
- dp_packet_size(pkt_in));
- buffered_push_packet(bp, clone, md);
-
- return 0;
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_arp(struct rconn *swconn, const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md, struct ofpbuf *userdata)
-{
- /* This action only works for IP packets, and the switch should only send
- * us IP packets this way, but check here just to be sure. */
- if (ip_flow->dl_type != htons(ETH_TYPE_IP)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "ARP action on non-IP packet (Ethertype %"PRIx16")",
- ntohs(ip_flow->dl_type));
- return;
- }
-
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_buffered_packets(ip_flow, pkt_in, md, true);
- ovs_mutex_unlock(&pinctrl_mutex);
-
- /* Compose an ARP packet. */
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- compose_arp__(&packet);
-
- struct eth_header *eth = dp_packet_eth(&packet);
- eth->eth_dst = ip_flow->dl_dst;
- eth->eth_src = ip_flow->dl_src;
-
- struct arp_eth_header *arp = dp_packet_l3(&packet);
- arp->ar_op = htons(ARP_OP_REQUEST);
- arp->ar_sha = ip_flow->dl_src;
- put_16aligned_be32(&arp->ar_spa, ip_flow->nw_src);
- arp->ar_tha = eth_addr_zero;
- put_16aligned_be32(&arp->ar_tpa, ip_flow->nw_dst);
-
- if (ip_flow->vlans[0].tci & htons(VLAN_CFI)) {
- eth_push_vlan(&packet, htons(ETH_TYPE_VLAN_8021Q),
- ip_flow->vlans[0].tci);
- }
-
- set_actions_and_enqueue_msg(swconn, &packet, md, userdata);
- dp_packet_uninit(&packet);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_icmp(struct rconn *swconn, const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md, struct ofpbuf *userdata,
- bool include_orig_ip_datagram)
-{
- /* This action only works for IP packets, and the switch should only send
- * us IP packets this way, but check here just to be sure. */
- if (ip_flow->dl_type != htons(ETH_TYPE_IP) &&
- ip_flow->dl_type != htons(ETH_TYPE_IPV6)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl,
- "ICMP action on non-IP packet (eth_type 0x%"PRIx16")",
- ntohs(ip_flow->dl_type));
- return;
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
-
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- dp_packet_clear(&packet);
- packet.packet_type = htonl(PT_ETH);
-
- struct eth_header *eh = dp_packet_put_zeros(&packet, sizeof *eh);
- eh->eth_dst = ip_flow->dl_dst;
- eh->eth_src = ip_flow->dl_src;
-
- if (get_dl_type(ip_flow) == htons(ETH_TYPE_IP)) {
- struct ip_header *in_ip = dp_packet_l3(pkt_in);
- uint16_t in_ip_len = ntohs(in_ip->ip_tot_len);
- if (in_ip_len < IP_HEADER_LEN) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl,
- "ICMP action on IP packet with invalid length (%u)",
- in_ip_len);
- return;
- }
-
- struct ip_header *nh = dp_packet_put_zeros(&packet, sizeof *nh);
-
- eh->eth_type = htons(ETH_TYPE_IP);
- dp_packet_set_l3(&packet, nh);
- nh->ip_ihl_ver = IP_IHL_VER(5, 4);
- nh->ip_tot_len = htons(sizeof(struct ip_header) +
- sizeof(struct icmp_header));
- nh->ip_proto = IPPROTO_ICMP;
- nh->ip_frag_off = htons(IP_DF);
- packet_set_ipv4(&packet, ip_flow->nw_src, ip_flow->nw_dst,
- ip_flow->nw_tos, 255);
-
- struct icmp_header *ih = dp_packet_put_zeros(&packet, sizeof *ih);
- dp_packet_set_l4(&packet, ih);
- packet_set_icmp(&packet, ICMP4_DST_UNREACH, 1);
-
- if (include_orig_ip_datagram) {
- /* RFC 1122: 3.2.2 MUST send at least the IP header and 8 bytes
- * of header. MAY send more.
- * RFC says return as much as we can without exceeding 576
- * bytes.
- * So, lets return as much as we can. */
-
- /* Calculate available room to include the original IP + data. */
- nh = dp_packet_l3(&packet);
- uint16_t room = 576 - (sizeof *eh + ntohs(nh->ip_tot_len));
- if (in_ip_len > room) {
- in_ip_len = room;
- }
- dp_packet_put(&packet, in_ip, in_ip_len);
-
- /* dp_packet_put may reallocate the buffer. Get the l3 and l4
- * header pointers again. */
- nh = dp_packet_l3(&packet);
- ih = dp_packet_l4(&packet);
- uint16_t ip_total_len = ntohs(nh->ip_tot_len) + in_ip_len;
- nh->ip_tot_len = htons(ip_total_len);
- ih->icmp_csum = 0;
- ih->icmp_csum = csum(ih, sizeof *ih + in_ip_len);
- nh->ip_csum = 0;
- nh->ip_csum = csum(nh, sizeof *nh);
- }
- } else {
- struct ip6_hdr *nh = dp_packet_put_zeros(&packet, sizeof *nh);
- struct icmp6_error_header *ih;
- uint32_t icmpv6_csum;
-
- eh->eth_type = htons(ETH_TYPE_IPV6);
- dp_packet_set_l3(&packet, nh);
- nh->ip6_vfc = 0x60;
- nh->ip6_nxt = IPPROTO_ICMPV6;
- nh->ip6_plen = htons(sizeof(*nh) + ICMP6_ERROR_HEADER_LEN);
- packet_set_ipv6(&packet, &ip_flow->ipv6_src, &ip_flow->ipv6_dst,
- ip_flow->nw_tos, ip_flow->ipv6_label, 255);
-
- ih = dp_packet_put_zeros(&packet, sizeof *ih);
- dp_packet_set_l4(&packet, ih);
- ih->icmp6_base.icmp6_type = ICMP6_DST_UNREACH;
- ih->icmp6_base.icmp6_code = 1;
- ih->icmp6_base.icmp6_cksum = 0;
-
- uint8_t *data = dp_packet_put_zeros(&packet, sizeof *nh);
- memcpy(data, dp_packet_l3(pkt_in), sizeof(*nh));
-
- icmpv6_csum = packet_csum_pseudoheader6(dp_packet_l3(&packet));
- ih->icmp6_base.icmp6_cksum = csum_finish(
- csum_continue(icmpv6_csum, ih,
- sizeof(*nh) + ICMP6_ERROR_HEADER_LEN));
- }
-
- if (ip_flow->vlans[0].tci & htons(VLAN_CFI)) {
- eth_push_vlan(&packet, htons(ETH_TYPE_VLAN_8021Q),
- ip_flow->vlans[0].tci);
- }
-
- set_actions_and_enqueue_msg(swconn, &packet, md, userdata);
- dp_packet_uninit(&packet);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_tcp_reset(struct rconn *swconn, const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md, struct ofpbuf *userdata)
-{
- /* This action only works for TCP segments, and the switch should only send
- * us TCP segments this way, but check here just to be sure. */
- if (ip_flow->nw_proto != IPPROTO_TCP) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "TCP_RESET action on non-TCP packet");
- return;
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
-
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- dp_packet_clear(&packet);
- packet.packet_type = htonl(PT_ETH);
-
- struct eth_header *eh = dp_packet_put_zeros(&packet, sizeof *eh);
- eh->eth_dst = ip_flow->dl_dst;
- eh->eth_src = ip_flow->dl_src;
-
- if (get_dl_type(ip_flow) == htons(ETH_TYPE_IPV6)) {
- struct ip6_hdr *nh = dp_packet_put_zeros(&packet, sizeof *nh);
-
- eh->eth_type = htons(ETH_TYPE_IPV6);
- dp_packet_set_l3(&packet, nh);
- nh->ip6_vfc = 0x60;
- nh->ip6_nxt = IPPROTO_TCP;
- nh->ip6_plen = htons(TCP_HEADER_LEN);
- packet_set_ipv6(&packet, &ip_flow->ipv6_src, &ip_flow->ipv6_dst,
- ip_flow->nw_tos, ip_flow->ipv6_label, 255);
- } else {
- struct ip_header *nh = dp_packet_put_zeros(&packet, sizeof *nh);
-
- eh->eth_type = htons(ETH_TYPE_IP);
- dp_packet_set_l3(&packet, nh);
- nh->ip_ihl_ver = IP_IHL_VER(5, 4);
- nh->ip_tot_len = htons(IP_HEADER_LEN + TCP_HEADER_LEN);
- nh->ip_proto = IPPROTO_TCP;
- nh->ip_frag_off = htons(IP_DF);
- packet_set_ipv4(&packet, ip_flow->nw_src, ip_flow->nw_dst,
- ip_flow->nw_tos, 255);
- }
-
- struct tcp_header *th = dp_packet_put_zeros(&packet, sizeof *th);
- struct tcp_header *tcp_in = dp_packet_l4(pkt_in);
- dp_packet_set_l4(&packet, th);
- th->tcp_ctl = TCP_CTL(TCP_RST, 5);
- if (ip_flow->tcp_flags & htons(TCP_ACK)) {
- th->tcp_seq = tcp_in->tcp_ack;
- } else {
- uint32_t tcp_seq, ack_seq, tcp_len;
-
- tcp_seq = ntohl(get_16aligned_be32(&tcp_in->tcp_seq));
- tcp_len = TCP_OFFSET(tcp_in->tcp_ctl) * 4;
- ack_seq = tcp_seq + dp_packet_l4_size(pkt_in) - tcp_len;
- put_16aligned_be32(&th->tcp_ack, htonl(ack_seq));
- put_16aligned_be32(&th->tcp_seq, 0);
- }
- packet_set_tcp_port(&packet, ip_flow->tp_dst, ip_flow->tp_src);
-
- if (ip_flow->vlans[0].tci & htons(VLAN_CFI)) {
- eth_push_vlan(&packet, htons(ETH_TYPE_VLAN_8021Q),
- ip_flow->vlans[0].tci);
- }
-
- set_actions_and_enqueue_msg(swconn, &packet, md, userdata);
- dp_packet_uninit(&packet);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_put_dhcp_opts(
- struct rconn *swconn,
- struct dp_packet *pkt_in, struct ofputil_packet_in *pin,
- struct ofpbuf *userdata, struct ofpbuf *continuation)
-{
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- struct dp_packet *pkt_out_ptr = NULL;
- uint32_t success = 0;
-
- /* Parse result field. */
- const struct mf_field *f;
- enum ofperr ofperr = nx_pull_header(userdata, NULL, &f, NULL);
- if (ofperr) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "bad result OXM (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- /* Parse result offset and offer IP. */
- ovs_be32 *ofsp = ofpbuf_try_pull(userdata, sizeof *ofsp);
- ovs_be32 *offer_ip = ofpbuf_try_pull(userdata, sizeof *offer_ip);
- if (!ofsp || !offer_ip) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "offset or offer_ip not present in the userdata");
- goto exit;
- }
-
- /* Check that the result is valid and writable. */
- struct mf_subfield dst = { .field = f, .ofs = ntohl(*ofsp), .n_bits = 1 };
- ofperr = mf_check_dst(&dst, NULL);
- if (ofperr) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "bad result bit (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- if (!userdata->size) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "DHCP options not present in the userdata");
- goto exit;
- }
-
- /* Validate the DHCP request packet.
- * Format of the DHCP packet is
- * ------------------------------------------------------------------------
- *| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var len)|
- * ------------------------------------------------------------------------
- */
-
- const char *end = (char *)dp_packet_l4(pkt_in) + dp_packet_l4_size(pkt_in);
- const char *in_dhcp_ptr = dp_packet_get_udp_payload(pkt_in);
- if (!in_dhcp_ptr) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Invalid or incomplete DHCP packet received");
- goto exit;
- }
-
- const struct dhcp_header *in_dhcp_data
- = (const struct dhcp_header *) in_dhcp_ptr;
- in_dhcp_ptr += sizeof *in_dhcp_data;
- if (in_dhcp_ptr > end) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Invalid or incomplete DHCP packet received, "
- "bad data length");
- goto exit;
- }
- if (in_dhcp_data->op != DHCP_OP_REQUEST) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Invalid opcode in the DHCP packet: %d",
- in_dhcp_data->op);
- goto exit;
- }
-
- /* DHCP options follow the DHCP header. The first 4 bytes of the DHCP
- * options is the DHCP magic cookie followed by the actual DHCP options.
- */
- ovs_be32 magic_cookie = htonl(DHCP_MAGIC_COOKIE);
- if (in_dhcp_ptr + sizeof magic_cookie > end ||
- get_unaligned_be32((const void *) in_dhcp_ptr) != magic_cookie) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "DHCP magic cookie not present in the DHCP packet");
- goto exit;
- }
- in_dhcp_ptr += sizeof magic_cookie;
-
- const uint8_t *in_dhcp_msg_type = NULL;
- ovs_be32 request_ip = in_dhcp_data->ciaddr;
- while (in_dhcp_ptr < end) {
- const struct dhcp_opt_header *in_dhcp_opt =
- (const struct dhcp_opt_header *)in_dhcp_ptr;
- if (in_dhcp_opt->code == DHCP_OPT_END) {
- break;
- }
- if (in_dhcp_opt->code == DHCP_OPT_PAD) {
- in_dhcp_ptr += 1;
- continue;
- }
- in_dhcp_ptr += sizeof *in_dhcp_opt;
- if (in_dhcp_ptr > end) {
- break;
- }
- in_dhcp_ptr += in_dhcp_opt->len;
- if (in_dhcp_ptr > end) {
- break;
- }
-
- switch (in_dhcp_opt->code) {
- case DHCP_OPT_MSG_TYPE:
- if (in_dhcp_opt->len == 1) {
- in_dhcp_msg_type = DHCP_OPT_PAYLOAD(in_dhcp_opt);
- }
- break;
- case DHCP_OPT_REQ_IP:
- if (in_dhcp_opt->len == 4) {
- request_ip = get_unaligned_be32(DHCP_OPT_PAYLOAD(in_dhcp_opt));
- }
- break;
- default:
- break;
- }
- }
-
- /* Check that the DHCP Message Type (opt 53) is present or not with
- * valid values - DHCP_MSG_DISCOVER or DHCP_MSG_REQUEST.
- */
- if (!in_dhcp_msg_type) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Missing DHCP message type");
- goto exit;
- }
- if (*in_dhcp_msg_type != DHCP_MSG_DISCOVER &&
- *in_dhcp_msg_type != DHCP_MSG_REQUEST) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Invalid DHCP message type: %d", *in_dhcp_msg_type);
- goto exit;
- }
-
- uint8_t msg_type;
- if (*in_dhcp_msg_type == DHCP_MSG_DISCOVER) {
- msg_type = DHCP_MSG_OFFER;
- } else {
- /* This is a DHCPREQUEST. If the client has requested an IP that
- * does not match the offered IP address, reply with a NAK. The
- * requested IP address may be supplied either via Requested IP Address
- * (opt 50) or via ciaddr, depending on the client's state.
- */
- msg_type = DHCP_MSG_ACK;
- if (request_ip != *offer_ip) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "DHCPREQUEST requested IP "IP_FMT" does not "
- "match offer "IP_FMT, IP_ARGS(request_ip),
- IP_ARGS(*offer_ip));
- msg_type = DHCP_MSG_NAK;
- }
- }
-
- /* Frame the DHCP reply packet
- * Total DHCP options length will be options stored in the userdata +
- * 16 bytes. Note that the DHCP options stored in userdata are not included
- * in DHCPNAK messages.
- *
- * --------------------------------------------------------------
- *| 4 Bytes (dhcp cookie) | 3 Bytes (option type) | DHCP options |
- * --------------------------------------------------------------
- *| 4 Bytes padding | 1 Byte (option end 0xFF ) | 4 Bytes padding|
- * --------------------------------------------------------------
- */
- uint16_t new_l4_size = UDP_HEADER_LEN + DHCP_HEADER_LEN + 16;
- if (msg_type != DHCP_MSG_NAK) {
- new_l4_size += userdata->size;
- }
- size_t new_packet_size = pkt_in->l4_ofs + new_l4_size;
-
- struct dp_packet pkt_out;
- dp_packet_init(&pkt_out, new_packet_size);
- dp_packet_clear(&pkt_out);
- dp_packet_prealloc_tailroom(&pkt_out, new_packet_size);
- pkt_out_ptr = &pkt_out;
-
- /* Copy the L2 and L3 headers from the pkt_in as they would remain same*/
- dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, pkt_in->l4_ofs), pkt_in->l4_ofs);
-
- pkt_out.l2_5_ofs = pkt_in->l2_5_ofs;
- pkt_out.l2_pad_size = pkt_in->l2_pad_size;
- pkt_out.l3_ofs = pkt_in->l3_ofs;
- pkt_out.l4_ofs = pkt_in->l4_ofs;
-
- struct udp_header *udp = dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, UDP_HEADER_LEN), UDP_HEADER_LEN);
-
- struct dhcp_header *dhcp_data = dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, DHCP_HEADER_LEN), DHCP_HEADER_LEN);
- dhcp_data->op = DHCP_OP_REPLY;
- dhcp_data->yiaddr = (msg_type == DHCP_MSG_NAK) ? 0 : *offer_ip;
- dp_packet_put(&pkt_out, &magic_cookie, sizeof(ovs_be32));
-
- uint16_t out_dhcp_opts_size = 12;
- if (msg_type != DHCP_MSG_NAK) {
- out_dhcp_opts_size += userdata->size;
- }
- uint8_t *out_dhcp_opts = dp_packet_put_zeros(&pkt_out,
- out_dhcp_opts_size);
- /* DHCP option - type */
- out_dhcp_opts[0] = DHCP_OPT_MSG_TYPE;
- out_dhcp_opts[1] = 1;
- out_dhcp_opts[2] = msg_type;
- out_dhcp_opts += 3;
-
- if (msg_type != DHCP_MSG_NAK) {
- memcpy(out_dhcp_opts, userdata->data, userdata->size);
- out_dhcp_opts += userdata->size;
- }
-
- /* Padding */
- out_dhcp_opts += 4;
- /* End */
- out_dhcp_opts[0] = DHCP_OPT_END;
-
- udp->udp_len = htons(new_l4_size);
-
- struct ip_header *out_ip = dp_packet_l3(&pkt_out);
- out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs + new_l4_size);
- udp->udp_csum = 0;
- /* Checksum needs to be initialized to zero. */
- out_ip->ip_csum = 0;
- out_ip->ip_csum = csum(out_ip, sizeof *out_ip);
-
- pin->packet = dp_packet_data(&pkt_out);
- pin->packet_len = dp_packet_size(&pkt_out);
-
- /* Log the response. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(20, 40);
- const struct eth_header *l2 = dp_packet_eth(&pkt_out);
- VLOG_INFO_RL(&rl, "DHCP%s "ETH_ADDR_FMT" "IP_FMT"",
- msg_type == DHCP_MSG_OFFER ? "OFFER" :
- (msg_type == DHCP_MSG_ACK ? "ACK": "NAK"),
- ETH_ADDR_ARGS(l2->eth_src), IP_ARGS(*offer_ip));
-
- success = 1;
-exit:
- if (!ofperr) {
- union mf_subvalue sv;
- sv.u8_val = success;
- mf_write_subfield(&dst, &sv, &pin->flow_metadata);
- }
- queue_msg(swconn, ofputil_encode_resume(pin, continuation, proto));
- if (pkt_out_ptr) {
- dp_packet_uninit(pkt_out_ptr);
- }
-}
-
-static bool
-compose_out_dhcpv6_opts(struct ofpbuf *userdata,
- struct ofpbuf *out_dhcpv6_opts, ovs_be32 iaid)
-{
- while (userdata->size) {
- struct dhcp_opt6_header *userdata_opt = ofpbuf_try_pull(
- userdata, sizeof *userdata_opt);
- if (!userdata_opt) {
- return false;
- }
-
- size_t size = ntohs(userdata_opt->size);
- uint8_t *userdata_opt_data = ofpbuf_try_pull(userdata, size);
- if (!userdata_opt_data) {
- return false;
- }
-
- switch (ntohs(userdata_opt->opt_code)) {
- case DHCPV6_OPT_SERVER_ID_CODE:
- {
- /* The Server Identifier option carries a DUID
- * identifying a server between a client and a server.
- * See RFC 3315 Sec 9 and Sec 22.3.
- *
- * We use DUID Based on Link-layer Address [DUID-LL].
- */
-
- struct dhcpv6_opt_server_id *opt_server_id = ofpbuf_put_zeros(
- out_dhcpv6_opts, sizeof *opt_server_id);
-
- opt_server_id->opt.code = htons(DHCPV6_OPT_SERVER_ID_CODE);
- opt_server_id->opt.len = htons(size + 4);
- opt_server_id->duid_type = htons(DHCPV6_DUID_LL);
- opt_server_id->hw_type = htons(DHCPV6_HW_TYPE_ETH);
- memcpy(&opt_server_id->mac, userdata_opt_data,
- sizeof(struct eth_addr));
- break;
- }
-
- case DHCPV6_OPT_IA_ADDR_CODE:
- {
- if (size != sizeof(struct in6_addr)) {
- return false;
- }
-
- if (!iaid) {
- /* If iaid is None, it means its an DHCPv6 information request.
- * Don't put IA_NA option in the response. */
- break;
- }
- /* IA Address option is used to specify IPv6 addresses associated
- * with an IA_NA or IA_TA. The IA Address option must be
- * encapsulated in the Options field of an IA_NA or IA_TA option.
- *
- * We will encapsulate the IA Address within the IA_NA option.
- * Please see RFC 3315 section 22.5 and 22.6
- */
- struct dhcpv6_opt_ia_na *opt_ia_na = ofpbuf_put_zeros(
- out_dhcpv6_opts, sizeof *opt_ia_na);
- opt_ia_na->opt.code = htons(DHCPV6_OPT_IA_NA_CODE);
- /* IA_NA length (in bytes)-
- * IAID - 4
- * T1 - 4
- * T2 - 4
- * IA Address - sizeof(struct dhcpv6_opt_ia_addr)
- */
- opt_ia_na->opt.len = htons(12 + sizeof(struct dhcpv6_opt_ia_addr));
- opt_ia_na->iaid = iaid;
- /* Set the lifetime of the address(es) to infinity */
- opt_ia_na->t1 = OVS_BE32_MAX;
- opt_ia_na->t2 = OVS_BE32_MAX;
-
- struct dhcpv6_opt_ia_addr *opt_ia_addr = ofpbuf_put_zeros(
- out_dhcpv6_opts, sizeof *opt_ia_addr);
- opt_ia_addr->opt.code = htons(DHCPV6_OPT_IA_ADDR_CODE);
- opt_ia_addr->opt.len = htons(size + 8);
- memcpy(opt_ia_addr->ipv6.s6_addr, userdata_opt_data, size);
- opt_ia_addr->t1 = OVS_BE32_MAX;
- opt_ia_addr->t2 = OVS_BE32_MAX;
- break;
- }
-
- case DHCPV6_OPT_DNS_SERVER_CODE:
- {
- struct dhcpv6_opt_header *opt_dns = ofpbuf_put_zeros(
- out_dhcpv6_opts, sizeof *opt_dns);
- opt_dns->code = htons(DHCPV6_OPT_DNS_SERVER_CODE);
- opt_dns->len = htons(size);
- ofpbuf_put(out_dhcpv6_opts, userdata_opt_data, size);
- break;
- }
-
- case DHCPV6_OPT_DOMAIN_SEARCH_CODE:
- {
- struct dhcpv6_opt_header *opt_dsl = ofpbuf_put_zeros(
- out_dhcpv6_opts, sizeof *opt_dsl);
- opt_dsl->code = htons(DHCPV6_OPT_DOMAIN_SEARCH_CODE);
- opt_dsl->len = htons(size + 2);
- uint8_t *data = ofpbuf_put_zeros(out_dhcpv6_opts, size + 2);
- *data = size;
- memcpy(data + 1, userdata_opt_data, size);
- break;
- }
-
- default:
- return false;
- }
- }
- return true;
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_put_dhcpv6_opts(
- struct rconn *swconn,
- struct dp_packet *pkt_in, struct ofputil_packet_in *pin,
- struct ofpbuf *userdata, struct ofpbuf *continuation OVS_UNUSED)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- struct dp_packet *pkt_out_ptr = NULL;
- uint32_t success = 0;
-
- /* Parse result field. */
- const struct mf_field *f;
- enum ofperr ofperr = nx_pull_header(userdata, NULL, &f, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result OXM (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- /* Parse result offset. */
- ovs_be32 *ofsp = ofpbuf_try_pull(userdata, sizeof *ofsp);
- if (!ofsp) {
- VLOG_WARN_RL(&rl, "offset not present in the userdata");
- goto exit;
- }
-
- /* Check that the result is valid and writable. */
- struct mf_subfield dst = { .field = f, .ofs = ntohl(*ofsp), .n_bits = 1 };
- ofperr = mf_check_dst(&dst, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result bit (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- if (!userdata->size) {
- VLOG_WARN_RL(&rl, "DHCPv6 options not present in the userdata");
- goto exit;
- }
-
- struct udp_header *in_udp = dp_packet_l4(pkt_in);
- const uint8_t *in_dhcpv6_data = dp_packet_get_udp_payload(pkt_in);
- if (!in_udp || !in_dhcpv6_data) {
- VLOG_WARN_RL(&rl, "truncated dhcpv6 packet");
- goto exit;
- }
-
- uint8_t out_dhcpv6_msg_type;
- uint8_t in_dhcpv6_msg_type = *in_dhcpv6_data;
- switch (in_dhcpv6_msg_type) {
- case DHCPV6_MSG_TYPE_SOLICIT:
- out_dhcpv6_msg_type = DHCPV6_MSG_TYPE_ADVT;
- break;
-
- case DHCPV6_MSG_TYPE_REQUEST:
- case DHCPV6_MSG_TYPE_CONFIRM:
- case DHCPV6_MSG_TYPE_DECLINE:
- case DHCPV6_MSG_TYPE_INFO_REQ:
- out_dhcpv6_msg_type = DHCPV6_MSG_TYPE_REPLY;
- break;
-
- default:
- /* Invalid or unsupported DHCPv6 message type */
- goto exit;
- }
-
- /* Skip 4 bytes (message type (1 byte) + transaction ID (3 bytes). */
- in_dhcpv6_data += 4;
- /* We need to extract IAID from the IA-NA option of the client's DHCPv6
- * solicit/request/confirm packet and copy the same IAID in the Server's
- * response.
- * DHCPv6 information packet (for stateless request will not have IA-NA
- * option. So we don't need to copy that in the Server's response.
- * */
- ovs_be32 iaid = 0;
- struct dhcpv6_opt_header const *in_opt_client_id = NULL;
- size_t udp_len = ntohs(in_udp->udp_len);
- size_t l4_len = dp_packet_l4_size(pkt_in);
- uint8_t *end = (uint8_t *)in_udp + MIN(udp_len, l4_len);
- while (in_dhcpv6_data < end) {
- struct dhcpv6_opt_header const *in_opt =
- (struct dhcpv6_opt_header *)in_dhcpv6_data;
- switch(ntohs(in_opt->code)) {
- case DHCPV6_OPT_IA_NA_CODE:
- {
- struct dhcpv6_opt_ia_na *opt_ia_na = (
- struct dhcpv6_opt_ia_na *)in_opt;
- iaid = opt_ia_na->iaid;
- break;
- }
-
- case DHCPV6_OPT_CLIENT_ID_CODE:
- in_opt_client_id = in_opt;
- break;
-
- default:
- break;
- }
- in_dhcpv6_data += sizeof *in_opt + ntohs(in_opt->len);
- }
-
- if (!in_opt_client_id) {
- VLOG_WARN_RL(&rl, "DHCPv6 option - Client id not present in the "
- "DHCPv6 packet");
- goto exit;
- }
-
- if (!iaid && in_dhcpv6_msg_type != DHCPV6_MSG_TYPE_INFO_REQ) {
- VLOG_WARN_RL(&rl, "DHCPv6 option - IA NA not present in the "
- "DHCPv6 packet");
- goto exit;
- }
-
- uint64_t out_ofpacts_dhcpv6_opts_stub[256 / 8];
- struct ofpbuf out_dhcpv6_opts =
- OFPBUF_STUB_INITIALIZER(out_ofpacts_dhcpv6_opts_stub);
-
- if (!compose_out_dhcpv6_opts(userdata, &out_dhcpv6_opts, iaid)) {
- VLOG_WARN_RL(&rl, "Invalid userdata");
- goto exit;
- }
-
- uint16_t new_l4_size
- = (UDP_HEADER_LEN + 4 + sizeof *in_opt_client_id +
- ntohs(in_opt_client_id->len) + out_dhcpv6_opts.size);
- size_t new_packet_size = pkt_in->l4_ofs + new_l4_size;
-
- struct dp_packet pkt_out;
- dp_packet_init(&pkt_out, new_packet_size);
- dp_packet_clear(&pkt_out);
- dp_packet_prealloc_tailroom(&pkt_out, new_packet_size);
- pkt_out_ptr = &pkt_out;
-
- /* Copy L2 and L3 headers from pkt_in. */
- dp_packet_put(&pkt_out, dp_packet_pull(pkt_in, pkt_in->l4_ofs),
- pkt_in->l4_ofs);
-
- pkt_out.l2_5_ofs = pkt_in->l2_5_ofs;
- pkt_out.l2_pad_size = pkt_in->l2_pad_size;
- pkt_out.l3_ofs = pkt_in->l3_ofs;
- pkt_out.l4_ofs = pkt_in->l4_ofs;
-
- /* Pull the DHCPv6 message type and transaction id from the pkt_in.
- * Need to preserve the transaction id in the DHCPv6 reply packet. */
- struct udp_header *out_udp = dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, UDP_HEADER_LEN), UDP_HEADER_LEN);
- uint8_t *out_dhcpv6 = dp_packet_put(&pkt_out, dp_packet_pull(pkt_in, 4), 4);
-
- /* Set the proper DHCPv6 message type. */
- *out_dhcpv6 = out_dhcpv6_msg_type;
-
- /* Copy the Client Identifier. */
- dp_packet_put(&pkt_out, in_opt_client_id,
- sizeof *in_opt_client_id + ntohs(in_opt_client_id->len));
-
- /* Copy the DHCPv6 Options. */
- dp_packet_put(&pkt_out, out_dhcpv6_opts.data, out_dhcpv6_opts.size);
- out_udp->udp_len = htons(new_l4_size);
- out_udp->udp_csum = 0;
-
- struct ovs_16aligned_ip6_hdr *out_ip6 = dp_packet_l3(&pkt_out);
- out_ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = out_udp->udp_len;
-
- uint32_t csum;
- csum = packet_csum_pseudoheader6(dp_packet_l3(&pkt_out));
- csum = csum_continue(csum, out_udp, dp_packet_size(&pkt_out) -
- ((const unsigned char *)out_udp -
- (const unsigned char *)dp_packet_eth(&pkt_out)));
- out_udp->udp_csum = csum_finish(csum);
- if (!out_udp->udp_csum) {
- out_udp->udp_csum = htons(0xffff);
- }
-
- pin->packet = dp_packet_data(&pkt_out);
- pin->packet_len = dp_packet_size(&pkt_out);
- ofpbuf_uninit(&out_dhcpv6_opts);
- success = 1;
-exit:
- if (!ofperr) {
- union mf_subvalue sv;
- sv.u8_val = success;
- mf_write_subfield(&dst, &sv, &pin->flow_metadata);
- }
- queue_msg(swconn, ofputil_encode_resume(pin, continuation, proto));
- dp_packet_uninit(pkt_out_ptr);
-}
-
-static void
-put_be16(struct ofpbuf *buf, ovs_be16 x)
-{
- ofpbuf_put(buf, &x, sizeof x);
-}
-
-static void
-put_be32(struct ofpbuf *buf, ovs_be32 x)
-{
- ofpbuf_put(buf, &x, sizeof x);
-}
-
-struct dns_data {
- uint64_t *dps;
- size_t n_dps;
- struct smap records;
- bool delete;
-};
-
-static struct shash dns_cache = SHASH_INITIALIZER(&dns_cache);
-
-/* Called by pinctrl_run(). Runs within the main ovn-controller
- * thread context. */
-static void
-sync_dns_cache(const struct sbrec_dns_table *dns_table)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct shash_node *iter;
- SHASH_FOR_EACH (iter, &dns_cache) {
- struct dns_data *d = iter->data;
- d->delete = true;
- }
-
- const struct sbrec_dns *sbrec_dns;
- SBREC_DNS_TABLE_FOR_EACH (sbrec_dns, dns_table) {
- const char *dns_id = smap_get(&sbrec_dns->external_ids, "dns_id");
- if (!dns_id) {
- continue;
- }
-
- struct dns_data *dns_data = shash_find_data(&dns_cache, dns_id);
- if (!dns_data) {
- dns_data = xmalloc(sizeof *dns_data);
- smap_init(&dns_data->records);
- shash_add(&dns_cache, dns_id, dns_data);
- dns_data->n_dps = 0;
- dns_data->dps = NULL;
- } else {
- free(dns_data->dps);
- }
-
- dns_data->delete = false;
-
- if (!smap_equal(&dns_data->records, &sbrec_dns->records)) {
- smap_clear(&dns_data->records);
- smap_clone(&dns_data->records, &sbrec_dns->records);
- }
-
- dns_data->n_dps = sbrec_dns->n_datapaths;
- dns_data->dps = xcalloc(dns_data->n_dps, sizeof(uint64_t));
- for (size_t i = 0; i < sbrec_dns->n_datapaths; i++) {
- dns_data->dps[i] = sbrec_dns->datapaths[i]->tunnel_key;
- }
- }
-
- struct shash_node *next;
- SHASH_FOR_EACH_SAFE (iter, next, &dns_cache) {
- struct dns_data *d = iter->data;
- if (d->delete) {
- shash_delete(&dns_cache, iter);
- free(d);
- }
- }
-}
-
-static void
-destroy_dns_cache(void)
-{
- struct shash_node *iter, *next;
- SHASH_FOR_EACH_SAFE (iter, next, &dns_cache) {
- struct dns_data *d = iter->data;
- shash_delete(&dns_cache, iter);
- free(d);
- }
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_dns_lookup(
- struct rconn *swconn,
- struct dp_packet *pkt_in, struct ofputil_packet_in *pin,
- struct ofpbuf *userdata, struct ofpbuf *continuation)
- OVS_REQUIRES(pinctrl_mutex)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- struct dp_packet *pkt_out_ptr = NULL;
- uint32_t success = 0;
-
- /* Parse result field. */
- const struct mf_field *f;
- enum ofperr ofperr = nx_pull_header(userdata, NULL, &f, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result OXM (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- /* Parse result offset. */
- ovs_be32 *ofsp = ofpbuf_try_pull(userdata, sizeof *ofsp);
- if (!ofsp) {
- VLOG_WARN_RL(&rl, "offset not present in the userdata");
- goto exit;
- }
-
- /* Check that the result is valid and writable. */
- struct mf_subfield dst = { .field = f, .ofs = ntohl(*ofsp), .n_bits = 1 };
- ofperr = mf_check_dst(&dst, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result bit (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- /* Check that the packet stores at least the minimal headers. */
- if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN + DNS_HEADER_LEN)) {
- VLOG_WARN_RL(&rl, "truncated dns packet");
- goto exit;
- }
-
- /* Extract the DNS header */
- struct dns_header const *in_dns_header = dp_packet_get_udp_payload(pkt_in);
- if (!in_dns_header) {
- VLOG_WARN_RL(&rl, "truncated dns packet");
- goto exit;
- }
-
- /* Check if it is DNS request or not */
- if (in_dns_header->lo_flag & 0x80) {
- /* It's a DNS response packet which we are not interested in */
- goto exit;
- }
-
- /* Check if at least one query request is present */
- if (!in_dns_header->qdcount) {
- goto exit;
- }
-
- struct udp_header *in_udp = dp_packet_l4(pkt_in);
- size_t udp_len = ntohs(in_udp->udp_len);
- size_t l4_len = dp_packet_l4_size(pkt_in);
- uint8_t *end = (uint8_t *)in_udp + MIN(udp_len, l4_len);
- uint8_t *in_dns_data = (uint8_t *)(in_dns_header + 1);
- uint8_t *in_queryname = in_dns_data;
- uint16_t idx = 0;
- struct ds query_name;
- ds_init(&query_name);
- /* Extract the query_name. If the query name is - 'www.ovn.org' it would be
- * encoded as (in hex) - 03 77 77 77 03 6f 76 63 03 6f 72 67 00.
- */
- while ((in_dns_data + idx) < end && in_dns_data[idx]) {
- uint8_t label_len = in_dns_data[idx++];
- if (in_dns_data + idx + label_len > end) {
- ds_destroy(&query_name);
- goto exit;
- }
- ds_put_buffer(&query_name, (const char *) in_dns_data + idx, label_len);
- idx += label_len;
- ds_put_char(&query_name, '.');
- }
-
- idx++;
- ds_chomp(&query_name, '.');
- in_dns_data += idx;
-
- /* Query should have TYPE and CLASS fields */
- if (in_dns_data + (2 * sizeof(ovs_be16)) > end) {
- ds_destroy(&query_name);
- goto exit;
- }
-
- uint16_t query_type = ntohs(*ALIGNED_CAST(const ovs_be16 *, in_dns_data));
- /* Supported query types - A, AAAA and ANY */
- if (!(query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_AAAA
- || query_type == DNS_QUERY_TYPE_ANY)) {
- ds_destroy(&query_name);
- goto exit;
- }
-
- uint64_t dp_key = ntohll(pin->flow_metadata.flow.metadata);
- const char *answer_ips = NULL;
- struct shash_node *iter;
- SHASH_FOR_EACH (iter, &dns_cache) {
- struct dns_data *d = iter->data;
- for (size_t i = 0; i < d->n_dps; i++) {
- if (d->dps[i] == dp_key) {
- answer_ips = smap_get(&d->records, ds_cstr(&query_name));
- if (answer_ips) {
- break;
- }
- }
- }
-
- if (answer_ips) {
- break;
- }
- }
-
- ds_destroy(&query_name);
- if (!answer_ips) {
- goto exit;
- }
-
- struct lport_addresses ip_addrs;
- if (!extract_ip_addresses(answer_ips, &ip_addrs)) {
- goto exit;
- }
-
- uint16_t ancount = 0;
- uint64_t dns_ans_stub[128 / 8];
- struct ofpbuf dns_answer = OFPBUF_STUB_INITIALIZER(dns_ans_stub);
-
- if (query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_ANY) {
- for (size_t i = 0; i < ip_addrs.n_ipv4_addrs; i++) {
- /* Copy the answer section */
- /* Format of the answer section is
- * - NAME -> The domain name
- * - TYPE -> 2 octets containing one of the RR type codes
- * - CLASS -> 2 octets which specify the class of the data
- * in the RDATA field.
- * - TTL -> 32 bit unsigned int specifying the time
- * interval (in secs) that the resource record
- * may be cached before it should be discarded.
- * - RDLENGTH -> 16 bit integer specifying the length of the
- * RDATA field.
- * - RDATA -> a variable length string of octets that
- * describes the resource. In our case it will
- * be IP address of the domain name.
- */
- ofpbuf_put(&dns_answer, in_queryname, idx);
- put_be16(&dns_answer, htons(DNS_QUERY_TYPE_A));
- put_be16(&dns_answer, htons(DNS_CLASS_IN));
- put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL));
- put_be16(&dns_answer, htons(sizeof(ovs_be32)));
- put_be32(&dns_answer, ip_addrs.ipv4_addrs[i].addr);
- ancount++;
- }
- }
-
- if (query_type == DNS_QUERY_TYPE_AAAA ||
- query_type == DNS_QUERY_TYPE_ANY) {
- for (size_t i = 0; i < ip_addrs.n_ipv6_addrs; i++) {
- ofpbuf_put(&dns_answer, in_queryname, idx);
- put_be16(&dns_answer, htons(DNS_QUERY_TYPE_AAAA));
- put_be16(&dns_answer, htons(DNS_CLASS_IN));
- put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL));
- const struct in6_addr *ip6 = &ip_addrs.ipv6_addrs[i].addr;
- put_be16(&dns_answer, htons(sizeof *ip6));
- ofpbuf_put(&dns_answer, ip6, sizeof *ip6);
- ancount++;
- }
- }
-
- destroy_lport_addresses(&ip_addrs);
-
- if (!ancount) {
- ofpbuf_uninit(&dns_answer);
- goto exit;
- }
-
- uint16_t new_l4_size = ntohs(in_udp->udp_len) + dns_answer.size;
- size_t new_packet_size = pkt_in->l4_ofs + new_l4_size;
- struct dp_packet pkt_out;
- dp_packet_init(&pkt_out, new_packet_size);
- dp_packet_clear(&pkt_out);
- dp_packet_prealloc_tailroom(&pkt_out, new_packet_size);
- pkt_out_ptr = &pkt_out;
-
- /* Copy the L2 and L3 headers from the pkt_in as they would remain same.*/
- dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, pkt_in->l4_ofs), pkt_in->l4_ofs);
-
- pkt_out.l2_5_ofs = pkt_in->l2_5_ofs;
- pkt_out.l2_pad_size = pkt_in->l2_pad_size;
- pkt_out.l3_ofs = pkt_in->l3_ofs;
- pkt_out.l4_ofs = pkt_in->l4_ofs;
-
- struct udp_header *out_udp = dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, UDP_HEADER_LEN), UDP_HEADER_LEN);
-
- /* Copy the DNS header. */
- struct dns_header *out_dns_header = dp_packet_put(
- &pkt_out, dp_packet_pull(pkt_in, sizeof *out_dns_header),
- sizeof *out_dns_header);
-
- /* Set the response bit to 1 in the flags. */
- out_dns_header->lo_flag |= 0x80;
-
- /* Set the answer RR. */
- out_dns_header->ancount = htons(ancount);
-
- /* Copy the Query section. */
- dp_packet_put(&pkt_out, dp_packet_data(pkt_in), dp_packet_size(pkt_in));
-
- /* Copy the answer sections. */
- dp_packet_put(&pkt_out, dns_answer.data, dns_answer.size);
- ofpbuf_uninit(&dns_answer);
-
- out_udp->udp_len = htons(new_l4_size);
- out_udp->udp_csum = 0;
-
- struct eth_header *eth = dp_packet_data(&pkt_out);
- if (eth->eth_type == htons(ETH_TYPE_IP)) {
- struct ip_header *out_ip = dp_packet_l3(&pkt_out);
- out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs
- + new_l4_size);
- /* Checksum needs to be initialized to zero. */
- out_ip->ip_csum = 0;
- out_ip->ip_csum = csum(out_ip, sizeof *out_ip);
- } else {
- struct ovs_16aligned_ip6_hdr *nh = dp_packet_l3(&pkt_out);
- nh->ip6_plen = htons(new_l4_size);
-
- /* IPv6 needs UDP checksum calculated */
- uint32_t csum;
- csum = packet_csum_pseudoheader6(nh);
- csum = csum_continue(csum, out_udp, dp_packet_size(&pkt_out) -
- ((const unsigned char *)out_udp -
- (const unsigned char *)eth));
- out_udp->udp_csum = csum_finish(csum);
- if (!out_udp->udp_csum) {
- out_udp->udp_csum = htons(0xffff);
- }
- }
-
- pin->packet = dp_packet_data(&pkt_out);
- pin->packet_len = dp_packet_size(&pkt_out);
-
- success = 1;
-exit:
- if (!ofperr) {
- union mf_subvalue sv;
- sv.u8_val = success;
- mf_write_subfield(&dst, &sv, &pin->flow_metadata);
- }
- queue_msg(swconn, ofputil_encode_resume(pin, continuation, proto));
- dp_packet_uninit(pkt_out_ptr);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-process_packet_in(struct rconn *swconn, const struct ofp_header *msg)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-
- struct ofputil_packet_in pin;
- struct ofpbuf continuation;
- enum ofperr error = ofputil_decode_packet_in(msg, true, NULL, NULL, &pin,
- NULL, NULL, &continuation);
-
- if (error) {
- VLOG_WARN_RL(&rl, "error decoding packet-in: %s",
- ofperr_to_string(error));
- return;
- }
- if (pin.reason != OFPR_ACTION) {
- return;
- }
-
- struct ofpbuf userdata = ofpbuf_const_initializer(pin.userdata,
- pin.userdata_len);
- const struct action_header *ah = ofpbuf_pull(&userdata, sizeof *ah);
- if (!ah) {
- VLOG_WARN_RL(&rl, "packet-in userdata lacks action header");
- return;
- }
-
- struct dp_packet packet;
- dp_packet_use_const(&packet, pin.packet, pin.packet_len);
- struct flow headers;
- flow_extract(&packet, &headers);
-
- switch (ntohl(ah->opcode)) {
- case ACTION_OPCODE_ARP:
- pinctrl_handle_arp(swconn, &headers, &packet, &pin.flow_metadata,
- &userdata);
- break;
- case ACTION_OPCODE_IGMP:
- pinctrl_ip_mcast_handle_igmp(swconn, &headers, &packet,
- &pin.flow_metadata, &userdata);
- break;
-
- case ACTION_OPCODE_PUT_ARP:
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_put_mac_binding(&pin.flow_metadata.flow, &headers,
- true);
- ovs_mutex_unlock(&pinctrl_mutex);
- break;
-
- case ACTION_OPCODE_PUT_DHCP_OPTS:
- pinctrl_handle_put_dhcp_opts(swconn, &packet, &pin, &userdata,
- &continuation);
- break;
-
- case ACTION_OPCODE_ND_NA:
- pinctrl_handle_nd_na(swconn, &headers, &pin.flow_metadata, &userdata,
- false);
- break;
-
- case ACTION_OPCODE_ND_NA_ROUTER:
- pinctrl_handle_nd_na(swconn, &headers, &pin.flow_metadata, &userdata,
- true);
- break;
-
- case ACTION_OPCODE_PUT_ND:
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_put_mac_binding(&pin.flow_metadata.flow, &headers,
- false);
- ovs_mutex_unlock(&pinctrl_mutex);
- break;
-
- case ACTION_OPCODE_PUT_DHCPV6_OPTS:
- pinctrl_handle_put_dhcpv6_opts(swconn, &packet, &pin, &userdata,
- &continuation);
- break;
-
- case ACTION_OPCODE_DNS_LOOKUP:
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_dns_lookup(swconn, &packet, &pin, &userdata,
- &continuation);
- ovs_mutex_unlock(&pinctrl_mutex);
- break;
-
- case ACTION_OPCODE_LOG:
- handle_acl_log(&headers, &userdata);
- break;
-
- case ACTION_OPCODE_PUT_ND_RA_OPTS:
- pinctrl_handle_put_nd_ra_opts(swconn, &headers, &packet, &pin,
- &userdata, &continuation);
- break;
-
- case ACTION_OPCODE_ND_NS:
- pinctrl_handle_nd_ns(swconn, &headers, &packet, &pin.flow_metadata,
- &userdata);
- break;
-
- case ACTION_OPCODE_ICMP:
- pinctrl_handle_icmp(swconn, &headers, &packet, &pin.flow_metadata,
- &userdata, false);
- break;
-
- case ACTION_OPCODE_ICMP4_ERROR:
- pinctrl_handle_icmp(swconn, &headers, &packet, &pin.flow_metadata,
- &userdata, true);
- break;
-
- case ACTION_OPCODE_TCP_RESET:
- pinctrl_handle_tcp_reset(swconn, &headers, &packet, &pin.flow_metadata,
- &userdata);
- break;
-
- case ACTION_OPCODE_PUT_ICMP4_FRAG_MTU:
- pinctrl_handle_put_icmp4_frag_mtu(swconn, &headers, &packet,
- &pin, &userdata, &continuation);
- break;
-
- case ACTION_OPCODE_EVENT:
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_event(&userdata);
- ovs_mutex_unlock(&pinctrl_mutex);
- break;
-
- default:
- VLOG_WARN_RL(&rl, "unrecognized packet-in opcode %"PRIu32,
- ntohl(ah->opcode));
- break;
- }
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_recv(struct rconn *swconn, const struct ofp_header *oh,
- enum ofptype type)
-{
- if (type == OFPTYPE_ECHO_REQUEST) {
- queue_msg(swconn, ofputil_encode_echo_reply(oh));
- } else if (type == OFPTYPE_GET_CONFIG_REPLY) {
- /* Enable asynchronous messages */
- struct ofputil_switch_config config;
-
- ofputil_decode_get_config_reply(oh, &config);
- config.miss_send_len = UINT16_MAX;
- set_switch_config(swconn, &config);
- } else if (type == OFPTYPE_PACKET_IN) {
- process_packet_in(swconn, oh);
- } else {
- if (VLOG_IS_DBG_ENABLED()) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
-
- char *s = ofp_to_string(oh, ntohs(oh->length), NULL, NULL, 2);
-
- VLOG_DBG_RL(&rl, "OpenFlow packet ignored: %s", s);
- free(s);
- }
- }
-}
-
-/* Called with in the main ovn-controller thread context. */
-static void
-notify_pinctrl_handler(void)
-{
- seq_change(pinctrl_handler_seq);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-notify_pinctrl_main(void)
-{
- seq_change(pinctrl_main_seq);
-}
-
-/* pinctrl_handler pthread function. */
-static void *
-pinctrl_handler(void *arg_)
-{
- struct pinctrl *pctrl = arg_;
- /* OpenFlow connection to the switch. */
- struct rconn *swconn;
- /* Last seen sequence number for 'swconn'. When this differs from
- * rconn_get_connection_seqno(rconn), 'swconn' has reconnected. */
- unsigned int conn_seq_no = 0;
-
- char *br_int_name = NULL;
- uint64_t new_seq;
-
- /* Next IPV6 RA in seconds. */
- static long long int send_ipv6_ra_time = LLONG_MAX;
- /* Next GARP announcement in ms. */
- static long long int send_garp_time = LLONG_MAX;
- /* Next multicast query (IGMP) in ms. */
- static long long int send_mcast_query_time = LLONG_MAX;
-
- swconn = rconn_create(5, 0, DSCP_DEFAULT, 1 << OFP13_VERSION);
-
- while (!latch_is_set(&pctrl->pinctrl_thread_exit)) {
- if (pctrl->br_int_name) {
- if (!br_int_name || strcmp(br_int_name, pctrl->br_int_name)) {
- free(br_int_name);
- br_int_name = xstrdup(pctrl->br_int_name);
- }
- }
-
- if (br_int_name) {
- char *target;
-
- target = xasprintf("unix:%s/%s.mgmt", ovs_rundir(), br_int_name);
- if (strcmp(target, rconn_get_target(swconn))) {
- VLOG_INFO("%s: connecting to switch", target);
- rconn_connect(swconn, target, target);
- }
- free(target);
- } else {
- rconn_disconnect(swconn);
- }
-
- ovs_mutex_lock(&pinctrl_mutex);
- ip_mcast_snoop_run();
- ovs_mutex_unlock(&pinctrl_mutex);
-
- rconn_run(swconn);
- if (rconn_is_connected(swconn)) {
- if (conn_seq_no != rconn_get_connection_seqno(swconn)) {
- pinctrl_setup(swconn);
- conn_seq_no = rconn_get_connection_seqno(swconn);
- }
-
- for (int i = 0; i < 50; i++) {
- struct ofpbuf *msg = rconn_recv(swconn);
- if (!msg) {
- break;
- }
-
- const struct ofp_header *oh = msg->data;
- enum ofptype type;
-
- ofptype_decode(&type, oh);
- pinctrl_recv(swconn, oh, type);
- ofpbuf_delete(msg);
- }
-
- if (may_inject_pkts()) {
- ovs_mutex_lock(&pinctrl_mutex);
- send_garp_run(swconn, &send_garp_time);
- send_ipv6_ras(swconn, &send_ipv6_ra_time);
- send_mac_binding_buffered_pkts(swconn);
- ovs_mutex_unlock(&pinctrl_mutex);
-
- ip_mcast_querier_run(swconn, &send_mcast_query_time);
- }
- }
-
- rconn_run_wait(swconn);
- rconn_recv_wait(swconn);
- send_garp_wait(send_garp_time);
- ipv6_ra_wait(send_ipv6_ra_time);
- ip_mcast_querier_wait(send_mcast_query_time);
-
- new_seq = seq_read(pinctrl_handler_seq);
- seq_wait(pinctrl_handler_seq, new_seq);
-
- latch_wait(&pctrl->pinctrl_thread_exit);
- poll_block();
- }
-
- free(br_int_name);
- rconn_destroy(swconn);
- return NULL;
-}
-
-/* Called by ovn-controller. */
-void
-pinctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- struct ovsdb_idl_index *sbrec_igmp_groups,
- struct ovsdb_idl_index *sbrec_ip_multicast_opts,
- const struct sbrec_dns_table *dns_table,
- const struct sbrec_controller_event_table *ce_table,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- const struct sset *active_tunnels)
-{
- ovs_mutex_lock(&pinctrl_mutex);
- if (br_int && (!pinctrl.br_int_name || strcmp(pinctrl.br_int_name,
- br_int->name))) {
- if (pinctrl.br_int_name) {
- free(pinctrl.br_int_name);
- }
- pinctrl.br_int_name = xstrdup(br_int->name);
- /* Notify pinctrl_handler that integration bridge is
- * set/changed. */
- notify_pinctrl_handler();
- }
- run_put_mac_bindings(ovnsb_idl_txn, sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_key,
- sbrec_mac_binding_by_lport_ip);
- send_garp_prepare(sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name, br_int, chassis,
- local_datapaths, active_tunnels);
- prepare_ipv6_ras(sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name, local_datapaths);
- sync_dns_cache(dns_table);
- controller_event_run(ovnsb_idl_txn, ce_table, chassis);
- ip_mcast_sync(ovnsb_idl_txn, chassis, local_datapaths,
- sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_key,
- sbrec_igmp_groups,
- sbrec_ip_multicast_opts);
- run_buffered_binding(sbrec_port_binding_by_datapath,
- sbrec_mac_binding_by_lport_ip,
- local_datapaths);
- ovs_mutex_unlock(&pinctrl_mutex);
-}
-
-/* Table of ipv6_ra_state structures, keyed on logical port name.
- * Protected by pinctrl_mutex. */
-static struct shash ipv6_ras;
-
-struct ipv6_ra_config {
- time_t min_interval;
- time_t max_interval;
- struct eth_addr eth_src;
- struct eth_addr eth_dst;
- struct in6_addr ipv6_src;
- struct in6_addr ipv6_dst;
- int32_t mtu;
- uint8_t mo_flags; /* Managed/Other flags for RAs */
- uint8_t la_flags; /* On-link/autonomous flags for address prefixes */
- struct lport_addresses prefixes;
-};
-
-struct ipv6_ra_state {
- long long int next_announce;
- struct ipv6_ra_config *config;
- int64_t port_key;
- int64_t metadata;
- bool delete_me;
-};
-
-static void
-init_ipv6_ras(void)
-{
- shash_init(&ipv6_ras);
-}
-
-static void
-ipv6_ra_config_delete(struct ipv6_ra_config *config)
-{
- if (config) {
- destroy_lport_addresses(&config->prefixes);
- free(config);
- }
-}
-
-static void
-ipv6_ra_delete(struct ipv6_ra_state *ra)
-{
- if (ra) {
- ipv6_ra_config_delete(ra->config);
- free(ra);
- }
-}
-
-static void
-destroy_ipv6_ras(void)
-{
- struct shash_node *iter, *next;
- SHASH_FOR_EACH_SAFE (iter, next, &ipv6_ras) {
- struct ipv6_ra_state *ra = iter->data;
- ipv6_ra_delete(ra);
- shash_delete(&ipv6_ras, iter);
- }
- shash_destroy(&ipv6_ras);
-}
-
-static struct ipv6_ra_config *
-ipv6_ra_update_config(const struct sbrec_port_binding *pb)
-{
- struct ipv6_ra_config *config;
-
- config = xzalloc(sizeof *config);
-
- config->max_interval = smap_get_int(&pb->options, "ipv6_ra_max_interval",
- ND_RA_MAX_INTERVAL_DEFAULT);
- config->min_interval = smap_get_int(&pb->options, "ipv6_ra_min_interval",
- nd_ra_min_interval_default(config->max_interval));
- config->mtu = smap_get_int(&pb->options, "ipv6_ra_mtu", ND_MTU_DEFAULT);
- config->la_flags = IPV6_ND_RA_OPT_PREFIX_ON_LINK;
-
- const char *address_mode = smap_get(&pb->options, "ipv6_ra_address_mode");
- if (!address_mode) {
- VLOG_WARN("No address mode specified");
- goto fail;
- }
- if (!strcmp(address_mode, "dhcpv6_stateless")) {
- config->mo_flags = IPV6_ND_RA_FLAG_OTHER_ADDR_CONFIG;
- config->la_flags |= IPV6_ND_RA_OPT_PREFIX_AUTONOMOUS;
- } else if (!strcmp(address_mode, "dhcpv6_stateful")) {
- config->mo_flags = IPV6_ND_RA_FLAG_MANAGED_ADDR_CONFIG;
- } else if (!strcmp(address_mode, "slaac")) {
- config->la_flags |= IPV6_ND_RA_OPT_PREFIX_AUTONOMOUS;
- } else {
- VLOG_WARN("Invalid address mode %s", address_mode);
- goto fail;
- }
-
- const char *prefixes = smap_get(&pb->options, "ipv6_ra_prefixes");
- if (prefixes && !extract_ip_addresses(prefixes, &config->prefixes)) {
- VLOG_WARN("Invalid IPv6 prefixes: %s", prefixes);
- goto fail;
- }
-
- /* All nodes multicast addresses */
- config->eth_dst = (struct eth_addr) ETH_ADDR_C(33,33,00,00,00,01);
- ipv6_parse("ff02::1", &config->ipv6_dst);
-
- const char *eth_addr = smap_get(&pb->options, "ipv6_ra_src_eth");
- if (!eth_addr || !eth_addr_from_string(eth_addr, &config->eth_src)) {
- VLOG_WARN("Invalid ethernet source %s", eth_addr);
- goto fail;
- }
- const char *ip_addr = smap_get(&pb->options, "ipv6_ra_src_addr");
- if (!ip_addr || !ipv6_parse(ip_addr, &config->ipv6_src)) {
- VLOG_WARN("Invalid IP source %s", ip_addr);
- goto fail;
- }
-
- return config;
-
-fail:
- ipv6_ra_config_delete(config);
- return NULL;
-}
-
-static long long int
-ipv6_ra_calc_next_announce(time_t min_interval, time_t max_interval)
-{
- long long int min_interval_ms = min_interval * 1000LL;
- long long int max_interval_ms = max_interval * 1000LL;
-
- return time_msec() + min_interval_ms +
- random_range(max_interval_ms - min_interval_ms);
-}
-
-static void
-put_load(uint64_t value, enum mf_field_id dst, int ofs, int n_bits,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_set_field *sf = ofpact_put_set_field(ofpacts,
- mf_from_id(dst), NULL,
- NULL);
- ovs_be64 n_value = htonll(value);
- bitwise_copy(&n_value, 8, 0, sf->value, sf->field->n_bytes, ofs, n_bits);
- bitwise_one(ofpact_set_field_mask(sf), sf->field->n_bytes, ofs, n_bits);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static long long int
-ipv6_ra_send(struct rconn *swconn, struct ipv6_ra_state *ra)
-{
- if (time_msec() < ra->next_announce) {
- return ra->next_announce;
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- compose_nd_ra(&packet, ra->config->eth_src, ra->config->eth_dst,
- &ra->config->ipv6_src, &ra->config->ipv6_dst,
- 255, ra->config->mo_flags, htons(IPV6_ND_RA_LIFETIME), 0, 0,
- ra->config->mtu);
-
- for (int i = 0; i < ra->config->prefixes.n_ipv6_addrs; i++) {
- ovs_be128 addr;
- memcpy(&addr, &ra->config->prefixes.ipv6_addrs[i].addr, sizeof addr);
- packet_put_ra_prefix_opt(&packet,
- ra->config->prefixes.ipv6_addrs[i].plen,
- ra->config->la_flags, htonl(IPV6_ND_RA_OPT_PREFIX_VALID_LIFETIME),
- htonl(IPV6_ND_RA_OPT_PREFIX_PREFERRED_LIFETIME), addr);
- }
-
- uint64_t ofpacts_stub[4096 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
-
- /* Set MFF_LOG_DATAPATH and MFF_LOG_INPORT. */
- uint32_t dp_key = ra->metadata;
- uint32_t port_key = ra->port_key;
- put_load(dp_key, MFF_LOG_DATAPATH, 0, 64, &ofpacts);
- put_load(port_key, MFF_LOG_INPORT, 0, 32, &ofpacts);
- put_load(1, MFF_LOG_FLAGS, MLF_LOCAL_ONLY_BIT, 1, &ofpacts);
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts);
- resubmit->in_port = OFPP_CONTROLLER;
- resubmit->table_id = OFTABLE_LOG_INGRESS_PIPELINE;
-
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(&packet),
- .packet_len = dp_packet_size(&packet),
- .buffer_id = UINT32_MAX,
- .ofpacts = ofpacts.data,
- .ofpacts_len = ofpacts.size,
- };
-
- match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
- dp_packet_uninit(&packet);
- ofpbuf_uninit(&ofpacts);
-
- ra->next_announce = ipv6_ra_calc_next_announce(ra->config->min_interval,
- ra->config->max_interval);
-
- return ra->next_announce;
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-ipv6_ra_wait(long long int send_ipv6_ra_time)
-{
- /* Set the poll timer for next IPv6 RA only if IPv6 RAs needs to
- * be sent. */
- if (!shash_is_empty(&ipv6_ras)) {
- poll_timer_wait_until(send_ipv6_ra_time);
- }
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-send_ipv6_ras(struct rconn *swconn, long long int *send_ipv6_ra_time)
- OVS_REQUIRES(pinctrl_mutex)
-{
- *send_ipv6_ra_time = LLONG_MAX;
- struct shash_node *iter;
- SHASH_FOR_EACH (iter, &ipv6_ras) {
- struct ipv6_ra_state *ra = iter->data;
- long long int next_ra = ipv6_ra_send(swconn, ra);
- if (*send_ipv6_ra_time > next_ra) {
- *send_ipv6_ra_time = next_ra;
- }
- }
-}
-
-/* Called by pinctrl_run(). Runs with in the main ovn-controller
- * thread context. */
-static void
-prepare_ipv6_ras(struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct hmap *local_datapaths)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct shash_node *iter, *iter_next;
-
- SHASH_FOR_EACH (iter, &ipv6_ras) {
- struct ipv6_ra_state *ra = iter->data;
- ra->delete_me = true;
- }
-
- bool changed = false;
- const struct local_datapath *ld;
- HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
- struct sbrec_port_binding *target = sbrec_port_binding_index_init_row(
- sbrec_port_binding_by_datapath);
- sbrec_port_binding_index_set_datapath(target, ld->datapath);
-
- struct sbrec_port_binding *pb;
- SBREC_PORT_BINDING_FOR_EACH_EQUAL (pb, target,
- sbrec_port_binding_by_datapath) {
- if (!smap_get_bool(&pb->options, "ipv6_ra_send_periodic", false)) {
- continue;
- }
-
- const char *peer_s = smap_get(&pb->options, "peer");
- if (!peer_s) {
- continue;
- }
-
- const struct sbrec_port_binding *peer
- = lport_lookup_by_name(sbrec_port_binding_by_name, peer_s);
- if (!peer) {
- continue;
- }
-
- struct ipv6_ra_config *config = ipv6_ra_update_config(pb);
- if (!config) {
- continue;
- }
-
- struct ipv6_ra_state *ra
- = shash_find_data(&ipv6_ras, pb->logical_port);
- if (!ra) {
- ra = xzalloc(sizeof *ra);
- ra->config = config;
- ra->next_announce = ipv6_ra_calc_next_announce(
- ra->config->min_interval,
- ra->config->max_interval);
- shash_add(&ipv6_ras, pb->logical_port, ra);
- changed = true;
- } else {
- if (config->min_interval != ra->config->min_interval ||
- config->max_interval != ra->config->max_interval)
- ra->next_announce = ipv6_ra_calc_next_announce(
- config->min_interval,
- config->max_interval);
- ipv6_ra_config_delete(ra->config);
- ra->config = config;
- }
-
- /* Peer is the logical switch port that the logical
- * router port is connected to. The RA is injected
- * into that logical switch port.
- */
- ra->port_key = peer->tunnel_key;
- ra->metadata = peer->datapath->tunnel_key;
- ra->delete_me = false;
-
- /* pinctrl_handler thread will send the IPv6 RAs. */
- }
- sbrec_port_binding_index_destroy_row(target);
- }
-
- /* Remove those that are no longer in the SB database */
- SHASH_FOR_EACH_SAFE (iter, iter_next, &ipv6_ras) {
- struct ipv6_ra_state *ra = iter->data;
- if (ra->delete_me) {
- shash_delete(&ipv6_ras, iter);
- ipv6_ra_delete(ra);
- }
- }
-
- if (changed) {
- notify_pinctrl_handler();
- }
-
-}
-
-/* Called by pinctrl_run(). Runs with in the main ovn-controller
- * thread context. */
-void
-pinctrl_wait(struct ovsdb_idl_txn *ovnsb_idl_txn)
-{
- wait_put_mac_bindings(ovnsb_idl_txn);
- wait_controller_event(ovnsb_idl_txn);
- int64_t new_seq = seq_read(pinctrl_main_seq);
- seq_wait(pinctrl_main_seq, new_seq);
-}
-
-/* Called by ovn-controller. */
-void
-pinctrl_destroy(void)
-{
- latch_set(&pinctrl.pinctrl_thread_exit);
- pthread_join(pinctrl.pinctrl_thread, NULL);
- latch_destroy(&pinctrl.pinctrl_thread_exit);
- free(pinctrl.br_int_name);
- destroy_send_garps();
- destroy_ipv6_ras();
- destroy_buffered_packets_map();
- event_table_destroy();
- destroy_put_mac_bindings();
- destroy_dns_cache();
- ip_mcast_snoop_destroy();
- seq_destroy(pinctrl_main_seq);
- seq_destroy(pinctrl_handler_seq);
-}
-
-/* Implementation of the "put_arp" and "put_nd" OVN actions. These
- * actions send a packet to ovn-controller, using the flow as an API
- * (see actions.h for details). This code implements the actions by
- * updating the MAC_Binding table in the southbound database.
- *
- * This code could be a lot simpler if the database could always be updated,
- * but in fact we can only update it when 'ovnsb_idl_txn' is nonnull. Thus,
- * we buffer up a few put_mac_bindings (but we don't keep them longer
- * than 1 second) and apply them whenever a database transaction is
- * available. */
-
-/* Buffered "put_mac_binding" operation. */
-struct put_mac_binding {
- struct hmap_node hmap_node; /* In 'put_mac_bindings'. */
-
- /* Key. */
- uint32_t dp_key;
- uint32_t port_key;
- struct in6_addr ip_key;
-
- /* Value. */
- struct eth_addr mac;
-};
-
-/* Contains "struct put_mac_binding"s. */
-static struct hmap put_mac_bindings;
-
-static void
-init_put_mac_bindings(void)
-{
- hmap_init(&put_mac_bindings);
-}
-
-static void
-destroy_put_mac_bindings(void)
-{
- flush_put_mac_bindings();
- hmap_destroy(&put_mac_bindings);
-}
-
-static struct put_mac_binding *
-pinctrl_find_put_mac_binding(uint32_t dp_key, uint32_t port_key,
- const struct in6_addr *ip_key, uint32_t hash)
-{
- struct put_mac_binding *pa;
- HMAP_FOR_EACH_WITH_HASH (pa, hmap_node, hash, &put_mac_bindings) {
- if (pa->dp_key == dp_key
- && pa->port_key == port_key
- && IN6_ARE_ADDR_EQUAL(&pa->ip_key, ip_key)) {
- return pa;
- }
- }
- return NULL;
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_put_mac_binding(const struct flow *md,
- const struct flow *headers,
- bool is_arp)
- OVS_REQUIRES(pinctrl_mutex)
-{
- uint32_t dp_key = ntohll(md->metadata);
- uint32_t port_key = md->regs[MFF_LOG_INPORT - MFF_REG0];
- struct in6_addr ip_key;
-
- if (is_arp) {
- ip_key = in6_addr_mapped_ipv4(htonl(md->regs[0]));
- } else {
- ovs_be128 ip6 = hton128(flow_get_xxreg(md, 0));
- memcpy(&ip_key, &ip6, sizeof ip_key);
- }
- uint32_t hash = hash_bytes(&ip_key, sizeof ip_key,
- hash_2words(dp_key, port_key));
- struct put_mac_binding *pmb
- = pinctrl_find_put_mac_binding(dp_key, port_key, &ip_key, hash);
- if (!pmb) {
- if (hmap_count(&put_mac_bindings) >= 1000) {
- COVERAGE_INC(pinctrl_drop_put_mac_binding);
- return;
- }
-
- pmb = xmalloc(sizeof *pmb);
- hmap_insert(&put_mac_bindings, &pmb->hmap_node, hash);
- pmb->dp_key = dp_key;
- pmb->port_key = port_key;
- pmb->ip_key = ip_key;
- }
- pmb->mac = headers->dl_src;
-
- /* We can send the buffered packet once the main ovn-controller
- * thread calls pinctrl_run() and it writes the mac_bindings stored
- * in 'put_mac_bindings' hmap into the Southbound MAC_Binding table. */
- notify_pinctrl_main();
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-send_mac_binding_buffered_pkts(struct rconn *swconn)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct buffered_packets *bp;
- LIST_FOR_EACH_POP (bp, list, &buffered_mac_bindings) {
- buffered_send_packets(swconn, bp, &bp->ea);
- free(bp);
- }
- ovs_list_init(&buffered_mac_bindings);
-}
-
-static const struct sbrec_mac_binding *
-mac_binding_lookup(struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- const char *logical_port,
- const char *ip)
-{
- struct sbrec_mac_binding *mb = sbrec_mac_binding_index_init_row(
- sbrec_mac_binding_by_lport_ip);
- sbrec_mac_binding_index_set_logical_port(mb, logical_port);
- sbrec_mac_binding_index_set_ip(mb, ip);
-
- const struct sbrec_mac_binding *retval
- = sbrec_mac_binding_index_find(sbrec_mac_binding_by_lport_ip,
- mb);
-
- sbrec_mac_binding_index_destroy_row(mb);
-
- return retval;
-}
-
-static void
-run_put_mac_binding(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- const struct put_mac_binding *pmb)
-{
- /* Convert logical datapath and logical port key into lport. */
- const struct sbrec_port_binding *pb = lport_lookup_by_key(
- sbrec_datapath_binding_by_key, sbrec_port_binding_by_key,
- pmb->dp_key, pmb->port_key);
- if (!pb) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-
- VLOG_WARN_RL(&rl, "unknown logical port with datapath %"PRIu32" "
- "and port %"PRIu32, pmb->dp_key, pmb->port_key);
- return;
- }
-
- /* Convert ethernet argument to string form for database. */
- char mac_string[ETH_ADDR_STRLEN + 1];
- snprintf(mac_string, sizeof mac_string,
- ETH_ADDR_FMT, ETH_ADDR_ARGS(pmb->mac));
-
- struct ds ip_s = DS_EMPTY_INITIALIZER;
- ipv6_format_mapped(&pmb->ip_key, &ip_s);
-
- /* Update or add an IP-MAC binding for this logical port. */
- const struct sbrec_mac_binding *b =
- mac_binding_lookup(sbrec_mac_binding_by_lport_ip, pb->logical_port,
- ds_cstr(&ip_s));
- if (!b) {
- b = sbrec_mac_binding_insert(ovnsb_idl_txn);
- sbrec_mac_binding_set_logical_port(b, pb->logical_port);
- sbrec_mac_binding_set_ip(b, ds_cstr(&ip_s));
- sbrec_mac_binding_set_mac(b, mac_string);
- sbrec_mac_binding_set_datapath(b, pb->datapath);
- } else if (strcmp(b->mac, mac_string)) {
- sbrec_mac_binding_set_mac(b, mac_string);
- }
- ds_destroy(&ip_s);
-}
-
-/* Called by pinctrl_run(). Runs with in the main ovn-controller
- * thread context. */
-static void
-run_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip)
- OVS_REQUIRES(pinctrl_mutex)
-{
- if (!ovnsb_idl_txn) {
- return;
- }
-
- const struct put_mac_binding *pmb;
- HMAP_FOR_EACH (pmb, hmap_node, &put_mac_bindings) {
- run_put_mac_binding(ovnsb_idl_txn, sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_key,
- sbrec_mac_binding_by_lport_ip,
- pmb);
- }
- flush_put_mac_bindings();
-}
-
-static void
-run_buffered_binding(struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- const struct hmap *local_datapaths)
- OVS_REQUIRES(pinctrl_mutex)
-{
- const struct local_datapath *ld;
- bool notify = false;
-
- HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
- struct sbrec_port_binding *target = sbrec_port_binding_index_init_row(
- sbrec_port_binding_by_datapath);
- sbrec_port_binding_index_set_datapath(target, ld->datapath);
-
- const struct sbrec_port_binding *pb;
- SBREC_PORT_BINDING_FOR_EACH_EQUAL (pb, target,
- sbrec_port_binding_by_datapath) {
- struct buffered_packets *cur_qp, *next_qp;
- HMAP_FOR_EACH_SAFE (cur_qp, next_qp, hmap_node,
- &buffered_packets_map) {
- struct ds ip_s = DS_EMPTY_INITIALIZER;
- ipv6_format_mapped(&cur_qp->ip, &ip_s);
- const struct sbrec_mac_binding *b = mac_binding_lookup(
- sbrec_mac_binding_by_lport_ip, pb->logical_port,
- ds_cstr(&ip_s));
- if (b && ovs_scan(b->mac, ETH_ADDR_SCAN_FMT,
- ETH_ADDR_SCAN_ARGS(cur_qp->ea))) {
- hmap_remove(&buffered_packets_map, &cur_qp->hmap_node);
- ovs_list_push_back(&buffered_mac_bindings, &cur_qp->list);
- notify = true;
- }
- ds_destroy(&ip_s);
- }
- }
- sbrec_port_binding_index_destroy_row(target);
- }
- buffered_packets_map_gc();
-
- if (notify) {
- notify_pinctrl_handler();
- }
-}
-
-static void
-wait_put_mac_bindings(struct ovsdb_idl_txn *ovnsb_idl_txn)
-{
- if (ovnsb_idl_txn && !hmap_is_empty(&put_mac_bindings)) {
- poll_immediate_wake();
- }
-}
-
-static void
-flush_put_mac_bindings(void)
-{
- struct put_mac_binding *pmb;
- HMAP_FOR_EACH_POP (pmb, hmap_node, &put_mac_bindings) {
- free(pmb);
- }
-}
-
-/*
- * Send gratuitous ARP for vif on localnet.
- *
- * When a new vif on localnet is added, gratuitous ARPs are sent announcing
- * the port's mac,ip mapping. On localnet, such announcements are needed for
- * switches and routers on the broadcast segment to update their port-mac
- * and ARP tables.
- */
-struct garp_data {
- struct eth_addr ea; /* Ethernet address of port. */
- ovs_be32 ipv4; /* Ipv4 address of port. */
- long long int announce_time; /* Next announcement in ms. */
- int backoff; /* Backoff for the next announcement. */
- uint32_t dp_key; /* Datapath used to output this GARP. */
- uint32_t port_key; /* Port to inject the GARP into. */
-};
-
-/* Contains GARPs to be sent. Protected by pinctrl_mutex*/
-static struct shash send_garp_data;
-
-static void
-init_send_garps(void)
-{
- shash_init(&send_garp_data);
-}
-
-static void
-destroy_send_garps(void)
-{
- shash_destroy_free_data(&send_garp_data);
-}
-
-/* Runs with in the main ovn-controller thread context. */
-static void
-add_garp(const char *name, const struct eth_addr ea, ovs_be32 ip,
- uint32_t dp_key, uint32_t port_key)
-{
- struct garp_data *garp = xmalloc(sizeof *garp);
- garp->ea = ea;
- garp->ipv4 = ip;
- garp->announce_time = time_msec() + 1000;
- garp->backoff = 1;
- garp->dp_key = dp_key;
- garp->port_key = port_key;
- shash_add(&send_garp_data, name, garp);
-
- /* Notify pinctrl_handler so that it can wakeup and process
- * these GARP requests. */
- notify_pinctrl_handler();
-}
-
-/* Add or update a vif for which GARPs need to be announced. */
-static void
-send_garp_update(const struct sbrec_port_binding *binding_rec,
- struct shash *nat_addresses)
-{
- volatile struct garp_data *garp = NULL;
- /* Update GARP for NAT IP if it exists. Consider port bindings with type
- * "l3gateway" for logical switch ports attached to gateway routers, and
- * port bindings with type "patch" for logical switch ports attached to
- * distributed gateway ports. */
- if (!strcmp(binding_rec->type, "l3gateway")
- || !strcmp(binding_rec->type, "patch")) {
- struct lport_addresses *laddrs = NULL;
- while ((laddrs = shash_find_and_delete(nat_addresses,
- binding_rec->logical_port))) {
- int i;
- for (i = 0; i < laddrs->n_ipv4_addrs; i++) {
- char *name = xasprintf("%s-%s", binding_rec->logical_port,
- laddrs->ipv4_addrs[i].addr_s);
- garp = shash_find_data(&send_garp_data, name);
- if (garp) {
- garp->dp_key = binding_rec->datapath->tunnel_key;
- garp->port_key = binding_rec->tunnel_key;
- } else {
- add_garp(name, laddrs->ea,
- laddrs->ipv4_addrs[i].addr,
- binding_rec->datapath->tunnel_key,
- binding_rec->tunnel_key);
- }
- free(name);
- }
- destroy_lport_addresses(laddrs);
- free(laddrs);
- }
- return;
- }
-
- /* Update GARP for vif if it exists. */
- garp = shash_find_data(&send_garp_data, binding_rec->logical_port);
- if (garp) {
- garp->dp_key = binding_rec->datapath->tunnel_key;
- garp->port_key = binding_rec->tunnel_key;
- return;
- }
-
- /* Add GARP for new vif. */
- int i;
- for (i = 0; i < binding_rec->n_mac; i++) {
- struct lport_addresses laddrs;
- if (!extract_lsp_addresses(binding_rec->mac[i], &laddrs)
- || !laddrs.n_ipv4_addrs) {
- continue;
- }
-
- add_garp(binding_rec->logical_port,
- laddrs.ea, laddrs.ipv4_addrs[0].addr,
- binding_rec->datapath->tunnel_key, binding_rec->tunnel_key);
-
- destroy_lport_addresses(&laddrs);
- break;
- }
-}
-
-/* Remove a vif from GARP announcements. */
-static void
-send_garp_delete(const char *lport)
-{
- struct garp_data *garp = shash_find_and_delete(&send_garp_data, lport);
- free(garp);
- notify_pinctrl_handler();
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static long long int
-send_garp(struct rconn *swconn, struct garp_data *garp,
- long long int current_time)
- OVS_REQUIRES(pinctrl_mutex)
-{
- if (current_time < garp->announce_time) {
- return garp->announce_time;
- }
-
- /* Compose a GARP request packet. */
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- compose_arp(&packet, ARP_OP_REQUEST, garp->ea, eth_addr_zero,
- true, garp->ipv4, garp->ipv4);
-
- /* Inject GARP request. */
- uint64_t ofpacts_stub[4096 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
- enum ofp_version version = rconn_get_version(swconn);
- put_load(garp->dp_key, MFF_LOG_DATAPATH, 0, 64, &ofpacts);
- put_load(garp->port_key, MFF_LOG_INPORT, 0, 32, &ofpacts);
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts);
- resubmit->in_port = OFPP_CONTROLLER;
- resubmit->table_id = OFTABLE_LOG_INGRESS_PIPELINE;
-
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(&packet),
- .packet_len = dp_packet_size(&packet),
- .buffer_id = UINT32_MAX,
- .ofpacts = ofpacts.data,
- .ofpacts_len = ofpacts.size,
- };
- match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
- dp_packet_uninit(&packet);
- ofpbuf_uninit(&ofpacts);
-
- /* Set the next announcement. At most 5 announcements are sent for a
- * vif. */
- if (garp->backoff < 16) {
- garp->backoff *= 2;
- garp->announce_time = current_time + garp->backoff * 1000;
- } else {
- garp->announce_time = LLONG_MAX;
- }
- return garp->announce_time;
-}
-
-/*
- * Multicast snooping configuration.
- */
-struct ip_mcast_snoop_cfg {
- bool enabled;
- bool querier_enabled;
-
- uint32_t table_size; /* Max number of allowed multicast groups. */
- uint32_t idle_time_s; /* Idle timeout for multicast groups. */
- uint32_t query_interval_s; /* Multicast query interval. */
- uint32_t query_max_resp_s; /* Multicast query max-response field. */
- uint32_t seq_no; /* Used for flushing learnt groups. */
-
- struct eth_addr query_eth_src; /* Src ETH address used for queries. */
- struct eth_addr query_eth_dst; /* Dst ETH address used for queries. */
- ovs_be32 query_ipv4_src; /* Src IPv4 address used for queries. */
- ovs_be32 query_ipv4_dst; /* Dsc IPv4 address used for queries. */
-};
-
-/*
- * Holds per-datapath information about multicast snooping. Maintained by
- * pinctrl_handler().
- */
-struct ip_mcast_snoop {
- struct hmap_node hmap_node; /* Linkage in the hash map. */
- struct ovs_list query_node; /* Linkage in the query list. */
- struct ip_mcast_snoop_cfg cfg; /* Multicast configuration. */
- struct mcast_snooping *ms; /* Multicast group state. */
- int64_t dp_key; /* Datapath running the snooping. */
-
- long long int query_time_ms; /* Next query time in ms. */
-};
-
-/*
- * Holds the per-datapath multicast configuration state. Maintained by
- * pinctrl_run().
- */
-struct ip_mcast_snoop_state {
- struct hmap_node hmap_node;
- int64_t dp_key;
- struct ip_mcast_snoop_cfg cfg;
-};
-
-/* Only default vlan supported for now. */
-#define IP_MCAST_VLAN 1
-
-/* Multicast snooping information stored independently by datapath key.
- * Protected by pinctrl_mutex. pinctrl_handler has RW access and pinctrl_main
- * has RO access.
- */
-static struct hmap mcast_snoop_map OVS_GUARDED_BY(pinctrl_mutex);
-
-/* Contains multicast queries to be sent. Only used by pinctrl_handler so no
- * locking needed.
- */
-static struct ovs_list mcast_query_list;
-
-/* Multicast config information stored independently by datapath key.
- * Protected by pinctrl_mutex. pinctrl_handler has RO access and pinctrl_main
- * has RW access. Read accesses from pinctrl_ip_mcast_handle_igmp() can be
- * performed without taking the lock as they are executed in the pinctrl_main
- * thread.
- */
-static struct hmap mcast_cfg_map OVS_GUARDED_BY(pinctrl_mutex);
-
-static void
-ip_mcast_snoop_cfg_load(struct ip_mcast_snoop_cfg *cfg,
- const struct sbrec_ip_multicast *ip_mcast)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-
- memset(cfg, 0, sizeof *cfg);
- cfg->enabled =
- (ip_mcast->enabled && ip_mcast->enabled[0]);
- cfg->querier_enabled =
- (cfg->enabled && ip_mcast->querier && ip_mcast->querier[0]);
-
- if (ip_mcast->table_size) {
- cfg->table_size = ip_mcast->table_size[0];
- } else {
- cfg->table_size = OVN_MCAST_DEFAULT_MAX_ENTRIES;
- }
-
- if (ip_mcast->idle_timeout) {
- cfg->idle_time_s = ip_mcast->idle_timeout[0];
- } else {
- cfg->idle_time_s = OVN_MCAST_DEFAULT_IDLE_TIMEOUT_S;
- }
-
- if (ip_mcast->query_interval) {
- cfg->query_interval_s = ip_mcast->query_interval[0];
- } else {
- cfg->query_interval_s = cfg->idle_time_s / 2;
- if (cfg->query_interval_s < OVN_MCAST_MIN_QUERY_INTERVAL_S) {
- cfg->query_interval_s = OVN_MCAST_MIN_QUERY_INTERVAL_S;
- }
- }
-
- if (ip_mcast->query_max_resp) {
- cfg->query_max_resp_s = ip_mcast->query_max_resp[0];
- } else {
- cfg->query_max_resp_s = OVN_MCAST_DEFAULT_QUERY_MAX_RESPONSE_S;
- }
-
- cfg->seq_no = ip_mcast->seq_no;
-
- if (cfg->querier_enabled) {
- /* Try to parse the source ETH address. */
- if (!ip_mcast->eth_src ||
- !eth_addr_from_string(ip_mcast->eth_src,
- &cfg->query_eth_src)) {
- VLOG_WARN_RL(&rl,
- "IGMP Querier enabled with invalid ETH src address");
- /* Failed to parse the IPv4 source address. Disable the querier. */
- cfg->querier_enabled = false;
- }
-
- /* Try to parse the source IP address. */
- if (!ip_mcast->ip4_src ||
- !ip_parse(ip_mcast->ip4_src, &cfg->query_ipv4_src)) {
- VLOG_WARN_RL(&rl,
- "IGMP Querier enabled with invalid IPv4 src address");
- /* Failed to parse the IPv4 source address. Disable the querier. */
- cfg->querier_enabled = false;
- }
-
- /* IGMP queries must be sent to 224.0.0.1. */
- cfg->query_eth_dst =
- (struct eth_addr)ETH_ADDR_C(01, 00, 5E, 00, 00, 01);
- cfg->query_ipv4_dst = htonl(0xe0000001);
- }
-}
-
-static uint32_t
-ip_mcast_snoop_hash(int64_t dp_key)
-{
- return hash_uint64(dp_key);
-}
-
-static struct ip_mcast_snoop_state *
-ip_mcast_snoop_state_add(int64_t dp_key)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct ip_mcast_snoop_state *ms_state = xmalloc(sizeof *ms_state);
-
- ms_state->dp_key = dp_key;
- hmap_insert(&mcast_cfg_map, &ms_state->hmap_node,
- ip_mcast_snoop_hash(dp_key));
- return ms_state;
-}
-
-static struct ip_mcast_snoop_state *
-ip_mcast_snoop_state_find(int64_t dp_key)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct ip_mcast_snoop_state *ms_state;
- uint32_t hash = ip_mcast_snoop_hash(dp_key);
-
- HMAP_FOR_EACH_WITH_HASH (ms_state, hmap_node, hash, &mcast_cfg_map) {
- if (ms_state->dp_key == dp_key) {
- return ms_state;
- }
- }
- return NULL;
-}
-
-static bool
-ip_mcast_snoop_state_update(int64_t dp_key,
- const struct ip_mcast_snoop_cfg *cfg)
- OVS_REQUIRES(pinctrl_mutex)
-{
- bool notify = false;
- struct ip_mcast_snoop_state *ms_state = ip_mcast_snoop_state_find(dp_key);
-
- if (!ms_state) {
- ms_state = ip_mcast_snoop_state_add(dp_key);
- notify = true;
- } else if (memcmp(cfg, &ms_state->cfg, sizeof *cfg)) {
- notify = true;
- }
-
- ms_state->cfg = *cfg;
- return notify;
-}
-
-static void
-ip_mcast_snoop_state_remove(struct ip_mcast_snoop_state *ms_state)
- OVS_REQUIRES(pinctrl_mutex)
-{
- hmap_remove(&mcast_cfg_map, &ms_state->hmap_node);
- free(ms_state);
-}
-
-static bool
-ip_mcast_snoop_enable(struct ip_mcast_snoop *ip_ms)
-{
- if (ip_ms->cfg.enabled) {
- return true;
- }
-
- ip_ms->ms = mcast_snooping_create();
- return ip_ms->ms != NULL;
-}
-
-static void
-ip_mcast_snoop_flush(struct ip_mcast_snoop *ip_ms)
-{
- if (!ip_ms->cfg.enabled) {
- return;
- }
-
- mcast_snooping_flush(ip_ms->ms);
-}
-
-static void
-ip_mcast_snoop_disable(struct ip_mcast_snoop *ip_ms)
-{
- if (!ip_ms->cfg.enabled) {
- return;
- }
-
- mcast_snooping_unref(ip_ms->ms);
- ip_ms->ms = NULL;
-}
-
-static bool
-ip_mcast_snoop_configure(struct ip_mcast_snoop *ip_ms,
- const struct ip_mcast_snoop_cfg *cfg)
-{
- if (cfg->enabled) {
- if (!ip_mcast_snoop_enable(ip_ms)) {
- return false;
- }
- if (ip_ms->cfg.seq_no != cfg->seq_no) {
- ip_mcast_snoop_flush(ip_ms);
- }
-
- if (ip_ms->cfg.querier_enabled && !cfg->querier_enabled) {
- ovs_list_remove(&ip_ms->query_node);
- } else if (!ip_ms->cfg.querier_enabled && cfg->querier_enabled) {
- ovs_list_push_back(&mcast_query_list, &ip_ms->query_node);
- }
- } else {
- ip_mcast_snoop_disable(ip_ms);
- goto set_fields;
- }
-
- ovs_rwlock_wrlock(&ip_ms->ms->rwlock);
- if (cfg->table_size != ip_ms->cfg.table_size) {
- mcast_snooping_set_max_entries(ip_ms->ms, cfg->table_size);
- }
-
- if (cfg->idle_time_s != ip_ms->cfg.idle_time_s) {
- mcast_snooping_set_idle_time(ip_ms->ms, cfg->idle_time_s);
- }
- ovs_rwlock_unlock(&ip_ms->ms->rwlock);
-
- if (cfg->query_interval_s != ip_ms->cfg.query_interval_s) {
- long long int now = time_msec();
-
- if (ip_ms->query_time_ms > now + cfg->query_interval_s * 1000) {
- ip_ms->query_time_ms = now;
- }
- }
-
-set_fields:
- memcpy(&ip_ms->cfg, cfg, sizeof ip_ms->cfg);
- return true;
-}
-
-static struct ip_mcast_snoop *
-ip_mcast_snoop_add(int64_t dp_key, const struct ip_mcast_snoop_cfg *cfg)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct ip_mcast_snoop *ip_ms = xzalloc(sizeof *ip_ms);
-
- ip_ms->dp_key = dp_key;
- if (!ip_mcast_snoop_configure(ip_ms, cfg)) {
- free(ip_ms);
- return NULL;
- }
-
- hmap_insert(&mcast_snoop_map, &ip_ms->hmap_node,
- ip_mcast_snoop_hash(dp_key));
- return ip_ms;
-}
-
-static struct ip_mcast_snoop *
-ip_mcast_snoop_find(int64_t dp_key)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct ip_mcast_snoop *ip_ms;
-
- HMAP_FOR_EACH_WITH_HASH (ip_ms, hmap_node, ip_mcast_snoop_hash(dp_key),
- &mcast_snoop_map) {
- if (ip_ms->dp_key == dp_key) {
- return ip_ms;
- }
- }
- return NULL;
-}
-
-static void
-ip_mcast_snoop_remove(struct ip_mcast_snoop *ip_ms)
- OVS_REQUIRES(pinctrl_mutex)
-{
- hmap_remove(&mcast_snoop_map, &ip_ms->hmap_node);
-
- if (ip_ms->cfg.querier_enabled) {
- ovs_list_remove(&ip_ms->query_node);
- }
-
- ip_mcast_snoop_disable(ip_ms);
- free(ip_ms);
-}
-
-static void
-ip_mcast_snoop_init(void)
- OVS_NO_THREAD_SAFETY_ANALYSIS
-{
- hmap_init(&mcast_snoop_map);
- ovs_list_init(&mcast_query_list);
- hmap_init(&mcast_cfg_map);
-}
-
-static void
-ip_mcast_snoop_destroy(void)
- OVS_NO_THREAD_SAFETY_ANALYSIS
-{
- struct ip_mcast_snoop *ip_ms, *ip_ms_next;
-
- HMAP_FOR_EACH_SAFE (ip_ms, ip_ms_next, hmap_node, &mcast_snoop_map) {
- ip_mcast_snoop_remove(ip_ms);
- }
- hmap_destroy(&mcast_snoop_map);
-
- struct ip_mcast_snoop_state *ip_ms_state;
-
- HMAP_FOR_EACH_POP (ip_ms_state, hmap_node, &mcast_cfg_map) {
- free(ip_ms_state);
- }
-}
-
-static void
-ip_mcast_snoop_run(void)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct ip_mcast_snoop *ip_ms, *ip_ms_next;
-
- /* First read the config updated by pinctrl_main. If there's any new or
- * updated config then apply it.
- */
- struct ip_mcast_snoop_state *ip_ms_state;
-
- HMAP_FOR_EACH (ip_ms_state, hmap_node, &mcast_cfg_map) {
- ip_ms = ip_mcast_snoop_find(ip_ms_state->dp_key);
-
- if (!ip_ms) {
- ip_mcast_snoop_add(ip_ms_state->dp_key, &ip_ms_state->cfg);
- } else if (memcmp(&ip_ms_state->cfg, &ip_ms->cfg,
- sizeof ip_ms_state->cfg)) {
- ip_mcast_snoop_configure(ip_ms, &ip_ms_state->cfg);
- }
- }
-
- bool notify = false;
-
- /* Then walk the multicast snoop instances. */
- HMAP_FOR_EACH_SAFE (ip_ms, ip_ms_next, hmap_node, &mcast_snoop_map) {
-
- /* Delete the stale ones. */
- if (!ip_mcast_snoop_state_find(ip_ms->dp_key)) {
- ip_mcast_snoop_remove(ip_ms);
- continue;
- }
-
- /* If enabled run the snooping instance to timeout old groups. */
- if (ip_ms->cfg.enabled) {
- if (mcast_snooping_run(ip_ms->ms)) {
- notify = true;
- }
-
- mcast_snooping_wait(ip_ms->ms);
- }
- }
-
- if (notify) {
- notify_pinctrl_main();
- }
-}
-
-/*
- * This runs in the pinctrl main thread, so it has access to the southbound
- * database. It reads the IP_Multicast table and updates the local multicast
- * configuration. Then writes to the southbound database the updated
- * IGMP_Groups.
- */
-static void
-ip_mcast_sync(struct ovsdb_idl_txn *ovnsb_idl_txn,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_igmp_groups,
- struct ovsdb_idl_index *sbrec_ip_multicast)
- OVS_REQUIRES(pinctrl_mutex)
-{
- bool notify = false;
-
- if (!ovnsb_idl_txn || !chassis) {
- return;
- }
-
- struct sbrec_ip_multicast *ip_mcast;
- struct ip_mcast_snoop_state *ip_ms_state, *ip_ms_state_next;
-
- /* First read and update our own local multicast configuration for the
- * local datapaths.
- */
- SBREC_IP_MULTICAST_FOR_EACH_BYINDEX (ip_mcast, sbrec_ip_multicast) {
-
- int64_t dp_key = ip_mcast->datapath->tunnel_key;
- struct ip_mcast_snoop_cfg cfg;
-
- ip_mcast_snoop_cfg_load(&cfg, ip_mcast);
- if (ip_mcast_snoop_state_update(dp_key, &cfg)) {
- notify = true;
- }
- }
-
- /* Then delete the old entries. */
- HMAP_FOR_EACH_SAFE (ip_ms_state, ip_ms_state_next, hmap_node,
- &mcast_cfg_map) {
- if (!get_local_datapath(local_datapaths, ip_ms_state->dp_key)) {
- ip_mcast_snoop_state_remove(ip_ms_state);
- notify = true;
- }
- }
-
- const struct sbrec_igmp_group *sbrec_igmp;
-
- /* Then flush any IGMP_Group entries that are not needed anymore:
- * - either multicast snooping was disabled on the datapath
- * - or the group has expired.
- */
- SBREC_IGMP_GROUP_FOR_EACH_BYINDEX (sbrec_igmp, sbrec_igmp_groups) {
- ovs_be32 group_addr;
-
- if (!sbrec_igmp->datapath) {
- continue;
- }
-
- int64_t dp_key = sbrec_igmp->datapath->tunnel_key;
- struct ip_mcast_snoop *ip_ms = ip_mcast_snoop_find(dp_key);
-
- /* If the datapath doesn't exist anymore or IGMP snooping was disabled
- * on it then delete the IGMP_Group entry.
- */
- if (!ip_ms || !ip_ms->cfg.enabled) {
- igmp_group_delete(sbrec_igmp);
- continue;
- }
-
- if (!ip_parse(sbrec_igmp->address, &group_addr)) {
- continue;
- }
-
- ovs_rwlock_rdlock(&ip_ms->ms->rwlock);
- struct mcast_group *mc_group =
- mcast_snooping_lookup4(ip_ms->ms, group_addr,
- IP_MCAST_VLAN);
-
- if (!mc_group || ovs_list_is_empty(&mc_group->bundle_lru)) {
- igmp_group_delete(sbrec_igmp);
- }
- ovs_rwlock_unlock(&ip_ms->ms->rwlock);
- }
-
- struct ip_mcast_snoop *ip_ms, *ip_ms_next;
-
- /* Last: write new IGMP_Groups to the southbound DB and update existing
- * ones (if needed). We also flush any old per-datapath multicast snoop
- * structures.
- */
- HMAP_FOR_EACH_SAFE (ip_ms, ip_ms_next, hmap_node, &mcast_snoop_map) {
- /* Flush any non-local snooping datapaths (e.g., stale). */
- struct local_datapath *local_dp =
- get_local_datapath(local_datapaths, ip_ms->dp_key);
-
- if (!local_dp) {
- continue;
- }
-
- /* Skip datapaths on which snooping is disabled. */
- if (!ip_ms->cfg.enabled) {
- continue;
- }
-
- struct mcast_group *mc_group;
-
- ovs_rwlock_rdlock(&ip_ms->ms->rwlock);
- LIST_FOR_EACH (mc_group, group_node, &ip_ms->ms->group_lru) {
- if (ovs_list_is_empty(&mc_group->bundle_lru)) {
- continue;
- }
- sbrec_igmp = igmp_group_lookup(sbrec_igmp_groups, &mc_group->addr,
- local_dp->datapath, chassis);
- if (!sbrec_igmp) {
- sbrec_igmp = igmp_group_create(ovnsb_idl_txn, &mc_group->addr,
- local_dp->datapath, chassis);
- }
-
- igmp_group_update_ports(sbrec_igmp, sbrec_datapath_binding_by_key,
- sbrec_port_binding_by_key, ip_ms->ms,
- mc_group);
- }
- ovs_rwlock_unlock(&ip_ms->ms->rwlock);
- }
-
- if (notify) {
- notify_pinctrl_handler();
- }
-}
-
-static void
-pinctrl_ip_mcast_handle_igmp(struct rconn *swconn OVS_UNUSED,
- const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md,
- struct ofpbuf *userdata OVS_UNUSED)
- OVS_NO_THREAD_SAFETY_ANALYSIS
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-
- /* This action only works for IP packets, and the switch should only send
- * us IP packets this way, but check here just to be sure.
- */
- if (ip_flow->dl_type != htons(ETH_TYPE_IP)) {
- VLOG_WARN_RL(&rl,
- "IGMP action on non-IP packet (eth_type 0x%"PRIx16")",
- ntohs(ip_flow->dl_type));
- return;
- }
-
- int64_t dp_key = ntohll(md->flow.metadata);
- uint32_t port_key = md->flow.regs[MFF_LOG_INPORT - MFF_REG0];
-
- const struct igmp_header *igmp;
- size_t offset;
-
- offset = (char *) dp_packet_l4(pkt_in) - (char *) dp_packet_data(pkt_in);
- igmp = dp_packet_at(pkt_in, offset, IGMP_HEADER_LEN);
- if (!igmp || csum(igmp, dp_packet_l4_size(pkt_in)) != 0) {
- VLOG_WARN_RL(&rl, "multicast snooping received bad IGMP checksum");
- return;
- }
-
- ovs_be32 ip4 = ip_flow->igmp_group_ip4;
-
- struct ip_mcast_snoop *ip_ms = ip_mcast_snoop_find(dp_key);
- if (!ip_ms || !ip_ms->cfg.enabled) {
- /* IGMP snooping is not configured or is disabled. */
- return;
- }
-
- void *port_key_data = (void *)(uintptr_t)port_key;
-
- bool group_change = false;
-
- ovs_rwlock_wrlock(&ip_ms->ms->rwlock);
- switch (ntohs(ip_flow->tp_src)) {
- /* Only default VLAN is supported for now. */
- case IGMP_HOST_MEMBERSHIP_REPORT:
- case IGMPV2_HOST_MEMBERSHIP_REPORT:
- group_change =
- mcast_snooping_add_group4(ip_ms->ms, ip4, IP_MCAST_VLAN,
- port_key_data);
- break;
- case IGMP_HOST_LEAVE_MESSAGE:
- group_change =
- mcast_snooping_leave_group4(ip_ms->ms, ip4, IP_MCAST_VLAN,
- port_key_data);
- break;
- case IGMP_HOST_MEMBERSHIP_QUERY:
- /* Shouldn't be receiving any of these since we are the multicast
- * router. Store them for now.
- */
- group_change =
- mcast_snooping_add_mrouter(ip_ms->ms, IP_MCAST_VLAN,
- port_key_data);
- break;
- case IGMPV3_HOST_MEMBERSHIP_REPORT:
- group_change =
- mcast_snooping_add_report(ip_ms->ms, pkt_in, IP_MCAST_VLAN,
- port_key_data);
- break;
- }
- ovs_rwlock_unlock(&ip_ms->ms->rwlock);
-
- if (group_change) {
- notify_pinctrl_main();
- }
-}
-
-static long long int
-ip_mcast_querier_send(struct rconn *swconn, struct ip_mcast_snoop *ip_ms,
- long long int current_time)
-{
- if (current_time < ip_ms->query_time_ms) {
- return ip_ms->query_time_ms;
- }
-
- /* Compose a multicast query. */
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
-
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
-
- uint8_t ip_tos = 0;
- uint8_t igmp_ttl = 1;
-
- dp_packet_clear(&packet);
- packet.packet_type = htonl(PT_ETH);
-
- struct eth_header *eh = dp_packet_put_zeros(&packet, sizeof *eh);
- eh->eth_dst = ip_ms->cfg.query_eth_dst;
- eh->eth_src = ip_ms->cfg.query_eth_src;
-
- struct ip_header *nh = dp_packet_put_zeros(&packet, sizeof *nh);
-
- eh->eth_type = htons(ETH_TYPE_IP);
- dp_packet_set_l3(&packet, nh);
- nh->ip_ihl_ver = IP_IHL_VER(5, 4);
- nh->ip_tot_len = htons(sizeof(struct ip_header) +
- sizeof(struct igmpv3_query_header));
- nh->ip_tos = IP_DSCP_CS6;
- nh->ip_proto = IPPROTO_IGMP;
- nh->ip_frag_off = htons(IP_DF);
- packet_set_ipv4(&packet, ip_ms->cfg.query_ipv4_src,
- ip_ms->cfg.query_ipv4_dst, ip_tos, igmp_ttl);
-
- nh->ip_csum = 0;
- nh->ip_csum = csum(nh, sizeof *nh);
-
- struct igmpv3_query_header *igh =
- dp_packet_put_zeros(&packet, sizeof *igh);
- dp_packet_set_l4(&packet, igh);
-
- /* IGMP query max-response in tenths of seconds. */
- uint8_t max_response = ip_ms->cfg.query_max_resp_s * 10;
- uint8_t qqic = max_response;
- packet_set_igmp3_query(&packet, max_response, 0, false, 0, qqic);
-
- /* Inject multicast query. */
- uint64_t ofpacts_stub[4096 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(ofpacts_stub);
- enum ofp_version version = rconn_get_version(swconn);
- put_load(ip_ms->dp_key, MFF_LOG_DATAPATH, 0, 64, &ofpacts);
- put_load(OVN_MCAST_FLOOD_TUNNEL_KEY, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
- put_load(1, MFF_LOG_FLAGS, MLF_LOCAL_ONLY, 1, &ofpacts);
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts);
- resubmit->in_port = OFPP_CONTROLLER;
- resubmit->table_id = OFTABLE_LOCAL_OUTPUT;
-
- struct ofputil_packet_out po = {
- .packet = dp_packet_data(&packet),
- .packet_len = dp_packet_size(&packet),
- .buffer_id = UINT32_MAX,
- .ofpacts = ofpacts.data,
- .ofpacts_len = ofpacts.size,
- };
- match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
- dp_packet_uninit(&packet);
- ofpbuf_uninit(&ofpacts);
-
- /* Set the next query time. */
- ip_ms->query_time_ms = current_time + ip_ms->cfg.query_interval_s * 1000;
- return ip_ms->query_time_ms;
-}
-
-static void
-ip_mcast_querier_run(struct rconn *swconn, long long int *query_time)
-{
- if (ovs_list_is_empty(&mcast_query_list)) {
- return;
- }
-
- /* Send multicast queries and update the next query time. */
- long long int current_time = time_msec();
- *query_time = LLONG_MAX;
-
- struct ip_mcast_snoop *ip_ms;
-
- LIST_FOR_EACH (ip_ms, query_node, &mcast_query_list) {
- long long int next_query_time =
- ip_mcast_querier_send(swconn, ip_ms, current_time);
- if (*query_time > next_query_time) {
- *query_time = next_query_time;
- }
- }
-}
-
-static void
-ip_mcast_querier_wait(long long int query_time)
-{
- if (!ovs_list_is_empty(&mcast_query_list)) {
- poll_timer_wait_until(query_time);
- }
-}
-
-/* Get localnet vifs, local l3gw ports and ofport for localnet patch ports. */
-static void
-get_localnet_vifs_l3gwports(
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- struct sset *localnet_vifs,
- struct sset *local_l3gw_ports)
-{
- for (int i = 0; i < br_int->n_ports; i++) {
- const struct ovsrec_port *port_rec = br_int->ports[i];
- if (!strcmp(port_rec->name, br_int->name)) {
- continue;
- }
- const char *tunnel_id = smap_get(&port_rec->external_ids,
- "ovn-chassis-id");
- if (tunnel_id &&
- encaps_tunnel_id_match(tunnel_id, chassis->name, NULL)) {
- continue;
- }
- const char *localnet = smap_get(&port_rec->external_ids,
- "ovn-localnet-port");
- if (localnet) {
- continue;
- }
- for (int j = 0; j < port_rec->n_interfaces; j++) {
- const struct ovsrec_interface *iface_rec = port_rec->interfaces[j];
- if (!iface_rec->n_ofport) {
- continue;
- }
- /* Get localnet vif. */
- const char *iface_id = smap_get(&iface_rec->external_ids,
- "iface-id");
- if (!iface_id) {
- continue;
- }
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(sbrec_port_binding_by_name, iface_id);
- if (!pb) {
- continue;
- }
- struct local_datapath *ld
- = get_local_datapath(local_datapaths,
- pb->datapath->tunnel_key);
- if (ld && ld->localnet_port) {
- sset_add(localnet_vifs, iface_id);
- }
- }
- }
-
- struct sbrec_port_binding *target = sbrec_port_binding_index_init_row(
- sbrec_port_binding_by_datapath);
-
- const struct local_datapath *ld;
- HMAP_FOR_EACH (ld, hmap_node, local_datapaths) {
- const struct sbrec_port_binding *pb;
-
- if (!ld->localnet_port) {
- continue;
- }
-
- /* Get l3gw ports. Consider port bindings with type "l3gateway"
- * that connect to gateway routers (if local), and consider port
- * bindings of type "patch" since they might connect to
- * distributed gateway ports with NAT addresses. */
-
- sbrec_port_binding_index_set_datapath(target, ld->datapath);
- SBREC_PORT_BINDING_FOR_EACH_EQUAL (pb, target,
- sbrec_port_binding_by_datapath) {
- if ((ld->has_local_l3gateway && !strcmp(pb->type, "l3gateway"))
- || !strcmp(pb->type, "patch")) {
- sset_add(local_l3gw_ports, pb->logical_port);
- }
- }
- }
- sbrec_port_binding_index_destroy_row(target);
-}
-
-static bool
-pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_chassis *chassis,
- const struct sset *active_tunnels,
- const char *port_name)
-{
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(sbrec_port_binding_by_name, port_name);
- if (!pb || !pb->chassis) {
- return false;
- }
- if (strcmp(pb->type, "chassisredirect")) {
- return pb->chassis == chassis;
- } else {
- return ha_chassis_group_is_active(pb->ha_chassis_group,
- active_tunnels, chassis);
- }
-}
-
-/* Extracts the mac, IPv4 and IPv6 addresses, and logical port from
- * 'addresses' which should be of the format 'MAC [IP1 IP2 ..]
- * [is_chassis_resident("LPORT_NAME")]', where IPn should be a valid IPv4
- * or IPv6 address, and stores them in the 'ipv4_addrs' and 'ipv6_addrs'
- * fields of 'laddrs'. The logical port name is stored in 'lport'.
- *
- * Returns true if at least 'MAC' is found in 'address', false otherwise.
- *
- * The caller must call destroy_lport_addresses() and free(*lport). */
-static bool
-extract_addresses_with_port(const char *addresses,
- struct lport_addresses *laddrs,
- char **lport)
-{
- int ofs;
- if (!extract_addresses(addresses, laddrs, &ofs)) {
- return false;
- } else if (ofs >= strlen(addresses)) {
- return true;
- }
-
- struct lexer lexer;
- lexer_init(&lexer, addresses + ofs);
- lexer_get(&lexer);
-
- if (lexer.error || lexer.token.type != LEX_T_ID
- || !lexer_match_id(&lexer, "is_chassis_resident")) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl, "invalid syntax '%s' in address", addresses);
- lexer_destroy(&lexer);
- return true;
- }
-
- if (!lexer_match(&lexer, LEX_T_LPAREN)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl, "Syntax error: expecting '(' after "
- "'is_chassis_resident' in address '%s'", addresses);
- lexer_destroy(&lexer);
- return false;
- }
-
- if (lexer.token.type != LEX_T_STRING) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl,
- "Syntax error: expecting quoted string after "
- "'is_chassis_resident' in address '%s'", addresses);
- lexer_destroy(&lexer);
- return false;
- }
-
- *lport = xstrdup(lexer.token.s);
-
- lexer_get(&lexer);
- if (!lexer_match(&lexer, LEX_T_RPAREN)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl, "Syntax error: expecting ')' after quoted string in "
- "'is_chassis_resident()' in address '%s'",
- addresses);
- lexer_destroy(&lexer);
- return false;
- }
-
- lexer_destroy(&lexer);
- return true;
-}
-
-static void
-consider_nat_address(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const char *nat_address,
- const struct sbrec_port_binding *pb,
- struct sset *nat_address_keys,
- const struct sbrec_chassis *chassis,
- const struct sset *active_tunnels,
- struct shash *nat_addresses)
-{
- struct lport_addresses *laddrs = xmalloc(sizeof *laddrs);
- char *lport = NULL;
- if (!extract_addresses_with_port(nat_address, laddrs, &lport)
- || (!lport && !strcmp(pb->type, "patch"))
- || (lport && !pinctrl_is_chassis_resident(
- sbrec_port_binding_by_name, chassis,
- active_tunnels, lport))) {
- destroy_lport_addresses(laddrs);
- free(laddrs);
- free(lport);
- return;
- }
- free(lport);
-
- int i;
- for (i = 0; i < laddrs->n_ipv4_addrs; i++) {
- char *name = xasprintf("%s-%s", pb->logical_port,
- laddrs->ipv4_addrs[i].addr_s);
- sset_add(nat_address_keys, name);
- free(name);
- }
- shash_add(nat_addresses, pb->logical_port, laddrs);
-}
-
-static void
-get_nat_addresses_and_keys(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- struct sset *nat_address_keys,
- struct sset *local_l3gw_ports,
- const struct sbrec_chassis *chassis,
- const struct sset *active_tunnels,
- struct shash *nat_addresses)
-{
- const char *gw_port;
- SSET_FOR_EACH(gw_port, local_l3gw_ports) {
- const struct sbrec_port_binding *pb;
-
- pb = lport_lookup_by_name(sbrec_port_binding_by_name, gw_port);
- if (!pb) {
- continue;
- }
-
- if (pb->n_nat_addresses) {
- for (int i = 0; i < pb->n_nat_addresses; i++) {
- consider_nat_address(sbrec_port_binding_by_name,
- pb->nat_addresses[i], pb,
- nat_address_keys, chassis,
- active_tunnels,
- nat_addresses);
- }
- } else {
- /* Continue to support options:nat-addresses for version
- * upgrade. */
- const char *nat_addresses_options = smap_get(&pb->options,
- "nat-addresses");
- if (nat_addresses_options) {
- consider_nat_address(sbrec_port_binding_by_name,
- nat_addresses_options, pb,
- nat_address_keys, chassis,
- active_tunnels,
- nat_addresses);
- }
- }
- }
-}
-
-static void
-send_garp_wait(long long int send_garp_time)
-{
- /* Set the poll timer for next garp only if there is garp data to
- * be sent. */
- if (!shash_is_empty(&send_garp_data)) {
- poll_timer_wait_until(send_garp_time);
- }
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-send_garp_run(struct rconn *swconn, long long int *send_garp_time)
- OVS_REQUIRES(pinctrl_mutex)
-{
- if (shash_is_empty(&send_garp_data)) {
- return;
- }
-
- /* Send GARPs, and update the next announcement. */
- struct shash_node *iter;
- long long int current_time = time_msec();
- *send_garp_time = LLONG_MAX;
- SHASH_FOR_EACH (iter, &send_garp_data) {
- long long int next_announce = send_garp(swconn, iter->data,
- current_time);
- if (*send_garp_time > next_announce) {
- *send_garp_time = next_announce;
- }
- }
-}
-
-/* Called by pinctrl_run(). Runs with in the main ovn-controller
- * thread context. */
-static void
-send_garp_prepare(struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct ovsrec_bridge *br_int,
- const struct sbrec_chassis *chassis,
- const struct hmap *local_datapaths,
- const struct sset *active_tunnels)
- OVS_REQUIRES(pinctrl_mutex)
-{
- struct sset localnet_vifs = SSET_INITIALIZER(&localnet_vifs);
- struct sset local_l3gw_ports = SSET_INITIALIZER(&local_l3gw_ports);
- struct sset nat_ip_keys = SSET_INITIALIZER(&nat_ip_keys);
- struct shash nat_addresses;
-
- shash_init(&nat_addresses);
-
- get_localnet_vifs_l3gwports(sbrec_port_binding_by_datapath,
- sbrec_port_binding_by_name,
- br_int, chassis, local_datapaths,
- &localnet_vifs, &local_l3gw_ports);
-
- get_nat_addresses_and_keys(sbrec_port_binding_by_name,
- &nat_ip_keys, &local_l3gw_ports,
- chassis, active_tunnels,
- &nat_addresses);
- /* For deleted ports and deleted nat ips, remove from send_garp_data. */
- struct shash_node *iter, *next;
- SHASH_FOR_EACH_SAFE (iter, next, &send_garp_data) {
- if (!sset_contains(&localnet_vifs, iter->name) &&
- !sset_contains(&nat_ip_keys, iter->name)) {
- send_garp_delete(iter->name);
- }
- }
-
- /* Update send_garp_data. */
- const char *iface_id;
- SSET_FOR_EACH (iface_id, &localnet_vifs) {
- const struct sbrec_port_binding *pb = lport_lookup_by_name(
- sbrec_port_binding_by_name, iface_id);
- if (pb) {
- send_garp_update(pb, &nat_addresses);
- }
- }
-
- /* Update send_garp_data for nat-addresses. */
- const char *gw_port;
- SSET_FOR_EACH (gw_port, &local_l3gw_ports) {
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(sbrec_port_binding_by_name, gw_port);
- if (pb) {
- send_garp_update(pb, &nat_addresses);
- }
- }
-
- /* pinctrl_handler thread will send the GARPs. */
-
- sset_destroy(&localnet_vifs);
- sset_destroy(&local_l3gw_ports);
-
- SHASH_FOR_EACH_SAFE (iter, next, &nat_addresses) {
- struct lport_addresses *laddrs = iter->data;
- destroy_lport_addresses(laddrs);
- shash_delete(&nat_addresses, iter);
- free(laddrs);
- }
- shash_destroy(&nat_addresses);
-
- sset_destroy(&nat_ip_keys);
-}
-
-static bool
-may_inject_pkts(void)
-{
- return (!shash_is_empty(&ipv6_ras) ||
- !shash_is_empty(&send_garp_data) ||
- !ovs_list_is_empty(&mcast_query_list) ||
- !ovs_list_is_empty(&buffered_mac_bindings));
-}
-
-static void
-reload_metadata(struct ofpbuf *ofpacts, const struct match *md)
-{
- enum mf_field_id md_fields[] = {
-#if FLOW_N_REGS == 16
- MFF_REG0,
- MFF_REG1,
- MFF_REG2,
- MFF_REG3,
- MFF_REG4,
- MFF_REG5,
- MFF_REG6,
- MFF_REG7,
- MFF_REG8,
- MFF_REG9,
- MFF_REG10,
- MFF_REG11,
- MFF_REG12,
- MFF_REG13,
- MFF_REG14,
- MFF_REG15,
-#else
-#error
-#endif
- MFF_METADATA,
- };
- for (size_t i = 0; i < ARRAY_SIZE(md_fields); i++) {
- const struct mf_field *field = mf_from_id(md_fields[i]);
- if (!mf_is_all_wild(field, &md->wc)) {
- union mf_value value;
- mf_get_value(field, &md->flow, &value);
- ofpact_put_set_field(ofpacts, field, &value, NULL);
- }
- }
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_nd_na(struct rconn *swconn, const struct flow *ip_flow,
- const struct match *md,
- struct ofpbuf *userdata, bool is_router)
-{
- /* This action only works for IPv6 ND packets, and the switch should only
- * send us ND packets this way, but check here just to be sure. */
- if (!is_nd(ip_flow, NULL)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "NA action on non-ND packet");
- return;
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
-
- /* These flags are not exactly correct. Look at section 7.2.4
- * of RFC 4861. */
- uint32_t rso_flags = ND_RSO_SOLICITED | ND_RSO_OVERRIDE;
- if (is_router) {
- rso_flags |= ND_RSO_ROUTER;
- }
- compose_nd_na(&packet, ip_flow->dl_dst, ip_flow->dl_src,
- &ip_flow->nd_target, &ip_flow->ipv6_src,
- htonl(rso_flags));
-
- /* Reload previous packet metadata and set actions from userdata. */
- set_actions_and_enqueue_msg(swconn, &packet, md, userdata);
- dp_packet_uninit(&packet);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_nd_ns(struct rconn *swconn, const struct flow *ip_flow,
- struct dp_packet *pkt_in,
- const struct match *md, struct ofpbuf *userdata)
-{
- /* This action only works for IPv6 packets. */
- if (get_dl_type(ip_flow) != htons(ETH_TYPE_IPV6)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "NS action on non-IPv6 packet");
- return;
- }
-
- ovs_mutex_lock(&pinctrl_mutex);
- pinctrl_handle_buffered_packets(ip_flow, pkt_in, md, false);
- ovs_mutex_unlock(&pinctrl_mutex);
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
-
- compose_nd_ns(&packet, ip_flow->dl_src, &ip_flow->ipv6_src,
- &ip_flow->ipv6_dst);
-
- /* Reload previous packet metadata and set actions from userdata. */
- set_actions_and_enqueue_msg(swconn, &packet, md, userdata);
- dp_packet_uninit(&packet);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_put_nd_ra_opts(
- struct rconn *swconn,
- const struct flow *in_flow, struct dp_packet *pkt_in,
- struct ofputil_packet_in *pin, struct ofpbuf *userdata,
- struct ofpbuf *continuation)
-{
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- struct dp_packet *pkt_out_ptr = NULL;
- uint32_t success = 0;
-
- /* Parse result field. */
- const struct mf_field *f;
- enum ofperr ofperr = nx_pull_header(userdata, NULL, &f, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result OXM (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- /* Parse result offset. */
- ovs_be32 *ofsp = ofpbuf_try_pull(userdata, sizeof *ofsp);
- if (!ofsp) {
- VLOG_WARN_RL(&rl, "offset not present in the userdata");
- goto exit;
- }
-
- /* Check that the result is valid and writable. */
- struct mf_subfield dst = { .field = f, .ofs = ntohl(*ofsp), .n_bits = 1 };
- ofperr = mf_check_dst(&dst, NULL);
- if (ofperr) {
- VLOG_WARN_RL(&rl, "bad result bit (%s)", ofperr_to_string(ofperr));
- goto exit;
- }
-
- if (!userdata->size) {
- VLOG_WARN_RL(&rl, "IPv6 ND RA options not present in the userdata");
- goto exit;
- }
-
- if (!is_icmpv6(in_flow, NULL) || in_flow->tp_dst != htons(0) ||
- in_flow->tp_src != htons(ND_ROUTER_SOLICIT)) {
- VLOG_WARN_RL(&rl, "put_nd_ra action on invalid or unsupported packet");
- goto exit;
- }
-
- size_t new_packet_size = pkt_in->l4_ofs + userdata->size;
- struct dp_packet pkt_out;
- dp_packet_init(&pkt_out, new_packet_size);
- dp_packet_clear(&pkt_out);
- dp_packet_prealloc_tailroom(&pkt_out, new_packet_size);
- pkt_out_ptr = &pkt_out;
-
- /* Copy L2 and L3 headers from pkt_in. */
- dp_packet_put(&pkt_out, dp_packet_pull(pkt_in, pkt_in->l4_ofs),
- pkt_in->l4_ofs);
-
- pkt_out.l2_5_ofs = pkt_in->l2_5_ofs;
- pkt_out.l2_pad_size = pkt_in->l2_pad_size;
- pkt_out.l3_ofs = pkt_in->l3_ofs;
- pkt_out.l4_ofs = pkt_in->l4_ofs;
-
- /* Copy the ICMPv6 Router Advertisement data from 'userdata' field. */
- dp_packet_put(&pkt_out, userdata->data, userdata->size);
-
- /* Set the IPv6 payload length and calculate the ICMPv6 checksum. */
- struct ovs_16aligned_ip6_hdr *nh = dp_packet_l3(&pkt_out);
- nh->ip6_plen = htons(userdata->size);
- struct ovs_ra_msg *ra = dp_packet_l4(&pkt_out);
- ra->icmph.icmp6_cksum = 0;
- uint32_t icmp_csum = packet_csum_pseudoheader6(nh);
- ra->icmph.icmp6_cksum = csum_finish(csum_continue(
- icmp_csum, ra, userdata->size));
- pin->packet = dp_packet_data(&pkt_out);
- pin->packet_len = dp_packet_size(&pkt_out);
- success = 1;
-
-exit:
- if (!ofperr) {
- union mf_subvalue sv;
- sv.u8_val = success;
- mf_write_subfield(&dst, &sv, &pin->flow_metadata);
- }
- queue_msg(swconn, ofputil_encode_resume(pin, continuation, proto));
- dp_packet_uninit(pkt_out_ptr);
-}
-
-/* Called with in the pinctrl_handler thread context. */
-static void
-pinctrl_handle_put_icmp4_frag_mtu(struct rconn *swconn,
- const struct flow *in_flow,
- struct dp_packet *pkt_in,
- struct ofputil_packet_in *pin,
- struct ofpbuf *userdata,
- struct ofpbuf *continuation)
-{
- enum ofp_version version = rconn_get_version(swconn);
- enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
- struct dp_packet *pkt_out = NULL;
-
- /* This action only works for ICMPv4 packets. */
- if (!is_icmpv4(in_flow, NULL)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "put_icmp4_frag_mtu action on non-ICMPv4 packet");
- goto exit;
- }
-
- ovs_be16 *mtu = ofpbuf_try_pull(userdata, sizeof *mtu);
- if (!mtu) {
- goto exit;
- }
-
- pkt_out = dp_packet_clone(pkt_in);
- pkt_out->l2_5_ofs = pkt_in->l2_5_ofs;
- pkt_out->l2_pad_size = pkt_in->l2_pad_size;
- pkt_out->l3_ofs = pkt_in->l3_ofs;
- pkt_out->l4_ofs = pkt_in->l4_ofs;
-
- struct ip_header *nh = dp_packet_l3(pkt_out);
- struct icmp_header *ih = dp_packet_l4(pkt_out);
- ovs_be16 old_frag_mtu = ih->icmp_fields.frag.mtu;
- ih->icmp_fields.frag.mtu = *mtu;
- ih->icmp_csum = recalc_csum16(ih->icmp_csum, old_frag_mtu, *mtu);
- nh->ip_csum = 0;
- nh->ip_csum = csum(nh, sizeof *nh);
-
- pin->packet = dp_packet_data(pkt_out);
- pin->packet_len = dp_packet_size(pkt_out);
-
-exit:
- queue_msg(swconn, ofputil_encode_resume(pin, continuation, proto));
- if (pkt_out) {
- dp_packet_delete(pkt_out);
- }
-}
-
-static void
-wait_controller_event(struct ovsdb_idl_txn *ovnsb_idl_txn)
-{
- if (!ovnsb_idl_txn) {
- return;
- }
-
- for (size_t i = 0; i < OVN_EVENT_MAX; i++) {
- if (!hmap_is_empty(&event_table[i])) {
- poll_immediate_wake();
- break;
- }
- }
-}
-
-static bool
-pinctrl_handle_empty_lb_backends_opts(struct ofpbuf *userdata)
-{
- struct controller_event_opt_header *userdata_opt;
- uint32_t hash = 0;
- char *vip = NULL;
- char *protocol = NULL;
- char *load_balancer = NULL;
-
- while (userdata->size) {
- userdata_opt = ofpbuf_try_pull(userdata, sizeof *userdata_opt);
- if (!userdata_opt) {
- return false;
- }
- size_t size = ntohs(userdata_opt->size);
- char *userdata_opt_data = ofpbuf_try_pull(userdata, size);
- if (!userdata_opt_data) {
- return false;
- }
- switch (ntohs(userdata_opt->opt_code)) {
- case EMPTY_LB_VIP:
- vip = xmemdup0(userdata_opt_data, size);
- break;
- case EMPTY_LB_PROTOCOL:
- protocol = xmemdup0(userdata_opt_data, size);
- break;
- case EMPTY_LB_LOAD_BALANCER:
- load_balancer = xmemdup0(userdata_opt_data, size);
- break;
- default:
- OVS_NOT_REACHED();
- }
- hash = hash_bytes(userdata_opt_data, size, hash);
- }
- if (!vip || !protocol || !load_balancer) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "missing lb parameters in userdata");
- return false;
- }
-
- struct empty_lb_backends_event *event;
-
- event = pinctrl_find_empty_lb_backends_event(vip, protocol,
- load_balancer, hash);
- if (!event) {
- if (hmap_count(&event_table[OVN_EVENT_EMPTY_LB_BACKENDS]) >= 1000) {
- COVERAGE_INC(pinctrl_drop_controller_event);
- return false;
- }
-
- event = xzalloc(sizeof *event);
- hmap_insert(&event_table[OVN_EVENT_EMPTY_LB_BACKENDS],
- &event->hmap_node, hash);
- event->vip = vip;
- event->protocol = protocol;
- event->load_balancer = load_balancer;
- event->timestamp = time_msec();
- notify_pinctrl_main();
- } else {
- free(vip);
- free(protocol);
- free(load_balancer);
- }
- return true;
-}
-
-static void
-pinctrl_handle_event(struct ofpbuf *userdata)
- OVS_REQUIRES(pinctrl_mutex)
-{
- ovs_be32 *pevent;
-
- pevent = ofpbuf_try_pull(userdata, sizeof *pevent);
- if (!pevent) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "event not present in the userdata");
- return;
- }
-
- switch (ntohl(*pevent)) {
- case OVN_EVENT_EMPTY_LB_BACKENDS:
- pinctrl_handle_empty_lb_backends_opts(userdata);
- break;
- default:
- return;
- }
-}
diff --git a/ovn/controller/pinctrl.h b/ovn/controller/pinctrl.h
deleted file mode 100644
index fcfce6bcf4c..00000000000
--- a/ovn/controller/pinctrl.h
+++ /dev/null
@@ -1,51 +0,0 @@
-
-/* Copyright (c) 2015, 2016 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef PINCTRL_H
-#define PINCTRL_H 1
-
-#include
-
-#include "lib/sset.h"
-#include "openvswitch/meta-flow.h"
-
-struct hmap;
-struct lport_index;
-struct ovsdb_idl_index;
-struct ovsdb_idl_txn;
-struct ovsrec_bridge;
-struct sbrec_chassis;
-struct sbrec_dns_table;
-struct sbrec_controller_event_table;
-
-void pinctrl_init(void);
-void pinctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
- struct ovsdb_idl_index *sbrec_datapath_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_datapath,
- struct ovsdb_idl_index *sbrec_port_binding_by_key,
- struct ovsdb_idl_index *sbrec_port_binding_by_name,
- struct ovsdb_idl_index *sbrec_mac_binding_by_lport_ip,
- struct ovsdb_idl_index *sbrec_igmp_groups,
- struct ovsdb_idl_index *sbrec_ip_multicast_opts,
- const struct sbrec_dns_table *,
- const struct sbrec_controller_event_table *,
- const struct ovsrec_bridge *, const struct sbrec_chassis *,
- const struct hmap *local_datapaths,
- const struct sset *active_tunnels);
-void pinctrl_wait(struct ovsdb_idl_txn *ovnsb_idl_txn);
-void pinctrl_destroy(void);
-
-#endif /* ovn/pinctrl.h */
diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c
deleted file mode 100644
index 4eacc44ed4b..00000000000
--- a/ovn/lib/actions.c
+++ /dev/null
@@ -1,2902 +0,0 @@
-/*
- * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include
-#include
-#include "bitmap.h"
-#include "byte-order.h"
-#include "compiler.h"
-#include "ovn-l7.h"
-#include "hash.h"
-#include "lib/packets.h"
-#include "nx-match.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/json.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofpbuf.h"
-#include "openvswitch/vlog.h"
-#include "ovn/actions.h"
-#include "ovn/expr.h"
-#include "ovn/lex.h"
-#include "ovn/lib/acl-log.h"
-#include "ovn/lib/extend-table.h"
-#include "packets.h"
-#include "openvswitch/shash.h"
-#include "simap.h"
-#include "uuid.h"
-#include "socket-util.h"
-
-VLOG_DEFINE_THIS_MODULE(actions);
-
-/* Prototypes for functions to be defined by each action. */
-#define OVNACT(ENUM, STRUCT) \
- static void format_##ENUM(const struct STRUCT *, struct ds *); \
- static void encode_##ENUM(const struct STRUCT *, \
- const struct ovnact_encode_params *, \
- struct ofpbuf *ofpacts); \
- static void STRUCT##_free(struct STRUCT *a);
-OVNACTS
-#undef OVNACT
-
-/* Helpers. */
-
-/* Implementation of ovnact_put_(). */
-void *
-ovnact_put(struct ofpbuf *ovnacts, enum ovnact_type type, size_t len)
-{
- ovs_assert(len == OVNACT_ALIGN(len));
-
- ovnacts->header = ofpbuf_put_uninit(ovnacts, len);
- struct ovnact *ovnact = ovnacts->header;
- ovnact_init(ovnact, type, len);
- return ovnact;
-}
-
-/* Implementation of ovnact_init_(). */
-void
-ovnact_init(struct ovnact *ovnact, enum ovnact_type type, size_t len)
-{
- ovs_assert(len == OVNACT_ALIGN(len));
- memset(ovnact, 0, len);
- ovnact->type = type;
- ovnact->len = len;
-}
-
-static size_t
-encode_start_controller_op(enum action_opcode opcode, bool pause,
- uint32_t meter_id, struct ofpbuf *ofpacts)
-{
- size_t ofs = ofpacts->size;
-
- struct ofpact_controller *oc = ofpact_put_CONTROLLER(ofpacts);
- oc->max_len = UINT16_MAX;
- oc->reason = OFPR_ACTION;
- oc->pause = pause;
- oc->meter_id = meter_id;
-
- struct action_header ah = { .opcode = htonl(opcode) };
- ofpbuf_put(ofpacts, &ah, sizeof ah);
-
- return ofs;
-}
-
-static void
-encode_finish_controller_op(size_t ofs, struct ofpbuf *ofpacts)
-{
- struct ofpact_controller *oc = ofpbuf_at_assert(ofpacts, ofs, sizeof *oc);
- ofpacts->header = oc;
- oc->userdata_len = ofpacts->size - (ofs + sizeof *oc);
- ofpact_finish_CONTROLLER(ofpacts, &oc);
-}
-
-static void
-encode_controller_op(enum action_opcode opcode, struct ofpbuf *ofpacts)
-{
- size_t ofs = encode_start_controller_op(opcode, false, NX_CTLR_NO_METER,
- ofpacts);
- encode_finish_controller_op(ofs, ofpacts);
-}
-
-static void
-init_stack(struct ofpact_stack *stack, enum mf_field_id field)
-{
- stack->subfield.field = mf_from_id(field);
- stack->subfield.ofs = 0;
- stack->subfield.n_bits = stack->subfield.field->n_bits;
-}
-
-struct arg {
- const struct mf_subfield src;
- enum mf_field_id dst;
-};
-
-static void
-encode_setup_args(const struct arg args[], size_t n_args,
- struct ofpbuf *ofpacts)
-{
- /* 1. Save all of the destinations that will be modified. */
- for (const struct arg *a = args; a < &args[n_args]; a++) {
- ovs_assert(a->src.n_bits == mf_from_id(a->dst)->n_bits);
- if (a->src.field->id != a->dst) {
- init_stack(ofpact_put_STACK_PUSH(ofpacts), a->dst);
- }
- }
-
- /* 2. Push the sources, in reverse order. */
- for (size_t i = n_args - 1; i < n_args; i--) {
- const struct arg *a = &args[i];
- if (a->src.field->id != a->dst) {
- ofpact_put_STACK_PUSH(ofpacts)->subfield = a->src;
- }
- }
-
- /* 3. Pop the sources into the destinations. */
- for (const struct arg *a = args; a < &args[n_args]; a++) {
- if (a->src.field->id != a->dst) {
- init_stack(ofpact_put_STACK_POP(ofpacts), a->dst);
- }
- }
-}
-
-static void
-encode_restore_args(const struct arg args[], size_t n_args,
- struct ofpbuf *ofpacts)
-{
- for (size_t i = n_args - 1; i < n_args; i--) {
- const struct arg *a = &args[i];
- if (a->src.field->id != a->dst) {
- init_stack(ofpact_put_STACK_POP(ofpacts), a->dst);
- }
- }
-}
-
-static void
-put_load(uint64_t value, enum mf_field_id dst, int ofs, int n_bits,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_set_field *sf = ofpact_put_set_field(ofpacts,
- mf_from_id(dst), NULL,
- NULL);
- ovs_be64 n_value = htonll(value);
- bitwise_copy(&n_value, 8, 0, sf->value, sf->field->n_bytes, ofs, n_bits);
- bitwise_one(ofpact_set_field_mask(sf), sf->field->n_bytes, ofs, n_bits);
-}
-
-static uint8_t
-first_ptable(const struct ovnact_encode_params *ep,
- enum ovnact_pipeline pipeline)
-{
- return (pipeline == OVNACT_P_INGRESS
- ? ep->ingress_ptable
- : ep->egress_ptable);
-}
-
-#define MAX_NESTED_ACTION_DEPTH 32
-
-/* Context maintained during ovnacts_parse(). */
-struct action_context {
- const struct ovnact_parse_params *pp; /* Parameters. */
- struct lexer *lexer; /* Lexer for pulling more tokens. */
- struct ofpbuf *ovnacts; /* Actions. */
- struct expr *prereqs; /* Prerequisites to apply to match. */
- int depth; /* Current nested action depth. */
-};
-
-static void parse_actions(struct action_context *, enum lex_type sentinel);
-
-static bool
-action_parse_field(struct action_context *ctx,
- int n_bits, bool rw, struct expr_field *f)
-{
- if (!expr_field_parse(ctx->lexer, ctx->pp->symtab, f, &ctx->prereqs)) {
- return false;
- }
-
- char *error = expr_type_check(f, n_bits, rw);
- if (error) {
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return false;
- }
-
- return true;
-}
-
-static bool
-action_parse_port(struct action_context *ctx, uint16_t *port)
-{
- if (lexer_is_int(ctx->lexer)) {
- int value = ntohll(ctx->lexer->token.value.integer);
- if (value <= UINT16_MAX) {
- *port = value;
- lexer_get(ctx->lexer);
- return true;
- }
- }
- lexer_syntax_error(ctx->lexer, "expecting port number");
- return false;
-}
-
-/* Parses 'prerequisite' as an expression in the context of 'ctx', then adds it
- * as a conjunction with the existing 'ctx->prereqs'. */
-static void
-add_prerequisite(struct action_context *ctx, const char *prerequisite)
-{
- struct expr *expr;
- char *error;
-
- expr = expr_parse_string(prerequisite, ctx->pp->symtab, NULL, NULL, NULL,
- &error);
- ovs_assert(!error);
- ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, expr);
-}
-
-static void
-ovnact_null_free(struct ovnact_null *a OVS_UNUSED)
-{
-}
-
-static void
-format_OUTPUT(const struct ovnact_null *a OVS_UNUSED, struct ds *s)
-{
- ds_put_cstr(s, "output;");
-}
-
-static void
-emit_resubmit(struct ofpbuf *ofpacts, uint8_t ptable)
-{
- struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(ofpacts);
- resubmit->in_port = OFPP_IN_PORT;
- resubmit->table_id = ptable;
-}
-
-static void
-encode_OUTPUT(const struct ovnact_null *a OVS_UNUSED,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- emit_resubmit(ofpacts, ep->output_ptable);
-}
-
-static void
-parse_NEXT(struct action_context *ctx)
-{
- if (!ctx->pp->n_tables) {
- lexer_error(ctx->lexer, "\"next\" action not allowed here.");
- return;
- }
-
- int pipeline = ctx->pp->pipeline;
- int table = ctx->pp->cur_ltable + 1;
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- if (lexer_is_int(ctx->lexer)) {
- lexer_get_int(ctx->lexer, &table);
- } else {
- do {
- if (lexer_match_id(ctx->lexer, "pipeline")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- if (lexer_match_id(ctx->lexer, "ingress")) {
- pipeline = OVNACT_P_INGRESS;
- } else if (lexer_match_id(ctx->lexer, "egress")) {
- pipeline = OVNACT_P_EGRESS;
- } else {
- lexer_syntax_error(
- ctx->lexer, "expecting \"ingress\" or \"egress\"");
- return;
- }
- } else if (lexer_match_id(ctx->lexer, "table")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS) ||
- !lexer_force_int(ctx->lexer, &table)) {
- return;
- }
- } else {
- lexer_syntax_error(ctx->lexer,
- "expecting \"pipeline\" or \"table\"");
- return;
- }
- } while (lexer_match(ctx->lexer, LEX_T_COMMA));
- }
- if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- return;
- }
- }
-
- if (pipeline == OVNACT_P_EGRESS && ctx->pp->pipeline == OVNACT_P_INGRESS) {
- lexer_error(ctx->lexer,
- "\"next\" action cannot advance from ingress to egress "
- "pipeline (use \"output\" action instead)");
- } else if (table >= ctx->pp->n_tables) {
- lexer_error(ctx->lexer,
- "\"next\" action cannot advance beyond table %d.",
- ctx->pp->n_tables - 1);
- return;
- }
-
- struct ovnact_next *next = ovnact_put_NEXT(ctx->ovnacts);
- next->pipeline = pipeline;
- next->ltable = table;
- next->src_pipeline = ctx->pp->pipeline;
- next->src_ltable = ctx->pp->cur_ltable;
-}
-
-static void
-format_NEXT(const struct ovnact_next *next, struct ds *s)
-{
- if (next->pipeline != next->src_pipeline) {
- ds_put_format(s, "next(pipeline=%s, table=%d);",
- (next->pipeline == OVNACT_P_INGRESS
- ? "ingress" : "egress"),
- next->ltable);
- } else if (next->ltable != next->src_ltable + 1) {
- ds_put_format(s, "next(%d);", next->ltable);
- } else {
- ds_put_cstr(s, "next;");
- }
-}
-
-static void
-encode_NEXT(const struct ovnact_next *next,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- emit_resubmit(ofpacts, first_ptable(ep, next->pipeline) + next->ltable);
-}
-
-static void
-ovnact_next_free(struct ovnact_next *a OVS_UNUSED)
-{
-}
-
-static void
-parse_LOAD(struct action_context *ctx, const struct expr_field *lhs)
-{
- size_t ofs = ctx->ovnacts->size;
- struct ovnact_load *load;
- if (lhs->symbol->ovn_field) {
- load = ovnact_put_OVNFIELD_LOAD(ctx->ovnacts);
- } else {
- load = ovnact_put_LOAD(ctx->ovnacts);
- }
-
- load->dst = *lhs;
-
- char *error = expr_type_check(lhs, lhs->n_bits, true);
- if (error) {
- ctx->ovnacts->size = ofs;
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return;
- }
- if (!expr_constant_parse(ctx->lexer, lhs, &load->imm)) {
- ctx->ovnacts->size = ofs;
- return;
- }
-}
-
-static enum expr_constant_type
-load_type(const struct ovnact_load *load)
-{
- return load->dst.symbol->width > 0 ? EXPR_C_INTEGER : EXPR_C_STRING;
-}
-
-static void
-format_LOAD(const struct ovnact_load *load, struct ds *s)
-{
- expr_field_format(&load->dst, s);
- ds_put_cstr(s, " = ");
- expr_constant_format(&load->imm, load_type(load), s);
- ds_put_char(s, ';');
-}
-
-static void
-encode_LOAD(const struct ovnact_load *load,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- const union expr_constant *c = &load->imm;
- struct mf_subfield dst = expr_resolve_field(&load->dst);
- struct ofpact_set_field *sf = ofpact_put_set_field(ofpacts, dst.field,
- NULL, NULL);
-
- if (load->dst.symbol->width) {
- bitwise_copy(&c->value, sizeof c->value, 0,
- sf->value, dst.field->n_bytes, dst.ofs,
- dst.n_bits);
- if (c->masked) {
- bitwise_copy(&c->mask, sizeof c->mask, 0,
- ofpact_set_field_mask(sf), dst.field->n_bytes,
- dst.ofs, dst.n_bits);
- } else {
- bitwise_one(ofpact_set_field_mask(sf), dst.field->n_bytes,
- dst.ofs, dst.n_bits);
- }
- } else {
- uint32_t port;
- if (!ep->lookup_port(ep->aux, load->imm.string, &port)) {
- port = 0;
- }
- bitwise_put(port, sf->value,
- sf->field->n_bytes, 0, sf->field->n_bits);
- bitwise_one(ofpact_set_field_mask(sf), sf->field->n_bytes, 0,
- sf->field->n_bits);
- }
-}
-
-static void
-ovnact_load_free(struct ovnact_load *load)
-{
- expr_constant_destroy(&load->imm, load_type(load));
-}
-
-static void
-format_assignment(const struct ovnact_move *move, const char *operator,
- struct ds *s)
-{
- expr_field_format(&move->lhs, s);
- ds_put_format(s, " %s ", operator);
- expr_field_format(&move->rhs, s);
- ds_put_char(s, ';');
-}
-
-static void
-format_MOVE(const struct ovnact_move *move, struct ds *s)
-{
- format_assignment(move, "=", s);
-}
-
-static void
-format_EXCHANGE(const struct ovnact_move *move, struct ds *s)
-{
- format_assignment(move, "<->", s);
-}
-
-static void
-parse_assignment_action(struct action_context *ctx, bool exchange,
- const struct expr_field *lhs)
-{
- struct expr_field rhs;
- if (!expr_field_parse(ctx->lexer, ctx->pp->symtab, &rhs, &ctx->prereqs)) {
- return;
- }
-
- const struct expr_symbol *ls = lhs->symbol;
- const struct expr_symbol *rs = rhs.symbol;
- if ((ls->width != 0) != (rs->width != 0)) {
- if (exchange) {
- lexer_error(ctx->lexer,
- "Can't exchange %s field (%s) with %s field (%s).",
- ls->width ? "integer" : "string",
- ls->name,
- rs->width ? "integer" : "string",
- rs->name);
- } else {
- lexer_error(ctx->lexer,
- "Can't assign %s field (%s) to %s field (%s).",
- rs->width ? "integer" : "string",
- rs->name,
- ls->width ? "integer" : "string",
- ls->name);
- }
- return;
- }
-
- if (lhs->n_bits != rhs.n_bits) {
- if (exchange) {
- lexer_error(ctx->lexer,
- "Can't exchange %d-bit field with %d-bit field.",
- lhs->n_bits, rhs.n_bits);
- } else {
- lexer_error(ctx->lexer,
- "Can't assign %d-bit value to %d-bit destination.",
- rhs.n_bits, lhs->n_bits);
- }
- return;
- } else if (!lhs->n_bits &&
- ls->field->n_bits != rs->field->n_bits) {
- lexer_error(ctx->lexer, "String fields %s and %s are incompatible for "
- "%s.", ls->name, rs->name,
- exchange ? "exchange" : "assignment");
- return;
- }
-
- char *error = expr_type_check(lhs, lhs->n_bits, true);
- if (!error) {
- error = expr_type_check(&rhs, rhs.n_bits, true);
- }
- if (error) {
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return;
- }
-
- struct ovnact_move *move;
- move = (exchange
- ? ovnact_put_EXCHANGE(ctx->ovnacts)
- : ovnact_put_MOVE(ctx->ovnacts));
- move->lhs = *lhs;
- move->rhs = rhs;
-}
-
-static void
-encode_MOVE(const struct ovnact_move *move,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_reg_move *orm = ofpact_put_REG_MOVE(ofpacts);
- orm->src = expr_resolve_field(&move->rhs);
- orm->dst = expr_resolve_field(&move->lhs);
-}
-
-static void
-encode_EXCHANGE(const struct ovnact_move *xchg,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- ofpact_put_STACK_PUSH(ofpacts)->subfield = expr_resolve_field(&xchg->rhs);
- ofpact_put_STACK_PUSH(ofpacts)->subfield = expr_resolve_field(&xchg->lhs);
- ofpact_put_STACK_POP(ofpacts)->subfield = expr_resolve_field(&xchg->rhs);
- ofpact_put_STACK_POP(ofpacts)->subfield = expr_resolve_field(&xchg->lhs);
-}
-
-static void
-ovnact_move_free(struct ovnact_move *move OVS_UNUSED)
-{
-}
-
-static void
-parse_DEC_TTL(struct action_context *ctx)
-{
- lexer_force_match(ctx->lexer, LEX_T_DECREMENT);
- ovnact_put_DEC_TTL(ctx->ovnacts);
- add_prerequisite(ctx, "ip");
-}
-
-static void
-format_DEC_TTL(const struct ovnact_null *null OVS_UNUSED, struct ds *s)
-{
- ds_put_cstr(s, "ip.ttl--;");
-}
-
-static void
-encode_DEC_TTL(const struct ovnact_null *null OVS_UNUSED,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- ofpact_put_DEC_TTL(ofpacts);
-}
-
-static void
-parse_CT_NEXT(struct action_context *ctx)
-{
- if (ctx->pp->cur_ltable >= ctx->pp->n_tables) {
- lexer_error(ctx->lexer,
- "\"ct_next\" action not allowed in last table.");
- return;
- }
-
- add_prerequisite(ctx, "ip");
- ovnact_put_CT_NEXT(ctx->ovnacts)->ltable = ctx->pp->cur_ltable + 1;
-}
-
-static void
-format_CT_NEXT(const struct ovnact_ct_next *ct_next OVS_UNUSED, struct ds *s)
-{
- ds_put_cstr(s, "ct_next;");
-}
-
-static void
-encode_CT_NEXT(const struct ovnact_ct_next *ct_next,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
- ct->recirc_table = first_ptable(ep, ep->pipeline) + ct_next->ltable;
- ct->zone_src.field = ep->is_switch ? mf_from_id(MFF_LOG_CT_ZONE)
- : mf_from_id(MFF_LOG_DNAT_ZONE);
- ct->zone_src.ofs = 0;
- ct->zone_src.n_bits = 16;
- ofpact_finish(ofpacts, &ct->ofpact);
-}
-
-static void
-ovnact_ct_next_free(struct ovnact_ct_next *a OVS_UNUSED)
-{
-}
-
-static void
-parse_ct_commit_arg(struct action_context *ctx,
- struct ovnact_ct_commit *cc)
-{
- if (lexer_match_id(ctx->lexer, "ct_mark")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- if (ctx->lexer->token.type == LEX_T_INTEGER) {
- cc->ct_mark = ntohll(ctx->lexer->token.value.integer);
- cc->ct_mark_mask = UINT32_MAX;
- } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) {
- cc->ct_mark = ntohll(ctx->lexer->token.value.integer);
- cc->ct_mark_mask = ntohll(ctx->lexer->token.mask.integer);
- } else {
- lexer_syntax_error(ctx->lexer, "expecting integer");
- return;
- }
- lexer_get(ctx->lexer);
- } else if (lexer_match_id(ctx->lexer, "ct_label")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- if (ctx->lexer->token.type == LEX_T_INTEGER) {
- cc->ct_label = ctx->lexer->token.value.be128_int;
- cc->ct_label_mask = OVS_BE128_MAX;
- } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) {
- cc->ct_label = ctx->lexer->token.value.be128_int;
- cc->ct_label_mask = ctx->lexer->token.mask.be128_int;
- } else {
- lexer_syntax_error(ctx->lexer, "expecting integer");
- return;
- }
- lexer_get(ctx->lexer);
- } else {
- lexer_syntax_error(ctx->lexer, NULL);
- }
-}
-
-static void
-parse_CT_COMMIT(struct action_context *ctx)
-{
- add_prerequisite(ctx, "ip");
-
- struct ovnact_ct_commit *ct_commit = ovnact_put_CT_COMMIT(ctx->ovnacts);
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- parse_ct_commit_arg(ctx, ct_commit);
- if (ctx->lexer->error) {
- return;
- }
- lexer_match(ctx->lexer, LEX_T_COMMA);
- }
- }
-}
-
-static void
-format_CT_COMMIT(const struct ovnact_ct_commit *cc, struct ds *s)
-{
- ds_put_cstr(s, "ct_commit(");
- if (cc->ct_mark_mask) {
- ds_put_format(s, "ct_mark=%#"PRIx32, cc->ct_mark);
- if (cc->ct_mark_mask != UINT32_MAX) {
- ds_put_format(s, "/%#"PRIx32, cc->ct_mark_mask);
- }
- }
- if (!ovs_be128_is_zero(cc->ct_label_mask)) {
- if (ds_last(s) != '(') {
- ds_put_cstr(s, ", ");
- }
-
- ds_put_format(s, "ct_label=");
- ds_put_hex(s, &cc->ct_label, sizeof cc->ct_label);
- if (!ovs_be128_equals(cc->ct_label_mask, OVS_BE128_MAX)) {
- ds_put_char(s, '/');
- ds_put_hex(s, &cc->ct_label_mask, sizeof cc->ct_label_mask);
- }
- }
- if (!ds_chomp(s, '(')) {
- ds_put_char(s, ')');
- }
- ds_put_char(s, ';');
-}
-
-static void
-encode_CT_COMMIT(const struct ovnact_ct_commit *cc,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
- ct->flags = NX_CT_F_COMMIT;
- ct->recirc_table = NX_CT_RECIRC_NONE;
- ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE);
- ct->zone_src.ofs = 0;
- ct->zone_src.n_bits = 16;
-
- size_t set_field_offset = ofpacts->size;
- ofpbuf_pull(ofpacts, set_field_offset);
-
- if (cc->ct_mark_mask) {
- const ovs_be32 value = htonl(cc->ct_mark);
- const ovs_be32 mask = htonl(cc->ct_mark_mask);
- ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_MARK), &value, &mask);
- }
-
- if (!ovs_be128_is_zero(cc->ct_label_mask)) {
- ofpact_put_set_field(ofpacts, mf_from_id(MFF_CT_LABEL), &cc->ct_label,
- &cc->ct_label_mask);
- }
-
- ofpacts->header = ofpbuf_push_uninit(ofpacts, set_field_offset);
- ct = ofpacts->header;
- ofpact_finish(ofpacts, &ct->ofpact);
-}
-
-static void
-ovnact_ct_commit_free(struct ovnact_ct_commit *cc OVS_UNUSED)
-{
-}
-
-static void
-parse_ct_nat(struct action_context *ctx, const char *name,
- struct ovnact_ct_nat *cn)
-{
- add_prerequisite(ctx, "ip");
-
- if (ctx->pp->cur_ltable >= ctx->pp->n_tables) {
- lexer_error(ctx->lexer,
- "\"%s\" action not allowed in last table.", name);
- return;
- }
- cn->ltable = ctx->pp->cur_ltable + 1;
-
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- if (ctx->lexer->token.type != LEX_T_INTEGER
- || ctx->lexer->token.format != LEX_F_IPV4) {
- lexer_syntax_error(ctx->lexer, "expecting IPv4 address");
- return;
- }
- cn->ip = ctx->lexer->token.value.ipv4;
- lexer_get(ctx->lexer);
-
- if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- return;
- }
- }
-}
-
-static void
-parse_CT_DNAT(struct action_context *ctx)
-{
- parse_ct_nat(ctx, "ct_dnat", ovnact_put_CT_DNAT(ctx->ovnacts));
-}
-
-static void
-parse_CT_SNAT(struct action_context *ctx)
-{
- parse_ct_nat(ctx, "ct_snat", ovnact_put_CT_SNAT(ctx->ovnacts));
-}
-
-static void
-format_ct_nat(const struct ovnact_ct_nat *cn, const char *name, struct ds *s)
-{
- ds_put_cstr(s, name);
- if (cn->ip) {
- ds_put_format(s, "("IP_FMT")", IP_ARGS(cn->ip));
- }
- ds_put_char(s, ';');
-}
-
-static void
-format_CT_DNAT(const struct ovnact_ct_nat *cn, struct ds *s)
-{
- format_ct_nat(cn, "ct_dnat", s);
-}
-
-static void
-format_CT_SNAT(const struct ovnact_ct_nat *cn, struct ds *s)
-{
- format_ct_nat(cn, "ct_snat", s);
-}
-
-static void
-encode_ct_nat(const struct ovnact_ct_nat *cn,
- const struct ovnact_encode_params *ep,
- bool snat, struct ofpbuf *ofpacts)
-{
- const size_t ct_offset = ofpacts->size;
- ofpbuf_pull(ofpacts, ct_offset);
-
- struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
- ct->recirc_table = cn->ltable + first_ptable(ep, ep->pipeline);
- if (snat) {
- ct->zone_src.field = mf_from_id(MFF_LOG_SNAT_ZONE);
- } else {
- ct->zone_src.field = mf_from_id(MFF_LOG_DNAT_ZONE);
- }
- ct->zone_src.ofs = 0;
- ct->zone_src.n_bits = 16;
- ct->flags = 0;
- ct->alg = 0;
-
- struct ofpact_nat *nat;
- size_t nat_offset;
- nat_offset = ofpacts->size;
- ofpbuf_pull(ofpacts, nat_offset);
-
- nat = ofpact_put_NAT(ofpacts);
- nat->flags = 0;
- nat->range_af = AF_UNSPEC;
-
- if (cn->ip) {
- nat->range_af = AF_INET;
- nat->range.addr.ipv4.min = cn->ip;
- if (snat) {
- nat->flags |= NX_NAT_F_SRC;
- } else {
- nat->flags |= NX_NAT_F_DST;
- }
- }
-
- ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset);
- ct = ofpacts->header;
- if (cn->ip) {
- ct->flags |= NX_CT_F_COMMIT;
- }
- ofpact_finish(ofpacts, &ct->ofpact);
- ofpbuf_push_uninit(ofpacts, ct_offset);
-}
-
-static void
-encode_CT_DNAT(const struct ovnact_ct_nat *cn,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_ct_nat(cn, ep, false, ofpacts);
-}
-
-static void
-encode_CT_SNAT(const struct ovnact_ct_nat *cn,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_ct_nat(cn, ep, true, ofpacts);
-}
-
-static void
-ovnact_ct_nat_free(struct ovnact_ct_nat *ct_nat OVS_UNUSED)
-{
-}
-
-static void
-parse_ct_lb_action(struct action_context *ctx)
-{
- if (ctx->pp->cur_ltable >= ctx->pp->n_tables) {
- lexer_error(ctx->lexer, "\"ct_lb\" action not allowed in last table.");
- return;
- }
-
- add_prerequisite(ctx, "ip");
-
- struct ovnact_ct_lb_dst *dsts = NULL;
- size_t allocated_dsts = 0;
- size_t n_dsts = 0;
-
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- struct ovnact_ct_lb_dst dst;
- if (lexer_match(ctx->lexer, LEX_T_LSQUARE)) {
- /* IPv6 address and port */
- if (ctx->lexer->token.type != LEX_T_INTEGER
- || ctx->lexer->token.format != LEX_F_IPV6) {
- free(dsts);
- lexer_syntax_error(ctx->lexer, "expecting IPv6 address");
- return;
- }
- dst.family = AF_INET6;
- dst.ipv6 = ctx->lexer->token.value.ipv6;
-
- lexer_get(ctx->lexer);
- if (!lexer_match(ctx->lexer, LEX_T_RSQUARE)) {
- free(dsts);
- lexer_syntax_error(ctx->lexer, "no closing square "
- "bracket");
- return;
- }
- dst.port = 0;
- if (lexer_match(ctx->lexer, LEX_T_COLON)
- && !action_parse_port(ctx, &dst.port)) {
- free(dsts);
- return;
- }
- } else {
- if (ctx->lexer->token.type != LEX_T_INTEGER
- || (ctx->lexer->token.format != LEX_F_IPV4
- && ctx->lexer->token.format != LEX_F_IPV6)) {
- free(dsts);
- lexer_syntax_error(ctx->lexer, "expecting IP address");
- return;
- }
-
- /* Parse IP. */
- if (ctx->lexer->token.format == LEX_F_IPV4) {
- dst.family = AF_INET;
- dst.ipv4 = ctx->lexer->token.value.ipv4;
- } else {
- dst.family = AF_INET6;
- dst.ipv6 = ctx->lexer->token.value.ipv6;
- }
-
- lexer_get(ctx->lexer);
- dst.port = 0;
- if (lexer_match(ctx->lexer, LEX_T_COLON)) {
- if (dst.family == AF_INET6) {
- free(dsts);
- lexer_syntax_error(ctx->lexer, "IPv6 address needs "
- "square brackets if port is included");
- return;
- } else if (!action_parse_port(ctx, &dst.port)) {
- free(dsts);
- return;
- }
- }
- }
- lexer_match(ctx->lexer, LEX_T_COMMA);
-
- /* Append to dsts. */
- if (n_dsts >= allocated_dsts) {
- dsts = x2nrealloc(dsts, &allocated_dsts, sizeof *dsts);
- }
- dsts[n_dsts++] = dst;
- }
- }
-
- struct ovnact_ct_lb *cl = ovnact_put_CT_LB(ctx->ovnacts);
- cl->ltable = ctx->pp->cur_ltable + 1;
- cl->dsts = dsts;
- cl->n_dsts = n_dsts;
-}
-
-static void
-format_CT_LB(const struct ovnact_ct_lb *cl, struct ds *s)
-{
- ds_put_cstr(s, "ct_lb");
- if (cl->n_dsts) {
- ds_put_char(s, '(');
- for (size_t i = 0; i < cl->n_dsts; i++) {
- if (i) {
- ds_put_cstr(s, ", ");
- }
-
- const struct ovnact_ct_lb_dst *dst = &cl->dsts[i];
- if (dst->family == AF_INET) {
- ds_put_format(s, IP_FMT, IP_ARGS(dst->ipv4));
- if (dst->port) {
- ds_put_format(s, ":%"PRIu16, dst->port);
- }
- } else {
- if (dst->port) {
- ds_put_char(s, '[');
- }
- ipv6_format_addr(&dst->ipv6, s);
- if (dst->port) {
- ds_put_format(s, "]:%"PRIu16, dst->port);
- }
- }
- }
- ds_put_char(s, ')');
- }
- ds_put_char(s, ';');
-}
-
-static void
-encode_CT_LB(const struct ovnact_ct_lb *cl,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- uint8_t recirc_table = cl->ltable + first_ptable(ep, ep->pipeline);
- if (!cl->n_dsts) {
- /* ct_lb without any destinations means that this is an established
- * connection and we just need to do a NAT. */
- const size_t ct_offset = ofpacts->size;
- ofpbuf_pull(ofpacts, ct_offset);
-
- struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
- struct ofpact_nat *nat;
- size_t nat_offset;
- ct->zone_src.field = ep->is_switch ? mf_from_id(MFF_LOG_CT_ZONE)
- : mf_from_id(MFF_LOG_DNAT_ZONE);
- ct->zone_src.ofs = 0;
- ct->zone_src.n_bits = 16;
- ct->flags = 0;
- ct->recirc_table = recirc_table;
- ct->alg = 0;
-
- nat_offset = ofpacts->size;
- ofpbuf_pull(ofpacts, nat_offset);
-
- nat = ofpact_put_NAT(ofpacts);
- nat->flags = 0;
- nat->range_af = AF_UNSPEC;
-
- ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset);
- ct = ofpacts->header;
- ofpact_finish(ofpacts, &ct->ofpact);
- ofpbuf_push_uninit(ofpacts, ct_offset);
- return;
- }
-
- uint32_t table_id = 0;
- struct ofpact_group *og;
- uint32_t zone_reg = ep->is_switch ? MFF_LOG_CT_ZONE - MFF_REG0
- : MFF_LOG_DNAT_ZONE - MFF_REG0;
-
- struct ds ds = DS_EMPTY_INITIALIZER;
- ds_put_format(&ds, "type=select,selection_method=dp_hash");
-
- BUILD_ASSERT(MFF_LOG_CT_ZONE >= MFF_REG0);
- BUILD_ASSERT(MFF_LOG_CT_ZONE < MFF_REG0 + FLOW_N_REGS);
- BUILD_ASSERT(MFF_LOG_DNAT_ZONE >= MFF_REG0);
- BUILD_ASSERT(MFF_LOG_DNAT_ZONE < MFF_REG0 + FLOW_N_REGS);
- for (size_t bucket_id = 0; bucket_id < cl->n_dsts; bucket_id++) {
- const struct ovnact_ct_lb_dst *dst = &cl->dsts[bucket_id];
- char ip_addr[INET6_ADDRSTRLEN];
- if (dst->family == AF_INET) {
- inet_ntop(AF_INET, &dst->ipv4, ip_addr, sizeof ip_addr);
- } else {
- inet_ntop(AF_INET6, &dst->ipv6, ip_addr, sizeof ip_addr);
- }
- ds_put_format(&ds, ",bucket=bucket_id=%"PRIuSIZE",weight:100,actions="
- "ct(nat(dst=%s%s%s", bucket_id,
- dst->family == AF_INET6 && dst->port ? "[" : "",
- ip_addr,
- dst->family == AF_INET6 && dst->port ? "]" : "");
- if (dst->port) {
- ds_put_format(&ds, ":%"PRIu16, dst->port);
- }
- ds_put_format(&ds, "),commit,table=%d,zone=NXM_NX_REG%d[0..15])",
- recirc_table, zone_reg);
- }
-
- table_id = ovn_extend_table_assign_id(ep->group_table, ds_cstr(&ds),
- ep->lflow_uuid);
- ds_destroy(&ds);
- if (table_id == EXT_TABLE_ID_INVALID) {
- return;
- }
-
- /* Create an action to set the group. */
- og = ofpact_put_GROUP(ofpacts);
- og->group_id = table_id;
-}
-
-static void
-ovnact_ct_lb_free(struct ovnact_ct_lb *ct_lb)
-{
- free(ct_lb->dsts);
-}
-
-static void
-format_CT_CLEAR(const struct ovnact_null *null OVS_UNUSED, struct ds *s)
-{
- ds_put_cstr(s, "ct_clear;");
-}
-
-static void
-encode_CT_CLEAR(const struct ovnact_null *null OVS_UNUSED,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- ofpact_put_CT_CLEAR(ofpacts);
-}
-
-/* Implements the "arp", "nd_na", and "clone" actions, which execute nested
- * actions on a packet derived from the one being processed. */
-static void
-parse_nested_action(struct action_context *ctx, enum ovnact_type type,
- const char *prereq)
-{
- if (!lexer_force_match(ctx->lexer, LEX_T_LCURLY)) {
- return;
- }
-
- if (ctx->depth + 1 == MAX_NESTED_ACTION_DEPTH) {
- lexer_error(ctx->lexer, "maximum depth of nested actions reached");
- return;
- }
-
- uint64_t stub[1024 / 8];
- struct ofpbuf nested = OFPBUF_STUB_INITIALIZER(stub);
-
- struct action_context inner_ctx = {
- .pp = ctx->pp,
- .lexer = ctx->lexer,
- .ovnacts = &nested,
- .prereqs = NULL,
- .depth = ctx->depth + 1,
- };
- parse_actions(&inner_ctx, LEX_T_RCURLY);
-
- if (prereq) {
- /* XXX Not really sure what we should do with prerequisites for "arp"
- * and "nd_na" actions. */
- expr_destroy(inner_ctx.prereqs);
- add_prerequisite(ctx, prereq);
- } else {
- /* For "clone", the inner prerequisites should just add to the outer
- * ones. */
- ctx->prereqs = expr_combine(EXPR_T_AND,
- inner_ctx.prereqs, ctx->prereqs);
- }
-
- if (inner_ctx.lexer->error) {
- ovnacts_free(nested.data, nested.size);
- ofpbuf_uninit(&nested);
- return;
- }
-
- struct ovnact_nest *on = ovnact_put(ctx->ovnacts, type,
- OVNACT_ALIGN(sizeof *on));
- on->nested_len = nested.size;
- on->nested = ofpbuf_steal_data(&nested);
-}
-
-static void
-parse_ARP(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ARP, "ip4");
-}
-
-static void
-parse_ICMP4(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ICMP4, "ip4");
-}
-
-static void
-parse_ICMP4_ERROR(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ICMP4_ERROR, "ip4");
-}
-
-static void
-parse_ICMP6(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ICMP6, "ip6");
-}
-
-static void
-parse_TCP_RESET(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_TCP_RESET, "tcp");
-}
-
-static void
-parse_ND_NA(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ND_NA, "nd_ns");
-}
-
-static void
-parse_ND_NA_ROUTER(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ND_NA_ROUTER, "nd_ns");
-}
-
-static void
-parse_ND_NS(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_ND_NS, "ip6");
-}
-
-static void
-parse_CLONE(struct action_context *ctx)
-{
- parse_nested_action(ctx, OVNACT_CLONE, NULL);
-}
-
-static void
-format_nested_action(const struct ovnact_nest *on, const char *name,
- struct ds *s)
-{
- ds_put_format(s, "%s { ", name);
- ovnacts_format(on->nested, on->nested_len, s);
- ds_put_format(s, " };");
-}
-
-static void
-format_ARP(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "arp", s);
-}
-
-static void
-format_ICMP4(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "icmp4", s);
-}
-
-static void
-format_ICMP4_ERROR(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "icmp4_error", s);
-}
-
-static void
-format_ICMP6(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "icmp6", s);
-}
-
-static void
-format_IGMP(const struct ovnact_null *a OVS_UNUSED, struct ds *s)
-{
- ds_put_cstr(s, "igmp;");
-}
-
-static void
-format_TCP_RESET(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "tcp_reset", s);
-}
-
-static void
-format_ND_NA(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "nd_na", s);
-}
-
-static void
-format_ND_NA_ROUTER(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "nd_na_router", s);
-}
-
-static void
-format_ND_NS(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "nd_ns", s);
-}
-
-static void
-format_CLONE(const struct ovnact_nest *nest, struct ds *s)
-{
- format_nested_action(nest, "clone", s);
-}
-
-static void
-format_TRIGGER_EVENT(const struct ovnact_controller_event *event,
- struct ds *s)
-{
- ds_put_format(s, "trigger_event(event = \"%s\"",
- event_to_string(event->event_type));
- for (const struct ovnact_gen_option *o = event->options;
- o < &event->options[event->n_options]; o++) {
- ds_put_cstr(s, ", ");
- ds_put_format(s, "%s = ", o->option->name);
- expr_constant_set_format(&o->value, s);
- }
- ds_put_cstr(s, ");");
-}
-
-static void
-encode_nested_actions(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- enum action_opcode opcode,
- struct ofpbuf *ofpacts)
-{
- /* Convert nested actions into ofpacts. */
- uint64_t inner_ofpacts_stub[1024 / 8];
- struct ofpbuf inner_ofpacts = OFPBUF_STUB_INITIALIZER(inner_ofpacts_stub);
- ovnacts_encode(on->nested, on->nested_len, ep, &inner_ofpacts);
-
- /* Add a "controller" action with the actions nested inside "{...}",
- * converted to OpenFlow, as its userdata. ovn-controller will convert the
- * packet to ARP or NA and then send the packet and actions back to the
- * switch inside an OFPT_PACKET_OUT message. */
- size_t oc_offset = encode_start_controller_op(opcode, false,
- NX_CTLR_NO_METER, ofpacts);
- ofpacts_put_openflow_actions(inner_ofpacts.data, inner_ofpacts.size,
- ofpacts, OFP13_VERSION);
- encode_finish_controller_op(oc_offset, ofpacts);
-
- /* Free memory. */
- ofpbuf_uninit(&inner_ofpacts);
-}
-
-static void
-encode_ARP(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ARP, ofpacts);
-}
-
-static void
-encode_ICMP4(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ICMP, ofpacts);
-}
-
-static void
-encode_ICMP4_ERROR(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ICMP4_ERROR, ofpacts);
-}
-
-static void
-encode_ICMP6(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ICMP, ofpacts);
-}
-
-static void
-encode_IGMP(const struct ovnact_null *a OVS_UNUSED,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- encode_controller_op(ACTION_OPCODE_IGMP, ofpacts);
-}
-
-static void
-encode_TCP_RESET(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_TCP_RESET, ofpacts);
-}
-
-static void
-encode_ND_NA(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ND_NA, ofpacts);
-}
-
-static void
-encode_ND_NA_ROUTER(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ND_NA_ROUTER, ofpacts);
-}
-
-static void
-encode_ND_NS(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_nested_actions(on, ep, ACTION_OPCODE_ND_NS, ofpacts);
-}
-
-static void
-encode_CLONE(const struct ovnact_nest *on,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- size_t ofs = ofpacts->size;
- ofpact_put_CLONE(ofpacts);
- ovnacts_encode(on->nested, on->nested_len, ep, ofpacts);
-
- struct ofpact_nest *clone = ofpbuf_at_assert(ofpacts, ofs, sizeof *clone);
- ofpacts->header = clone;
- ofpact_finish_CLONE(ofpacts, &clone);
-}
-
-static void
-encode_event_empty_lb_backends_opts(struct ofpbuf *ofpacts,
- const struct ovnact_controller_event *event)
-{
- for (const struct ovnact_gen_option *o = event->options;
- o < &event->options[event->n_options]; o++) {
- struct controller_event_opt_header *hdr =
- ofpbuf_put_uninit(ofpacts, sizeof *hdr);
- const union expr_constant *c = o->value.values;
- size_t size;
- hdr->opt_code = htons(o->option->code);
- if (!strcmp(o->option->type, "str")) {
- size = strlen(c->string);
- hdr->size = htons(size);
- ofpbuf_put(ofpacts, c->string, size);
- } else {
- /* All empty_lb_backends fields are of type 'str' */
- OVS_NOT_REACHED();
- }
- }
-}
-
-static void
-encode_TRIGGER_EVENT(const struct ovnact_controller_event *event,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- size_t oc_offset;
-
- oc_offset = encode_start_controller_op(ACTION_OPCODE_EVENT, false,
- NX_CTLR_NO_METER, ofpacts);
- ovs_be32 ofs = htonl(event->event_type);
- ofpbuf_put(ofpacts, &ofs, sizeof ofs);
-
- switch (event->event_type) {
- case OVN_EVENT_EMPTY_LB_BACKENDS:
- encode_event_empty_lb_backends_opts(ofpacts, event);
- break;
- case OVN_EVENT_MAX:
- default:
- OVS_NOT_REACHED();
- }
-
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-static void
-ovnact_nest_free(struct ovnact_nest *on)
-{
- ovnacts_free(on->nested, on->nested_len);
- free(on->nested);
-}
-
-static void
-parse_get_mac_bind(struct action_context *ctx, int width,
- struct ovnact_get_mac_bind *get_mac)
-{
- lexer_force_match(ctx->lexer, LEX_T_LPAREN);
- action_parse_field(ctx, 0, false, &get_mac->port);
- lexer_force_match(ctx->lexer, LEX_T_COMMA);
- action_parse_field(ctx, width, false, &get_mac->ip);
- lexer_force_match(ctx->lexer, LEX_T_RPAREN);
-}
-
-static void
-format_get_mac_bind(const struct ovnact_get_mac_bind *get_mac,
- const char *name, struct ds *s)
-{
- ds_put_format(s, "%s(", name);
- expr_field_format(&get_mac->port, s);
- ds_put_cstr(s, ", ");
- expr_field_format(&get_mac->ip, s);
- ds_put_cstr(s, ");");
-}
-
-static void
-format_GET_ARP(const struct ovnact_get_mac_bind *get_mac, struct ds *s)
-{
- format_get_mac_bind(get_mac, "get_arp", s);
-}
-
-static void
-format_GET_ND(const struct ovnact_get_mac_bind *get_mac, struct ds *s)
-{
- format_get_mac_bind(get_mac, "get_nd", s);
-}
-
-static void
-encode_get_mac(const struct ovnact_get_mac_bind *get_mac,
- enum mf_field_id ip_field,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- const struct arg args[] = {
- { expr_resolve_field(&get_mac->port), MFF_LOG_OUTPORT },
- { expr_resolve_field(&get_mac->ip), ip_field },
- };
- encode_setup_args(args, ARRAY_SIZE(args), ofpacts);
-
- put_load(0, MFF_ETH_DST, 0, 48, ofpacts);
- emit_resubmit(ofpacts, ep->mac_bind_ptable);
-
- encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
-}
-
-static void
-encode_GET_ARP(const struct ovnact_get_mac_bind *get_mac,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_get_mac(get_mac, MFF_REG0, ep, ofpacts);
-}
-
-static void
-encode_GET_ND(const struct ovnact_get_mac_bind *get_mac,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- encode_get_mac(get_mac, MFF_XXREG0, ep, ofpacts);
-}
-
-static void
-ovnact_get_mac_bind_free(struct ovnact_get_mac_bind *get_mac OVS_UNUSED)
-{
-}
-
-static void
-parse_put_mac_bind(struct action_context *ctx, int width,
- struct ovnact_put_mac_bind *put_mac)
-{
- lexer_force_match(ctx->lexer, LEX_T_LPAREN);
- action_parse_field(ctx, 0, false, &put_mac->port);
- lexer_force_match(ctx->lexer, LEX_T_COMMA);
- action_parse_field(ctx, width, false, &put_mac->ip);
- lexer_force_match(ctx->lexer, LEX_T_COMMA);
- action_parse_field(ctx, 48, false, &put_mac->mac);
- lexer_force_match(ctx->lexer, LEX_T_RPAREN);
-}
-
-static void
-format_put_mac_bind(const struct ovnact_put_mac_bind *put_mac,
- const char *name, struct ds *s)
-{
- ds_put_format(s, "%s(", name);
- expr_field_format(&put_mac->port, s);
- ds_put_cstr(s, ", ");
- expr_field_format(&put_mac->ip, s);
- ds_put_cstr(s, ", ");
- expr_field_format(&put_mac->mac, s);
- ds_put_cstr(s, ");");
-}
-
-static void
-format_PUT_ARP(const struct ovnact_put_mac_bind *put_mac, struct ds *s)
-{
- format_put_mac_bind(put_mac, "put_arp", s);
-}
-
-static void
-format_PUT_ND(const struct ovnact_put_mac_bind *put_mac, struct ds *s)
-{
- format_put_mac_bind(put_mac, "put_nd", s);
-}
-
-static void
-encode_put_mac(const struct ovnact_put_mac_bind *put_mac,
- enum mf_field_id ip_field, enum action_opcode opcode,
- struct ofpbuf *ofpacts)
-{
- const struct arg args[] = {
- { expr_resolve_field(&put_mac->port), MFF_LOG_INPORT },
- { expr_resolve_field(&put_mac->ip), ip_field },
- { expr_resolve_field(&put_mac->mac), MFF_ETH_SRC }
- };
- encode_setup_args(args, ARRAY_SIZE(args), ofpacts);
- encode_controller_op(opcode, ofpacts);
- encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
-}
-
-static void
-encode_PUT_ARP(const struct ovnact_put_mac_bind *put_mac,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- encode_put_mac(put_mac, MFF_REG0, ACTION_OPCODE_PUT_ARP, ofpacts);
-}
-
-static void
-encode_PUT_ND(const struct ovnact_put_mac_bind *put_mac,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- encode_put_mac(put_mac, MFF_XXREG0, ACTION_OPCODE_PUT_ND, ofpacts);
-}
-
-static void
-ovnact_put_mac_bind_free(struct ovnact_put_mac_bind *put_mac OVS_UNUSED)
-{
-}
-
-static void
-parse_gen_opt(struct action_context *ctx, struct ovnact_gen_option *o,
- const struct hmap *gen_opts, const char *opts_type)
-{
- if (ctx->lexer->token.type != LEX_T_ID) {
- lexer_syntax_error(ctx->lexer, NULL);
- return;
- }
-
- o->option = gen_opts ? gen_opts_find(gen_opts, ctx->lexer->token.s) : NULL;
- if (!o->option) {
- lexer_syntax_error(ctx->lexer, "expecting %s option name", opts_type);
- return;
- }
- lexer_get(ctx->lexer);
-
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
-
- if (!expr_constant_set_parse(ctx->lexer, &o->value)) {
- memset(&o->value, 0, sizeof o->value);
- return;
- }
-
- if (!strcmp(o->option->type, "str")) {
- if (o->value.type != EXPR_C_STRING) {
- lexer_error(ctx->lexer, "%s option %s requires string value.",
- opts_type, o->option->name);
- return;
- }
- } else {
- if (o->value.type != EXPR_C_INTEGER) {
- lexer_error(ctx->lexer, "%s option %s requires numeric value.",
- opts_type, o->option->name);
- return;
- }
- }
-}
-
-static const struct ovnact_gen_option *
-find_offerip(const struct ovnact_gen_option *options, size_t n)
-{
- for (const struct ovnact_gen_option *o = options; o < &options[n]; o++) {
- if (o->option->code == 0) {
- return o;
- }
- }
- return NULL;
-}
-
-static void
-free_gen_options(struct ovnact_gen_option *options, size_t n)
-{
- for (struct ovnact_gen_option *o = options; o < &options[n]; o++) {
- expr_constant_set_destroy(&o->value);
- }
- free(options);
-}
-
-static void
-validate_empty_lb_backends(struct action_context *ctx,
- const struct ovnact_gen_option *options,
- size_t n_options)
-{
- for (const struct ovnact_gen_option *o = options;
- o < &options[n_options]; o++) {
- const union expr_constant *c = o->value.values;
- struct sockaddr_storage ss;
- struct uuid uuid;
-
- if (o->value.n_values > 1 || !c->string) {
- lexer_error(ctx->lexer, "Invalid value for \"%s\" option",
- o->option->name);
- return;
- }
-
- switch (o->option->code) {
- case EMPTY_LB_VIP:
- if (!inet_parse_active(c->string, 0, &ss, false)) {
- lexer_error(ctx->lexer, "Invalid load balancer VIP '%s'",
- c->string);
- return;
- }
- break;
- case EMPTY_LB_PROTOCOL:
- if (strcmp(c->string, "tcp") && strcmp(c->string, "udp")) {
- lexer_error(ctx->lexer,
- "Load balancer protocol '%s' is not 'tcp' or 'udp'",
- c->string);
- return;
- }
- break;
- case EMPTY_LB_LOAD_BALANCER:
- if (!uuid_from_string(&uuid, c->string)) {
- lexer_error(ctx->lexer, "Load balancer '%s' is not a UUID",
- c->string);
- return;
- }
- break;
- }
- }
-}
-
-static void
-parse_trigger_event(struct action_context *ctx,
- struct ovnact_controller_event *event)
-{
- int event_type = 0;
-
- lexer_force_match(ctx->lexer, LEX_T_LPAREN);
-
- /* Event type must be listed first */
- if (!lexer_match_id(ctx->lexer, "event")) {
- lexer_syntax_error(ctx->lexer, "Expecting 'event' option");
- return;
- }
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
-
- if (ctx->lexer->token.type != LEX_T_STRING ||
- strlen(ctx->lexer->token.s) >= 64) {
- lexer_syntax_error(ctx->lexer, "Expecting string");
- return;
- }
-
- event_type = string_to_event(ctx->lexer->token.s);
- if (event_type < 0 || event_type >= OVN_EVENT_MAX) {
- lexer_syntax_error(ctx->lexer, "Unknown event '%d'", event_type);
- return;
- }
-
- event->event_type = event_type;
- lexer_get(ctx->lexer);
-
- lexer_match(ctx->lexer, LEX_T_COMMA);
-
- size_t allocated_options = 0;
- while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- if (event->n_options >= allocated_options) {
- event->options = x2nrealloc(event->options, &allocated_options,
- sizeof *event->options);
- }
-
- struct ovnact_gen_option *o = &event->options[event->n_options++];
- memset(o, 0, sizeof *o);
- parse_gen_opt(ctx, o,
- &ctx->pp->controller_event_opts->event_opts[event_type],
- event_to_string(event_type));
- if (ctx->lexer->error) {
- return;
- }
-
- lexer_match(ctx->lexer, LEX_T_COMMA);
- }
-
- switch (event_type) {
- case OVN_EVENT_EMPTY_LB_BACKENDS:
- validate_empty_lb_backends(ctx, event->options, event->n_options);
- break;
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static void
-ovnact_controller_event_free(struct ovnact_controller_event *event OVS_UNUSED)
-{
-}
-
-static void
-parse_put_opts(struct action_context *ctx, const struct expr_field *dst,
- struct ovnact_put_opts *po, const struct hmap *gen_opts,
- const char *opts_type)
-{
- lexer_get(ctx->lexer); /* Skip put_dhcp[v6]_opts / put_nd_ra_opts. */
- lexer_get(ctx->lexer); /* Skip '('. */
-
- /* Validate that the destination is a 1-bit, modifiable field. */
- char *error = expr_type_check(dst, 1, true);
- if (error) {
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return;
- }
- po->dst = *dst;
-
- size_t allocated_options = 0;
- while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- if (po->n_options >= allocated_options) {
- po->options = x2nrealloc(po->options, &allocated_options,
- sizeof *po->options);
- }
-
- struct ovnact_gen_option *o = &po->options[po->n_options++];
- memset(o, 0, sizeof *o);
- parse_gen_opt(ctx, o, gen_opts, opts_type);
- if (ctx->lexer->error) {
- return;
- }
-
- lexer_match(ctx->lexer, LEX_T_COMMA);
- }
-}
-
-/* Parses the "put_dhcp_opts" and "put_dhcpv6_opts" actions.
- *
- * The caller has already consumed " =", so this just parses the rest. */
-static void
-parse_put_dhcp_opts(struct action_context *ctx,
- const struct expr_field *dst,
- struct ovnact_put_opts *po)
-{
- const struct hmap *dhcp_opts =
- (po->ovnact.type == OVNACT_PUT_DHCPV6_OPTS) ?
- ctx->pp->dhcpv6_opts : ctx->pp->dhcp_opts;
- const char *opts_type =
- (po->ovnact.type == OVNACT_PUT_DHCPV6_OPTS) ? "DHCPv6" : "DHCPv4";
-
- parse_put_opts(ctx, dst, po, dhcp_opts, opts_type);
-
- if (!ctx->lexer->error && po->ovnact.type == OVNACT_PUT_DHCPV4_OPTS
- && !find_offerip(po->options, po->n_options)) {
- lexer_error(ctx->lexer,
- "put_dhcp_opts requires offerip to be specified.");
- return;
- }
-}
-
-static void
-format_put_opts(const char *name, const struct ovnact_put_opts *pdo,
- struct ds *s)
-{
- expr_field_format(&pdo->dst, s);
- ds_put_format(s, " = %s(", name);
- for (const struct ovnact_gen_option *o = pdo->options;
- o < &pdo->options[pdo->n_options]; o++) {
- if (o != pdo->options) {
- ds_put_cstr(s, ", ");
- }
- ds_put_format(s, "%s = ", o->option->name);
- expr_constant_set_format(&o->value, s);
- }
- ds_put_cstr(s, ");");
-}
-
-static void
-format_PUT_DHCPV4_OPTS(const struct ovnact_put_opts *pdo, struct ds *s)
-{
- format_put_opts("put_dhcp_opts", pdo, s);
-}
-
-static void
-format_PUT_DHCPV6_OPTS(const struct ovnact_put_opts *pdo, struct ds *s)
-{
- format_put_opts("put_dhcpv6_opts", pdo, s);
-}
-
-static void
-encode_put_dhcpv4_option(const struct ovnact_gen_option *o,
- struct ofpbuf *ofpacts)
-{
- uint8_t *opt_header = ofpbuf_put_zeros(ofpacts, 2);
- opt_header[0] = o->option->code;
-
- const union expr_constant *c = o->value.values;
- size_t n_values = o->value.n_values;
- if (!strcmp(o->option->type, "bool") ||
- !strcmp(o->option->type, "uint8")) {
- opt_header[1] = 1;
- ofpbuf_put(ofpacts, &c->value.u8_val, 1);
- } else if (!strcmp(o->option->type, "uint16")) {
- opt_header[1] = 2;
- ofpbuf_put(ofpacts, &c->value.be16_int, 2);
- } else if (!strcmp(o->option->type, "uint32")) {
- opt_header[1] = 4;
- ofpbuf_put(ofpacts, &c->value.be32_int, 4);
- } else if (!strcmp(o->option->type, "ipv4")) {
- opt_header[1] = n_values * sizeof(ovs_be32);
- for (size_t i = 0; i < n_values; i++) {
- ofpbuf_put(ofpacts, &c[i].value.ipv4, sizeof(ovs_be32));
- }
- } else if (!strcmp(o->option->type, "static_routes")) {
- size_t no_of_routes = n_values;
- if (no_of_routes % 2) {
- no_of_routes -= 1;
- }
- opt_header[1] = 0;
-
- /* Calculating the length of this option first because when
- * we call ofpbuf_put, it might reallocate the buffer if the
- * tail room is short making "opt_header" pointer invalid.
- * So running the for loop twice.
- */
- for (size_t i = 0; i < no_of_routes; i += 2) {
- uint8_t plen = 32;
- if (c[i].masked) {
- plen = (uint8_t) ip_count_cidr_bits(c[i].mask.ipv4);
- }
- opt_header[1] += (1 + DIV_ROUND_UP(plen, 8) + sizeof(ovs_be32));
- }
-
- /* Copied from RFC 3442. Please refer to this RFC for the format of
- * the classless static route option.
- *
- * The following table contains some examples of how various subnet
- * number/mask combinations can be encoded:
- *
- * Subnet number Subnet mask Destination descriptor
- * 0 0 0
- * 10.0.0.0 255.0.0.0 8.10
- * 10.0.0.0 255.255.255.0 24.10.0.0
- * 10.17.0.0 255.255.0.0 16.10.17
- * 10.27.129.0 255.255.255.0 24.10.27.129
- * 10.229.0.128 255.255.255.128 25.10.229.0.128
- * 10.198.122.47 255.255.255.255 32.10.198.122.47
- */
-
- for (size_t i = 0; i < no_of_routes; i += 2) {
- uint8_t plen = 32;
- if (c[i].masked) {
- plen = ip_count_cidr_bits(c[i].mask.ipv4);
- }
- ofpbuf_put(ofpacts, &plen, 1);
- ofpbuf_put(ofpacts, &c[i].value.ipv4, DIV_ROUND_UP(plen, 8));
- ofpbuf_put(ofpacts, &c[i + 1].value.ipv4,
- sizeof(ovs_be32));
- }
- } else if (!strcmp(o->option->type, "str")) {
- opt_header[1] = strlen(c->string);
- ofpbuf_put(ofpacts, c->string, opt_header[1]);
- }
-}
-
-static void
-encode_put_dhcpv6_option(const struct ovnact_gen_option *o,
- struct ofpbuf *ofpacts)
-{
- struct dhcp_opt6_header *opt = ofpbuf_put_uninit(ofpacts, sizeof *opt);
- const union expr_constant *c = o->value.values;
- size_t n_values = o->value.n_values;
- size_t size;
-
- opt->opt_code = htons(o->option->code);
-
- if (!strcmp(o->option->type, "ipv6")) {
- size = n_values * sizeof(struct in6_addr);
- opt->size = htons(size);
- for (size_t i = 0; i < n_values; i++) {
- ofpbuf_put(ofpacts, &c[i].value.ipv6, sizeof(struct in6_addr));
- }
- } else if (!strcmp(o->option->type, "mac")) {
- size = sizeof(struct eth_addr);
- opt->size = htons(size);
- ofpbuf_put(ofpacts, &c->value.mac, size);
- } else if (!strcmp(o->option->type, "str")) {
- size = strlen(c->string);
- opt->size = htons(size);
- ofpbuf_put(ofpacts, c->string, size);
- }
-}
-
-static void
-encode_PUT_DHCPV4_OPTS(const struct ovnact_put_opts *pdo,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct mf_subfield dst = expr_resolve_field(&pdo->dst);
-
- size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_PUT_DHCP_OPTS,
- true, NX_CTLR_NO_METER,
- ofpacts);
- nx_put_header(ofpacts, dst.field->id, OFP13_VERSION, false);
- ovs_be32 ofs = htonl(dst.ofs);
- ofpbuf_put(ofpacts, &ofs, sizeof ofs);
-
- /* Encode the offerip option first, because it's a special case and needs
- * to be first in the actual DHCP response, and then encode the rest
- * (skipping offerip the second time around). */
- const struct ovnact_gen_option *offerip_opt = find_offerip(
- pdo->options, pdo->n_options);
- ovs_be32 offerip = offerip_opt->value.values[0].value.ipv4;
- ofpbuf_put(ofpacts, &offerip, sizeof offerip);
-
- for (const struct ovnact_gen_option *o = pdo->options;
- o < &pdo->options[pdo->n_options]; o++) {
- if (o != offerip_opt) {
- encode_put_dhcpv4_option(o, ofpacts);
- }
- }
-
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-static void
-encode_PUT_DHCPV6_OPTS(const struct ovnact_put_opts *pdo,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct mf_subfield dst = expr_resolve_field(&pdo->dst);
-
- size_t oc_offset = encode_start_controller_op(
- ACTION_OPCODE_PUT_DHCPV6_OPTS, true, NX_CTLR_NO_METER, ofpacts);
- nx_put_header(ofpacts, dst.field->id, OFP13_VERSION, false);
- ovs_be32 ofs = htonl(dst.ofs);
- ofpbuf_put(ofpacts, &ofs, sizeof ofs);
-
- for (const struct ovnact_gen_option *o = pdo->options;
- o < &pdo->options[pdo->n_options]; o++) {
- encode_put_dhcpv6_option(o, ofpacts);
- }
-
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-static void
-ovnact_put_opts_free(struct ovnact_put_opts *pdo)
-{
- free_gen_options(pdo->options, pdo->n_options);
-}
-
-static void
-parse_SET_QUEUE(struct action_context *ctx)
-{
- int queue_id;
-
- if (!lexer_force_match(ctx->lexer, LEX_T_LPAREN)
- || !lexer_get_int(ctx->lexer, &queue_id)
- || !lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- return;
- }
-
- if (queue_id < QDISC_MIN_QUEUE_ID || queue_id > QDISC_MAX_QUEUE_ID) {
- lexer_error(ctx->lexer, "Queue ID %d for set_queue is "
- "not in valid range %d to %d.",
- queue_id, QDISC_MIN_QUEUE_ID, QDISC_MAX_QUEUE_ID);
- return;
- }
-
- ovnact_put_SET_QUEUE(ctx->ovnacts)->queue_id = queue_id;
-}
-
-static void
-format_SET_QUEUE(const struct ovnact_set_queue *set_queue, struct ds *s)
-{
- ds_put_format(s, "set_queue(%d);", set_queue->queue_id);
-}
-
-static void
-encode_SET_QUEUE(const struct ovnact_set_queue *set_queue,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- ofpact_put_SET_QUEUE(ofpacts)->queue_id = set_queue->queue_id;
-}
-
-static void
-ovnact_set_queue_free(struct ovnact_set_queue *a OVS_UNUSED)
-{
-}
-
-static void
-parse_dns_lookup(struct action_context *ctx, const struct expr_field *dst,
- struct ovnact_dns_lookup *dl)
-{
- lexer_get(ctx->lexer); /* Skip dns_lookup. */
- lexer_get(ctx->lexer); /* Skip '('. */
- if (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- lexer_error(ctx->lexer, "dns_lookup doesn't take any parameters");
- return;
- }
- /* Validate that the destination is a 1-bit, modifiable field. */
- char *error = expr_type_check(dst, 1, true);
- if (error) {
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return;
- }
- dl->dst = *dst;
- add_prerequisite(ctx, "udp");
-}
-
-static void
-format_DNS_LOOKUP(const struct ovnact_dns_lookup *dl, struct ds *s)
-{
- expr_field_format(&dl->dst, s);
- ds_put_cstr(s, " = dns_lookup();");
-}
-
-static void
-encode_DNS_LOOKUP(const struct ovnact_dns_lookup *dl,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct mf_subfield dst = expr_resolve_field(&dl->dst);
-
- size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_DNS_LOOKUP,
- true, NX_CTLR_NO_METER,
- ofpacts);
- nx_put_header(ofpacts, dst.field->id, OFP13_VERSION, false);
- ovs_be32 ofs = htonl(dst.ofs);
- ofpbuf_put(ofpacts, &ofs, sizeof ofs);
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-
-static void
-ovnact_dns_lookup_free(struct ovnact_dns_lookup *dl OVS_UNUSED)
-{
-}
-
-/* Parses the "put_nd_ra_opts" action.
- * The caller has already consumed " =", so this just parses the rest. */
-static void
-parse_put_nd_ra_opts(struct action_context *ctx, const struct expr_field *dst,
- struct ovnact_put_opts *po)
-{
- parse_put_opts(ctx, dst, po, ctx->pp->nd_ra_opts, "IPv6 ND RA");
-
- if (ctx->lexer->error) {
- return;
- }
-
- bool addr_mode_stateful = false;
- bool prefix_set = false;
- bool slla_present = false;
- /* Let's validate the options. */
- for (struct ovnact_gen_option *o = po->options;
- o < &po->options[po->n_options]; o++) {
- const union expr_constant *c = o->value.values;
- if (o->value.n_values > 1) {
- lexer_error(ctx->lexer, "Invalid value for \"%s\" option",
- o->option->name);
- return;
- }
-
- bool ok = true;
- switch (o->option->code) {
- case ND_RA_FLAG_ADDR_MODE:
- ok = (c->string && (!strcmp(c->string, "slaac") ||
- !strcmp(c->string, "dhcpv6_stateful") ||
- !strcmp(c->string, "dhcpv6_stateless")));
- if (ok && !strcmp(c->string, "dhcpv6_stateful")) {
- addr_mode_stateful = true;
- }
- break;
-
- case ND_OPT_SOURCE_LINKADDR:
- ok = c->format == LEX_F_ETHERNET;
- slla_present = true;
- break;
-
- case ND_OPT_PREFIX_INFORMATION:
- ok = c->format == LEX_F_IPV6 && c->masked;
- prefix_set = true;
- break;
-
- case ND_OPT_MTU:
- ok = c->format == LEX_F_DECIMAL;
- break;
- }
-
- if (!ok) {
- lexer_error(ctx->lexer, "Invalid value for \"%s\" option",
- o->option->name);
- return;
- }
- }
-
- if (!slla_present) {
- lexer_error(ctx->lexer, "slla option not present");
- return;
- }
-
- if (!addr_mode_stateful && !prefix_set) {
- lexer_error(ctx->lexer, "prefix option needs "
- "to be set when address mode is slaac/dhcpv6_stateless.");
- return;
- }
-
- add_prerequisite(ctx, "ip6");
-}
-
-static void
-format_PUT_ND_RA_OPTS(const struct ovnact_put_opts *po,
- struct ds *s)
-{
- format_put_opts("put_nd_ra_opts", po, s);
-}
-
-static void
-encode_put_nd_ra_option(const struct ovnact_gen_option *o,
- struct ofpbuf *ofpacts, ptrdiff_t ra_offset)
-{
- const union expr_constant *c = o->value.values;
-
- switch (o->option->code) {
- case ND_RA_FLAG_ADDR_MODE:
- {
- struct ovs_ra_msg *ra = ofpbuf_at(ofpacts, ra_offset, sizeof *ra);
- if (!strcmp(c->string, "dhcpv6_stateful")) {
- ra->mo_flags = IPV6_ND_RA_FLAG_MANAGED_ADDR_CONFIG;
- } else if (!strcmp(c->string, "dhcpv6_stateless")) {
- ra->mo_flags = IPV6_ND_RA_FLAG_OTHER_ADDR_CONFIG;
- }
- break;
- }
-
- case ND_OPT_SOURCE_LINKADDR:
- {
- struct ovs_nd_lla_opt *lla_opt =
- ofpbuf_put_uninit(ofpacts, sizeof *lla_opt);
- lla_opt->type = ND_OPT_SOURCE_LINKADDR;
- lla_opt->len = 1;
- lla_opt->mac = c->value.mac;
- break;
- }
-
- case ND_OPT_MTU:
- {
- struct ovs_nd_mtu_opt *mtu_opt =
- ofpbuf_put_uninit(ofpacts, sizeof *mtu_opt);
- mtu_opt->type = ND_OPT_MTU;
- mtu_opt->len = 1;
- mtu_opt->reserved = 0;
- put_16aligned_be32(&mtu_opt->mtu, c->value.be32_int);
- break;
- }
-
- case ND_OPT_PREFIX_INFORMATION:
- {
- struct ovs_nd_prefix_opt *prefix_opt =
- ofpbuf_put_uninit(ofpacts, sizeof *prefix_opt);
- uint8_t prefix_len = ipv6_count_cidr_bits(&c->mask.ipv6);
- struct ovs_ra_msg *ra = ofpbuf_at(ofpacts, ra_offset, sizeof *ra);
- prefix_opt->type = ND_OPT_PREFIX_INFORMATION;
- prefix_opt->len = 4;
- prefix_opt->prefix_len = prefix_len;
- prefix_opt->la_flags = IPV6_ND_RA_OPT_PREFIX_ON_LINK;
- if (!(ra->mo_flags & IPV6_ND_RA_FLAG_MANAGED_ADDR_CONFIG)) {
- prefix_opt->la_flags |= IPV6_ND_RA_OPT_PREFIX_AUTONOMOUS;
- }
- put_16aligned_be32(&prefix_opt->valid_lifetime,
- htonl(IPV6_ND_RA_OPT_PREFIX_VALID_LIFETIME));
- put_16aligned_be32(&prefix_opt->preferred_lifetime,
- htonl(IPV6_ND_RA_OPT_PREFIX_PREFERRED_LIFETIME));
- put_16aligned_be32(&prefix_opt->reserved, 0);
- memcpy(prefix_opt->prefix.be32, &c->value.be128[7].be32,
- sizeof(ovs_be32[4]));
- break;
- }
- }
-}
-
-static void
-encode_PUT_ND_RA_OPTS(const struct ovnact_put_opts *po,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct mf_subfield dst = expr_resolve_field(&po->dst);
-
- size_t oc_offset = encode_start_controller_op(
- ACTION_OPCODE_PUT_ND_RA_OPTS, true, NX_CTLR_NO_METER, ofpacts);
- nx_put_header(ofpacts, dst.field->id, OFP13_VERSION, false);
- ovs_be32 ofs = htonl(dst.ofs);
- ofpbuf_put(ofpacts, &ofs, sizeof ofs);
-
- /* Frame the complete ICMPv6 Router Advertisement data encoding
- * the ND RA options in it, in the userdata field, so that when
- * pinctrl module receives the ICMPv6 Router Solicitation packet
- * it can copy the userdata field AS IS and resume the packet.
- */
- size_t ra_offset = ofpacts->size;
- struct ovs_ra_msg *ra = ofpbuf_put_zeros(ofpacts, sizeof *ra);
- ra->icmph.icmp6_type = ND_ROUTER_ADVERT;
- ra->cur_hop_limit = IPV6_ND_RA_CUR_HOP_LIMIT;
- ra->mo_flags = 0;
- ra->router_lifetime = htons(IPV6_ND_RA_LIFETIME);
-
- for (const struct ovnact_gen_option *o = po->options;
- o < &po->options[po->n_options]; o++) {
- encode_put_nd_ra_option(o, ofpacts, ra_offset);
- }
-
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-
-static void
-parse_log_arg(struct action_context *ctx, struct ovnact_log *log)
-{
- if (lexer_match_id(ctx->lexer, "verdict")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- if (lexer_match_id(ctx->lexer, "drop")) {
- log->verdict = LOG_VERDICT_DROP;
- } else if (lexer_match_id(ctx->lexer, "reject")) {
- log->verdict = LOG_VERDICT_REJECT;
- } else if (lexer_match_id(ctx->lexer, "allow")) {
- log->verdict = LOG_VERDICT_ALLOW;
- } else {
- lexer_syntax_error(ctx->lexer, "unknown verdict");
- return;
- }
- } else if (lexer_match_id(ctx->lexer, "name")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- /* If multiple names are given, use the most recent. */
- if (ctx->lexer->token.type == LEX_T_STRING) {
- /* Arbitrarily limit the name length to 64 bytes, since
- * these will be encoded in datapath actions. */
- if (strlen(ctx->lexer->token.s) >= 64) {
- lexer_syntax_error(ctx->lexer, "name must be shorter "
- "than 64 characters");
- return;
- }
- free(log->name);
- log->name = xstrdup(ctx->lexer->token.s);
- } else {
- lexer_syntax_error(ctx->lexer, "expecting string");
- return;
- }
- lexer_get(ctx->lexer);
- } else if (lexer_match_id(ctx->lexer, "severity")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- if (ctx->lexer->token.type == LEX_T_ID) {
- uint8_t severity = log_severity_from_string(ctx->lexer->token.s);
- if (severity != UINT8_MAX) {
- log->severity = severity;
- lexer_get(ctx->lexer);
- return;
- } else {
- lexer_syntax_error(ctx->lexer, "unknown severity");
- return;
- }
- }
- lexer_syntax_error(ctx->lexer, "expecting severity");
- } else if (lexer_match_id(ctx->lexer, "meter")) {
- if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
- return;
- }
- /* If multiple meters are given, use the most recent. */
- if (ctx->lexer->token.type == LEX_T_STRING) {
- free(log->meter);
- log->meter = xstrdup(ctx->lexer->token.s);
- } else {
- lexer_syntax_error(ctx->lexer, "expecting string");
- return;
- }
- lexer_get(ctx->lexer);
- } else {
- lexer_syntax_error(ctx->lexer, NULL);
- }
-}
-
-static void
-parse_LOG(struct action_context *ctx)
-{
- struct ovnact_log *log = ovnact_put_LOG(ctx->ovnacts);
-
- /* Provide default values. */
- log->severity = LOG_SEVERITY_INFO;
- log->verdict = LOG_VERDICT_UNKNOWN;
-
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
- parse_log_arg(ctx, log);
- if (ctx->lexer->error) {
- return;
- }
- lexer_match(ctx->lexer, LEX_T_COMMA);
- }
- }
- if (log->verdict == LOG_VERDICT_UNKNOWN) {
- lexer_syntax_error(ctx->lexer, "expecting verdict");
- }
-}
-
-static void
-format_LOG(const struct ovnact_log *log, struct ds *s)
-{
- ds_put_cstr(s, "log(");
-
- if (log->name) {
- ds_put_format(s, "name=\"%s\", ", log->name);
- }
-
- ds_put_format(s, "verdict=%s, ", log_verdict_to_string(log->verdict));
- ds_put_format(s, "severity=%s", log_severity_to_string(log->severity));
-
- if (log->meter) {
- ds_put_format(s, ", meter=\"%s\"", log->meter);
- }
-
- ds_put_cstr(s, ");");
-}
-
-static void
-encode_LOG(const struct ovnact_log *log,
- const struct ovnact_encode_params *ep, struct ofpbuf *ofpacts)
-{
- uint32_t meter_id = NX_CTLR_NO_METER;
-
- if (log->meter) {
- meter_id = ovn_extend_table_assign_id(ep->meter_table, log->meter,
- ep->lflow_uuid);
- if (meter_id == EXT_TABLE_ID_INVALID) {
- VLOG_WARN("Unable to assign id for log meter: %s", log->meter);
- return;
- }
- }
-
- size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_LOG, false,
- meter_id, ofpacts);
-
- struct log_pin_header *lph = ofpbuf_put_uninit(ofpacts, sizeof *lph);
- lph->verdict = log->verdict;
- lph->severity = log->severity;
-
- if (log->name) {
- int name_len = strlen(log->name);
- ofpbuf_put(ofpacts, log->name, name_len);
- }
-
- encode_finish_controller_op(oc_offset, ofpacts);
-}
-
-static void
-ovnact_log_free(struct ovnact_log *log)
-{
- free(log->name);
- free(log->meter);
-}
-
-static void
-parse_set_meter_action(struct action_context *ctx)
-{
- uint64_t rate = 0;
- uint64_t burst = 0;
-
- lexer_force_match(ctx->lexer, LEX_T_LPAREN); /* Skip '('. */
- if (ctx->lexer->token.type == LEX_T_INTEGER
- && ctx->lexer->token.format == LEX_F_DECIMAL) {
- rate = ntohll(ctx->lexer->token.value.integer);
- }
- lexer_get(ctx->lexer);
- if (lexer_match(ctx->lexer, LEX_T_COMMA)) { /* Skip ','. */
- if (ctx->lexer->token.type == LEX_T_INTEGER
- && ctx->lexer->token.format == LEX_F_DECIMAL) {
- burst = ntohll(ctx->lexer->token.value.integer);
- }
- lexer_get(ctx->lexer);
- }
- lexer_force_match(ctx->lexer, LEX_T_RPAREN); /* Skip ')'. */
-
- if (!rate) {
- lexer_error(ctx->lexer,
- "Rate %"PRId64" for set_meter is not in valid.",
- rate);
- return;
- }
-
- struct ovnact_set_meter *cl = ovnact_put_SET_METER(ctx->ovnacts);
- cl->rate = rate;
- cl->burst = burst;
-}
-
-static void
-format_SET_METER(const struct ovnact_set_meter *cl, struct ds *s)
-{
- if (cl->burst) {
- ds_put_format(s, "set_meter(%"PRId64", %"PRId64");",
- cl->rate, cl->burst);
- } else {
- ds_put_format(s, "set_meter(%"PRId64");", cl->rate);
- }
-}
-
-static void
-encode_SET_METER(const struct ovnact_set_meter *cl,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- uint32_t table_id;
- struct ofpact_meter *om;
-
- /* Use the special "__string:" prefix to indicate that the name
- * describes the meter itself. */
- char *name;
- if (cl->burst) {
- name = xasprintf("__string: kbps burst stats bands=type=drop "
- "rate=%"PRId64" burst_size=%"PRId64"", cl->rate,
- cl->burst);
- } else {
- name = xasprintf("__string: kbps stats bands=type=drop "
- "rate=%"PRId64"", cl->rate);
- }
-
- table_id = ovn_extend_table_assign_id(ep->meter_table, name,
- ep->lflow_uuid);
- free(name);
- if (table_id == EXT_TABLE_ID_INVALID) {
- return;
- }
-
- /* Create an action to set the meter. */
- om = ofpact_put_METER(ofpacts);
- om->meter_id = table_id;
-}
-
-static void
-ovnact_set_meter_free(struct ovnact_set_meter *ct OVS_UNUSED)
-{
-}
-
-static void
-format_OVNFIELD_LOAD(const struct ovnact_load *load , struct ds *s)
-{
- const struct ovn_field *f = ovn_field_from_name(load->dst.symbol->name);
- switch (f->id) {
- case OVN_ICMP4_FRAG_MTU:
- ds_put_format(s, "%s = %u;", f->name,
- ntohs(load->imm.value.be16_int));
- break;
-
- case OVN_FIELD_N_IDS:
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static void
-encode_OVNFIELD_LOAD(const struct ovnact_load *load,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- const struct ovn_field *f = ovn_field_from_name(load->dst.symbol->name);
- switch (f->id) {
- case OVN_ICMP4_FRAG_MTU: {
- size_t oc_offset = encode_start_controller_op(
- ACTION_OPCODE_PUT_ICMP4_FRAG_MTU, true, NX_CTLR_NO_METER,
- ofpacts);
- ofpbuf_put(ofpacts, &load->imm.value.be16_int, sizeof(ovs_be16));
- encode_finish_controller_op(oc_offset, ofpacts);
- break;
- }
- case OVN_FIELD_N_IDS:
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static void
-parse_check_pkt_larger(struct action_context *ctx,
- const struct expr_field *dst,
- struct ovnact_check_pkt_larger *cipl)
-{
- /* Validate that the destination is a 1-bit, modifiable field. */
- char *error = expr_type_check(dst, 1, true);
- if (error) {
- lexer_error(ctx->lexer, "%s", error);
- free(error);
- return;
- }
-
- int pkt_len;
- lexer_get(ctx->lexer); /* Skip check_pkt_len. */
- if (!lexer_force_match(ctx->lexer, LEX_T_LPAREN)
- || !lexer_get_int(ctx->lexer, &pkt_len)
- || !lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- return;
- }
-
- cipl->dst = *dst;
- cipl->pkt_len = pkt_len;
-}
-
-static void
-format_CHECK_PKT_LARGER(const struct ovnact_check_pkt_larger *cipl,
- struct ds *s)
-{
- expr_field_format(&cipl->dst, s);
- ds_put_format(s, " = check_pkt_larger(%d);", cipl->pkt_len);
-}
-
-static void
-encode_CHECK_PKT_LARGER(const struct ovnact_check_pkt_larger *cipl,
- const struct ovnact_encode_params *ep OVS_UNUSED,
- struct ofpbuf *ofpacts)
-{
- struct ofpact_check_pkt_larger *check_pkt_larger =
- ofpact_put_CHECK_PKT_LARGER(ofpacts);
- check_pkt_larger->pkt_len = cipl->pkt_len;
- check_pkt_larger->dst = expr_resolve_field(&cipl->dst);
-}
-
-static void
-ovnact_check_pkt_larger_free(struct ovnact_check_pkt_larger *cipl OVS_UNUSED)
-{
-}
-
-/* Parses an assignment or exchange or put_dhcp_opts action. */
-static void
-parse_set_action(struct action_context *ctx)
-{
- struct expr_field lhs;
- if (!expr_field_parse(ctx->lexer, ctx->pp->symtab, &lhs, &ctx->prereqs)) {
- return;
- }
-
- if (lexer_match(ctx->lexer, LEX_T_EXCHANGE)) {
- parse_assignment_action(ctx, true, &lhs);
- } else if (lexer_match(ctx->lexer, LEX_T_EQUALS)) {
- if (ctx->lexer->token.type != LEX_T_ID) {
- parse_LOAD(ctx, &lhs);
- } else if (!strcmp(ctx->lexer->token.s, "put_dhcp_opts")
- && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- parse_put_dhcp_opts(ctx, &lhs, ovnact_put_PUT_DHCPV4_OPTS(
- ctx->ovnacts));
- } else if (!strcmp(ctx->lexer->token.s, "put_dhcpv6_opts")
- && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- parse_put_dhcp_opts(ctx, &lhs, ovnact_put_PUT_DHCPV6_OPTS(
- ctx->ovnacts));
- } else if (!strcmp(ctx->lexer->token.s, "dns_lookup")
- && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- parse_dns_lookup(ctx, &lhs, ovnact_put_DNS_LOOKUP(ctx->ovnacts));
- } else if (!strcmp(ctx->lexer->token.s, "put_nd_ra_opts")
- && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- parse_put_nd_ra_opts(ctx, &lhs,
- ovnact_put_PUT_ND_RA_OPTS(ctx->ovnacts));
- } else if (!strcmp(ctx->lexer->token.s, "check_pkt_larger")
- && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- parse_check_pkt_larger(ctx, &lhs,
- ovnact_put_CHECK_PKT_LARGER(ctx->ovnacts));
- } else {
- parse_assignment_action(ctx, false, &lhs);
- }
- } else {
- lexer_syntax_error(ctx->lexer, "expecting `=' or `<->'");
- }
-}
-
-static bool
-parse_action(struct action_context *ctx)
-{
- if (ctx->lexer->token.type != LEX_T_ID) {
- lexer_syntax_error(ctx->lexer, NULL);
- return false;
- }
-
- enum lex_type lookahead = lexer_lookahead(ctx->lexer);
- if (lookahead == LEX_T_EQUALS || lookahead == LEX_T_EXCHANGE
- || lookahead == LEX_T_LSQUARE) {
- parse_set_action(ctx);
- } else if (lexer_match_id(ctx->lexer, "next")) {
- parse_NEXT(ctx);
- } else if (lexer_match_id(ctx->lexer, "output")) {
- ovnact_put_OUTPUT(ctx->ovnacts);
- } else if (lexer_match_id(ctx->lexer, "ip.ttl")) {
- parse_DEC_TTL(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_next")) {
- parse_CT_NEXT(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_commit")) {
- parse_CT_COMMIT(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_dnat")) {
- parse_CT_DNAT(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_snat")) {
- parse_CT_SNAT(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_lb")) {
- parse_ct_lb_action(ctx);
- } else if (lexer_match_id(ctx->lexer, "ct_clear")) {
- ovnact_put_CT_CLEAR(ctx->ovnacts);
- } else if (lexer_match_id(ctx->lexer, "clone")) {
- parse_CLONE(ctx);
- } else if (lexer_match_id(ctx->lexer, "arp")) {
- parse_ARP(ctx);
- } else if (lexer_match_id(ctx->lexer, "icmp4")) {
- parse_ICMP4(ctx);
- } else if (lexer_match_id(ctx->lexer, "icmp4_error")) {
- parse_ICMP4_ERROR(ctx);
- } else if (lexer_match_id(ctx->lexer, "icmp6")) {
- parse_ICMP6(ctx);
- } else if (lexer_match_id(ctx->lexer, "igmp")) {
- ovnact_put_IGMP(ctx->ovnacts);
- } else if (lexer_match_id(ctx->lexer, "tcp_reset")) {
- parse_TCP_RESET(ctx);
- } else if (lexer_match_id(ctx->lexer, "nd_na")) {
- parse_ND_NA(ctx);
- } else if (lexer_match_id(ctx->lexer, "nd_na_router")) {
- parse_ND_NA_ROUTER(ctx);
- } else if (lexer_match_id(ctx->lexer, "nd_ns")) {
- parse_ND_NS(ctx);
- } else if (lexer_match_id(ctx->lexer, "get_arp")) {
- parse_get_mac_bind(ctx, 32, ovnact_put_GET_ARP(ctx->ovnacts));
- } else if (lexer_match_id(ctx->lexer, "put_arp")) {
- parse_put_mac_bind(ctx, 32, ovnact_put_PUT_ARP(ctx->ovnacts));
- } else if (lexer_match_id(ctx->lexer, "get_nd")) {
- parse_get_mac_bind(ctx, 128, ovnact_put_GET_ND(ctx->ovnacts));
- } else if (lexer_match_id(ctx->lexer, "put_nd")) {
- parse_put_mac_bind(ctx, 128, ovnact_put_PUT_ND(ctx->ovnacts));
- } else if (lexer_match_id(ctx->lexer, "set_queue")) {
- parse_SET_QUEUE(ctx);
- } else if (lexer_match_id(ctx->lexer, "log")) {
- parse_LOG(ctx);
- } else if (lexer_match_id(ctx->lexer, "set_meter")) {
- parse_set_meter_action(ctx);
- } else if (lexer_match_id(ctx->lexer, "trigger_event")) {
- parse_trigger_event(ctx, ovnact_put_TRIGGER_EVENT(ctx->ovnacts));
- } else {
- lexer_syntax_error(ctx->lexer, "expecting action");
- }
- lexer_force_match(ctx->lexer, LEX_T_SEMICOLON);
- return !ctx->lexer->error;
-}
-
-static void
-parse_actions(struct action_context *ctx, enum lex_type sentinel)
-{
- /* "drop;" by itself is a valid (empty) set of actions, but it can't be
- * combined with other actions because that doesn't make sense. */
- if (ctx->lexer->token.type == LEX_T_ID
- && !strcmp(ctx->lexer->token.s, "drop")
- && lexer_lookahead(ctx->lexer) == LEX_T_SEMICOLON) {
- lexer_get(ctx->lexer); /* Skip "drop". */
- lexer_get(ctx->lexer); /* Skip ";". */
- lexer_force_match(ctx->lexer, sentinel);
- return;
- }
-
- while (!lexer_match(ctx->lexer, sentinel)) {
- if (!parse_action(ctx)) {
- return;
- }
- }
-}
-
-/* Parses OVN actions, in the format described for the "actions" column in the
- * Logical_Flow table in ovn-sb(5), and appends the parsed versions of the
- * actions to 'ovnacts' as "struct ovnact"s. The caller must eventually free
- * the parsed ovnacts with ovnacts_free().
- *
- * 'pp' provides most of the parameters for translation.
- *
- * Some actions add extra requirements (prerequisites) to the flow's match. If
- * so, this function sets '*prereqsp' to the actions' prerequisites; otherwise,
- * it sets '*prereqsp' to NULL. The caller owns '*prereqsp' and must
- * eventually free it.
- *
- * Returns true if successful, false if an error occurred. Upon return,
- * returns true if and only if lexer->error is NULL.
- */
-bool
-ovnacts_parse(struct lexer *lexer, const struct ovnact_parse_params *pp,
- struct ofpbuf *ovnacts, struct expr **prereqsp)
-{
- size_t ovnacts_start = ovnacts->size;
-
- struct action_context ctx = {
- .pp = pp,
- .lexer = lexer,
- .ovnacts = ovnacts,
- .prereqs = NULL,
- };
- if (!lexer->error) {
- parse_actions(&ctx, LEX_T_END);
- }
-
- if (!lexer->error) {
- *prereqsp = ctx.prereqs;
- return true;
- } else {
- ofpbuf_pull(ovnacts, ovnacts_start);
- ovnacts_free(ovnacts->data, ovnacts->size);
- ofpbuf_push_uninit(ovnacts, ovnacts_start);
-
- ovnacts->size = ovnacts_start;
- expr_destroy(ctx.prereqs);
- *prereqsp = NULL;
- return false;
- }
-}
-
-/* Like ovnacts_parse(), but the actions are taken from 's'. */
-char * OVS_WARN_UNUSED_RESULT
-ovnacts_parse_string(const char *s, const struct ovnact_parse_params *pp,
- struct ofpbuf *ofpacts, struct expr **prereqsp)
-{
- struct lexer lexer;
-
- lexer_init(&lexer, s);
- lexer_get(&lexer);
- ovnacts_parse(&lexer, pp, ofpacts, prereqsp);
- char *error = lexer_steal_error(&lexer);
- lexer_destroy(&lexer);
-
- return error;
-}
-
-/* Formatting ovnacts. */
-
-static void
-ovnact_format(const struct ovnact *a, struct ds *s)
-{
- switch (a->type) {
-#define OVNACT(ENUM, STRUCT) \
- case OVNACT_##ENUM: \
- format_##ENUM(ALIGNED_CAST(const struct STRUCT *, a), s); \
- break;
- OVNACTS
-#undef OVNACT
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Appends a string representing the 'ovnacts_len' bytes of ovnacts in
- * 'ovnacts' to 'string'. */
-void
-ovnacts_format(const struct ovnact *ovnacts, size_t ovnacts_len,
- struct ds *string)
-{
- if (!ovnacts_len) {
- ds_put_cstr(string, "drop;");
- } else {
- const struct ovnact *a;
-
- OVNACT_FOR_EACH (a, ovnacts, ovnacts_len) {
- if (a != ovnacts) {
- ds_put_char(string, ' ');
- }
- ovnact_format(a, string);
- }
- }
-}
-
-/* Encoding ovnacts to OpenFlow. */
-
-static void
-ovnact_encode(const struct ovnact *a, const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- switch (a->type) {
-#define OVNACT(ENUM, STRUCT) \
- case OVNACT_##ENUM: \
- encode_##ENUM(ALIGNED_CAST(const struct STRUCT *, a), \
- ep, ofpacts); \
- break;
- OVNACTS
-#undef OVNACT
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Appends ofpacts to 'ofpacts' that represent the actions in the 'ovnacts_len'
- * bytes of actions starting at 'ovnacts'. */
-void
-ovnacts_encode(const struct ovnact *ovnacts, size_t ovnacts_len,
- const struct ovnact_encode_params *ep,
- struct ofpbuf *ofpacts)
-{
- if (ovnacts) {
- const struct ovnact *a;
-
- OVNACT_FOR_EACH (a, ovnacts, ovnacts_len) {
- ovnact_encode(a, ep, ofpacts);
- }
- }
-}
-
-/* Freeing ovnacts. */
-
-static void
-ovnact_free(struct ovnact *a)
-{
- switch (a->type) {
-#define OVNACT(ENUM, STRUCT) \
- case OVNACT_##ENUM: \
- STRUCT##_free(ALIGNED_CAST(struct STRUCT *, a)); \
- break;
- OVNACTS
-#undef OVNACT
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Frees each of the actions in the 'ovnacts_len' bytes of actions starting at
- * 'ovnacts'.
- *
- * Does not call free(ovnacts); the caller must do so if desirable. */
-void
-ovnacts_free(struct ovnact *ovnacts, size_t ovnacts_len)
-{
- if (ovnacts) {
- struct ovnact *a;
-
- OVNACT_FOR_EACH (a, ovnacts, ovnacts_len) {
- ovnact_free(a);
- }
- }
-}
diff --git a/ovn/lib/automake.mk b/ovn/lib/automake.mk
index 7cac67fb6bb..c74430005af 100644
--- a/ovn/lib/automake.mk
+++ b/ovn/lib/automake.mk
@@ -6,23 +6,8 @@ ovn_lib_libovn_la_LDFLAGS = \
ovn_lib_libovn_la_SOURCES = \
ovn/lib/acl-log.c \
ovn/lib/acl-log.h \
- ovn/lib/actions.c \
- ovn/lib/chassis-index.c \
- ovn/lib/chassis-index.h \
- ovn/lib/expr.c \
- ovn/lib/extend-table.h \
- ovn/lib/extend-table.c \
- ovn/lib/ip-mcast-index.c \
- ovn/lib/ip-mcast-index.h \
- ovn/lib/mcast-group-index.c \
- ovn/lib/mcast-group-index.h \
- ovn/lib/lex.c \
- ovn/lib/ovn-l7.h \
ovn/lib/ovn-util.c \
ovn/lib/ovn-util.h \
- ovn/lib/logical-fields.c \
- ovn/lib/inc-proc-eng.c \
- ovn/lib/inc-proc-eng.h
nodist_ovn_lib_libovn_la_SOURCES = \
ovn/lib/ovn-nb-idl.c \
ovn/lib/ovn-nb-idl.h \
diff --git a/ovn/lib/chassis-index.c b/ovn/lib/chassis-index.c
deleted file mode 100644
index 10f70fb4a18..00000000000
--- a/ovn/lib/chassis-index.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/* Copyright (c) 2016, 2017 Red Hat, Inc.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-struct ovsdb_idl_index *
-chassis_index_create(struct ovsdb_idl *idl)
-{
- return ovsdb_idl_index_create1(idl, &sbrec_chassis_col_name);
-}
-
-/* Finds and returns the chassis with the given 'name', or NULL if no such
- * chassis exists. */
-const struct sbrec_chassis *
-chassis_lookup_by_name(struct ovsdb_idl_index *sbrec_chassis_by_name,
- const char *name)
-{
- struct sbrec_chassis *target = sbrec_chassis_index_init_row(
- sbrec_chassis_by_name);
- sbrec_chassis_index_set_name(target, name);
-
- struct sbrec_chassis *retval = sbrec_chassis_index_find(
- sbrec_chassis_by_name, target);
-
- sbrec_chassis_index_destroy_row(target);
-
- return retval;
-}
-
-struct ovsdb_idl_index *
-ha_chassis_group_index_create(struct ovsdb_idl *idl)
-{
- return ovsdb_idl_index_create1(idl, &sbrec_ha_chassis_group_col_name);
-}
-
-/* Finds and returns the HA chassis group with the given 'name', or NULL
- * if no such HA chassis group exists. */
-const struct sbrec_ha_chassis_group *
-ha_chassis_group_lookup_by_name(
- struct ovsdb_idl_index *sbrec_ha_chassis_grp_by_name,
- const char *name)
-{
- struct sbrec_ha_chassis_group *target =
- sbrec_ha_chassis_group_index_init_row(sbrec_ha_chassis_grp_by_name);
- sbrec_ha_chassis_group_index_set_name(target, name);
-
- struct sbrec_ha_chassis_group *retval =
- sbrec_ha_chassis_group_index_find(sbrec_ha_chassis_grp_by_name,
- target);
-
- sbrec_ha_chassis_group_index_destroy_row(target);
-
- return retval;
-}
diff --git a/ovn/lib/chassis-index.h b/ovn/lib/chassis-index.h
deleted file mode 100644
index 9bc610ad2f7..00000000000
--- a/ovn/lib/chassis-index.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Copyright (c) 2017, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_CHASSIS_INDEX_H
-#define OVN_CHASSIS_INDEX_H 1
-
-struct ovsdb_idl;
-
-struct ovsdb_idl_index *chassis_index_create(struct ovsdb_idl *);
-
-const struct sbrec_chassis *chassis_lookup_by_name(
- struct ovsdb_idl_index *sbrec_chassis_by_name, const char *name);
-
-struct ovsdb_idl_index *ha_chassis_group_index_create(struct ovsdb_idl *idl);
-const struct sbrec_ha_chassis_group *ha_chassis_group_lookup_by_name(
- struct ovsdb_idl_index *sbrec_ha_chassis_grp_by_name, const char *name);
-
-#endif /* ovn/lib/chassis-index.h */
diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c
deleted file mode 100644
index e4c650f7c2a..00000000000
--- a/ovn/lib/expr.c
+++ /dev/null
@@ -1,3450 +0,0 @@
-/*
- * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include "byte-order.h"
-#include "openvswitch/json.h"
-#include "nx-match.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/match.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/vlog.h"
-#include "openvswitch/shash.h"
-#include "ovn/expr.h"
-#include "ovn/lex.h"
-#include "ovn/logical-fields.h"
-#include "simap.h"
-#include "sset.h"
-#include "util.h"
-
-VLOG_DEFINE_THIS_MODULE(expr);
-
-static struct expr *parse_and_annotate(const char *s,
- const struct shash *symtab,
- struct ovs_list *nesting,
- char **errorp);
-
-/* Returns the name of measurement level 'level'. */
-const char *
-expr_level_to_string(enum expr_level level)
-{
- switch (level) {
- case EXPR_L_NOMINAL: return "nominal";
- case EXPR_L_BOOLEAN: return "Boolean";
- case EXPR_L_ORDINAL: return "ordinal";
- default: OVS_NOT_REACHED();
- }
-}
-
-/* Relational operators. */
-
-/* Returns a string form of relational operator 'relop'. */
-const char *
-expr_relop_to_string(enum expr_relop relop)
-{
- switch (relop) {
- case EXPR_R_EQ: return "==";
- case EXPR_R_NE: return "!=";
- case EXPR_R_LT: return "<";
- case EXPR_R_LE: return "<=";
- case EXPR_R_GT: return ">";
- case EXPR_R_GE: return ">=";
- default: OVS_NOT_REACHED();
- }
-}
-
-bool
-expr_relop_from_token(enum lex_type type, enum expr_relop *relop)
-{
- enum expr_relop r;
-
- switch ((int) type) {
- case LEX_T_EQ: r = EXPR_R_EQ; break;
- case LEX_T_NE: r = EXPR_R_NE; break;
- case LEX_T_LT: r = EXPR_R_LT; break;
- case LEX_T_LE: r = EXPR_R_LE; break;
- case LEX_T_GT: r = EXPR_R_GT; break;
- case LEX_T_GE: r = EXPR_R_GE; break;
- default: return false;
- }
-
- if (relop) {
- *relop = r;
- }
- return true;
-}
-
-/* Returns the relational operator that 'relop' becomes if you turn the
- * relation's operands around, e.g. EXPR_R_EQ does not change because "a == b"
- * and "b == a" are equivalent, but EXPR_R_LE becomes EXPR_R_GE because "a <=
- * b" is equivalent to "b >= a". */
-static enum expr_relop
-expr_relop_turn(enum expr_relop relop)
-{
- switch (relop) {
- case EXPR_R_EQ: return EXPR_R_EQ;
- case EXPR_R_NE: return EXPR_R_NE;
- case EXPR_R_LT: return EXPR_R_GT;
- case EXPR_R_LE: return EXPR_R_GE;
- case EXPR_R_GT: return EXPR_R_LT;
- case EXPR_R_GE: return EXPR_R_LE;
- default: OVS_NOT_REACHED();
- }
-}
-
-/* Returns the relational operator that is the opposite of 'relop'. */
-static enum expr_relop
-expr_relop_invert(enum expr_relop relop)
-{
- switch (relop) {
- case EXPR_R_EQ: return EXPR_R_NE;
- case EXPR_R_NE: return EXPR_R_EQ;
- case EXPR_R_LT: return EXPR_R_GE;
- case EXPR_R_LE: return EXPR_R_GT;
- case EXPR_R_GT: return EXPR_R_LE;
- case EXPR_R_GE: return EXPR_R_LT;
- default: OVS_NOT_REACHED();
- }
-}
-
-/* Checks whether 'relop' is true for strcmp()-like 3-way comparison result
- * 'cmp'. */
-static bool
-expr_relop_test(enum expr_relop relop, int cmp)
-{
- switch (relop) {
- case EXPR_R_EQ: return cmp == 0;
- case EXPR_R_NE: return cmp != 0;
- case EXPR_R_LT: return cmp < 0;
- case EXPR_R_LE: return cmp <= 0;
- case EXPR_R_GT: return cmp > 0;
- case EXPR_R_GE: return cmp >= 0;
- default: OVS_NOT_REACHED();
- }
-}
-
-/* Constructing and manipulating expressions. */
-
-/* Creates and returns a logical AND or OR expression (according to 'type',
- * which must be EXPR_T_AND or EXPR_T_OR) that initially has no
- * sub-expressions. (To satisfy the invariants for expressions, the caller
- * must add at least two sub-expressions whose types are different from
- * 'type'.) */
-struct expr *
-expr_create_andor(enum expr_type type)
-{
- struct expr *e = xmalloc(sizeof *e);
- e->type = type;
- ovs_list_init(&e->andor);
- return e;
-}
-
-/* Returns a logical AND or OR expression (according to 'type', which must be
- * EXPR_T_AND or EXPR_T_OR) whose sub-expressions are 'a' and 'b', with some
- * flexibility:
- *
- * - If 'a' or 'b' is NULL, just returns the other one (which means that if
- * that other one is not of the given 'type', then the returned
- * expression is not either).
- *
- * - If 'a' or 'b', or both, have type 'type', then they are combined into
- * a single node that satisfies the invariants for expressions. */
-struct expr *
-expr_combine(enum expr_type type, struct expr *a, struct expr *b)
-{
- if (!a) {
- return b;
- } else if (!b) {
- return a;
- } else if (a->type == type) {
- if (b->type == type) {
- ovs_list_splice(&a->andor, b->andor.next, &b->andor);
- free(b);
- } else {
- ovs_list_push_back(&a->andor, &b->node);
- }
- return a;
- } else if (b->type == type) {
- ovs_list_push_front(&b->andor, &a->node);
- return b;
- } else {
- struct expr *e = expr_create_andor(type);
- ovs_list_push_back(&e->andor, &a->node);
- ovs_list_push_back(&e->andor, &b->node);
- return e;
- }
-}
-
-static void
-expr_insert_andor(struct expr *andor, struct expr *before, struct expr *new)
-{
- if (new->type == andor->type) {
- if (andor->type == EXPR_T_AND) {
- /* Conjunction junction, what's your function? */
- }
- ovs_list_splice(&before->node, new->andor.next, &new->andor);
- free(new);
- } else {
- ovs_list_insert(&before->node, &new->node);
- }
-}
-
-/* Returns an EXPR_T_BOOLEAN expression with value 'b'. */
-struct expr *
-expr_create_boolean(bool b)
-{
- struct expr *e = xmalloc(sizeof *e);
- e->type = EXPR_T_BOOLEAN;
- e->boolean = b;
- return e;
-}
-
-static void
-expr_not(struct expr *expr)
-{
- struct expr *sub;
-
- switch (expr->type) {
- case EXPR_T_CMP:
- expr->cmp.relop = expr_relop_invert(expr->cmp.relop);
- break;
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- LIST_FOR_EACH (sub, node, &expr->andor) {
- expr_not(sub);
- }
- expr->type = expr->type == EXPR_T_AND ? EXPR_T_OR : EXPR_T_AND;
- break;
-
- case EXPR_T_BOOLEAN:
- expr->boolean = !expr->boolean;
- break;
-
- case EXPR_T_CONDITION:
- expr->cond.not = !expr->cond.not;
- break;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static struct expr *
-expr_fix_andor(struct expr *expr, bool short_circuit)
-{
- struct expr *sub, *next;
-
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- if (sub->type == EXPR_T_BOOLEAN) {
- if (sub->boolean == short_circuit) {
- expr_destroy(expr);
- return expr_create_boolean(short_circuit);
- } else {
- ovs_list_remove(&sub->node);
- expr_destroy(sub);
- }
- }
- }
-
- if (ovs_list_is_short(&expr->andor)) {
- if (ovs_list_is_empty(&expr->andor)) {
- free(expr);
- return expr_create_boolean(!short_circuit);
- } else {
- sub = expr_from_node(ovs_list_front(&expr->andor));
- free(expr);
- return sub;
- }
- } else {
- return expr;
- }
-}
-
-/* Returns 'expr' modified so that top-level oddities are fixed up:
- *
- * - Eliminates any EXPR_T_BOOLEAN operands at the top level.
- *
- * - Replaces one-operand EXPR_T_AND or EXPR_T_OR by its subexpression. */
-static struct expr *
-expr_fix(struct expr *expr)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return expr;
-
- case EXPR_T_AND:
- return expr_fix_andor(expr, false);
-
- case EXPR_T_OR:
- return expr_fix_andor(expr, true);
-
- case EXPR_T_BOOLEAN:
- return expr;
-
- case EXPR_T_CONDITION:
- return expr;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Formatting. */
-
-/* Searches bits [0,width) in 'sv' for a contiguous sequence of 1-bits. If one
- * such sequence exists, stores the index of the first 1-bit into '*startp' and
- * the number of 1-bits into '*n_bitsp'. Stores 0 into both variables if no
- * such sequence, or more than one, exists. */
-static void
-find_bitwise_range(const union mf_subvalue *sv, int width,
- int *startp, int *n_bitsp)
-{
- unsigned int start = bitwise_scan(sv, sizeof *sv, true, 0, width);
- if (start < width) {
- unsigned int end = bitwise_scan(sv, sizeof *sv, false, start, width);
- if (end >= width
- || bitwise_scan(sv, sizeof *sv, true, end, width) >= width) {
- *startp = start;
- *n_bitsp = end - start;
- return;
- }
- }
- *startp = *n_bitsp = 0;
-}
-
-static void
-expr_format_cmp(const struct expr *e, struct ds *s)
-{
- /* The common case is numerical comparisons.
- * Handle string comparisons as a special case. */
- if (!e->cmp.symbol->width) {
- ds_put_format(s, "%s %s ", e->cmp.symbol->name,
- expr_relop_to_string(e->cmp.relop));
- json_string_escape(e->cmp.string, s);
- return;
- }
-
- int ofs, n;
- find_bitwise_range(&e->cmp.mask, e->cmp.symbol->width, &ofs, &n);
- if (n == 1 && (e->cmp.relop == EXPR_R_EQ || e->cmp.relop == EXPR_R_NE)) {
- bool positive;
-
- positive = bitwise_get_bit(&e->cmp.value, sizeof e->cmp.value, ofs);
- positive ^= e->cmp.relop == EXPR_R_NE;
- if (!positive) {
- ds_put_char(s, '!');
- }
- ds_put_cstr(s, e->cmp.symbol->name);
- if (e->cmp.symbol->width > 1) {
- ds_put_format(s, "[%d]", ofs);
- }
- return;
- }
-
- ds_put_cstr(s, e->cmp.symbol->name);
- if (n > 0 && n < e->cmp.symbol->width) {
- if (n > 1) {
- ds_put_format(s, "[%d..%d]", ofs, ofs + n - 1);
- } else {
- ds_put_format(s, "[%d]", ofs);
- }
- }
-
- ds_put_format(s, " %s ", expr_relop_to_string(e->cmp.relop));
-
- if (n) {
- union mf_subvalue value;
-
- memset(&value, 0, sizeof value);
- bitwise_copy(&e->cmp.value, sizeof e->cmp.value, ofs,
- &value, sizeof value, 0,
- n);
- mf_format_subvalue(&value, s);
- } else {
- mf_format_subvalue(&e->cmp.value, s);
- ds_put_char(s, '/');
- mf_format_subvalue(&e->cmp.mask, s);
- }
-}
-
-static void
-expr_format_andor(const struct expr *e, const char *op, struct ds *s)
-{
- struct expr *sub;
- int i = 0;
-
- LIST_FOR_EACH (sub, node, &e->andor) {
- if (i++) {
- ds_put_format(s, " %s ", op);
- }
-
- if (sub->type == EXPR_T_AND || sub->type == EXPR_T_OR) {
- ds_put_char(s, '(');
- expr_format(sub, s);
- ds_put_char(s, ')');
- } else {
- expr_format(sub, s);
- }
- }
-}
-
-static void
-expr_format_condition(const struct expr *e, struct ds *s)
-{
- if (e->cond.not) {
- ds_put_char(s, '!');
- }
- switch (e->cond.type) {
- case EXPR_COND_CHASSIS_RESIDENT:
- ds_put_format(s, "is_chassis_resident(");
- json_string_escape(e->cond.string, s);
- ds_put_char(s, ')');
- break;
- }
-}
-
-/* Appends a string form of 'e' to 's'. The string form is acceptable for
- * parsing back into an equivalent expression. */
-void
-expr_format(const struct expr *e, struct ds *s)
-{
- switch (e->type) {
- case EXPR_T_CMP:
- expr_format_cmp(e, s);
- break;
-
- case EXPR_T_AND:
- expr_format_andor(e, "&&", s);
- break;
-
- case EXPR_T_OR:
- expr_format_andor(e, "||", s);
- break;
-
- case EXPR_T_BOOLEAN:
- ds_put_char(s, e->boolean ? '1' : '0');
- break;
-
- case EXPR_T_CONDITION:
- expr_format_condition(e, s);
- break;
- }
-}
-
-/* Prints a string form of 'e' on stdout, followed by a new-line. */
-void
-expr_print(const struct expr *e)
-{
- struct ds output;
-
- ds_init(&output);
- expr_format(e, &output);
- puts(ds_cstr(&output));
- ds_destroy(&output);
-}
-
-/* Parsing. */
-
-#define MAX_PAREN_DEPTH 100
-
-/* Context maintained during expr_parse(). */
-struct expr_context {
- struct lexer *lexer; /* Lexer for pulling more tokens. */
- const struct shash *symtab; /* Symbol table. */
- const struct shash *addr_sets; /* Address set table. */
- const struct shash *port_groups; /* Port group table. */
- struct sset *addr_sets_ref; /* The set of address set referenced. */
- bool not; /* True inside odd number of NOT operators. */
- unsigned int paren_depth; /* Depth of nested parentheses. */
-};
-
-struct expr *expr_parse__(struct expr_context *);
-static void expr_not(struct expr *);
-static bool parse_field(struct expr_context *, struct expr_field *);
-
-static struct expr *
-make_cmp__(const struct expr_field *f, enum expr_relop r,
- const union expr_constant *c)
-{
- struct expr *e = xzalloc(sizeof *e);
- e->type = EXPR_T_CMP;
- e->cmp.symbol = f->symbol;
- e->cmp.relop = r;
- if (f->symbol->width) {
- bitwise_copy(&c->value, sizeof c->value, 0,
- &e->cmp.value, sizeof e->cmp.value, f->ofs,
- f->n_bits);
- if (c->masked) {
- bitwise_copy(&c->mask, sizeof c->mask, 0,
- &e->cmp.mask, sizeof e->cmp.mask, f->ofs,
- f->n_bits);
- } else {
- bitwise_one(&e->cmp.mask, sizeof e->cmp.mask, f->ofs,
- f->n_bits);
- }
- } else {
- e->cmp.string = xstrdup(c->string);
- }
- return e;
-}
-
-/* Returns the minimum reasonable width for integer constant 'c'. */
-static int
-expr_constant_width(const union expr_constant *c)
-{
- if (c->masked) {
- return mf_subvalue_width(&c->mask);
- }
-
- switch (c->format) {
- case LEX_F_DECIMAL:
- case LEX_F_HEXADECIMAL:
- return mf_subvalue_width(&c->value);
-
- case LEX_F_IPV4:
- return 32;
-
- case LEX_F_IPV6:
- return 128;
-
- case LEX_F_ETHERNET:
- return 48;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static bool
-type_check(struct expr_context *ctx, const struct expr_field *f,
- struct expr_constant_set *cs)
-{
- if (cs->type != (f->symbol->width ? EXPR_C_INTEGER : EXPR_C_STRING)) {
- lexer_error(ctx->lexer,
- "%s field %s is not compatible with %s constant.",
- f->symbol->width ? "Integer" : "String",
- f->symbol->name,
- cs->type == EXPR_C_INTEGER ? "integer" : "string");
- return false;
- }
-
- if (f->symbol->width) {
- for (size_t i = 0; i < cs->n_values; i++) {
- int w = expr_constant_width(&cs->values[i]);
- if (w > f->symbol->width) {
- lexer_error(ctx->lexer,
- "%d-bit constant is not compatible with %d-bit "
- "field %s.", w, f->symbol->width, f->symbol->name);
- return false;
- }
- }
- }
-
- return true;
-}
-
-static struct expr *
-make_cmp(struct expr_context *ctx,
- const struct expr_field *f, enum expr_relop r,
- struct expr_constant_set *cs)
-{
- struct expr *e = NULL;
-
- if (!type_check(ctx, f, cs)) {
- goto exit;
- }
-
- if (r != EXPR_R_EQ && r != EXPR_R_NE) {
- if (cs->in_curlies) {
- lexer_error(ctx->lexer, "Only == and != operators may be used "
- "with value sets.");
- goto exit;
- }
- if (f->symbol->level == EXPR_L_NOMINAL ||
- f->symbol->level == EXPR_L_BOOLEAN) {
- lexer_error(ctx->lexer, "Only == and != operators may be used "
- "with %s field %s.",
- expr_level_to_string(f->symbol->level),
- f->symbol->name);
- goto exit;
- }
- if (!cs->n_values) {
- lexer_error(ctx->lexer, "Only == and != operators may be used "
- "to compare a field against an empty value set.");
- goto exit;
- }
- if (cs->values[0].masked) {
- lexer_error(ctx->lexer, "Only == and != operators may be used "
- "with masked constants. Consider using subfields "
- "instead (e.g. eth.src[0..15] > 0x1111 in place of "
- "eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff).");
- goto exit;
- }
- }
-
- if (f->symbol->level == EXPR_L_NOMINAL) {
- if (f->symbol->predicate) {
- ovs_assert(f->symbol->width > 0);
- for (size_t i = 0; i < cs->n_values; i++) {
- const union mf_subvalue *value = &cs->values[i].value;
- bool positive = (value->integer & htonll(1)) != 0;
- positive ^= r == EXPR_R_NE;
- positive ^= ctx->not;
- if (!positive) {
- const char *name = f->symbol->name;
- lexer_error(ctx->lexer,
- "Nominal predicate %s may only be tested "
- "positively, e.g. `%s' or `%s == 1' but not "
- "`!%s' or `%s == 0'.",
- name, name, name, name, name);
- goto exit;
- }
- }
- } else if (r != (ctx->not ? EXPR_R_NE : EXPR_R_EQ)) {
- lexer_error(ctx->lexer, "Nominal field %s may only be tested for "
- "equality (taking enclosing `!' operators into "
- "account).", f->symbol->name);
- goto exit;
- }
- }
-
- if (!cs->n_values) {
- e = expr_create_boolean(r == EXPR_R_NE);
- goto exit;
- }
- e = make_cmp__(f, r, &cs->values[0]);
- for (size_t i = 1; i < cs->n_values; i++) {
- e = expr_combine(r == EXPR_R_EQ ? EXPR_T_OR : EXPR_T_AND,
- e, make_cmp__(f, r, &cs->values[i]));
- }
-exit:
- expr_constant_set_destroy(cs);
- return e;
-}
-
-static bool
-parse_field(struct expr_context *ctx, struct expr_field *f)
-{
- const struct expr_symbol *symbol;
-
- if (ctx->lexer->token.type != LEX_T_ID) {
- lexer_syntax_error(ctx->lexer, "expecting field name");
- return false;
- }
-
- symbol = shash_find_data(ctx->symtab, ctx->lexer->token.s);
- if (!symbol) {
- lexer_syntax_error(ctx->lexer, "expecting field name");
- return false;
- }
- lexer_get(ctx->lexer);
-
- f->symbol = symbol;
- if (lexer_match(ctx->lexer, LEX_T_LSQUARE)) {
- int low, high;
-
- if (!symbol->width) {
- lexer_error(ctx->lexer,
- "Cannot select subfield of string field %s.",
- symbol->name);
- return false;
- }
-
- if (!lexer_force_int(ctx->lexer, &low)) {
- return false;
- }
- if (lexer_match(ctx->lexer, LEX_T_ELLIPSIS)) {
- if (!lexer_force_int(ctx->lexer, &high)) {
- return false;
- }
- } else {
- high = low;
- }
-
- if (!lexer_force_match(ctx->lexer, LEX_T_RSQUARE)) {
- return false;
- }
-
- if (low > high) {
- lexer_error(ctx->lexer, "Invalid bit range %d to %d.", low, high);
- return false;
- } else if (high >= symbol->width) {
- lexer_error(ctx->lexer,
- "Cannot select bits %d to %d of %d-bit field %s.",
- low, high, symbol->width, symbol->name);
- return false;
- } else if (symbol->level == EXPR_L_NOMINAL
- && (low != 0 || high != symbol->width - 1)) {
- lexer_error(ctx->lexer,
- "Cannot select subfield of nominal field %s.",
- symbol->name);
- return false;
- }
-
- f->ofs = low;
- f->n_bits = high - low + 1;
- } else {
- f->ofs = 0;
- f->n_bits = symbol->width;
- }
-
- return true;
-}
-
-static bool
-parse_relop(struct expr_context *ctx, enum expr_relop *relop)
-{
- if (expr_relop_from_token(ctx->lexer->token.type, relop)) {
- lexer_get(ctx->lexer);
- return true;
- } else {
- lexer_syntax_error(ctx->lexer, "expecting relational operator");
- return false;
- }
-}
-
-static bool
-assign_constant_set_type(struct expr_context *ctx,
- struct expr_constant_set *cs,
- enum expr_constant_type type)
-{
- if (!cs->n_values || cs->type == type) {
- cs->type = type;
- return true;
- } else {
- lexer_syntax_error(ctx->lexer, "expecting %s",
- cs->type == EXPR_C_INTEGER ? "integer" : "string");
- return false;
- }
-}
-
-static bool
-parse_addr_sets(struct expr_context *ctx, struct expr_constant_set *cs,
- size_t *allocated_values)
-{
- if (ctx->addr_sets_ref) {
- sset_add(ctx->addr_sets_ref, ctx->lexer->token.s);
- }
-
- struct expr_constant_set *addr_sets
- = (ctx->addr_sets
- ? shash_find_data(ctx->addr_sets, ctx->lexer->token.s)
- : NULL);
- if (!addr_sets) {
- lexer_syntax_error(ctx->lexer, "expecting address set name");
- return false;
- }
-
- if (!assign_constant_set_type(ctx, cs, EXPR_C_INTEGER)) {
- return false;
- }
-
- size_t n_values = cs->n_values + addr_sets->n_values;
- if (n_values >= *allocated_values) {
- cs->values = xrealloc(cs->values, n_values * sizeof *cs->values);
- *allocated_values = n_values;
- }
- for (size_t i = 0; i < addr_sets->n_values; i++) {
- cs->values[cs->n_values++] = addr_sets->values[i];
- }
-
- return true;
-}
-
-static bool
-parse_port_group(struct expr_context *ctx, struct expr_constant_set *cs,
- size_t *allocated_values)
-{
- struct expr_constant_set *port_group
- = (ctx->port_groups
- ? shash_find_data(ctx->port_groups, ctx->lexer->token.s)
- : NULL);
- if (!port_group) {
- lexer_syntax_error(ctx->lexer, "expecting port group name");
- return false;
- }
-
- if (!assign_constant_set_type(ctx, cs, EXPR_C_STRING)) {
- return false;
- }
-
- size_t n_values = cs->n_values + port_group->n_values;
- if (n_values >= *allocated_values) {
- cs->values = xrealloc(cs->values, n_values * sizeof *cs->values);
- *allocated_values = n_values;
- }
- for (size_t i = 0; i < port_group->n_values; i++) {
- cs->values[cs->n_values++].string =
- xstrdup(port_group->values[i].string);
- }
-
- return true;
-}
-
-static bool
-parse_constant(struct expr_context *ctx, struct expr_constant_set *cs,
- size_t *allocated_values)
-{
- if (cs->n_values >= *allocated_values) {
- cs->values = x2nrealloc(cs->values, allocated_values,
- sizeof *cs->values);
- }
-
- if (ctx->lexer->token.type == LEX_T_STRING) {
- if (!assign_constant_set_type(ctx, cs, EXPR_C_STRING)) {
- return false;
- }
- cs->values[cs->n_values++].string = xstrdup(ctx->lexer->token.s);
- lexer_get(ctx->lexer);
- return true;
- } else if (ctx->lexer->token.type == LEX_T_INTEGER ||
- ctx->lexer->token.type == LEX_T_MASKED_INTEGER) {
- if (!assign_constant_set_type(ctx, cs, EXPR_C_INTEGER)) {
- return false;
- }
-
- union expr_constant *c = &cs->values[cs->n_values++];
- c->value = ctx->lexer->token.value;
- c->format = ctx->lexer->token.format;
- c->masked = ctx->lexer->token.type == LEX_T_MASKED_INTEGER;
- if (c->masked) {
- c->mask = ctx->lexer->token.mask;
- }
- lexer_get(ctx->lexer);
- return true;
- } else if (ctx->lexer->token.type == LEX_T_MACRO) {
- if (!parse_addr_sets(ctx, cs, allocated_values)) {
- return false;
- }
- lexer_get(ctx->lexer);
- return true;
- } else if (ctx->lexer->token.type == LEX_T_PORT_GROUP) {
- if (!parse_port_group(ctx, cs, allocated_values)) {
- return false;
- }
- lexer_get(ctx->lexer);
- return true;
- } else {
- lexer_syntax_error(ctx->lexer, "expecting constant");
- return false;
- }
-}
-
-/* Parses a single or {}-enclosed set of integer or string constants into 'cs',
- * which the caller need not have initialized. Returns true on success, in
- * which case the caller owns 'cs', false on failure, in which case 'cs' is
- * indeterminate. */
-static bool
-parse_constant_set(struct expr_context *ctx, struct expr_constant_set *cs)
-{
- size_t allocated_values = 0;
- bool ok;
-
- memset(cs, 0, sizeof *cs);
- if (lexer_match(ctx->lexer, LEX_T_LCURLY)) {
- ok = true;
- cs->in_curlies = true;
- do {
- if (!parse_constant(ctx, cs, &allocated_values)) {
- ok = false;
- break;
- }
- lexer_match(ctx->lexer, LEX_T_COMMA);
- } while (!lexer_match(ctx->lexer, LEX_T_RCURLY));
- } else {
- ok = parse_constant(ctx, cs, &allocated_values);
- }
- if (!ok) {
- expr_constant_set_destroy(cs);
- }
- return ok;
-}
-
-/* Parses from 'lexer' a single integer or string constant compatible with the
- * type of 'f' into 'c'.
- *
- * Returns true if successful, false if an error occurred. Upon return,
- * returns true if and only if lexer->error is NULL. On failure, 'c' is
- * indeterminate. */
-bool
-expr_constant_parse(struct lexer *lexer, const struct expr_field *f,
- union expr_constant *c)
-{
- if (lexer->error) {
- return false;
- }
-
- struct expr_context ctx = { .lexer = lexer };
-
- struct expr_constant_set cs;
- memset(&cs, 0, sizeof cs);
- size_t allocated_values = 0;
- if (parse_constant(&ctx, &cs, &allocated_values)
- && type_check(&ctx, f, &cs)) {
- *c = cs.values[0];
- cs.n_values = 0;
- }
- expr_constant_set_destroy(&cs);
-
- return !lexer->error;
-}
-
-/* Appends to 's' a re-parseable representation of constant 'c' with the given
- * 'type'. */
-void
-expr_constant_format(const union expr_constant *c,
- enum expr_constant_type type, struct ds *s)
-{
- if (type == EXPR_C_STRING) {
- json_string_escape(c->string, s);
- } else {
- struct lex_token token;
- token.type = c->masked ? LEX_T_MASKED_INTEGER : LEX_T_INTEGER;
- token.s = NULL;
- token.format = c->format;
- token.value = c->value;
- if (c->masked) {
- token.mask = c->mask;
- }
-
- lex_token_format(&token, s);
- }
-}
-
-/* Frees the contents of 'c', which has the specified 'type'.
- *
- * Does not free(c). */
-void
-expr_constant_destroy(const union expr_constant *c,
- enum expr_constant_type type)
-{
- if (c && type == EXPR_C_STRING) {
- free(c->string);
- }
-}
-
-/* Parses from 'lexer' a single or {}-enclosed set of at least one integer or
- * string constants into 'cs', which the caller need not have initialized.
- *
- * Returns true if successful, false if an error occurred. Upon return,
- * returns true if and only if lexer->error is NULL. On failure, 'cs' is
- * indeterminate. */
-bool
-expr_constant_set_parse(struct lexer *lexer, struct expr_constant_set *cs)
-{
- if (!lexer->error) {
- struct expr_context ctx = { .lexer = lexer };
- parse_constant_set(&ctx, cs);
- }
- return !lexer->error;
-}
-
-/* Appends to 's' a re-parseable representation of 'cs'. */
-void
-expr_constant_set_format(const struct expr_constant_set *cs, struct ds *s)
-{
- bool curlies = cs->in_curlies || cs->n_values != 1;
- if (curlies) {
- ds_put_char(s, '{');
- }
-
- for (const union expr_constant *c = cs->values;
- c < &cs->values[cs->n_values]; c++) {
- if (c != cs->values) {
- ds_put_cstr(s, ", ");
- }
-
- expr_constant_format(c, cs->type, s);
- }
-
- if (curlies) {
- ds_put_char(s, '}');
- }
-}
-
-void
-expr_constant_set_destroy(struct expr_constant_set *cs)
-{
- if (cs) {
- if (cs->type == EXPR_C_STRING) {
- for (size_t i = 0; i < cs->n_values; i++) {
- free(cs->values[i].string);
- }
- }
- free(cs->values);
- }
-}
-
-/* Adds an constant set named 'name' to 'const_sets', replacing any existing
- * constant set entry with the given name. */
-void
-expr_const_sets_add(struct shash *const_sets, const char *name,
- const char *const *values, size_t n_values,
- bool convert_to_integer)
-{
- /* Replace any existing entry for this name. */
- expr_const_sets_remove(const_sets, name);
-
- struct expr_constant_set *cs = xzalloc(sizeof *cs);
- cs->in_curlies = true;
- cs->n_values = 0;
- cs->values = xmalloc(n_values * sizeof *cs->values);
- if (convert_to_integer) {
- cs->type = EXPR_C_INTEGER;
- for (size_t i = 0; i < n_values; i++) {
- /* Use the lexer to convert each constant set into the proper
- * integer format. */
- struct lexer lex;
- lexer_init(&lex, values[i]);
- lexer_get(&lex);
- if (lex.token.type != LEX_T_INTEGER
- && lex.token.type != LEX_T_MASKED_INTEGER) {
- VLOG_WARN("Invalid constant set entry: '%s', token type: %d",
- values[i], lex.token.type);
- } else {
- union expr_constant *c = &cs->values[cs->n_values++];
- c->value = lex.token.value;
- c->format = lex.token.format;
- c->masked = lex.token.type == LEX_T_MASKED_INTEGER;
- if (c->masked) {
- c->mask = lex.token.mask;
- }
- }
- lexer_destroy(&lex);
- }
- } else {
- cs->type = EXPR_C_STRING;
- for (size_t i = 0; i < n_values; i++) {
- union expr_constant *c = &cs->values[cs->n_values++];
- c->string = xstrdup(values[i]);
- }
- }
-
- shash_add(const_sets, name, cs);
-}
-
-void
-expr_const_sets_remove(struct shash *const_sets, const char *name)
-{
- struct expr_constant_set *cs = shash_find_and_delete(const_sets, name);
- if (cs) {
- expr_constant_set_destroy(cs);
- free(cs);
- }
-}
-
-/* Destroy all contents of 'const_sets'. */
-void
-expr_const_sets_destroy(struct shash *const_sets)
-{
- struct shash_node *node, *next;
-
- SHASH_FOR_EACH_SAFE (node, next, const_sets) {
- struct expr_constant_set *cs = node->data;
-
- shash_delete(const_sets, node);
- expr_constant_set_destroy(cs);
- free(cs);
- }
-}
-
-static struct expr *
-parse_chassis_resident(struct expr_context *ctx)
-{
- if (ctx->lexer->token.type != LEX_T_STRING) {
- lexer_syntax_error(ctx->lexer, "expecting string");
- return NULL;
- }
-
- struct expr *e = xzalloc(sizeof *e);
- e->type = EXPR_T_CONDITION;
- e->cond.type = EXPR_COND_CHASSIS_RESIDENT;
- e->cond.not = false;
- e->cond.string = xstrdup(ctx->lexer->token.s);
-
- lexer_get(ctx->lexer);
- if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- expr_destroy(e);
- return NULL;
- }
-
- return e;
-}
-
-static struct expr *
-expr_parse_primary(struct expr_context *ctx, bool *atomic)
-{
- *atomic = false;
- if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
- if (ctx->paren_depth >= MAX_PAREN_DEPTH) {
- lexer_error(ctx->lexer, "Parentheses nested too deeply.");
- return NULL;
- }
-
- ctx->paren_depth++;
- struct expr *e = expr_parse__(ctx);
- ctx->paren_depth--;
-
- if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
- expr_destroy(e);
- return NULL;
- }
- *atomic = true;
- return e;
- }
-
- if (ctx->lexer->token.type == LEX_T_ID) {
- struct expr_field f;
- enum expr_relop r;
- struct expr_constant_set c;
-
- if (lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
- if (lexer_match_id(ctx->lexer, "is_chassis_resident")) {
- lexer_get(ctx->lexer); /* Skip "(". */
- *atomic = true;
- return parse_chassis_resident(ctx);
- }
- lexer_error(ctx->lexer, "parsing function name");
- return NULL;
- }
-
- if (!parse_field(ctx, &f)) {
- return NULL;
- }
-
- if (!expr_relop_from_token(ctx->lexer->token.type, &r)) {
- if (!f.n_bits || ctx->lexer->token.type == LEX_T_EQUALS) {
- lexer_syntax_error(ctx->lexer,
- "expecting relational operator");
- return NULL;
- } else if (f.n_bits > 1 && !ctx->not) {
- lexer_error(ctx->lexer,
- "Explicit `!= 0' is required for inequality "
- "test of multibit field against 0.");
- return NULL;
- }
-
- *atomic = true;
-
- union expr_constant *cst = xzalloc(sizeof *cst);
- cst->format = LEX_F_HEXADECIMAL;
- cst->masked = false;
-
- c.type = EXPR_C_INTEGER;
- c.values = cst;
- c.n_values = 1;
- c.in_curlies = false;
- return make_cmp(ctx, &f, EXPR_R_NE, &c);
- } else if (parse_relop(ctx, &r) && parse_constant_set(ctx, &c)) {
- return make_cmp(ctx, &f, r, &c);
- } else {
- return NULL;
- }
- } else {
- struct expr_constant_set c1;
- if (!parse_constant_set(ctx, &c1)) {
- return NULL;
- }
-
- if (!expr_relop_from_token(ctx->lexer->token.type, NULL)
- && c1.n_values == 1
- && c1.type == EXPR_C_INTEGER
- && c1.values[0].format == LEX_F_DECIMAL
- && !c1.values[0].masked
- && !c1.in_curlies) {
- uint64_t x = ntohll(c1.values[0].value.integer);
- if (x <= 1) {
- *atomic = true;
- expr_constant_set_destroy(&c1);
- return expr_create_boolean(x);
- }
- }
-
- enum expr_relop r1;
- struct expr_field f;
- if (!parse_relop(ctx, &r1) || !parse_field(ctx, &f)) {
- expr_constant_set_destroy(&c1);
- return NULL;
- }
-
- if (!expr_relop_from_token(ctx->lexer->token.type, NULL)) {
- return make_cmp(ctx, &f, expr_relop_turn(r1), &c1);
- }
-
- enum expr_relop r2;
- struct expr_constant_set c2;
- if (!parse_relop(ctx, &r2) || !parse_constant_set(ctx, &c2)) {
- expr_constant_set_destroy(&c1);
- return NULL;
- } else {
- /* Reject "1 == field == 2", "1 < field > 2", and so on. */
- if (!(((r1 == EXPR_R_LT || r1 == EXPR_R_LE) &&
- (r2 == EXPR_R_LT || r2 == EXPR_R_LE)) ||
- ((r1 == EXPR_R_GT || r1 == EXPR_R_GE) &&
- (r2 == EXPR_R_GT || r2 == EXPR_R_GE)))) {
- lexer_error(ctx->lexer, "Range expressions must have the "
- "form `x < field < y' or `x > field > y', with "
- "each `<' optionally replaced by `<=' or `>' by "
- "`>=').");
- expr_constant_set_destroy(&c1);
- expr_constant_set_destroy(&c2);
- return NULL;
- }
-
- struct expr *e1 = make_cmp(ctx, &f, expr_relop_turn(r1), &c1);
- struct expr *e2 = make_cmp(ctx, &f, r2, &c2);
- if (ctx->lexer->error) {
- expr_destroy(e1);
- expr_destroy(e2);
- return NULL;
- }
- return expr_combine(EXPR_T_AND, e1, e2);
- }
- }
-}
-
-static struct expr *
-expr_parse_not(struct expr_context *ctx)
-{
- bool atomic;
-
- if (lexer_match(ctx->lexer, LEX_T_LOG_NOT)) {
- ctx->not = !ctx->not;
- struct expr *expr = expr_parse_primary(ctx, &atomic);
- ctx->not = !ctx->not;
-
- if (expr) {
- if (!atomic) {
- lexer_error(ctx->lexer,
- "Missing parentheses around operand of !.");
- expr_destroy(expr);
- return NULL;
- }
- expr_not(expr);
- }
- return expr;
- } else {
- return expr_parse_primary(ctx, &atomic);
- }
-}
-
-struct expr *
-expr_parse__(struct expr_context *ctx)
-{
- struct expr *e = expr_parse_not(ctx);
- if (!e) {
- return NULL;
- }
-
- enum lex_type lex_type = ctx->lexer->token.type;
- if (lex_type == LEX_T_LOG_AND || lex_type == LEX_T_LOG_OR) {
- enum expr_type expr_type
- = lex_type == LEX_T_LOG_AND ? EXPR_T_AND : EXPR_T_OR;
-
- lexer_get(ctx->lexer);
- do {
- struct expr *e2 = expr_parse_not(ctx);
- if (!e2) {
- expr_destroy(e);
- return NULL;
- }
- e = expr_combine(expr_type, e, e2);
- } while (lexer_match(ctx->lexer, lex_type));
- if (ctx->lexer->token.type == LEX_T_LOG_AND
- || ctx->lexer->token.type == LEX_T_LOG_OR) {
- expr_destroy(e);
- lexer_error(ctx->lexer,
- "&& and || must be parenthesized when used together.");
- return NULL;
- }
- }
- return e;
-}
-
-/* Parses an expression from 'lexer' using the symbols in 'symtab' and
- * address set table in 'addr_sets'. If successful, returns the new
- * expression; on failure, returns NULL. Returns nonnull if and only if
- * lexer->error is NULL. */
-struct expr *
-expr_parse(struct lexer *lexer, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- struct sset *addr_sets_ref)
-{
- struct expr_context ctx = { .lexer = lexer,
- .symtab = symtab,
- .addr_sets = addr_sets,
- .port_groups = port_groups,
- .addr_sets_ref = addr_sets_ref };
- return lexer->error ? NULL : expr_parse__(&ctx);
-}
-
-/* Parses the expression in 's' using the symbols in 'symtab' and
- * address set table in 'addr_sets'. If successful, returns the new
- * expression and sets '*errorp' to NULL. On failure, returns NULL and
- * sets '*errorp' to an explanatory error message. The caller must
- * eventually free the returned expression (with expr_destroy()) or
- * error (with free()). */
-struct expr *
-expr_parse_string(const char *s, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- struct sset *addr_sets_ref,
- char **errorp)
-{
- struct lexer lexer;
-
- lexer_init(&lexer, s);
- lexer_get(&lexer);
- struct expr *expr = expr_parse(&lexer, symtab, addr_sets, port_groups,
- addr_sets_ref);
- lexer_force_end(&lexer);
- *errorp = lexer_steal_error(&lexer);
- if (*errorp) {
- expr_destroy(expr);
- expr = NULL;
- }
- lexer_destroy(&lexer);
-
- return expr;
-}
-
-/* Parses a field or subfield from 'lexer' into 'field', obtaining field names
- * from 'symtab'. Returns true if successful, false if an error occurred.
- * Upon return, returns true if and only if lexer->error is NULL. */
-bool
-expr_field_parse(struct lexer *lexer, const struct shash *symtab,
- struct expr_field *field, struct expr **prereqsp)
-{
- struct expr_context ctx = { .lexer = lexer, .symtab = symtab };
- if (parse_field(&ctx, field) && field->symbol->predicate) {
- lexer_error(lexer, "Predicate symbol %s used where lvalue required.",
- field->symbol->name);
- }
- if (!lexer->error) {
- const struct expr_symbol *symbol = field->symbol;
- while (symbol) {
- if (symbol->prereqs) {
- char *error;
- struct ovs_list nesting = OVS_LIST_INITIALIZER(&nesting);
- struct expr *e = parse_and_annotate(symbol->prereqs, symtab,
- &nesting, &error);
- if (error) {
- lexer_error(lexer, "%s", error);
- free(error);
- break;
- }
- *prereqsp = expr_combine(EXPR_T_AND, *prereqsp, e);
- }
-
- if (!symbol->parent) {
- break;
- }
- symbol = symbol->parent;
- }
- }
- if (!lexer->error) {
- return true;
- }
- memset(field, 0, sizeof *field);
- return false;
-}
-
-/* Appends to 's' a re-parseable representation of 'field'. */
-void
-expr_field_format(const struct expr_field *field, struct ds *s)
-{
- ds_put_cstr(s, field->symbol->name);
- if (field->ofs || field->n_bits != field->symbol->width) {
- if (field->n_bits != 1) {
- ds_put_format(s, "[%d..%d]",
- field->ofs, field->ofs + field->n_bits - 1);
- } else {
- ds_put_format(s, "[%d]", field->ofs);
- }
- }
-}
-
-void
-expr_symbol_format(const struct expr_symbol *symbol, struct ds *s)
-{
- ds_put_format(s, "%s = ", symbol->name);
- if (symbol->parent) {
- struct expr_field f = { symbol->parent,
- symbol->parent_ofs,
- symbol->width };
- expr_field_format(&f, s);
- } else if (symbol->predicate) {
- ds_put_cstr(s, symbol->predicate);
- } else if (symbol->ovn_field) {
- ds_put_cstr(s, symbol->name);
- } else {
- nx_format_field_name(symbol->field->id, OFP13_VERSION, s);
- }
-}
-
-static struct expr_symbol *
-add_symbol(struct shash *symtab, const char *name, int width,
- const char *prereqs, enum expr_level level,
- bool must_crossproduct, bool rw)
-{
- struct expr_symbol *symbol = xzalloc(sizeof *symbol);
- symbol->name = xstrdup(name);
- symbol->prereqs = prereqs && prereqs[0] ? xstrdup(prereqs) : NULL;
- symbol->width = width;
- symbol->level = level;
- symbol->must_crossproduct = must_crossproduct;
- symbol->rw = rw;
- shash_add_assert(symtab, symbol->name, symbol);
- return symbol;
-}
-
-/* Adds field 'id' to symbol table 'symtab' under the given 'name'. Whenever
- * 'name' is referenced, expression annotation (see expr_annotate()) will
- * ensure that 'prereqs' are also true. If 'must_crossproduct' is true, then
- * conversion to flows will never attempt to use the field as a conjunctive
- * match dimension (see "Crossproducting" in the large comment on struct
- * expr_symbol in expr.h for an example).
- *
- * A given field 'id' must only be used for a single symbol in a symbol table.
- * Use subfields to duplicate or subset a field (you can even make a subfield
- * include all the bits of the "parent" field if you like). */
-struct expr_symbol *
-expr_symtab_add_field(struct shash *symtab, const char *name,
- enum mf_field_id id, const char *prereqs,
- bool must_crossproduct)
-{
- const struct mf_field *field = mf_from_id(id);
- struct expr_symbol *symbol;
-
- symbol = add_symbol(symtab, name, field->n_bits, prereqs,
- (field->maskable == MFM_FULLY
- ? EXPR_L_ORDINAL
- : EXPR_L_NOMINAL),
- must_crossproduct, field->writable);
- symbol->field = field;
- return symbol;
-}
-
-static bool
-parse_field_from_string(const char *s, const struct shash *symtab,
- struct expr_field *field, char **errorp)
-{
- struct lexer lexer;
- lexer_init(&lexer, s);
- lexer_get(&lexer);
-
- struct expr_context ctx = { .lexer = &lexer, .symtab = symtab };
- parse_field(&ctx, field);
- lexer_force_end(&lexer);
- *errorp = lexer_steal_error(&lexer);
- lexer_destroy(&lexer);
-
- return !*errorp;
-}
-
-/* Adds 'name' as a subfield of a larger field in 'symtab'. Whenever
- * 'name' is referenced, expression annotation (see expr_annotate()) will
- * ensure that 'prereqs' are also true.
- *
- * 'subfield' must describe the subfield as a string, e.g. "vlan.tci[0..11]"
- * for the low 12 bits of a larger field named "vlan.tci". */
-struct expr_symbol *
-expr_symtab_add_subfield(struct shash *symtab, const char *name,
- const char *prereqs, const char *subfield)
-{
- struct expr_symbol *symbol;
- struct expr_field f;
- char *error;
-
- if (!parse_field_from_string(subfield, symtab, &f, &error)) {
- VLOG_WARN("%s: error parsing %s subfield (%s)", subfield, name, error);
- free(error);
- return NULL;
- }
-
- enum expr_level level = f.symbol->level;
- if (level != EXPR_L_ORDINAL) {
- VLOG_WARN("can't define %s as subfield of %s field %s",
- name, expr_level_to_string(level), f.symbol->name);
- }
-
- symbol = add_symbol(symtab, name, f.n_bits, prereqs, level, false,
- f.symbol->rw);
- symbol->parent = f.symbol;
- symbol->parent_ofs = f.ofs;
- return symbol;
-}
-
-/* Adds a string-valued symbol named 'name' to 'symtab' with the specified
- * 'prereqs'. */
-struct expr_symbol *
-expr_symtab_add_string(struct shash *symtab, const char *name,
- enum mf_field_id id, const char *prereqs)
-{
- const struct mf_field *field = mf_from_id(id);
- struct expr_symbol *symbol;
-
- symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, false,
- field->writable);
- symbol->field = field;
- return symbol;
-}
-
-static enum expr_level
-expr_get_level(const struct expr *expr)
-{
- const struct expr *sub;
- enum expr_level level = EXPR_L_ORDINAL;
-
- switch (expr->type) {
- case EXPR_T_CMP:
- return (expr->cmp.symbol->level == EXPR_L_NOMINAL
- ? EXPR_L_NOMINAL
- : EXPR_L_BOOLEAN);
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- LIST_FOR_EACH (sub, node, &expr->andor) {
- enum expr_level sub_level = expr_get_level(sub);
- level = MIN(level, sub_level);
- }
- return level;
-
- case EXPR_T_BOOLEAN:
- case EXPR_T_CONDITION:
- return EXPR_L_BOOLEAN;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static enum expr_level
-expr_parse_level(const char *s, const struct shash *symtab, char **errorp)
-{
- struct expr *expr = expr_parse_string(s, symtab, NULL, NULL, NULL, errorp);
- enum expr_level level = expr ? expr_get_level(expr) : EXPR_L_NOMINAL;
- expr_destroy(expr);
- return level;
-}
-
-/* Adds a predicate symbol, whose value is the given Boolean 'expression',
- * named 'name' to 'symtab'. For example, "ip4 && ip4.proto == 6" might be an
- * appropriate predicate named "tcp4". */
-struct expr_symbol *
-expr_symtab_add_predicate(struct shash *symtab, const char *name,
- const char *expansion)
-{
- struct expr_symbol *symbol;
- enum expr_level level;
- char *error;
-
- level = expr_parse_level(expansion, symtab, &error);
- if (error) {
- VLOG_WARN("%s: error parsing %s expansion (%s)",
- expansion, name, error);
- free(error);
- return NULL;
- }
-
- symbol = add_symbol(symtab, name, 1, NULL, level, false, false);
- symbol->predicate = xstrdup(expansion);
- return symbol;
-}
-
-struct expr_symbol *
-expr_symtab_add_ovn_field(struct shash *symtab, const char *name,
- enum ovn_field_id id)
-{
- const struct ovn_field *ovn_field = ovn_field_from_id(id);
- struct expr_symbol *symbol;
-
- symbol = add_symbol(symtab, name, ovn_field->n_bits, NULL,
- EXPR_L_NOMINAL, false, true);
- symbol->ovn_field = ovn_field;
- return symbol;
-}
-
-/* Destroys 'symtab' and all of its symbols. */
-void
-expr_symtab_destroy(struct shash *symtab)
-{
- struct shash_node *node, *next;
-
- SHASH_FOR_EACH_SAFE (node, next, symtab) {
- struct expr_symbol *symbol = node->data;
-
- shash_delete(symtab, node);
- free(symbol->name);
- free(symbol->prereqs);
- free(symbol->predicate);
- free(symbol);
- }
-}
-
-/* Cloning. */
-
-static struct expr *
-expr_clone_cmp(struct expr *expr)
-{
- struct expr *new = xmemdup(expr, sizeof *expr);
- if (!new->cmp.symbol->width) {
- new->cmp.string = xstrdup(new->cmp.string);
- }
- return new;
-}
-
-static struct expr *
-expr_clone_andor(struct expr *expr)
-{
- struct expr *new = expr_create_andor(expr->type);
- struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- struct expr *new_sub = expr_clone(sub);
- ovs_list_push_back(&new->andor, &new_sub->node);
- }
- return new;
-}
-
-static struct expr *
-expr_clone_condition(struct expr *expr)
-{
- struct expr *new = xmemdup(expr, sizeof *expr);
- new->cond.string = xstrdup(new->cond.string);
- return new;
-}
-
-/* Returns a clone of 'expr'. This is a "deep copy": neither the returned
- * expression nor any of its substructure will be shared with 'expr'. */
-struct expr *
-expr_clone(struct expr *expr)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return expr_clone_cmp(expr);
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- return expr_clone_andor(expr);
-
- case EXPR_T_BOOLEAN:
- return expr_create_boolean(expr->boolean);
-
- case EXPR_T_CONDITION:
- return expr_clone_condition(expr);
- }
- OVS_NOT_REACHED();
-}
-
-/* Destroys 'expr' and all of the sub-expressions it references. */
-void
-expr_destroy(struct expr *expr)
-{
- if (!expr) {
- return;
- }
-
- struct expr *sub, *next;
-
- switch (expr->type) {
- case EXPR_T_CMP:
- if (!expr->cmp.symbol->width) {
- free(expr->cmp.string);
- }
- break;
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- expr_destroy(sub);
- }
- break;
-
- case EXPR_T_BOOLEAN:
- break;
-
- case EXPR_T_CONDITION:
- free(expr->cond.string);
- break;
- }
- free(expr);
-}
-
-/* Annotation. */
-
-/* An element in a linked list of symbols.
- *
- * Used to detect when a symbol is being expanded recursively, to allow
- * flagging an error. */
-struct annotation_nesting {
- struct ovs_list node;
- const struct expr_symbol *symbol;
-};
-
-static struct expr *expr_annotate_(struct expr *, const struct shash *symtab,
- struct ovs_list *nesting, char **errorp);
-
-static struct expr *
-parse_and_annotate(const char *s, const struct shash *symtab,
- struct ovs_list *nesting, char **errorp)
-{
- char *error;
- struct expr *expr;
-
- expr = expr_parse_string(s, symtab, NULL, NULL, NULL, &error);
- if (expr) {
- expr = expr_annotate_(expr, symtab, nesting, &error);
- }
- if (expr) {
- *errorp = NULL;
- } else {
- *errorp = xasprintf("Error parsing expression `%s' encountered as "
- "prerequisite or predicate of initial expression: "
- "%s", s, error);
- free(error);
- }
- return expr;
-}
-
-static struct expr *
-expr_annotate_cmp(struct expr *expr, const struct shash *symtab,
- bool append_prereqs, struct ovs_list *nesting, char **errorp)
-{
- const struct expr_symbol *symbol = expr->cmp.symbol;
- const struct annotation_nesting *iter;
- LIST_FOR_EACH (iter, node, nesting) {
- if (iter->symbol == symbol) {
- *errorp = xasprintf("Recursive expansion of symbol `%s'.",
- symbol->name);
- expr_destroy(expr);
- return NULL;
- }
- }
-
- struct annotation_nesting an;
- an.symbol = symbol;
- ovs_list_push_back(nesting, &an.node);
-
- struct expr *prereqs = NULL;
- if (append_prereqs && symbol->prereqs) {
- prereqs = parse_and_annotate(symbol->prereqs, symtab, nesting, errorp);
- if (!prereqs) {
- goto error;
- }
- }
-
- if (symbol->parent) {
- expr->cmp.symbol = symbol->parent;
- mf_subvalue_shift(&expr->cmp.value, symbol->parent_ofs);
- mf_subvalue_shift(&expr->cmp.mask, symbol->parent_ofs);
- } else if (symbol->predicate) {
- struct expr *predicate;
-
- predicate = parse_and_annotate(symbol->predicate, symtab,
- nesting, errorp);
- if (!predicate) {
- goto error;
- }
-
- bool positive = (expr->cmp.value.integer & htonll(1)) != 0;
- positive ^= expr->cmp.relop == EXPR_R_NE;
- if (!positive) {
- expr_not(predicate);
- }
-
- expr_destroy(expr);
- expr = predicate;
- }
-
- *errorp = NULL;
- ovs_list_remove(&an.node);
- return prereqs ? expr_combine(EXPR_T_AND, expr, prereqs) : expr;
-
-error:
- expr_destroy(expr);
- expr_destroy(prereqs);
- ovs_list_remove(&an.node);
- return NULL;
-}
-
-/* Append (logical AND) prerequisites for given symbol to the expression. */
-static struct expr *
-expr_append_prereqs(struct expr *expr, const struct expr_symbol *symbol,
- const struct shash *symtab, struct ovs_list *nesting,
- char **errorp)
-{
- struct expr *prereqs = NULL;
-
- if (symbol->prereqs) {
- prereqs = parse_and_annotate(symbol->prereqs, symtab, nesting, errorp);
- if (!prereqs) {
- expr_destroy(expr);
- return NULL;
- }
- }
-
- return prereqs ? expr_combine(EXPR_T_AND, expr, prereqs) : expr;
-}
-
-static const struct expr_symbol *expr_get_unique_symbol(
- const struct expr *expr);
-
-/* Ordinarily, annotation adds prerequisites to the expression, and that's what
- * this function does if 'append_prereqs' is true. If 'append_prereqs' is
- * false, this function ignores prerequisites (in which case the caller must
- * have arranged to deal with them). */
-static struct expr *
-expr_annotate__(struct expr *expr, const struct shash *symtab,
- bool append_prereqs, struct ovs_list *nesting, char **errorp)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return expr_annotate_cmp(expr, symtab, append_prereqs, nesting,
- errorp);
-
- case EXPR_T_AND:
- case EXPR_T_OR: {
- struct expr *sub, *next;
-
- /* Detect whether every term in 'expr' mentions the same symbol. If
- * so, then suppress prerequisites for that symbol for those terms and
- * instead apply them once at our higher level.
- *
- * If 'append_prereqs' is false, though, we're not supposed to handle
- * prereqs at all (because our caller is already doing it). */
- if (append_prereqs) {
- const struct expr_symbol *sym = expr_get_unique_symbol(expr);
- if (sym) {
- append_prereqs = false;
- expr = expr_append_prereqs(expr, sym, symtab, nesting, errorp);
- if (!expr) {
- return NULL;
- }
- }
- }
-
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- struct expr *new_sub = expr_annotate__(sub, symtab, append_prereqs,
- nesting, errorp);
- if (!new_sub) {
- expr_destroy(expr);
- return NULL;
- }
- expr_insert_andor(expr, next, new_sub);
- }
- *errorp = NULL;
- return expr;
- }
-
- case EXPR_T_BOOLEAN:
- case EXPR_T_CONDITION:
- *errorp = NULL;
- return expr;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Same interface and purpose as expr_annotate(), with an additional parameter
- * for internal bookkeeping.
- *
- * Uses 'nesting' to ensure that a given symbol is not recursively expanded. */
-static struct expr *
-expr_annotate_(struct expr *expr, const struct shash *symtab,
- struct ovs_list *nesting, char **errorp)
-{
- return expr_annotate__(expr, symtab, true, nesting, errorp);
-}
-
-/* "Annotates" 'expr', which does the following:
- *
- * - Applies prerequisites, by locating each comparison operator whose
- * field has a prerequisite and adding a logical AND against those
- * prerequisites.
- *
- * - Expands references to subfield symbols, by replacing them by
- * references to their underlying field symbols (suitably shifted).
- *
- * - Expands references to predicate symbols, by replacing them by the
- * expressions that they expand to.
- *
- * In each case, annotation occurs recursively as necessary.
- *
- * If successful, returns the annotated expression and sets '*errorp' to NULL.
- * On failure, returns NULL and sets '*errorp' to an explanatory error message,
- * which the caller must free. In either case, the caller transfers ownership
- * of 'expr' and receives ownership of the returned expression, if any. */
-struct expr *
-expr_annotate(struct expr *expr, const struct shash *symtab, char **errorp)
-{
- struct ovs_list nesting = OVS_LIST_INITIALIZER(&nesting);
- return expr_annotate_(expr, symtab, &nesting, errorp);
-}
-
-static struct expr *
-expr_simplify_eq(struct expr *expr)
-{
- const union mf_subvalue *mask = &expr->cmp.mask;
- if (is_all_zeros(mask, sizeof *mask)) {
- /* Simplify "ip4.dst == 0/0" to just "1" (plus a prerequisite). */
- expr_destroy(expr);
- return expr_create_boolean(true);
- }
- return expr;
-}
-
-static struct expr *
-expr_simplify_ne(struct expr *expr)
-{
- struct expr *new = NULL;
- const union mf_subvalue *value = &expr->cmp.value;
- const union mf_subvalue *mask = &expr->cmp.mask;
- int w = expr->cmp.symbol->width;
- int i;
-
- for (i = 0; (i = bitwise_scan(mask, sizeof *mask, true, i, w)) < w; i++) {
- struct expr *e;
-
- e = xzalloc(sizeof *e);
- e->type = EXPR_T_CMP;
- e->cmp.symbol = expr->cmp.symbol;
- e->cmp.relop = EXPR_R_EQ;
- bitwise_put_bit(&e->cmp.value, sizeof e->cmp.value, i,
- !bitwise_get_bit(value, sizeof *value, i));
- bitwise_put1(&e->cmp.mask, sizeof e->cmp.mask, i);
-
- new = expr_combine(EXPR_T_OR, new, e);
- }
- if (!new) {
- /* Handle a comparison like "ip4.dst != 0/0", where the mask has no
- * 1-bits.
- *
- * The correct result for this expression may not be obvious. It's
- * easier to understand that "ip4.dst == 0/0" should be true, since 0/0
- * matches every IPv4 address; then, "ip4.dst != 0/0" should have the
- * opposite result. */
- new = expr_create_boolean(false);
- }
-
- expr_destroy(expr);
-
- return new;
-}
-
-static struct expr *
-expr_simplify_relational(struct expr *expr)
-{
- const union mf_subvalue *value = &expr->cmp.value;
- int start, n_bits, end;
-
- find_bitwise_range(&expr->cmp.mask, expr->cmp.symbol->width,
- &start, &n_bits);
- ovs_assert(n_bits > 0);
- end = start + n_bits;
-
- /* Handle some special cases.
- *
- * These optimize to just "true":
- *
- * tcp.dst >= 0
- * tcp.dst <= 65535
- *
- * These are easier to understand, and equivalent, when treated as if
- * > or < were !=:
- *
- * tcp.dst > 0
- * tcp.dst < 65535
- */
- bool lt = expr->cmp.relop == EXPR_R_LT || expr->cmp.relop == EXPR_R_LE;
- bool eq = expr->cmp.relop == EXPR_R_LE || expr->cmp.relop == EXPR_R_GE;
- if (bitwise_scan(value, sizeof *value, !lt, start, end) == end) {
- if (eq) {
- expr_destroy(expr);
- return expr_create_boolean(true);
- } else {
- return expr_simplify_ne(expr);
- }
- }
-
- /* Reduce "tcp.dst >= 1234" to "tcp.dst == 1234 || tcp.dst > 1234",
- * and similarly for "tcp.dst <= 1234". */
- struct expr *new = NULL;
- if (eq) {
- new = xmemdup(expr, sizeof *expr);
- new->cmp.relop = EXPR_R_EQ;
- }
-
- for (int z = bitwise_scan(value, sizeof *value, lt, start, end);
- z < end;
- z = bitwise_scan(value, sizeof *value, lt, z + 1, end)) {
- struct expr *e;
-
- e = xmemdup(expr, sizeof *expr);
- e->cmp.relop = EXPR_R_EQ;
- bitwise_toggle_bit(&e->cmp.value, sizeof e->cmp.value, z);
- bitwise_zero(&e->cmp.value, sizeof e->cmp.value, start, z - start);
- bitwise_zero(&e->cmp.mask, sizeof e->cmp.mask, start, z - start);
- new = expr_combine(EXPR_T_OR, new, e);
- }
- expr_destroy(expr);
- return new ? new : expr_create_boolean(false);
-}
-
-/* Resolves condition and replaces the expression with a boolean. */
-static struct expr *
-expr_simplify_condition(struct expr *expr,
- bool (*is_chassis_resident)(const void *c_aux,
- const char *port_name),
- const void *c_aux)
-{
- bool result;
-
- switch (expr->cond.type) {
- case EXPR_COND_CHASSIS_RESIDENT:
- result = is_chassis_resident(c_aux, expr->cond.string);
- break;
-
- default:
- OVS_NOT_REACHED();
- }
-
- result ^= expr->cond.not;
- expr_destroy(expr);
- return expr_create_boolean(result);
-}
-
-/* Takes ownership of 'expr' and returns an equivalent expression whose
- * EXPR_T_CMP nodes use only tests for equality (EXPR_R_EQ). */
-struct expr *
-expr_simplify(struct expr *expr,
- bool (*is_chassis_resident)(const void *c_aux,
- const char *port_name),
- const void *c_aux)
-{
- struct expr *sub, *next;
-
- switch (expr->type) {
- case EXPR_T_CMP:
- return (!expr->cmp.symbol->width ? expr
- : expr->cmp.relop == EXPR_R_EQ ? expr_simplify_eq(expr)
- : expr->cmp.relop == EXPR_R_NE ? expr_simplify_ne(expr)
- : expr_simplify_relational(expr));
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- expr_insert_andor(expr, next,
- expr_simplify(sub, is_chassis_resident, c_aux));
- }
- return expr_fix(expr);
-
- case EXPR_T_BOOLEAN:
- return expr;
-
- case EXPR_T_CONDITION:
- return expr_simplify_condition(expr, is_chassis_resident, c_aux);
- }
- OVS_NOT_REACHED();
-}
-
-/* Tests whether 'expr' is an expression over exactly one symbol: that is,
- * whether it is either a EXPR_T_CMP node or a tree of ANDs and ORs all over
- * the same symbol. If it is, returns the symbol in question. If it is not
- * (that is, if there is more than one symbol or no symbols at all), returns
- * NULL. */
-static const struct expr_symbol *
-expr_get_unique_symbol(const struct expr *expr)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return expr->cmp.symbol;
-
- case EXPR_T_AND:
- case EXPR_T_OR: {
- const struct expr_symbol *prev = NULL;
- struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- const struct expr_symbol *symbol = expr_get_unique_symbol(sub);
- if (!symbol || (prev && symbol != prev)) {
- return NULL;
- }
- prev = symbol;
- }
- return prev;
- }
-
- case EXPR_T_BOOLEAN:
- case EXPR_T_CONDITION:
- return NULL;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-struct expr_sort {
- struct expr *expr;
- const struct expr_symbol *symbol;
- enum expr_type type;
-};
-
-static int
-compare_expr_sort(const void *a_, const void *b_)
-{
- const struct expr_sort *a = a_;
- const struct expr_sort *b = b_;
-
- if (a->type != b->type) {
- return a->type < b->type ? -1 : 1;
- } else if (a->symbol) {
- int cmp = strcmp(a->symbol->name, b->symbol->name);
- if (cmp) {
- return cmp;
- }
-
- enum expr_type a_type = a->expr->type;
- enum expr_type b_type = a->expr->type;
- return a_type < b_type ? -1 : a_type > b_type;
- } else if (a->type == EXPR_T_AND || a->type == EXPR_T_OR) {
- size_t a_len = ovs_list_size(&a->expr->andor);
- size_t b_len = ovs_list_size(&b->expr->andor);
- return a_len < b_len ? -1 : a_len > b_len;
- } else {
- return 0;
- }
-}
-
-static struct expr *crush_cmps(struct expr *, const struct expr_symbol *);
-
-static bool
-disjunction_matches_string(const struct expr *or, const char *s)
-{
- const struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &or->andor) {
- if (!strcmp(sub->cmp.string, s)) {
- return true;
- }
- }
-
- return false;
-}
-
-/* Implementation of crush_cmps() for expr->type == EXPR_T_AND and a
- * string-typed 'symbol'. */
-static struct expr *
-crush_and_string(struct expr *expr, const struct expr_symbol *symbol)
-{
- ovs_assert(!ovs_list_is_short(&expr->andor));
-
- struct expr *singleton = NULL;
-
- /* First crush each subexpression into either a single EXPR_T_CMP or an
- * EXPR_T_OR with EXPR_T_CMP subexpressions. */
- struct expr *sub, *next = NULL;
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- struct expr *new = crush_cmps(sub, symbol);
- switch (new->type) {
- case EXPR_T_CMP:
- if (!singleton) {
- ovs_list_insert(&next->node, &new->node);
- singleton = new;
- } else {
- bool match = !strcmp(new->cmp.string, singleton->cmp.string);
- expr_destroy(new);
- if (!match) {
- expr_destroy(expr);
- return expr_create_boolean(false);
- }
- }
- break;
- case EXPR_T_AND:
- OVS_NOT_REACHED();
- case EXPR_T_OR:
- ovs_list_insert(&next->node, &new->node);
- break;
- case EXPR_T_BOOLEAN:
- if (!new->boolean) {
- expr_destroy(expr);
- return new;
- }
- free(new);
- break;
- case EXPR_T_CONDITION:
- OVS_NOT_REACHED();
- }
- }
-
- /* If we have a singleton, then the result is either the singleton itself
- * (if the ORs allow the singleton) or false. */
- if (singleton) {
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (sub->type == EXPR_T_OR
- && !disjunction_matches_string(sub, singleton->cmp.string)) {
- expr_destroy(expr);
- return expr_create_boolean(false);
- }
- }
- ovs_list_remove(&singleton->node);
- expr_destroy(expr);
- return singleton;
- }
-
- /* Otherwise the result is the intersection of all of the ORs. */
- struct sset result = SSET_INITIALIZER(&result);
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- struct sset strings = SSET_INITIALIZER(&strings);
- const struct expr *s;
- LIST_FOR_EACH (s, node, &sub->andor) {
- sset_add(&strings, s->cmp.string);
- }
- if (sset_is_empty(&result)) {
- sset_swap(&result, &strings);
- } else {
- sset_intersect(&result, &strings);
- }
- sset_destroy(&strings);
-
- if (sset_is_empty(&result)) {
- expr_destroy(expr);
- sset_destroy(&result);
- return expr_create_boolean(false);
- }
- }
-
- expr_destroy(expr);
- expr = expr_create_andor(EXPR_T_OR);
-
- const char *string;
- SSET_FOR_EACH (string, &result) {
- sub = xmalloc(sizeof *sub);
- sub->type = EXPR_T_CMP;
- sub->cmp.relop = EXPR_R_EQ;
- sub->cmp.symbol = symbol;
- sub->cmp.string = xstrdup(string);
- ovs_list_push_back(&expr->andor, &sub->node);
- }
- sset_destroy(&result);
- return expr_fix(expr);
-}
-
-/* Implementation of crush_cmps() for expr->type == EXPR_T_AND and a
- * numeric-typed 'symbol'. */
-static struct expr *
-crush_and_numeric(struct expr *expr, const struct expr_symbol *symbol)
-{
- ovs_assert(!ovs_list_is_short(&expr->andor));
-
- union mf_subvalue value, mask;
- memset(&value, 0, sizeof value);
- memset(&mask, 0, sizeof mask);
-
- struct expr *sub, *next = NULL;
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- struct expr *new = crush_cmps(sub, symbol);
- switch (new->type) {
- case EXPR_T_CMP:
- if (!mf_subvalue_intersect(&value, &mask,
- &new->cmp.value, &new->cmp.mask,
- &value, &mask)) {
- expr_destroy(new);
- expr_destroy(expr);
- return expr_create_boolean(false);
- }
- expr_destroy(new);
- break;
- case EXPR_T_AND:
- OVS_NOT_REACHED();
- case EXPR_T_OR:
- ovs_list_insert(&next->node, &new->node);
- break;
- case EXPR_T_BOOLEAN:
- if (!new->boolean) {
- expr_destroy(expr);
- return new;
- }
- expr_destroy(new);
- break;
- case EXPR_T_CONDITION:
- OVS_NOT_REACHED();
- }
- }
- if (ovs_list_is_empty(&expr->andor)) {
- if (is_all_zeros(&mask, sizeof mask)) {
- expr_destroy(expr);
- return expr_create_boolean(true);
- } else {
- struct expr *cmp;
- cmp = xmalloc(sizeof *cmp);
- cmp->type = EXPR_T_CMP;
- cmp->cmp.symbol = symbol;
- cmp->cmp.relop = EXPR_R_EQ;
- cmp->cmp.value = value;
- cmp->cmp.mask = mask;
- expr_destroy(expr);
- return cmp;
- }
- } else if (ovs_list_is_short(&expr->andor)) {
- /* Transform "a && (b || c || d)" into "ab || ac || ad" where "ab" is
- * computed as "a && b", etc. */
- struct expr *disjuncts = expr_from_node(ovs_list_pop_front(&expr->andor));
- struct expr *or;
-
- or = xmalloc(sizeof *or);
- or->type = EXPR_T_OR;
- ovs_list_init(&or->andor);
-
- ovs_assert(disjuncts->type == EXPR_T_OR);
- LIST_FOR_EACH_SAFE (sub, next, node, &disjuncts->andor) {
- ovs_assert(sub->type == EXPR_T_CMP);
- ovs_list_remove(&sub->node);
- if (mf_subvalue_intersect(&value, &mask,
- &sub->cmp.value, &sub->cmp.mask,
- &sub->cmp.value, &sub->cmp.mask)) {
- ovs_list_push_back(&or->andor, &sub->node);
- } else {
- expr_destroy(sub);
- }
- }
- free(disjuncts);
- free(expr);
- if (ovs_list_is_empty(&or->andor)) {
- free(or);
- return expr_create_boolean(false);
- } else if (ovs_list_is_short(&or->andor)) {
- struct expr *cmp = expr_from_node(ovs_list_pop_front(&or->andor));
- free(or);
- return cmp;
- } else {
- return or;
- }
- } else {
- /* Transform "x && (a0 || a1) && (b0 || b1) && ..." into
- * "(xa0b0 || xa0b1 || xa1b0 || xa1b1) && ...". */
- struct expr *as = expr_from_node(ovs_list_pop_front(&expr->andor));
- struct expr *bs = expr_from_node(ovs_list_pop_front(&expr->andor));
- struct expr *new = NULL;
- struct expr *or;
-
- or = xmalloc(sizeof *or);
- or->type = EXPR_T_OR;
- ovs_list_init(&or->andor);
-
- struct expr *a;
- LIST_FOR_EACH (a, node, &as->andor) {
- union mf_subvalue a_value, a_mask;
-
- ovs_assert(a->type == EXPR_T_CMP);
- if (!mf_subvalue_intersect(&value, &mask,
- &a->cmp.value, &a->cmp.mask,
- &a_value, &a_mask)) {
- continue;
- }
-
- struct expr *b;
- LIST_FOR_EACH (b, node, &bs->andor) {
- ovs_assert(b->type == EXPR_T_CMP);
- if (!new) {
- new = xmalloc(sizeof *new);
- new->type = EXPR_T_CMP;
- new->cmp.symbol = symbol;
- new->cmp.relop = EXPR_R_EQ;
- }
- if (mf_subvalue_intersect(&a_value, &a_mask,
- &b->cmp.value, &b->cmp.mask,
- &new->cmp.value, &new->cmp.mask)) {
- ovs_list_push_back(&or->andor, &new->node);
- new = NULL;
- }
- }
- }
- expr_destroy(as);
- expr_destroy(bs);
- free(new);
-
- if (ovs_list_is_empty(&or->andor)) {
- expr_destroy(expr);
- free(or);
- return expr_create_boolean(false);
- } else if (ovs_list_is_short(&or->andor)) {
- struct expr *cmp = expr_from_node(ovs_list_pop_front(&or->andor));
- free(or);
- if (ovs_list_is_empty(&expr->andor)) {
- expr_destroy(expr);
- return crush_cmps(cmp, symbol);
- } else {
- return crush_cmps(expr_combine(EXPR_T_AND, cmp, expr), symbol);
- }
- } else if (!ovs_list_is_empty(&expr->andor)) {
- struct expr *e = expr_combine(EXPR_T_AND, or, expr);
- ovs_assert(!ovs_list_is_short(&e->andor));
- return crush_cmps(e, symbol);
- } else {
- expr_destroy(expr);
- return crush_cmps(or, symbol);
- }
- }
-}
-
-static int
-compare_cmps_3way(const struct expr *a, const struct expr *b)
-{
- ovs_assert(a->cmp.symbol == b->cmp.symbol);
- if (!a->cmp.symbol->width) {
- return strcmp(a->cmp.string, b->cmp.string);
- } else {
- int d = memcmp(&a->cmp.value, &b->cmp.value, sizeof a->cmp.value);
- if (!d) {
- d = memcmp(&a->cmp.mask, &b->cmp.mask, sizeof a->cmp.mask);
- }
- return d;
- }
-}
-
-static int
-compare_cmps_cb(const void *a_, const void *b_)
-{
- const struct expr *const *ap = a_;
- const struct expr *const *bp = b_;
- const struct expr *a = *ap;
- const struct expr *b = *bp;
- return compare_cmps_3way(a, b);
-}
-
-/* Implementation of crush_cmps() for expr->type == EXPR_T_OR. */
-static struct expr *
-crush_or(struct expr *expr, const struct expr_symbol *symbol)
-{
- struct expr *sub, *next = NULL;
-
- /* First, crush all the subexpressions. That might eliminate the
- * OR-expression entirely; if so, return the result. Otherwise, 'expr'
- * is now a disjunction of cmps over the same symbol. */
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- ovs_list_remove(&sub->node);
- expr_insert_andor(expr, next, crush_cmps(sub, symbol));
- }
- expr = expr_fix(expr);
- if (expr->type != EXPR_T_OR) {
- return expr;
- }
-
- /* Sort subexpressions by value and mask, to bring together duplicates. */
- size_t n = ovs_list_size(&expr->andor);
- struct expr **subs = xmalloc(n * sizeof *subs);
-
- size_t i = 0;
- LIST_FOR_EACH (sub, node, &expr->andor) {
- subs[i++] = sub;
- }
- ovs_assert(i == n);
-
- qsort(subs, n, sizeof *subs, compare_cmps_cb);
-
- /* Eliminate duplicates. */
- ovs_list_init(&expr->andor);
- ovs_list_push_back(&expr->andor, &subs[0]->node);
- for (i = 1; i < n; i++) {
- struct expr *a = expr_from_node(ovs_list_back(&expr->andor));
- struct expr *b = subs[i];
- if (compare_cmps_3way(a, b)) {
- ovs_list_push_back(&expr->andor, &b->node);
- } else {
- expr_destroy(b);
- }
- }
- free(subs);
- return expr_fix(expr);
-}
-
-/* Takes ownership of 'expr', which must have a unique symbol in the sense of
- * 'expr_get_unique_symbol(expr)', where 'symbol' is the symbol returned by
- * that function. Returns an equivalent expression owned by the caller that is
- * a single EXPR_T_CMP or a disjunction of them or a EXPR_T_BOOLEAN. */
-static struct expr *
-crush_cmps(struct expr *expr, const struct expr_symbol *symbol)
-{
- switch (expr->type) {
- case EXPR_T_OR:
- return crush_or(expr, symbol);
-
- case EXPR_T_AND:
- return (symbol->width
- ? crush_and_numeric(expr, symbol)
- : crush_and_string(expr, symbol));
-
- case EXPR_T_CMP:
- return expr;
-
- case EXPR_T_BOOLEAN:
- return expr;
-
- /* Should not hit expression type condition, since crush_cmps is only
- * called during expr_normalize, after expr_simplify which resolves
- * all conditions. */
- case EXPR_T_CONDITION:
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Applied to an EXPR_T_AND 'expr' whose subexpressions are in terms of only
- * EXPR_T_CMP, EXPR_T_AND, and EXPR_T_OR, this takes ownership of 'expr' and
- * returns a new expression in terms of EXPR_T_CMP, EXPR_T_AND, EXPR_T_OR, or
- * EXPR_T_BOOLEAN.
- *
- * The function attempts to bring together and combine clauses of the original
- * 'expr' that were in terms of a single variable. For example, it combines
- * (x[0] == 1 && x[1] == 1) into the single x[0..1] == 3. */
-static struct expr *
-expr_sort(struct expr *expr)
-{
- ovs_assert(expr->type == EXPR_T_AND);
-
- size_t n = ovs_list_size(&expr->andor);
- struct expr_sort *subs = xmalloc(n * sizeof *subs);
- struct expr *sub;
- size_t i;
-
- i = 0;
- LIST_FOR_EACH (sub, node, &expr->andor) {
- subs[i].expr = sub;
- subs[i].symbol = expr_get_unique_symbol(sub);
- subs[i].type = subs[i].symbol ? EXPR_T_CMP : sub->type;
- i++;
- }
- ovs_assert(i == n);
-
- qsort(subs, n, sizeof *subs, compare_expr_sort);
-
- ovs_list_init(&expr->andor);
- free(expr);
- expr = NULL;
-
- for (i = 0; i < n; ) {
- if (subs[i].symbol) {
- size_t j;
- for (j = i + 1; j < n; j++) {
- if (subs[i].symbol != subs[j].symbol) {
- break;
- }
- }
-
- struct expr *crushed;
- if (j == i + 1) {
- crushed = crush_cmps(subs[i].expr, subs[i].symbol);
- } else {
- struct expr *combined = subs[i].expr;
- for (size_t k = i + 1; k < j; k++) {
- combined = expr_combine(EXPR_T_AND, combined,
- subs[k].expr);
- }
- ovs_assert(!ovs_list_is_short(&combined->andor));
- crushed = crush_cmps(combined, subs[i].symbol);
- }
- if (crushed->type == EXPR_T_BOOLEAN) {
- if (!crushed->boolean) {
- for (size_t k = j; k < n; k++) {
- expr_destroy(subs[k].expr);
- }
- expr_destroy(expr);
- expr = crushed;
- break;
- } else {
- free(crushed);
- }
- } else {
- expr = expr_combine(EXPR_T_AND, expr, crushed);
- }
- i = j;
- } else {
- expr = expr_combine(EXPR_T_AND, expr, subs[i++].expr);
- }
- }
- free(subs);
-
- return expr;
-}
-
-static struct expr *expr_normalize_or(struct expr *expr);
-
-/* Returns 'expr', which is an AND, reduced to OR(AND(clause)) where
- * a clause is a cmp or a disjunction of cmps on a single field. */
-static struct expr *
-expr_normalize_and(struct expr *expr)
-{
- expr = expr_sort(expr);
- if (expr->type != EXPR_T_AND) {
- return expr;
- }
-
- struct expr *a, *b;
- LIST_FOR_EACH_SAFE (a, b, node, &expr->andor) {
- if (&b->node == &expr->andor
- || a->type != EXPR_T_CMP || b->type != EXPR_T_CMP
- || a->cmp.symbol != b->cmp.symbol) {
- continue;
- } else if (a->cmp.symbol->width
- ? mf_subvalue_intersect(&a->cmp.value, &a->cmp.mask,
- &b->cmp.value, &b->cmp.mask,
- &b->cmp.value, &b->cmp.mask)
- : !strcmp(a->cmp.string, b->cmp.string)) {
- ovs_list_remove(&a->node);
- expr_destroy(a);
- } else {
- expr_destroy(expr);
- return expr_create_boolean(false);
- }
- }
- if (ovs_list_is_short(&expr->andor)) {
- struct expr *sub = expr_from_node(ovs_list_front(&expr->andor));
- free(expr);
- return sub;
- }
-
- struct expr *sub;
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (sub->type == EXPR_T_CMP) {
- continue;
- }
-
- ovs_assert(sub->type == EXPR_T_OR);
- const struct expr_symbol *symbol = expr_get_unique_symbol(sub);
- if (!symbol || symbol->must_crossproduct) {
- struct expr *or = expr_create_andor(EXPR_T_OR);
- struct expr *k;
-
- LIST_FOR_EACH (k, node, &sub->andor) {
- struct expr *and = expr_create_andor(EXPR_T_AND);
- struct expr *m;
-
- LIST_FOR_EACH (m, node, &expr->andor) {
- struct expr *term = m == sub ? k : m;
- if (term->type == EXPR_T_AND) {
- struct expr *p;
-
- LIST_FOR_EACH (p, node, &term->andor) {
- struct expr *new = expr_clone(p);
- ovs_list_push_back(&and->andor, &new->node);
- }
- } else {
- struct expr *new = expr_clone(term);
- ovs_list_push_back(&and->andor, &new->node);
- }
- }
- ovs_list_push_back(&or->andor, &and->node);
- }
- expr_destroy(expr);
- return expr_normalize_or(or);
- }
- }
- return expr;
-}
-
-static struct expr *
-expr_normalize_or(struct expr *expr)
-{
- struct expr *sub, *next;
-
- LIST_FOR_EACH_SAFE (sub, next, node, &expr->andor) {
- if (sub->type == EXPR_T_AND) {
- ovs_list_remove(&sub->node);
-
- struct expr *new = expr_normalize_and(sub);
- if (new->type == EXPR_T_BOOLEAN) {
- if (new->boolean) {
- expr_destroy(expr);
- return new;
- }
- free(new);
- } else {
- expr_insert_andor(expr, next, new);
- }
- } else {
- ovs_assert(sub->type == EXPR_T_CMP);
- }
- }
- if (ovs_list_is_empty(&expr->andor)) {
- free(expr);
- return expr_create_boolean(false);
- }
- if (ovs_list_is_short(&expr->andor)) {
- struct expr *e = expr_from_node(ovs_list_pop_front(&expr->andor));
- free(expr);
- return e;
- }
-
- return expr;
-}
-
-/* Takes ownership of 'expr', which is either a constant "true" or "false" or
- * an expression in terms of only relationals, AND, and OR. Returns either a
- * constant "true" or "false" or 'expr' reduced to OR(AND(clause)) where a
- * clause is a cmp or a disjunction of cmps on a single field. This form is
- * significant because it is a form that can be directly converted to OpenFlow
- * flows with the Open vSwitch "conjunctive match" extension.
- *
- * 'expr' must already have been simplified, with expr_simplify(). */
-struct expr *
-expr_normalize(struct expr *expr)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return expr;
-
- case EXPR_T_AND:
- return expr_normalize_and(expr);
-
- case EXPR_T_OR:
- return expr_normalize_or(expr);
-
- case EXPR_T_BOOLEAN:
- return expr;
-
- /* Should not hit expression type condition, since expr_normalize is
- * only called after expr_simplify, which resolves all conditions. */
- case EXPR_T_CONDITION:
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Creates, initializes, and returns a new 'struct expr_match'. If 'm' is
- * nonnull then it is copied into the new expr_match, otherwise the new
- * expr_match's 'match' member is initialized to a catch-all match for the
- * caller to refine in-place.
- *
- * If 'conj_id' is nonzero, adds one conjunction based on 'conj_id', 'clause',
- * and 'n_clauses' to the returned 'struct expr_match', otherwise the
- * expr_match will not have any conjunctions.
- *
- * The caller should use expr_match_add() to add the expr_match to a hash table
- * after it is finalized. */
-static struct expr_match *
-expr_match_new(const struct match *m, uint8_t clause, uint8_t n_clauses,
- uint32_t conj_id)
-{
- struct expr_match *match = xmalloc(sizeof *match);
- if (m) {
- match->match = *m;
- } else {
- match_init_catchall(&match->match);
- }
- if (conj_id) {
- match->conjunctions = xmalloc(sizeof *match->conjunctions);
- match->conjunctions[0].id = conj_id;
- match->conjunctions[0].clause = clause;
- match->conjunctions[0].n_clauses = n_clauses;
- match->n = 1;
- match->allocated = 1;
- } else {
- match->conjunctions = NULL;
- match->n = 0;
- match->allocated = 0;
- }
- return match;
-}
-
-/* Adds 'match' to hash table 'matches', which becomes the new owner of
- * 'match'.
- *
- * This might actually destroy 'match' because it gets merged together with
- * some existing conjunction.*/
-static void
-expr_match_add(struct hmap *matches, struct expr_match *match)
-{
- uint32_t hash = match_hash(&match->match, 0);
- struct expr_match *m;
-
- HMAP_FOR_EACH_WITH_HASH (m, hmap_node, hash, matches) {
- if (match_equal(&m->match, &match->match)) {
- if (!m->n || !match->n) {
- free(m->conjunctions);
- m->conjunctions = NULL;
- m->n = 0;
- m->allocated = 0;
- } else {
- ovs_assert(match->n == 1);
- if (m->n >= m->allocated) {
- m->conjunctions = x2nrealloc(m->conjunctions,
- &m->allocated,
- sizeof *m->conjunctions);
- }
- m->conjunctions[m->n++] = match->conjunctions[0];
- }
- free(match->conjunctions);
- free(match);
- return;
- }
- }
-
- hmap_insert(matches, &match->hmap_node, hash);
-}
-
-/* Applies EXPR_T_CMP-typed 'expr' to 'm'. This will only work properly if 'm'
- * doesn't already match on 'expr->cmp.symbol', because it replaces any
- * existing match on that symbol instead of intersecting with it.
- *
- * If 'expr' is a comparison on a string field, uses 'lookup_port' and 'aux' to
- * convert the string to a port number. In such a case, if the port can't be
- * found, returns false. In all other cases, returns true. */
-static bool
-constrain_match(const struct expr *expr,
- bool (*lookup_port)(const void *aux,
- const char *port_name,
- unsigned int *portp),
- const void *aux, struct match *m)
-{
- ovs_assert(expr->type == EXPR_T_CMP);
- if (expr->cmp.symbol->width) {
- mf_mask_subfield(expr->cmp.symbol->field, &expr->cmp.value,
- &expr->cmp.mask, m);
- } else {
- unsigned int port;
- if (!lookup_port(aux, expr->cmp.string, &port)) {
- return false;
- }
-
- struct mf_subfield sf;
- sf.field = expr->cmp.symbol->field;
- sf.ofs = 0;
- sf.n_bits = expr->cmp.symbol->field->n_bits;
-
- union mf_subvalue x;
- memset(&x, 0, sizeof x);
- x.integer = htonll(port);
-
- mf_write_subfield(&sf, &x, m);
- }
- return true;
-}
-
-static bool
-add_disjunction(const struct expr *or,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux,
- struct match *m, uint8_t clause, uint8_t n_clauses,
- uint32_t conj_id, struct hmap *matches)
-{
- struct expr *sub;
- int n = 0;
-
- ovs_assert(or->type == EXPR_T_OR);
- LIST_FOR_EACH (sub, node, &or->andor) {
- struct expr_match *match = expr_match_new(m, clause, n_clauses,
- conj_id);
- if (constrain_match(sub, lookup_port, aux, &match->match)) {
- expr_match_add(matches, match);
- n++;
- } else {
- free(match->conjunctions);
- free(match);
- }
- }
-
- /* If n == 1, then this didn't really need to be a disjunction. Oh well,
- * that shouldn't happen much. */
- return n > 0;
-}
-
-static void
-add_conjunction(const struct expr *and,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux, uint32_t *n_conjsp, struct hmap *matches)
-{
- struct match match;
- int n_clauses = 0;
- struct expr *sub;
-
- match_init_catchall(&match);
-
- ovs_assert(and->type == EXPR_T_AND);
- LIST_FOR_EACH (sub, node, &and->andor) {
- switch (sub->type) {
- case EXPR_T_CMP:
- if (!constrain_match(sub, lookup_port, aux, &match)) {
- return;
- }
- break;
- case EXPR_T_OR:
- n_clauses++;
- break;
- case EXPR_T_AND:
- case EXPR_T_BOOLEAN:
- case EXPR_T_CONDITION:
- default:
- OVS_NOT_REACHED();
- }
- }
-
- if (!n_clauses) {
- expr_match_add(matches, expr_match_new(&match, 0, 0, 0));
- } else if (n_clauses == 1) {
- LIST_FOR_EACH (sub, node, &and->andor) {
- if (sub->type == EXPR_T_OR) {
- add_disjunction(sub, lookup_port, aux, &match, 0, 0, 0,
- matches);
- }
- }
- } else {
- int clause = 0;
- (*n_conjsp)++;
- LIST_FOR_EACH (sub, node, &and->andor) {
- if (sub->type == EXPR_T_OR) {
- if (!add_disjunction(sub, lookup_port, aux, &match, clause++,
- n_clauses, *n_conjsp, matches)) {
- /* This clause can't ever match, so we might as well skip
- * adding the other clauses--the overall disjunctive flow
- * can't ever match. Ideally we would also back out all of
- * the clauses we already added, but that seems like a lot
- * of trouble for a case that might never occur in
- * practice. */
- return;
- }
- }
- }
-
- /* Add the flow that matches on conj_id. */
- match_set_conj_id(&match, *n_conjsp);
- expr_match_add(matches, expr_match_new(&match, 0, 0, 0));
- }
-}
-
-static void
-add_cmp_flow(const struct expr *cmp,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux, struct hmap *matches)
-{
- struct expr_match *m = expr_match_new(NULL, 0, 0, 0);
- if (constrain_match(cmp, lookup_port, aux, &m->match)) {
- expr_match_add(matches, m);
- } else {
- free(m);
- }
-}
-
-/* Converts 'expr', which must be in the form returned by expr_normalize(), to
- * a collection of Open vSwitch flows in 'matches', which this function
- * initializes to an hmap of "struct expr_match" structures. Returns the
- * number of conjunctive match IDs consumed by 'matches', which uses
- * conjunctive match IDs beginning with 0; the caller must offset or remap them
- * into the desired range as necessary.
- *
- * The matches inserted into 'matches' will be of three distinct kinds:
- *
- * - Ordinary flows. The caller should add these OpenFlow flows with
- * its desired actions.
- *
- * - Conjunctive flows, distinguished by 'n > 0' in the expr_match
- * structure. The caller should add these OpenFlow flows with the
- * conjunction(id, k/n) actions as specified in the 'conjunctions' array,
- * remapping the ids.
- *
- * - conj_id flows, distinguished by matching on the "conj_id" field. The
- * caller should remap the conj_id and add the OpenFlow flow with its
- * desired actions.
- *
- * 'lookup_port' must be a function to map from a port name to a port number.
- * When successful, 'lookup_port' stores the port number into '*portp' and
- * returns true; when there is no port by the given name, it returns false.
- * 'aux' is passed to 'lookup_port' as auxiliary data. Any comparisons against
- * string fields in 'expr' are translated into integers through this function.
- * A comparison against a string that is not in 'ports' acts like a Boolean
- * "false"; that is, it will always fail to match. For a simple expression,
- * this means that the overall expression always fails to match, but an
- * expression with a disjunction on the string field might still match on other
- * port names.
- *
- * (This treatment of string fields might be too simplistic in general, but it
- * seems reasonable for now when string fields are used only for ports.) */
-uint32_t
-expr_to_matches(const struct expr *expr,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux, struct hmap *matches)
-{
- uint32_t n_conjs = 0;
-
- hmap_init(matches);
- switch (expr->type) {
- case EXPR_T_CMP:
- add_cmp_flow(expr, lookup_port, aux, matches);
- break;
-
- case EXPR_T_AND:
- add_conjunction(expr, lookup_port, aux, &n_conjs, matches);
- break;
-
- case EXPR_T_OR:
- if (expr_get_unique_symbol(expr)) {
- struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- add_cmp_flow(sub, lookup_port, aux, matches);
- }
- } else {
- struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (sub->type == EXPR_T_AND) {
- add_conjunction(sub, lookup_port, aux, &n_conjs, matches);
- } else {
- add_cmp_flow(sub, lookup_port, aux, matches);
- }
- }
- }
- break;
-
- case EXPR_T_BOOLEAN:
- if (expr->boolean) {
- struct expr_match *m = expr_match_new(NULL, 0, 0, 0);
- expr_match_add(matches, m);
- } else {
- /* No match. */
- }
- break;
-
- /* Should not hit expression type condition, since expr_to_matches is
- * only called after expr_simplify, which resolves all conditions. */
- case EXPR_T_CONDITION:
- default:
- OVS_NOT_REACHED();
- }
- return n_conjs;
-}
-
-/* Destroys all of the 'struct expr_match'es in 'matches', as well as the
- * 'matches' hmap itself. */
-void
-expr_matches_destroy(struct hmap *matches)
-{
- struct expr_match *m;
-
- HMAP_FOR_EACH_POP (m, hmap_node, matches) {
- free(m->conjunctions);
- free(m);
- }
- hmap_destroy(matches);
-}
-
-/* Prints a representation of the 'struct expr_match'es in 'matches' to
- * 'stream'. */
-void
-expr_matches_print(const struct hmap *matches, FILE *stream)
-{
- if (hmap_is_empty(matches)) {
- fputs("(no flows)\n", stream);
- return;
- }
-
- const struct expr_match *m;
- HMAP_FOR_EACH (m, hmap_node, matches) {
- char *s = match_to_string(&m->match, NULL, OFP_DEFAULT_PRIORITY);
- fputs(s, stream);
- free(s);
-
- if (m->n) {
- for (int i = 0; i < m->n; i++) {
- const struct cls_conjunction *c = &m->conjunctions[i];
- fprintf(stream, "%c conjunction(%"PRIu32", %d/%d)",
- i == 0 ? ':' : ',', c->id, c->clause, c->n_clauses);
- }
- }
- putc('\n', stream);
- }
-}
-
-/* Returns true if 'expr' honors the invariants for expressions (see the large
- * comment above "struct expr" in expr.h), false otherwise. */
-bool
-expr_honors_invariants(const struct expr *expr)
-{
- const struct expr *sub;
-
- switch (expr->type) {
- case EXPR_T_CMP:
- if (expr->cmp.symbol->width) {
- for (int i = 0; i < ARRAY_SIZE(expr->cmp.value.be64); i++) {
- if (expr->cmp.value.be64[i] & ~expr->cmp.mask.be64[i]) {
- return false;
- }
- }
- }
- return true;
-
- case EXPR_T_AND:
- case EXPR_T_OR:
- if (ovs_list_is_short(&expr->andor)) {
- return false;
- }
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (sub->type == expr->type || !expr_honors_invariants(sub)) {
- return false;
- }
- }
- return true;
-
- case EXPR_T_BOOLEAN:
- case EXPR_T_CONDITION:
- return true;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static bool
-expr_is_normalized_and(const struct expr *expr)
-{
- /* XXX should also check that no symbol is repeated. */
- const struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (!expr_get_unique_symbol(sub)) {
- return false;
- }
- }
- return true;
-}
-
-/* Returns true if 'expr' is in the form returned by expr_normalize(), false
- * otherwise. */
-bool
-expr_is_normalized(const struct expr *expr)
-{
- switch (expr->type) {
- case EXPR_T_CMP:
- return true;
-
- case EXPR_T_AND:
- return expr_is_normalized_and(expr);
-
- case EXPR_T_OR:
- if (!expr_get_unique_symbol(expr)) {
- const struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &expr->andor) {
- if (!expr_get_unique_symbol(sub)
- && !expr_is_normalized_and(sub)) {
- return false;
- }
- }
- }
- return true;
-
- case EXPR_T_BOOLEAN:
- return true;
-
- case EXPR_T_CONDITION:
- return false;
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static bool
-expr_evaluate_andor(const struct expr *e, const struct flow *f,
- bool short_circuit,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux)
-{
- const struct expr *sub;
-
- LIST_FOR_EACH (sub, node, &e->andor) {
- if (expr_evaluate(sub, f, lookup_port, aux) == short_circuit) {
- return short_circuit;
- }
- }
- return !short_circuit;
-}
-
-static bool
-expr_evaluate_cmp(const struct expr *e, const struct flow *f,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux)
-{
- const struct expr_symbol *s = e->cmp.symbol;
- const struct mf_field *field = s->field;
-
- int cmp;
- if (e->cmp.symbol->width) {
- int n_bytes = field->n_bytes;
- const uint8_t *cst = &e->cmp.value.u8[sizeof e->cmp.value - n_bytes];
- const uint8_t *mask = &e->cmp.mask.u8[sizeof e->cmp.mask - n_bytes];
-
- /* Get field value and mask off undesired bits. */
- union mf_value value;
- mf_get_value(field, f, &value);
- for (int i = 0; i < field->n_bytes; i++) {
- value.b[i] &= mask[i];
- }
-
- /* Compare against constant. */
- cmp = memcmp(&value, cst, n_bytes);
- } else {
- /* Get field value. */
- struct mf_subfield sf = { .field = field, .ofs = 0,
- .n_bits = field->n_bits };
- uint64_t value = mf_get_subfield(&sf, f);
-
- /* Get constant. */
- unsigned int cst;
- if (!lookup_port(aux, e->cmp.string, &cst)) {
- return false;
- }
-
- /* Compare. */
- cmp = value < cst ? -1 : value > cst;
- }
-
- return expr_relop_test(e->cmp.relop, cmp);
-}
-
-/* Evaluates 'e' against microflow 'uflow' and returns the result.
- *
- * 'lookup_port' must be a function to map from a port name to a port number
- * and 'aux' auxiliary data to pass to it; see expr_to_matches() for more
- * details.
- *
- * This isn't particularly fast. For performance-sensitive tasks, use
- * expr_to_matches() and the classifier. */
-bool
-expr_evaluate(const struct expr *e, const struct flow *uflow,
- bool (*lookup_port)(const void *aux, const char *port_name,
- unsigned int *portp),
- const void *aux)
-{
- switch (e->type) {
- case EXPR_T_CMP:
- return expr_evaluate_cmp(e, uflow, lookup_port, aux);
-
- case EXPR_T_AND:
- return expr_evaluate_andor(e, uflow, false, lookup_port, aux);
-
- case EXPR_T_OR:
- return expr_evaluate_andor(e, uflow, true, lookup_port, aux);
-
- case EXPR_T_BOOLEAN:
- return e->boolean;
-
- case EXPR_T_CONDITION:
- /* Assume tests calling expr_evaluate are not chassis specific, so
- * is_chassis_resident evaluates as true. */
- return (e->cond.not ? false : true);
-
- default:
- OVS_NOT_REACHED();
- }
-}
-
-/* Action parsing helper. */
-
-/* Checks that 'f' is 'n_bits' wide (where 'n_bits == 0' means that 'f' must be
- * a string field) and, if 'rw' is true, that 'f' is modifiable. Returns NULL
- * if 'f' is acceptable, otherwise a malloc()'d error message that the caller
- * must free(). */
-char * OVS_WARN_UNUSED_RESULT
-expr_type_check(const struct expr_field *f, int n_bits, bool rw)
-{
- if (n_bits != f->n_bits) {
- if (n_bits && f->n_bits) {
- return xasprintf("Cannot use %d-bit field %s[%d..%d] "
- "where %d-bit field is required.",
- f->n_bits, f->symbol->name,
- f->ofs, f->ofs + f->n_bits - 1,
- n_bits);
- } else if (n_bits) {
- return xasprintf("Cannot use string field %s where numeric "
- "field is required.", f->symbol->name);
- } else {
- return xasprintf("Cannot use numeric field %s where string "
- "field is required.", f->symbol->name);
- }
- }
-
- if (rw && !f->symbol->rw) {
- return xasprintf("Field %s is not modifiable.", f->symbol->name);
- }
-
- return NULL;
-}
-
-/* Returns the mf_subfield that corresponds to 'f'. */
-struct mf_subfield
-expr_resolve_field(const struct expr_field *f)
-{
- const struct expr_symbol *symbol = f->symbol;
- int ofs = f->ofs;
-
- while (symbol->parent) {
- ofs += symbol->parent_ofs;
- symbol = symbol->parent;
- }
-
- int n_bits = symbol->width ? f->n_bits : symbol->field->n_bits;
- return (struct mf_subfield) { symbol->field, ofs, n_bits };
-}
-
-static bool
-microflow_is_chassis_resident_cb(const void *c_aux OVS_UNUSED,
- const char *port_name OVS_UNUSED)
-{
- /* Assume tests calling expr_parse_microflow are not chassis specific, so
- * is_chassis_resident need not be supplied and should return true. */
- return true;
-}
-
-static struct expr *
-expr_parse_microflow__(struct lexer *lexer,
- const struct shash *symtab,
- bool (*lookup_port)(const void *aux,
- const char *port_name,
- unsigned int *portp),
- const void *aux,
- struct expr *e, struct flow *uflow)
-{
- char *error;
- e = expr_annotate(e, symtab, &error);
- if (error) {
- lexer_error(lexer, "%s", error);
- free(error);
- return NULL;
- }
-
- struct ds annotated = DS_EMPTY_INITIALIZER;
- expr_format(e, &annotated);
-
- e = expr_simplify(e, microflow_is_chassis_resident_cb, NULL);
- e = expr_normalize(e);
-
- struct match m = MATCH_CATCHALL_INITIALIZER;
-
- switch (e->type) {
- case EXPR_T_BOOLEAN:
- if (!e->boolean) {
- lexer_error(lexer, "Constraints are contradictory.");
- }
- break;
-
- case EXPR_T_OR:
- lexer_error(lexer, "Constraints are ambiguous: %s.",
- ds_cstr(&annotated));
- break;
-
- case EXPR_T_CMP:
- constrain_match(e, lookup_port, aux, &m);
- break;
-
- case EXPR_T_AND: {
- struct expr *sub;
- LIST_FOR_EACH (sub, node, &e->andor) {
- if (sub->type == EXPR_T_CMP) {
- constrain_match(sub, lookup_port, aux, &m);
- } else {
- ovs_assert(sub->type == EXPR_T_OR);
- lexer_error(lexer, "Constraints are ambiguous: %s.",
- ds_cstr(&annotated));
- break;
- }
- }
- }
- break;
-
- /* Should not hit expression type condition, since
- * expr_simplify was called above. */
- case EXPR_T_CONDITION:
- default:
- OVS_NOT_REACHED();
- }
- ds_destroy(&annotated);
-
- *uflow = m.flow;
- return e;
-}
-
-/* Parses 's' as a microflow, using symbols from 'symtab', address set
- * table from 'addr_sets', and looking up port numbers using 'lookup_port'
- * and 'aux'. On success, stores the result in 'uflow' and returns
- * NULL, otherwise zeros 'uflow' and returns an error message that the
- * caller must free().
- *
- * A "microflow" is a description of a single stream of packets, such as half a
- * TCP connection. 's' uses the syntax of an OVN logical expression to express
- * constraints that describe the microflow. For example, "ip4 && tcp.src ==
- * 80" would set uflow->dl_type to ETH_TYPE_IP, uflow->nw_proto to IPPROTO_TCP,
- * and uflow->tp_src to 80.
- *
- * Microflow expressions can be erroneous in two ways. First, they can be
- * ambiguous. For example, "tcp.src == 80" is ambiguous because it does not
- * state IPv4 or IPv6 as the Ethernet type. "ip4 && tcp.src > 1024" is also
- * ambiguous because it does not constrain bits of tcp.src to particular
- * values. Second, they can be contradictory, e.g. "ip4 && ip6". This
- * function will report both types of errors.
- *
- * This function isn't that smart, so it can yield errors for some "clever"
- * formulations of particular microflows that area accepted other ways. For
- * example, all of the following expressions are equivalent:
- * ip4 && tcp.src[1..15] == 0x28
- * ip4 && tcp.src > 79 && tcp.src < 82
- * ip4 && 80 <= tcp.src <= 81
- * ip4 && tcp.src == {80, 81}
- * but as of this writing this function only accepts the first two, rejecting
- * the last two as ambiguous. Just don't be too clever. */
-char * OVS_WARN_UNUSED_RESULT
-expr_parse_microflow(const char *s, const struct shash *symtab,
- const struct shash *addr_sets,
- const struct shash *port_groups,
- bool (*lookup_port)(const void *aux,
- const char *port_name,
- unsigned int *portp),
- const void *aux, struct flow *uflow)
-{
- struct lexer lexer;
- lexer_init(&lexer, s);
- lexer_get(&lexer);
-
- struct expr *e = expr_parse(&lexer, symtab, addr_sets, port_groups, NULL);
- lexer_force_end(&lexer);
-
- if (e) {
- e = expr_parse_microflow__(&lexer, symtab, lookup_port, aux, e, uflow);
- }
-
- char *error = lexer_steal_error(&lexer);
- lexer_destroy(&lexer);
- expr_destroy(e);
-
- if (error) {
- memset(uflow, 0, sizeof *uflow);
- }
- return error;
-}
diff --git a/ovn/lib/extend-table.c b/ovn/lib/extend-table.c
deleted file mode 100644
index ccf70ca7255..00000000000
--- a/ovn/lib/extend-table.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 2017 DtDream Technology Co.,Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include
-
-#include "bitmap.h"
-#include "hash.h"
-#include "lib/uuid.h"
-#include "openvswitch/vlog.h"
-#include "ovn/lib/extend-table.h"
-
-VLOG_DEFINE_THIS_MODULE(extend_table);
-
-void
-ovn_extend_table_init(struct ovn_extend_table *table)
-{
- table->table_ids = bitmap_allocate(MAX_EXT_TABLE_ID);
- bitmap_set1(table->table_ids, 0); /* table id 0 is invalid. */
- hmap_init(&table->desired);
- hmap_init(&table->existing);
-}
-
-static void
-ovn_extend_table_info_destroy(struct hmap *target)
-{
- struct ovn_extend_table_info *e, *next;
- HMAP_FOR_EACH_SAFE (e, next, hmap_node, target) {
- hmap_remove(target, &e->hmap_node);
- free(e->name);
- free(e);
- }
- hmap_destroy(target);
-}
-
-void
-ovn_extend_table_destroy(struct ovn_extend_table *table)
-{
- bitmap_free(table->table_ids);
-
- ovn_extend_table_info_destroy(&table->desired);
- ovn_extend_table_info_destroy(&table->existing);
-}
-
-/* Finds and returns a group_info in 'existing' whose key is identical
- * to 'target''s key, or NULL if there is none. */
-struct ovn_extend_table_info *
-ovn_extend_table_lookup(struct hmap *exisiting,
- const struct ovn_extend_table_info *target)
-{
- struct ovn_extend_table_info *e;
-
- HMAP_FOR_EACH_WITH_HASH (e, hmap_node, target->hmap_node.hash,
- exisiting) {
- if (e->table_id == target->table_id) {
- return e;
- }
- }
- return NULL;
-}
-
-/* Clear either desired or existing in ovn_extend_table. */
-void
-ovn_extend_table_clear(struct ovn_extend_table *table, bool existing)
-{
- struct ovn_extend_table_info *g, *next;
- struct hmap *target = existing ? &table->existing : &table->desired;
-
- HMAP_FOR_EACH_SAFE (g, next, hmap_node, target) {
- hmap_remove(target, &g->hmap_node);
- /* Don't unset bitmap for desired group_info if the group_id
- * was not freshly reserved. */
- if (existing || g->new_table_id) {
- bitmap_set0(table->table_ids, g->table_id);
- }
- free(g->name);
- free(g);
- }
-}
-
-/* Remove an entry from existing table */
-void
-ovn_extend_table_remove_existing(struct ovn_extend_table *table,
- struct ovn_extend_table_info *existing)
-{
- /* Remove 'existing' from 'groups->existing' */
- hmap_remove(&table->existing, &existing->hmap_node);
- free(existing->name);
-
- /* Dealloc group_id. */
- bitmap_set0(table->table_ids, existing->table_id);
- free(existing);
-}
-
-/* Remove entries in desired table that are created by the lflow_uuid */
-void
-ovn_extend_table_remove_desired(struct ovn_extend_table *table,
- const struct uuid *lflow_uuid)
-{
- struct ovn_extend_table_info *e, *next_e;
- HMAP_FOR_EACH_SAFE (e, next_e, hmap_node, &table->desired) {
- if (uuid_equals(&e->lflow_uuid, lflow_uuid)) {
- hmap_remove(&table->desired, &e->hmap_node);
- free(e->name);
- if (e->new_table_id) {
- bitmap_set0(table->table_ids, e->table_id);
- }
- free(e);
- }
- }
-
-}
-
-static struct ovn_extend_table_info*
-ovn_extend_info_clone(struct ovn_extend_table_info *source)
-{
- struct ovn_extend_table_info *clone = xmalloc(sizeof *clone);
- clone->name = xstrdup(source->name);
- clone->table_id = source->table_id;
- clone->new_table_id = source->new_table_id;
- clone->hmap_node.hash = source->hmap_node.hash;
- clone->lflow_uuid = source->lflow_uuid;
- return clone;
-}
-
-void
-ovn_extend_table_sync(struct ovn_extend_table *table)
-{
- struct ovn_extend_table_info *desired, *next;
-
- /* Copy the contents of desired to existing. */
- HMAP_FOR_EACH_SAFE (desired, next, hmap_node, &table->desired) {
- if (!ovn_extend_table_lookup(&table->existing, desired)) {
- desired->new_table_id = false;
- struct ovn_extend_table_info *clone =
- ovn_extend_info_clone(desired);
- hmap_insert(&table->existing, &clone->hmap_node,
- clone->hmap_node.hash);
- }
- }
-}
-
-/* Assign a new table ID for the table information from the bitmap.
- * If it already exists, return the old ID. */
-uint32_t
-ovn_extend_table_assign_id(struct ovn_extend_table *table, const char *name,
- struct uuid lflow_uuid)
-{
- uint32_t table_id = 0, hash;
- struct ovn_extend_table_info *table_info;
-
- hash = hash_string(name, 0);
-
- /* Check whether we have non installed but allocated group_id. */
- HMAP_FOR_EACH_WITH_HASH (table_info, hmap_node, hash, &table->desired) {
- if (!strcmp(table_info->name, name) &&
- table_info->new_table_id) {
- return table_info->table_id;
- }
- }
-
- /* Check whether we already have an installed entry for this
- * combination. */
- HMAP_FOR_EACH_WITH_HASH (table_info, hmap_node, hash, &table->existing) {
- if (!strcmp(table_info->name, name)) {
- table_id = table_info->table_id;
- }
- }
-
- bool new_table_id = false;
- if (!table_id) {
- /* Reserve a new group_id. */
- table_id = bitmap_scan(table->table_ids, 0, 1, MAX_EXT_TABLE_ID + 1);
- new_table_id = true;
- }
-
- if (table_id == MAX_EXT_TABLE_ID + 1) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "%"PRIu32" out of table ids.", table_id);
- return EXT_TABLE_ID_INVALID;
- }
- bitmap_set1(table->table_ids, table_id);
-
- table_info = xmalloc(sizeof *table_info);
- table_info->name = xstrdup(name);
- table_info->table_id = table_id;
- table_info->hmap_node.hash = hash;
- table_info->new_table_id = new_table_id;
- table_info->lflow_uuid = lflow_uuid;
-
- hmap_insert(&table->desired,
- &table_info->hmap_node, table_info->hmap_node.hash);
-
- return table_id;
-}
diff --git a/ovn/lib/extend-table.h b/ovn/lib/extend-table.h
deleted file mode 100644
index 5be13fee185..00000000000
--- a/ovn/lib/extend-table.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2017 DtDream Technology Co.,Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef EXTEND_TABLE_H
-#define EXTEND_TABLE_H 1
-
-#define MAX_EXT_TABLE_ID 65535
-#define EXT_TABLE_ID_INVALID 0
-
-#include "openvswitch/hmap.h"
-#include "openvswitch/list.h"
-#include "openvswitch/uuid.h"
-
-/* Used to manage expansion tables associated with Flow table,
- * such as the Group Table or Meter Table. */
-struct ovn_extend_table {
- unsigned long *table_ids; /* Used as a bitmap with value set
- * for allocated group ids in either
- * desired or existing. */
- struct hmap desired;
- struct hmap existing;
-};
-
-struct ovn_extend_table_info {
- struct hmap_node hmap_node;
- char *name; /* Name for the table entity. */
- struct uuid lflow_uuid;
- uint32_t table_id;
- bool new_table_id; /* 'True' if 'table_id' was reserved from
- * ovn_extend_table's 'table_ids' bitmap. */
-};
-
-void ovn_extend_table_init(struct ovn_extend_table *);
-
-void ovn_extend_table_destroy(struct ovn_extend_table *);
-
-struct ovn_extend_table_info *ovn_extend_table_lookup(
- struct hmap *, const struct ovn_extend_table_info *);
-
-void ovn_extend_table_clear(struct ovn_extend_table *, bool);
-
-void ovn_extend_table_remove_existing(struct ovn_extend_table *,
- struct ovn_extend_table_info *);
-
-void ovn_extend_table_remove_desired(struct ovn_extend_table *,
- const struct uuid *lflow_uuid);
-
-/* Copy the contents of desired to existing. */
-void ovn_extend_table_sync(struct ovn_extend_table *);
-
-uint32_t ovn_extend_table_assign_id(struct ovn_extend_table *,
- const char *name,
- struct uuid lflow_uuid);
-
-/* Iterates 'DESIRED' through all of the 'ovn_extend_table_info's in
- * 'TABLE'->desired that are not in 'TABLE'->existing. (The loop body
- * presumably adds them.) */
-#define EXTEND_TABLE_FOR_EACH_UNINSTALLED(DESIRED, TABLE) \
- HMAP_FOR_EACH (DESIRED, hmap_node, &(TABLE)->desired) \
- if (!ovn_extend_table_lookup(&(TABLE)->existing, DESIRED))
-
-/* Iterates 'EXISTING' through all of the 'ovn_extend_table_info's in
- * 'TABLE'->existing that are not in 'TABLE'->desired. (The loop body
- * presumably removes them.) */
-#define EXTEND_TABLE_FOR_EACH_INSTALLED(EXISTING, NEXT, TABLE) \
- HMAP_FOR_EACH_SAFE (EXISTING, NEXT, hmap_node, &(TABLE)->existing) \
- if (!ovn_extend_table_lookup(&(TABLE)->desired, EXISTING))
-
-#endif /* ovn/lib/extend-table.h */
diff --git a/ovn/lib/inc-proc-eng.c b/ovn/lib/inc-proc-eng.c
deleted file mode 100644
index 1ddea1a8517..00000000000
--- a/ovn/lib/inc-proc-eng.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * Copyright (c) 2018 eBay Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include
-#include
-#include
-#include
-#include
-
-#include "lib/util.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/vlog.h"
-#include "inc-proc-eng.h"
-
-VLOG_DEFINE_THIS_MODULE(inc_proc_eng);
-
-static bool engine_force_recompute = false;
-static const struct engine_context *engine_context;
-
-void
-engine_set_force_recompute(bool val)
-{
- engine_force_recompute = val;
-}
-
-const struct engine_context *
-engine_get_context(void)
-{
- return engine_context;
-}
-
-void
-engine_set_context(const struct engine_context *ctx)
-{
- engine_context = ctx;
-}
-
-void
-engine_init(struct engine_node *node)
-{
- for (size_t i = 0; i < node->n_inputs; i++) {
- engine_init(node->inputs[i].node);
- }
- if (node->init) {
- node->init(node);
- }
-}
-
-void
-engine_cleanup(struct engine_node *node)
-{
- for (size_t i = 0; i < node->n_inputs; i++) {
- engine_cleanup(node->inputs[i].node);
- }
- if (node->cleanup) {
- node->cleanup(node);
- }
-}
-
-struct engine_node *
-engine_get_input(const char *input_name, struct engine_node *node)
-{
- size_t i;
- for (i = 0; i < node->n_inputs; i++) {
- if (!strcmp(node->inputs[i].node->name, input_name)) {
- return node->inputs[i].node;
- }
- }
- OVS_NOT_REACHED();
- return NULL;
-}
-
-void
-engine_add_input(struct engine_node *node, struct engine_node *input,
- bool (*change_handler)(struct engine_node *))
-{
- ovs_assert(node->n_inputs < ENGINE_MAX_INPUT);
- node->inputs[node->n_inputs].node = input;
- node->inputs[node->n_inputs].change_handler = change_handler;
- node->n_inputs ++;
-}
-
-struct ovsdb_idl_index *
-engine_ovsdb_node_get_index(struct engine_node *node, const char *name)
-{
- struct ed_type_ovsdb_table *ed = (struct ed_type_ovsdb_table *)node->data;
- for (size_t i = 0; i < ed->n_indexes; i++) {
- if (!strcmp(ed->indexes[i].name, name)) {
- return ed->indexes[i].index;
- }
- }
- OVS_NOT_REACHED();
- return NULL;
-}
-
-void
-engine_ovsdb_node_add_index(struct engine_node *node, const char *name,
- struct ovsdb_idl_index *index)
-{
- struct ed_type_ovsdb_table *ed = (struct ed_type_ovsdb_table *)node->data;
- ovs_assert(ed->n_indexes < ENGINE_MAX_OVSDB_INDEX);
-
- ed->indexes[ed->n_indexes].name = name;
- ed->indexes[ed->n_indexes].index = index;
- ed->n_indexes ++;
-}
-
-void
-engine_run(struct engine_node *node, uint64_t run_id)
-{
- if (node->run_id == run_id) {
- return;
- }
- node->run_id = run_id;
-
- node->changed = false;
- if (!node->n_inputs) {
- node->run(node);
- VLOG_DBG("node: %s, changed: %d", node->name, node->changed);
- return;
- }
-
- for (size_t i = 0; i < node->n_inputs; i++) {
- engine_run(node->inputs[i].node, run_id);
- }
-
- bool need_compute = false;
- bool need_recompute = false;
-
- if (engine_force_recompute) {
- need_recompute = true;
- } else {
- for (size_t i = 0; i < node->n_inputs; i++) {
- if (node->inputs[i].node->changed) {
- need_compute = true;
- if (!node->inputs[i].change_handler) {
- need_recompute = true;
- break;
- }
- }
- }
- }
-
- if (need_recompute) {
- VLOG_DBG("node: %s, recompute (%s)", node->name,
- engine_force_recompute ? "forced" : "triggered");
- node->run(node);
- } else if (need_compute) {
- for (size_t i = 0; i < node->n_inputs; i++) {
- if (node->inputs[i].node->changed) {
- VLOG_DBG("node: %s, handle change for input %s",
- node->name, node->inputs[i].node->name);
- if (!node->inputs[i].change_handler(node)) {
- VLOG_DBG("node: %s, can't handle change for input %s, "
- "fall back to recompute",
- node->name, node->inputs[i].node->name);
- node->run(node);
- break;
- }
- }
- }
- }
-
- VLOG_DBG("node: %s, changed: %d", node->name, node->changed);
-}
-
-bool
-engine_need_run(struct engine_node *node)
-{
- size_t i;
-
- if (!node->n_inputs) {
- node->run(node);
- VLOG_DBG("input node: %s, changed: %d", node->name, node->changed);
- return node->changed;
- }
-
- for (i = 0; i < node->n_inputs; i++) {
- if (engine_need_run(node->inputs[i].node)) {
- return true;
- }
- }
-
- return false;
-}
diff --git a/ovn/lib/inc-proc-eng.h b/ovn/lib/inc-proc-eng.h
deleted file mode 100644
index aab899e1372..00000000000
--- a/ovn/lib/inc-proc-eng.h
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 2018 eBay Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef INC_PROC_ENG_H
-#define INC_PROC_ENG_H 1
-
-/* The Incremental Processing Engine is a framework for incrementally
- * processing changes from different inputs. The main user is ovn-controller.
- * To compute desired states (e.g. openflow rules) based on many inputs (e.g.
- * south-bound DB tables, local OVSDB interfaces, etc.), it is straightforward
- * to recompute everything when there is any change in any inputs, but it
- * is inefficient when the size of the input data becomes large. Instead,
- * tracking the changes and update the desired states based on what's changed
- * is more efficient and scalable. However, it is not straightforward to
- * implement the change-based processing when there are a big number of
- * inputs. In addition, what makes it more complicated is that intermediate
- * results needs to be computed, which needs to be reused in different part
- * of the processing and finally generates the final desired states. It is
- * proved to be difficult and error-prone to implement this kind of complex
- * processing by ad-hoc implementation.
- *
- * This framework is to provide a generic way to solve the above problem.
- * It does not understand the processing logic, but provides a unified way
- * to describe the inputs and dependencies clearly, with interfaces for
- * users to implement the processing logic for how to handle each input
- * changes.
- *
- * The engine is composed of engine_nodes. Each engine_node is either
- * an input, an output or both (intermediate result). Each engine node
- * maintains its own data, which is persistent across interactions. Each node
- * has zero to ENGINE_MAX_INPUT inputs, which creates a DAG (directed
- * acyclic graph). For each input of each engine_node, there is a
- * change_handler to process changes of that input, and update the data
- * of the engine_node. Then the user can simply call the run() method
- * of the engine so that the processing will happen in the order according
- * to the dependencies defined and handle the changes incrementally.
- *
- * While the more fine-grained dependencies and change-handlers are
- * implemented, the more efficient the processing will be, it is not
- * realistic to implement all change-processing for all inputs (and
- * intermediate results). The engine doesn't require change-handler to be
- * implemented for every input of every node. Users can choose to implement
- * the most important change-handlers (for the changes happens most
- * frequently) for overall performance. When there is no change_handler
- * defined for a certain input on a certain engine_node, the run() method
- * of the engine_node will be called to fall-back to a full recompute
- * against all its inputs.
- */
-
-#define ENGINE_MAX_INPUT 256
-#define ENGINE_MAX_OVSDB_INDEX 256
-
-struct engine_context {
- struct ovsdb_idl_txn *ovs_idl_txn;
- struct ovsdb_idl_txn *ovnsb_idl_txn;
-};
-
-struct engine_node;
-
-struct engine_node_input {
- /* The input node. */
- struct engine_node *node;
-
- /* Change handler for changes of the input node. The changes may need to be
- * evaluated against all the other inputs. Returns:
- * - true: if change can be handled
- * - false: if change cannot be handled (indicating full recompute needed)
- */
- bool (*change_handler)(struct engine_node *node);
-};
-
-struct engine_node {
- /* A unique id to distinguish each iteration of the engine_run(). */
- uint64_t run_id;
-
- /* A unique name for each node. */
- char *name;
-
- /* Number of inputs of this node. */
- size_t n_inputs;
-
- /* Inputs of this node. */
- struct engine_node_input inputs[ENGINE_MAX_INPUT];
-
- /* Data of this node. It is vague and interpreted by the related functions.
- * The content of the data should be changed only by the change_handlers
- * and run() function of the current node. Users should ensure that the
- * data is read-only in change-handlers of the nodes that depends on this
- * node. */
- void *data;
-
- /* Whether the data changed in the last engine run. */
- bool changed;
-
- /* Method to initialize data. It may be NULL. */
- void (*init)(struct engine_node *);
-
- /* Method to clean up data. It may be NULL. */
- void (*cleanup)(struct engine_node *);
-
- /* Fully processes all inputs of this node and regenerates the data
- * of this node */
- void (*run)(struct engine_node *);
-};
-
-/* Initialize the data for the engine nodes recursively. It calls each node's
- * init() method if not NULL. It should be called before the main loop. */
-void engine_init(struct engine_node *);
-
-/* Execute the processing recursively, which should be called in the main
- * loop. */
-void engine_run(struct engine_node *, uint64_t run_id);
-
-/* Clean up the data for the engine nodes recursively. It calls each node's
- * cleanup() method if not NULL. It should be called before the program
- * terminates. */
-void engine_cleanup(struct engine_node *);
-
-/* Check if engine needs to run, i.e. any change to be processed. */
-bool
-engine_need_run(struct engine_node *);
-
-/* Get the input node with for */
-struct engine_node * engine_get_input(const char *input_name,
- struct engine_node *);
-
-/* Add an input (dependency) for , with corresponding change_handler,
- * which can be NULL. If the change_handler is NULL, the engine will not
- * be able to process the change incrementally, and will fall back to call
- * the run method to recompute. */
-void engine_add_input(struct engine_node *node, struct engine_node *input,
- bool (*change_handler)(struct engine_node *));
-
-/* Force the engine to recompute everything if set to true. It is used
- * in circumstances when we are not sure there is change or not, or
- * when there is change but the engine couldn't be executed in that
- * iteration, and the change can't be tracked across iterations */
-void engine_set_force_recompute(bool val);
-
-const struct engine_context * engine_get_context(void);
-
-void engine_set_context(const struct engine_context *);
-
-struct ed_ovsdb_index {
- const char *name;
- struct ovsdb_idl_index *index;
-};
-
-struct ed_type_ovsdb_table {
- const void *table;
- size_t n_indexes;
- struct ed_ovsdb_index indexes[ENGINE_MAX_OVSDB_INDEX];
-};
-
-#define EN_OVSDB_GET(NODE) \
- (((struct ed_type_ovsdb_table *)NODE->data)->table)
-
-struct ovsdb_idl_index * engine_ovsdb_node_get_index(struct engine_node *,
- const char *name);
-
-void engine_ovsdb_node_add_index(struct engine_node *, const char *name,
- struct ovsdb_idl_index *);
-
-/* Macro to define an engine node. */
-#define ENGINE_NODE(NAME, NAME_STR) \
- struct engine_node en_##NAME = { \
- .name = NAME_STR, \
- .data = &ed_##NAME, \
- .init = en_##NAME##_init, \
- .run = en_##NAME##_run, \
- .cleanup = en_##NAME##_cleanup, \
- };
-
-/* Macro to define member functions of an engine node which represents
- * a table of OVSDB */
-#define ENGINE_FUNC_OVSDB(DB_NAME, TBL_NAME) \
-static void \
-en_##DB_NAME##_##TBL_NAME##_run(struct engine_node *node) \
-{ \
- const struct DB_NAME##rec_##TBL_NAME##_table *table = \
- EN_OVSDB_GET(node); \
- if (DB_NAME##rec_##TBL_NAME##_table_track_get_first(table)) { \
- node->changed = true; \
- return; \
- } \
- node->changed = false; \
-} \
-static void (*en_##DB_NAME##_##TBL_NAME##_init)(struct engine_node *node) \
- = NULL; \
-static void (*en_##DB_NAME##_##TBL_NAME##_cleanup)(struct engine_node *node) \
- = NULL;
-
-/* Macro to define member functions of an engine node which represents
- * a table of OVN SB DB */
-#define ENGINE_FUNC_SB(TBL_NAME) \
- ENGINE_FUNC_OVSDB(sb, TBL_NAME)
-
-/* Macro to define member functions of an engine node which represents
- * a table of open_vswitch DB */
-#define ENGINE_FUNC_OVS(TBL_NAME) \
- ENGINE_FUNC_OVSDB(ovs, TBL_NAME)
-
-/* Macro to define an engine node which represents a table of OVSDB */
-#define ENGINE_NODE_OVSDB(DB_NAME, DB_NAME_STR, TBL_NAME, TBL_NAME_STR, IDL) \
- struct ed_type_ovsdb_table ed_##DB_NAME##_##TBL_NAME; \
- memset(&ed_##DB_NAME##_##TBL_NAME, 0, sizeof ed_##DB_NAME##_##TBL_NAME); \
- ovs_assert(IDL); \
- ed_##DB_NAME##_##TBL_NAME.table = \
- DB_NAME##rec_##TBL_NAME##_table_get(IDL); \
- ENGINE_NODE(DB_NAME##_##TBL_NAME, DB_NAME_STR"_"TBL_NAME_STR)
-
-/* Macro to define an engine node which represents a table of OVN SB DB */
-#define ENGINE_NODE_SB(TBL_NAME, TBL_NAME_STR) \
- ENGINE_NODE_OVSDB(sb, "SB", TBL_NAME, TBL_NAME_STR, ovnsb_idl_loop.idl);
-
-/* Macro to define an engine node which represents a table of open_vswitch
- * DB */
-#define ENGINE_NODE_OVS(TBL_NAME, TBL_NAME_STR) \
- ENGINE_NODE_OVSDB(ovs, "OVS", TBL_NAME, TBL_NAME_STR, ovs_idl_loop.idl);
-
-#endif /* ovn/lib/inc-proc-eng.h */
diff --git a/ovn/lib/ip-mcast-index.c b/ovn/lib/ip-mcast-index.c
deleted file mode 100644
index 1f6ebc4ae32..00000000000
--- a/ovn/lib/ip-mcast-index.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-struct ovsdb_idl_index *
-ip_mcast_index_create(struct ovsdb_idl *idl)
-{
- return ovsdb_idl_index_create1(idl, &sbrec_ip_multicast_col_datapath);
-}
-
-const struct sbrec_ip_multicast *
-ip_mcast_lookup(struct ovsdb_idl_index *ip_mcast_index,
- const struct sbrec_datapath_binding *datapath)
-{
- struct sbrec_ip_multicast *target =
- sbrec_ip_multicast_index_init_row(ip_mcast_index);
- sbrec_ip_multicast_index_set_datapath(target, datapath);
-
- struct sbrec_ip_multicast *ip_mcast =
- sbrec_ip_multicast_index_find(ip_mcast_index, target);
- sbrec_ip_multicast_index_destroy_row(target);
-
- return ip_mcast;
-}
diff --git a/ovn/lib/ip-mcast-index.h b/ovn/lib/ip-mcast-index.h
deleted file mode 100644
index a23b4a7e61c..00000000000
--- a/ovn/lib/ip-mcast-index.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_IP_MCAST_INDEX_H
-#define OVN_IP_MCAST_INDEX_H 1
-
-struct ovsdb_idl;
-
-struct sbrec_datapath_binding;
-
-#define OVN_MCAST_MIN_IDLE_TIMEOUT_S 15
-#define OVN_MCAST_MAX_IDLE_TIMEOUT_S 3600
-#define OVN_MCAST_DEFAULT_IDLE_TIMEOUT_S 300
-#define OVN_MCAST_MIN_QUERY_INTERVAL_S 1
-#define OVN_MCAST_MAX_QUERY_INTERVAL_S OVN_MCAST_MAX_IDLE_TIMEOUT_S
-#define OVN_MCAST_DEFAULT_QUERY_MAX_RESPONSE_S 1
-#define OVN_MCAST_DEFAULT_MAX_ENTRIES 2048
-
-struct ovsdb_idl_index *ip_mcast_index_create(struct ovsdb_idl *);
-const struct sbrec_ip_multicast *ip_mcast_lookup(
- struct ovsdb_idl_index *ip_mcast_index,
- const struct sbrec_datapath_binding *datapath);
-
-#endif /* ovn/lib/ip-mcast-index.h */
diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
deleted file mode 100644
index 7a2ab4111e5..00000000000
--- a/ovn/lib/lex.c
+++ /dev/null
@@ -1,1023 +0,0 @@
-/*
- * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-#include
-#include
-#include
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/json.h"
-#include "ovn/lex.h"
-#include "packets.h"
-#include "util.h"
-
-/* Returns a string that represents 'format'. */
-const char *
-lex_format_to_string(enum lex_format format)
-{
- switch (format) {
- case LEX_F_DECIMAL:
- return "decimal";
- case LEX_F_HEXADECIMAL:
- return "hexadecimal";
- case LEX_F_IPV4:
- return "IPv4";
- case LEX_F_IPV6:
- return "IPv6";
- case LEX_F_ETHERNET:
- return "Ethernet";
- default:
- abort();
- }
-}
-
-/* Initializes 'token'. */
-void
-lex_token_init(struct lex_token *token)
-{
- token->type = LEX_T_END;
- token->s = NULL;
-}
-
-/* Frees memory owned by 'token'. */
-void
-lex_token_destroy(struct lex_token *token)
-{
- if (token->s != token->buffer) {
- free(token->s);
- }
- token->s = NULL;
-}
-
-/* Exchanges 'a' and 'b'. */
-void
-lex_token_swap(struct lex_token *a, struct lex_token *b)
-{
- struct lex_token tmp = *a;
- *a = *b;
- *b = tmp;
-
- /* Before swap, if 's' was pointed to 'buffer', its value shall be changed
- * to point to the 'buffer' with the copied value. */
- if (a->s == b->buffer) {
- a->s = a->buffer;
- }
- if (b->s == a->buffer) {
- b->s = b->buffer;
- }
-}
-
-/* The string 's' need not be null-terminated at 'length'. */
-void
-lex_token_strcpy(struct lex_token *token, const char *s, size_t length)
-{
- lex_token_destroy(token);
- token->s = (length + 1 <= sizeof token->buffer
- ? token->buffer
- : xmalloc(length + 1));
- memcpy(token->s, s, length);
- token->s[length] = '\0';
-}
-
-void
-lex_token_strset(struct lex_token *token, char *s)
-{
- lex_token_destroy(token);
- token->s = s;
-}
-
-void
-lex_token_vsprintf(struct lex_token *token, const char *format, va_list args)
-{
- lex_token_destroy(token);
-
- va_list args2;
- va_copy(args2, args);
- token->s = (vsnprintf(token->buffer, sizeof token->buffer, format, args)
- < sizeof token->buffer
- ? token->buffer
- : xvasprintf(format, args2));
- va_end(args2);
-}
-
-/* lex_token_format(). */
-
-static size_t
-lex_token_n_zeros(enum lex_format format)
-{
- switch (format) {
- case LEX_F_DECIMAL: return offsetof(union mf_subvalue, integer);
- case LEX_F_HEXADECIMAL: return 0;
- case LEX_F_IPV4: return offsetof(union mf_subvalue, ipv4);
- case LEX_F_IPV6: return offsetof(union mf_subvalue, ipv6);
- case LEX_F_ETHERNET: return offsetof(union mf_subvalue, mac);
- default: OVS_NOT_REACHED();
- }
-}
-
-/* Returns the effective format for 'token', that is, the format in which it
- * should actually be printed. This is ordinarily the same as 'token->format',
- * but it's always possible that someone sets up a token with a format that
- * won't work for a value, e.g. 'token->value' is wider than 32 bits but the
- * format is LEX_F_IPV4. (The lexer itself won't do that; this is an attempt
- * to avoid confusion in the future.) */
-static enum lex_format
-lex_token_get_format(const struct lex_token *token)
-{
- size_t n_zeros = lex_token_n_zeros(token->format);
- return (is_all_zeros(&token->value, n_zeros)
- && (token->type != LEX_T_MASKED_INTEGER
- || is_all_zeros(&token->mask, n_zeros))
- ? token->format
- : LEX_F_HEXADECIMAL);
-}
-
-static void
-lex_token_format_value(const union mf_subvalue *value,
- enum lex_format format, struct ds *s)
-{
- switch (format) {
- case LEX_F_DECIMAL:
- ds_put_format(s, "%"PRIu64, ntohll(value->integer));
- break;
-
- case LEX_F_HEXADECIMAL:
- mf_format_subvalue(value, s);
- break;
-
- case LEX_F_IPV4:
- ds_put_format(s, IP_FMT, IP_ARGS(value->ipv4));
- break;
-
- case LEX_F_IPV6:
- ipv6_format_addr(&value->ipv6, s);
- break;
-
- case LEX_F_ETHERNET:
- ds_put_format(s, ETH_ADDR_FMT, ETH_ADDR_ARGS(value->mac));
- break;
-
- default:
- OVS_NOT_REACHED();
- }
-
-}
-
-static void
-lex_token_format_masked_integer(const struct lex_token *token, struct ds *s)
-{
- enum lex_format format = lex_token_get_format(token);
-
- lex_token_format_value(&token->value, format, s);
- ds_put_char(s, '/');
-
- const union mf_subvalue *mask = &token->mask;
- if (format == LEX_F_IPV4 && ip_is_cidr(mask->ipv4)) {
- ds_put_format(s, "%d", ip_count_cidr_bits(mask->ipv4));
- } else if (token->format == LEX_F_IPV6 && ipv6_is_cidr(&mask->ipv6)) {
- ds_put_format(s, "%d", ipv6_count_cidr_bits(&mask->ipv6));
- } else {
- lex_token_format_value(&token->mask, format, s);
- }
-}
-
-/* Appends a string representation of 'token' to 's', in a format that can be
- * losslessly parsed back by the lexer. (LEX_T_END and LEX_T_ERROR can't be
- * parsed back.) */
-void
-lex_token_format(const struct lex_token *token, struct ds *s)
-{
- switch (token->type) {
- case LEX_T_END:
- ds_put_cstr(s, "$");
- break;
-
- case LEX_T_ID:
- ds_put_cstr(s, token->s);
- break;
-
- case LEX_T_ERROR:
- ds_put_cstr(s, "error(");
- json_string_escape(token->s, s);
- ds_put_char(s, ')');
- break;
-
- case LEX_T_STRING:
- json_string_escape(token->s, s);
- break;
-
- case LEX_T_INTEGER:
- lex_token_format_value(&token->value, lex_token_get_format(token), s);
- break;
-
- case LEX_T_MASKED_INTEGER:
- lex_token_format_masked_integer(token, s);
- break;
-
- case LEX_T_MACRO:
- ds_put_format(s, "$%s", token->s);
- break;
-
- case LEX_T_PORT_GROUP:
- ds_put_format(s, "@%s", token->s);
- break;
-
- case LEX_T_LPAREN:
- ds_put_cstr(s, "(");
- break;
- case LEX_T_RPAREN:
- ds_put_cstr(s, ")");
- break;
- case LEX_T_LCURLY:
- ds_put_cstr(s, "{");
- break;
- case LEX_T_RCURLY:
- ds_put_cstr(s, "}");
- break;
- case LEX_T_LSQUARE:
- ds_put_cstr(s, "[");
- break;
- case LEX_T_RSQUARE:
- ds_put_cstr(s, "]");
- break;
- case LEX_T_EQ:
- ds_put_cstr(s, "==");
- break;
- case LEX_T_NE:
- ds_put_cstr(s, "!=");
- break;
- case LEX_T_LT:
- ds_put_cstr(s, "<");
- break;
- case LEX_T_LE:
- ds_put_cstr(s, "<=");
- break;
- case LEX_T_GT:
- ds_put_cstr(s, ">");
- break;
- case LEX_T_GE:
- ds_put_cstr(s, ">=");
- break;
- case LEX_T_LOG_NOT:
- ds_put_cstr(s, "!");
- break;
- case LEX_T_LOG_AND:
- ds_put_cstr(s, "&&");
- break;
- case LEX_T_LOG_OR:
- ds_put_cstr(s, "||");
- break;
- case LEX_T_ELLIPSIS:
- ds_put_cstr(s, "..");
- break;
- case LEX_T_COMMA:
- ds_put_cstr(s, ",");
- break;
- case LEX_T_SEMICOLON:
- ds_put_cstr(s, ";");
- break;
- case LEX_T_EQUALS:
- ds_put_cstr(s, "=");
- break;
- case LEX_T_EXCHANGE:
- ds_put_cstr(s, "<->");
- break;
- case LEX_T_DECREMENT:
- ds_put_cstr(s, "--");
- break;
- case LEX_T_COLON:
- ds_put_char(s, ':');
- break;
- default:
- OVS_NOT_REACHED();
- }
-
-}
-
-/* lex_token_parse(). */
-
-static void OVS_PRINTF_FORMAT(2, 3)
-lex_error(struct lex_token *token, const char *message, ...)
-{
- ovs_assert(!token->s);
- token->type = LEX_T_ERROR;
-
- va_list args;
- va_start(args, message);
- lex_token_vsprintf(token, message, args);
- va_end(args);
-}
-
-static void
-lex_parse_hex_integer(const char *start, size_t len, struct lex_token *token)
-{
- const char *in = start + (len - 1);
- uint8_t *out = token->value.u8 + (sizeof token->value.u8 - 1);
-
- for (int i = 0; i < len; i++) {
- int hexit = hexit_value(in[-i]);
- if (hexit < 0) {
- lex_error(token, "Invalid syntax in hexadecimal constant.");
- return;
- } else if (hexit) {
- /* Check within loop to ignore any number of leading zeros. */
- if (i / 2 >= sizeof token->value.u8) {
- lex_error(token, "Hexadecimal constant requires more than "
- "%"PRIuSIZE" bits.", 8 * sizeof token->value.u8);
- return;
- }
- out[-(i / 2)] |= i % 2 ? hexit << 4 : hexit;
- }
- }
- token->format = LEX_F_HEXADECIMAL;
-}
-
-static const char *
-lex_parse_integer__(const char *p, struct lex_token *token)
-{
- lex_token_init(token);
- token->type = LEX_T_INTEGER;
- memset(&token->value, 0, sizeof token->value);
-
- /* Find the extent of an "integer" token, which can be in decimal or
- * hexadecimal, or an Ethernet address or IPv4 or IPv6 address, as 'start'
- * through 'end'.
- *
- * Special cases we handle here are:
- *
- * - The ellipsis token "..", used as e.g. 123..456. A doubled dot
- * is never valid syntax as part of an "integer", so we stop if
- * we encounter two dots in a row.
- *
- * - Syntax like 1.2.3.4:1234 to indicate an IPv4 address followed by a
- * port number should be considered three tokens: 1.2.3.4 : 1234.
- * The obvious approach is to allow just dots or just colons within a
- * given integer, but that would disallow IPv4-mapped IPv6 addresses,
- * e.g. ::ffff:192.0.2.128. However, even in those addresses, a
- * colon never follows a dot, so we stop if we encounter a colon
- * after a dot.
- *
- * (There is no corresponding way to parse an IPv6 address followed
- * by a port number: ::1:2:3:4:1234 is unavoidably ambiguous.)
- */
- const char *start = p;
- const char *end = start;
- bool saw_dot = false;
- while (isalnum((unsigned char) *end)
- || (*end == ':' && !saw_dot)
- || (*end == '.' && end[1] != '.')) {
- if (*end == '.') {
- saw_dot = true;
- }
- end++;
- }
- size_t len = end - start;
-
- int n;
- struct eth_addr mac;
-
- if (!len) {
- lex_error(token, "Integer constant expected.");
- } else if (len == 17
- && ovs_scan(start, ETH_ADDR_SCAN_FMT"%n",
- ETH_ADDR_SCAN_ARGS(mac), &n)
- && n == len) {
- token->value.mac = mac;
- token->format = LEX_F_ETHERNET;
- } else if (start + strspn(start, "0123456789") == end) {
- if (p[0] == '0' && len > 1) {
- lex_error(token, "Decimal constants must not have leading zeros.");
- } else {
- unsigned long long int integer;
- char *tail;
-
- errno = 0;
- integer = strtoull(p, &tail, 10);
- if (tail != end || errno == ERANGE) {
- lex_error(token, "Decimal constants must be less than 2**64.");
- } else {
- token->value.integer = htonll(integer);
- token->format = LEX_F_DECIMAL;
- }
- }
- } else if (p[0] == '0' && (p[1] == 'x' || p[1] == 'X')) {
- if (len > 2) {
- lex_parse_hex_integer(start + 2, len - 2, token);
- } else {
- lex_error(token, "Hex digits expected following 0%c.", p[1]);
- }
- } else if (len < INET6_ADDRSTRLEN) {
- char copy[INET6_ADDRSTRLEN];
- memcpy(copy, p, len);
- copy[len] = '\0';
-
- if (ip_parse(copy, &token->value.ipv4)) {
- token->format = LEX_F_IPV4;
- } else if (ipv6_parse(copy, &token->value.ipv6)) {
- token->format = LEX_F_IPV6;
- } else {
- lex_error(token, "Invalid numeric constant.");
- }
- } else {
- lex_error(token, "Invalid numeric constant.");
- }
-
- ovs_assert(token->type == LEX_T_INTEGER || token->type == LEX_T_ERROR);
- return end;
-}
-
-static const char *
-lex_parse_mask(const char *p, struct lex_token *token)
-{
- struct lex_token mask;
-
- /* Parse just past the '/' as a second integer. Handle errors. */
- p = lex_parse_integer__(p + 1, &mask);
- if (mask.type == LEX_T_ERROR) {
- lex_token_swap(&mask, token);
- lex_token_destroy(&mask);
- return p;
- }
- ovs_assert(mask.type == LEX_T_INTEGER);
-
- /* Now convert the value and mask into a masked integer token.
- * We have a few special cases. */
- token->type = LEX_T_MASKED_INTEGER;
- memset(&token->mask, 0, sizeof token->mask);
- uint32_t prefix_bits = ntohll(mask.value.integer);
- if (token->format == mask.format) {
- /* Same format value and mask is always OK. */
- token->mask = mask.value;
- } else if (token->format == LEX_F_IPV4
- && mask.format == LEX_F_DECIMAL
- && prefix_bits <= 32) {
- /* IPv4 address with decimal mask is a CIDR prefix. */
- token->mask.integer = htonll(ntohl(be32_prefix_mask(prefix_bits)));
- } else if (token->format == LEX_F_IPV6
- && mask.format == LEX_F_DECIMAL
- && prefix_bits <= 128) {
- /* IPv6 address with decimal mask is a CIDR prefix. */
- token->mask.ipv6 = ipv6_create_mask(prefix_bits);
- } else if (token->format == LEX_F_DECIMAL
- && mask.format == LEX_F_HEXADECIMAL
- && token->value.integer == 0) {
- /* Special case for e.g. 0/0x1234. */
- token->format = LEX_F_HEXADECIMAL;
- token->mask = mask.value;
- } else {
- lex_error(token, "Value and mask have incompatible formats.");
- return p;
- }
-
- /* Check invariant that a 1-bit in the value corresponds to a 1-bit in the
- * mask. */
- for (int i = 0; i < ARRAY_SIZE(token->mask.be32); i++) {
- ovs_be32 v = token->value.be32[i];
- ovs_be32 m = token->mask.be32[i];
-
- if (v & ~m) {
- lex_error(token, "Value contains unmasked 1-bits.");
- break;
- }
- }
-
- /* Done! */
- lex_token_destroy(&mask);
- return p;
-}
-
-static const char *
-lex_parse_integer(const char *p, struct lex_token *token)
-{
- p = lex_parse_integer__(p, token);
- if (token->type == LEX_T_INTEGER && *p == '/') {
- p = lex_parse_mask(p, token);
- }
- return p;
-}
-
-static const char *
-lex_parse_string(const char *p, struct lex_token *token)
-{
- const char *start = ++p;
- char * s = NULL;
- for (;;) {
- switch (*p) {
- case '\0':
- lex_error(token, "Input ends inside quoted string.");
- return p;
-
- case '"':
- token->type = (json_string_unescape(start, p - start, &s)
- ? LEX_T_STRING : LEX_T_ERROR);
- lex_token_strset(token, s);
- return p + 1;
-
- case '\\':
- p++;
- if (*p) {
- p++;
- }
- break;
-
- default:
- p++;
- break;
- }
- }
-}
-
-static bool
-lex_is_id1(unsigned char c)
-{
- return ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')
- || c == '_' || c == '.');
-}
-
-static bool
-lex_is_idn(unsigned char c)
-{
- return lex_is_id1(c) || (c >= '0' && c <= '9');
-}
-
-static const char *
-lex_parse_id(const char *p, enum lex_type type, struct lex_token *token)
-{
- const char *start = p;
-
- do {
- p++;
- } while (lex_is_idn(*p));
-
- token->type = type;
- lex_token_strcpy(token, start, p - start);
- return p;
-}
-
-static const char *
-lex_parse_addr_set(const char *p, struct lex_token *token)
-{
- p++;
- if (!lex_is_id1(*p)) {
- lex_error(token, "`$' must be followed by a valid identifier.");
- return p;
- }
-
- return lex_parse_id(p, LEX_T_MACRO, token);
-}
-
-static const char *
-lex_parse_port_group(const char *p, struct lex_token *token)
-{
- p++;
- if (!lex_is_id1(*p)) {
- lex_error(token, "`@' must be followed by a valid identifier.");
- return p;
- }
-
- return lex_parse_id(p, LEX_T_PORT_GROUP, token);
-}
-
-/* Initializes 'token' and parses the first token from the beginning of
- * null-terminated string 'p' into 'token'. Stores a pointer to the start of
- * the token (after skipping white space and comments, if any) into '*startp'.
- * Returns the character position at which to begin parsing the next token. */
-const char *
-lex_token_parse(struct lex_token *token, const char *p, const char **startp)
-{
- lex_token_init(token);
-
-next:
- *startp = p;
- switch (*p) {
- case '\0':
- token->type = LEX_T_END;
- return p;
-
- case ' ': case '\t': case '\n': case '\r': case '\v': case '\f':
- p++;
- goto next;
-
- case '/':
- p++;
- if (*p == '/') {
- do {
- p++;
- } while (*p != '\0' && *p != '\n');
- goto next;
- } else if (*p == '*') {
- p++;
- for (;;) {
- if (*p == '*' && p[1] == '/') {
- p += 2;
- goto next;
- } else if (*p == '\0' || *p == '\n') {
- lex_error(token, "`/*' without matching `*/'.");
- return p;
- } else {
- p++;
- }
- }
- goto next;
- } else {
- lex_error(token,
- "`/' is only valid as part of `//' or `/*'.");
- }
- break;
-
- case '(':
- token->type = LEX_T_LPAREN;
- p++;
- break;
-
- case ')':
- token->type = LEX_T_RPAREN;
- p++;
- break;
-
- case '{':
- token->type = LEX_T_LCURLY;
- p++;
- break;
-
- case '}':
- token->type = LEX_T_RCURLY;
- p++;
- break;
-
- case '[':
- token->type = LEX_T_LSQUARE;
- p++;
- break;
-
- case ']':
- token->type = LEX_T_RSQUARE;
- p++;
- break;
-
- case '=':
- p++;
- if (*p == '=') {
- token->type = LEX_T_EQ;
- p++;
- } else {
- token->type = LEX_T_EQUALS;
- }
- break;
-
- case '!':
- p++;
- if (*p == '=') {
- token->type = LEX_T_NE;
- p++;
- } else {
- token->type = LEX_T_LOG_NOT;
- }
- break;
-
- case '&':
- p++;
- if (*p == '&') {
- token->type = LEX_T_LOG_AND;
- p++;
- } else {
- lex_error(token, "`&' is only valid as part of `&&'.");
- }
- break;
-
- case '|':
- p++;
- if (*p == '|') {
- token->type = LEX_T_LOG_OR;
- p++;
- } else {
- lex_error(token, "`|' is only valid as part of `||'.");
- }
- break;
-
- case '<':
- p++;
- if (*p == '=') {
- token->type = LEX_T_LE;
- p++;
- } else if (*p == '-' && p[1] == '>') {
- token->type = LEX_T_EXCHANGE;
- p += 2;
- } else {
- token->type = LEX_T_LT;
- }
- break;
-
- case '>':
- p++;
- if (*p == '=') {
- token->type = LEX_T_GE;
- p++;
- } else {
- token->type = LEX_T_GT;
- }
- break;
-
- case '.':
- p++;
- if (*p == '.') {
- token->type = LEX_T_ELLIPSIS;
- p++;
- } else {
- lex_error(token, "`.' is only valid as part of `..' or a number.");
- }
- break;
-
- case ',':
- p++;
- token->type = LEX_T_COMMA;
- break;
-
- case ';':
- p++;
- token->type = LEX_T_SEMICOLON;
- break;
-
- case '-':
- p++;
- if (*p == '-') {
- token->type = LEX_T_DECREMENT;
- p++;
- } else {
- lex_error(token, "`-' is only valid as part of `--'.");
- }
- break;
-
- case '$':
- p = lex_parse_addr_set(p, token);
- break;
-
- case '@':
- p = lex_parse_port_group(p, token);
- break;
-
- case ':':
- if (p[1] != ':') {
- token->type = LEX_T_COLON;
- p++;
- break;
- }
- /* IPv6 address beginning with "::". */
- /* fall through */
- case '0': case '1': case '2': case '3': case '4':
- case '5': case '6': case '7': case '8': case '9':
- p = lex_parse_integer(p, token);
- break;
-
- case '"':
- p = lex_parse_string(p, token);
- break;
-
- case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
- case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
- /* We need to distinguish an Ethernet address or IPv6 address from an
- * identifier. Fortunately, Ethernet addresses and IPv6 addresses that
- * are ambiguous based on the first character, always start with hex
- * digits followed by a colon, but identifiers never do. */
- p = (p[strspn(p, "0123456789abcdefABCDEF")] == ':'
- ? lex_parse_integer(p, token)
- : lex_parse_id(p, LEX_T_ID, token));
- break;
-
- default:
- if (lex_is_id1(*p)) {
- p = lex_parse_id(p, LEX_T_ID, token);
- } else {
- if (isprint((unsigned char) *p)) {
- lex_error(token, "Invalid character `%c' in input.", *p);
- } else {
- lex_error(token, "Invalid byte 0x%d in input.", *p);
- }
- p++;
- }
- break;
- }
-
- return p;
-}
-
-/* Initializes 'lexer' for parsing 'input'.
- *
- * While the lexer is in use, 'input' must remain available, but the caller
- * otherwise retains ownership of 'input'.
- *
- * The caller must call lexer_get() to obtain the first token. */
-void
-lexer_init(struct lexer *lexer, const char *input)
-{
- lexer->input = input;
- lexer->start = NULL;
- lex_token_init(&lexer->token);
- lexer->error = NULL;
-}
-
-/* Frees storage associated with 'lexer'. */
-void
-lexer_destroy(struct lexer *lexer)
-{
- lex_token_destroy(&lexer->token);
- free(lexer->error);
-}
-
-/* Obtains the next token from 'lexer' into 'lexer->token', and returns the
- * token's type. The caller may examine 'lexer->token' directly to obtain full
- * information about the token. */
-enum lex_type
-lexer_get(struct lexer *lexer)
-{
- lex_token_destroy(&lexer->token);
- lexer->input = lex_token_parse(&lexer->token, lexer->input, &lexer->start);
- return lexer->token.type;
-}
-
-/* Returns the type of the next token that will be fetched by lexer_get(),
- * without advancing 'lexer->token' to that token. */
-enum lex_type
-lexer_lookahead(const struct lexer *lexer)
-{
- struct lex_token next;
- enum lex_type type;
- const char *start;
-
- lex_token_parse(&next, lexer->input, &start);
- type = next.type;
- lex_token_destroy(&next);
- return type;
-}
-
-/* If 'lexer''s current token has the given 'type', advances 'lexer' to the
- * next token and returns true. Otherwise returns false. */
-bool
-lexer_match(struct lexer *lexer, enum lex_type type)
-{
- if (lexer->token.type == type) {
- lexer_get(lexer);
- return true;
- } else {
- return false;
- }
-}
-
-bool
-lexer_force_match(struct lexer *lexer, enum lex_type t)
-{
- if (t == LEX_T_END) {
- return lexer_force_end(lexer);
- } else if (lexer_match(lexer, t)) {
- return true;
- } else {
- struct lex_token token = { .type = t };
- struct ds s = DS_EMPTY_INITIALIZER;
- lex_token_format(&token, &s);
-
- lexer_syntax_error(lexer, "expecting `%s'", ds_cstr(&s));
-
- ds_destroy(&s);
-
- return false;
- }
-}
-
-/* If 'lexer''s current token is the identifier given in 'id', advances 'lexer'
- * to the next token and returns true. Otherwise returns false. */
-bool
-lexer_match_id(struct lexer *lexer, const char *id)
-{
- if (lexer->token.type == LEX_T_ID && !strcmp(lexer->token.s, id)) {
- lexer_get(lexer);
- return true;
- } else {
- return false;
- }
-}
-
-bool
-lexer_is_int(const struct lexer *lexer)
-{
- return (lexer->token.type == LEX_T_INTEGER
- && lexer->token.format == LEX_F_DECIMAL
- && ntohll(lexer->token.value.integer) <= INT_MAX);
-}
-
-bool
-lexer_get_int(struct lexer *lexer, int *value)
-{
- if (lexer_is_int(lexer)) {
- *value = ntohll(lexer->token.value.integer);
- lexer_get(lexer);
- return true;
- } else {
- *value = 0;
- return false;
- }
-}
-
-bool
-lexer_force_int(struct lexer *lexer, int *value)
-{
- bool ok = lexer_get_int(lexer, value);
- if (!ok) {
- lexer_syntax_error(lexer, "expecting small integer");
- }
- return ok;
-}
-
-bool
-lexer_force_end(struct lexer *lexer)
-{
- if (lexer->token.type == LEX_T_END) {
- return true;
- } else {
- lexer_syntax_error(lexer, "expecting end of input");
- return false;
- }
-}
-
-static bool
-lexer_error_handle_common(struct lexer *lexer)
-{
- if (lexer->error) {
- /* Already have an error, suppress this one since the cascade seems
- * unlikely to be useful. */
- return true;
- } else if (lexer->token.type == LEX_T_ERROR) {
- /* The lexer signaled an error. Nothing at a higher level accepts an
- * error token, so we'll inevitably end up here with some meaningless
- * parse error. Report the lexical error instead. */
- lexer->error = xstrdup(lexer->token.s);
- return true;
- } else {
- return false;
- }
-}
-
-void OVS_PRINTF_FORMAT(2, 3)
-lexer_error(struct lexer *lexer, const char *message, ...)
-{
- if (lexer_error_handle_common(lexer)) {
- return;
- }
-
- va_list args;
- va_start(args, message);
- lexer->error = xvasprintf(message, args);
- va_end(args);
-}
-
-void OVS_PRINTF_FORMAT(2, 3)
-lexer_syntax_error(struct lexer *lexer, const char *message, ...)
-{
- if (lexer_error_handle_common(lexer)) {
- return;
- }
-
- struct ds s;
-
- ds_init(&s);
- ds_put_cstr(&s, "Syntax error");
- if (lexer->token.type == LEX_T_END) {
- ds_put_cstr(&s, " at end of input");
- } else if (lexer->start) {
- ds_put_format(&s, " at `%.*s'",
- (int) (lexer->input - lexer->start),
- lexer->start);
- }
-
- if (message) {
- ds_put_char(&s, ' ');
-
- va_list args;
- va_start(args, message);
- ds_put_format_valist(&s, message, args);
- va_end(args);
- }
- ds_put_char(&s, '.');
-
- lexer->error = ds_steal_cstr(&s);
-}
-
-char *
-lexer_steal_error(struct lexer *lexer)
-{
- char *error = lexer->error;
- lexer->error = NULL;
- return error;
-}
diff --git a/ovn/lib/logical-fields.c b/ovn/lib/logical-fields.c
deleted file mode 100644
index 4ad5bf48150..00000000000
--- a/ovn/lib/logical-fields.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* Copyright (c) 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "openvswitch/shash.h"
-#include "ovn/expr.h"
-#include "ovn/logical-fields.h"
-#include "ovs-thread.h"
-#include "packets.h"
-
-/* Silence a warning. */
-extern const struct ovn_field ovn_fields[OVN_FIELD_N_IDS];
-
-const struct ovn_field ovn_fields[OVN_FIELD_N_IDS] = {
- {
- OVN_ICMP4_FRAG_MTU,
- "icmp4.frag_mtu",
- 2, 16,
- },
-};
-
-static struct shash ovnfield_by_name;
-
-static void
-add_subregister(const char *name,
- const char *parent_name, int parent_idx,
- int width, int idx,
- struct shash *symtab)
-{
- int lsb = width * idx;
- int msb = lsb + (width - 1);
- char *expansion = xasprintf("%s%d[%d..%d]",
- parent_name, parent_idx, lsb, msb);
- expr_symtab_add_subfield(symtab, name, NULL, expansion);
- free(expansion);
-}
-
-static void
-add_ct_bit(const char *name, int index, struct shash *symtab)
-{
- char *expansion = xasprintf("ct_state[%d]", index);
- const char *prereqs = index == CS_TRACKED_BIT ? NULL : "ct.trk";
- expr_symtab_add_subfield(symtab, name, prereqs, expansion);
- free(expansion);
-}
-
-void
-ovn_init_symtab(struct shash *symtab)
-{
- shash_init(symtab);
-
- /* Reserve a pair of registers for the logical inport and outport. A full
- * 32-bit register each is bigger than we need, but the expression code
- * doesn't yet support string fields that occupy less than a full OXM. */
- expr_symtab_add_string(symtab, "inport", MFF_LOG_INPORT, NULL);
- expr_symtab_add_string(symtab, "outport", MFF_LOG_OUTPORT, NULL);
-
- /* Logical registers:
- * 128-bit xxregs
- * 64-bit xregs
- * 32-bit regs
- *
- * The expression language doesn't handle overlapping fields properly
- * unless they're formally defined as subfields. It's a little awkward. */
- for (int xxi = 0; xxi < MFF_N_LOG_REGS / 4; xxi++) {
- char *xxname = xasprintf("xxreg%d", xxi);
- expr_symtab_add_field(symtab, xxname, MFF_XXREG0 + xxi, NULL, false);
- free(xxname);
- }
- for (int xi = 0; xi < MFF_N_LOG_REGS / 2; xi++) {
- char *xname = xasprintf("xreg%d", xi);
- int xxi = xi / 2;
- if (xxi < MFF_N_LOG_REGS / 4) {
- add_subregister(xname, "xxreg", xxi, 64, 1 - xi % 2, symtab);
- } else {
- expr_symtab_add_field(symtab, xname, MFF_XREG0 + xi, NULL, false);
- }
- free(xname);
- }
- for (int i = 0; i < MFF_N_LOG_REGS; i++) {
- char *name = xasprintf("reg%d", i);
- int xxi = i / 4;
- int xi = i / 2;
- if (xxi < MFF_N_LOG_REGS / 4) {
- add_subregister(name, "xxreg", xxi, 32, 3 - i % 4, symtab);
- } else if (xi < MFF_N_LOG_REGS / 2) {
- add_subregister(name, "xreg", xi, 32, 1 - i % 2, symtab);
- } else {
- expr_symtab_add_field(symtab, name, MFF_REG0 + i, NULL, false);
- }
- free(name);
- }
-
- /* Flags used in logical to physical transformation. */
- expr_symtab_add_field(symtab, "flags", MFF_LOG_FLAGS, NULL, false);
- char flags_str[16];
- snprintf(flags_str, sizeof flags_str, "flags[%d]", MLF_ALLOW_LOOPBACK_BIT);
- expr_symtab_add_subfield(symtab, "flags.loopback", NULL, flags_str);
- snprintf(flags_str, sizeof flags_str, "flags[%d]",
- MLF_FORCE_SNAT_FOR_DNAT_BIT);
- expr_symtab_add_subfield(symtab, "flags.force_snat_for_dnat", NULL,
- flags_str);
- snprintf(flags_str, sizeof flags_str, "flags[%d]",
- MLF_FORCE_SNAT_FOR_LB_BIT);
- expr_symtab_add_subfield(symtab, "flags.force_snat_for_lb", NULL,
- flags_str);
-
- /* Connection tracking state. */
- expr_symtab_add_field(symtab, "ct_mark", MFF_CT_MARK, NULL, false);
-
- expr_symtab_add_field(symtab, "ct_label", MFF_CT_LABEL, NULL, false);
- expr_symtab_add_subfield(symtab, "ct_label.blocked", NULL, "ct_label[0]");
-
- expr_symtab_add_field(symtab, "ct_state", MFF_CT_STATE, NULL, false);
-
-#define CS_STATE(ENUM, INDEX, NAME) \
- add_ct_bit("ct."NAME, CS_##ENUM##_BIT, symtab);
- CS_STATES
-#undef CS_STATE
-
- /* Data fields. */
- expr_symtab_add_field(symtab, "eth.src", MFF_ETH_SRC, NULL, false);
- expr_symtab_add_field(symtab, "eth.dst", MFF_ETH_DST, NULL, false);
- expr_symtab_add_field(symtab, "eth.type", MFF_ETH_TYPE, NULL, true);
- expr_symtab_add_predicate(symtab, "eth.bcast",
- "eth.dst == ff:ff:ff:ff:ff:ff");
- expr_symtab_add_subfield(symtab, "eth.mcast", NULL, "eth.dst[40]");
-
- expr_symtab_add_field(symtab, "vlan.tci", MFF_VLAN_TCI, NULL, false);
- expr_symtab_add_predicate(symtab, "vlan.present", "vlan.tci[12]");
- expr_symtab_add_subfield(symtab, "vlan.pcp", "vlan.present",
- "vlan.tci[13..15]");
- expr_symtab_add_subfield(symtab, "vlan.vid", "vlan.present",
- "vlan.tci[0..11]");
-
- expr_symtab_add_predicate(symtab, "ip4", "eth.type == 0x800");
- expr_symtab_add_predicate(symtab, "ip6", "eth.type == 0x86dd");
- expr_symtab_add_predicate(symtab, "ip", "ip4 || ip6");
- expr_symtab_add_field(symtab, "ip.proto", MFF_IP_PROTO, "ip", true);
- expr_symtab_add_field(symtab, "ip.dscp", MFF_IP_DSCP_SHIFTED, "ip", false);
- expr_symtab_add_field(symtab, "ip.ecn", MFF_IP_ECN, "ip", false);
- expr_symtab_add_field(symtab, "ip.ttl", MFF_IP_TTL, "ip", false);
-
- expr_symtab_add_field(symtab, "ip4.src", MFF_IPV4_SRC, "ip4", false);
- expr_symtab_add_field(symtab, "ip4.dst", MFF_IPV4_DST, "ip4", false);
- expr_symtab_add_predicate(symtab, "ip4.mcast", "ip4.dst[28..31] == 0xe");
-
- expr_symtab_add_predicate(symtab, "icmp4", "ip4 && ip.proto == 1");
- expr_symtab_add_field(symtab, "icmp4.type", MFF_ICMPV4_TYPE, "icmp4",
- false);
- expr_symtab_add_field(symtab, "icmp4.code", MFF_ICMPV4_CODE, "icmp4",
- false);
-
- expr_symtab_add_predicate(symtab, "igmp", "ip4 && ip.proto == 2");
-
- expr_symtab_add_field(symtab, "ip6.src", MFF_IPV6_SRC, "ip6", false);
- expr_symtab_add_field(symtab, "ip6.dst", MFF_IPV6_DST, "ip6", false);
- expr_symtab_add_field(symtab, "ip6.label", MFF_IPV6_LABEL, "ip6", false);
-
- expr_symtab_add_predicate(symtab, "icmp6", "ip6 && ip.proto == 58");
- expr_symtab_add_field(symtab, "icmp6.type", MFF_ICMPV6_TYPE, "icmp6",
- true);
- expr_symtab_add_field(symtab, "icmp6.code", MFF_ICMPV6_CODE, "icmp6",
- true);
-
- expr_symtab_add_predicate(symtab, "icmp", "icmp4 || icmp6");
-
- expr_symtab_add_field(symtab, "ip.frag", MFF_IP_FRAG, "ip", false);
- expr_symtab_add_predicate(symtab, "ip.is_frag", "ip.frag[0]");
- expr_symtab_add_predicate(symtab, "ip.later_frag", "ip.frag[1]");
- expr_symtab_add_predicate(symtab, "ip.first_frag",
- "ip.is_frag && !ip.later_frag");
-
- expr_symtab_add_predicate(symtab, "arp", "eth.type == 0x806");
- expr_symtab_add_field(symtab, "arp.op", MFF_ARP_OP, "arp", false);
- expr_symtab_add_field(symtab, "arp.spa", MFF_ARP_SPA, "arp", false);
- expr_symtab_add_field(symtab, "arp.sha", MFF_ARP_SHA, "arp", false);
- expr_symtab_add_field(symtab, "arp.tpa", MFF_ARP_TPA, "arp", false);
- expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
-
- expr_symtab_add_predicate(symtab, "nd",
- "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_predicate(symtab, "nd_ns",
- "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_predicate(symtab, "nd_na",
- "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_predicate(symtab, "nd_rs",
- "icmp6.type == 133 && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_predicate(symtab, "nd_ra",
- "icmp6.type == 134 && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
- expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
- expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
-
- expr_symtab_add_predicate(symtab, "tcp", "ip.proto == 6");
- expr_symtab_add_field(symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
- expr_symtab_add_field(symtab, "tcp.dst", MFF_TCP_DST, "tcp", false);
- expr_symtab_add_field(symtab, "tcp.flags", MFF_TCP_FLAGS, "tcp", false);
-
- expr_symtab_add_predicate(symtab, "udp", "ip.proto == 17");
- expr_symtab_add_field(symtab, "udp.src", MFF_UDP_SRC, "udp", false);
- expr_symtab_add_field(symtab, "udp.dst", MFF_UDP_DST, "udp", false);
-
- expr_symtab_add_predicate(symtab, "sctp", "ip.proto == 132");
- expr_symtab_add_field(symtab, "sctp.src", MFF_SCTP_SRC, "sctp", false);
- expr_symtab_add_field(symtab, "sctp.dst", MFF_SCTP_DST, "sctp", false);
-
- shash_init(&ovnfield_by_name);
- for (int i = 0; i < OVN_FIELD_N_IDS; i++) {
- const struct ovn_field *of = &ovn_fields[i];
- ovs_assert(of->id == i); /* Fields must be in the enum order. */
- shash_add_once(&ovnfield_by_name, of->name, of);
- }
- expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", OVN_ICMP4_FRAG_MTU);
-}
-
-const char *
-event_to_string(enum ovn_controller_event event)
-{
- switch (event) {
- case OVN_EVENT_EMPTY_LB_BACKENDS:
- return "empty_lb_backends";
- case OVN_EVENT_MAX:
- default:
- return "";
- }
-}
-
-int
-string_to_event(const char *s)
-{
- if (!strcmp(s, "empty_lb_backends")) {
- return OVN_EVENT_EMPTY_LB_BACKENDS;
- }
- return -1;
-}
-
-const struct ovn_field *
-ovn_field_from_name(const char *name)
-{
- return shash_find_data(&ovnfield_by_name, name);
-}
-
-void
-ovn_destroy_ovnfields(void)
-{
- shash_destroy(&ovnfield_by_name);
-}
diff --git a/ovn/lib/mcast-group-index.c b/ovn/lib/mcast-group-index.c
deleted file mode 100644
index 740311e0002..00000000000
--- a/ovn/lib/mcast-group-index.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include "ovn/lib/mcast-group-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
-
-struct ovsdb_idl_index *
-mcast_group_index_create(struct ovsdb_idl *idl)
-{
- return ovsdb_idl_index_create2(idl, &sbrec_multicast_group_col_name,
- &sbrec_multicast_group_col_datapath);
-}
-
-const struct sbrec_multicast_group *
-mcast_group_lookup(struct ovsdb_idl_index *mcgroup_index,
- const char *name,
- const struct sbrec_datapath_binding *datapath)
-{
- struct sbrec_multicast_group *target =
- sbrec_multicast_group_index_init_row(mcgroup_index);
- sbrec_multicast_group_index_set_name(target, name);
- sbrec_multicast_group_index_set_datapath(target, datapath);
-
- struct sbrec_multicast_group *mcgroup =
- sbrec_multicast_group_index_find(mcgroup_index, target);
- sbrec_multicast_group_index_destroy_row(target);
-
- return mcgroup;
-}
diff --git a/ovn/lib/mcast-group-index.h b/ovn/lib/mcast-group-index.h
deleted file mode 100644
index 859e6a72fbc..00000000000
--- a/ovn/lib/mcast-group-index.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* Copyright (c) 2019, Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_MCAST_GROUP_INDEX_H
-#define OVN_MCAST_GROUP_INDEX_H 1
-
-struct ovsdb_idl;
-
-struct sbrec_datapath_binding;
-
-#define OVN_MCAST_FLOOD_TUNNEL_KEY 65535
-#define OVN_MCAST_UNKNOWN_TUNNEL_KEY (OVN_MCAST_FLOOD_TUNNEL_KEY - 1)
-
-struct ovsdb_idl_index *mcast_group_index_create(struct ovsdb_idl *);
-const struct sbrec_multicast_group *
-mcast_group_lookup(struct ovsdb_idl_index *mcgroup_index,
- const char *name,
- const struct sbrec_datapath_binding *datapath);
-
-#endif /* ovn/lib/mcast-group-index.h */
diff --git a/ovn/lib/ovn-l7.h b/ovn/lib/ovn-l7.h
deleted file mode 100644
index c93def45044..00000000000
--- a/ovn/lib/ovn-l7.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 2016 Red Hat, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OVN_DHCP_H
-#define OVN_DHCP_H 1
-
-#include
-#include
-#include
-#include "openvswitch/hmap.h"
-#include "hash.h"
-#include "ovn/logical-fields.h"
-
-/* Generic options map which is used to store dhcpv4 opts and dhcpv6 opts. */
-struct gen_opts_map {
- struct hmap_node hmap_node;
- char *name;
- char *type;
- size_t code;
-};
-
-#define DHCP_OPTION(NAME, CODE, TYPE) \
- {.name = NAME, .code = CODE, .type = TYPE}
-
-#define OFFERIP DHCP_OPTION("offerip", 0, "ipv4")
-#define DHCP_OPT_NETMASK DHCP_OPTION("netmask", 1, "ipv4")
-#define DHCP_OPT_ROUTER DHCP_OPTION("router", 3, "ipv4")
-#define DHCP_OPT_DNS_SERVER DHCP_OPTION("dns_server", 6, "ipv4")
-#define DHCP_OPT_LOG_SERVER DHCP_OPTION("log_server", 7, "ipv4")
-#define DHCP_OPT_LPR_SERVER DHCP_OPTION("lpr_server", 9, "ipv4")
-#define DHCP_OPT_DOMAIN_NAME DHCP_OPTION("domain_name", 15, "str")
-#define DHCP_OPT_SWAP_SERVER DHCP_OPTION("swap_server", 16, "ipv4")
-
-#define DHCP_OPT_POLICY_FILTER \
- DHCP_OPTION("policy_filter", 21, "ipv4")
-
-#define DHCP_OPT_ROUTER_SOLICITATION \
- DHCP_OPTION("router_solicitation", 32, "ipv4")
-
-#define DHCP_OPT_NIS_SERVER DHCP_OPTION("nis_server", 41, "ipv4")
-#define DHCP_OPT_NTP_SERVER DHCP_OPTION("ntp_server", 42, "ipv4")
-#define DHCP_OPT_SERVER_ID DHCP_OPTION("server_id", 54, "ipv4")
-#define DHCP_OPT_TFTP_SERVER DHCP_OPTION("tftp_server", 66, "ipv4")
-
-#define DHCP_OPT_CLASSLESS_STATIC_ROUTE \
- DHCP_OPTION("classless_static_route", 121, "static_routes")
-#define DHCP_OPT_MS_CLASSLESS_STATIC_ROUTE \
- DHCP_OPTION("ms_classless_static_route", 249, "static_routes")
-
-#define DHCP_OPT_IP_FORWARD_ENABLE DHCP_OPTION("ip_forward_enable", 19, "bool")
-#define DHCP_OPT_ROUTER_DISCOVERY DHCP_OPTION("router_discovery", 31, "bool")
-#define DHCP_OPT_ETHERNET_ENCAP DHCP_OPTION("ethernet_encap", 36, "bool")
-
-#define DHCP_OPT_DEFAULT_TTL DHCP_OPTION("default_ttl", 23, "uint8")
-
-#define DHCP_OPT_TCP_TTL DHCP_OPTION("tcp_ttl", 37, "uint8")
-#define DHCP_OPT_MTU DHCP_OPTION("mtu", 26, "uint16")
-#define DHCP_OPT_LEASE_TIME DHCP_OPTION("lease_time", 51, "uint32")
-#define DHCP_OPT_T1 DHCP_OPTION("T1", 58, "uint32")
-#define DHCP_OPT_T2 DHCP_OPTION("T2", 59, "uint32")
-
-#define DHCP_OPT_BOOTFILE DHCP_OPTION("bootfile_name", 67, "str")
-#define DHCP_OPT_WPAD DHCP_OPTION("wpad", 252, "str")
-#define DHCP_OPT_PATH_PREFIX DHCP_OPTION("path_prefix", 210, "str")
-#define DHCP_OPT_TFTP_SERVER_ADDRESS \
- DHCP_OPTION("tftp_server_address", 150, "ipv4")
-
-static inline uint32_t
-gen_opt_hash(char *opt_name)
-{
- return hash_string(opt_name, 0);
-}
-
-static inline uint32_t
-dhcp_opt_hash(char *opt_name)
-{
- return gen_opt_hash(opt_name);
-}
-
-static inline struct gen_opts_map *
-gen_opts_find(const struct hmap *gen_opts, char *opt_name)
-{
- struct gen_opts_map *gen_opt;
- HMAP_FOR_EACH_WITH_HASH (gen_opt, hmap_node, gen_opt_hash(opt_name),
- gen_opts) {
- if (!strcmp(gen_opt->name, opt_name)) {
- return gen_opt;
- }
- }
-
- return NULL;
-}
-
-static inline struct gen_opts_map *
-dhcp_opts_find(const struct hmap *dhcp_opts, char *opt_name)
-{
- return gen_opts_find(dhcp_opts, opt_name);
-}
-
-static inline void
-gen_opt_add(struct hmap *gen_opts, char *opt_name, size_t code, char *type)
-{
- struct gen_opts_map *gen_opt = xzalloc(sizeof *gen_opt);
- gen_opt->name = xstrdup(opt_name);
- gen_opt->code = code;
- gen_opt->type = xstrdup(type);
- hmap_insert(gen_opts, &gen_opt->hmap_node, gen_opt_hash(opt_name));
-}
-
-static inline void
-dhcp_opt_add(struct hmap *dhcp_opts, char *opt_name, size_t code, char *type)
-{
- gen_opt_add(dhcp_opts, opt_name, code, type);
-}
-
-static inline void
-gen_opts_destroy(struct hmap *gen_opts)
-{
- struct gen_opts_map *gen_opt;
- HMAP_FOR_EACH_POP (gen_opt, hmap_node, gen_opts) {
- free(gen_opt->name);
- free(gen_opt->type);
- free(gen_opt);
- }
- hmap_destroy(gen_opts);
-}
-
-static inline void
-dhcp_opts_destroy(struct hmap *dhcp_opts)
-{
- gen_opts_destroy(dhcp_opts);
-}
-
-OVS_PACKED(
-struct dhcp_opt_header {
- uint8_t code;
- uint8_t len;
-});
-
-#define DHCP_OPT_PAYLOAD(hdr) \
- (void *)((char *)hdr + sizeof(struct dhcp_opt_header))
-
-/* Used in the OpenFlow PACKET_IN userdata */
-struct dhcp_opt6_header {
- ovs_be16 opt_code;
- ovs_be16 size;
-};
-
-/* Supported DHCPv6 Message Types */
-#define DHCPV6_MSG_TYPE_SOLICIT 1
-#define DHCPV6_MSG_TYPE_ADVT 2
-#define DHCPV6_MSG_TYPE_REQUEST 3
-#define DHCPV6_MSG_TYPE_CONFIRM 4
-#define DHCPV6_MSG_TYPE_REPLY 7
-#define DHCPV6_MSG_TYPE_DECLINE 9
-#define DHCPV6_MSG_TYPE_INFO_REQ 11
-
-
-/* DHCPv6 Option codes */
-#define DHCPV6_OPT_CLIENT_ID_CODE 1
-#define DHCPV6_OPT_SERVER_ID_CODE 2
-#define DHCPV6_OPT_IA_NA_CODE 3
-#define DHCPV6_OPT_IA_ADDR_CODE 5
-#define DHCPV6_OPT_DNS_SERVER_CODE 23
-#define DHCPV6_OPT_DOMAIN_SEARCH_CODE 24
-
-#define DHCPV6_OPT_SERVER_ID \
- DHCP_OPTION("server_id", DHCPV6_OPT_SERVER_ID_CODE, "mac")
-
-#define DHCPV6_OPT_IA_ADDR \
- DHCP_OPTION("ia_addr", DHCPV6_OPT_IA_ADDR_CODE, "ipv6")
-
-#define DHCPV6_OPT_DNS_SERVER \
- DHCP_OPTION("dns_server", DHCPV6_OPT_DNS_SERVER_CODE, "ipv6")
-
-#define DHCPV6_OPT_DOMAIN_SEARCH \
- DHCP_OPTION("domain_search", DHCPV6_OPT_DOMAIN_SEARCH_CODE, "str")
-
-OVS_PACKED(
-struct dhcpv6_opt_header {
- ovs_be16 code;
- ovs_be16 len;
-});
-
-OVS_PACKED(
-struct dhcpv6_opt_server_id {
- struct dhcpv6_opt_header opt;
- ovs_be16 duid_type;
- ovs_be16 hw_type;
- struct eth_addr mac;
-});
-
-
-OVS_PACKED(
-struct dhcpv6_opt_ia_addr {
- struct dhcpv6_opt_header opt;
- struct in6_addr ipv6;
- ovs_be32 t1;
- ovs_be32 t2;
-});
-
-OVS_PACKED(
-struct dhcpv6_opt_ia_na {
- struct dhcpv6_opt_header opt;
- ovs_be32 iaid;
- ovs_be32 t1;
- ovs_be32 t2;
-});
-
-#define DHCPV6_DUID_LL 3
-#define DHCPV6_HW_TYPE_ETH 1
-
-#define DHCPV6_OPT_PAYLOAD(opt) \
- (void *)((char *)opt + sizeof(struct dhcpv6_opt_header))
-
-static inline struct gen_opts_map *
-nd_ra_opts_find(const struct hmap *nd_ra_opts, char *opt_name)
-{
- return gen_opts_find(nd_ra_opts, opt_name);
-}
-
-static inline void
-nd_ra_opt_add(struct hmap *nd_ra_opts, char *opt_name, size_t code,
- char *type)
-{
- gen_opt_add(nd_ra_opts, opt_name, code, type);
-}
-
-static inline void
-nd_ra_opts_destroy(struct hmap *nd_ra_opts)
-{
- gen_opts_destroy(nd_ra_opts);
-}
-
-
-#define ND_RA_FLAG_ADDR_MODE 0
-
-
-/* Default values of various IPv6 Neighbor Discovery protocol options and
- * flags. See RFC 4861 for more information.
- * */
-#define IPV6_ND_RA_FLAG_MANAGED_ADDR_CONFIG 0x80
-#define IPV6_ND_RA_FLAG_OTHER_ADDR_CONFIG 0x40
-
-#define IPV6_ND_RA_CUR_HOP_LIMIT 255
-#define IPV6_ND_RA_LIFETIME 0xffff
-#define IPV6_ND_RA_REACHABLE_TIME 0
-#define IPV6_ND_RA_RETRANSMIT_TIMER 0
-
-#define IPV6_ND_RA_OPT_PREFIX_ON_LINK 0x80
-#define IPV6_ND_RA_OPT_PREFIX_AUTONOMOUS 0x40
-#define IPV6_ND_RA_OPT_PREFIX_VALID_LIFETIME 0xffffffff
-#define IPV6_ND_RA_OPT_PREFIX_PREFERRED_LIFETIME 0xffffffff
-
-static inline void
-nd_ra_opts_init(struct hmap *nd_ra_opts)
-{
- nd_ra_opt_add(nd_ra_opts, "addr_mode", ND_RA_FLAG_ADDR_MODE, "str");
- nd_ra_opt_add(nd_ra_opts, "slla", ND_OPT_SOURCE_LINKADDR, "mac");
- nd_ra_opt_add(nd_ra_opts, "prefix", ND_OPT_PREFIX_INFORMATION, "ipv6");
- nd_ra_opt_add(nd_ra_opts, "mtu", ND_OPT_MTU, "uint32");
-}
-
-#define EMPTY_LB_VIP 1
-#define EMPTY_LB_PROTOCOL 2
-#define EMPTY_LB_LOAD_BALANCER 3
-
-/* Used in the OpenFlow PACKET_IN userdata */
-struct controller_event_opt_header {
- ovs_be16 opt_code;
- ovs_be16 size;
-};
-
-struct controller_event_options {
- struct hmap event_opts[OVN_EVENT_MAX];
-};
-
-static inline void
-controller_event_opt_add(struct controller_event_options *event_opts,
- enum ovn_controller_event event_type, char *opt_name,
- size_t opt_code, char *opt_type)
-{
- gen_opt_add(&event_opts->event_opts[event_type], opt_name, opt_code,
- opt_type);
-}
-
-static inline void
-controller_event_opts_init(struct controller_event_options *opts)
-{
- for (size_t i = 0; i < OVN_EVENT_MAX; i++) {
- hmap_init(&opts->event_opts[i]);
- }
- controller_event_opt_add(opts, OVN_EVENT_EMPTY_LB_BACKENDS, "vip",
- EMPTY_LB_VIP, "str");
- controller_event_opt_add(opts, OVN_EVENT_EMPTY_LB_BACKENDS, "protocol",
- EMPTY_LB_PROTOCOL, "str");
- controller_event_opt_add(opts, OVN_EVENT_EMPTY_LB_BACKENDS,
- "load_balancer", EMPTY_LB_LOAD_BALANCER, "str");
-}
-
-static inline void
-controller_event_opts_destroy(struct controller_event_options *opts)
-{
- for (size_t i = 0; i < OVN_EVENT_MAX; i++) {
- gen_opts_destroy(&opts->event_opts[i]);
- }
-}
-
-#endif /* OVN_DHCP_H */
diff --git a/ovn/northd/.gitignore b/ovn/northd/.gitignore
deleted file mode 100644
index 97a59801be9..00000000000
--- a/ovn/northd/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/ovn-northd
-/ovn-northd.8
diff --git a/ovn/northd/automake.mk b/ovn/northd/automake.mk
deleted file mode 100644
index 93aebe8b17f..00000000000
--- a/ovn/northd/automake.mk
+++ /dev/null
@@ -1,10 +0,0 @@
-# ovn-northd
-bin_PROGRAMS += ovn/northd/ovn-northd
-ovn_northd_ovn_northd_SOURCES = ovn/northd/ovn-northd.c
-ovn_northd_ovn_northd_LDADD = \
- ovn/lib/libovn.la \
- ovsdb/libovsdb.la \
- lib/libopenvswitch.la
-man_MANS += ovn/northd/ovn-northd.8
-EXTRA_DIST += ovn/northd/ovn-northd.8.xml
-CLEANFILES += ovn/northd/ovn-northd.8
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
deleted file mode 100644
index d2267de0ec6..00000000000
--- a/ovn/northd/ovn-northd.8.xml
+++ /dev/null
@@ -1,2544 +0,0 @@
-
-
- Name
- ovn-northd -- Open Virtual Network central control daemon
-
- Synopsis
- ovn-northd
[options]
-
- Description
-
- ovn-northd
is a centralized daemon responsible for
- translating the high-level OVN configuration into logical
- configuration consumable by daemons such as
- ovn-controller
. It translates the logical network
- configuration in terms of conventional network concepts, taken
- from the OVN Northbound Database (see ovn-nb
(5)),
- into logical datapath flows in the OVN Southbound Database (see
- ovn-sb
(5)) below it.
-
-
- Options
-
- --ovnnb-db=database
- -
- The OVSDB database containing the OVN Northbound Database. If the
- OVN_NB_DB environment variable is set, its value is used
- as the default. Otherwise, the default is
-
unix:@RUNDIR@/ovnnb_db.sock
.
-
- --ovnsb-db=database
- -
- The OVSDB database containing the OVN Southbound Database. If the
- OVN_SB_DB environment variable is set, its value is used
- as the default. Otherwise, the default is
-
unix:@RUNDIR@/ovnsb_db.sock
.
-
-
-
- database in the above options must be an OVSDB active or
- passive connection method, as described in ovsdb
(7).
-
-
- Daemon Options
-
-
- Logging Options
-
-
- PKI Options
-
- PKI configuration is required in order to use SSL for the connections to
- the Northbound and Southbound databases.
-
-
-
- Other Options
-
-
-
-
- Runtime Management Commands
-
- ovs-appctl
can send commands to a running
- ovn-northd
process. The currently supported commands
- are described below.
-
- exit
- -
- Causes
ovn-northd
to gracefully terminate.
-
-
-
-
- Active-Standby for High Availability
-
- You may run ovn-northd
more than once in an OVN deployment.
- OVN will automatically ensure that only one of them is active at a time.
- If multiple instances of ovn-northd
are running and the
- active ovn-northd
fails, one of the hot standby instances
- of ovn-northd
will automatically take over.
-
-
- Logical Flow Table Structure
-
-
- One of the main purposes of ovn-northd
is to populate the
- Logical_Flow
table in the OVN_Southbound
- database. This section describes how ovn-northd
does this
- for switch and router logical datapaths.
-
-
- Logical Switch Datapaths
-
- Ingress Table 0: Admission Control and Ingress Port Security - L2
-
-
- Ingress table 0 contains these logical flows:
-
-
-
- -
- Priority 100 flows to drop packets with VLAN tags or multicast Ethernet
- source addresses.
-
-
- -
- Priority 50 flows that implement ingress port security for each enabled
- logical port. For logical ports on which port security is enabled,
- these match the
inport
and the valid eth.src
- address(es) and advance only those packets to the next flow table. For
- logical ports on which port security is not enabled, these advance all
- packets that match the inport
.
-
-
-
-
- There are no flows for disabled logical ports because the default-drop
- behavior of logical flow tables causes packets that ingress from them to
- be dropped.
-
-
- Ingress Table 1: Ingress Port Security - IP
-
-
- Ingress table 1 contains these logical flows:
-
-
-
-
- Ingress Table 2: Ingress Port Security - Neighbor discovery
-
-
- Ingress table 2 contains these logical flows:
-
-
-
-
- Ingress Table 3: from-lport
Pre-ACLs
-
-
- This table prepares flows for possible stateful ACL processing in
- ingress table ACLs
. It contains a priority-0 flow that
- simply moves traffic to the next table. If stateful ACLs are used in the
- logical datapath, a priority-100 flow is added that sets a hint
- (with reg0[0] = 1; next;
) for table
- Pre-stateful
to send IP packets to the connection tracker
- before eventually advancing to ingress table ACLs
. If
- special ports such as route ports or localnet ports can't use ct(), a
- priority-110 flow is added to skip over stateful ACLs.
-
-
- Ingress Table 4: Pre-LB
-
-
- This table prepares flows for possible stateful load balancing processing
- in ingress table LB
and Stateful
. It contains
- a priority-0 flow that simply moves traffic to the next table. Moreover
- it contains a priority-110 flow to move IPv6 Neighbor Discovery traffic
- to the next table. If load balancing rules with virtual IP addresses
- (and ports) are configured in OVN_Northbound
database for a
- logical switch datapath, a priority-100 flow is added for each configured
- virtual IP address VIP. For IPv4 VIPs, the match is
- ip && ip4.dst == VIP
. For IPv6
- VIPs, the match is ip &&
- ip6.dst == VIP
. The flow sets an action
- reg0[0] = 1; next;
to act as a hint for table
- Pre-stateful
to send IP packets to the connection tracker
- for packet de-fragmentation before eventually advancing to ingress table
- LB
.
-
-
- Ingress Table 5: Pre-stateful
-
-
- This table prepares flows for all possible stateful processing
- in next tables. It contains a priority-0 flow that simply moves
- traffic to the next table. A priority-100 flow sends the packets to
- connection tracker based on a hint provided by the previous tables
- (with a match for reg0[0] == 1
) by using the
- ct_next;
action.
-
-
- Ingress table 6: from-lport
ACLs
-
-
- Logical flows in this table closely reproduce those in the
- ACL
table in the OVN_Northbound
database
- for the from-lport
direction. The priority
- values from the ACL
table have a limited range and have
- 1000 added to them to leave room for OVN default flows at both
- higher and lower priorities.
-
-
- -
-
allow
ACLs translate into logical flows with
- the next;
action. If there are any stateful ACLs
- on this datapath, then allow
ACLs translate to
- ct_commit; next;
(which acts as a hint for the next tables
- to commit the connection to conntrack),
-
- -
-
allow-related
ACLs translate into logical
- flows with the ct_commit(ct_label=0/1); next;
actions
- for new connections and reg0[1] = 1; next;
for existing
- connections.
-
- -
- Other ACLs translate to
drop;
for new or untracked
- connections and ct_commit(ct_label=1/1);
for known
- connections. Setting ct_label
marks a connection
- as one that was previously allowed, but should no longer be
- allowed due to a policy change.
-
-
-
-
- This table also contains a priority 0 flow with action
- next;
, so that ACLs allow packets by default. If the
- logical datapath has a statetful ACL, the following flows will
- also be added:
-
-
-
- -
- A priority-1 flow that sets the hint to commit IP traffic to the
- connection tracker (with action
reg0[1] = 1; next;
). This
- is needed for the default allow policy because, while the initiator's
- direction may not have any stateful rules, the server's may and then
- its return traffic would not be known and marked as invalid.
-
-
- -
- A priority-65535 flow that allows any traffic in the reply
- direction for a connection that has been committed to the
- connection tracker (i.e., established flows), as long as
- the committed flow does not have
ct_label.blocked
set.
- We only handle traffic in the reply direction here because
- we want all packets going in the request direction to still
- go through the flows that implement the currently defined
- policy based on ACLs. If a connection is no longer allowed by
- policy, ct_label.blocked
will get set and packets in the
- reply direction will no longer be allowed, either.
-
-
- -
- A priority-65535 flow that allows any traffic that is considered
- related to a committed flow in the connection tracker (e.g., an
- ICMP Port Unreachable from a non-listening UDP port), as long
- as the committed flow does not have
ct_label.blocked
set.
-
-
- -
- A priority-65535 flow that drops all traffic marked by the
- connection tracker as invalid.
-
-
- -
- A priority-65535 flow that drops all traffic in the reply direction
- with
ct_label.blocked
set meaning that the connection
- should no longer be allowed due to a policy change. Packets
- in the request direction are skipped here to let a newly created
- ACL re-allow this connection.
-
-
-
- Ingress Table 7: from-lport
QoS Marking
-
-
- Logical flows in this table closely reproduce those in the
- QoS
table with the action
column set in
- the OVN_Northbound
database for the
- from-lport
direction.
-
-
-
- -
- For every qos_rules entry in a logical switch with DSCP marking
- enabled, a flow will be added at the priority mentioned in the
- QoS table.
-
-
- -
- One priority-0 fallback flow that matches all packets and advances to
- the next table.
-
-
-
- Ingress Table 8: from-lport
QoS Meter
-
-
- Logical flows in this table closely reproduce those in the
- QoS
table with the bandwidth
column set
- in the OVN_Northbound
database for the
- from-lport
direction.
-
-
-
- -
- For every qos_rules entry in a logical switch with metering
- enabled, a flow will be added at the priorirty mentioned in the
- QoS table.
-
-
- -
- One priority-0 fallback flow that matches all packets and advances to
- the next table.
-
-
-
- Ingress Table 9: LB
-
-
- It contains a priority-0 flow that simply moves traffic to the next
- table. For established connections a priority 100 flow matches on
- ct.est && !ct.rel && !ct.new &&
- !ct.inv
and sets an action reg0[2] = 1; next;
to act
- as a hint for table Stateful
to send packets through
- connection tracker to NAT the packets. (The packet will automatically
- get DNATed to the same IP address as the first packet in that
- connection.)
-
-
- Ingress Table 10: Stateful
-
-
- -
- For all the configured load balancing rules for a switch in
-
OVN_Northbound
database that includes a L4 port
- PORT of protocol P and IP address
- VIP, a priority-120 flow is added. For IPv4 VIPs
- , the flow matches ct.new && ip &&
- ip4.dst == VIP && P &&
- P.dst == PORT
. For IPv6 VIPs,
- the flow matches ct.new && ip && ip6.dst ==
- VIP && P && P.dst ==
- PORT
. The flow's action is ct_lb(args)
-
, where args contains comma separated IP addresses
- (and optional port numbers) to load balance to. The address family of
- the IP addresses of args is the same as the address family
- of VIP
-
- -
- For all the configured load balancing rules for a switch in
-
OVN_Northbound
database that includes just an IP address
- VIP to match on, OVN adds a priority-110 flow. For IPv4
- VIPs, the flow matches ct.new && ip &&
- ip4.dst == VIP
. For IPv6 VIPs,
- the flow matches ct.new && ip && ip6.dst ==
- VIP
. The action on this flow is
- ct_lb(args)
, where args contains comma
- separated IP addresses of the same address family as VIP.
-
- -
- A priority-100 flow commits packets to connection tracker using
-
ct_commit; next;
action based on a hint provided by
- the previous tables (with a match for reg0[1] == 1
).
-
- -
- A priority-100 flow sends the packets to connection tracker using
-
ct_lb;
as the action based on a hint provided by the
- previous tables (with a match for reg0[2] == 1
).
-
- -
- A priority-0 flow that simply moves traffic to the next table.
-
-
-
- Ingress Table 11: ARP/ND responder
-
-
- This table implements ARP/ND responder in a logical switch for known
- IPs. The advantage of the ARP responder flow is to limit ARP
- broadcasts by locally responding to ARP requests without the need to
- send to other hypervisors. One common case is when the inport is a
- logical port associated with a VIF and the broadcast is responded to
- on the local hypervisor rather than broadcast across the whole
- network and responded to by the destination VM. This behavior is
- proxy ARP.
-
-
-
- ARP requests arrive from VMs from a logical switch inport of type
- default. For this case, the logical switch proxy ARP rules can be
- for other VMs or logical router ports. Logical switch proxy ARP
- rules may be programmed both for mac binding of IP addresses on
- other logical switch VIF ports (which are of the default logical
- switch port type, representing connectivity to VMs or containers),
- and for mac binding of IP addresses on logical switch router type
- ports, representing their logical router port peers. In order to
- support proxy ARP for logical router ports, an IP address must be
- configured on the logical switch router type port, with the same
- value as the peer logical router port. The configured MAC addresses
- must match as well. When a VM sends an ARP request for a distributed
- logical router port and if the peer router type port of the attached
- logical switch does not have an IP address configured, the ARP request
- will be broadcast on the logical switch. One of the copies of the ARP
- request will go through the logical switch router type port to the
- logical router datapath, where the logical router ARP responder will
- generate a reply. The MAC binding of a distributed logical router,
- once learned by an associated VM, is used for all that VM's
- communication needing routing. Hence, the action of a VM re-arping for
- the mac binding of the logical router port should be rare.
-
-
-
- Logical switch ARP responder proxy ARP rules can also be hit when
- receiving ARP requests externally on a L2 gateway port. In this case,
- the hypervisor acting as an L2 gateway, responds to the ARP request on
- behalf of a destination VM.
-
-
-
- Note that ARP requests received from localnet
or
- vtep
logical inports can either go directly to VMs, in
- which case the VM responds or can hit an ARP responder for a logical
- router port if the packet is used to resolve a logical router port
- next hop address. In either case, logical switch ARP responder rules
- will not be hit. It contains these logical flows:
-
-
-
- -
- Priority-100 flows to skip the ARP responder if inport is of type
-
localnet
or vtep
and advances directly
- to the next table. ARP requests sent to localnet
or
- vtep
ports can be received by multiple hypervisors.
- Now, because the same mac binding rules are downloaded to all
- hypervisors, each of the multiple hypervisors will respond. This
- will confuse L2 learning on the source of the ARP requests. ARP
- requests received on an inport of type router
are not
- expected to hit any logical switch ARP responder flows. However,
- no skip flows are installed for these packets, as there would be
- some additional flow cost for this and the value appears limited.
-
-
- -
-
- Priority-50 flows that match ARP requests to each known IP address
- A of every logical switch port, and respond with ARP
- replies directly with corresponding Ethernet address E:
-
-
-
-eth.dst = eth.src;
-eth.src = E;
-arp.op = 2; /* ARP reply. */
-arp.tha = arp.sha;
-arp.sha = E;
-arp.tpa = arp.spa;
-arp.spa = A;
-outport = inport;
-flags.loopback = 1;
-output;
-
-
-
- These flows are omitted for logical ports (other than router ports or
- localport
ports) that are down.
-
-
-
- -
-
- Priority-50 flows that match IPv6 ND neighbor solicitations to
- each known IP address A (and A's
- solicited node address) of every logical switch port except of type
- router, and respond with neighbor advertisements directly with
- corresponding Ethernet address E:
-
-
-
-nd_na {
- eth.src = E;
- ip6.src = A;
- nd.target = A;
- nd.tll = E;
- outport = inport;
- flags.loopback = 1;
- output;
-};
-
-
-
- Priority-50 flows that match IPv6 ND neighbor solicitations to
- each known IP address A (and A's
- solicited node address) of logical switch port of type router, and
- respond with neighbor advertisements directly with
- corresponding Ethernet address E:
-
-
-
-nd_na_router {
- eth.src = E;
- ip6.src = A;
- nd.target = A;
- nd.tll = E;
- outport = inport;
- flags.loopback = 1;
- output;
-};
-
-
-
- These flows are omitted for logical ports (other than router ports or
- localport
ports) that are down.
-
-
-
- -
-
- Priority-100 flows with match criteria like the ARP and ND flows
- above, except that they only match packets from the
- inport
that owns the IP addresses in question, with
- action next;
. These flows prevent OVN from replying to,
- for example, an ARP request emitted by a VM for its own IP address.
- A VM only makes this kind of request to attempt to detect a duplicate
- IP address assignment, so sending a reply will prevent the VM from
- accepting the IP address that it owns.
-
-
-
- In place of next;
, it would be reasonable to use
- drop;
for the flows' actions. If everything is working
- as it is configured, then this would produce equivalent results,
- since no host should reply to the request. But ARPing for one's own
- IP address is intended to detect situations where the network is not
- working as configured, so dropping the request would frustrate that
- intent.
-
-
-
- -
- One priority-0 fallback flow that matches all packets and advances to
- the next table.
-
-
-
- Ingress Table 12: DHCP option processing
-
-
- This table adds the DHCPv4 options to a DHCPv4 packet from the
- logical ports configured with IPv4 address(es) and DHCPv4 options,
- and similarly for DHCPv6 options. This table also adds flows for the
- logical ports of type external
.
-
-
-
- -
-
- A priority-100 logical flow is added for these logical ports
- which matches the IPv4 packet with udp.src
= 68 and
- udp.dst
= 67 and applies the action
- put_dhcp_opts
and advances the packet to the next table.
-
-
-
-reg0[3] = put_dhcp_opts(offer_ip = ip, options...);
-next;
-
-
-
- For DHCPDISCOVER and DHCPREQUEST, this transforms the packet into a
- DHCP reply, adds the DHCP offer IP ip and options to the
- packet, and stores 1 into reg0[3]. For other kinds of packets, it
- just stores 0 into reg0[3]. Either way, it continues to the next
- table.
-
-
-
-
- -
-
- A priority-100 logical flow is added for these logical ports
- which matches the IPv6 packet with udp.src
= 546 and
- udp.dst
= 547 and applies the action
- put_dhcpv6_opts
and advances the packet to the next
- table.
-
-
-
-reg0[3] = put_dhcpv6_opts(ia_addr = ip, options...);
-next;
-
-
-
- For DHCPv6 Solicit/Request/Confirm packets, this transforms the
- packet into a DHCPv6 Advertise/Reply, adds the DHCPv6 offer IP
- ip and options to the packet, and stores 1 into reg0[3].
- For other kinds of packets, it just stores 0 into reg0[3]. Either
- way, it continues to the next table.
-
-
-
- -
- A priority-0 flow that matches all packets to advances to table 11.
-
-
-
- Ingress Table 13: DHCP responses
-
-
- This table implements DHCP responder for the DHCP replies generated by
- the previous table.
-
-
-
- -
-
- A priority 100 logical flow is added for the logical ports configured
- with DHCPv4 options which matches IPv4 packets with udp.src == 68
- && udp.dst == 67 && reg0[3] == 1
and
- responds back to the inport
after applying these
- actions. If reg0[3]
is set to 1, it means that the
- action put_dhcp_opts
was successful.
-
-
-
-eth.dst = eth.src;
-eth.src = E;
-ip4.dst = A;
-ip4.src = S;
-udp.src = 67;
-udp.dst = 68;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- where E is the server MAC address and S is the
- server IPv4 address defined in the DHCPv4 options and A is
- the IPv4 address defined in the logical port's addresses column.
-
-
-
- (This terminates ingress packet processing; the packet does not go
- to the next ingress table.)
-
-
-
- -
-
- A priority 100 logical flow is added for the logical ports configured
- with DHCPv6 options which matches IPv6 packets with udp.src == 546
- && udp.dst == 547 && reg0[3] == 1
and
- responds back to the inport
after applying these
- actions. If reg0[3]
is set to 1, it means that the
- action put_dhcpv6_opts
was successful.
-
-
-
-eth.dst = eth.src;
-eth.src = E;
-ip6.dst = A;
-ip6.src = S;
-udp.src = 547;
-udp.dst = 546;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- where E is the server MAC address and S is the
- server IPv6 LLA address generated from the server_id
- defined in the DHCPv6 options and A is
- the IPv6 address defined in the logical port's addresses column.
-
-
-
- (This terminates packet processing; the packet does not go on the
- next ingress table.)
-
-
-
- -
- A priority-0 flow that matches all packets to advances to table 12.
-
-
-
- Ingress Table 14 DNS Lookup
-
-
- This table looks up and resolves the DNS names to the corresponding
- configured IP address(es).
-
-
-
- -
-
- A priority-100 logical flow for each logical switch datapath
- if it is configured with DNS records, which matches the IPv4 and IPv6
- packets with udp.dst
= 53 and applies the action
- dns_lookup
and advances the packet to the next table.
-
-
-
-reg0[4] = dns_lookup(); next;
-
-
-
- For valid DNS packets, this transforms the packet into a DNS
- reply if the DNS name can be resolved, and stores 1 into reg0[4].
- For failed DNS resolution or other kinds of packets, it just stores
- 0 into reg0[4]. Either way, it continues to the next table.
-
-
-
-
- Ingress Table 15 DNS Responses
-
-
- This table implements DNS responder for the DNS replies generated by
- the previous table.
-
-
-
- -
-
- A priority-100 logical flow for each logical switch datapath
- if it is configured with DNS records, which matches the IPv4 and IPv6
- packets with udp.dst = 53 && reg0[4] == 1
- and responds back to the inport
after applying these
- actions. If reg0[4]
is set to 1, it means that the
- action dns_lookup
was successful.
-
-
-
-eth.dst <-> eth.src;
-ip4.src <-> ip4.dst;
-udp.dst = udp.src;
-udp.src = 53;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- (This terminates ingress packet processing; the packet does not go
- to the next ingress table.)
-
-
-
-
- Ingress table 16 External ports
-
-
- Traffic from the external
logical ports enter the ingress
- datapath pipeline via the localnet
port. This table adds the
- below logical flows to handle the traffic from these ports.
-
-
-
- -
-
- A priority-100 flow is added for each external
logical
- port which doesn't reside on a chassis to drop the ARP/IPv6 NS
- request to the router IP(s) (of the logical switch) which matches
- on the inport
of the external
logical port
- and the valid eth.src
address(es) of the
- external
logical port.
-
-
-
- This flow guarantees that the ARP/NS request to the router IP
- address from the external ports is responded by only the chassis
- which has claimed these external ports. All the other chassis,
- drops these packets.
-
-
-
- -
- A priority-0 flow that matches all packets to advances to table 17.
-
-
-
- Ingress Table 17 Destination Lookup
-
-
- This table implements switching behavior. It contains these logical
- flows:
-
-
-
- -
- A priority-100 flow that outputs all packets with an Ethernet broadcast
- or multicast
eth.dst
to the MC_FLOOD
- multicast group, which ovn-northd
populates with all
- enabled logical ports.
-
-
- -
-
- One priority-50 flow that matches each known Ethernet address against
- eth.dst
and outputs the packet to the single associated
- output port.
-
-
-
- For the Ethernet address on a logical switch port of type
- router
, when that logical switch port's
- column is set to router
and
- the connected logical router port specifies a
- redirect-chassis
:
-
-
-
- -
- The flow for the connected logical router port's Ethernet
- address is only programmed on the
redirect-chassis
.
-
-
- -
- If the logical router has rules specified in
-
with
- , then
- those addresses are also used to populate the switch's destination
- lookup on the chassis where
- is
- resident.
-
-
-
-
- For the Ethernet address on a logical switch port of type
- router
, when that logical switch port's
- column is set to router
and
- the connected logical router port specifies a
- reside-on-redirect-chassis
and the logical router
- to which the connected logical router port belongs to has a
- redirect-chassis
distributed gateway logical router
- port:
-
-
-
- -
- The flow for the connected logical router port's Ethernet
- address is only programmed on the
redirect-chassis
.
-
-
-
-
- -
- One priority-0 fallback flow that matches all packets and outputs them
- to the
MC_UNKNOWN
multicast group, which
- ovn-northd
populates with all enabled logical ports that
- accept unknown destination packets. As a small optimization, if no
- logical ports accept unknown destination packets,
- ovn-northd
omits this multicast group and logical flow.
-
-
-
- Egress Table 0: Pre-LB
-
-
- This table is similar to ingress table Pre-LB
. It
- contains a priority-0 flow that simply moves traffic to the next table.
- Moreover it contains a priority-110 flow to move IPv6 Neighbor Discovery
- traffic to the next table. If any load balancing rules exist for the
- datapath, a priority-100 flow is added with a match of ip
- and action of reg0[0] = 1; next;
to act as a hint for
- table Pre-stateful
to send IP packets to the connection
- tracker for packet de-fragmentation.
-
-
- Egress Table 1: to-lport
Pre-ACLs
-
-
- This is similar to ingress table Pre-ACLs
except for
- to-lport
traffic.
-
-
- Egress Table 2: Pre-stateful
-
-
- This is similar to ingress table Pre-stateful
.
-
-
- Egress Table 3: LB
-
- This is similar to ingress table LB
.
-
-
- Egress Table 4: to-lport
ACLs
-
-
- This is similar to ingress table ACLs
except for
- to-lport
ACLs.
-
-
-
- In addition, the following flows are added.
-
-
- -
- A priority 34000 logical flow is added for each logical port which
- has DHCPv4 options defined to allow the DHCPv4 reply packet and which has
- DHCPv6 options defined to allow the DHCPv6 reply packet from the
-
Ingress Table 13: DHCP responses
.
-
-
- -
- A priority 34000 logical flow is added for each logical switch datapath
- configured with DNS records with the match
udp.dst = 53
- to allow the DNS reply packet from the
- Ingress Table 15:DNS responses
.
-
-
-
- Egress Table 5: to-lport
QoS Marking
-
-
- This is similar to ingress table QoS marking
except
- they apply to to-lport
QoS rules.
-
-
- Egress Table 6: to-lport
QoS Meter
-
-
- This is similar to ingress table QoS meter
except
- they apply to to-lport
QoS rules.
-
-
- Egress Table 7: Stateful
-
-
- This is similar to ingress table Stateful
except that
- there are no rules added for load balancing new connections.
-
-
- Egress Table 8: Egress Port Security - IP
-
-
- This is similar to the port security logic in table
- Ingress Port Security - IP
except that outport
,
- eth.dst
, ip4.dst
and ip6.dst
- are checked instead of inport
, eth.src
,
- ip4.src
and ip6.src
-
-
- Egress Table 9: Egress Port Security - L2
-
-
- This is similar to the ingress port security logic in ingress table
- Admission Control and Ingress Port Security - L2
,
- but with important differences. Most obviously, outport
and
- eth.dst
are checked instead of inport
and
- eth.src
. Second, packets directed to broadcast or multicast
- eth.dst
are always accepted instead of being subject to the
- port security rules; this is implemented through a priority-100 flow that
- matches on eth.mcast
with action output;
.
- Finally, to ensure that even broadcast and multicast packets are not
- delivered to disabled logical ports, a priority-150 flow for each
- disabled logical outport
overrides the priority-100 flow
- with a drop;
action.
-
-
- Logical Router Datapaths
-
-
- Logical router datapaths will only exist for rows in the database
- that do not have set to false
-
-
- Ingress Table 0: L2 Admission Control
-
-
- This table drops packets that the router shouldn't see at all based on
- their Ethernet headers. It contains the following flows:
-
-
-
- -
- Priority-100 flows to drop packets with VLAN tags or multicast Ethernet
- source addresses.
-
-
- -
-
- For each enabled router port P with Ethernet address
- E, a priority-50 flow that matches inport ==
- P && (eth.mcast || eth.dst ==
- E
), with action next;
.
-
-
-
- For the gateway port on a distributed logical router (where
- one of the logical router ports specifies a
- redirect-chassis
), the above flow matching
- eth.dst == E
is only programmed on
- the gateway port instance on the
- redirect-chassis
.
-
-
-
- -
-
- For each dnat_and_snat
NAT rule on a distributed
- router that specifies an external Ethernet address E,
- a priority-50 flow that matches inport == GW
- && eth.dst == E
, where GW
- is the logical router gateway port, with action
- next;
.
-
-
-
- This flow is only programmed on the gateway port instance on
- the chassis where the logical_port
specified in
- the NAT rule resides.
-
-
-
-
-
- Other packets are implicitly dropped.
-
-
- Ingress Table 1: IP Input
-
-
- This table is the core of the logical router datapath functionality. It
- contains the following flows to implement very basic IP host
- functionality.
-
-
-
- -
-
- L3 admission control: A priority-100 flow drops packets that match
- any of the following:
-
-
-
- -
-
ip4.src[28..31] == 0xe
(multicast source)
-
- -
-
ip4.src == 255.255.255.255
(broadcast source)
-
- -
-
ip4.src == 127.0.0.0/8 || ip4.dst == 127.0.0.0/8
- (localhost source or destination)
-
- -
-
ip4.src == 0.0.0.0/8 || ip4.dst == 0.0.0.0/8
(zero
- network source or destination)
-
- -
-
ip4.src
or ip6.src
is any IP
- address owned by the router, unless the packet was recirculated
- due to egress loopback as indicated by
- REGBIT_EGRESS_LOOPBACK
.
-
- -
-
ip4.src
is the broadcast address of any IP network
- known to the router.
-
-
-
-
- -
-
- ICMP echo reply. These flows reply to ICMP echo requests received
- for the router's IP address. Let A be an IP address
- owned by a router port. Then, for each A that is
- an IPv4 address, a priority-90 flow matches on
- ip4.dst == A
and
- icmp4.type == 8 && icmp4.code == 0
- (ICMP echo request). For each A that is an IPv6
- address, a priority-90 flow matches on
- ip6.dst == A
and
- icmp6.type == 128 && icmp6.code == 0
- (ICMPv6 echo request). The port of the router that receives the
- echo request does not matter. Also, the ip.ttl
of
- the echo request packet is not checked, so it complies with
- RFC 1812, section 4.2.2.9. Flows for ICMPv4 echo requests use the
- following actions:
-
-
-
-ip4.dst <-> ip4.src;
-ip.ttl = 255;
-icmp4.type = 0;
-flags.loopback = 1;
-next;
-
-
-
- Flows for ICMPv6 echo requests use the following actions:
-
-
-
-ip6.dst <-> ip6.src;
-ip.ttl = 255;
-icmp6.type = 129;
-flags.loopback = 1;
-next;
-
-
-
- -
-
- Reply to ARP requests.
-
-
-
- These flows reply to ARP requests for the router's own IP address
- and populates mac binding table of the logical router port.
- The ARP requests are handled only if the requestor's IP belongs
- to the same subnets of the logical router port.
- For each router port P that owns IP address A,
- which belongs to subnet S with prefix length L,
- and Ethernet address E, a priority-90 flow matches
- inport == P &&
- arp.spa == S/L && arp.op == 1
- && arp.tpa == A
(ARP request) with the
- following actions:
-
-
-
-put_arp(inport, arp.spa, arp.sha);
-eth.dst = eth.src;
-eth.src = E;
-arp.op = 2; /* ARP reply. */
-arp.tha = arp.sha;
-arp.sha = E;
-arp.tpa = arp.spa;
-arp.spa = A;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- For the gateway port on a distributed logical router (where
- one of the logical router ports specifies a
- redirect-chassis
), the above flows are only
- programmed on the gateway port instance on the
- redirect-chassis
. This behavior avoids generation
- of multiple ARP responses from different chassis, and allows
- upstream MAC learning to point to the
- redirect-chassis
.
-
-
-
- For the logical router port with the option
- reside-on-redirect-chassis
set (which is centralized),
- the above flows are only programmed on the gateway port instance on
- the redirect-chassis
(if the logical router has a
- distributed gateway port). This behavior avoids generation
- of multiple ARP responses from different chassis, and allows
- upstream MAC learning to point to the
- redirect-chassis
.
-
-
-
- -
-
- These flows handles ARP requests not for router's own IP address.
- They use the SPA and SHA to populate the logical router port's
- mac binding table, with priority 80. The typical use case of
- these flows are GARP requests handling. For the gateway port
- on a distributed logical router, these flows are only programmed
- on the gateway port instance on the redirect-chassis
.
-
-
-
- -
-
- These flows reply to ARP requests for the virtual IP addresses
- configured in the router for DNAT or load balancing. For a
- configured DNAT IP address or a load balancer IPv4 VIP A,
- for each router port P with Ethernet
- address E, a priority-90 flow matches
- inport == P && arp.op == 1 &&
- arp.tpa == A
(ARP request)
- with the following actions:
-
-
-
-eth.dst = eth.src;
-eth.src = E;
-arp.op = 2; /* ARP reply. */
-arp.tha = arp.sha;
-arp.sha = E;
-arp.tpa = arp.spa;
-arp.spa = A;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- For the gateway port on a distributed logical router with NAT
- (where one of the logical router ports specifies a
- redirect-chassis
):
-
-
-
- -
- If the corresponding NAT rule cannot be handled in a
- distributed manner, then this flow is only programmed on
- the gateway port instance on the
-
redirect-chassis
. This behavior avoids
- generation of multiple ARP responses from different chassis,
- and allows upstream MAC learning to point to the
- redirect-chassis
.
-
-
- -
-
- If the corresponding NAT rule can be handled in a distributed
- manner, then this flow is only programmed on the gateway port
- instance where the logical_port
specified in the
- NAT rule resides.
-
-
-
- Some of the actions are different for this case, using the
- external_mac
specified in the NAT rule rather
- than the gateway port's Ethernet address E:
-
-
-
-eth.src = external_mac;
-arp.sha = external_mac;
-
-
-
- This behavior avoids generation of multiple ARP responses
- from different chassis, and allows upstream MAC learning to
- point to the correct chassis.
-
-
-
-
-
- -
- ARP reply handling. This flow uses ARP replies to populate the
- logical router's ARP table. A priority-90 flow with match
arp.op
- == 2
has actions put_arp(inport, arp.spa,
- arp.sha);
.
-
-
- -
-
- Reply to IPv6 Neighbor Solicitations. These flows reply to
- Neighbor Solicitation requests for the router's own IPv6
- address and load balancing IPv6 VIPs and populate the logical
- router's mac binding table.
-
-
-
- For each router port P that
- owns IPv6 address A, solicited node address S,
- and Ethernet address E, a priority-90 flow matches
- inport == P &&
- nd_ns && ip6.dst == {A, E} &&
- nd.target == A
with the following actions:
-
-
-
-put_nd(inport, ip6.src, nd.sll);
-nd_na_router {
- eth.src = E;
- ip6.src = A;
- nd.target = A;
- nd.tll = E;
- outport = inport;
- flags.loopback = 1;
- output;
-};
-
-
-
- For each router port P that has load balancing VIP
- A, solicited node address S, and Ethernet
- address E, a priority-90 flow matches
- inport == P &&
- nd_ns && ip6.dst == {A, E} &&
- nd.target == A
with the following actions:
-
-
-
-put_nd(inport, ip6.src, nd.sll);
-nd_na {
- eth.src = E;
- ip6.src = A;
- nd.target = A;
- nd.tll = E;
- outport = inport;
- flags.loopback = 1;
- output;
-};
-
-
-
- For the gateway port on a distributed logical router (where
- one of the logical router ports specifies a
- redirect-chassis
), the above flows replying to
- IPv6 Neighbor Solicitations are only programmed on the
- gateway port instance on the redirect-chassis
.
- This behavior avoids generation of multiple replies from
- different chassis, and allows upstream MAC learning to point
- to the redirect-chassis
.
-
-
-
- -
- IPv6 neighbor advertisement handling. This flow uses neighbor
- advertisements to populate the logical router's mac binding
- table. A priority-90 flow with match
nd_na
- has actions put_nd(inport, nd.target, nd.tll);
.
-
-
- -
- IPv6 neighbor solicitation for non-hosted addresses handling.
- This flow uses neighbor solicitations to populate the logical
- router's mac binding table (ones that were directed at the
- logical router would have matched the priority-90 neighbor
- solicitation flow already). A priority-80 flow with match
-
nd_ns
has actions
- put_nd(inport, ip6.src, nd.sll);
.
-
-
- -
-
- UDP port unreachable. Priority-80 flows generate ICMP port
- unreachable messages in reply to UDP datagrams directed to the
- router's IP address, except in the special case of gateways,
- which accept traffic directed to a router IP for load balancing
- and NAT purposes.
-
-
-
- These flows should not match IP fragments with nonzero offset.
-
-
-
- -
-
- TCP reset. Priority-80 flows generate TCP reset messages in reply
- to TCP datagrams directed to the router's IP address, except in
- the special case of gateways, which accept traffic directed to a
- router IP for load balancing and NAT purposes.
-
-
-
- These flows should not match IP fragments with nonzero offset.
-
-
-
- -
-
- Protocol or address unreachable. Priority-70 flows generate ICMP
- protocol or address unreachable messages for IPv4 and IPv6
- respectively in reply to packets directed to the router's IP
- address on IP protocols other than UDP, TCP, and ICMP, except in the
- special case of gateways, which accept traffic directed to a router
- IP for load balancing purposes.
-
-
-
- These flows should not match IP fragments with nonzero offset.
-
-
-
- -
- Drop other IP traffic to this router. These flows drop any other
- traffic destined to an IP address of this router that is not already
- handled by one of the flows above, which amounts to ICMP (other than
- echo requests) and fragments with nonzero offsets. For each IP address
- A owned by the router, a priority-60 flow matches
-
ip4.dst == A
and drops the traffic. An
- exception is made and the above flow is not added if the router
- port's own IP address is used to SNAT packets passing through that
- router.
-
-
-
-
- The flows above handle all of the traffic that might be directed to the
- router itself. The following flows (with lower priorities) handle the
- remaining traffic, potentially for forwarding:
-
-
-
- -
- Drop Ethernet local broadcast. A priority-50 flow with match
-
eth.bcast
drops traffic destined to the local Ethernet
- broadcast address. By definition this traffic should not be forwarded.
-
-
- -
-
- ICMP time exceeded. For each router port P, whose IP
- address is A, a priority-40 flow with match inport
- == P && ip.ttl == {0, 1} &&
- !ip.later_frag
matches packets whose TTL has expired, with the
- following actions to send an ICMP time exceeded reply for IPv4 and
- IPv6 respectively:
-
-
-
-icmp4 {
- icmp4.type = 11; /* Time exceeded. */
- icmp4.code = 0; /* TTL exceeded in transit. */
- ip4.dst = ip4.src;
- ip4.src = A;
- ip.ttl = 255;
- next;
-};
-
-icmp6 {
- icmp6.type = 3; /* Time exceeded. */
- icmp6.code = 0; /* TTL exceeded in transit. */
- ip6.dst = ip6.src;
- ip6.src = A;
- ip.ttl = 255;
- next;
-};
-
-
-
- -
- TTL discard. A priority-30 flow with match
ip.ttl == {0,
- 1}
and actions drop;
drops other packets whose TTL
- has expired, that should not receive a ICMP error reply (i.e. fragments
- with nonzero offset).
-
-
- -
- Next table. A priority-0 flows match all packets that aren't already
- handled and uses actions
next;
to feed them to the next
- table.
-
-
-
- Ingress Table 2: DEFRAG
-
-
- This is to send packets to connection tracker for tracking and
- defragmentation. It contains a priority-0 flow that simply moves traffic
- to the next table. If load balancing rules with virtual IP addresses
- (and ports) are configured in OVN_Northbound
database for a
- Gateway router, a priority-100 flow is added for each configured virtual
- IP address VIP. For IPv4 VIPs the flow matches
- ip && ip4.dst == VIP
. For IPv6
- VIPs, the flow matches ip && ip6.dst ==
- VIP
. The flow uses the action ct_next;
- to send IP packets to the connection tracker for packet de-fragmentation
- and tracking before sending it to the next table.
-
-
- Ingress Table 3: UNSNAT
-
-
- This is for already established connections' reverse traffic.
- i.e., SNAT has already been done in egress pipeline and now the
- packet has entered the ingress pipeline as part of a reply. It is
- unSNATted here.
-
-
- Ingress Table 3: UNSNAT on Gateway Routers
-
-
- -
-
- If the Gateway router has been configured to force SNAT any
- previously DNATted packets to B, a priority-110 flow
- matches ip && ip4.dst == B
with
- an action ct_snat;
.
-
-
-
- If the Gateway router has been configured to force SNAT any
- previously load-balanced packets to B, a priority-100 flow
- matches ip && ip4.dst == B
with
- an action ct_snat;
.
-
-
-
- For each NAT configuration in the OVN Northbound database, that asks
- to change the source IP address of a packet from A to
- B, a priority-90 flow matches ip &&
- ip4.dst == B
with an action
- ct_snat;
.
-
-
-
- A priority-0 logical flow with match 1
has actions
- next;
.
-
-
-
-
- Ingress Table 3: UNSNAT on Distributed Routers
-
-
- -
-
- For each configuration in the OVN Northbound database, that asks
- to change the source IP address of a packet from A to
- B, a priority-100 flow matches ip &&
- ip4.dst == B && inport == GW
,
- where GW is the logical router gateway port, with an
- action ct_snat;
.
-
-
-
- If the NAT rule cannot be handled in a distributed manner, then
- the priority-100 flow above is only programmed on the
- redirect-chassis
.
-
-
-
- For each configuration in the OVN Northbound database, that asks
- to change the source IP address of a packet from A to
- B, a priority-50 flow matches ip &&
- ip4.dst == B
with an action
- REGBIT_NAT_REDIRECT = 1; next;
. This flow is for
- east/west traffic to a NAT destination IPv4 address. By
- setting the REGBIT_NAT_REDIRECT
flag, in the
- ingress table Gateway Redirect
this will trigger a
- redirect to the instance of the gateway port on the
- redirect-chassis
.
-
-
-
- A priority-0 logical flow with match 1
has actions
- next;
.
-
-
-
-
- Ingress Table 4: DNAT
-
-
- Packets enter the pipeline with destination IP address that needs to
- be DNATted from a virtual IP address to a real IP address. Packets
- in the reverse direction needs to be unDNATed.
-
-
- Ingress Table 4: Load balancing DNAT rules
-
-
- Following load balancing DNAT flows are added for Gateway router or
- Router with gateway port. These flows are programmed only on the
- redirect-chassis
. These flows do not get programmed for
- load balancers with IPv6 VIPs.
-
-
-
- -
- For all the configured load balancing rules for a Gateway router or
- Router with gateway port in
OVN_Northbound
database that
- includes a L4 port PORT of protocol P and IPv4
- address VIP, a priority-120 flow that matches on
- ct.new && ip && ip4.dst == VIP
- && P && P.dst == PORT
-
with an action of ct_lb(args)
,
- where args contains comma separated IPv4 addresses (and
- optional port numbers) to load balance to. If the router is configured
- to force SNAT any load-balanced packets, the above action will be
- replaced by flags.force_snat_for_lb = 1;
- ct_lb(args);
.
-
-
- -
- For all the configured load balancing rules for a router in
-
OVN_Northbound
database that includes a L4 port
- PORT of protocol P and IPv4 address
- VIP, a priority-120 flow that matches on
- ct.est && ip && ip4.dst == VIP
- && P && P.dst == PORT
-
with an action of ct_dnat;
. If the router is
- configured to force SNAT any load-balanced packets, the above action
- will be replaced by flags.force_snat_for_lb = 1; ct_dnat;
.
-
-
- -
- For all the configured load balancing rules for a router in
-
OVN_Northbound
database that includes just an IP address
- VIP to match on, a priority-110 flow that matches on
- ct.new && ip && ip4.dst ==
- VIP
with an action of
- ct_lb(args)
, where args contains
- comma separated IPv4 addresses. If the router is configured to force
- SNAT any load-balanced packets, the above action will be replaced by
- flags.force_snat_for_lb = 1; ct_lb(args);
.
-
-
- -
- For all the configured load balancing rules for a router in
-
OVN_Northbound
database that includes just an IP address
- VIP to match on, a priority-110 flow that matches on
- ct.est && ip && ip4.dst ==
- VIP
with an action of ct_dnat;
.
- If the router is configured to force SNAT any load-balanced
- packets, the above action will be replaced by
- flags.force_snat_for_lb = 1; ct_dnat;
.
-
-
-
- Ingress Table 4: DNAT on Gateway Routers
-
-
- -
- For each configuration in the OVN Northbound database, that asks
- to change the destination IP address of a packet from A to
- B, a priority-100 flow matches
ip &&
- ip4.dst == A
with an action
- flags.loopback = 1; ct_dnat(B);
. If the
- Gateway router is configured to force SNAT any DNATed packet,
- the above action will be replaced by
- flags.force_snat_for_dnat = 1; flags.loopback = 1;
- ct_dnat(B);
.
-
-
- -
- For all IP packets of a Gateway router, a priority-50 flow with an
- action
flags.loopback = 1; ct_dnat;
.
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Ingress Table 4: DNAT on Distributed Routers
-
-
- On distributed routers, the DNAT table only handles packets
- with destination IP address that needs to be DNATted from a
- virtual IP address to a real IP address. The unDNAT processing
- in the reverse direction is handled in a separate table in the
- egress pipeline.
-
-
-
- -
-
- For each configuration in the OVN Northbound database, that asks
- to change the destination IP address of a packet from A to
- B, a priority-100 flow matches ip &&
- ip4.dst == B && inport == GW
,
- where GW is the logical router gateway port, with an
- action ct_dnat(B);
.
-
-
-
- If the NAT rule cannot be handled in a distributed manner, then
- the priority-100 flow above is only programmed on the
- redirect-chassis
.
-
-
-
- For each configuration in the OVN Northbound database, that asks
- to change the destination IP address of a packet from A to
- B, a priority-50 flow matches ip &&
- ip4.dst == B
with an action
- REGBIT_NAT_REDIRECT = 1; next;
. This flow is for
- east/west traffic to a NAT destination IPv4 address. By
- setting the REGBIT_NAT_REDIRECT
flag, in the
- ingress table Gateway Redirect
this will trigger a
- redirect to the instance of the gateway port on the
- redirect-chassis
.
-
-
-
- A priority-0 logical flow with match 1
has actions
- next;
.
-
-
-
-
- Ingress Table 5: IPv6 ND RA option processing
-
-
- -
-
- A priority-50 logical flow is added for each logical router port
- configured with IPv6 ND RA options which matches IPv6 ND Router
- Solicitation packet and applies the action
- put_nd_ra_opts
and advances the packet to the next
- table.
-
-
-
-reg0[5] = put_nd_ra_opts(options);next;
-
-
-
- For a valid IPv6 ND RS packet, this transforms the packet into an
- IPv6 ND RA reply and sets the RA options to the packet and stores 1
- into reg0[5]. For other kinds of packets, it just stores 0 into
- reg0[5]. Either way, it continues to the next table.
-
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Ingress Table 6: IPv6 ND RA responder
-
-
- This table implements IPv6 ND RA responder for the IPv6 ND RA replies
- generated by the previous table.
-
-
-
- -
-
- A priority-50 logical flow is added for each logical router port
- configured with IPv6 ND RA options which matches IPv6 ND RA
- packets and reg0[5] == 1
and responds back to the
- inport
after applying these actions.
- If reg0[5]
is set to 1, it means that the action
- put_nd_ra_opts
was successful.
-
-
-
-eth.dst = eth.src;
-eth.src = E;
-ip6.dst = ip6.src;
-ip6.src = I;
-outport = P;
-flags.loopback = 1;
-output;
-
-
-
- where E is the MAC address and I is the IPv6
- link local address of the logical router port.
-
-
-
- (This terminates packet processing in ingress pipeline; the packet
- does not go to the next ingress table.)
-
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Ingress Table 7: IP Routing
-
-
- A packet that arrives at this table is an IP packet that should be
- routed to the address in ip4.dst
or
- ip6.dst
. This table implements IP routing, setting
- reg0
(or xxreg0
for IPv6) to the next-hop IP
- address (leaving ip4.dst
or ip6.dst
, the
- packet's final destination, unchanged) and advances to the next
- table for ARP resolution. It also sets reg1
(or
- xxreg1
) to the IP address owned by the selected router
- port (ingress table ARP Request
will generate an ARP
- request, if needed, with reg0
as the target protocol
- address and reg1
as the source protocol address).
-
-
-
- This table contains the following logical flows:
-
-
-
- -
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
, a priority-400
- logical flow for each ip source/destination couple that matches the
- dnat_and_snat
NAT rules configured. These flows will
- allow to properly forward traffic to the external connections if
- available and avoid sending it through the tunnel.
- Assuming the two following NAT rules have been configured:
-
-
-
-external_ip{0,1} = EIP{0,1};
-external_mac{0,1} = MAC{0,1};
-logical_ip{0,1} = LIP{0,1};
-
-
-
- the following action will be applied:
-
-
-
-eth.dst = MAC0;
-eth.src = MAC1;
-reg0 = ip4.dst;
-reg1 = EIP1;
-outport = redirect-chassis-port
;
-REGBIT_DISTRIBUTED_NAT = 1; next;
.
-
-
-
- Morover a priority-400 logical flow is configured for each
- dnat_and_snat
NAT rule configured in order to
- not send traffic for local FIP through the overlay tunnels
- but manage it in the local hypervisor
-
-
-
- -
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
, a priority-300
- logical flow with match REGBIT_NAT_REDIRECT == 1
has
- actions ip.ttl--; next;
. The outport
- will be set later in the Gateway Redirect table.
-
-
-
- -
-
- IPv4 routing table. For each route to IPv4 network N with
- netmask M, on router port P with IP address
- A and Ethernet
- address E, a logical flow with match ip4.dst ==
- N/M
, whose priority is the number of
- 1-bits in M, has the following actions:
-
-
-
-ip.ttl--;
-reg0 = G;
-reg1 = A;
-eth.src = E;
-outport = P;
-flags.loopback = 1;
-next;
-
-
-
- (Ingress table 1 already verified that ip.ttl--;
will
- not yield a TTL exceeded error.)
-
-
-
- If the route has a gateway, G is the gateway IP address.
- Instead, if the route is from a configured static route, G
- is the next hop IP address. Else it is ip4.dst
.
-
-
-
- -
-
- IPv6 routing table. For each route to IPv6 network
- N with netmask M, on router port
- P with IP address A and Ethernet address
- E, a logical flow with match in CIDR notation
- ip6.dst == N/M
,
- whose priority is the integer value of M, has the
- following actions:
-
-
-
-ip.ttl--;
-xxreg0 = G;
-xxreg1 = A;
-eth.src = E;
-outport = P;
-flags.loopback = 1;
-next;
-
-
-
- (Ingress table 1 already verified that ip.ttl--;
will
- not yield a TTL exceeded error.)
-
-
-
- If the route has a gateway, G is the gateway IP address.
- Instead, if the route is from a configured static route, G
- is the next hop IP address. Else it is ip6.dst
.
-
-
-
- If the address A is in the link-local scope, the
- route will be limited to sending on the ingress port.
-
-
-
-
- Ingress Table 8: ARP/ND Resolution
-
-
- Any packet that reaches this table is an IP packet whose next-hop
- IPv4 address is in reg0
or IPv6 address is in
- xxreg0
. (ip4.dst
or
- ip6.dst
contains the final destination.) This table
- resolves the IP address in reg0
(or
- xxreg0
) into an output port in outport
- and an Ethernet address in eth.dst
, using the
- following flows:
-
-
-
- -
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
, a priority-400
- logical flow with match REGBIT_DISTRIBUTED_NAT == 1
- has action next;
-
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
, a priority-200
- logical flow with match REGBIT_NAT_REDIRECT == 1
has
- actions eth.dst = E; next;
, where
- E is the ethernet address of the router's distributed
- gateway port.
-
-
-
- -
-
- Static MAC bindings. MAC bindings can be known statically based on
- data in the OVN_Northbound
database. For router ports
- connected to logical switches, MAC bindings can be known statically
- from the addresses
column in the
- Logical_Switch_Port
table. For router ports
- connected to other logical routers, MAC bindings can be known
- statically from the mac
and networks
- column in the Logical_Router_Port
table.
-
-
-
- For each IPv4 address A whose host is known to have
- Ethernet address E on router port P, a
- priority-100 flow with match outport === P
- && reg0 == A
has actions
- eth.dst = E; next;
.
-
-
-
- For each IPv6 address A whose host is known to have
- Ethernet address E on router port P, a
- priority-100 flow with match outport === P
- && xxreg0 == A
has actions
- eth.dst = E; next;
.
-
-
-
- For each logical router port with an IPv4 address A and
- a mac address of E that is reachable via a different
- logical router port P, a priority-100 flow with
- match outport === P && reg0 ==
- A
has actions eth.dst = E;
- next;
.
-
-
-
- For each logical router port with an IPv6 address A and
- a mac address of E that is reachable via a different
- logical router port P, a priority-100 flow with
- match outport === P && xxreg0 ==
- A
has actions eth.dst = E;
- next;
.
-
-
-
- -
-
- Dynamic MAC bindings. These flows resolve MAC-to-IP bindings
- that have become known dynamically through ARP or neighbor
- discovery. (The ingress table ARP Request
will
- issue an ARP or neighbor solicitation request for cases where
- the binding is not yet known.)
-
-
-
- A priority-0 logical flow with match ip4
has actions
- get_arp(outport, reg0); next;
.
-
-
-
- A priority-0 logical flow with match ip6
has actions
- get_nd(outport, xxreg0); next;
.
-
-
-
-
- Ingress Table 9: Check packet length
-
-
- For distributed logical routers with distributed gateway port configured
- with options:gateway_mtu
to a valid integer value, this
- table adds a priority-50 logical flow with the match
- ip4 && outport == GW_PORT
where
- GW_PORT is the distributed gateway router port and applies the
- action check_pkt_larger
and advances the packet to the
- next table.
-
-
-
-REGBIT_PKT_LARGER = check_pkt_larger(L); next;
-
-
-
- where L is the packet length to check for. If the packet
- is larger than L, it stores 1 in the register bit
- REGBIT_PKT_LARGER
. The value of
- L is taken from column of
- row.
-
-
-
- This table adds one priority-0 fallback flow that matches all packets
- and advances to the next table.
-
-
- Ingress Table 10: Handle larger packets
-
-
- For distributed logical routers with distributed gateway port configured
- with options:gateway_mtu
to a valid integer value, this
- table adds the following priority-50 logical flow for each
- logical router port with the match ip4 &&
- inport == LRP && outport == GW_PORT
- && REGBIT_PKT_LARGER
, where LRP is the logical
- router port and GW_PORT is the distributed gateway router port
- and applies the following action
-
-
-
-icmp4 {
- icmp4.type = 3; /* Destination Unreachable. */
- icmp4.code = 4; /* Frag Needed and DF was Set. */
- icmp4.frag_mtu = M;
- eth.dst = E;
- ip4.dst = ip4.src;
- ip4.src = I;
- ip.ttl = 255;
- REGBIT_EGRESS_LOOPBACK = 1;
- next(pipeline=ingress, table=0);
-};
-
-
-
- -
- Where M is the (fragment MTU - 58) whose value is taken from
-
column of
- row.
-
-
- -
- E is the Ethernet address of the logical router port.
-
-
- -
- I is the IPv4 address of the logical router port.
-
-
-
-
- This table adds one priority-0 fallback flow that matches all packets
- and advances to the next table.
-
-
- Ingress Table 11: Gateway Redirect
-
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
, this table redirects
- certain packets to the distributed gateway port instance on the
- redirect-chassis
. This table has the following flows:
-
-
-
- -
- A priority-300 logical flow with match
-
REGBIT_DISTRIBUTED_NAT == 1
has action
- next;
-
- -
- A priority-200 logical flow with match
-
REGBIT_NAT_REDIRECT == 1
has actions
- outport = CR; next;
, where CR
- is the chassisredirect
port representing the instance
- of the logical router distributed gateway port on the
- redirect-chassis
.
-
-
- -
- A priority-150 logical flow with match
-
outport == GW &&
- eth.dst == 00:00:00:00:00:00
has actions
- outport = CR; next;
, where
- GW is the logical router distributed gateway
- port and CR is the chassisredirect
- port representing the instance of the logical router
- distributed gateway port on the
- redirect-chassis
.
-
-
- -
- For each NAT rule in the OVN Northbound database that can
- be handled in a distributed manner, a priority-100 logical
- flow with match
ip4.src == B &&
- outport == GW
, where GW is
- the logical router distributed gateway port, with actions
- next;
.
-
-
- -
- A priority-50 logical flow with match
-
outport == GW
has actions
- outport = CR; next;
, where
- GW is the logical router distributed gateway
- port and CR is the chassisredirect
- port representing the instance of the logical router
- distributed gateway port on the
- redirect-chassis
.
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Ingress Table 12: ARP Request
-
-
- In the common case where the Ethernet destination has been resolved, this
- table outputs the packet. Otherwise, it composes and sends an ARP or
- IPv6 Neighbor Solicitation request. It holds the following flows:
-
-
-
- -
-
- Unknown MAC address. A priority-100 flow for IPv4 packets with match
- eth.dst == 00:00:00:00:00:00
has the following actions:
-
-
-
-arp {
- eth.dst = ff:ff:ff:ff:ff:ff;
- arp.spa = reg1;
- arp.tpa = reg0;
- arp.op = 1; /* ARP request. */
- output;
-};
-
-
-
- Unknown MAC address. For each IPv6 static route associated with the
- router with the nexthop IP: G, a priority-200 flow
- for IPv6 packets with match
- eth.dst == 00:00:00:00:00:00 &&
- xxreg0 == G
- with the following actions is added:
-
-
-
-nd_ns {
- eth.dst = E;
- ip6.dst = I
- nd.target = G;
- output;
-};
-
-
-
- Where E is the multicast mac derived from the Gateway IP,
- I is the solicited-node multicast address corresponding
- to the target address G.
-
-
-
- Unknown MAC address. A priority-100 flow for IPv6 packets with match
- eth.dst == 00:00:00:00:00:00
has the following actions:
-
-
-
-nd_ns {
- nd.target = xxreg0;
- output;
-};
-
-
-
- (Ingress table IP Routing
initialized reg1
- with the IP address owned by outport
and
- (xx)reg0
with the next-hop IP address)
-
-
-
- The IP packet that triggers the ARP/IPv6 NS request is dropped.
-
-
-
- -
- Known MAC address. A priority-0 flow with match
1
has
- actions output;
.
-
-
-
- Egress Table 0: UNDNAT
-
-
- This is for already established connections' reverse traffic.
- i.e., DNAT has already been done in ingress pipeline and now the
- packet has entered the egress pipeline as part of a reply. For
- NAT on a distributed router, it is unDNATted here. For Gateway
- routers, the unDNAT processing is carried out in the ingress DNAT
- table.
-
-
-
- -
-
- For all the configured load balancing rules for a router with gateway
- port in OVN_Northbound
database that includes an IPv4
- address VIP
, for every backend IPv4 address B
- defined for the VIP
a priority-120 flow is programmed on
- redirect-chassis
that matches
- ip && ip4.src == B &&
- outport == GW
, where GW is the logical
- router gateway port with an action ct_dnat;
. If the
- backend IPv4 address B is also configured with L4 port
- PORT of protocol P, then the
- match also includes P.src
== PORT. These
- flows are not added for load balancers with IPv6 VIPs.
-
-
-
- If the router is configured to force SNAT any load-balanced packets,
- above action will be replaced by
- flags.force_snat_for_lb = 1; ct_dnat;
.
-
-
-
- -
-
- For each configuration in the OVN Northbound database that asks
- to change the destination IP address of a packet from an IP
- address of A to B, a priority-100 flow
- matches ip && ip4.src == B
- && outport == GW
, where GW
- is the logical router gateway port, with an action
- ct_dnat;
.
-
-
-
- If the NAT rule cannot be handled in a distributed manner, then
- the priority-100 flow above is only programmed on the
- redirect-chassis
.
-
-
-
- If the NAT rule can be handled in a distributed manner, then
- there is an additional action
- eth.src = EA;
, where EA
- is the ethernet address associated with the IP address
- A in the NAT rule. This allows upstream MAC
- learning to point to the correct chassis.
-
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Egress Table 1: SNAT
-
-
- Packets that are configured to be SNATed get their source IP address
- changed based on the configuration in the OVN Northbound database.
-
-
- Egress Table 1: SNAT on Gateway Routers
-
-
- -
-
- If the Gateway router in the OVN Northbound database has been
- configured to force SNAT a packet (that has been previously DNATted)
- to B, a priority-100 flow matches
- flags.force_snat_for_dnat == 1 && ip
with an
- action ct_snat(B);
.
-
-
- If the Gateway router in the OVN Northbound database has been
- configured to force SNAT a packet (that has been previously
- load-balanced) to B, a priority-100 flow matches
- flags.force_snat_for_lb == 1 && ip
with an
- action ct_snat(B);
.
-
-
- For each configuration in the OVN Northbound database, that asks
- to change the source IP address of a packet from an IP address of
- A or to change the source IP address of a packet that
- belongs to network A to B, a flow matches
- ip && ip4.src == A
with an action
- ct_snat(B);
. The priority of the flow
- is calculated based on the mask of A, with matches
- having larger masks getting higher priorities.
-
-
- A priority-0 logical flow with match 1
has actions
- next;
.
-
-
-
-
- Egress Table 1: SNAT on Distributed Routers
-
-
- -
-
- For each configuration in the OVN Northbound database, that asks
- to change the source IP address of a packet from an IP address of
- A or to change the source IP address of a packet that
- belongs to network A to B, a flow matches
- ip && ip4.src == A &&
- outport == GW
, where GW is the
- logical router gateway port, with an action
- ct_snat(B);
. The priority of the flow
- is calculated based on the mask of A, with matches
- having larger masks getting higher priorities.
-
-
-
- If the NAT rule cannot be handled in a distributed manner, then
- the flow above is only programmed on the
- redirect-chassis
increasing flow priority by 128 in
- order to be run first
-
-
-
- If the NAT rule can be handled in a distributed manner, then
- there is an additional action
- eth.src = EA;
, where EA
- is the ethernet address associated with the IP address
- A in the NAT rule. This allows upstream MAC
- learning to point to the correct chassis.
-
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Egress Table 2: Egress Loopback
-
-
- For distributed logical routers where one of the logical router
- ports specifies a redirect-chassis
.
-
-
-
- Earlier in the ingress pipeline, some east-west traffic was
- redirected to the chassisredirect
port, based on
- flows in the UNSNAT
and DNAT
ingress
- tables setting the REGBIT_NAT_REDIRECT
flag, which
- then triggered a match to a flow in the
- Gateway Redirect
ingress table. The intention was
- not to actually send traffic out the distributed gateway port
- instance on the redirect-chassis
. This traffic was
- sent to the distributed gateway port instance in order for DNAT
- and/or SNAT processing to be applied.
-
-
-
- While UNDNAT and SNAT processing have already occurred by this
- point, this traffic needs to be forced through egress loopback on
- this distributed gateway port instance, in order for UNSNAT and
- DNAT processing to be applied, and also for IP routing and ARP
- resolution after all of the NAT processing, so that the packet can
- be forwarded to the destination.
-
-
-
- This table has the following flows:
-
-
-
- -
-
- For each dnat_and_snat
NAT rule couple in the
- OVN Northbound database on a distributed router,
- a priority-200 logical with match
- ip4.dst == external_ip0 &&
- ip4.src == external_ip1
, has action
- next;
-
-
-
- For each NAT rule in the OVN Northbound database on a
- distributed router, a priority-100 logical flow with match
- ip4.dst == E &&
- outport == GW
, where E is the
- external IP address specified in the NAT rule, and GW
- is the logical router distributed gateway port, with the
- following actions:
-
-
-
-clone {
- ct_clear;
- inport = outport;
- outport = "";
- flags = 0;
- flags.loopback = 1;
- reg0 = 0;
- reg1 = 0;
- ...
- reg9 = 0;
- REGBIT_EGRESS_LOOPBACK = 1;
- next(pipeline=ingress, table=0);
-};
-
-
-
- flags.loopback
is set since in_port is unchanged
- and the packet may return back to that port after NAT processing.
- REGBIT_EGRESS_LOOPBACK
is set to indicate that
- egress loopback has occurred, in order to skip the source IP
- address check against the router address.
-
-
-
- -
- A priority-0 logical flow with match
1
has actions
- next;
.
-
-
-
- Egress Table 3: Delivery
-
-
- Packets that reach this table are ready for delivery. It contains
- priority-100 logical flows that match packets on each enabled logical
- router port, with action output;
.
-
-
-
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
deleted file mode 100644
index 77415ddd3de..00000000000
--- a/ovn/northd/ovn-northd.c
+++ /dev/null
@@ -1,9446 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include
-#include
-#include
-
-#include "bitmap.h"
-#include "command-line.h"
-#include "daemon.h"
-#include "dirs.h"
-#include "openvswitch/dynamic-string.h"
-#include "fatal-signal.h"
-#include "hash.h"
-#include "openvswitch/hmap.h"
-#include "openvswitch/json.h"
-#include "ovn/lex.h"
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/mcast-group-index.h"
-#include "ovn/lib/ovn-l7.h"
-#include "ovn/lib/ovn-nb-idl.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/ovn-util.h"
-#include "ovn/actions.h"
-#include "ovn/logical-fields.h"
-#include "packets.h"
-#include "openvswitch/poll-loop.h"
-#include "smap.h"
-#include "sset.h"
-#include "svec.h"
-#include "stream.h"
-#include "stream-ssl.h"
-#include "unixctl.h"
-#include "util.h"
-#include "uuid.h"
-#include "openvswitch/vlog.h"
-
-VLOG_DEFINE_THIS_MODULE(ovn_northd);
-
-static unixctl_cb_func ovn_northd_exit;
-
-struct northd_context {
- struct ovsdb_idl *ovnnb_idl;
- struct ovsdb_idl *ovnsb_idl;
- struct ovsdb_idl_txn *ovnnb_txn;
- struct ovsdb_idl_txn *ovnsb_txn;
- struct ovsdb_idl_index *sbrec_ha_chassis_grp_by_name;
- struct ovsdb_idl_index *sbrec_mcast_group_by_name_dp;
- struct ovsdb_idl_index *sbrec_ip_mcast_by_dp;
-};
-
-static const char *ovnnb_db;
-static const char *ovnsb_db;
-static const char *unixctl_path;
-
-#define MAC_ADDR_SPACE 0xffffff
-
-/* MAC address management (macam) table of "struct eth_addr"s, that holds the
- * MAC addresses allocated by the OVN ipam module. */
-static struct hmap macam = HMAP_INITIALIZER(&macam);
-static struct eth_addr mac_prefix;
-
-static bool controller_event_en;
-
-#define MAX_OVN_TAGS 4096
-
-/* Pipeline stages. */
-
-/* The two pipelines in an OVN logical flow table. */
-enum ovn_pipeline {
- P_IN, /* Ingress pipeline. */
- P_OUT /* Egress pipeline. */
-};
-
-/* The two purposes for which ovn-northd uses OVN logical datapaths. */
-enum ovn_datapath_type {
- DP_SWITCH, /* OVN logical switch. */
- DP_ROUTER /* OVN logical router. */
-};
-
-/* Returns an "enum ovn_stage" built from the arguments.
- *
- * (It's better to use ovn_stage_build() for type-safety reasons, but inline
- * functions can't be used in enums or switch cases.) */
-#define OVN_STAGE_BUILD(DP_TYPE, PIPELINE, TABLE) \
- (((DP_TYPE) << 9) | ((PIPELINE) << 8) | (TABLE))
-
-/* A stage within an OVN logical switch or router.
- *
- * An "enum ovn_stage" indicates whether the stage is part of a logical switch
- * or router, whether the stage is part of the ingress or egress pipeline, and
- * the table within that pipeline. The first three components are combined to
- * form the stage's full name, e.g. S_SWITCH_IN_PORT_SEC_L2,
- * S_ROUTER_OUT_DELIVERY. */
-enum ovn_stage {
-#define PIPELINE_STAGES \
- /* Logical switch ingress stages. */ \
- PIPELINE_STAGE(SWITCH, IN, PORT_SEC_L2, 0, "ls_in_port_sec_l2") \
- PIPELINE_STAGE(SWITCH, IN, PORT_SEC_IP, 1, "ls_in_port_sec_ip") \
- PIPELINE_STAGE(SWITCH, IN, PORT_SEC_ND, 2, "ls_in_port_sec_nd") \
- PIPELINE_STAGE(SWITCH, IN, PRE_ACL, 3, "ls_in_pre_acl") \
- PIPELINE_STAGE(SWITCH, IN, PRE_LB, 4, "ls_in_pre_lb") \
- PIPELINE_STAGE(SWITCH, IN, PRE_STATEFUL, 5, "ls_in_pre_stateful") \
- PIPELINE_STAGE(SWITCH, IN, ACL, 6, "ls_in_acl") \
- PIPELINE_STAGE(SWITCH, IN, QOS_MARK, 7, "ls_in_qos_mark") \
- PIPELINE_STAGE(SWITCH, IN, QOS_METER, 8, "ls_in_qos_meter") \
- PIPELINE_STAGE(SWITCH, IN, LB, 9, "ls_in_lb") \
- PIPELINE_STAGE(SWITCH, IN, STATEFUL, 10, "ls_in_stateful") \
- PIPELINE_STAGE(SWITCH, IN, ARP_ND_RSP, 11, "ls_in_arp_rsp") \
- PIPELINE_STAGE(SWITCH, IN, DHCP_OPTIONS, 12, "ls_in_dhcp_options") \
- PIPELINE_STAGE(SWITCH, IN, DHCP_RESPONSE, 13, "ls_in_dhcp_response") \
- PIPELINE_STAGE(SWITCH, IN, DNS_LOOKUP, 14, "ls_in_dns_lookup") \
- PIPELINE_STAGE(SWITCH, IN, DNS_RESPONSE, 15, "ls_in_dns_response") \
- PIPELINE_STAGE(SWITCH, IN, EXTERNAL_PORT, 16, "ls_in_external_port") \
- PIPELINE_STAGE(SWITCH, IN, L2_LKUP, 17, "ls_in_l2_lkup") \
- \
- /* Logical switch egress stages. */ \
- PIPELINE_STAGE(SWITCH, OUT, PRE_LB, 0, "ls_out_pre_lb") \
- PIPELINE_STAGE(SWITCH, OUT, PRE_ACL, 1, "ls_out_pre_acl") \
- PIPELINE_STAGE(SWITCH, OUT, PRE_STATEFUL, 2, "ls_out_pre_stateful") \
- PIPELINE_STAGE(SWITCH, OUT, LB, 3, "ls_out_lb") \
- PIPELINE_STAGE(SWITCH, OUT, ACL, 4, "ls_out_acl") \
- PIPELINE_STAGE(SWITCH, OUT, QOS_MARK, 5, "ls_out_qos_mark") \
- PIPELINE_STAGE(SWITCH, OUT, QOS_METER, 6, "ls_out_qos_meter") \
- PIPELINE_STAGE(SWITCH, OUT, STATEFUL, 7, "ls_out_stateful") \
- PIPELINE_STAGE(SWITCH, OUT, PORT_SEC_IP, 8, "ls_out_port_sec_ip") \
- PIPELINE_STAGE(SWITCH, OUT, PORT_SEC_L2, 9, "ls_out_port_sec_l2") \
- \
- /* Logical router ingress stages. */ \
- PIPELINE_STAGE(ROUTER, IN, ADMISSION, 0, "lr_in_admission") \
- PIPELINE_STAGE(ROUTER, IN, IP_INPUT, 1, "lr_in_ip_input") \
- PIPELINE_STAGE(ROUTER, IN, DEFRAG, 2, "lr_in_defrag") \
- PIPELINE_STAGE(ROUTER, IN, UNSNAT, 3, "lr_in_unsnat") \
- PIPELINE_STAGE(ROUTER, IN, DNAT, 4, "lr_in_dnat") \
- PIPELINE_STAGE(ROUTER, IN, ND_RA_OPTIONS, 5, "lr_in_nd_ra_options") \
- PIPELINE_STAGE(ROUTER, IN, ND_RA_RESPONSE, 6, "lr_in_nd_ra_response") \
- PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 7, "lr_in_ip_routing") \
- PIPELINE_STAGE(ROUTER, IN, POLICY, 8, "lr_in_policy") \
- PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 9, "lr_in_arp_resolve") \
- PIPELINE_STAGE(ROUTER, IN, CHK_PKT_LEN , 10, "lr_in_chk_pkt_len") \
- PIPELINE_STAGE(ROUTER, IN, LARGER_PKTS, 11,"lr_in_larger_pkts") \
- PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT, 12, "lr_in_gw_redirect") \
- PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 13, "lr_in_arp_request") \
- \
- /* Logical router egress stages. */ \
- PIPELINE_STAGE(ROUTER, OUT, UNDNAT, 0, "lr_out_undnat") \
- PIPELINE_STAGE(ROUTER, OUT, SNAT, 1, "lr_out_snat") \
- PIPELINE_STAGE(ROUTER, OUT, EGR_LOOP, 2, "lr_out_egr_loop") \
- PIPELINE_STAGE(ROUTER, OUT, DELIVERY, 3, "lr_out_delivery")
-
-#define PIPELINE_STAGE(DP_TYPE, PIPELINE, STAGE, TABLE, NAME) \
- S_##DP_TYPE##_##PIPELINE##_##STAGE \
- = OVN_STAGE_BUILD(DP_##DP_TYPE, P_##PIPELINE, TABLE),
- PIPELINE_STAGES
-#undef PIPELINE_STAGE
-};
-
-/* Due to various hard-coded priorities need to implement ACLs, the
- * northbound database supports a smaller range of ACL priorities than
- * are available to logical flows. This value is added to an ACL
- * priority to determine the ACL's logical flow priority. */
-#define OVN_ACL_PRI_OFFSET 1000
-
-/* Register definitions specific to switches. */
-#define REGBIT_CONNTRACK_DEFRAG "reg0[0]"
-#define REGBIT_CONNTRACK_COMMIT "reg0[1]"
-#define REGBIT_CONNTRACK_NAT "reg0[2]"
-#define REGBIT_DHCP_OPTS_RESULT "reg0[3]"
-#define REGBIT_DNS_LOOKUP_RESULT "reg0[4]"
-#define REGBIT_ND_RA_OPTS_RESULT "reg0[5]"
-
-/* Register definitions for switches and routers. */
-#define REGBIT_NAT_REDIRECT "reg9[0]"
-/* Indicate that this packet has been recirculated using egress
- * loopback. This allows certain checks to be bypassed, such as a
- * logical router dropping packets with source IP address equals
- * one of the logical router's own IP addresses. */
-#define REGBIT_EGRESS_LOOPBACK "reg9[1]"
-#define REGBIT_DISTRIBUTED_NAT "reg9[2]"
-/* Register to store the result of check_pkt_larger action. */
-#define REGBIT_PKT_LARGER "reg9[3]"
-
-/* Returns an "enum ovn_stage" built from the arguments. */
-static enum ovn_stage
-ovn_stage_build(enum ovn_datapath_type dp_type, enum ovn_pipeline pipeline,
- uint8_t table)
-{
- return OVN_STAGE_BUILD(dp_type, pipeline, table);
-}
-
-/* Returns the pipeline to which 'stage' belongs. */
-static enum ovn_pipeline
-ovn_stage_get_pipeline(enum ovn_stage stage)
-{
- return (stage >> 8) & 1;
-}
-
-/* Returns the pipeline name to which 'stage' belongs. */
-static const char *
-ovn_stage_get_pipeline_name(enum ovn_stage stage)
-{
- return ovn_stage_get_pipeline(stage) == P_IN ? "ingress" : "egress";
-}
-
-/* Returns the table to which 'stage' belongs. */
-static uint8_t
-ovn_stage_get_table(enum ovn_stage stage)
-{
- return stage & 0xff;
-}
-
-/* Returns a string name for 'stage'. */
-static const char *
-ovn_stage_to_str(enum ovn_stage stage)
-{
- switch (stage) {
-#define PIPELINE_STAGE(DP_TYPE, PIPELINE, STAGE, TABLE, NAME) \
- case S_##DP_TYPE##_##PIPELINE##_##STAGE: return NAME;
- PIPELINE_STAGES
-#undef PIPELINE_STAGE
- default: return "";
- }
-}
-
-/* Returns the type of the datapath to which a flow with the given 'stage' may
- * be added. */
-static enum ovn_datapath_type
-ovn_stage_to_datapath_type(enum ovn_stage stage)
-{
- switch (stage) {
-#define PIPELINE_STAGE(DP_TYPE, PIPELINE, STAGE, TABLE, NAME) \
- case S_##DP_TYPE##_##PIPELINE##_##STAGE: return DP_##DP_TYPE;
- PIPELINE_STAGES
-#undef PIPELINE_STAGE
- default: OVS_NOT_REACHED();
- }
-}
-
-static void
-usage(void)
-{
- printf("\
-%s: OVN northbound management daemon\n\
-usage: %s [OPTIONS]\n\
-\n\
-Options:\n\
- --ovnnb-db=DATABASE connect to ovn-nb database at DATABASE\n\
- (default: %s)\n\
- --ovnsb-db=DATABASE connect to ovn-sb database at DATABASE\n\
- (default: %s)\n\
- --unixctl=SOCKET override default control socket name\n\
- -h, --help display this help message\n\
- -o, --options list available options\n\
- -V, --version display version information\n\
-", program_name, program_name, default_nb_db(), default_sb_db());
- daemon_usage();
- vlog_usage();
- stream_usage("database", true, true, false);
-}
-
-struct tnlid_node {
- struct hmap_node hmap_node;
- uint32_t tnlid;
-};
-
-static void
-destroy_tnlids(struct hmap *tnlids)
-{
- struct tnlid_node *node;
- HMAP_FOR_EACH_POP (node, hmap_node, tnlids) {
- free(node);
- }
- hmap_destroy(tnlids);
-}
-
-static void
-add_tnlid(struct hmap *set, uint32_t tnlid)
-{
- struct tnlid_node *node = xmalloc(sizeof *node);
- hmap_insert(set, &node->hmap_node, hash_int(tnlid, 0));
- node->tnlid = tnlid;
-}
-
-static bool
-tnlid_in_use(const struct hmap *set, uint32_t tnlid)
-{
- const struct tnlid_node *node;
- HMAP_FOR_EACH_IN_BUCKET (node, hmap_node, hash_int(tnlid, 0), set) {
- if (node->tnlid == tnlid) {
- return true;
- }
- }
- return false;
-}
-
-static uint32_t
-next_tnlid(uint32_t tnlid, uint32_t min, uint32_t max)
-{
- return tnlid + 1 <= max ? tnlid + 1 : min;
-}
-
-static uint32_t
-allocate_tnlid(struct hmap *set, const char *name, uint32_t min, uint32_t max,
- uint32_t *hint)
-{
- for (uint32_t tnlid = next_tnlid(*hint, min, max); tnlid != *hint;
- tnlid = next_tnlid(tnlid, min, max)) {
- if (!tnlid_in_use(set, tnlid)) {
- add_tnlid(set, tnlid);
- *hint = tnlid;
- return tnlid;
- }
- }
-
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "all %s tunnel ids exhausted", name);
- return 0;
-}
-
-struct ovn_chassis_qdisc_queues {
- struct hmap_node key_node;
- uint32_t queue_id;
- struct uuid chassis_uuid;
-};
-
-static uint32_t
-hash_chassis_queue(const struct uuid *chassis_uuid, uint32_t queue_id)
-{
- return hash_2words(uuid_hash(chassis_uuid), queue_id);
-}
-
-static void
-destroy_chassis_queues(struct hmap *set)
-{
- struct ovn_chassis_qdisc_queues *node;
- HMAP_FOR_EACH_POP (node, key_node, set) {
- free(node);
- }
- hmap_destroy(set);
-}
-
-static void
-add_chassis_queue(struct hmap *set, struct uuid *chassis_uuid,
- uint32_t queue_id)
-{
- struct ovn_chassis_qdisc_queues *node = xmalloc(sizeof *node);
- node->queue_id = queue_id;
- node->chassis_uuid = *chassis_uuid;
- hmap_insert(set, &node->key_node,
- hash_chassis_queue(chassis_uuid, queue_id));
-}
-
-static bool
-chassis_queueid_in_use(const struct hmap *set, struct uuid *chassis_uuid,
- uint32_t queue_id)
-{
- const struct ovn_chassis_qdisc_queues *node;
- HMAP_FOR_EACH_WITH_HASH (node, key_node,
- hash_chassis_queue(chassis_uuid, queue_id), set) {
- if (uuid_equals(chassis_uuid, &node->chassis_uuid)
- && node->queue_id == queue_id) {
- return true;
- }
- }
- return false;
-}
-
-static uint32_t
-allocate_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis)
-{
- for (uint32_t queue_id = QDISC_MIN_QUEUE_ID + 1;
- queue_id <= QDISC_MAX_QUEUE_ID;
- queue_id++) {
- if (!chassis_queueid_in_use(set, &chassis->header_.uuid, queue_id)) {
- add_chassis_queue(set, &chassis->header_.uuid, queue_id);
- return queue_id;
- }
- }
-
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "all %s queue ids exhausted", chassis->name);
- return 0;
-}
-
-static void
-free_chassis_queueid(struct hmap *set, struct sbrec_chassis *chassis,
- uint32_t queue_id)
-{
- const struct uuid *chassis_uuid = &chassis->header_.uuid;
- struct ovn_chassis_qdisc_queues *node;
- HMAP_FOR_EACH_WITH_HASH (node, key_node,
- hash_chassis_queue(chassis_uuid, queue_id), set) {
- if (uuid_equals(chassis_uuid, &node->chassis_uuid)
- && node->queue_id == queue_id) {
- hmap_remove(set, &node->key_node);
- free(node);
- break;
- }
- }
-}
-
-static inline bool
-port_has_qos_params(const struct smap *opts)
-{
- return (smap_get(opts, "qos_max_rate") ||
- smap_get(opts, "qos_burst"));
-}
-
-
-struct ipam_info {
- uint32_t start_ipv4;
- size_t total_ipv4s;
- unsigned long *allocated_ipv4s; /* A bitmap of allocated IPv4s */
- bool ipv6_prefix_set;
- struct in6_addr ipv6_prefix;
- bool mac_only;
-};
-
-#define OVN_MIN_MULTICAST 32768
-#define OVN_MAX_MULTICAST OVN_MCAST_FLOOD_TUNNEL_KEY
-BUILD_ASSERT_DECL(OVN_MIN_MULTICAST < OVN_MAX_MULTICAST);
-
-#define OVN_MIN_IP_MULTICAST OVN_MIN_MULTICAST
-#define OVN_MAX_IP_MULTICAST (OVN_MCAST_UNKNOWN_TUNNEL_KEY - 1)
-BUILD_ASSERT_DECL(OVN_MAX_IP_MULTICAST >= OVN_MIN_MULTICAST);
-
-/*
- * Multicast snooping and querier per datapath configuration.
- */
-struct mcast_info {
- bool enabled;
- bool querier;
- bool flood_unregistered;
-
- int64_t table_size;
- int64_t idle_timeout;
- int64_t query_interval;
- char *eth_src;
- char *ipv4_src;
- int64_t query_max_response;
-
- struct hmap group_tnlids;
- uint32_t group_tnlid_hint;
- uint32_t active_flows;
-};
-
-static uint32_t
-ovn_mcast_group_allocate_key(struct mcast_info *mcast_info)
-{
- return allocate_tnlid(&mcast_info->group_tnlids, "multicast group",
- OVN_MIN_IP_MULTICAST, OVN_MAX_IP_MULTICAST,
- &mcast_info->group_tnlid_hint);
-}
-
-/* The 'key' comes from nbs->header_.uuid or nbr->header_.uuid or
- * sb->external_ids:logical-switch. */
-struct ovn_datapath {
- struct hmap_node key_node; /* Index on 'key'. */
- struct uuid key; /* (nbs/nbr)->header_.uuid. */
-
- const struct nbrec_logical_switch *nbs; /* May be NULL. */
- const struct nbrec_logical_router *nbr; /* May be NULL. */
- const struct sbrec_datapath_binding *sb; /* May be NULL. */
-
- struct ovs_list list; /* In list of similar records. */
-
- /* Logical switch data. */
- struct ovn_port **router_ports;
- size_t n_router_ports;
-
- struct hmap port_tnlids;
- uint32_t port_key_hint;
-
- bool has_unknown;
-
- /* IPAM data. */
- struct ipam_info ipam_info;
-
- /* Multicast data. */
- struct mcast_info mcast_info;
-
- /* OVN northd only needs to know about the logical router gateway port for
- * NAT on a distributed router. This "distributed gateway port" is
- * populated only when there is a "redirect-chassis" specified for one of
- * the ports on the logical router. Otherwise this will be NULL. */
- struct ovn_port *l3dgw_port;
- /* The "derived" OVN port representing the instance of l3dgw_port on
- * the "redirect-chassis". */
- struct ovn_port *l3redirect_port;
- struct ovn_port *localnet_port;
-
- struct ovs_list lr_list; /* In list of logical router datapaths. */
- /* The logical router group to which this datapath belongs.
- * Valid only if it is logical router datapath. NULL otherwise. */
- struct lrouter_group *lr_group;
-
- /* Port groups related to the datapath, used only when nbs is NOT NULL. */
- struct hmap nb_pgs;
-};
-
-/* A group of logical router datapaths which are connected - either
- * directly or indirectly.
- * Each logical router can belong to only one group. */
-struct lrouter_group {
- struct ovn_datapath **router_dps;
- int n_router_dps;
- /* Set of ha_chassis_groups which are associated with the router dps. */
- struct sset ha_chassis_groups;
-};
-
-struct macam_node {
- struct hmap_node hmap_node;
- struct eth_addr mac_addr; /* Allocated MAC address. */
-};
-
-static void
-cleanup_macam(struct hmap *macam_)
-{
- struct macam_node *node;
- HMAP_FOR_EACH_POP (node, hmap_node, macam_) {
- free(node);
- }
-}
-
-static struct ovn_datapath *
-ovn_datapath_create(struct hmap *datapaths, const struct uuid *key,
- const struct nbrec_logical_switch *nbs,
- const struct nbrec_logical_router *nbr,
- const struct sbrec_datapath_binding *sb)
-{
- struct ovn_datapath *od = xzalloc(sizeof *od);
- od->key = *key;
- od->sb = sb;
- od->nbs = nbs;
- od->nbr = nbr;
- hmap_init(&od->port_tnlids);
- hmap_init(&od->nb_pgs);
- od->port_key_hint = 0;
- hmap_insert(datapaths, &od->key_node, uuid_hash(&od->key));
- od->lr_group = NULL;
- return od;
-}
-
-static void ovn_ls_port_group_destroy(struct hmap *nb_pgs);
-
-static void
-ovn_datapath_destroy(struct hmap *datapaths, struct ovn_datapath *od)
-{
- if (od) {
- /* Don't remove od->list. It is used within build_datapaths() as a
- * private list and once we've exited that function it is not safe to
- * use it. */
- hmap_remove(datapaths, &od->key_node);
- destroy_tnlids(&od->port_tnlids);
- bitmap_free(od->ipam_info.allocated_ipv4s);
- free(od->router_ports);
- ovn_ls_port_group_destroy(&od->nb_pgs);
-
- if (od->nbs) {
- free(od->mcast_info.eth_src);
- free(od->mcast_info.ipv4_src);
- destroy_tnlids(&od->mcast_info.group_tnlids);
- }
-
- free(od);
- }
-}
-
-/* Returns 'od''s datapath type. */
-static enum ovn_datapath_type
-ovn_datapath_get_type(const struct ovn_datapath *od)
-{
- return od->nbs ? DP_SWITCH : DP_ROUTER;
-}
-
-static struct ovn_datapath *
-ovn_datapath_find(struct hmap *datapaths, const struct uuid *uuid)
-{
- struct ovn_datapath *od;
-
- HMAP_FOR_EACH_WITH_HASH (od, key_node, uuid_hash(uuid), datapaths) {
- if (uuid_equals(uuid, &od->key)) {
- return od;
- }
- }
- return NULL;
-}
-
-static struct ovn_datapath *
-ovn_datapath_from_sbrec(struct hmap *datapaths,
- const struct sbrec_datapath_binding *sb)
-{
- struct uuid key;
-
- if (!smap_get_uuid(&sb->external_ids, "logical-switch", &key) &&
- !smap_get_uuid(&sb->external_ids, "logical-router", &key)) {
- return NULL;
- }
- return ovn_datapath_find(datapaths, &key);
-}
-
-static bool
-lrouter_is_enabled(const struct nbrec_logical_router *lrouter)
-{
- return !lrouter->enabled || *lrouter->enabled;
-}
-
-static void
-init_ipam_info_for_datapath(struct ovn_datapath *od)
-{
- if (!od->nbs) {
- return;
- }
-
- const char *subnet_str = smap_get(&od->nbs->other_config, "subnet");
- const char *ipv6_prefix = smap_get(&od->nbs->other_config, "ipv6_prefix");
-
- if (ipv6_prefix) {
- od->ipam_info.ipv6_prefix_set = ipv6_parse(
- ipv6_prefix, &od->ipam_info.ipv6_prefix);
- }
-
- if (!subnet_str) {
- if (!ipv6_prefix) {
- od->ipam_info.mac_only = smap_get_bool(&od->nbs->other_config,
- "mac_only", false);
- }
- return;
- }
-
- ovs_be32 subnet, mask;
- char *error = ip_parse_masked(subnet_str, &subnet, &mask);
- if (error || mask == OVS_BE32_MAX || !ip_is_cidr(mask)) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'subnet' %s", subnet_str);
- free(error);
- return;
- }
-
- od->ipam_info.start_ipv4 = ntohl(subnet) + 1;
- od->ipam_info.total_ipv4s = ~ntohl(mask);
- od->ipam_info.allocated_ipv4s =
- bitmap_allocate(od->ipam_info.total_ipv4s);
-
- /* Mark first IP as taken */
- bitmap_set1(od->ipam_info.allocated_ipv4s, 0);
-
- /* Check if there are any reserver IPs (list) to be excluded from IPAM */
- const char *exclude_ip_list = smap_get(&od->nbs->other_config,
- "exclude_ips");
- if (!exclude_ip_list) {
- return;
- }
-
- struct lexer lexer;
- lexer_init(&lexer, exclude_ip_list);
- /* exclude_ip_list could be in the format -
- * "10.0.0.4 10.0.0.10 10.0.0.20..10.0.0.50 10.0.0.100..10.0.0.110".
- */
- lexer_get(&lexer);
- while (lexer.token.type != LEX_T_END) {
- if (lexer.token.type != LEX_T_INTEGER) {
- lexer_syntax_error(&lexer, "expecting address");
- break;
- }
- uint32_t start = ntohl(lexer.token.value.ipv4);
- lexer_get(&lexer);
-
- uint32_t end = start + 1;
- if (lexer_match(&lexer, LEX_T_ELLIPSIS)) {
- if (lexer.token.type != LEX_T_INTEGER) {
- lexer_syntax_error(&lexer, "expecting address range");
- break;
- }
- end = ntohl(lexer.token.value.ipv4) + 1;
- lexer_get(&lexer);
- }
-
- /* Clamp start...end to fit the subnet. */
- start = MAX(od->ipam_info.start_ipv4, start);
- end = MIN(od->ipam_info.start_ipv4 + od->ipam_info.total_ipv4s, end);
- if (end > start) {
- bitmap_set_multiple(od->ipam_info.allocated_ipv4s,
- start - od->ipam_info.start_ipv4,
- end - start, 1);
- } else {
- lexer_error(&lexer, "excluded addresses not in subnet");
- }
- }
- if (lexer.error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "logical switch "UUID_FMT": bad exclude_ips (%s)",
- UUID_ARGS(&od->key), lexer.error);
- }
- lexer_destroy(&lexer);
-}
-
-static void
-init_mcast_info_for_datapath(struct ovn_datapath *od)
-{
- if (!od->nbs) {
- return;
- }
-
- struct mcast_info *mcast_info = &od->mcast_info;
-
- mcast_info->enabled =
- smap_get_bool(&od->nbs->other_config, "mcast_snoop", false);
- mcast_info->querier =
- smap_get_bool(&od->nbs->other_config, "mcast_querier", true);
- mcast_info->flood_unregistered =
- smap_get_bool(&od->nbs->other_config, "mcast_flood_unregistered",
- false);
-
- mcast_info->table_size =
- smap_get_ullong(&od->nbs->other_config, "mcast_table_size",
- OVN_MCAST_DEFAULT_MAX_ENTRIES);
-
- uint32_t idle_timeout =
- smap_get_ullong(&od->nbs->other_config, "mcast_idle_timeout",
- OVN_MCAST_DEFAULT_IDLE_TIMEOUT_S);
- if (idle_timeout < OVN_MCAST_MIN_IDLE_TIMEOUT_S) {
- idle_timeout = OVN_MCAST_MIN_IDLE_TIMEOUT_S;
- } else if (idle_timeout > OVN_MCAST_MAX_IDLE_TIMEOUT_S) {
- idle_timeout = OVN_MCAST_MAX_IDLE_TIMEOUT_S;
- }
- mcast_info->idle_timeout = idle_timeout;
-
- uint32_t query_interval =
- smap_get_ullong(&od->nbs->other_config, "mcast_query_interval",
- mcast_info->idle_timeout / 2);
- if (query_interval < OVN_MCAST_MIN_QUERY_INTERVAL_S) {
- query_interval = OVN_MCAST_MIN_QUERY_INTERVAL_S;
- } else if (query_interval > OVN_MCAST_MAX_QUERY_INTERVAL_S) {
- query_interval = OVN_MCAST_MAX_QUERY_INTERVAL_S;
- }
- mcast_info->query_interval = query_interval;
-
- mcast_info->eth_src =
- nullable_xstrdup(smap_get(&od->nbs->other_config, "mcast_eth_src"));
- mcast_info->ipv4_src =
- nullable_xstrdup(smap_get(&od->nbs->other_config, "mcast_ip4_src"));
-
- mcast_info->query_max_response =
- smap_get_ullong(&od->nbs->other_config, "mcast_query_max_response",
- OVN_MCAST_DEFAULT_QUERY_MAX_RESPONSE_S);
-
- hmap_init(&mcast_info->group_tnlids);
- mcast_info->group_tnlid_hint = OVN_MIN_IP_MULTICAST;
- mcast_info->active_flows = 0;
-}
-
-static void
-store_mcast_info_for_datapath(const struct sbrec_ip_multicast *sb,
- struct ovn_datapath *od)
-{
- struct mcast_info *mcast_info = &od->mcast_info;
-
- sbrec_ip_multicast_set_datapath(sb, od->sb);
- sbrec_ip_multicast_set_enabled(sb, &mcast_info->enabled, 1);
- sbrec_ip_multicast_set_querier(sb, &mcast_info->querier, 1);
- sbrec_ip_multicast_set_table_size(sb, &mcast_info->table_size, 1);
- sbrec_ip_multicast_set_idle_timeout(sb, &mcast_info->idle_timeout, 1);
- sbrec_ip_multicast_set_query_interval(sb,
- &mcast_info->query_interval, 1);
- sbrec_ip_multicast_set_query_max_resp(sb,
- &mcast_info->query_max_response, 1);
-
- if (mcast_info->eth_src) {
- sbrec_ip_multicast_set_eth_src(sb, mcast_info->eth_src);
- }
-
- if (mcast_info->ipv4_src) {
- sbrec_ip_multicast_set_ip4_src(sb, mcast_info->ipv4_src);
- }
-}
-
-static void
-ovn_datapath_update_external_ids(struct ovn_datapath *od)
-{
- /* Get the logical-switch or logical-router UUID to set in
- * external-ids. */
- char uuid_s[UUID_LEN + 1];
- sprintf(uuid_s, UUID_FMT, UUID_ARGS(&od->key));
- const char *key = od->nbs ? "logical-switch" : "logical-router";
-
- /* Get names to set in external-ids. */
- const char *name = od->nbs ? od->nbs->name : od->nbr->name;
- const char *name2 = (od->nbs
- ? smap_get(&od->nbs->external_ids,
- "neutron:network_name")
- : smap_get(&od->nbr->external_ids,
- "neutron:router_name"));
-
- /* Set external-ids. */
- struct smap ids = SMAP_INITIALIZER(&ids);
- smap_add(&ids, key, uuid_s);
- smap_add(&ids, "name", name);
- if (name2 && name2[0]) {
- smap_add(&ids, "name2", name2);
- }
- sbrec_datapath_binding_set_external_ids(od->sb, &ids);
- smap_destroy(&ids);
-}
-
-static void
-join_datapaths(struct northd_context *ctx, struct hmap *datapaths,
- struct ovs_list *sb_only, struct ovs_list *nb_only,
- struct ovs_list *both, struct ovs_list *lr_list)
-{
- ovs_list_init(sb_only);
- ovs_list_init(nb_only);
- ovs_list_init(both);
-
- const struct sbrec_datapath_binding *sb, *sb_next;
- SBREC_DATAPATH_BINDING_FOR_EACH_SAFE (sb, sb_next, ctx->ovnsb_idl) {
- struct uuid key;
- if (!smap_get_uuid(&sb->external_ids, "logical-switch", &key) &&
- !smap_get_uuid(&sb->external_ids, "logical-router", &key)) {
- ovsdb_idl_txn_add_comment(
- ctx->ovnsb_txn,
- "deleting Datapath_Binding "UUID_FMT" that lacks "
- "external-ids:logical-switch and "
- "external-ids:logical-router",
- UUID_ARGS(&sb->header_.uuid));
- sbrec_datapath_binding_delete(sb);
- continue;
- }
-
- if (ovn_datapath_find(datapaths, &key)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_INFO_RL(
- &rl, "deleting Datapath_Binding "UUID_FMT" with "
- "duplicate external-ids:logical-switch/router "UUID_FMT,
- UUID_ARGS(&sb->header_.uuid), UUID_ARGS(&key));
- sbrec_datapath_binding_delete(sb);
- continue;
- }
-
- struct ovn_datapath *od = ovn_datapath_create(datapaths, &key,
- NULL, NULL, sb);
- ovs_list_push_back(sb_only, &od->list);
- }
-
- const struct nbrec_logical_switch *nbs;
- NBREC_LOGICAL_SWITCH_FOR_EACH (nbs, ctx->ovnnb_idl) {
- struct ovn_datapath *od = ovn_datapath_find(datapaths,
- &nbs->header_.uuid);
- if (od) {
- od->nbs = nbs;
- ovs_list_remove(&od->list);
- ovs_list_push_back(both, &od->list);
- ovn_datapath_update_external_ids(od);
- } else {
- od = ovn_datapath_create(datapaths, &nbs->header_.uuid,
- nbs, NULL, NULL);
- ovs_list_push_back(nb_only, &od->list);
- }
-
- init_ipam_info_for_datapath(od);
- init_mcast_info_for_datapath(od);
- }
-
- const struct nbrec_logical_router *nbr;
- NBREC_LOGICAL_ROUTER_FOR_EACH (nbr, ctx->ovnnb_idl) {
- if (!lrouter_is_enabled(nbr)) {
- continue;
- }
-
- struct ovn_datapath *od = ovn_datapath_find(datapaths,
- &nbr->header_.uuid);
- if (od) {
- if (!od->nbs) {
- od->nbr = nbr;
- ovs_list_remove(&od->list);
- ovs_list_push_back(both, &od->list);
- ovn_datapath_update_external_ids(od);
- } else {
- /* Can't happen! */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl,
- "duplicate UUID "UUID_FMT" in OVN_Northbound",
- UUID_ARGS(&nbr->header_.uuid));
- continue;
- }
- } else {
- od = ovn_datapath_create(datapaths, &nbr->header_.uuid,
- NULL, nbr, NULL);
- ovs_list_push_back(nb_only, &od->list);
- }
- ovs_list_push_back(lr_list, &od->lr_list);
- }
-}
-
-static uint32_t
-ovn_datapath_allocate_key(struct hmap *dp_tnlids)
-{
- static uint32_t hint;
- return allocate_tnlid(dp_tnlids, "datapath", 1, (1u << 24) - 1, &hint);
-}
-
-/* Updates the southbound Datapath_Binding table so that it contains the
- * logical switches and routers specified by the northbound database.
- *
- * Initializes 'datapaths' to contain a "struct ovn_datapath" for every logical
- * switch and router. */
-static void
-build_datapaths(struct northd_context *ctx, struct hmap *datapaths,
- struct ovs_list *lr_list)
-{
- struct ovs_list sb_only, nb_only, both;
-
- join_datapaths(ctx, datapaths, &sb_only, &nb_only, &both, lr_list);
-
- if (!ovs_list_is_empty(&nb_only)) {
- /* First index the in-use datapath tunnel IDs. */
- struct hmap dp_tnlids = HMAP_INITIALIZER(&dp_tnlids);
- struct ovn_datapath *od;
- LIST_FOR_EACH (od, list, &both) {
- add_tnlid(&dp_tnlids, od->sb->tunnel_key);
- }
-
- /* Add southbound record for each unmatched northbound record. */
- LIST_FOR_EACH (od, list, &nb_only) {
- uint16_t tunnel_key = ovn_datapath_allocate_key(&dp_tnlids);
- if (!tunnel_key) {
- break;
- }
-
- od->sb = sbrec_datapath_binding_insert(ctx->ovnsb_txn);
- ovn_datapath_update_external_ids(od);
- sbrec_datapath_binding_set_tunnel_key(od->sb, tunnel_key);
- }
- destroy_tnlids(&dp_tnlids);
- }
-
- /* Delete southbound records without northbound matches. */
- struct ovn_datapath *od, *next;
- LIST_FOR_EACH_SAFE (od, next, list, &sb_only) {
- ovs_list_remove(&od->list);
- sbrec_datapath_binding_delete(od->sb);
- ovn_datapath_destroy(datapaths, od);
- }
-}
-
-struct ovn_port {
- struct hmap_node key_node; /* Index on 'key'. */
- char *key; /* nbs->name, nbr->name, sb->logical_port. */
- char *json_key; /* 'key', quoted for use in JSON. */
-
- const struct sbrec_port_binding *sb; /* May be NULL. */
-
- /* Logical switch port data. */
- const struct nbrec_logical_switch_port *nbsp; /* May be NULL. */
-
- struct lport_addresses *lsp_addrs; /* Logical switch port addresses. */
- unsigned int n_lsp_addrs;
-
- struct lport_addresses *ps_addrs; /* Port security addresses. */
- unsigned int n_ps_addrs;
-
- /* Logical router port data. */
- const struct nbrec_logical_router_port *nbrp; /* May be NULL. */
-
- struct lport_addresses lrp_networks;
-
- bool derived; /* Indicates whether this is an additional port
- * derived from nbsp or nbrp. */
-
- /* The port's peer:
- *
- * - A switch port S of type "router" has a router port R as a peer,
- * and R in turn has S has its peer.
- *
- * - Two connected logical router ports have each other as peer. */
- struct ovn_port *peer;
-
- struct ovn_datapath *od;
-
- struct ovs_list list; /* In list of similar records. */
-};
-
-static struct ovn_port *
-ovn_port_create(struct hmap *ports, const char *key,
- const struct nbrec_logical_switch_port *nbsp,
- const struct nbrec_logical_router_port *nbrp,
- const struct sbrec_port_binding *sb)
-{
- struct ovn_port *op = xzalloc(sizeof *op);
-
- struct ds json_key = DS_EMPTY_INITIALIZER;
- json_string_escape(key, &json_key);
- op->json_key = ds_steal_cstr(&json_key);
-
- op->key = xstrdup(key);
- op->sb = sb;
- op->nbsp = nbsp;
- op->nbrp = nbrp;
- op->derived = false;
- hmap_insert(ports, &op->key_node, hash_string(op->key, 0));
- return op;
-}
-
-static void
-ovn_port_destroy(struct hmap *ports, struct ovn_port *port)
-{
- if (port) {
- /* Don't remove port->list. It is used within build_ports() as a
- * private list and once we've exited that function it is not safe to
- * use it. */
- hmap_remove(ports, &port->key_node);
-
- for (int i = 0; i < port->n_lsp_addrs; i++) {
- destroy_lport_addresses(&port->lsp_addrs[i]);
- }
- free(port->lsp_addrs);
-
- for (int i = 0; i < port->n_ps_addrs; i++) {
- destroy_lport_addresses(&port->ps_addrs[i]);
- }
- free(port->ps_addrs);
-
- destroy_lport_addresses(&port->lrp_networks);
- free(port->json_key);
- free(port->key);
- free(port);
- }
-}
-
-static struct ovn_port *
-ovn_port_find(const struct hmap *ports, const char *name)
-{
- struct ovn_port *op;
-
- HMAP_FOR_EACH_WITH_HASH (op, key_node, hash_string(name, 0), ports) {
- if (!strcmp(op->key, name)) {
- return op;
- }
- }
- return NULL;
-}
-
-static uint32_t
-ovn_port_allocate_key(struct ovn_datapath *od)
-{
- return allocate_tnlid(&od->port_tnlids, "port",
- 1, (1u << 15) - 1, &od->port_key_hint);
-}
-
-static char *
-chassis_redirect_name(const char *port_name)
-{
- return xasprintf("cr-%s", port_name);
-}
-
-static bool
-ipam_is_duplicate_mac(struct eth_addr *ea, uint64_t mac64, bool warn)
-{
- struct macam_node *macam_node;
- HMAP_FOR_EACH_WITH_HASH (macam_node, hmap_node, hash_uint64(mac64),
- &macam) {
- if (eth_addr_equals(*ea, macam_node->mac_addr)) {
- if (warn) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Duplicate MAC set: "ETH_ADDR_FMT,
- ETH_ADDR_ARGS(macam_node->mac_addr));
- }
- return true;
- }
- }
- return false;
-}
-
-static void
-ipam_insert_mac(struct eth_addr *ea, bool check)
-{
- if (!ea) {
- return;
- }
-
- uint64_t mac64 = eth_addr_to_uint64(*ea);
- uint64_t prefix = eth_addr_to_uint64(mac_prefix);
-
- /* If the new MAC was not assigned by this address management system or
- * check is true and the new MAC is a duplicate, do not insert it into the
- * macam hmap. */
- if (((mac64 ^ prefix) >> 24)
- || (check && ipam_is_duplicate_mac(ea, mac64, true))) {
- return;
- }
-
- struct macam_node *new_macam_node = xmalloc(sizeof *new_macam_node);
- new_macam_node->mac_addr = *ea;
- hmap_insert(&macam, &new_macam_node->hmap_node, hash_uint64(mac64));
-}
-
-static void
-ipam_insert_ip(struct ovn_datapath *od, uint32_t ip)
-{
- if (!od || !od->ipam_info.allocated_ipv4s) {
- return;
- }
-
- if (ip >= od->ipam_info.start_ipv4 &&
- ip < (od->ipam_info.start_ipv4 + od->ipam_info.total_ipv4s)) {
- if (bitmap_is_set(od->ipam_info.allocated_ipv4s,
- ip - od->ipam_info.start_ipv4)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Duplicate IP set on switch %s: "IP_FMT,
- od->nbs->name, IP_ARGS(htonl(ip)));
- }
- bitmap_set1(od->ipam_info.allocated_ipv4s,
- ip - od->ipam_info.start_ipv4);
- }
-}
-
-static void
-ipam_insert_lsp_addresses(struct ovn_datapath *od, struct ovn_port *op,
- char *address)
-{
- if (!od || !op || !address || !strcmp(address, "unknown")
- || !strcmp(address, "router") || is_dynamic_lsp_address(address)) {
- return;
- }
-
- struct lport_addresses laddrs;
- if (!extract_lsp_addresses(address, &laddrs)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Extract addresses failed.");
- return;
- }
- ipam_insert_mac(&laddrs.ea, true);
-
- /* IP is only added to IPAM if the switch's subnet option
- * is set, whereas MAC is always added to MACAM. */
- if (!od->ipam_info.allocated_ipv4s) {
- destroy_lport_addresses(&laddrs);
- return;
- }
-
- for (size_t j = 0; j < laddrs.n_ipv4_addrs; j++) {
- uint32_t ip = ntohl(laddrs.ipv4_addrs[j].addr);
- ipam_insert_ip(od, ip);
- }
-
- destroy_lport_addresses(&laddrs);
-}
-
-static void
-ipam_add_port_addresses(struct ovn_datapath *od, struct ovn_port *op)
-{
- if (!od || !op) {
- return;
- }
-
- if (op->nbsp) {
- /* Add all the port's addresses to address data structures. */
- for (size_t i = 0; i < op->nbsp->n_addresses; i++) {
- ipam_insert_lsp_addresses(od, op, op->nbsp->addresses[i]);
- }
- } else if (op->nbrp) {
- struct lport_addresses lrp_networks;
- if (!extract_lrp_networks(op->nbrp, &lrp_networks)) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Extract addresses failed.");
- return;
- }
- ipam_insert_mac(&lrp_networks.ea, true);
-
- if (!op->peer || !op->peer->nbsp || !op->peer->od || !op->peer->od->nbs
- || !smap_get(&op->peer->od->nbs->other_config, "subnet")) {
- destroy_lport_addresses(&lrp_networks);
- return;
- }
-
- for (size_t i = 0; i < lrp_networks.n_ipv4_addrs; i++) {
- uint32_t ip = ntohl(lrp_networks.ipv4_addrs[i].addr);
- ipam_insert_ip(op->peer->od, ip);
- }
-
- destroy_lport_addresses(&lrp_networks);
- }
-}
-
-static uint64_t
-ipam_get_unused_mac(ovs_be32 ip)
-{
- uint32_t mac_addr_suffix, i, base_addr = ntohl(ip) & MAC_ADDR_SPACE;
- struct eth_addr mac;
- uint64_t mac64;
-
- for (i = 0; i < MAC_ADDR_SPACE - 1; i++) {
- /* The tentative MAC's suffix will be in the interval (1, 0xfffffe). */
- mac_addr_suffix = ((base_addr + i) % (MAC_ADDR_SPACE - 1)) + 1;
- mac64 = eth_addr_to_uint64(mac_prefix) | mac_addr_suffix;
- eth_addr_from_uint64(mac64, &mac);
- if (!ipam_is_duplicate_mac(&mac, mac64, true)) {
- break;
- }
- }
-
- if (i == MAC_ADDR_SPACE) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "MAC address space exhausted.");
- mac64 = 0;
- }
-
- return mac64;
-}
-
-static uint32_t
-ipam_get_unused_ip(struct ovn_datapath *od)
-{
- if (!od || !od->ipam_info.allocated_ipv4s) {
- return 0;
- }
-
- size_t new_ip_index = bitmap_scan(od->ipam_info.allocated_ipv4s, 0, 0,
- od->ipam_info.total_ipv4s - 1);
- if (new_ip_index == od->ipam_info.total_ipv4s - 1) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL( &rl, "Subnet address space has been exhausted.");
- return 0;
- }
-
- return od->ipam_info.start_ipv4 + new_ip_index;
-}
-
-enum dynamic_update_type {
- NONE, /* No change to the address */
- REMOVE, /* Address is no longer dynamic */
- STATIC, /* Use static address (MAC only) */
- DYNAMIC, /* Assign a new dynamic address */
-};
-
-struct dynamic_address_update {
- struct ovs_list node; /* In build_ipam()'s list of updates. */
-
- struct ovn_datapath *od;
- struct ovn_port *op;
-
- struct lport_addresses current_addresses;
- struct eth_addr static_mac;
- ovs_be32 static_ip;
- struct in6_addr static_ipv6;
- enum dynamic_update_type mac;
- enum dynamic_update_type ipv4;
- enum dynamic_update_type ipv6;
-};
-
-static enum dynamic_update_type
-dynamic_mac_changed(const char *lsp_addresses,
- struct dynamic_address_update *update)
-{
- struct eth_addr ea;
-
- if (ovs_scan(lsp_addresses, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(ea))) {
- if (eth_addr_equals(ea, update->current_addresses.ea)) {
- return NONE;
- } else {
- /* MAC is still static, but it has changed */
- update->static_mac = ea;
- return STATIC;
- }
- }
-
- uint64_t mac64 = eth_addr_to_uint64(update->current_addresses.ea);
- uint64_t prefix = eth_addr_to_uint64(mac_prefix);
-
- if ((mac64 ^ prefix) >> 24) {
- return DYNAMIC;
- } else {
- return NONE;
- }
-}
-
-static enum dynamic_update_type
-dynamic_ip4_changed(const char *lsp_addrs,
- struct dynamic_address_update *update)
-{
- const struct ipam_info *ipam = &update->op->od->ipam_info;
- const struct lport_addresses *cur_addresses = &update->current_addresses;
- bool dynamic_ip4 = ipam->allocated_ipv4s != NULL;
-
- if (!dynamic_ip4) {
- if (update->current_addresses.n_ipv4_addrs) {
- return REMOVE;
- } else {
- return NONE;
- }
- }
-
- if (!cur_addresses->n_ipv4_addrs) {
- /* IPv4 was previously static but now is dynamic */
- return DYNAMIC;
- }
-
- uint32_t ip4 = ntohl(cur_addresses->ipv4_addrs[0].addr);
- if (ip4 < ipam->start_ipv4) {
- return DYNAMIC;
- }
-
- uint32_t index = ip4 - ipam->start_ipv4;
- if (index > ipam->total_ipv4s ||
- bitmap_is_set(ipam->allocated_ipv4s, index)) {
- /* Previously assigned dynamic IPv4 address can no longer be used.
- * It's either outside the subnet, conflicts with an excluded IP,
- * or conflicts with a statically-assigned address on the switch
- */
- return DYNAMIC;
- } else {
- char ipv6_s[IPV6_SCAN_LEN + 1];
- ovs_be32 new_ip;
- int n = 0;
-
- if ((ovs_scan(lsp_addrs, "dynamic "IP_SCAN_FMT"%n",
- IP_SCAN_ARGS(&new_ip), &n)
- && lsp_addrs[n] == '\0') ||
- (ovs_scan(lsp_addrs, "dynamic "IP_SCAN_FMT" "IPV6_SCAN_FMT"%n",
- IP_SCAN_ARGS(&new_ip), ipv6_s, &n)
- && lsp_addrs[n] == '\0')) {
- index = ntohl(new_ip) - ipam->start_ipv4;
- if (ntohl(new_ip) < ipam->start_ipv4 ||
- index > ipam->total_ipv4s ||
- bitmap_is_set(ipam->allocated_ipv4s, index)) {
- /* new static ip is not valid */
- return DYNAMIC;
- } else if (cur_addresses->ipv4_addrs[0].addr != new_ip) {
- update->ipv4 = STATIC;
- update->static_ip = new_ip;
- return STATIC;
- }
- }
- return NONE;
- }
-}
-
-static enum dynamic_update_type
-dynamic_ip6_changed(const char *lsp_addrs,
- struct dynamic_address_update *update)
-{
- bool dynamic_ip6 = update->op->od->ipam_info.ipv6_prefix_set;
- struct eth_addr ea;
-
- if (!dynamic_ip6) {
- if (update->current_addresses.n_ipv6_addrs) {
- /* IPv6 was dynamic but now is not */
- return REMOVE;
- } else {
- /* IPv6 has never been dynamic */
- return NONE;
- }
- }
-
- if (!update->current_addresses.n_ipv6_addrs ||
- ovs_scan(lsp_addrs, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(ea))) {
- /* IPv6 was previously static but now is dynamic */
- return DYNAMIC;
- }
-
- const struct lport_addresses *cur_addresses;
- char ipv6_s[IPV6_SCAN_LEN + 1];
- ovs_be32 new_ip;
- int n = 0;
-
- if ((ovs_scan(lsp_addrs, "dynamic "IPV6_SCAN_FMT"%n",
- ipv6_s, &n) && lsp_addrs[n] == '\0') ||
- (ovs_scan(lsp_addrs, "dynamic "IP_SCAN_FMT" "IPV6_SCAN_FMT"%n",
- IP_SCAN_ARGS(&new_ip), ipv6_s, &n)
- && lsp_addrs[n] == '\0')) {
- struct in6_addr ipv6;
-
- if (!ipv6_parse(ipv6_s, &ipv6)) {
- return DYNAMIC;
- }
-
- struct in6_addr masked = ipv6_addr_bitand(&ipv6,
- &update->op->od->ipam_info.ipv6_prefix);
- if (!IN6_ARE_ADDR_EQUAL(&masked,
- &update->op->od->ipam_info.ipv6_prefix)) {
- return DYNAMIC;
- }
-
- cur_addresses = &update->current_addresses;
-
- if (!IN6_ARE_ADDR_EQUAL(&cur_addresses->ipv6_addrs[0].addr,
- &ipv6)) {
- update->static_ipv6 = ipv6;
- return STATIC;
- }
- } else if (update->mac != NONE) {
- return DYNAMIC;
- }
-
- return NONE;
-}
-
-/* Check previously assigned dynamic addresses for validity. This will
- * check if the assigned addresses need to change.
- *
- * Returns true if any changes to dynamic addresses are required
- */
-static bool
-dynamic_addresses_check_for_updates(const char *lsp_addrs,
- struct dynamic_address_update *update)
-{
- update->mac = dynamic_mac_changed(lsp_addrs, update);
- update->ipv4 = dynamic_ip4_changed(lsp_addrs, update);
- update->ipv6 = dynamic_ip6_changed(lsp_addrs, update);
- if (update->mac == NONE &&
- update->ipv4 == NONE &&
- update->ipv6 == NONE) {
- return false;
- } else {
- return true;
- }
-}
-
-/* For addresses that do not need to be updated, go ahead and insert them
- * into IPAM. This way, their addresses will be claimed and cannot be assigned
- * elsewhere later.
- */
-static void
-update_unchanged_dynamic_addresses(struct dynamic_address_update *update)
-{
- if (update->mac == NONE) {
- ipam_insert_mac(&update->current_addresses.ea, false);
- }
- if (update->ipv4 == NONE && update->current_addresses.n_ipv4_addrs) {
- ipam_insert_ip(update->op->od,
- ntohl(update->current_addresses.ipv4_addrs[0].addr));
- }
-}
-
-static void
-set_lsp_dynamic_addresses(const char *dynamic_addresses, struct ovn_port *op)
-{
- extract_lsp_addresses(dynamic_addresses, &op->lsp_addrs[op->n_lsp_addrs]);
- op->n_lsp_addrs++;
-}
-
-/* Determines which components (MAC, IPv4, and IPv6) of dynamic
- * addresses need to be assigned. This is used exclusively for
- * ports that do not have dynamic addresses already assigned.
- */
-static void
-set_dynamic_updates(const char *addrspec,
- struct dynamic_address_update *update)
-{
- bool has_ipv4 = false, has_ipv6 = false;
- char ipv6_s[IPV6_SCAN_LEN + 1];
- struct eth_addr mac;
- ovs_be32 ip;
- int n = 0;
- if (ovs_scan(addrspec, ETH_ADDR_SCAN_FMT" dynamic%n",
- ETH_ADDR_SCAN_ARGS(mac), &n)
- && addrspec[n] == '\0') {
- update->mac = STATIC;
- update->static_mac = mac;
- } else {
- update->mac = DYNAMIC;
- }
-
- if ((ovs_scan(addrspec, "dynamic "IP_SCAN_FMT"%n",
- IP_SCAN_ARGS(&ip), &n) && addrspec[n] == '\0')) {
- has_ipv4 = true;
- } else if ((ovs_scan(addrspec, "dynamic "IPV6_SCAN_FMT"%n",
- ipv6_s, &n) && addrspec[n] == '\0')) {
- has_ipv6 = true;
- } else if ((ovs_scan(addrspec, "dynamic "IP_SCAN_FMT" "IPV6_SCAN_FMT"%n",
- IP_SCAN_ARGS(&ip), ipv6_s, &n)
- && addrspec[n] == '\0')) {
- has_ipv4 = has_ipv6 = true;
- }
-
- if (has_ipv4) {
- update->ipv4 = STATIC;
- update->static_ip = ip;
- } else if (update->op->od->ipam_info.allocated_ipv4s) {
- update->ipv4 = DYNAMIC;
- } else {
- update->ipv4 = NONE;
- }
-
- if (has_ipv6 && ipv6_parse(ipv6_s, &update->static_ipv6)) {
- update->ipv6 = STATIC;
- } else if (update->op->od->ipam_info.ipv6_prefix_set) {
- update->ipv6 = DYNAMIC;
- } else {
- update->ipv6 = NONE;
- }
-}
-
-static void
-update_dynamic_addresses(struct dynamic_address_update *update)
-{
- ovs_be32 ip4 = 0;
- switch (update->ipv4) {
- case NONE:
- if (update->current_addresses.n_ipv4_addrs) {
- ip4 = update->current_addresses.ipv4_addrs[0].addr;
- }
- break;
- case REMOVE:
- break;
- case STATIC:
- ip4 = update->static_ip;
- break;
- case DYNAMIC:
- ip4 = htonl(ipam_get_unused_ip(update->od));
- }
-
- struct eth_addr mac;
- switch (update->mac) {
- case NONE:
- mac = update->current_addresses.ea;
- break;
- case REMOVE:
- OVS_NOT_REACHED();
- case STATIC:
- mac = update->static_mac;
- break;
- case DYNAMIC:
- eth_addr_from_uint64(ipam_get_unused_mac(ip4), &mac);
- break;
- }
-
- struct in6_addr ip6 = in6addr_any;
- switch (update->ipv6) {
- case NONE:
- if (update->current_addresses.n_ipv6_addrs) {
- ip6 = update->current_addresses.ipv6_addrs[0].addr;
- }
- break;
- case REMOVE:
- break;
- case STATIC:
- ip6 = update->static_ipv6;
- break;
- case DYNAMIC:
- in6_generate_eui64(mac, &update->od->ipam_info.ipv6_prefix, &ip6);
- break;
- }
-
- struct ds new_addr = DS_EMPTY_INITIALIZER;
- ds_put_format(&new_addr, ETH_ADDR_FMT, ETH_ADDR_ARGS(mac));
- ipam_insert_mac(&mac, true);
-
- if (ip4) {
- ipam_insert_ip(update->od, ntohl(ip4));
- ds_put_format(&new_addr, " "IP_FMT, IP_ARGS(ip4));
- }
- if (!IN6_ARE_ADDR_EQUAL(&ip6, &in6addr_any)) {
- char ip6_s[INET6_ADDRSTRLEN + 1];
- ipv6_string_mapped(ip6_s, &ip6);
- ds_put_format(&new_addr, " %s", ip6_s);
- }
- nbrec_logical_switch_port_set_dynamic_addresses(update->op->nbsp,
- ds_cstr(&new_addr));
- set_lsp_dynamic_addresses(ds_cstr(&new_addr), update->op);
- ds_destroy(&new_addr);
-}
-
-static void
-build_ipam(struct hmap *datapaths, struct hmap *ports)
-{
- /* IPAM generally stands for IP address management. In non-virtualized
- * world, MAC addresses come with the hardware. But, with virtualized
- * workloads, they need to be assigned and managed. This function
- * does both IP address management (ipam) and MAC address management
- * (macam). */
-
- /* If the switch's other_config:subnet is set, allocate new addresses for
- * ports that have the "dynamic" keyword in their addresses column. */
- struct ovn_datapath *od;
- struct ovs_list updates;
-
- ovs_list_init(&updates);
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- for (size_t i = 0; i < od->nbs->n_ports; i++) {
- const struct nbrec_logical_switch_port *nbsp = od->nbs->ports[i];
-
- if (!od->ipam_info.allocated_ipv4s &&
- !od->ipam_info.ipv6_prefix_set &&
- !od->ipam_info.mac_only) {
- if (nbsp->dynamic_addresses) {
- nbrec_logical_switch_port_set_dynamic_addresses(nbsp,
- NULL);
- }
- continue;
- }
-
- struct ovn_port *op = ovn_port_find(ports, nbsp->name);
- if (!op || op->nbsp != nbsp || op->peer) {
- /* Do not allocate addresses for logical switch ports that
- * have a peer. */
- continue;
- }
-
- int num_dynamic_addresses = 0;
- for (size_t j = 0; j < nbsp->n_addresses; j++) {
- if (!is_dynamic_lsp_address(nbsp->addresses[j])) {
- continue;
- }
- if (num_dynamic_addresses) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "More than one dynamic address "
- "configured for logical switch port '%s'",
- nbsp->name);
- continue;
- }
- num_dynamic_addresses++;
- struct dynamic_address_update *update
- = xzalloc(sizeof *update);
- update->op = op;
- update->od = od;
- if (nbsp->dynamic_addresses) {
- bool any_changed;
- extract_lsp_addresses(nbsp->dynamic_addresses,
- &update->current_addresses);
- any_changed = dynamic_addresses_check_for_updates(
- nbsp->addresses[j], update);
- update_unchanged_dynamic_addresses(update);
- if (any_changed) {
- ovs_list_push_back(&updates, &update->node);
- } else {
- /* No changes to dynamic addresses */
- set_lsp_dynamic_addresses(nbsp->dynamic_addresses, op);
- destroy_lport_addresses(&update->current_addresses);
- free(update);
- }
- } else {
- set_dynamic_updates(nbsp->addresses[j], update);
- ovs_list_push_back(&updates, &update->node);
- }
- }
-
- if (!num_dynamic_addresses && nbsp->dynamic_addresses) {
- nbrec_logical_switch_port_set_dynamic_addresses(nbsp, NULL);
- }
- }
-
- }
-
- /* After retaining all unchanged dynamic addresses, now assign
- * new ones.
- */
- struct dynamic_address_update *update;
- LIST_FOR_EACH_POP (update, node, &updates) {
- update_dynamic_addresses(update);
- destroy_lport_addresses(&update->current_addresses);
- free(update);
- }
-}
-
-/* Tag allocation for nested containers.
- *
- * For a logical switch port with 'parent_name' and a request to allocate tags,
- * keeps a track of all allocated tags. */
-struct tag_alloc_node {
- struct hmap_node hmap_node;
- char *parent_name;
- unsigned long *allocated_tags; /* A bitmap to track allocated tags. */
-};
-
-static void
-tag_alloc_destroy(struct hmap *tag_alloc_table)
-{
- struct tag_alloc_node *node;
- HMAP_FOR_EACH_POP (node, hmap_node, tag_alloc_table) {
- bitmap_free(node->allocated_tags);
- free(node->parent_name);
- free(node);
- }
- hmap_destroy(tag_alloc_table);
-}
-
-static struct tag_alloc_node *
-tag_alloc_get_node(struct hmap *tag_alloc_table, const char *parent_name)
-{
- /* If a node for the 'parent_name' exists, return it. */
- struct tag_alloc_node *tag_alloc_node;
- HMAP_FOR_EACH_WITH_HASH (tag_alloc_node, hmap_node,
- hash_string(parent_name, 0),
- tag_alloc_table) {
- if (!strcmp(tag_alloc_node->parent_name, parent_name)) {
- return tag_alloc_node;
- }
- }
-
- /* Create a new node. */
- tag_alloc_node = xmalloc(sizeof *tag_alloc_node);
- tag_alloc_node->parent_name = xstrdup(parent_name);
- tag_alloc_node->allocated_tags = bitmap_allocate(MAX_OVN_TAGS);
- /* Tag 0 is invalid for nested containers. */
- bitmap_set1(tag_alloc_node->allocated_tags, 0);
- hmap_insert(tag_alloc_table, &tag_alloc_node->hmap_node,
- hash_string(parent_name, 0));
-
- return tag_alloc_node;
-}
-
-static void
-tag_alloc_add_existing_tags(struct hmap *tag_alloc_table,
- const struct nbrec_logical_switch_port *nbsp)
-{
- /* Add the tags of already existing nested containers. If there is no
- * 'nbsp->parent_name' or no 'nbsp->tag' set, there is nothing to do. */
- if (!nbsp->parent_name || !nbsp->parent_name[0] || !nbsp->tag) {
- return;
- }
-
- struct tag_alloc_node *tag_alloc_node;
- tag_alloc_node = tag_alloc_get_node(tag_alloc_table, nbsp->parent_name);
- bitmap_set1(tag_alloc_node->allocated_tags, *nbsp->tag);
-}
-
-static void
-tag_alloc_create_new_tag(struct hmap *tag_alloc_table,
- const struct nbrec_logical_switch_port *nbsp)
-{
- if (!nbsp->tag_request) {
- return;
- }
-
- if (nbsp->parent_name && nbsp->parent_name[0]
- && *nbsp->tag_request == 0) {
- /* For nested containers that need allocation, do the allocation. */
-
- if (nbsp->tag) {
- /* This has already been allocated. */
- return;
- }
-
- struct tag_alloc_node *tag_alloc_node;
- int64_t tag;
- tag_alloc_node = tag_alloc_get_node(tag_alloc_table,
- nbsp->parent_name);
- tag = bitmap_scan(tag_alloc_node->allocated_tags, 0, 1, MAX_OVN_TAGS);
- if (tag == MAX_OVN_TAGS) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "out of vlans for logical switch ports with "
- "parent %s", nbsp->parent_name);
- return;
- }
- bitmap_set1(tag_alloc_node->allocated_tags, tag);
- nbrec_logical_switch_port_set_tag(nbsp, &tag, 1);
- } else if (*nbsp->tag_request != 0) {
- /* For everything else, copy the contents of 'tag_request' to 'tag'. */
- nbrec_logical_switch_port_set_tag(nbsp, nbsp->tag_request, 1);
- }
-}
-
-
-static void
-join_logical_ports(struct northd_context *ctx,
- struct hmap *datapaths, struct hmap *ports,
- struct hmap *chassis_qdisc_queues,
- struct hmap *tag_alloc_table, struct ovs_list *sb_only,
- struct ovs_list *nb_only, struct ovs_list *both)
-{
- ovs_list_init(sb_only);
- ovs_list_init(nb_only);
- ovs_list_init(both);
-
- const struct sbrec_port_binding *sb;
- SBREC_PORT_BINDING_FOR_EACH (sb, ctx->ovnsb_idl) {
- struct ovn_port *op = ovn_port_create(ports, sb->logical_port,
- NULL, NULL, sb);
- ovs_list_push_back(sb_only, &op->list);
- }
-
- struct ovn_datapath *od;
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (od->nbs) {
- for (size_t i = 0; i < od->nbs->n_ports; i++) {
- const struct nbrec_logical_switch_port *nbsp
- = od->nbs->ports[i];
- struct ovn_port *op = ovn_port_find(ports, nbsp->name);
- if (op) {
- if (op->nbsp || op->nbrp) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "duplicate logical port %s",
- nbsp->name);
- continue;
- }
- op->nbsp = nbsp;
- ovs_list_remove(&op->list);
-
- uint32_t queue_id = smap_get_int(&op->sb->options,
- "qdisc_queue_id", 0);
- if (queue_id && op->sb->chassis) {
- add_chassis_queue(
- chassis_qdisc_queues, &op->sb->chassis->header_.uuid,
- queue_id);
- }
-
- ovs_list_push_back(both, &op->list);
-
- /* This port exists due to a SB binding, but should
- * not have been initialized fully. */
- ovs_assert(!op->n_lsp_addrs && !op->n_ps_addrs);
- } else {
- op = ovn_port_create(ports, nbsp->name, nbsp, NULL, NULL);
- ovs_list_push_back(nb_only, &op->list);
- }
-
- if (!strcmp(nbsp->type, "localnet")) {
- od->localnet_port = op;
- }
-
- op->lsp_addrs
- = xmalloc(sizeof *op->lsp_addrs * nbsp->n_addresses);
- for (size_t j = 0; j < nbsp->n_addresses; j++) {
- if (!strcmp(nbsp->addresses[j], "unknown")
- || !strcmp(nbsp->addresses[j], "router")) {
- continue;
- }
- if (is_dynamic_lsp_address(nbsp->addresses[j])) {
- continue;
- } else if (!extract_lsp_addresses(nbsp->addresses[j],
- &op->lsp_addrs[op->n_lsp_addrs])) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl, "invalid syntax '%s' in logical "
- "switch port addresses. No MAC "
- "address found",
- op->nbsp->addresses[j]);
- continue;
- }
- op->n_lsp_addrs++;
- }
-
- op->ps_addrs
- = xmalloc(sizeof *op->ps_addrs * nbsp->n_port_security);
- for (size_t j = 0; j < nbsp->n_port_security; j++) {
- if (!extract_lsp_addresses(nbsp->port_security[j],
- &op->ps_addrs[op->n_ps_addrs])) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_INFO_RL(&rl, "invalid syntax '%s' in port "
- "security. No MAC address found",
- op->nbsp->port_security[j]);
- continue;
- }
- op->n_ps_addrs++;
- }
-
- op->od = od;
- tag_alloc_add_existing_tags(tag_alloc_table, nbsp);
- }
- } else {
- for (size_t i = 0; i < od->nbr->n_ports; i++) {
- const struct nbrec_logical_router_port *nbrp
- = od->nbr->ports[i];
-
- struct lport_addresses lrp_networks;
- if (!extract_lrp_networks(nbrp, &lrp_networks)) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'mac' %s", nbrp->mac);
- continue;
- }
-
- if (!lrp_networks.n_ipv4_addrs && !lrp_networks.n_ipv6_addrs) {
- continue;
- }
-
- struct ovn_port *op = ovn_port_find(ports, nbrp->name);
- if (op) {
- if (op->nbsp || op->nbrp) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "duplicate logical router port %s",
- nbrp->name);
- continue;
- }
- op->nbrp = nbrp;
- ovs_list_remove(&op->list);
- ovs_list_push_back(both, &op->list);
-
- /* This port exists but should not have been
- * initialized fully. */
- ovs_assert(!op->lrp_networks.n_ipv4_addrs
- && !op->lrp_networks.n_ipv6_addrs);
- } else {
- op = ovn_port_create(ports, nbrp->name, NULL, nbrp, NULL);
- ovs_list_push_back(nb_only, &op->list);
- }
-
- op->lrp_networks = lrp_networks;
- op->od = od;
-
- const char *redirect_chassis = smap_get(&op->nbrp->options,
- "redirect-chassis");
- if (op->nbrp->ha_chassis_group || redirect_chassis ||
- op->nbrp->n_gateway_chassis) {
- /* Additional "derived" ovn_port crp represents the
- * instance of op on the "redirect-chassis". */
- const char *gw_chassis = smap_get(&op->od->nbr->options,
- "chassis");
- if (gw_chassis) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Bad configuration: "
- "redirect-chassis configured on port %s "
- "on L3 gateway router", nbrp->name);
- continue;
- }
- if (od->l3dgw_port || od->l3redirect_port) {
- static struct vlog_rate_limit rl
- = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Bad configuration: multiple ports "
- "with redirect-chassis on same logical "
- "router %s", od->nbr->name);
- continue;
- }
-
- char *redirect_name = chassis_redirect_name(nbrp->name);
- struct ovn_port *crp = ovn_port_find(ports, redirect_name);
- if (crp) {
- crp->derived = true;
- crp->nbrp = nbrp;
- ovs_list_remove(&crp->list);
- ovs_list_push_back(both, &crp->list);
- } else {
- crp = ovn_port_create(ports, redirect_name,
- NULL, nbrp, NULL);
- crp->derived = true;
- ovs_list_push_back(nb_only, &crp->list);
- }
- crp->od = od;
- free(redirect_name);
-
- /* Set l3dgw_port and l3redirect_port in od, for later
- * use during flow creation. */
- od->l3dgw_port = op;
- od->l3redirect_port = crp;
- }
- }
- }
- }
-
- /* Connect logical router ports, and logical switch ports of type "router",
- * to their peers. */
- struct ovn_port *op;
- HMAP_FOR_EACH (op, key_node, ports) {
- if (op->nbsp && !strcmp(op->nbsp->type, "router") && !op->derived) {
- const char *peer_name = smap_get(&op->nbsp->options, "router-port");
- if (!peer_name) {
- continue;
- }
-
- struct ovn_port *peer = ovn_port_find(ports, peer_name);
- if (!peer || !peer->nbrp) {
- continue;
- }
-
- peer->peer = op;
- op->peer = peer;
- op->od->router_ports = xrealloc(
- op->od->router_ports,
- sizeof *op->od->router_ports * (op->od->n_router_ports + 1));
- op->od->router_ports[op->od->n_router_ports++] = op;
-
- /* Fill op->lsp_addrs for op->nbsp->addresses[] with
- * contents "router", which was skipped in the loop above. */
- for (size_t j = 0; j < op->nbsp->n_addresses; j++) {
- if (!strcmp(op->nbsp->addresses[j], "router")) {
- if (extract_lrp_networks(peer->nbrp,
- &op->lsp_addrs[op->n_lsp_addrs])) {
- op->n_lsp_addrs++;
- }
- break;
- }
- }
- } else if (op->nbrp && op->nbrp->peer && !op->derived) {
- struct ovn_port *peer = ovn_port_find(ports, op->nbrp->peer);
- if (peer) {
- if (peer->nbrp) {
- op->peer = peer;
- } else if (peer->nbsp) {
- /* An ovn_port for a switch port of type "router" does have
- * a router port as its peer (see the case above for
- * "router" ports), but this is set via options:router-port
- * in Logical_Switch_Port and does not involve the
- * Logical_Router_Port's 'peer' column. */
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "Bad configuration: The peer of router "
- "port %s is a switch port", op->key);
- }
- }
- }
- }
-
- /* Wait until all ports have been connected to add to IPAM since
- * it relies on proper peers to be set
- */
- HMAP_FOR_EACH (op, key_node, ports) {
- ipam_add_port_addresses(op->od, op);
- }
-}
-
-static void
-ip_address_and_port_from_lb_key(const char *key, char **ip_address,
- uint16_t *port, int *addr_family);
-
-static void
-get_router_load_balancer_ips(const struct ovn_datapath *od,
- struct sset *all_ips, int *addr_family)
-{
- if (!od->nbr) {
- return;
- }
-
- for (int i = 0; i < od->nbr->n_load_balancer; i++) {
- struct nbrec_load_balancer *lb = od->nbr->load_balancer[i];
- struct smap *vips = &lb->vips;
- struct smap_node *node;
-
- SMAP_FOR_EACH (node, vips) {
- /* node->key contains IP:port or just IP. */
- char *ip_address = NULL;
- uint16_t port;
-
- ip_address_and_port_from_lb_key(node->key, &ip_address, &port,
- addr_family);
- if (!ip_address) {
- continue;
- }
-
- if (!sset_contains(all_ips, ip_address)) {
- sset_add(all_ips, ip_address);
- }
-
- free(ip_address);
- }
- }
-}
-
-/* Returns an array of strings, each consisting of a MAC address followed
- * by one or more IP addresses, and if the port is a distributed gateway
- * port, followed by 'is_chassis_resident("LPORT_NAME")', where the
- * LPORT_NAME is the name of the L3 redirect port or the name of the
- * logical_port specified in a NAT rule. These strings include the
- * external IP addresses of all NAT rules defined on that router, and all
- * of the IP addresses used in load balancer VIPs defined on that router.
- *
- * The caller must free each of the n returned strings with free(),
- * and must free the returned array when it is no longer needed. */
-static char **
-get_nat_addresses(const struct ovn_port *op, size_t *n)
-{
- size_t n_nats = 0;
- struct eth_addr mac;
- if (!op->nbrp || !op->od || !op->od->nbr
- || (!op->od->nbr->n_nat && !op->od->nbr->n_load_balancer)
- || !eth_addr_from_string(op->nbrp->mac, &mac)) {
- *n = n_nats;
- return NULL;
- }
-
- struct ds c_addresses = DS_EMPTY_INITIALIZER;
- ds_put_format(&c_addresses, ETH_ADDR_FMT, ETH_ADDR_ARGS(mac));
- bool central_ip_address = false;
-
- char **addresses;
- addresses = xmalloc(sizeof *addresses * (op->od->nbr->n_nat + 1));
-
- /* Get NAT IP addresses. */
- for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
- const struct nbrec_nat *nat = op->od->nbr->nat[i];
- ovs_be32 ip, mask;
-
- char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
- if (error || mask != OVS_BE32_MAX) {
- free(error);
- continue;
- }
-
- /* Determine whether this NAT rule satisfies the conditions for
- * distributed NAT processing. */
- if (op->od->l3redirect_port && !strcmp(nat->type, "dnat_and_snat")
- && nat->logical_port && nat->external_mac) {
- /* Distributed NAT rule. */
- if (eth_addr_from_string(nat->external_mac, &mac)) {
- struct ds address = DS_EMPTY_INITIALIZER;
- ds_put_format(&address, ETH_ADDR_FMT, ETH_ADDR_ARGS(mac));
- ds_put_format(&address, " %s", nat->external_ip);
- ds_put_format(&address, " is_chassis_resident(\"%s\")",
- nat->logical_port);
- addresses[n_nats++] = ds_steal_cstr(&address);
- }
- } else {
- /* Centralized NAT rule, either on gateway router or distributed
- * router.
- * Check if external_ip is same as router ip. If so, then there
- * is no need to add this to the nat_addresses. The router IPs
- * will be added separately. */
- bool is_router_ip = false;
- for (size_t j = 0; j < op->lrp_networks.n_ipv4_addrs; j++) {
- if (!strcmp(nat->external_ip,
- op->lrp_networks.ipv4_addrs[j].addr_s)) {
- is_router_ip = true;
- break;
- }
- }
-
- if (!is_router_ip) {
- ds_put_format(&c_addresses, " %s", nat->external_ip);
- central_ip_address = true;
- }
- }
- }
-
- /* A set to hold all load-balancer vips. */
- struct sset all_ips = SSET_INITIALIZER(&all_ips);
- int addr_family;
- get_router_load_balancer_ips(op->od, &all_ips, &addr_family);
-
- const char *ip_address;
- SSET_FOR_EACH (ip_address, &all_ips) {
- ds_put_format(&c_addresses, " %s", ip_address);
- central_ip_address = true;
- }
- sset_destroy(&all_ips);
-
- if (central_ip_address) {
- /* Gratuitous ARP for centralized NAT rules on distributed gateway
- * ports should be restricted to the "redirect-chassis". */
- if (op->od->l3redirect_port) {
- ds_put_format(&c_addresses, " is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
-
- addresses[n_nats++] = ds_steal_cstr(&c_addresses);
- }
-
- *n = n_nats;
-
- return addresses;
-}
-
-static bool
-sbpb_gw_chassis_needs_update(
- const struct sbrec_port_binding *pb,
- const struct nbrec_logical_router_port *lrp,
- struct ovsdb_idl_index *sbrec_chassis_by_name)
-{
- if (!lrp || !pb) {
- return false;
- }
-
- if (lrp->n_gateway_chassis && !pb->ha_chassis_group) {
- /* If there are gateway chassis in the NB DB, but there is
- * no corresponding HA chassis group in SB DB we need to
- * create the HA chassis group in SB DB for this lrp. */
- return true;
- }
-
- if (strcmp(pb->ha_chassis_group->name, lrp->name)) {
- /* Name doesn't match. */
- return true;
- }
-
- if (lrp->n_gateway_chassis != pb->ha_chassis_group->n_ha_chassis) {
- return true;
- }
-
- for (size_t i = 0; i < lrp->n_gateway_chassis; i++) {
- struct nbrec_gateway_chassis *nbgw_ch = lrp->gateway_chassis[i];
- bool found = false;
- for (size_t j = 0; j < pb->ha_chassis_group->n_ha_chassis; j++) {
- struct sbrec_ha_chassis *sbha_ch =
- pb->ha_chassis_group->ha_chassis[j];
- const char *chassis_name = smap_get(&sbha_ch->external_ids,
- "chassis-name");
- if (!chassis_name) {
- return true;
- }
-
- if (strcmp(chassis_name, nbgw_ch->chassis_name)) {
- continue;
- }
-
- found = true;
-
- if (nbgw_ch->priority != sbha_ch->priority) {
- return true;
- }
-
- if (sbha_ch->chassis &&
- strcmp(nbgw_ch->chassis_name, sbha_ch->chassis->name)) {
- /* sbha_ch->chassis's name is different from the one
- * in sbha_ch->external_ids:chassis-name. */
- return true;
- }
-
- if (!sbha_ch->chassis &&
- chassis_lookup_by_name(sbrec_chassis_by_name,
- nbgw_ch->chassis_name)) {
- /* sbha_ch->chassis is NULL, but the chassis is
- * present in Chassis table. */
- return true;
- }
- }
-
- if (!found) {
- return true;
- }
- }
-
- /* No need to update SB DB. Its in sync. */
- return false;
-}
-
-static struct sbrec_ha_chassis *
-create_sb_ha_chassis(struct northd_context *ctx,
- const struct sbrec_chassis *chassis,
- const char *chassis_name, int priority)
-{
- struct sbrec_ha_chassis *sb_ha_chassis =
- sbrec_ha_chassis_insert(ctx->ovnsb_txn);
- sbrec_ha_chassis_set_chassis(sb_ha_chassis, chassis);
- sbrec_ha_chassis_set_priority(sb_ha_chassis, priority);
- /* Store the chassis_name in external_ids. If the chassis
- * entry doesn't exist in the Chassis table then we can
- * figure out the chassis to which this ha_chassis
- * maps to. */
- const struct smap external_ids =
- SMAP_CONST1(&external_ids, "chassis-name", chassis_name);
- sbrec_ha_chassis_set_external_ids(sb_ha_chassis, &external_ids);
- return sb_ha_chassis;
-}
-
-static bool
-chassis_group_list_changed(
- const struct nbrec_ha_chassis_group *nb_ha_grp,
- const struct sbrec_ha_chassis_group *sb_ha_grp,
- struct ovsdb_idl_index *sbrec_chassis_by_name)
-{
- if (nb_ha_grp->n_ha_chassis != sb_ha_grp->n_ha_chassis) {
- return true;
- }
-
- struct shash nb_ha_chassis_list = SHASH_INITIALIZER(&nb_ha_chassis_list);
- for (size_t i = 0; i < nb_ha_grp->n_ha_chassis; i++) {
- shash_add(&nb_ha_chassis_list,
- nb_ha_grp->ha_chassis[i]->chassis_name,
- nb_ha_grp->ha_chassis[i]);
- }
-
- bool changed = false;
- const struct sbrec_ha_chassis *sb_ha_chassis;
- const struct nbrec_ha_chassis *nb_ha_chassis;
- for (size_t i = 0; i < sb_ha_grp->n_ha_chassis; i++) {
- sb_ha_chassis = sb_ha_grp->ha_chassis[i];
- const char *chassis_name = smap_get(&sb_ha_chassis->external_ids,
- "chassis-name");
-
- if (!chassis_name) {
- changed = true;
- break;
- }
-
- nb_ha_chassis = shash_find_and_delete(&nb_ha_chassis_list,
- chassis_name);
- if (!nb_ha_chassis ||
- nb_ha_chassis->priority != sb_ha_chassis->priority) {
- changed = true;
- break;
- }
-
- if (sb_ha_chassis->chassis &&
- strcmp(sb_ha_chassis->chassis->name, chassis_name)) {
- /* sb_ha_chassis->chassis's name is different from the one
- * in sb_ha_chassis->external_ids:chassis-name. */
- changed = true;
- break;
- }
-
- if (!sb_ha_chassis->chassis &&
- chassis_lookup_by_name(sbrec_chassis_by_name,
- chassis_name)) {
- /* sb_ha_chassis->chassis is NULL, but the chassis is
- * present in Chassis table. */
- changed = true;
- break;
- }
- }
-
- struct shash_node *node, *next;
- SHASH_FOR_EACH_SAFE (node, next, &nb_ha_chassis_list) {
- shash_delete(&nb_ha_chassis_list, node);
- changed = true;
- }
- shash_destroy(&nb_ha_chassis_list);
-
- return changed;
-}
-
-static void
-sync_ha_chassis_group_for_sbpb(struct northd_context *ctx,
- const struct nbrec_ha_chassis_group *nb_ha_grp,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct sbrec_port_binding *pb)
-{
- bool new_sb_chassis_group = false;
- const struct sbrec_ha_chassis_group *sb_ha_grp =
- ha_chassis_group_lookup_by_name(
- ctx->sbrec_ha_chassis_grp_by_name, nb_ha_grp->name);
-
- if (!sb_ha_grp) {
- sb_ha_grp = sbrec_ha_chassis_group_insert(ctx->ovnsb_txn);
- sbrec_ha_chassis_group_set_name(sb_ha_grp, nb_ha_grp->name);
- new_sb_chassis_group = true;
- }
-
- if (new_sb_chassis_group ||
- chassis_group_list_changed(nb_ha_grp, sb_ha_grp,
- sbrec_chassis_by_name)) {
- struct sbrec_ha_chassis **sb_ha_chassis = NULL;
- size_t n_ha_chassis = nb_ha_grp->n_ha_chassis;
- sb_ha_chassis = xcalloc(n_ha_chassis, sizeof *sb_ha_chassis);
- for (size_t i = 0; i < nb_ha_grp->n_ha_chassis; i++) {
- const struct nbrec_ha_chassis *nb_ha_chassis
- = nb_ha_grp->ha_chassis[i];
- const struct sbrec_chassis *chassis =
- chassis_lookup_by_name(sbrec_chassis_by_name,
- nb_ha_chassis->chassis_name);
- sb_ha_chassis[i] = sbrec_ha_chassis_insert(ctx->ovnsb_txn);
- /* It's perfectly ok if the chassis is NULL. This could
- * happen when ovn-controller exits and removes its row
- * from the chassis table in OVN SB DB. */
- sbrec_ha_chassis_set_chassis(sb_ha_chassis[i], chassis);
- sbrec_ha_chassis_set_priority(sb_ha_chassis[i],
- nb_ha_chassis->priority);
- const struct smap external_ids =
- SMAP_CONST1(&external_ids, "chassis-name",
- nb_ha_chassis->chassis_name);
- sbrec_ha_chassis_set_external_ids(sb_ha_chassis[i], &external_ids);
- }
- sbrec_ha_chassis_group_set_ha_chassis(sb_ha_grp, sb_ha_chassis,
- n_ha_chassis);
- free(sb_ha_chassis);
- }
-
- sbrec_port_binding_set_ha_chassis_group(pb, sb_ha_grp);
-}
-
-/* This functions translates the gw chassis on the nb database
- * to HA chassis group in the sb database entries.
- */
-static void
-copy_gw_chassis_from_nbrp_to_sbpb(
- struct northd_context *ctx,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct nbrec_logical_router_port *lrp,
- const struct sbrec_port_binding *port_binding)
-{
-
- /* Make use of the new HA chassis group table to support HA
- * for the distributed gateway router port. */
- const struct sbrec_ha_chassis_group *sb_ha_chassis_group =
- ha_chassis_group_lookup_by_name(
- ctx->sbrec_ha_chassis_grp_by_name, lrp->name);
- if (!sb_ha_chassis_group) {
- sb_ha_chassis_group = sbrec_ha_chassis_group_insert(ctx->ovnsb_txn);
- sbrec_ha_chassis_group_set_name(sb_ha_chassis_group, lrp->name);
- }
-
- struct sbrec_ha_chassis **sb_ha_chassis = xcalloc(lrp->n_gateway_chassis,
- sizeof *sb_ha_chassis);
- size_t n_sb_ha_ch = 0;
- for (size_t n = 0; n < lrp->n_gateway_chassis; n++) {
- struct nbrec_gateway_chassis *lrp_gwc = lrp->gateway_chassis[n];
- if (!lrp_gwc->chassis_name) {
- continue;
- }
-
- const struct sbrec_chassis *chassis =
- chassis_lookup_by_name(sbrec_chassis_by_name,
- lrp_gwc->chassis_name);
-
- sb_ha_chassis[n_sb_ha_ch] =
- create_sb_ha_chassis(ctx, chassis, lrp_gwc->chassis_name,
- lrp_gwc->priority);
- n_sb_ha_ch++;
- }
-
- sbrec_ha_chassis_group_set_ha_chassis(sb_ha_chassis_group,
- sb_ha_chassis, n_sb_ha_ch);
- sbrec_port_binding_set_ha_chassis_group(port_binding, sb_ha_chassis_group);
- free(sb_ha_chassis);
-}
-
-static void
-ovn_port_update_sbrec(struct northd_context *ctx,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- const struct ovn_port *op,
- struct hmap *chassis_qdisc_queues,
- struct sset *active_ha_chassis_grps)
-{
- sbrec_port_binding_set_datapath(op->sb, op->od->sb);
- if (op->nbrp) {
- /* If the router is for l3 gateway, it resides on a chassis
- * and its port type is "l3gateway". */
- const char *chassis_name = smap_get(&op->od->nbr->options, "chassis");
- if (op->derived) {
- sbrec_port_binding_set_type(op->sb, "chassisredirect");
- } else if (chassis_name) {
- sbrec_port_binding_set_type(op->sb, "l3gateway");
- } else {
- sbrec_port_binding_set_type(op->sb, "patch");
- }
-
- struct smap new;
- smap_init(&new);
- if (op->derived) {
- const char *redirect_chassis = smap_get(&op->nbrp->options,
- "redirect-chassis");
- int n_gw_options_set = 0;
- if (op->nbrp->ha_chassis_group) {
- n_gw_options_set++;
- }
- if (op->nbrp->n_gateway_chassis) {
- n_gw_options_set++;
- }
- if (redirect_chassis) {
- n_gw_options_set++;
- }
- if (n_gw_options_set > 1) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(
- &rl, "Multiple gatway options set for the logical router "
- "port %s. The first preferred option is "
- "ha_chassis_group; the second is gateway_chassis; "
- "and the last is redirect-chassis.", op->nbrp->name);
- }
-
- if (op->nbrp->ha_chassis_group) {
- /* HA Chassis group is set. Ignore 'gateway_chassis'
- * column and redirect-chassis option. */
- sync_ha_chassis_group_for_sbpb(ctx, op->nbrp->ha_chassis_group,
- sbrec_chassis_by_name, op->sb);
- sset_add(active_ha_chassis_grps,
- op->nbrp->ha_chassis_group->name);
- } else if (op->nbrp->n_gateway_chassis) {
- /* Legacy gateway_chassis support.
- * Create ha_chassis_group for the Northbound gateway_chassis
- * associated with the lrp. */
- if (sbpb_gw_chassis_needs_update(op->sb, op->nbrp,
- sbrec_chassis_by_name)) {
- copy_gw_chassis_from_nbrp_to_sbpb(ctx,
- sbrec_chassis_by_name,
- op->nbrp, op->sb);
- }
-
- sset_add(active_ha_chassis_grps, op->nbrp->name);
- } else if (redirect_chassis) {
- /* Handle ports that had redirect-chassis option attached
- * to them, and for backwards compatibility convert them
- * to a single HA Chassis group entry */
- const struct sbrec_chassis *chassis =
- chassis_lookup_by_name(sbrec_chassis_by_name,
- redirect_chassis);
- if (chassis) {
- /* If we found the chassis, and the gw chassis on record
- * differs from what we expect go ahead and update */
- char *gwc_name = xasprintf("%s_%s", op->nbrp->name,
- chassis->name);
- const struct sbrec_ha_chassis_group *sb_ha_ch_grp;
- sb_ha_ch_grp = ha_chassis_group_lookup_by_name(
- ctx->sbrec_ha_chassis_grp_by_name, gwc_name);
- if (!sb_ha_ch_grp) {
- sb_ha_ch_grp =
- sbrec_ha_chassis_group_insert(ctx->ovnsb_txn);
- sbrec_ha_chassis_group_set_name(sb_ha_ch_grp,
- gwc_name);
- }
-
- if (sb_ha_ch_grp->n_ha_chassis != 1) {
- struct sbrec_ha_chassis **sb_ha_ch =
- xcalloc(1, sizeof *sb_ha_ch);
- sb_ha_ch[0] = create_sb_ha_chassis(ctx, chassis,
- chassis->name, 0);
- sbrec_ha_chassis_group_set_ha_chassis(sb_ha_ch_grp,
- sb_ha_ch, 1);
- }
- sbrec_port_binding_set_ha_chassis_group(op->sb,
- sb_ha_ch_grp);
- sset_add(active_ha_chassis_grps, gwc_name);
- free(gwc_name);
- } else {
- VLOG_WARN("chassis name '%s' from redirect from logical "
- " router port '%s' redirect-chassis not found",
- redirect_chassis, op->nbrp->name);
- if (op->sb->ha_chassis_group) {
- sbrec_port_binding_set_ha_chassis_group(op->sb, NULL);
- }
- }
- } else {
- /* Nothing is set. Clear ha_chassis_group from pb. */
- if (op->sb->ha_chassis_group) {
- sbrec_port_binding_set_ha_chassis_group(op->sb, NULL);
- }
- }
-
- if (op->sb->n_gateway_chassis) {
- /* Delete the legacy gateway_chassis from the pb. */
- sbrec_port_binding_set_gateway_chassis(op->sb, NULL, 0);
- }
- smap_add(&new, "distributed-port", op->nbrp->name);
- } else {
- if (op->peer) {
- smap_add(&new, "peer", op->peer->key);
- }
- if (chassis_name) {
- smap_add(&new, "l3gateway-chassis", chassis_name);
- }
- }
- sbrec_port_binding_set_options(op->sb, &new);
- smap_destroy(&new);
-
- sbrec_port_binding_set_parent_port(op->sb, NULL);
- sbrec_port_binding_set_tag(op->sb, NULL, 0);
-
- struct ds s = DS_EMPTY_INITIALIZER;
- ds_put_cstr(&s, op->nbrp->mac);
- for (int i = 0; i < op->nbrp->n_networks; ++i) {
- ds_put_format(&s, " %s", op->nbrp->networks[i]);
- }
- const char *addresses = ds_cstr(&s);
- sbrec_port_binding_set_mac(op->sb, &addresses, 1);
- ds_destroy(&s);
-
- struct smap ids = SMAP_INITIALIZER(&ids);
- sbrec_port_binding_set_external_ids(op->sb, &ids);
-
- sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
- } else {
- if (strcmp(op->nbsp->type, "router")) {
- uint32_t queue_id = smap_get_int(
- &op->sb->options, "qdisc_queue_id", 0);
- bool has_qos = port_has_qos_params(&op->nbsp->options);
- struct smap options;
-
- if (op->sb->chassis && has_qos && !queue_id) {
- queue_id = allocate_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis);
- } else if (!has_qos && queue_id) {
- free_chassis_queueid(chassis_qdisc_queues,
- op->sb->chassis,
- queue_id);
- queue_id = 0;
- }
-
- smap_clone(&options, &op->nbsp->options);
- if (queue_id) {
- smap_add_format(&options,
- "qdisc_queue_id", "%d", queue_id);
- }
- sbrec_port_binding_set_options(op->sb, &options);
- smap_destroy(&options);
- if (ovn_is_known_nb_lsp_type(op->nbsp->type)) {
- sbrec_port_binding_set_type(op->sb, op->nbsp->type);
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(
- &rl, "Unknown port type '%s' set on logical switch '%s'.",
- op->nbsp->type, op->nbsp->name);
- }
-
- sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
-
- if (!strcmp(op->nbsp->type, "external")) {
- if (op->nbsp->ha_chassis_group) {
- sync_ha_chassis_group_for_sbpb(
- ctx, op->nbsp->ha_chassis_group,
- sbrec_chassis_by_name, op->sb);
- sset_add(active_ha_chassis_grps,
- op->nbsp->ha_chassis_group->name);
- } else {
- sbrec_port_binding_set_ha_chassis_group(op->sb, NULL);
- }
- }
- } else {
- const char *chassis = NULL;
- if (op->peer && op->peer->od && op->peer->od->nbr) {
- chassis = smap_get(&op->peer->od->nbr->options, "chassis");
- }
-
- /* A switch port connected to a gateway router is also of
- * type "l3gateway". */
- if (chassis) {
- sbrec_port_binding_set_type(op->sb, "l3gateway");
- } else {
- sbrec_port_binding_set_type(op->sb, "patch");
- }
-
- const char *router_port = smap_get(&op->nbsp->options,
- "router-port");
- if (router_port || chassis) {
- struct smap new;
- smap_init(&new);
- if (router_port) {
- smap_add(&new, "peer", router_port);
- }
- if (chassis) {
- smap_add(&new, "l3gateway-chassis", chassis);
- }
- sbrec_port_binding_set_options(op->sb, &new);
- smap_destroy(&new);
- } else {
- sbrec_port_binding_set_options(op->sb, NULL);
- }
-
- const char *nat_addresses = smap_get(&op->nbsp->options,
- "nat-addresses");
- size_t n_nats = 0;
- char **nats = NULL;
- if (nat_addresses && !strcmp(nat_addresses, "router")) {
- if (op->peer && op->peer->od
- && (chassis || op->peer->od->l3redirect_port)) {
- nats = get_nat_addresses(op->peer, &n_nats);
- }
- /* Only accept manual specification of ethernet address
- * followed by IPv4 addresses on type "l3gateway" ports. */
- } else if (nat_addresses && chassis) {
- struct lport_addresses laddrs;
- if (!extract_lsp_addresses(nat_addresses, &laddrs)) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Error extracting nat-addresses.");
- } else {
- destroy_lport_addresses(&laddrs);
- n_nats = 1;
- nats = xcalloc(1, sizeof *nats);
- nats[0] = xstrdup(nat_addresses);
- }
- }
-
- /* Add the router mac and IPv4 addresses to
- * Port_Binding.nat_addresses so that GARP is sent for these
- * IPs by the ovn-controller on which the distributed gateway
- * router port resides if:
- *
- * - op->peer has 'reside-on-gateway-chassis' set and the
- * the logical router datapath has distributed router port.
- *
- * - op->peer is distributed gateway router port.
- *
- * - op->peer's router is a gateway router and op has a localnet
- * port.
- *
- * Note: Port_Binding.nat_addresses column is also used for
- * sending the GARPs for the router port IPs.
- * */
- bool add_router_port_garp = false;
- if (op->peer && op->peer->nbrp && op->peer->od->l3dgw_port &&
- op->peer->od->l3redirect_port &&
- (smap_get_bool(&op->peer->nbrp->options,
- "reside-on-redirect-chassis", false) ||
- op->peer == op->peer->od->l3dgw_port)) {
- add_router_port_garp = true;
- } else if (chassis && op->od->localnet_port) {
- add_router_port_garp = true;
- }
-
- if (add_router_port_garp) {
- struct ds garp_info = DS_EMPTY_INITIALIZER;
- ds_put_format(&garp_info, "%s", op->peer->lrp_networks.ea_s);
- for (size_t i = 0; i < op->peer->lrp_networks.n_ipv4_addrs;
- i++) {
- ds_put_format(&garp_info, " %s",
- op->peer->lrp_networks.ipv4_addrs[i].addr_s);
- }
-
- if (op->peer->od->l3redirect_port) {
- ds_put_format(&garp_info, " is_chassis_resident(%s)",
- op->peer->od->l3redirect_port->json_key);
- }
-
- n_nats++;
- nats = xrealloc(nats, (n_nats * sizeof *nats));
- nats[n_nats - 1] = ds_steal_cstr(&garp_info);
- ds_destroy(&garp_info);
- }
-
- sbrec_port_binding_set_nat_addresses(op->sb,
- (const char **) nats, n_nats);
- for (size_t i = 0; i < n_nats; i++) {
- free(nats[i]);
- }
- free(nats);
- }
-
- sbrec_port_binding_set_parent_port(op->sb, op->nbsp->parent_name);
- sbrec_port_binding_set_tag(op->sb, op->nbsp->tag, op->nbsp->n_tag);
- sbrec_port_binding_set_mac(op->sb, (const char **) op->nbsp->addresses,
- op->nbsp->n_addresses);
-
- struct smap ids = SMAP_INITIALIZER(&ids);
- smap_clone(&ids, &op->nbsp->external_ids);
- const char *name = smap_get(&ids, "neutron:port_name");
- if (name && name[0]) {
- smap_add(&ids, "name", name);
- }
- sbrec_port_binding_set_external_ids(op->sb, &ids);
- smap_destroy(&ids);
- }
-}
-
-/* Remove mac_binding entries that refer to logical_ports which are
- * deleted. */
-static void
-cleanup_mac_bindings(struct northd_context *ctx, struct hmap *ports)
-{
- const struct sbrec_mac_binding *b, *n;
- SBREC_MAC_BINDING_FOR_EACH_SAFE (b, n, ctx->ovnsb_idl) {
- if (!ovn_port_find(ports, b->logical_port)) {
- sbrec_mac_binding_delete(b);
- }
- }
-}
-
-static void
-cleanup_sb_ha_chassis_groups(struct northd_context *ctx,
- struct sset *active_ha_chassis_groups)
-{
- const struct sbrec_ha_chassis_group *b, *n;
- SBREC_HA_CHASSIS_GROUP_FOR_EACH_SAFE (b, n, ctx->ovnsb_idl) {
- if (!sset_contains(active_ha_chassis_groups, b->name)) {
- sbrec_ha_chassis_group_delete(b);
- }
- }
-}
-
-/* Updates the southbound Port_Binding table so that it contains the logical
- * switch ports specified by the northbound database.
- *
- * Initializes 'ports' to contain a "struct ovn_port" for every logical port,
- * using the "struct ovn_datapath"s in 'datapaths' to look up logical
- * datapaths. */
-static void
-build_ports(struct northd_context *ctx,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- struct hmap *datapaths, struct hmap *ports)
-{
- struct ovs_list sb_only, nb_only, both;
- struct hmap tag_alloc_table = HMAP_INITIALIZER(&tag_alloc_table);
- struct hmap chassis_qdisc_queues = HMAP_INITIALIZER(&chassis_qdisc_queues);
-
- /* sset which stores the set of ha chassis group names used. */
- struct sset active_ha_chassis_grps =
- SSET_INITIALIZER(&active_ha_chassis_grps);
-
- join_logical_ports(ctx, datapaths, ports, &chassis_qdisc_queues,
- &tag_alloc_table, &sb_only, &nb_only, &both);
-
- struct ovn_port *op, *next;
- /* For logical ports that are in both databases, update the southbound
- * record based on northbound data. Also index the in-use tunnel_keys.
- * For logical ports that are in NB database, do any tag allocation
- * needed. */
- LIST_FOR_EACH_SAFE (op, next, list, &both) {
- if (op->nbsp) {
- tag_alloc_create_new_tag(&tag_alloc_table, op->nbsp);
- }
- ovn_port_update_sbrec(ctx, sbrec_chassis_by_name,
- op, &chassis_qdisc_queues,
- &active_ha_chassis_grps);
- add_tnlid(&op->od->port_tnlids, op->sb->tunnel_key);
- if (op->sb->tunnel_key > op->od->port_key_hint) {
- op->od->port_key_hint = op->sb->tunnel_key;
- }
- }
-
- /* Add southbound record for each unmatched northbound record. */
- LIST_FOR_EACH_SAFE (op, next, list, &nb_only) {
- uint16_t tunnel_key = ovn_port_allocate_key(op->od);
- if (!tunnel_key) {
- continue;
- }
-
- op->sb = sbrec_port_binding_insert(ctx->ovnsb_txn);
- ovn_port_update_sbrec(ctx, sbrec_chassis_by_name, op,
- &chassis_qdisc_queues,
- &active_ha_chassis_grps);
- sbrec_port_binding_set_logical_port(op->sb, op->key);
- sbrec_port_binding_set_tunnel_key(op->sb, tunnel_key);
- }
-
- bool remove_mac_bindings = false;
- if (!ovs_list_is_empty(&sb_only)) {
- remove_mac_bindings = true;
- }
-
- /* Delete southbound records without northbound matches. */
- LIST_FOR_EACH_SAFE(op, next, list, &sb_only) {
- ovs_list_remove(&op->list);
- sbrec_port_binding_delete(op->sb);
- ovn_port_destroy(ports, op);
- }
- if (remove_mac_bindings) {
- cleanup_mac_bindings(ctx, ports);
- }
-
- tag_alloc_destroy(&tag_alloc_table);
- destroy_chassis_queues(&chassis_qdisc_queues);
- cleanup_sb_ha_chassis_groups(ctx, &active_ha_chassis_grps);
- sset_destroy(&active_ha_chassis_grps);
-}
-
-struct multicast_group {
- const char *name;
- uint16_t key; /* OVN_MIN_MULTICAST...OVN_MAX_MULTICAST. */
-};
-
-#define MC_FLOOD "_MC_flood"
-static const struct multicast_group mc_flood =
- { MC_FLOOD, OVN_MCAST_FLOOD_TUNNEL_KEY };
-
-#define MC_UNKNOWN "_MC_unknown"
-static const struct multicast_group mc_unknown =
- { MC_UNKNOWN, OVN_MCAST_UNKNOWN_TUNNEL_KEY };
-
-static bool
-multicast_group_equal(const struct multicast_group *a,
- const struct multicast_group *b)
-{
- return !strcmp(a->name, b->name) && a->key == b->key;
-}
-
-/* Multicast group entry. */
-struct ovn_multicast {
- struct hmap_node hmap_node; /* Index on 'datapath' and 'key'. */
- struct ovn_datapath *datapath;
- const struct multicast_group *group;
-
- struct ovn_port **ports;
- size_t n_ports, allocated_ports;
-};
-
-static uint32_t
-ovn_multicast_hash(const struct ovn_datapath *datapath,
- const struct multicast_group *group)
-{
- return hash_pointer(datapath, group->key);
-}
-
-static struct ovn_multicast *
-ovn_multicast_find(struct hmap *mcgroups, struct ovn_datapath *datapath,
- const struct multicast_group *group)
-{
- struct ovn_multicast *mc;
-
- HMAP_FOR_EACH_WITH_HASH (mc, hmap_node,
- ovn_multicast_hash(datapath, group), mcgroups) {
- if (mc->datapath == datapath
- && multicast_group_equal(mc->group, group)) {
- return mc;
- }
- }
- return NULL;
-}
-
-static void
-ovn_multicast_add_ports(struct hmap *mcgroups, struct ovn_datapath *od,
- const struct multicast_group *group,
- struct ovn_port **ports, size_t n_ports)
-{
- struct ovn_multicast *mc = ovn_multicast_find(mcgroups, od, group);
- if (!mc) {
- mc = xmalloc(sizeof *mc);
- hmap_insert(mcgroups, &mc->hmap_node, ovn_multicast_hash(od, group));
- mc->datapath = od;
- mc->group = group;
- mc->n_ports = 0;
- mc->allocated_ports = 4;
- mc->ports = xmalloc(mc->allocated_ports * sizeof *mc->ports);
- }
-
- size_t n_ports_total = mc->n_ports + n_ports;
-
- if (n_ports_total > 2 * mc->allocated_ports) {
- mc->allocated_ports = n_ports_total;
- mc->ports = xrealloc(mc->ports,
- mc->allocated_ports * sizeof *mc->ports);
- } else if (n_ports_total > mc->allocated_ports) {
- mc->ports = x2nrealloc(mc->ports, &mc->allocated_ports,
- sizeof *mc->ports);
- }
-
- memcpy(&mc->ports[mc->n_ports], &ports[0], n_ports * sizeof *ports);
- mc->n_ports += n_ports;
-}
-
-static void
-ovn_multicast_add(struct hmap *mcgroups, const struct multicast_group *group,
- struct ovn_port *port)
-{
- ovn_multicast_add_ports(mcgroups, port->od, group, &port, 1);
-}
-
-static void
-ovn_multicast_destroy(struct hmap *mcgroups, struct ovn_multicast *mc)
-{
- if (mc) {
- hmap_remove(mcgroups, &mc->hmap_node);
- free(mc->ports);
- free(mc);
- }
-}
-
-static void
-ovn_multicast_update_sbrec(const struct ovn_multicast *mc,
- const struct sbrec_multicast_group *sb)
-{
- struct sbrec_port_binding **ports = xmalloc(mc->n_ports * sizeof *ports);
- for (size_t i = 0; i < mc->n_ports; i++) {
- ports[i] = CONST_CAST(struct sbrec_port_binding *, mc->ports[i]->sb);
- }
- sbrec_multicast_group_set_ports(sb, ports, mc->n_ports);
- free(ports);
-}
-
-/*
- * IGMP group entry (1:1 mapping to SB database).
- */
-struct ovn_igmp_group_entry {
- struct ovs_list list_node; /* Linkage in the list of entries. */
- const struct sbrec_igmp_group *sb;
-};
-
-/*
- * IGMP group entry (aggregate of all entries from the SB database
- * corresponding to the multicast group).
- */
-struct ovn_igmp_group {
- struct hmap_node hmap_node; /* Index on 'datapath' and 'address'. */
-
- struct ovn_datapath *datapath;
- struct in6_addr address; /* Multicast IPv6-mapped-IPv4 or IPv4 address. */
- struct multicast_group mcgroup;
-
- struct ovs_list sb_entries; /* List of SB entries for this group. */
-};
-
-static uint32_t
-ovn_igmp_group_hash(const struct ovn_datapath *datapath,
- const struct in6_addr *address)
-{
- return hash_pointer(datapath, hash_bytes(address, sizeof *address, 0));
-}
-
-static struct ovn_igmp_group *
-ovn_igmp_group_find(struct hmap *igmp_groups,
- const struct ovn_datapath *datapath,
- const struct in6_addr *address)
-{
- struct ovn_igmp_group *group;
-
- HMAP_FOR_EACH_WITH_HASH (group, hmap_node,
- ovn_igmp_group_hash(datapath, address),
- igmp_groups) {
- if (group->datapath == datapath &&
- ipv6_addr_equals(&group->address, address)) {
- return group;
- }
- }
- return NULL;
-}
-
-static void
-ovn_igmp_group_add(struct northd_context *ctx, struct hmap *igmp_groups,
- struct ovn_datapath *datapath,
- const struct sbrec_igmp_group *sb_igmp_group)
-{
- struct in6_addr group_address;
- ovs_be32 ipv4;
-
- if (ip_parse(sb_igmp_group->address, &ipv4)) {
- group_address = in6_addr_mapped_ipv4(ipv4);
- } else if (!ipv6_parse(sb_igmp_group->address, &group_address)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "invalid IGMP group address: %s",
- sb_igmp_group->address);
- return;
- }
-
- struct ovn_igmp_group *igmp_group =
- ovn_igmp_group_find(igmp_groups, datapath, &group_address);
-
- if (!igmp_group) {
- igmp_group = xmalloc(sizeof *igmp_group);
-
- const struct sbrec_multicast_group *mcgroup =
- mcast_group_lookup(ctx->sbrec_mcast_group_by_name_dp,
- sb_igmp_group->address, datapath->sb);
-
- igmp_group->datapath = datapath;
- igmp_group->address = group_address;
- if (mcgroup) {
- igmp_group->mcgroup.key = mcgroup->tunnel_key;
- add_tnlid(&datapath->mcast_info.group_tnlids, mcgroup->tunnel_key);
- } else {
- igmp_group->mcgroup.key = 0;
- }
- igmp_group->mcgroup.name = sb_igmp_group->address;
- ovs_list_init(&igmp_group->sb_entries);
-
- hmap_insert(igmp_groups, &igmp_group->hmap_node,
- ovn_igmp_group_hash(datapath, &group_address));
- }
-
- struct ovn_igmp_group_entry *entry = xmalloc(sizeof *entry);
-
- entry->sb = sb_igmp_group;
- ovs_list_push_back(&igmp_group->sb_entries , &entry->list_node);
-}
-
-static void
-ovn_igmp_group_aggregate_ports(struct ovn_igmp_group *igmp_group,
- struct hmap *ovn_ports,
- struct hmap *mcast_groups)
-{
- struct ovn_igmp_group_entry *entry;
-
- LIST_FOR_EACH_POP (entry, list_node, &igmp_group->sb_entries) {
- size_t n_oports = 0;
- struct ovn_port **oports =
- xmalloc(entry->sb->n_ports * sizeof *oports);
-
- for (size_t i = 0; i < entry->sb->n_ports; i++) {
- oports[n_oports] =
- ovn_port_find(ovn_ports, entry->sb->ports[i]->logical_port);
- if (oports[n_oports]) {
- n_oports++;
- }
- }
-
- ovn_multicast_add_ports(mcast_groups, igmp_group->datapath,
- &igmp_group->mcgroup, oports, n_oports);
- free(oports);
- free(entry);
- }
-}
-
-static void
-ovn_igmp_group_destroy(struct hmap *igmp_groups,
- struct ovn_igmp_group *igmp_group)
-{
- if (igmp_group) {
- struct ovn_igmp_group_entry *entry;
-
- LIST_FOR_EACH_POP (entry, list_node, &igmp_group->sb_entries) {
- free(entry);
- }
- hmap_remove(igmp_groups, &igmp_group->hmap_node);
- free(igmp_group);
- }
-}
-
-/* Logical flow generation.
- *
- * This code generates the Logical_Flow table in the southbound database, as a
- * function of most of the northbound database.
- */
-
-struct ovn_lflow {
- struct hmap_node hmap_node;
-
- struct ovn_datapath *od;
- enum ovn_stage stage;
- uint16_t priority;
- char *match;
- char *actions;
- char *stage_hint;
- const char *where;
-};
-
-static size_t
-ovn_lflow_hash(const struct ovn_lflow *lflow)
-{
- return ovn_logical_flow_hash(&lflow->od->sb->header_.uuid,
- ovn_stage_get_table(lflow->stage),
- ovn_stage_get_pipeline_name(lflow->stage),
- lflow->priority, lflow->match,
- lflow->actions);
-}
-
-static bool
-ovn_lflow_equal(const struct ovn_lflow *a, const struct ovn_lflow *b)
-{
- return (a->od == b->od
- && a->stage == b->stage
- && a->priority == b->priority
- && !strcmp(a->match, b->match)
- && !strcmp(a->actions, b->actions));
-}
-
-static void
-ovn_lflow_init(struct ovn_lflow *lflow, struct ovn_datapath *od,
- enum ovn_stage stage, uint16_t priority,
- char *match, char *actions, char *stage_hint,
- const char *where)
-{
- lflow->od = od;
- lflow->stage = stage;
- lflow->priority = priority;
- lflow->match = match;
- lflow->actions = actions;
- lflow->stage_hint = stage_hint;
- lflow->where = where;
-}
-
-/* Adds a row with the specified contents to the Logical_Flow table. */
-static void
-ovn_lflow_add_at(struct hmap *lflow_map, struct ovn_datapath *od,
- enum ovn_stage stage, uint16_t priority,
- const char *match, const char *actions,
- const char *stage_hint, const char *where)
-{
- ovs_assert(ovn_stage_to_datapath_type(stage) == ovn_datapath_get_type(od));
-
- struct ovn_lflow *lflow = xmalloc(sizeof *lflow);
- ovn_lflow_init(lflow, od, stage, priority,
- xstrdup(match), xstrdup(actions),
- nullable_xstrdup(stage_hint), where);
- hmap_insert(lflow_map, &lflow->hmap_node, ovn_lflow_hash(lflow));
-}
-
-/* Adds a row with the specified contents to the Logical_Flow table. */
-#define ovn_lflow_add_with_hint(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, \
- ACTIONS, STAGE_HINT) \
- ovn_lflow_add_at(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS, \
- STAGE_HINT, OVS_SOURCE_LOCATOR)
-
-#define ovn_lflow_add(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, ACTIONS) \
- ovn_lflow_add_with_hint(LFLOW_MAP, OD, STAGE, PRIORITY, MATCH, \
- ACTIONS, NULL)
-
-static struct ovn_lflow *
-ovn_lflow_find(struct hmap *lflows, struct ovn_datapath *od,
- enum ovn_stage stage, uint16_t priority,
- const char *match, const char *actions, uint32_t hash)
-{
- struct ovn_lflow target;
- ovn_lflow_init(&target, od, stage, priority,
- CONST_CAST(char *, match), CONST_CAST(char *, actions),
- NULL, NULL);
-
- struct ovn_lflow *lflow;
- HMAP_FOR_EACH_WITH_HASH (lflow, hmap_node, hash, lflows) {
- if (ovn_lflow_equal(lflow, &target)) {
- return lflow;
- }
- }
- return NULL;
-}
-
-static void
-ovn_lflow_destroy(struct hmap *lflows, struct ovn_lflow *lflow)
-{
- if (lflow) {
- hmap_remove(lflows, &lflow->hmap_node);
- free(lflow->match);
- free(lflow->actions);
- free(lflow->stage_hint);
- free(lflow);
- }
-}
-
-/* Appends port security constraints on L2 address field 'eth_addr_field'
- * (e.g. "eth.src" or "eth.dst") to 'match'. 'ps_addrs', with 'n_ps_addrs'
- * elements, is the collection of port_security constraints from an
- * OVN_NB Logical_Switch_Port row generated by extract_lsp_addresses(). */
-static void
-build_port_security_l2(const char *eth_addr_field,
- struct lport_addresses *ps_addrs,
- unsigned int n_ps_addrs,
- struct ds *match)
-{
- if (!n_ps_addrs) {
- return;
- }
-
- ds_put_format(match, " && %s == {", eth_addr_field);
-
- for (size_t i = 0; i < n_ps_addrs; i++) {
- ds_put_format(match, "%s ", ps_addrs[i].ea_s);
- }
- ds_chomp(match, ' ');
- ds_put_cstr(match, "}");
-}
-
-static void
-build_port_security_ipv6_nd_flow(
- struct ds *match, struct eth_addr ea, struct ipv6_netaddr *ipv6_addrs,
- int n_ipv6_addrs)
-{
- ds_put_format(match, " && ip6 && nd && ((nd.sll == "ETH_ADDR_FMT" || "
- "nd.sll == "ETH_ADDR_FMT") || ((nd.tll == "ETH_ADDR_FMT" || "
- "nd.tll == "ETH_ADDR_FMT")", ETH_ADDR_ARGS(eth_addr_zero),
- ETH_ADDR_ARGS(ea), ETH_ADDR_ARGS(eth_addr_zero),
- ETH_ADDR_ARGS(ea));
- if (!n_ipv6_addrs) {
- ds_put_cstr(match, "))");
- return;
- }
-
- char ip6_str[INET6_ADDRSTRLEN + 1];
- struct in6_addr lla;
- in6_generate_lla(ea, &lla);
- memset(ip6_str, 0, sizeof(ip6_str));
- ipv6_string_mapped(ip6_str, &lla);
- ds_put_format(match, " && (nd.target == %s", ip6_str);
-
- for(int i = 0; i < n_ipv6_addrs; i++) {
- memset(ip6_str, 0, sizeof(ip6_str));
- ipv6_string_mapped(ip6_str, &ipv6_addrs[i].addr);
- ds_put_format(match, " || nd.target == %s", ip6_str);
- }
-
- ds_put_format(match, ")))");
-}
-
-static void
-build_port_security_ipv6_flow(
- enum ovn_pipeline pipeline, struct ds *match, struct eth_addr ea,
- struct ipv6_netaddr *ipv6_addrs, int n_ipv6_addrs)
-{
- char ip6_str[INET6_ADDRSTRLEN + 1];
-
- ds_put_format(match, " && %s == {",
- pipeline == P_IN ? "ip6.src" : "ip6.dst");
-
- /* Allow link-local address. */
- struct in6_addr lla;
- in6_generate_lla(ea, &lla);
- ipv6_string_mapped(ip6_str, &lla);
- ds_put_format(match, "%s, ", ip6_str);
-
- /* Allow ip6.dst=ff00::/8 for multicast packets */
- if (pipeline == P_OUT) {
- ds_put_cstr(match, "ff00::/8, ");
- }
- for(int i = 0; i < n_ipv6_addrs; i++) {
- ipv6_string_mapped(ip6_str, &ipv6_addrs[i].addr);
- ds_put_format(match, "%s, ", ip6_str);
- }
- /* Replace ", " by "}". */
- ds_chomp(match, ' ');
- ds_chomp(match, ',');
- ds_put_cstr(match, "}");
-}
-
-/**
- * Build port security constraints on ARP and IPv6 ND fields
- * and add logical flows to S_SWITCH_IN_PORT_SEC_ND stage.
- *
- * For each port security of the logical port, following
- * logical flows are added
- * - If the port security has no IP (both IPv4 and IPv6) or
- * if it has IPv4 address(es)
- * - Priority 90 flow to allow ARP packets for known MAC addresses
- * in the eth.src and arp.spa fields. If the port security
- * has IPv4 addresses, allow known IPv4 addresses in the arp.tpa field.
- *
- * - If the port security has no IP (both IPv4 and IPv6) or
- * if it has IPv6 address(es)
- * - Priority 90 flow to allow IPv6 ND packets for known MAC addresses
- * in the eth.src and nd.sll/nd.tll fields. If the port security
- * has IPv6 addresses, allow known IPv6 addresses in the nd.target field
- * for IPv6 Neighbor Advertisement packet.
- *
- * - Priority 80 flow to drop ARP and IPv6 ND packets.
- */
-static void
-build_port_security_nd(struct ovn_port *op, struct hmap *lflows)
-{
- struct ds match = DS_EMPTY_INITIALIZER;
-
- for (size_t i = 0; i < op->n_ps_addrs; i++) {
- struct lport_addresses *ps = &op->ps_addrs[i];
-
- bool no_ip = !(ps->n_ipv4_addrs || ps->n_ipv6_addrs);
-
- ds_clear(&match);
- if (ps->n_ipv4_addrs || no_ip) {
- ds_put_format(&match,
- "inport == %s && eth.src == %s && arp.sha == %s",
- op->json_key, ps->ea_s, ps->ea_s);
-
- if (ps->n_ipv4_addrs) {
- ds_put_cstr(&match, " && arp.spa == {");
- for (size_t j = 0; j < ps->n_ipv4_addrs; j++) {
- /* When the netmask is applied, if the host portion is
- * non-zero, the host can only use the specified
- * address in the arp.spa. If zero, the host is allowed
- * to use any address in the subnet. */
- if (ps->ipv4_addrs[j].plen == 32
- || ps->ipv4_addrs[j].addr & ~ps->ipv4_addrs[j].mask) {
- ds_put_cstr(&match, ps->ipv4_addrs[j].addr_s);
- } else {
- ds_put_format(&match, "%s/%d",
- ps->ipv4_addrs[j].network_s,
- ps->ipv4_addrs[j].plen);
- }
- ds_put_cstr(&match, ", ");
- }
- ds_chomp(&match, ' ');
- ds_chomp(&match, ',');
- ds_put_cstr(&match, "}");
- }
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 90,
- ds_cstr(&match), "next;");
- }
-
- if (ps->n_ipv6_addrs || no_ip) {
- ds_clear(&match);
- ds_put_format(&match, "inport == %s && eth.src == %s",
- op->json_key, ps->ea_s);
- build_port_security_ipv6_nd_flow(&match, ps->ea, ps->ipv6_addrs,
- ps->n_ipv6_addrs);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 90,
- ds_cstr(&match), "next;");
- }
- }
-
- ds_clear(&match);
- ds_put_format(&match, "inport == %s && (arp || nd)", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 80,
- ds_cstr(&match), "drop;");
- ds_destroy(&match);
-}
-
-/**
- * Build port security constraints on IPv4 and IPv6 src and dst fields
- * and add logical flows to S_SWITCH_(IN/OUT)_PORT_SEC_IP stage.
- *
- * For each port security of the logical port, following
- * logical flows are added
- * - If the port security has IPv4 addresses,
- * - Priority 90 flow to allow IPv4 packets for known IPv4 addresses
- *
- * - If the port security has IPv6 addresses,
- * - Priority 90 flow to allow IPv6 packets for known IPv6 addresses
- *
- * - If the port security has IPv4 addresses or IPv6 addresses or both
- * - Priority 80 flow to drop all IPv4 and IPv6 traffic
- */
-static void
-build_port_security_ip(enum ovn_pipeline pipeline, struct ovn_port *op,
- struct hmap *lflows)
-{
- char *port_direction;
- enum ovn_stage stage;
- if (pipeline == P_IN) {
- port_direction = "inport";
- stage = S_SWITCH_IN_PORT_SEC_IP;
- } else {
- port_direction = "outport";
- stage = S_SWITCH_OUT_PORT_SEC_IP;
- }
-
- for (size_t i = 0; i < op->n_ps_addrs; i++) {
- struct lport_addresses *ps = &op->ps_addrs[i];
-
- if (!(ps->n_ipv4_addrs || ps->n_ipv6_addrs)) {
- continue;
- }
-
- if (ps->n_ipv4_addrs) {
- struct ds match = DS_EMPTY_INITIALIZER;
- if (pipeline == P_IN) {
- /* Permit use of the unspecified address for DHCP discovery */
- struct ds dhcp_match = DS_EMPTY_INITIALIZER;
- ds_put_format(&dhcp_match, "inport == %s"
- " && eth.src == %s"
- " && ip4.src == 0.0.0.0"
- " && ip4.dst == 255.255.255.255"
- " && udp.src == 68 && udp.dst == 67",
- op->json_key, ps->ea_s);
- ovn_lflow_add(lflows, op->od, stage, 90,
- ds_cstr(&dhcp_match), "next;");
- ds_destroy(&dhcp_match);
- ds_put_format(&match, "inport == %s && eth.src == %s"
- " && ip4.src == {", op->json_key,
- ps->ea_s);
- } else {
- ds_put_format(&match, "outport == %s && eth.dst == %s"
- " && ip4.dst == {255.255.255.255, 224.0.0.0/4, ",
- op->json_key, ps->ea_s);
- }
-
- for (int j = 0; j < ps->n_ipv4_addrs; j++) {
- ovs_be32 mask = ps->ipv4_addrs[j].mask;
- /* When the netmask is applied, if the host portion is
- * non-zero, the host can only use the specified
- * address. If zero, the host is allowed to use any
- * address in the subnet.
- */
- if (ps->ipv4_addrs[j].plen == 32
- || ps->ipv4_addrs[j].addr & ~mask) {
- ds_put_format(&match, "%s", ps->ipv4_addrs[j].addr_s);
- if (pipeline == P_OUT && ps->ipv4_addrs[j].plen != 32) {
- /* Host is also allowed to receive packets to the
- * broadcast address in the specified subnet. */
- ds_put_format(&match, ", %s",
- ps->ipv4_addrs[j].bcast_s);
- }
- } else {
- /* host portion is zero */
- ds_put_format(&match, "%s/%d", ps->ipv4_addrs[j].network_s,
- ps->ipv4_addrs[j].plen);
- }
- ds_put_cstr(&match, ", ");
- }
-
- /* Replace ", " by "}". */
- ds_chomp(&match, ' ');
- ds_chomp(&match, ',');
- ds_put_cstr(&match, "}");
- ovn_lflow_add(lflows, op->od, stage, 90, ds_cstr(&match), "next;");
- ds_destroy(&match);
- }
-
- if (ps->n_ipv6_addrs) {
- struct ds match = DS_EMPTY_INITIALIZER;
- if (pipeline == P_IN) {
- /* Permit use of unspecified address for duplicate address
- * detection */
- struct ds dad_match = DS_EMPTY_INITIALIZER;
- ds_put_format(&dad_match, "inport == %s"
- " && eth.src == %s"
- " && ip6.src == ::"
- " && ip6.dst == ff02::/16"
- " && icmp6.type == {131, 135, 143}", op->json_key,
- ps->ea_s);
- ovn_lflow_add(lflows, op->od, stage, 90,
- ds_cstr(&dad_match), "next;");
- ds_destroy(&dad_match);
- }
- ds_put_format(&match, "%s == %s && %s == %s",
- port_direction, op->json_key,
- pipeline == P_IN ? "eth.src" : "eth.dst", ps->ea_s);
- build_port_security_ipv6_flow(pipeline, &match, ps->ea,
- ps->ipv6_addrs, ps->n_ipv6_addrs);
- ovn_lflow_add(lflows, op->od, stage, 90,
- ds_cstr(&match), "next;");
- ds_destroy(&match);
- }
-
- char *match = xasprintf("%s == %s && %s == %s && ip",
- port_direction, op->json_key,
- pipeline == P_IN ? "eth.src" : "eth.dst",
- ps->ea_s);
- ovn_lflow_add(lflows, op->od, stage, 80, match, "drop;");
- free(match);
- }
-
-}
-
-static bool
-lsp_is_enabled(const struct nbrec_logical_switch_port *lsp)
-{
- return !lsp->enabled || *lsp->enabled;
-}
-
-static bool
-lsp_is_up(const struct nbrec_logical_switch_port *lsp)
-{
- return !lsp->up || *lsp->up;
-}
-
-static bool
-lsp_is_external(const struct nbrec_logical_switch_port *nbsp)
-{
- return !strcmp(nbsp->type, "external");
-}
-
-static bool
-build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip,
- struct ds *options_action, struct ds *response_action,
- struct ds *ipv4_addr_match)
-{
- if (!op->nbsp->dhcpv4_options) {
- /* CMS has disabled native DHCPv4 for this lport. */
- return false;
- }
-
- ovs_be32 host_ip, mask;
- char *error = ip_parse_masked(op->nbsp->dhcpv4_options->cidr, &host_ip,
- &mask);
- if (error || ((offer_ip ^ host_ip) & mask)) {
- /* Either
- * - cidr defined is invalid or
- * - the offer ip of the logical port doesn't belong to the cidr
- * defined in the DHCPv4 options.
- * */
- free(error);
- return false;
- }
-
- const char *server_ip = smap_get(
- &op->nbsp->dhcpv4_options->options, "server_id");
- const char *server_mac = smap_get(
- &op->nbsp->dhcpv4_options->options, "server_mac");
- const char *lease_time = smap_get(
- &op->nbsp->dhcpv4_options->options, "lease_time");
-
- if (!(server_ip && server_mac && lease_time)) {
- /* "server_id", "server_mac" and "lease_time" should be
- * present in the dhcp_options. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Required DHCPv4 options not defined for lport - %s",
- op->json_key);
- return false;
- }
-
- struct smap dhcpv4_options = SMAP_INITIALIZER(&dhcpv4_options);
- smap_clone(&dhcpv4_options, &op->nbsp->dhcpv4_options->options);
-
- /* server_mac is not DHCPv4 option, delete it from the smap. */
- smap_remove(&dhcpv4_options, "server_mac");
- char *netmask = xasprintf(IP_FMT, IP_ARGS(mask));
- smap_add(&dhcpv4_options, "netmask", netmask);
- free(netmask);
-
- ds_put_format(options_action,
- REGBIT_DHCP_OPTS_RESULT" = put_dhcp_opts(offerip = "
- IP_FMT", ", IP_ARGS(offer_ip));
-
- /* We're not using SMAP_FOR_EACH because we want a consistent order of the
- * options on different architectures (big or little endian, SSE4.2) */
- const struct smap_node **sorted_opts = smap_sort(&dhcpv4_options);
- for (size_t i = 0; i < smap_count(&dhcpv4_options); i++) {
- const struct smap_node *node = sorted_opts[i];
- ds_put_format(options_action, "%s = %s, ", node->key, node->value);
- }
- free(sorted_opts);
-
- ds_chomp(options_action, ' ');
- ds_chomp(options_action, ',');
- ds_put_cstr(options_action, "); next;");
-
- ds_put_format(response_action, "eth.dst = eth.src; eth.src = %s; "
- "ip4.dst = "IP_FMT"; ip4.src = %s; udp.src = 67; "
- "udp.dst = 68; outport = inport; flags.loopback = 1; "
- "output;",
- server_mac, IP_ARGS(offer_ip), server_ip);
-
- ds_put_format(ipv4_addr_match,
- "ip4.src == "IP_FMT" && ip4.dst == {%s, 255.255.255.255}",
- IP_ARGS(offer_ip), server_ip);
- smap_destroy(&dhcpv4_options);
- return true;
-}
-
-static bool
-build_dhcpv6_action(struct ovn_port *op, struct in6_addr *offer_ip,
- struct ds *options_action, struct ds *response_action)
-{
- if (!op->nbsp->dhcpv6_options) {
- /* CMS has disabled native DHCPv6 for this lport. */
- return false;
- }
-
- struct in6_addr host_ip, mask;
-
- char *error = ipv6_parse_masked(op->nbsp->dhcpv6_options->cidr, &host_ip,
- &mask);
- if (error) {
- free(error);
- return false;
- }
- struct in6_addr ip6_mask = ipv6_addr_bitxor(offer_ip, &host_ip);
- ip6_mask = ipv6_addr_bitand(&ip6_mask, &mask);
- if (!ipv6_mask_is_any(&ip6_mask)) {
- /* offer_ip doesn't belongs to the cidr defined in lport's DHCPv6
- * options.*/
- return false;
- }
-
- const struct smap *options_map = &op->nbsp->dhcpv6_options->options;
- /* "server_id" should be the MAC address. */
- const char *server_mac = smap_get(options_map, "server_id");
- struct eth_addr ea;
- if (!server_mac || !eth_addr_from_string(server_mac, &ea)) {
- /* "server_id" should be present in the dhcpv6_options. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "server_id not present in the DHCPv6 options"
- " for lport %s", op->json_key);
- return false;
- }
-
- /* Get the link local IP of the DHCPv6 server from the server MAC. */
- struct in6_addr lla;
- in6_generate_lla(ea, &lla);
-
- char server_ip[INET6_ADDRSTRLEN + 1];
- ipv6_string_mapped(server_ip, &lla);
-
- char ia_addr[INET6_ADDRSTRLEN + 1];
- ipv6_string_mapped(ia_addr, offer_ip);
-
- ds_put_format(options_action,
- REGBIT_DHCP_OPTS_RESULT" = put_dhcpv6_opts(");
-
- /* Check whether the dhcpv6 options should be configured as stateful.
- * Only reply with ia_addr option for dhcpv6 stateful address mode. */
- if (!smap_get_bool(options_map, "dhcpv6_stateless", false)) {
- ipv6_string_mapped(ia_addr, offer_ip);
- ds_put_format(options_action, "ia_addr = %s, ", ia_addr);
- }
-
- /* We're not using SMAP_FOR_EACH because we want a consistent order of the
- * options on different architectures (big or little endian, SSE4.2) */
- const struct smap_node **sorted_opts = smap_sort(options_map);
- for (size_t i = 0; i < smap_count(options_map); i++) {
- const struct smap_node *node = sorted_opts[i];
- if (strcmp(node->key, "dhcpv6_stateless")) {
- ds_put_format(options_action, "%s = %s, ", node->key, node->value);
- }
- }
- free(sorted_opts);
-
- ds_chomp(options_action, ' ');
- ds_chomp(options_action, ',');
- ds_put_cstr(options_action, "); next;");
-
- ds_put_format(response_action, "eth.dst = eth.src; eth.src = %s; "
- "ip6.dst = ip6.src; ip6.src = %s; udp.src = 547; "
- "udp.dst = 546; outport = inport; flags.loopback = 1; "
- "output;",
- server_mac, server_ip);
-
- return true;
-}
-
-struct ovn_port_group_ls {
- struct hmap_node key_node; /* Index on 'key'. */
- struct uuid key; /* nb_ls->header_.uuid. */
- const struct nbrec_logical_switch *nb_ls;
-};
-
-struct ovn_port_group {
- struct hmap_node key_node; /* Index on 'key'. */
- struct uuid key; /* nb_pg->header_.uuid. */
- const struct nbrec_port_group *nb_pg;
- struct hmap nb_lswitches; /* NB lswitches related to the port group */
-};
-
-static void
-ovn_port_group_ls_add(struct ovn_port_group *pg,
- const struct nbrec_logical_switch *nb_ls)
-{
- struct ovn_port_group_ls *pg_ls = xzalloc(sizeof *pg_ls);
- pg_ls->key = nb_ls->header_.uuid;
- pg_ls->nb_ls = nb_ls;
- hmap_insert(&pg->nb_lswitches, &pg_ls->key_node, uuid_hash(&pg_ls->key));
-}
-
-static struct ovn_port_group_ls *
-ovn_port_group_ls_find(struct ovn_port_group *pg, const struct uuid *ls_uuid)
-{
- struct ovn_port_group_ls *pg_ls;
-
- HMAP_FOR_EACH_WITH_HASH (pg_ls, key_node, uuid_hash(ls_uuid),
- &pg->nb_lswitches) {
- if (uuid_equals(ls_uuid, &pg_ls->key)) {
- return pg_ls;
- }
- }
- return NULL;
-}
-
-struct ovn_ls_port_group {
- struct hmap_node key_node; /* Index on 'key'. */
- struct uuid key; /* nb_pg->header_.uuid. */
- const struct nbrec_port_group *nb_pg;
-};
-
-static void
-ovn_ls_port_group_add(struct hmap *nb_pgs,
- const struct nbrec_port_group *nb_pg)
-{
- struct ovn_ls_port_group *ls_pg = xzalloc(sizeof *ls_pg);
- ls_pg->key = nb_pg->header_.uuid;
- ls_pg->nb_pg = nb_pg;
- hmap_insert(nb_pgs, &ls_pg->key_node, uuid_hash(&ls_pg->key));
-}
-
-static void
-ovn_ls_port_group_destroy(struct hmap *nb_pgs)
-{
- struct ovn_ls_port_group *ls_pg;
- HMAP_FOR_EACH_POP (ls_pg, key_node, nb_pgs) {
- free(ls_pg);
- }
- hmap_destroy(nb_pgs);
-}
-
-static bool
-has_stateful_acl(struct ovn_datapath *od)
-{
- for (size_t i = 0; i < od->nbs->n_acls; i++) {
- struct nbrec_acl *acl = od->nbs->acls[i];
- if (!strcmp(acl->action, "allow-related")) {
- return true;
- }
- }
-
- struct ovn_ls_port_group *ls_pg;
- HMAP_FOR_EACH (ls_pg, key_node, &od->nb_pgs) {
- for (size_t i = 0; i < ls_pg->nb_pg->n_acls; i++) {
- struct nbrec_acl *acl = ls_pg->nb_pg->acls[i];
- if (!strcmp(acl->action, "allow-related")) {
- return true;
- }
- }
- }
-
- return false;
-}
-
-static void
-build_pre_acls(struct ovn_datapath *od, struct hmap *lflows)
-{
- bool has_stateful = has_stateful_acl(od);
-
- /* Ingress and Egress Pre-ACL Table (Priority 0): Packets are
- * allowed by default. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 0, "1", "next;");
-
- /* If there are any stateful ACL rules in this datapath, we must
- * send all IP packets through the conntrack action, which handles
- * defragmentation, in order to match L4 headers. */
- if (has_stateful) {
- for (size_t i = 0; i < od->n_router_ports; i++) {
- struct ovn_port *op = od->router_ports[i];
- /* Can't use ct() for router ports. Consider the
- * following configuration: lp1(10.0.0.2) on
- * hostA--ls1--lr0--ls2--lp2(10.0.1.2) on hostB, For a
- * ping from lp1 to lp2, First, the response will go
- * through ct() with a zone for lp2 in the ls2 ingress
- * pipeline on hostB. That ct zone knows about this
- * connection. Next, it goes through ct() with the zone
- * for the router port in the egress pipeline of ls2 on
- * hostB. This zone does not know about the connection,
- * as the icmp request went through the logical router
- * on hostA, not hostB. This would only work with
- * distributed conntrack state across all chassis. */
- struct ds match_in = DS_EMPTY_INITIALIZER;
- struct ds match_out = DS_EMPTY_INITIALIZER;
-
- ds_put_format(&match_in, "ip && inport == %s", op->json_key);
- ds_put_format(&match_out, "ip && outport == %s", op->json_key);
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
- ds_cstr(&match_in), "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
- ds_cstr(&match_out), "next;");
-
- ds_destroy(&match_in);
- ds_destroy(&match_out);
- }
- if (od->localnet_port) {
- struct ds match_in = DS_EMPTY_INITIALIZER;
- struct ds match_out = DS_EMPTY_INITIALIZER;
-
- ds_put_format(&match_in, "ip && inport == %s",
- od->localnet_port->json_key);
- ds_put_format(&match_out, "ip && outport == %s",
- od->localnet_port->json_key);
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
- ds_cstr(&match_in), "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
- ds_cstr(&match_out), "next;");
-
- ds_destroy(&match_in);
- ds_destroy(&match_out);
- }
-
- /* Ingress and Egress Pre-ACL Table (Priority 110).
- *
- * Not to do conntrack on ND and ICMP destination
- * unreachable packets. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
- "nd || nd_rs || nd_ra || icmp4.type == 3 || "
- "icmp6.type == 1 || (tcp && tcp.flags == 4)",
- "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
- "nd || nd_rs || nd_ra || icmp4.type == 3 || "
- "icmp6.type == 1 || (tcp && tcp.flags == 4)",
- "next;");
-
- /* Ingress and Egress Pre-ACL Table (Priority 100).
- *
- * Regardless of whether the ACL is "from-lport" or "to-lport",
- * we need rules in both the ingress and egress table, because
- * the return traffic needs to be followed.
- *
- * 'REGBIT_CONNTRACK_DEFRAG' is set to let the pre-stateful table send
- * it to conntrack for tracking and defragmentation. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 100, "ip",
- REGBIT_CONNTRACK_DEFRAG" = 1; next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 100, "ip",
- REGBIT_CONNTRACK_DEFRAG" = 1; next;");
- }
-}
-
-/* For a 'key' of the form "IP:port" or just "IP", sets 'port' and
- * 'ip_address'. The caller must free() the memory allocated for
- * 'ip_address'. */
-static void
-ip_address_and_port_from_lb_key(const char *key, char **ip_address,
- uint16_t *port, int *addr_family)
-{
- struct sockaddr_storage ss;
- if (!inet_parse_active(key, 0, &ss, false)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip address or port for load balancer key %s",
- key);
- return;
- }
-
- struct ds s = DS_EMPTY_INITIALIZER;
- ss_format_address_nobracks(&ss, &s);
- *ip_address = ds_steal_cstr(&s);
-
- *port = ss_get_port(&ss);
-
- *addr_family = ss.ss_family;
-}
-
-/*
- * Returns true if logical switch is configured with DNS records, false
- * otherwise.
- */
-static bool
-ls_has_dns_records(const struct nbrec_logical_switch *nbs)
-{
- for (size_t i = 0; i < nbs->n_dns_records; i++) {
- if (!smap_is_empty(&nbs->dns_records[i]->records)) {
- return true;
- }
- }
-
- return false;
-}
-
-static void
-build_pre_lb(struct ovn_datapath *od, struct hmap *lflows)
-{
- /* Do not send ND packets to conntrack */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110,
- "nd || nd_rs || nd_ra", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110,
- "nd || nd_rs || nd_ra", "next;");
-
- /* Allow all packets to go to next tables by default. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, "1", "next;");
-
- struct sset all_ips = SSET_INITIALIZER(&all_ips);
- bool vip_configured = false;
- int addr_family = AF_INET;
- for (int i = 0; i < od->nbs->n_load_balancer; i++) {
- struct nbrec_load_balancer *lb = od->nbs->load_balancer[i];
- struct smap *vips = &lb->vips;
- struct smap_node *node;
-
- SMAP_FOR_EACH (node, vips) {
- vip_configured = true;
-
- /* node->key contains IP:port or just IP. */
- char *ip_address = NULL;
- uint16_t port;
- ip_address_and_port_from_lb_key(node->key, &ip_address, &port,
- &addr_family);
- if (!ip_address) {
- continue;
- }
-
- if (!sset_contains(&all_ips, ip_address)) {
- sset_add(&all_ips, ip_address);
- }
-
- if (controller_event_en && !node->value[0]) {
- struct ds match = DS_EMPTY_INITIALIZER;
- char *action;
-
- if (addr_family == AF_INET) {
- ds_put_format(&match, "ip4.dst == %s && %s",
- ip_address, lb->protocol);
- } else {
- ds_put_format(&match, "ip6.dst == %s && %s",
- ip_address, lb->protocol);
- }
- if (port) {
- ds_put_format(&match, " && %s.dst == %u", lb->protocol,
- port);
- }
- action = xasprintf("trigger_event(event = \"%s\", "
- "vip = \"%s\", protocol = \"%s\", "
- "load_balancer = \"" UUID_FMT "\");",
- event_to_string(OVN_EVENT_EMPTY_LB_BACKENDS),
- node->key, lb->protocol,
- UUID_ARGS(&lb->header_.uuid));
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 120,
- ds_cstr(&match), action);
- ds_destroy(&match);
- free(action);
- }
-
- free(ip_address);
-
- /* Ignore L4 port information in the key because fragmented packets
- * may not have L4 information. The pre-stateful table will send
- * the packet through ct() action to de-fragment. In stateful
- * table, we will eventually look at L4 information. */
- }
- }
-
- /* 'REGBIT_CONNTRACK_DEFRAG' is set to let the pre-stateful table send
- * packet to conntrack for defragmentation. */
- const char *ip_address;
- SSET_FOR_EACH(ip_address, &all_ips) {
- char *match;
-
- if (addr_family == AF_INET) {
- match = xasprintf("ip && ip4.dst == %s", ip_address);
- } else {
- match = xasprintf("ip && ip6.dst == %s", ip_address);
- }
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB,
- 100, match, REGBIT_CONNTRACK_DEFRAG" = 1; next;");
- free(match);
- }
-
- sset_destroy(&all_ips);
-
- if (vip_configured) {
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB,
- 100, "ip", REGBIT_CONNTRACK_DEFRAG" = 1; next;");
- }
-}
-
-static void
-build_pre_stateful(struct ovn_datapath *od, struct hmap *lflows)
-{
- /* Ingress and Egress pre-stateful Table (Priority 0): Packets are
- * allowed by default. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_STATEFUL, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_STATEFUL, 0, "1", "next;");
-
- /* If REGBIT_CONNTRACK_DEFRAG is set as 1, then the packets should be
- * sent to conntrack for tracking and defragmentation. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_STATEFUL, 100,
- REGBIT_CONNTRACK_DEFRAG" == 1", "ct_next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_STATEFUL, 100,
- REGBIT_CONNTRACK_DEFRAG" == 1", "ct_next;");
-}
-
-static void
-build_acl_log(struct ds *actions, const struct nbrec_acl *acl)
-{
- if (!acl->log) {
- return;
- }
-
- ds_put_cstr(actions, "log(");
-
- if (acl->name) {
- ds_put_format(actions, "name=\"%s\", ", acl->name);
- }
-
- /* If a severity level isn't specified, default to "info". */
- if (acl->severity) {
- ds_put_format(actions, "severity=%s, ", acl->severity);
- } else {
- ds_put_format(actions, "severity=info, ");
- }
-
- if (!strcmp(acl->action, "drop")) {
- ds_put_cstr(actions, "verdict=drop, ");
- } else if (!strcmp(acl->action, "reject")) {
- ds_put_cstr(actions, "verdict=reject, ");
- } else if (!strcmp(acl->action, "allow")
- || !strcmp(acl->action, "allow-related")) {
- ds_put_cstr(actions, "verdict=allow, ");
- }
-
- if (acl->meter) {
- ds_put_format(actions, "meter=\"%s\", ", acl->meter);
- }
-
- ds_chomp(actions, ' ');
- ds_chomp(actions, ',');
- ds_put_cstr(actions, "); ");
-}
-
-static void
-build_reject_acl_rules(struct ovn_datapath *od, struct hmap *lflows,
- enum ovn_stage stage, struct nbrec_acl *acl,
- struct ds *extra_match, struct ds *extra_actions)
-{
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
- bool ingress = (stage == S_SWITCH_IN_ACL);
-
- /* TCP */
- build_acl_log(&actions, acl);
- if (extra_match->length > 0) {
- ds_put_format(&match, "(%s) && ", extra_match->string);
- }
- ds_put_format(&match, "ip4 && tcp && (%s)", acl->match);
- ds_put_format(&actions, "reg0 = 0; "
- "eth.dst <-> eth.src; ip4.dst <-> ip4.src; "
- "tcp_reset { outport <-> inport; %s };",
- ingress ? "output;" : "next(pipeline=ingress,table=0);");
- ovn_lflow_add(lflows, od, stage, acl->priority + OVN_ACL_PRI_OFFSET + 10,
- ds_cstr(&match), ds_cstr(&actions));
- ds_clear(&match);
- ds_clear(&actions);
- build_acl_log(&actions, acl);
- if (extra_match->length > 0) {
- ds_put_format(&match, "(%s) && ", extra_match->string);
- }
- ds_put_format(&match, "ip6 && tcp && (%s)", acl->match);
- ds_put_format(&actions, "reg0 = 0; "
- "eth.dst <-> eth.src; ip6.dst <-> ip6.src; "
- "tcp_reset { outport <-> inport; %s };",
- ingress ? "output;" : "next(pipeline=ingress,table=0);");
- ovn_lflow_add(lflows, od, stage, acl->priority + OVN_ACL_PRI_OFFSET + 10,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* IP traffic */
- ds_clear(&match);
- ds_clear(&actions);
- build_acl_log(&actions, acl);
- if (extra_match->length > 0) {
- ds_put_format(&match, "(%s) && ", extra_match->string);
- }
- ds_put_format(&match, "ip4 && (%s)", acl->match);
- if (extra_actions->length > 0) {
- ds_put_format(&actions, "%s ", extra_actions->string);
- }
- ds_put_format(&actions, "reg0 = 0; "
- "eth.dst <-> eth.src; ip4.dst <-> ip4.src; "
- "icmp4 { outport <-> inport; %s };",
- ingress ? "output;" : "next(pipeline=ingress,table=0);");
- ovn_lflow_add(lflows, od, stage, acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match), ds_cstr(&actions));
- ds_clear(&match);
- ds_clear(&actions);
- build_acl_log(&actions, acl);
- if (extra_match->length > 0) {
- ds_put_format(&match, "(%s) && ", extra_match->string);
- }
- ds_put_format(&match, "ip6 && (%s)", acl->match);
- if (extra_actions->length > 0) {
- ds_put_format(&actions, "%s ", extra_actions->string);
- }
- ds_put_format(&actions, "reg0 = 0; icmp6 { "
- "eth.dst <-> eth.src; ip6.dst <-> ip6.src; "
- "outport <-> inport; %s };",
- ingress ? "output;" : "next(pipeline=ingress,table=0);");
- ovn_lflow_add(lflows, od, stage, acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match), ds_cstr(&actions));
-
- ds_destroy(&match);
- ds_destroy(&actions);
-}
-
-static void
-consider_acl(struct hmap *lflows, struct ovn_datapath *od,
- struct nbrec_acl *acl, bool has_stateful)
-{
- bool ingress = !strcmp(acl->direction, "from-lport") ? true :false;
- enum ovn_stage stage = ingress ? S_SWITCH_IN_ACL : S_SWITCH_OUT_ACL;
-
- char *stage_hint = xasprintf("%08x", acl->header_.uuid.parts[0]);
- if (!strcmp(acl->action, "allow")
- || !strcmp(acl->action, "allow-related")) {
- /* If there are any stateful flows, we must even commit "allow"
- * actions. This is because, while the initiater's
- * direction may not have any stateful rules, the server's
- * may and then its return traffic would not have an
- * associated conntrack entry and would return "+invalid". */
- if (!has_stateful) {
- struct ds actions = DS_EMPTY_INITIALIZER;
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- acl->match, ds_cstr(&actions),
- stage_hint);
- ds_destroy(&actions);
- } else {
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
-
- /* Commit the connection tracking entry if it's a new
- * connection that matches this ACL. After this commit,
- * the reply traffic is allowed by a flow we create at
- * priority 65535, defined earlier.
- *
- * It's also possible that a known connection was marked for
- * deletion after a policy was deleted, but the policy was
- * re-added while that connection is still known. We catch
- * that case here and un-set ct_label.blocked (which will be done
- * by ct_commit in the "stateful" stage) to indicate that the
- * connection should be allowed to resume.
- */
- ds_put_format(&match, "((ct.new && !ct.est)"
- " || (!ct.new && ct.est && !ct.rpl "
- "&& ct_label.blocked == 1)) "
- "&& (%s)", acl->match);
- ds_put_cstr(&actions, REGBIT_CONNTRACK_COMMIT" = 1; ");
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match),
- ds_cstr(&actions),
- stage_hint);
-
- /* Match on traffic in the request direction for an established
- * connection tracking entry that has not been marked for
- * deletion. There is no need to commit here, so we can just
- * proceed to the next table. We use this to ensure that this
- * connection is still allowed by the currently defined
- * policy. */
- ds_clear(&match);
- ds_clear(&actions);
- ds_put_format(&match,
- "!ct.new && ct.est && !ct.rpl"
- " && ct_label.blocked == 0 && (%s)",
- acl->match);
-
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add_with_hint(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match), ds_cstr(&actions),
- stage_hint);
-
- ds_destroy(&match);
- ds_destroy(&actions);
- }
- } else if (!strcmp(acl->action, "drop")
- || !strcmp(acl->action, "reject")) {
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
-
- /* The implementation of "drop" differs if stateful ACLs are in
- * use for this datapath. In that case, the actions differ
- * depending on whether the connection was previously committed
- * to the connection tracker with ct_commit. */
- if (has_stateful) {
- /* If the packet is not part of an established connection, then
- * we can simply reject/drop it. */
- ds_put_cstr(&match,
- "(!ct.est || (ct.est && ct_label.blocked == 1))");
- if (!strcmp(acl->action, "reject")) {
- build_reject_acl_rules(od, lflows, stage, acl, &match,
- &actions);
- } else {
- ds_put_format(&match, " && (%s)", acl->match);
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "/* drop */");
- ovn_lflow_add(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match), ds_cstr(&actions));
- }
- /* For an existing connection without ct_label set, we've
- * encountered a policy change. ACLs previously allowed
- * this connection and we committed the connection tracking
- * entry. Current policy says that we should drop this
- * connection. First, we set bit 0 of ct_label to indicate
- * that this connection is set for deletion. By not
- * specifying "next;", we implicitly drop the packet after
- * updating conntrack state. We would normally defer
- * ct_commit() to the "stateful" stage, but since we're
- * rejecting/dropping the packet, we go ahead and do it here.
- */
- ds_clear(&match);
- ds_clear(&actions);
- ds_put_cstr(&match, "ct.est && ct_label.blocked == 0");
- ds_put_cstr(&actions, "ct_commit(ct_label=1/1); ");
- if (!strcmp(acl->action, "reject")) {
- build_reject_acl_rules(od, lflows, stage, acl, &match,
- &actions);
- } else {
- ds_put_format(&match, " && (%s)", acl->match);
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "/* drop */");
- ovn_lflow_add(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- ds_cstr(&match), ds_cstr(&actions));
- }
- } else {
- /* There are no stateful ACLs in use on this datapath,
- * so a "reject/drop" ACL is simply the "reject/drop"
- * logical flow action in all cases. */
- if (!strcmp(acl->action, "reject")) {
- build_reject_acl_rules(od, lflows, stage, acl, &match,
- &actions);
- } else {
- build_acl_log(&actions, acl);
- ds_put_cstr(&actions, "/* drop */");
- ovn_lflow_add(lflows, od, stage,
- acl->priority + OVN_ACL_PRI_OFFSET,
- acl->match, ds_cstr(&actions));
- }
- }
- ds_destroy(&match);
- ds_destroy(&actions);
- }
- free(stage_hint);
-}
-
-static struct ovn_port_group *
-ovn_port_group_create(struct hmap *pgs,
- const struct nbrec_port_group *nb_pg)
-{
- struct ovn_port_group *pg = xzalloc(sizeof *pg);
- pg->key = nb_pg->header_.uuid;
- pg->nb_pg = nb_pg;
- hmap_init(&pg->nb_lswitches);
- hmap_insert(pgs, &pg->key_node, uuid_hash(&pg->key));
- return pg;
-}
-
-static void
-ovn_port_group_destroy(struct hmap *pgs, struct ovn_port_group *pg)
-{
- if (pg) {
- hmap_remove(pgs, &pg->key_node);
- struct ovn_port_group_ls *ls;
- HMAP_FOR_EACH_POP (ls, key_node, &pg->nb_lswitches) {
- free(ls);
- }
- hmap_destroy(&pg->nb_lswitches);
- free(pg);
- }
-}
-
-static void
-build_port_group_lswitches(struct northd_context *ctx, struct hmap *pgs,
- struct hmap *ports)
-{
- hmap_init(pgs);
-
- const struct nbrec_port_group *nb_pg;
- NBREC_PORT_GROUP_FOR_EACH (nb_pg, ctx->ovnnb_idl) {
- struct ovn_port_group *pg = ovn_port_group_create(pgs, nb_pg);
- for (size_t i = 0; i < nb_pg->n_ports; i++) {
- struct ovn_port *op = ovn_port_find(ports, nb_pg->ports[i]->name);
- if (!op) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "lport %s in port group %s not found.",
- nb_pg->ports[i]->name,
- nb_pg->name);
- continue;
- }
-
- if (!op->od->nbs) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "lport %s in port group %s has no lswitch.",
- nb_pg->ports[i]->name,
- nb_pg->name);
- continue;
- }
-
- struct ovn_port_group_ls *pg_ls =
- ovn_port_group_ls_find(pg, &op->od->nbs->header_.uuid);
- if (!pg_ls) {
- ovn_port_group_ls_add(pg, op->od->nbs);
- ovn_ls_port_group_add(&op->od->nb_pgs, nb_pg);
- }
- }
- }
-}
-
-static void
-build_acls(struct ovn_datapath *od, struct hmap *lflows,
- struct hmap *port_groups)
-{
- bool has_stateful = has_stateful_acl(od);
-
- /* Ingress and Egress ACL Table (Priority 0): Packets are allowed by
- * default. A related rule at priority 1 is added below if there
- * are any stateful ACLs in this datapath. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, 0, "1", "next;");
-
- if (has_stateful) {
- /* Ingress and Egress ACL Table (Priority 1).
- *
- * By default, traffic is allowed. This is partially handled by
- * the Priority 0 ACL flows added earlier, but we also need to
- * commit IP flows. This is because, while the initiater's
- * direction may not have any stateful rules, the server's may
- * and then its return traffic would not have an associated
- * conntrack entry and would return "+invalid".
- *
- * We use "ct_commit" for a connection that is not already known
- * by the connection tracker. Once a connection is committed,
- * subsequent packets will hit the flow at priority 0 that just
- * uses "next;"
- *
- * We also check for established connections that have ct_label.blocked
- * set on them. That's a connection that was disallowed, but is
- * now allowed by policy again since it hit this default-allow flow.
- * We need to set ct_label.blocked=0 to let the connection continue,
- * which will be done by ct_commit() in the "stateful" stage.
- * Subsequent packets will hit the flow at priority 0 that just
- * uses "next;". */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 1,
- "ip && (!ct.est || (ct.est && ct_label.blocked == 1))",
- REGBIT_CONNTRACK_COMMIT" = 1; next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, 1,
- "ip && (!ct.est || (ct.est && ct_label.blocked == 1))",
- REGBIT_CONNTRACK_COMMIT" = 1; next;");
-
- /* Ingress and Egress ACL Table (Priority 65535).
- *
- * Always drop traffic that's in an invalid state. Also drop
- * reply direction packets for connections that have been marked
- * for deletion (bit 0 of ct_label is set).
- *
- * This is enforced at a higher priority than ACLs can be defined. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, UINT16_MAX,
- "ct.inv || (ct.est && ct.rpl && ct_label.blocked == 1)",
- "drop;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, UINT16_MAX,
- "ct.inv || (ct.est && ct.rpl && ct_label.blocked == 1)",
- "drop;");
-
- /* Ingress and Egress ACL Table (Priority 65535).
- *
- * Allow reply traffic that is part of an established
- * conntrack entry that has not been marked for deletion
- * (bit 0 of ct_label). We only match traffic in the
- * reply direction because we want traffic in the request
- * direction to hit the currently defined policy from ACLs.
- *
- * This is enforced at a higher priority than ACLs can be defined. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, UINT16_MAX,
- "ct.est && !ct.rel && !ct.new && !ct.inv "
- "&& ct.rpl && ct_label.blocked == 0",
- "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, UINT16_MAX,
- "ct.est && !ct.rel && !ct.new && !ct.inv "
- "&& ct.rpl && ct_label.blocked == 0",
- "next;");
-
- /* Ingress and Egress ACL Table (Priority 65535).
- *
- * Allow traffic that is related to an existing conntrack entry that
- * has not been marked for deletion (bit 0 of ct_label).
- *
- * This is enforced at a higher priority than ACLs can be defined.
- *
- * NOTE: This does not support related data sessions (eg,
- * a dynamically negotiated FTP data channel), but will allow
- * related traffic such as an ICMP Port Unreachable through
- * that's generated from a non-listening UDP port. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, UINT16_MAX,
- "!ct.est && ct.rel && !ct.new && !ct.inv "
- "&& ct_label.blocked == 0",
- "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, UINT16_MAX,
- "!ct.est && ct.rel && !ct.new && !ct.inv "
- "&& ct_label.blocked == 0",
- "next;");
-
- /* Ingress and Egress ACL Table (Priority 65535).
- *
- * Not to do conntrack on ND packets. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, UINT16_MAX, "nd", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_ACL, UINT16_MAX, "nd", "next;");
- }
-
- /* Ingress or Egress ACL Table (Various priorities). */
- for (size_t i = 0; i < od->nbs->n_acls; i++) {
- struct nbrec_acl *acl = od->nbs->acls[i];
- consider_acl(lflows, od, acl, has_stateful);
- }
- struct ovn_port_group *pg;
- HMAP_FOR_EACH (pg, key_node, port_groups) {
- if (ovn_port_group_ls_find(pg, &od->nbs->header_.uuid)) {
- for (size_t i = 0; i < pg->nb_pg->n_acls; i++) {
- consider_acl(lflows, od, pg->nb_pg->acls[i], has_stateful);
- }
- }
- }
-
- /* Add 34000 priority flow to allow DHCP reply from ovn-controller to all
- * logical ports of the datapath if the CMS has configured DHCPv4 options.
- * */
- for (size_t i = 0; i < od->nbs->n_ports; i++) {
- if (lsp_is_external(od->nbs->ports[i])) {
- continue;
- }
-
- if (od->nbs->ports[i]->dhcpv4_options) {
- const char *server_id = smap_get(
- &od->nbs->ports[i]->dhcpv4_options->options, "server_id");
- const char *server_mac = smap_get(
- &od->nbs->ports[i]->dhcpv4_options->options, "server_mac");
- const char *lease_time = smap_get(
- &od->nbs->ports[i]->dhcpv4_options->options, "lease_time");
- if (server_id && server_mac && lease_time) {
- struct ds match = DS_EMPTY_INITIALIZER;
- const char *actions =
- has_stateful ? "ct_commit; next;" : "next;";
- ds_put_format(&match, "outport == \"%s\" && eth.src == %s "
- "&& ip4.src == %s && udp && udp.src == 67 "
- "&& udp.dst == 68", od->nbs->ports[i]->name,
- server_mac, server_id);
- ovn_lflow_add(
- lflows, od, S_SWITCH_OUT_ACL, 34000, ds_cstr(&match),
- actions);
- ds_destroy(&match);
- }
- }
-
- if (od->nbs->ports[i]->dhcpv6_options) {
- const char *server_mac = smap_get(
- &od->nbs->ports[i]->dhcpv6_options->options, "server_id");
- struct eth_addr ea;
- if (server_mac && eth_addr_from_string(server_mac, &ea)) {
- /* Get the link local IP of the DHCPv6 server from the
- * server MAC. */
- struct in6_addr lla;
- in6_generate_lla(ea, &lla);
-
- char server_ip[INET6_ADDRSTRLEN + 1];
- ipv6_string_mapped(server_ip, &lla);
-
- struct ds match = DS_EMPTY_INITIALIZER;
- const char *actions = has_stateful ? "ct_commit; next;" :
- "next;";
- ds_put_format(&match, "outport == \"%s\" && eth.src == %s "
- "&& ip6.src == %s && udp && udp.src == 547 "
- "&& udp.dst == 546", od->nbs->ports[i]->name,
- server_mac, server_ip);
- ovn_lflow_add(
- lflows, od, S_SWITCH_OUT_ACL, 34000, ds_cstr(&match),
- actions);
- ds_destroy(&match);
- }
- }
- }
-
- /* Add a 34000 priority flow to advance the DNS reply from ovn-controller,
- * if the CMS has configured DNS records for the datapath.
- */
- if (ls_has_dns_records(od->nbs)) {
- const char *actions = has_stateful ? "ct_commit; next;" : "next;";
- ovn_lflow_add(
- lflows, od, S_SWITCH_OUT_ACL, 34000, "udp.src == 53",
- actions);
- }
-}
-
-static void
-build_qos(struct ovn_datapath *od, struct hmap *lflows) {
- ovn_lflow_add(lflows, od, S_SWITCH_IN_QOS_MARK, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_QOS_MARK, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_QOS_METER, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_QOS_METER, 0, "1", "next;");
-
- for (size_t i = 0; i < od->nbs->n_qos_rules; i++) {
- struct nbrec_qos *qos = od->nbs->qos_rules[i];
- bool ingress = !strcmp(qos->direction, "from-lport") ? true :false;
- enum ovn_stage stage = ingress ? S_SWITCH_IN_QOS_MARK : S_SWITCH_OUT_QOS_MARK;
- int64_t rate = 0;
- int64_t burst = 0;
-
- for (size_t j = 0; j < qos->n_action; j++) {
- if (!strcmp(qos->key_action[j], "dscp")) {
- struct ds dscp_action = DS_EMPTY_INITIALIZER;
-
- ds_put_format(&dscp_action, "ip.dscp = %"PRId64"; next;",
- qos->value_action[j]);
- ovn_lflow_add(lflows, od, stage,
- qos->priority,
- qos->match, ds_cstr(&dscp_action));
- ds_destroy(&dscp_action);
- }
- }
-
- for (size_t n = 0; n < qos->n_bandwidth; n++) {
- if (!strcmp(qos->key_bandwidth[n], "rate")) {
- rate = qos->value_bandwidth[n];
- } else if (!strcmp(qos->key_bandwidth[n], "burst")) {
- burst = qos->value_bandwidth[n];
- }
- }
- if (rate) {
- struct ds meter_action = DS_EMPTY_INITIALIZER;
- stage = ingress ? S_SWITCH_IN_QOS_METER : S_SWITCH_OUT_QOS_METER;
- if (burst) {
- ds_put_format(&meter_action,
- "set_meter(%"PRId64", %"PRId64"); next;",
- rate, burst);
- } else {
- ds_put_format(&meter_action,
- "set_meter(%"PRId64"); next;",
- rate);
- }
-
- /* Ingress and Egress QoS Meter Table.
- *
- * We limit the bandwidth of this flow by adding a meter table.
- */
- ovn_lflow_add(lflows, od, stage,
- qos->priority,
- qos->match, ds_cstr(&meter_action));
- ds_destroy(&meter_action);
- }
- }
-}
-
-static void
-build_lb(struct ovn_datapath *od, struct hmap *lflows)
-{
- /* Ingress and Egress LB Table (Priority 0): Packets are allowed by
- * default. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_LB, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_LB, 0, "1", "next;");
-
- if (od->nbs->load_balancer) {
- /* Ingress and Egress LB Table (Priority 65535).
- *
- * Send established traffic through conntrack for just NAT. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_LB, UINT16_MAX,
- "ct.est && !ct.rel && !ct.new && !ct.inv",
- REGBIT_CONNTRACK_NAT" = 1; next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_LB, UINT16_MAX,
- "ct.est && !ct.rel && !ct.new && !ct.inv",
- REGBIT_CONNTRACK_NAT" = 1; next;");
- }
-}
-
-static void
-build_stateful(struct ovn_datapath *od, struct hmap *lflows)
-{
- /* Ingress and Egress stateful Table (Priority 0): Packets are
- * allowed by default. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 0, "1", "next;");
-
- /* If REGBIT_CONNTRACK_COMMIT is set as 1, then the packets should be
- * committed to conntrack. We always set ct_label.blocked to 0 here as
- * any packet that makes it this far is part of a connection we
- * want to allow to continue. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL, 100,
- REGBIT_CONNTRACK_COMMIT" == 1", "ct_commit(ct_label=0/1); next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100,
- REGBIT_CONNTRACK_COMMIT" == 1", "ct_commit(ct_label=0/1); next;");
-
- /* If REGBIT_CONNTRACK_NAT is set as 1, then packets should just be sent
- * through nat (without committing).
- *
- * REGBIT_CONNTRACK_COMMIT is set for new connections and
- * REGBIT_CONNTRACK_NAT is set for established connections. So they
- * don't overlap.
- */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL, 100,
- REGBIT_CONNTRACK_NAT" == 1", "ct_lb;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100,
- REGBIT_CONNTRACK_NAT" == 1", "ct_lb;");
-
- /* Load balancing rules for new connections get committed to conntrack
- * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table
- * a higher priority rule for load balancing below also commits the
- * connection, so it is okay if we do not hit the above match on
- * REGBIT_CONNTRACK_COMMIT. */
- for (int i = 0; i < od->nbs->n_load_balancer; i++) {
- struct nbrec_load_balancer *lb = od->nbs->load_balancer[i];
- struct smap *vips = &lb->vips;
- struct smap_node *node;
-
- SMAP_FOR_EACH (node, vips) {
- uint16_t port = 0;
- int addr_family;
-
- /* node->key contains IP:port or just IP. */
- char *ip_address = NULL;
- ip_address_and_port_from_lb_key(node->key, &ip_address, &port,
- &addr_family);
- if (!ip_address) {
- continue;
- }
-
- /* New connections in Ingress table. */
- char *action = xasprintf("ct_lb(%s);", node->value);
- struct ds match = DS_EMPTY_INITIALIZER;
- if (addr_family == AF_INET) {
- ds_put_format(&match, "ct.new && ip4.dst == %s", ip_address);
- } else {
- ds_put_format(&match, "ct.new && ip6.dst == %s", ip_address);
- }
- if (port) {
- if (lb->protocol && !strcmp(lb->protocol, "udp")) {
- ds_put_format(&match, " && udp.dst == %d", port);
- } else {
- ds_put_format(&match, " && tcp.dst == %d", port);
- }
- ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL,
- 120, ds_cstr(&match), action);
- } else {
- ovn_lflow_add(lflows, od, S_SWITCH_IN_STATEFUL,
- 110, ds_cstr(&match), action);
- }
-
- free(ip_address);
- ds_destroy(&match);
- free(action);
- }
- }
-}
-
-static void
-build_lrouter_groups__(struct hmap *ports, struct ovn_datapath *od)
-{
- ovs_assert((od && od->nbr && od->lr_group));
-
- if (od->l3dgw_port && od->l3redirect_port) {
- /* It's a logical router with gateway port. If it
- * has HA_Chassis_Group associated to it in SB DB, then store the
- * ha chassis group name. */
- if (od->l3redirect_port->sb->ha_chassis_group) {
- sset_add(&od->lr_group->ha_chassis_groups,
- od->l3redirect_port->sb->ha_chassis_group->name);
- }
- }
-
- for (size_t i = 0; i < od->nbr->n_ports; i++) {
- struct ovn_port *router_port =
- ovn_port_find(ports, od->nbr->ports[i]->name);
-
- if (!router_port || !router_port->peer) {
- continue;
- }
-
- /* Get the peer logical switch/logical router datapath. */
- struct ovn_datapath *peer_dp = router_port->peer->od;
- if (peer_dp->nbr) {
- if (!peer_dp->lr_group) {
- peer_dp->lr_group = od->lr_group;
- od->lr_group->router_dps[od->lr_group->n_router_dps++]
- = peer_dp;
- build_lrouter_groups__(ports, peer_dp);
- }
- } else {
- for (size_t j = 0; j < peer_dp->n_router_ports; j++) {
- if (!peer_dp->router_ports[j]->peer) {
- /* If there is no peer port connecting to the
- * router port, ignore it. */
- continue;
- }
-
- struct ovn_datapath *router_dp;
- router_dp = peer_dp->router_ports[j]->peer->od;
- if (router_dp == od) {
- continue;
- }
-
- if (router_dp->lr_group == od->lr_group) {
- /* 'router_dp' and 'od' already belong to the same
- * lrouter group. Nothing to be done. */
- continue;
- }
-
- router_dp->lr_group = od->lr_group;
- od->lr_group->router_dps[od->lr_group->n_router_dps++]
- = router_dp;
- build_lrouter_groups__(ports, router_dp);
- }
- }
- }
-}
-
-/* Adds each logical router into a logical router group. All the
- * logical routers which belong to a group are connected to
- * each other either directly or indirectly (via transit logical switches
- * in between).
- *
- * Suppose if 'lr_list' has lr0, lr1, lr2, lr3, lr4, lr5
- * and the topology is like
- * sw0 <-> lr0 <-> sw1 <-> lr1 <->sw2 <-> lr2
- * sw3 <-> lr3 <-> lr4 <-> sw5
- * sw6 <-> lr5 <-> sw7
- * Then 3 groups are created.
- * Group 1 -> lr0, lr1 and lr2
- * lr0, lr1 and lr2's ovn_datapath->lr_group will point to this
- * group. This means sw0's logical ports can send packets to sw2's
- * logical ports if proper static route's are added.
- * Group 2 -> lr3 and lr4
- * lr3 and lr4's ovn_datapath->lr_group will point to this group.
- * Group 3 -> lr5
- *
- * Each logical router can belong to only one group.
- */
-static void
-build_lrouter_groups(struct hmap *ports, struct ovs_list *lr_list)
-{
- struct ovn_datapath *od;
- size_t n_router_dps = ovs_list_size(lr_list);
-
- LIST_FOR_EACH (od, lr_list, lr_list) {
- if (!od->lr_group) {
- od->lr_group = xzalloc(sizeof *od->lr_group);
- /* Each logical router group can have max
- * 'n_router_dps'. So allocate enough memory. */
- od->lr_group->router_dps = xcalloc(sizeof *od, n_router_dps);
- od->lr_group->router_dps[0] = od;
- od->lr_group->n_router_dps = 1;
- sset_init(&od->lr_group->ha_chassis_groups);
- build_lrouter_groups__(ports, od);
- }
- }
-}
-
-static void
-build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
- struct hmap *port_groups, struct hmap *lflows,
- struct hmap *mcgroups, struct hmap *igmp_groups)
-{
- /* This flow table structure is documented in ovn-northd(8), so please
- * update ovn-northd.8.xml if you change anything. */
-
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
-
- /* Build pre-ACL and ACL tables for both ingress and egress.
- * Ingress tables 3 through 10. Egress tables 0 through 7. */
- struct ovn_datapath *od;
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- build_pre_acls(od, lflows);
- build_pre_lb(od, lflows);
- build_pre_stateful(od, lflows);
- build_acls(od, lflows, port_groups);
- build_qos(od, lflows);
- build_lb(od, lflows);
- build_stateful(od, lflows);
- }
-
- /* Logical switch ingress table 0: Admission control framework (priority
- * 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- /* Logical VLANs not supported. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present",
- "drop;");
-
- /* Broadcast/multicast source address is invalid. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]",
- "drop;");
-
- /* Port security flows have priority 50 (see below) and will continue
- * to the next table if packet source is acceptable. */
- }
-
- /* Logical switch ingress table 0: Ingress port security - L2
- * (priority 50).
- * Ingress table 1: Ingress port security - IP (priority 90 and 80)
- * Ingress table 2: Ingress port security - ND (priority 90 and 80)
- */
- struct ovn_port *op;
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if (!lsp_is_enabled(op->nbsp)) {
- /* Drop packets from disabled logical ports (since logical flow
- * tables are default-drop). */
- continue;
- }
-
- if (lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_clear(&actions);
- ds_put_format(&match, "inport == %s", op->json_key);
- build_port_security_l2("eth.src", op->ps_addrs, op->n_ps_addrs,
- &match);
-
- const char *queue_id = smap_get(&op->sb->options, "qdisc_queue_id");
- if (queue_id) {
- ds_put_format(&actions, "set_queue(%s); ", queue_id);
- }
- ds_put_cstr(&actions, "next;");
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_IN, op, lflows);
- build_port_security_nd(op, lflows);
- }
- }
-
- /* Ingress table 1 and 2: Port security - IP and ND, by default goto next.
- * (priority 0)*/
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_ND, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_IP, 0, "1", "next;");
- }
-
- /* Ingress table 11: ARP/ND responder, skip requests coming from localnet
- * and vtep ports. (priority 100); see ovn-northd.8.xml for the
- * rationale. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if ((!strcmp(op->nbsp->type, "localnet")) ||
- (!strcmp(op->nbsp->type, "vtep"))) {
- ds_clear(&match);
- ds_put_format(&match, "inport == %s", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, 100,
- ds_cstr(&match), "next;");
- }
- }
-
- /* Ingress table 11: ARP/ND responder, reply for known IPs.
- * (priority 50). */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- /*
- * Add ARP/ND reply flows if either the
- * - port is up or
- * - port type is router or
- * - port type is localport
- */
- if (!lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") &&
- strcmp(op->nbsp->type, "localport")) {
- continue;
- }
-
- if (lsp_is_external(op->nbsp)) {
- continue;
- }
-
- for (size_t i = 0; i < op->n_lsp_addrs; i++) {
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) {
- ds_clear(&match);
- ds_put_format(&match, "arp.tpa == %s && arp.op == 1",
- op->lsp_addrs[i].ipv4_addrs[j].addr_s);
- ds_clear(&actions);
- ds_put_format(&actions,
- "eth.dst = eth.src; "
- "eth.src = %s; "
- "arp.op = 2; /* ARP reply */ "
- "arp.tha = arp.sha; "
- "arp.sha = %s; "
- "arp.tpa = arp.spa; "
- "arp.spa = %s; "
- "outport = inport; "
- "flags.loopback = 1; "
- "output;",
- op->lsp_addrs[i].ea_s, op->lsp_addrs[i].ea_s,
- op->lsp_addrs[i].ipv4_addrs[j].addr_s);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* Do not reply to an ARP request from the port that owns the
- * address (otherwise a DHCP client that ARPs to check for a
- * duplicate address will fail). Instead, forward it the usual
- * way.
- *
- * (Another alternative would be to simply drop the packet. If
- * everything is working as it is configured, then this would
- * produce equivalent results, since no one should reply to the
- * request. But ARPing for one's own IP address is intended to
- * detect situations where the network is not working as
- * configured, so dropping the request would frustrate that
- * intent.) */
- ds_put_format(&match, " && inport == %s", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, 100,
- ds_cstr(&match), "next;");
- }
-
- /* For ND solicitations, we need to listen for both the
- * unicast IPv6 address and its all-nodes multicast address,
- * but always respond with the unicast IPv6 address. */
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) {
- ds_clear(&match);
- ds_put_format(&match,
- "nd_ns && ip6.dst == {%s, %s} && nd.target == %s",
- op->lsp_addrs[i].ipv6_addrs[j].addr_s,
- op->lsp_addrs[i].ipv6_addrs[j].sn_addr_s,
- op->lsp_addrs[i].ipv6_addrs[j].addr_s);
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "%s { "
- "eth.src = %s; "
- "ip6.src = %s; "
- "nd.target = %s; "
- "nd.tll = %s; "
- "outport = inport; "
- "flags.loopback = 1; "
- "output; "
- "};",
- !strcmp(op->nbsp->type, "router") ?
- "nd_na_router" : "nd_na",
- op->lsp_addrs[i].ea_s,
- op->lsp_addrs[i].ipv6_addrs[j].addr_s,
- op->lsp_addrs[i].ipv6_addrs[j].addr_s,
- op->lsp_addrs[i].ea_s);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* Do not reply to a solicitation from the port that owns the
- * address (otherwise DAD detection will fail). */
- ds_put_format(&match, " && inport == %s", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP, 100,
- ds_cstr(&match), "next;");
- }
- }
- }
-
- /* Ingress table 11: ARP/ND responder, by default goto next.
- * (priority 0)*/
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_ARP_ND_RSP, 0, "1", "next;");
- }
-
- /* Logical switch ingress table 12 and 13: DHCP options and response
- * priority 100 flows. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if (!lsp_is_enabled(op->nbsp) || !strcmp(op->nbsp->type, "router")) {
- /* Don't add the DHCP flows if the port is not enabled or if the
- * port is a router port. */
- continue;
- }
-
- if (!op->nbsp->dhcpv4_options && !op->nbsp->dhcpv6_options) {
- /* CMS has disabled both native DHCPv4 and DHCPv6 for this lport.
- */
- continue;
- }
-
- bool is_external = lsp_is_external(op->nbsp);
- if (is_external && (!op->od->localnet_port ||
- !op->nbsp->ha_chassis_group)) {
- /* If it's an external port and there is no localnet port
- * and if it doesn't belong to an HA chassis group ignore it. */
- continue;
- }
-
- for (size_t i = 0; i < op->n_lsp_addrs; i++) {
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) {
- struct ds options_action = DS_EMPTY_INITIALIZER;
- struct ds response_action = DS_EMPTY_INITIALIZER;
- struct ds ipv4_addr_match = DS_EMPTY_INITIALIZER;
- if (build_dhcpv4_action(
- op, op->lsp_addrs[i].ipv4_addrs[j].addr,
- &options_action, &response_action, &ipv4_addr_match)) {
- ds_clear(&match);
- ds_put_format(
- &match, "inport == %s && eth.src == %s && "
- "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && "
- "udp.src == 68 && udp.dst == 67",
- is_external ? op->od->localnet_port->json_key :
- op->json_key,
- op->lsp_addrs[i].ea_s);
-
- if (is_external) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->json_key);
- }
-
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS,
- 100, ds_cstr(&match),
- ds_cstr(&options_action));
- ds_clear(&match);
- /* Allow ip4.src = OFFER_IP and
- * ip4.dst = {SERVER_IP, 255.255.255.255} for the below
- * cases
- * - When the client wants to renew the IP by sending
- * the DHCPREQUEST to the server ip.
- * - When the client wants to renew the IP by
- * broadcasting the DHCPREQUEST.
- */
- ds_put_format(
- &match, "inport == %s && eth.src == %s && "
- "%s && udp.src == 68 && udp.dst == 67",
- is_external ? op->od->localnet_port->json_key :
- op->json_key,
- op->lsp_addrs[i].ea_s, ds_cstr(&ipv4_addr_match));
-
- if (is_external) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->json_key);
- }
-
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS,
- 100, ds_cstr(&match),
- ds_cstr(&options_action));
- ds_clear(&match);
-
- /* If REGBIT_DHCP_OPTS_RESULT is set, it means the
- * put_dhcp_opts action is successful. */
- ds_put_format(
- &match, "inport == %s && eth.src == %s && "
- "ip4 && udp.src == 68 && udp.dst == 67"
- " && "REGBIT_DHCP_OPTS_RESULT,
- is_external ? op->od->localnet_port->json_key :
- op->json_key,
- op->lsp_addrs[i].ea_s);
-
- if (is_external) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->json_key);
- }
-
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE,
- 100, ds_cstr(&match),
- ds_cstr(&response_action));
- ds_destroy(&options_action);
- ds_destroy(&response_action);
- ds_destroy(&ipv4_addr_match);
- break;
- }
- }
-
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) {
- struct ds options_action = DS_EMPTY_INITIALIZER;
- struct ds response_action = DS_EMPTY_INITIALIZER;
- if (build_dhcpv6_action(
- op, &op->lsp_addrs[i].ipv6_addrs[j].addr,
- &options_action, &response_action)) {
- ds_clear(&match);
- ds_put_format(
- &match, "inport == %s && eth.src == %s"
- " && ip6.dst == ff02::1:2 && udp.src == 546 &&"
- " udp.dst == 547",
- is_external ? op->od->localnet_port->json_key :
- op->json_key,
- op->lsp_addrs[i].ea_s);
-
- if (is_external) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->json_key);
- }
-
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_DHCP_OPTIONS, 100,
- ds_cstr(&match), ds_cstr(&options_action));
-
- /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the
- * put_dhcpv6_opts action is successful */
- ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_DHCP_RESPONSE, 100,
- ds_cstr(&match), ds_cstr(&response_action));
- ds_destroy(&options_action);
- ds_destroy(&response_action);
- break;
- }
- }
- }
- }
-
- /* Logical switch ingress table 14 and 15: DNS lookup and response
- * priority 100 flows.
- */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs || !ls_has_dns_records(od->nbs)) {
- continue;
- }
-
- struct ds action = DS_EMPTY_INITIALIZER;
-
- ds_clear(&match);
- ds_put_cstr(&match, "udp.dst == 53");
- ds_put_format(&action,
- REGBIT_DNS_LOOKUP_RESULT" = dns_lookup(); next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 100,
- ds_cstr(&match), ds_cstr(&action));
- ds_clear(&action);
- ds_put_cstr(&match, " && "REGBIT_DNS_LOOKUP_RESULT);
- ds_put_format(&action, "eth.dst <-> eth.src; ip4.src <-> ip4.dst; "
- "udp.dst = udp.src; udp.src = 53; outport = inport; "
- "flags.loopback = 1; output;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100,
- ds_cstr(&match), ds_cstr(&action));
- ds_clear(&action);
- ds_put_format(&action, "eth.dst <-> eth.src; ip6.src <-> ip6.dst; "
- "udp.dst = udp.src; udp.src = 53; outport = inport; "
- "flags.loopback = 1; output;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 100,
- ds_cstr(&match), ds_cstr(&action));
- ds_destroy(&action);
- }
-
- /* Ingress table 12 and 13: DHCP options and response, by default goto
- * next. (priority 0).
- * Ingress table 14 and 15: DNS lookup and response, by default goto next.
- * (priority 0).
- * Ingress table 16 - External port handling, by default goto next.
- * (priority 0). */
-
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_OPTIONS, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_LOOKUP, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_DNS_RESPONSE, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_IN_EXTERNAL_PORT, 0, "1", "next;");
- }
-
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp || !lsp_is_external(op->nbsp) ||
- !op->od->localnet_port) {
- continue;
- }
-
- /* Table 16: External port. Drop ARP request for router ips from
- * external ports on chassis not binding those ports.
- * This makes the router pipeline to be run only on the chassis
- * binding the external ports. */
-
- for (size_t i = 0; i < op->n_lsp_addrs; i++) {
- for (size_t j = 0; j < op->od->n_router_ports; j++) {
- struct ovn_port *rp = op->od->router_ports[j];
- for (size_t k = 0; k < rp->n_lsp_addrs; k++) {
- for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv4_addrs;
- l++) {
- ds_clear(&match);
- ds_put_format(
- &match, "inport == %s && eth.src == %s"
- " && !is_chassis_resident(%s)"
- " && arp.tpa == %s && arp.op == 1",
- op->od->localnet_port->json_key,
- op->lsp_addrs[i].ea_s, op->json_key,
- rp->lsp_addrs[k].ipv4_addrs[l].addr_s);
- ovn_lflow_add(lflows, op->od,
- S_SWITCH_IN_EXTERNAL_PORT, 100,
- ds_cstr(&match), "drop;");
- }
- for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv6_addrs;
- l++) {
- ds_clear(&match);
- ds_put_format(
- &match, "inport == %s && eth.src == %s"
- " && !is_chassis_resident(%s)"
- " && nd_ns && ip6.dst == {%s, %s} && "
- "nd.target == %s",
- op->od->localnet_port->json_key,
- op->lsp_addrs[i].ea_s, op->json_key,
- rp->lsp_addrs[k].ipv6_addrs[l].addr_s,
- rp->lsp_addrs[k].ipv6_addrs[l].sn_addr_s,
- rp->lsp_addrs[k].ipv6_addrs[l].addr_s);
- ovn_lflow_add(lflows, op->od,
- S_SWITCH_IN_EXTERNAL_PORT, 100,
- ds_cstr(&match), "drop;");
- }
- }
- }
- }
- }
-
- /* Ingress table 17: Destination lookup, broadcast and multicast handling
- * (priority 70 - 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- if (od->mcast_info.enabled) {
- /* Punt IGMP traffic to controller. */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 100,
- "ip4 && ip.proto == 2", "igmp;");
-
- /* Flood all IP multicast traffic destined to 224.0.0.X to all
- * ports - RFC 4541, section 2.1.2, item 2.
- */
- ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 85,
- "ip4 && ip4.dst == 224.0.0.0/24",
- "outport = \""MC_FLOOD"\"; output;");
-
- /* Drop unregistered IP multicast if not allowed. */
- if (!od->mcast_info.flood_unregistered) {
- ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 80,
- "ip4 && ip4.mcast", "drop;");
- }
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast",
- "outport = \""MC_FLOOD"\"; output;");
- }
-
- /* Ingress table 17: Add IP multicast flows learnt from IGMP
- * (priority 90). */
- struct ovn_igmp_group *igmp_group, *next_igmp_group;
-
- HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, igmp_groups) {
- ds_clear(&match);
- ds_clear(&actions);
-
- if (!igmp_group->datapath) {
- continue;
- }
-
- struct mcast_info *mcast_info = &igmp_group->datapath->mcast_info;
-
- if (mcast_info->active_flows >= mcast_info->table_size) {
- continue;
- }
- mcast_info->active_flows++;
-
- ds_put_format(&match, "eth.mcast && ip4 && ip4.dst == %s ",
- igmp_group->mcgroup.name);
- ds_put_format(&actions, "outport = \"%s\"; output; ",
- igmp_group->mcgroup.name);
-
- ovn_lflow_add(lflows, igmp_group->datapath, S_SWITCH_IN_L2_LKUP, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* Ingress table 17: Destination lookup, unicast handling (priority 50), */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp || lsp_is_external(op->nbsp)) {
- continue;
- }
-
- for (size_t i = 0; i < op->nbsp->n_addresses; i++) {
- /* Addresses are owned by the logical port.
- * Ethernet address followed by zero or more IPv4
- * or IPv6 addresses (or both). */
- struct eth_addr mac;
- if (ovs_scan(op->nbsp->addresses[i],
- ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT,
- ETH_ADDR_ARGS(mac));
-
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; output;", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(&match), ds_cstr(&actions));
- } else if (!strcmp(op->nbsp->addresses[i], "unknown")) {
- if (lsp_is_enabled(op->nbsp)) {
- ovn_multicast_add(mcgroups, &mc_unknown, op);
- op->od->has_unknown = true;
- }
- } else if (is_dynamic_lsp_address(op->nbsp->addresses[i])) {
- if (!op->nbsp->dynamic_addresses
- || !ovs_scan(op->nbsp->dynamic_addresses,
- ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
- continue;
- }
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT,
- ETH_ADDR_ARGS(mac));
-
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; output;", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(&match), ds_cstr(&actions));
- } else if (!strcmp(op->nbsp->addresses[i], "router")) {
- if (!op->peer || !op->peer->nbrp
- || !ovs_scan(op->peer->nbrp->mac,
- ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
- continue;
- }
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT,
- ETH_ADDR_ARGS(mac));
- if (op->peer->od->l3dgw_port
- && op->peer->od->l3redirect_port
- && op->od->localnet_port) {
- bool add_chassis_resident_check = false;
- if (op->peer == op->peer->od->l3dgw_port) {
- /* The peer of this port represents a distributed
- * gateway port. The destination lookup flow for the
- * router's distributed gateway port MAC address should
- * only be programmed on the "redirect-chassis". */
- add_chassis_resident_check = true;
- } else {
- /* Check if the option 'reside-on-redirect-chassis'
- * is set to true on the peer port. If set to true
- * and if the logical switch has a localnet port, it
- * means the router pipeline for the packets from
- * this logical switch should be run on the chassis
- * hosting the gateway port.
- */
- add_chassis_resident_check = smap_get_bool(
- &op->peer->nbrp->options,
- "reside-on-redirect-chassis", false);
- }
-
- if (add_chassis_resident_check) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->peer->od->l3redirect_port->json_key);
- }
- }
-
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; output;", op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_L2_LKUP, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* Add ethernet addresses specified in NAT rules on
- * distributed logical routers. */
- if (op->peer->od->l3dgw_port
- && op->peer == op->peer->od->l3dgw_port) {
- for (int j = 0; j < op->peer->od->nbr->n_nat; j++) {
- const struct nbrec_nat *nat
- = op->peer->od->nbr->nat[j];
- if (!strcmp(nat->type, "dnat_and_snat")
- && nat->logical_port && nat->external_mac
- && eth_addr_from_string(nat->external_mac, &mac)) {
-
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == "ETH_ADDR_FMT
- " && is_chassis_resident(\"%s\")",
- ETH_ADDR_ARGS(mac),
- nat->logical_port);
-
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; output;",
- op->json_key);
- ovn_lflow_add(lflows, op->od, S_SWITCH_IN_L2_LKUP,
- 50, ds_cstr(&match),
- ds_cstr(&actions));
- }
- }
- }
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
-
- VLOG_INFO_RL(&rl,
- "%s: invalid syntax '%s' in addresses column",
- op->nbsp->name, op->nbsp->addresses[i]);
- }
- }
- }
-
- /* Ingress table 17: Destination lookup for unknown MACs (priority 0). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- if (od->has_unknown) {
- ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 0, "1",
- "outport = \""MC_UNKNOWN"\"; output;");
- }
- }
-
- /* Egress tables 8: Egress port security - IP (priority 0)
- * Egress table 9: Egress port security L2 - multicast/broadcast
- * (priority 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_IP, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_SWITCH_OUT_PORT_SEC_L2, 100, "eth.mcast",
- "output;");
- }
-
- /* Egress table 8: Egress port security - IP (priorities 90 and 80)
- * if port security enabled.
- *
- * Egress table 9: Egress port security - L2 (priorities 50 and 150).
- *
- * Priority 50 rules implement port security for enabled logical port.
- *
- * Priority 150 rules drop packets to disabled logical ports, so that they
- * don't even receive multicast or broadcast packets. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp || lsp_is_external(op->nbsp)) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s", op->json_key);
- if (lsp_is_enabled(op->nbsp)) {
- build_port_security_l2("eth.dst", op->ps_addrs, op->n_ps_addrs,
- &match);
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 50,
- ds_cstr(&match), "output;");
- } else {
- ovn_lflow_add(lflows, op->od, S_SWITCH_OUT_PORT_SEC_L2, 150,
- ds_cstr(&match), "drop;");
- }
-
- if (op->nbsp->n_port_security) {
- build_port_security_ip(P_OUT, op, lflows);
- }
- }
-
- ds_destroy(&match);
- ds_destroy(&actions);
-}
-
-static bool
-lrport_is_enabled(const struct nbrec_logical_router_port *lrport)
-{
- return !lrport->enabled || *lrport->enabled;
-}
-
-/* Returns a string of the IP address of the router port 'op' that
- * overlaps with 'ip_s". If one is not found, returns NULL.
- *
- * The caller must not free the returned string. */
-static const char *
-find_lrp_member_ip(const struct ovn_port *op, const char *ip_s)
-{
- bool is_ipv4 = strchr(ip_s, '.') ? true : false;
-
- if (is_ipv4) {
- ovs_be32 ip;
-
- if (!ip_parse(ip_s, &ip)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip address %s", ip_s);
- return NULL;
- }
-
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- const struct ipv4_netaddr *na = &op->lrp_networks.ipv4_addrs[i];
-
- if (!((na->network ^ ip) & na->mask)) {
- /* There should be only 1 interface that matches the
- * supplied IP. Otherwise, it's a configuration error,
- * because subnets of a router's interfaces should NOT
- * overlap. */
- return na->addr_s;
- }
- }
- } else {
- struct in6_addr ip6;
-
- if (!ipv6_parse(ip_s, &ip6)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ipv6 address %s", ip_s);
- return NULL;
- }
-
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- const struct ipv6_netaddr *na = &op->lrp_networks.ipv6_addrs[i];
- struct in6_addr xor_addr = ipv6_addr_bitxor(&na->network, &ip6);
- struct in6_addr and_addr = ipv6_addr_bitand(&xor_addr, &na->mask);
-
- if (ipv6_is_zero(&and_addr)) {
- /* There should be only 1 interface that matches the
- * supplied IP. Otherwise, it's a configuration error,
- * because subnets of a router's interfaces should NOT
- * overlap. */
- return na->addr_s;
- }
- }
- }
-
- return NULL;
-}
-
-static struct ovn_port*
-get_outport_for_routing_policy_nexthop(struct ovn_datapath *od,
- struct hmap *ports,
- int priority, const char *nexthop)
-{
- if (nexthop == NULL) {
- return NULL;
- }
-
- /* Find the router port matching the next hop. */
- for (int i = 0; i < od->nbr->n_ports; i++) {
- struct nbrec_logical_router_port *lrp = od->nbr->ports[i];
-
- struct ovn_port *out_port = ovn_port_find(ports, lrp->name);
- if (out_port && find_lrp_member_ip(out_port, nexthop)) {
- return out_port;
- }
- }
-
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "No path for routing policy priority %d; next hop %s",
- priority, nexthop);
- return NULL;
-}
-
-static void
-build_routing_policy_flow(struct hmap *lflows, struct ovn_datapath *od,
- struct hmap *ports,
- const struct nbrec_logical_router_policy *rule)
-{
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
-
- if (!strcmp(rule->action, "reroute")) {
- struct ovn_port *out_port = get_outport_for_routing_policy_nexthop(
- od, ports, rule->priority, rule->nexthop);
- if (!out_port) {
- return;
- }
-
- const char *lrp_addr_s = find_lrp_member_ip(out_port, rule->nexthop);
- if (!lrp_addr_s) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "lrp_addr not found for routing policy "
- " priority %"PRId64" nexthop %s",
- rule->priority, rule->nexthop);
- return;
- }
- bool is_ipv4 = strchr(rule->nexthop, '.') ? true : false;
- ds_put_format(&actions, "%sreg0 = %s; "
- "%sreg1 = %s; "
- "eth.src = %s; "
- "outport = %s; "
- "flags.loopback = 1; "
- "next;",
- is_ipv4 ? "" : "xx",
- rule->nexthop,
- is_ipv4 ? "" : "xx",
- lrp_addr_s,
- out_port->lrp_networks.ea_s,
- out_port->json_key);
-
- } else if (!strcmp(rule->action, "drop")) {
- ds_put_cstr(&actions, "drop;");
- } else if (!strcmp(rule->action, "allow")) {
- ds_put_cstr(&actions, "next;");
- }
- ds_put_format(&match, "%s", rule->match);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, rule->priority,
- ds_cstr(&match), ds_cstr(&actions));
- ds_destroy(&match);
- ds_destroy(&actions);
-}
-
-static void
-add_distributed_nat_routes(struct hmap *lflows, const struct ovn_port *op)
-{
- struct ds actions = DS_EMPTY_INITIALIZER;
- struct ds match = DS_EMPTY_INITIALIZER;
-
- if (!op->od->l3dgw_port) {
- return;
- }
-
- if (!op->peer || !op->peer->od->nbs) {
- return;
- }
-
- for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
- const struct nbrec_nat *nat = op->od->nbr->nat[i];
- bool found = false;
-
- if (strcmp(nat->type, "dnat_and_snat") ||
- !nat->external_mac || !nat->external_ip) {
- continue;
- }
-
- const struct ovn_datapath *peer_dp = op->peer->od;
- for (size_t j = 0; j < peer_dp->nbs->n_ports; j++) {
- if (!strcmp(peer_dp->nbs->ports[j]->name, nat->logical_port)) {
- found = true;
- break;
- }
- }
- if (!found) {
- continue;
- }
-
- ds_put_format(&match, "inport == %s && "
- "ip4.src == %s && ip4.dst == %s",
- op->json_key, nat->logical_ip, nat->external_ip);
- ds_put_format(&actions, "outport = %s; eth.dst = %s; "
- REGBIT_DISTRIBUTED_NAT" = 1; "
- REGBIT_NAT_REDIRECT" = 0; next;",
- op->od->l3dgw_port->json_key,
- nat->external_mac);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, 400,
- ds_cstr(&match), ds_cstr(&actions));
- ds_clear(&match);
- ds_clear(&actions);
-
- for (size_t j = 0; j < op->od->nbr->n_nat; j++) {
- const struct nbrec_nat *nat2 = op->od->nbr->nat[j];
-
- if (nat == nat2 || strcmp(nat2->type, "dnat_and_snat") ||
- !nat2->external_mac || !nat2->external_ip)
- continue;
-
- ds_put_format(&match, "inport == %s && "
- "ip4.src == %s && ip4.dst == %s",
- op->json_key, nat->logical_ip, nat2->external_ip);
- ds_put_format(&actions, "outport = %s; "
- "eth.src = %s; eth.dst = %s; "
- "reg0 = ip4.dst; reg1 = %s; "
- REGBIT_DISTRIBUTED_NAT" = 1; "
- REGBIT_NAT_REDIRECT" = 0; next;",
- op->od->l3dgw_port->json_key,
- op->od->l3dgw_port->lrp_networks.ea_s,
- nat2->external_mac, nat->external_ip);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, 400,
- ds_cstr(&match), ds_cstr(&actions));
- ds_clear(&match);
- ds_clear(&actions);
- }
- }
-}
-
-static void
-add_route(struct hmap *lflows, const struct ovn_port *op,
- const char *lrp_addr_s, const char *network_s, int plen,
- const char *gateway, const char *policy)
-{
- bool is_ipv4 = strchr(network_s, '.') ? true : false;
- struct ds match = DS_EMPTY_INITIALIZER;
- const char *dir;
- uint16_t priority;
-
- if (policy && !strcmp(policy, "src-ip")) {
- dir = "src";
- priority = plen * 2;
- } else {
- dir = "dst";
- priority = (plen * 2) + 1;
- }
-
- /* IPv6 link-local addresses must be scoped to the local router port. */
- if (!is_ipv4) {
- struct in6_addr network;
- ovs_assert(ipv6_parse(network_s, &network));
- if (in6_is_lla(&network)) {
- ds_put_format(&match, "inport == %s && ", op->json_key);
- }
- }
- ds_put_format(&match, "ip%s.%s == %s/%d", is_ipv4 ? "4" : "6", dir,
- network_s, plen);
-
- struct ds actions = DS_EMPTY_INITIALIZER;
- ds_put_format(&actions, "ip.ttl--; %sreg0 = ", is_ipv4 ? "" : "xx");
-
- if (gateway) {
- ds_put_cstr(&actions, gateway);
- } else {
- ds_put_format(&actions, "ip%s.dst", is_ipv4 ? "4" : "6");
- }
- ds_put_format(&actions, "; "
- "%sreg1 = %s; "
- "eth.src = %s; "
- "outport = %s; "
- "flags.loopback = 1; "
- "next;",
- is_ipv4 ? "" : "xx",
- lrp_addr_s,
- op->lrp_networks.ea_s,
- op->json_key);
-
- /* The priority here is calculated to implement longest-prefix-match
- * routing. */
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, priority,
- ds_cstr(&match), ds_cstr(&actions));
- ds_destroy(&match);
- ds_destroy(&actions);
-}
-
-static void
-build_static_route_flow(struct hmap *lflows, struct ovn_datapath *od,
- struct hmap *ports,
- const struct nbrec_logical_router_static_route *route)
-{
- ovs_be32 nexthop;
- const char *lrp_addr_s = NULL;
- unsigned int plen;
- bool is_ipv4;
-
- /* Verify that the next hop is an IP address with an all-ones mask. */
- char *error = ip_parse_cidr(route->nexthop, &nexthop, &plen);
- if (!error) {
- if (plen != 32) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad next hop mask %s", route->nexthop);
- return;
- }
- is_ipv4 = true;
- } else {
- free(error);
-
- struct in6_addr ip6;
- error = ipv6_parse_cidr(route->nexthop, &ip6, &plen);
- if (!error) {
- if (plen != 128) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad next hop mask %s", route->nexthop);
- return;
- }
- is_ipv4 = false;
- } else {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad next hop ip address %s", route->nexthop);
- free(error);
- return;
- }
- }
-
- char *prefix_s;
- if (is_ipv4) {
- ovs_be32 prefix;
- /* Verify that ip prefix is a valid IPv4 address. */
- error = ip_parse_cidr(route->ip_prefix, &prefix, &plen);
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'ip_prefix' in static routes %s",
- route->ip_prefix);
- free(error);
- return;
- }
- prefix_s = xasprintf(IP_FMT, IP_ARGS(prefix & be32_prefix_mask(plen)));
- } else {
- /* Verify that ip prefix is a valid IPv6 address. */
- struct in6_addr prefix;
- error = ipv6_parse_cidr(route->ip_prefix, &prefix, &plen);
- if (error) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad 'ip_prefix' in static routes %s",
- route->ip_prefix);
- free(error);
- return;
- }
- struct in6_addr mask = ipv6_create_mask(plen);
- struct in6_addr network = ipv6_addr_bitand(&prefix, &mask);
- prefix_s = xmalloc(INET6_ADDRSTRLEN);
- inet_ntop(AF_INET6, &network, prefix_s, INET6_ADDRSTRLEN);
- }
-
- /* Find the outgoing port. */
- struct ovn_port *out_port = NULL;
- if (route->output_port) {
- out_port = ovn_port_find(ports, route->output_port);
- if (!out_port) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "Bad out port %s for static route %s",
- route->output_port, route->ip_prefix);
- goto free_prefix_s;
- }
- lrp_addr_s = find_lrp_member_ip(out_port, route->nexthop);
- if (!lrp_addr_s) {
- /* There are no IP networks configured on the router's port via
- * which 'route->nexthop' is theoretically reachable. But since
- * 'out_port' has been specified, we honor it by trying to reach
- * 'route->nexthop' via the first IP address of 'out_port'.
- * (There are cases, e.g in GCE, where each VM gets a /32 IP
- * address and the default gateway is still reachable from it.) */
- if (is_ipv4) {
- if (out_port->lrp_networks.n_ipv4_addrs) {
- lrp_addr_s = out_port->lrp_networks.ipv4_addrs[0].addr_s;
- }
- } else {
- if (out_port->lrp_networks.n_ipv6_addrs) {
- lrp_addr_s = out_port->lrp_networks.ipv6_addrs[0].addr_s;
- }
- }
- }
- } else {
- /* output_port is not specified, find the
- * router port matching the next hop. */
- int i;
- for (i = 0; i < od->nbr->n_ports; i++) {
- struct nbrec_logical_router_port *lrp = od->nbr->ports[i];
- out_port = ovn_port_find(ports, lrp->name);
- if (!out_port) {
- /* This should not happen. */
- continue;
- }
-
- lrp_addr_s = find_lrp_member_ip(out_port, route->nexthop);
- if (lrp_addr_s) {
- break;
- }
- }
- }
-
- if (!out_port || !lrp_addr_s) {
- /* There is no matched out port. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "No path for static route %s; next hop %s",
- route->ip_prefix, route->nexthop);
- goto free_prefix_s;
- }
-
- char *policy = route->policy ? route->policy : "dst-ip";
- add_route(lflows, out_port, lrp_addr_s, prefix_s, plen, route->nexthop,
- policy);
-
-free_prefix_s:
- free(prefix_s);
-}
-
-static void
-op_put_v4_networks(struct ds *ds, const struct ovn_port *op, bool add_bcast)
-{
- if (!add_bcast && op->lrp_networks.n_ipv4_addrs == 1) {
- ds_put_format(ds, "%s", op->lrp_networks.ipv4_addrs[0].addr_s);
- return;
- }
-
- ds_put_cstr(ds, "{");
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- ds_put_format(ds, "%s, ", op->lrp_networks.ipv4_addrs[i].addr_s);
- if (add_bcast) {
- ds_put_format(ds, "%s, ", op->lrp_networks.ipv4_addrs[i].bcast_s);
- }
- }
- ds_chomp(ds, ' ');
- ds_chomp(ds, ',');
- ds_put_cstr(ds, "}");
-}
-
-static void
-op_put_v6_networks(struct ds *ds, const struct ovn_port *op)
-{
- if (op->lrp_networks.n_ipv6_addrs == 1) {
- ds_put_format(ds, "%s", op->lrp_networks.ipv6_addrs[0].addr_s);
- return;
- }
-
- ds_put_cstr(ds, "{");
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- ds_put_format(ds, "%s, ", op->lrp_networks.ipv6_addrs[i].addr_s);
- }
- ds_chomp(ds, ' ');
- ds_chomp(ds, ',');
- ds_put_cstr(ds, "}");
-}
-
-static const char *
-get_force_snat_ip(struct ovn_datapath *od, const char *key_type, ovs_be32 *ip)
-{
- char *key = xasprintf("%s_force_snat_ip", key_type);
- const char *ip_address = smap_get(&od->nbr->options, key);
- free(key);
-
- if (ip_address) {
- ovs_be32 mask;
- char *error = ip_parse_masked(ip_address, ip, &mask);
- if (error || mask != OVS_BE32_MAX) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip %s in options of router "UUID_FMT"",
- ip_address, UUID_ARGS(&od->key));
- free(error);
- *ip = 0;
- return NULL;
- }
- return ip_address;
- }
-
- *ip = 0;
- return NULL;
-}
-
-static void
-add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od,
- struct ds *match, struct ds *actions, int priority,
- const char *lb_force_snat_ip, char *backend_ips,
- bool is_udp, int addr_family)
-{
- /* A match and actions for new connections. */
- char *new_match = xasprintf("ct.new && %s", ds_cstr(match));
- if (lb_force_snat_ip) {
- char *new_actions = xasprintf("flags.force_snat_for_lb = 1; %s",
- ds_cstr(actions));
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority, new_match,
- new_actions);
- free(new_actions);
- } else {
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority, new_match,
- ds_cstr(actions));
- }
-
- /* A match and actions for established connections. */
- char *est_match = xasprintf("ct.est && %s", ds_cstr(match));
- if (lb_force_snat_ip) {
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority, est_match,
- "flags.force_snat_for_lb = 1; ct_dnat;");
- } else {
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, priority, est_match,
- "ct_dnat;");
- }
-
- free(new_match);
- free(est_match);
-
- if (!od->l3dgw_port || !od->l3redirect_port || !backend_ips) {
- return;
- }
-
- /* Add logical flows to UNDNAT the load balanced reverse traffic in
- * the router egress pipleine stage - S_ROUTER_OUT_UNDNAT if the logical
- * router has a gateway router port associated.
- */
- struct ds undnat_match = DS_EMPTY_INITIALIZER;
- if (addr_family == AF_INET) {
- ds_put_cstr(&undnat_match, "ip4 && (");
- } else {
- ds_put_cstr(&undnat_match, "ip6 && (");
- }
- char *start, *next, *ip_str;
- start = next = xstrdup(backend_ips);
- ip_str = strsep(&next, ",");
- bool backend_ips_found = false;
- while (ip_str && ip_str[0]) {
- char *ip_address = NULL;
- uint16_t port = 0;
- int addr_family_;
- ip_address_and_port_from_lb_key(ip_str, &ip_address, &port,
- &addr_family_);
- if (!ip_address) {
- break;
- }
-
- if (addr_family_ == AF_INET) {
- ds_put_format(&undnat_match, "(ip4.src == %s", ip_address);
- } else {
- ds_put_format(&undnat_match, "(ip6.src == %s", ip_address);
- }
- free(ip_address);
- if (port) {
- ds_put_format(&undnat_match, " && %s.src == %d) || ",
- is_udp ? "udp" : "tcp", port);
- } else {
- ds_put_cstr(&undnat_match, ") || ");
- }
- ip_str = strsep(&next, ",");
- backend_ips_found = true;
- }
-
- free(start);
- if (!backend_ips_found) {
- ds_destroy(&undnat_match);
- return;
- }
- ds_chomp(&undnat_match, ' ');
- ds_chomp(&undnat_match, '|');
- ds_chomp(&undnat_match, '|');
- ds_chomp(&undnat_match, ' ');
- ds_put_format(&undnat_match, ") && outport == %s && "
- "is_chassis_resident(%s)", od->l3dgw_port->json_key,
- od->l3redirect_port->json_key);
- if (lb_force_snat_ip) {
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 120,
- ds_cstr(&undnat_match),
- "flags.force_snat_for_lb = 1; ct_dnat;");
- } else {
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 120,
- ds_cstr(&undnat_match), "ct_dnat;");
- }
-
- ds_destroy(&undnat_match);
-}
-
-#define ND_RA_MAX_INTERVAL_MAX 1800
-#define ND_RA_MAX_INTERVAL_MIN 4
-
-#define ND_RA_MIN_INTERVAL_MAX(max) ((max) * 3 / 4)
-#define ND_RA_MIN_INTERVAL_MIN 3
-
-static void
-copy_ra_to_sb(struct ovn_port *op, const char *address_mode)
-{
- struct smap options;
- smap_clone(&options, &op->sb->options);
-
- smap_add(&options, "ipv6_ra_send_periodic", "true");
- smap_add(&options, "ipv6_ra_address_mode", address_mode);
-
- int max_interval = smap_get_int(&op->nbrp->ipv6_ra_configs,
- "max_interval", ND_RA_MAX_INTERVAL_DEFAULT);
- if (max_interval > ND_RA_MAX_INTERVAL_MAX) {
- max_interval = ND_RA_MAX_INTERVAL_MAX;
- }
- if (max_interval < ND_RA_MAX_INTERVAL_MIN) {
- max_interval = ND_RA_MAX_INTERVAL_MIN;
- }
- smap_add_format(&options, "ipv6_ra_max_interval", "%d", max_interval);
-
- int min_interval = smap_get_int(&op->nbrp->ipv6_ra_configs,
- "min_interval", nd_ra_min_interval_default(max_interval));
- if (min_interval > ND_RA_MIN_INTERVAL_MAX(max_interval)) {
- min_interval = ND_RA_MIN_INTERVAL_MAX(max_interval);
- }
- if (min_interval < ND_RA_MIN_INTERVAL_MIN) {
- min_interval = ND_RA_MIN_INTERVAL_MIN;
- }
- smap_add_format(&options, "ipv6_ra_min_interval", "%d", min_interval);
-
- int mtu = smap_get_int(&op->nbrp->ipv6_ra_configs, "mtu", ND_MTU_DEFAULT);
- /* RFC 2460 requires the MTU for IPv6 to be at least 1280 */
- if (mtu && mtu >= 1280) {
- smap_add_format(&options, "ipv6_ra_mtu", "%d", mtu);
- }
-
- struct ds s = DS_EMPTY_INITIALIZER;
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; ++i) {
- struct ipv6_netaddr *addrs = &op->lrp_networks.ipv6_addrs[i];
- if (in6_is_lla(&addrs->network)) {
- smap_add(&options, "ipv6_ra_src_addr", addrs->addr_s);
- continue;
- }
- ds_put_format(&s, "%s/%u ", addrs->network_s, addrs->plen);
- }
- /* Remove trailing space */
- ds_chomp(&s, ' ');
- smap_add(&options, "ipv6_ra_prefixes", ds_cstr(&s));
- ds_destroy(&s);
-
- smap_add(&options, "ipv6_ra_src_eth", op->lrp_networks.ea_s);
-
- sbrec_port_binding_set_options(op->sb, &options);
- smap_destroy(&options);
-}
-
-static void
-build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
- struct hmap *lflows)
-{
- /* This flow table structure is documented in ovn-northd(8), so please
- * update ovn-northd.8.xml if you change anything. */
-
- struct ds match = DS_EMPTY_INITIALIZER;
- struct ds actions = DS_EMPTY_INITIALIZER;
-
- /* Logical router ingress table 0: Admission control framework. */
- struct ovn_datapath *od;
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- /* Logical VLANs not supported.
- * Broadcast/multicast source address is invalid. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100,
- "vlan.present || eth.src[40]", "drop;");
- }
-
- /* Logical router ingress table 0: match (priority 50). */
- struct ovn_port *op;
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp) {
- continue;
- }
-
- if (!lrport_is_enabled(op->nbrp)) {
- /* Drop packets from disabled logical ports (since logical flow
- * tables are default-drop). */
- continue;
- }
-
- if (op->derived) {
- /* No ingress packets should be received on a chassisredirect
- * port. */
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "eth.mcast && inport == %s", op->json_key);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ADMISSION, 50,
- ds_cstr(&match), "next;");
-
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == %s && inport == %s",
- op->lrp_networks.ea_s, op->json_key);
- if (op->od->l3dgw_port && op == op->od->l3dgw_port
- && op->od->l3redirect_port) {
- /* Traffic with eth.dst = l3dgw_port->lrp_networks.ea_s
- * should only be received on the "redirect-chassis". */
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ADMISSION, 50,
- ds_cstr(&match), "next;");
- }
-
- /* Logical router ingress table 1: IP Input. */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- /* L3 admission control: drop multicast and broadcast source, localhost
- * source or destination, and zero network source or destination
- * (priority 100). */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 100,
- "ip4.mcast || "
- "ip4.src == 255.255.255.255 || "
- "ip4.src == 127.0.0.0/8 || "
- "ip4.dst == 127.0.0.0/8 || "
- "ip4.src == 0.0.0.0/8 || "
- "ip4.dst == 0.0.0.0/8",
- "drop;");
-
- /* ARP reply handling. Use ARP replies to populate the logical
- * router's ARP table. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 90, "arp.op == 2",
- "put_arp(inport, arp.spa, arp.sha);");
-
- /* Drop Ethernet local broadcast. By definition this traffic should
- * not be forwarded.*/
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 50,
- "eth.bcast", "drop;");
-
- /* TTL discard */
- ds_clear(&match);
- ds_put_cstr(&match, "ip4 && ip.ttl == {0, 1}");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 30,
- ds_cstr(&match), "drop;");
-
- /* ND advertisement handling. Use advertisements to populate
- * the logical router's ARP/ND table. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 90, "nd_na",
- "put_nd(inport, nd.target, nd.tll);");
-
- /* Lean from neighbor solicitations that were not directed at
- * us. (A priority-90 flow will respond to requests to us and
- * learn the sender's mac address. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 80, "nd_ns",
- "put_nd(inport, ip6.src, nd.sll);");
-
- /* Pass other traffic not already handled to the next table for
- * routing. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 0, "1", "next;");
- }
-
- /* Logical router ingress table 1: IP Input for IPv4. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp) {
- continue;
- }
-
- if (op->derived) {
- /* No ingress packets are accepted on a chassisredirect
- * port, so no need to program flows for that port. */
- continue;
- }
-
- if (op->lrp_networks.n_ipv4_addrs) {
- /* L3 admission control: drop packets that originate from an
- * IPv4 address owned by the router or a broadcast address
- * known to the router (priority 100). */
- ds_clear(&match);
- ds_put_cstr(&match, "ip4.src == ");
- op_put_v4_networks(&match, op, true);
- ds_put_cstr(&match, " && "REGBIT_EGRESS_LOOPBACK" == 0");
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
- ds_cstr(&match), "drop;");
-
- /* ICMP echo reply. These flows reply to ICMP echo requests
- * received for the router's IP address. Since packets only
- * get here as part of the logical router datapath, the inport
- * (i.e. the incoming locally attached net) does not matter.
- * The ip.ttl also does not matter (RFC1812 section 4.2.2.9) */
- ds_clear(&match);
- ds_put_cstr(&match, "ip4.dst == ");
- op_put_v4_networks(&match, op, false);
- ds_put_cstr(&match, " && icmp4.type == 8 && icmp4.code == 0");
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "ip4.dst <-> ip4.src; "
- "ip.ttl = 255; "
- "icmp4.type = 0; "
- "flags.loopback = 1; "
- "next; ");
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* ICMP time exceeded */
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- ds_clear(&match);
- ds_clear(&actions);
-
- ds_put_format(&match,
- "inport == %s && ip4 && "
- "ip.ttl == {0, 1} && !ip.later_frag", op->json_key);
- ds_put_format(&actions,
- "icmp4 {"
- "eth.dst <-> eth.src; "
- "icmp4.type = 11; /* Time exceeded */ "
- "icmp4.code = 0; /* TTL exceeded in transit */ "
- "ip4.dst = ip4.src; "
- "ip4.src = %s; "
- "ip.ttl = 255; "
- "next; };",
- op->lrp_networks.ipv4_addrs[i].addr_s);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 40,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* ARP reply. These flows reply to ARP requests for the router's own
- * IP address. */
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- ds_clear(&match);
- ds_put_format(&match,
- "inport == %s && arp.spa == %s/%u && arp.tpa == %s"
- " && arp.op == 1",
- op->json_key,
- op->lrp_networks.ipv4_addrs[i].network_s,
- op->lrp_networks.ipv4_addrs[i].plen,
- op->lrp_networks.ipv4_addrs[i].addr_s);
-
- if (op->od->l3dgw_port && op->od->l3redirect_port && op->peer
- && op->peer->od->localnet_port) {
- bool add_chassis_resident_check = false;
- if (op == op->od->l3dgw_port) {
- /* Traffic with eth.src = l3dgw_port->lrp_networks.ea_s
- * should only be sent from the "redirect-chassis", so that
- * upstream MAC learning points to the "redirect-chassis".
- * Also need to avoid generation of multiple ARP responses
- * from different chassis. */
- add_chassis_resident_check = true;
- } else {
- /* Check if the option 'reside-on-redirect-chassis'
- * is set to true on the router port. If set to true
- * and if peer's logical switch has a localnet port, it
- * means the router pipeline for the packets from
- * peer's logical switch is be run on the chassis
- * hosting the gateway port and it should reply to the
- * ARP requests for the router port IPs.
- */
- add_chassis_resident_check = smap_get_bool(
- &op->nbrp->options,
- "reside-on-redirect-chassis", false);
- }
-
- if (add_chassis_resident_check) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
- }
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "put_arp(inport, arp.spa, arp.sha); "
- "eth.dst = eth.src; "
- "eth.src = %s; "
- "arp.op = 2; /* ARP reply */ "
- "arp.tha = arp.sha; "
- "arp.sha = %s; "
- "arp.tpa = arp.spa; "
- "arp.spa = %s; "
- "outport = %s; "
- "flags.loopback = 1; "
- "output;",
- op->lrp_networks.ea_s,
- op->lrp_networks.ea_s,
- op->lrp_networks.ipv4_addrs[i].addr_s,
- op->json_key);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* Learn from ARP requests that were not directed at us. A typical
- * use case is GARP request handling. (A priority-90 flow will
- * respond to request to us and learn the sender's mac address.) */
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- ds_clear(&match);
- ds_put_format(&match,
- "inport == %s && arp.spa == %s/%u && arp.op == 1",
- op->json_key,
- op->lrp_networks.ipv4_addrs[i].network_s,
- op->lrp_networks.ipv4_addrs[i].plen);
- if (op->od->l3dgw_port && op == op->od->l3dgw_port
- && op->od->l3redirect_port) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
- ds_cstr(&match),
- "put_arp(inport, arp.spa, arp.sha);");
-
- }
-
- /* A set to hold all load-balancer vips that need ARP responses. */
- struct sset all_ips = SSET_INITIALIZER(&all_ips);
- int addr_family;
- get_router_load_balancer_ips(op->od, &all_ips, &addr_family);
-
- const char *ip_address;
- SSET_FOR_EACH(ip_address, &all_ips) {
- ds_clear(&match);
- if (addr_family == AF_INET) {
- ds_put_format(&match,
- "inport == %s && arp.tpa == %s && arp.op == 1",
- op->json_key, ip_address);
- } else {
- ds_put_format(&match,
- "inport == %s && nd_ns && nd.target == %s",
- op->json_key, ip_address);
- }
-
- ds_clear(&actions);
- if (addr_family == AF_INET) {
- ds_put_format(&actions,
- "eth.dst = eth.src; "
- "eth.src = %s; "
- "arp.op = 2; /* ARP reply */ "
- "arp.tha = arp.sha; "
- "arp.sha = %s; "
- "arp.tpa = arp.spa; "
- "arp.spa = %s; "
- "outport = %s; "
- "flags.loopback = 1; "
- "output;",
- op->lrp_networks.ea_s,
- op->lrp_networks.ea_s,
- ip_address,
- op->json_key);
- } else {
- ds_put_format(&actions,
- "nd_na { "
- "eth.src = %s; "
- "ip6.src = %s; "
- "nd.target = %s; "
- "nd.tll = %s; "
- "outport = inport; "
- "flags.loopback = 1; "
- "output; "
- "};",
- op->lrp_networks.ea_s,
- ip_address,
- ip_address,
- op->lrp_networks.ea_s);
- }
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- sset_destroy(&all_ips);
-
- /* A gateway router can have 2 SNAT IP addresses to force DNATed and
- * LBed traffic respectively to be SNATed. In addition, there can be
- * a number of SNAT rules in the NAT table. */
- ovs_be32 *snat_ips = xmalloc(sizeof *snat_ips *
- (op->od->nbr->n_nat + 2));
- size_t n_snat_ips = 0;
-
- ovs_be32 snat_ip;
- const char *dnat_force_snat_ip = get_force_snat_ip(op->od, "dnat",
- &snat_ip);
- if (dnat_force_snat_ip) {
- snat_ips[n_snat_ips++] = snat_ip;
- }
-
- const char *lb_force_snat_ip = get_force_snat_ip(op->od, "lb",
- &snat_ip);
- if (lb_force_snat_ip) {
- snat_ips[n_snat_ips++] = snat_ip;
- }
-
- for (int i = 0; i < op->od->nbr->n_nat; i++) {
- const struct nbrec_nat *nat;
-
- nat = op->od->nbr->nat[i];
-
- ovs_be32 ip;
- if (!ip_parse(nat->external_ip, &ip) || !ip) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip address %s in nat configuration "
- "for router %s", nat->external_ip, op->key);
- continue;
- }
-
- if (!strcmp(nat->type, "snat")) {
- snat_ips[n_snat_ips++] = ip;
- continue;
- }
-
- /* ARP handling for external IP addresses.
- *
- * DNAT IP addresses are external IP addresses that need ARP
- * handling. */
- ds_clear(&match);
- ds_put_format(&match,
- "inport == %s && arp.tpa == "IP_FMT" && arp.op == 1",
- op->json_key, IP_ARGS(ip));
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "eth.dst = eth.src; "
- "arp.op = 2; /* ARP reply */ "
- "arp.tha = arp.sha; ");
-
- if (op->od->l3dgw_port && op == op->od->l3dgw_port) {
- struct eth_addr mac;
- if (nat->external_mac &&
- eth_addr_from_string(nat->external_mac, &mac)
- && nat->logical_port) {
- /* distributed NAT case, use nat->external_mac */
- ds_put_format(&actions,
- "eth.src = "ETH_ADDR_FMT"; "
- "arp.sha = "ETH_ADDR_FMT"; ",
- ETH_ADDR_ARGS(mac),
- ETH_ADDR_ARGS(mac));
- /* Traffic with eth.src = nat->external_mac should only be
- * sent from the chassis where nat->logical_port is
- * resident, so that upstream MAC learning points to the
- * correct chassis. Also need to avoid generation of
- * multiple ARP responses from different chassis. */
- ds_put_format(&match, " && is_chassis_resident(\"%s\")",
- nat->logical_port);
- } else {
- ds_put_format(&actions,
- "eth.src = %s; "
- "arp.sha = %s; ",
- op->lrp_networks.ea_s,
- op->lrp_networks.ea_s);
- /* Traffic with eth.src = l3dgw_port->lrp_networks.ea_s
- * should only be sent from the "redirect-chassis", so that
- * upstream MAC learning points to the "redirect-chassis".
- * Also need to avoid generation of multiple ARP responses
- * from different chassis. */
- if (op->od->l3redirect_port) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
- }
- } else {
- ds_put_format(&actions,
- "eth.src = %s; "
- "arp.sha = %s; ",
- op->lrp_networks.ea_s,
- op->lrp_networks.ea_s);
- }
- ds_put_format(&actions,
- "arp.tpa = arp.spa; "
- "arp.spa = "IP_FMT"; "
- "outport = %s; "
- "flags.loopback = 1; "
- "output;",
- IP_ARGS(ip),
- op->json_key);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- if (!smap_get(&op->od->nbr->options, "chassis")
- && !op->od->l3dgw_port) {
- /* UDP/TCP port unreachable. */
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- ds_clear(&match);
- ds_put_format(&match,
- "ip4 && ip4.dst == %s && !ip.later_frag && udp",
- op->lrp_networks.ipv4_addrs[i].addr_s);
- const char *action = "icmp4 {"
- "eth.dst <-> eth.src; "
- "ip4.dst <-> ip4.src; "
- "ip.ttl = 255; "
- "icmp4.type = 3; "
- "icmp4.code = 3; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
- ds_cstr(&match), action);
-
- ds_clear(&match);
- ds_put_format(&match,
- "ip4 && ip4.dst == %s && !ip.later_frag && tcp",
- op->lrp_networks.ipv4_addrs[i].addr_s);
- action = "tcp_reset {"
- "eth.dst <-> eth.src; "
- "ip4.dst <-> ip4.src; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
- ds_cstr(&match), action);
-
- ds_clear(&match);
- ds_put_format(&match,
- "ip4 && ip4.dst == %s && !ip.later_frag",
- op->lrp_networks.ipv4_addrs[i].addr_s);
- action = "icmp4 {"
- "eth.dst <-> eth.src; "
- "ip4.dst <-> ip4.src; "
- "ip.ttl = 255; "
- "icmp4.type = 3; "
- "icmp4.code = 2; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
- ds_cstr(&match), action);
- }
- }
-
- ds_clear(&match);
- ds_put_cstr(&match, "ip4.dst == {");
- bool has_drop_ips = false;
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- bool snat_ip_is_router_ip = false;
- for (int j = 0; j < n_snat_ips; j++) {
- /* Packets to SNAT IPs should not be dropped. */
- if (op->lrp_networks.ipv4_addrs[i].addr == snat_ips[j]) {
- snat_ip_is_router_ip = true;
- break;
- }
- }
- if (snat_ip_is_router_ip) {
- continue;
- }
- ds_put_format(&match, "%s, ",
- op->lrp_networks.ipv4_addrs[i].addr_s);
- has_drop_ips = true;
- }
- ds_chomp(&match, ' ');
- ds_chomp(&match, ',');
- ds_put_cstr(&match, "}");
-
- if (has_drop_ips) {
- /* Drop IP traffic to this router. */
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 60,
- ds_cstr(&match), "drop;");
- }
-
- free(snat_ips);
- }
-
- /* Logical router ingress table 1: IP Input for IPv6. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp) {
- continue;
- }
-
- if (op->derived) {
- /* No ingress packets are accepted on a chassisredirect
- * port, so no need to program flows for that port. */
- continue;
- }
-
- if (op->lrp_networks.n_ipv6_addrs) {
- /* L3 admission control: drop packets that originate from an
- * IPv6 address owned by the router (priority 100). */
- ds_clear(&match);
- ds_put_cstr(&match, "ip6.src == ");
- op_put_v6_networks(&match, op);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
- ds_cstr(&match), "drop;");
-
- /* ICMPv6 echo reply. These flows reply to echo requests
- * received for the router's IP address. */
- ds_clear(&match);
- ds_put_cstr(&match, "ip6.dst == ");
- op_put_v6_networks(&match, op);
- ds_put_cstr(&match, " && icmp6.type == 128 && icmp6.code == 0");
-
- ds_clear(&actions);
- ds_put_cstr(&actions,
- "ip6.dst <-> ip6.src; "
- "ip.ttl = 255; "
- "icmp6.type = 129; "
- "flags.loopback = 1; "
- "next; ");
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* Drop IPv6 traffic to this router. */
- ds_clear(&match);
- ds_put_cstr(&match, "ip6.dst == ");
- op_put_v6_networks(&match, op);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 60,
- ds_cstr(&match), "drop;");
- }
-
- /* ND reply. These flows reply to ND solicitations for the
- * router's own IP address. */
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- ds_clear(&match);
- ds_put_format(&match,
- "inport == %s && nd_ns && ip6.dst == {%s, %s} "
- "&& nd.target == %s",
- op->json_key,
- op->lrp_networks.ipv6_addrs[i].addr_s,
- op->lrp_networks.ipv6_addrs[i].sn_addr_s,
- op->lrp_networks.ipv6_addrs[i].addr_s);
- if (op->od->l3dgw_port && op == op->od->l3dgw_port
- && op->od->l3redirect_port) {
- /* Traffic with eth.src = l3dgw_port->lrp_networks.ea_s
- * should only be sent from the "redirect-chassis", so that
- * upstream MAC learning points to the "redirect-chassis".
- * Also need to avoid generation of multiple ND replies
- * from different chassis. */
- ds_put_format(&match, " && is_chassis_resident(%s)",
- op->od->l3redirect_port->json_key);
- }
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "put_nd(inport, ip6.src, nd.sll); "
- "nd_na_router { "
- "eth.src = %s; "
- "ip6.src = %s; "
- "nd.target = %s; "
- "nd.tll = %s; "
- "outport = inport; "
- "flags.loopback = 1; "
- "output; "
- "};",
- op->lrp_networks.ea_s,
- op->lrp_networks.ipv6_addrs[i].addr_s,
- op->lrp_networks.ipv6_addrs[i].addr_s,
- op->lrp_networks.ea_s);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* UDP/TCP port unreachable */
- if (!smap_get(&op->od->nbr->options, "chassis")
- && !op->od->l3dgw_port) {
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- ds_clear(&match);
- ds_put_format(&match,
- "ip6 && ip6.dst == %s && !ip.later_frag && tcp",
- op->lrp_networks.ipv6_addrs[i].addr_s);
- const char *action = "tcp_reset {"
- "eth.dst <-> eth.src; "
- "ip6.dst <-> ip6.src; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
- ds_cstr(&match), action);
-
- ds_clear(&match);
- ds_put_format(&match,
- "ip6 && ip6.dst == %s && !ip.later_frag && udp",
- op->lrp_networks.ipv6_addrs[i].addr_s);
- action = "icmp6 {"
- "eth.dst <-> eth.src; "
- "ip6.dst <-> ip6.src; "
- "ip.ttl = 255; "
- "icmp6.type = 1; "
- "icmp6.code = 4; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
- ds_cstr(&match), action);
-
- ds_clear(&match);
- ds_put_format(&match,
- "ip6 && ip6.dst == %s && !ip.later_frag",
- op->lrp_networks.ipv6_addrs[i].addr_s);
- action = "icmp6 {"
- "eth.dst <-> eth.src; "
- "ip6.dst <-> ip6.src; "
- "ip.ttl = 255; "
- "icmp6.type = 1; "
- "icmp6.code = 3; "
- "next; };";
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
- ds_cstr(&match), action);
- }
- }
-
- /* ICMPv6 time exceeded */
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- /* skip link-local address */
- if (in6_is_lla(&op->lrp_networks.ipv6_addrs[i].network)) {
- continue;
- }
-
- ds_clear(&match);
- ds_clear(&actions);
-
- ds_put_format(&match,
- "inport == %s && ip6 && "
- "ip6.src == %s/%d && "
- "ip.ttl == {0, 1} && !ip.later_frag",
- op->json_key,
- op->lrp_networks.ipv6_addrs[i].network_s,
- op->lrp_networks.ipv6_addrs[i].plen);
- ds_put_format(&actions,
- "icmp6 {"
- "eth.dst <-> eth.src; "
- "ip6.dst = ip6.src; "
- "ip6.src = %s; "
- "ip.ttl = 255; "
- "icmp6.type = 3; /* Time exceeded */ "
- "icmp6.code = 0; /* TTL exceeded in transit */ "
- "next; };",
- op->lrp_networks.ipv6_addrs[i].addr_s);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 40,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
-
- /* NAT, Defrag and load balancing. */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- /* Packets are allowed by default. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 0, "1", "next;");
-
- /* NAT rules are only valid on Gateway routers and routers with
- * l3dgw_port (router has a port with "redirect-chassis"
- * specified). */
- if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) {
- continue;
- }
-
- ovs_be32 snat_ip;
- const char *dnat_force_snat_ip = get_force_snat_ip(od, "dnat",
- &snat_ip);
- const char *lb_force_snat_ip = get_force_snat_ip(od, "lb",
- &snat_ip);
-
- for (int i = 0; i < od->nbr->n_nat; i++) {
- const struct nbrec_nat *nat;
-
- nat = od->nbr->nat[i];
-
- ovs_be32 ip, mask;
-
- char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
- if (error || mask != OVS_BE32_MAX) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad external ip %s for nat",
- nat->external_ip);
- free(error);
- continue;
- }
-
- /* Check the validity of nat->logical_ip. 'logical_ip' can
- * be a subnet when the type is "snat". */
- error = ip_parse_masked(nat->logical_ip, &ip, &mask);
- if (!strcmp(nat->type, "snat")) {
- if (error) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip network or ip %s for snat "
- "in router "UUID_FMT"",
- nat->logical_ip, UUID_ARGS(&od->key));
- free(error);
- continue;
- }
- } else {
- if (error || mask != OVS_BE32_MAX) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad ip %s for dnat in router "
- ""UUID_FMT"", nat->logical_ip, UUID_ARGS(&od->key));
- free(error);
- continue;
- }
- }
-
- /* For distributed router NAT, determine whether this NAT rule
- * satisfies the conditions for distributed NAT processing. */
- bool distributed = false;
- struct eth_addr mac;
- if (od->l3dgw_port && !strcmp(nat->type, "dnat_and_snat") &&
- nat->logical_port && nat->external_mac) {
- if (eth_addr_from_string(nat->external_mac, &mac)) {
- distributed = true;
- } else {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(5, 1);
- VLOG_WARN_RL(&rl, "bad mac %s for dnat in router "
- ""UUID_FMT"", nat->external_mac, UUID_ARGS(&od->key));
- continue;
- }
- }
-
- /* Ingress UNSNAT table: It is for already established connections'
- * reverse traffic. i.e., SNAT has already been done in egress
- * pipeline and now the packet has entered the ingress pipeline as
- * part of a reply. We undo the SNAT here.
- *
- * Undoing SNAT has to happen before DNAT processing. This is
- * because when the packet was DNATed in ingress pipeline, it did
- * not know about the possibility of eventual additional SNAT in
- * egress pipeline. */
- if (!strcmp(nat->type, "snat")
- || !strcmp(nat->type, "dnat_and_snat")) {
- if (!od->l3dgw_port) {
- /* Gateway router. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s",
- nat->external_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 90,
- ds_cstr(&match), "ct_snat;");
- } else {
- /* Distributed router. */
-
- /* Traffic received on l3dgw_port is subject to NAT. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s"
- " && inport == %s",
- nat->external_ip,
- od->l3dgw_port->json_key);
- if (!distributed && od->l3redirect_port) {
- /* Flows for NAT rules that are centralized are only
- * programmed on the "redirect-chassis". */
- ds_put_format(&match, " && is_chassis_resident(%s)",
- od->l3redirect_port->json_key);
- }
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 100,
- ds_cstr(&match), "ct_snat;");
-
- /* Traffic received on other router ports must be
- * redirected to the central instance of the l3dgw_port
- * for NAT processing. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s",
- nat->external_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 50,
- ds_cstr(&match),
- REGBIT_NAT_REDIRECT" = 1; next;");
- }
- }
-
- /* Ingress DNAT table: Packets enter the pipeline with destination
- * IP address that needs to be DNATted from a external IP address
- * to a logical IP address. */
- if (!strcmp(nat->type, "dnat")
- || !strcmp(nat->type, "dnat_and_snat")) {
- if (!od->l3dgw_port) {
- /* Gateway router. */
- /* Packet when it goes from the initiator to destination.
- * We need to set flags.loopback because the router can
- * send the packet back through the same interface. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s",
- nat->external_ip);
- ds_clear(&actions);
- if (dnat_force_snat_ip) {
- /* Indicate to the future tables that a DNAT has taken
- * place and a force SNAT needs to be done in the
- * Egress SNAT table. */
- ds_put_format(&actions,
- "flags.force_snat_for_dnat = 1; ");
- }
- ds_put_format(&actions, "flags.loopback = 1; ct_dnat(%s);",
- nat->logical_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 100,
- ds_cstr(&match), ds_cstr(&actions));
- } else {
- /* Distributed router. */
-
- /* Traffic received on l3dgw_port is subject to NAT. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s"
- " && inport == %s",
- nat->external_ip,
- od->l3dgw_port->json_key);
- if (!distributed && od->l3redirect_port) {
- /* Flows for NAT rules that are centralized are only
- * programmed on the "redirect-chassis". */
- ds_put_format(&match, " && is_chassis_resident(%s)",
- od->l3redirect_port->json_key);
- }
- ds_clear(&actions);
- ds_put_format(&actions, "ct_dnat(%s);",
- nat->logical_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 100,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* Traffic received on other router ports must be
- * redirected to the central instance of the l3dgw_port
- * for NAT processing. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s",
- nat->external_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 50,
- ds_cstr(&match),
- REGBIT_NAT_REDIRECT" = 1; next;");
- }
- }
-
- /* Egress UNDNAT table: It is for already established connections'
- * reverse traffic. i.e., DNAT has already been done in ingress
- * pipeline and now the packet has entered the egress pipeline as
- * part of a reply. We undo the DNAT here.
- *
- * Note that this only applies for NAT on a distributed router.
- * Undo DNAT on a gateway router is done in the ingress DNAT
- * pipeline stage. */
- if (od->l3dgw_port && (!strcmp(nat->type, "dnat")
- || !strcmp(nat->type, "dnat_and_snat"))) {
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.src == %s"
- " && outport == %s",
- nat->logical_ip,
- od->l3dgw_port->json_key);
- if (!distributed && od->l3redirect_port) {
- /* Flows for NAT rules that are centralized are only
- * programmed on the "redirect-chassis". */
- ds_put_format(&match, " && is_chassis_resident(%s)",
- od->l3redirect_port->json_key);
- }
- ds_clear(&actions);
- if (distributed) {
- ds_put_format(&actions, "eth.src = "ETH_ADDR_FMT"; ",
- ETH_ADDR_ARGS(mac));
- }
- ds_put_format(&actions, "ct_dnat;");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_UNDNAT, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* Egress SNAT table: Packets enter the egress pipeline with
- * source ip address that needs to be SNATted to a external ip
- * address. */
- if (!strcmp(nat->type, "snat")
- || !strcmp(nat->type, "dnat_and_snat")) {
- if (!od->l3dgw_port) {
- /* Gateway router. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.src == %s",
- nat->logical_ip);
- ds_clear(&actions);
- ds_put_format(&actions, "ct_snat(%s);", nat->external_ip);
-
- /* The priority here is calculated such that the
- * nat->logical_ip with the longest mask gets a higher
- * priority. */
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
- count_1bits(ntohl(mask)) + 1,
- ds_cstr(&match), ds_cstr(&actions));
- } else {
- uint16_t priority = count_1bits(ntohl(mask)) + 1;
-
- /* Distributed router. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.src == %s"
- " && outport == %s",
- nat->logical_ip,
- od->l3dgw_port->json_key);
- if (!distributed && od->l3redirect_port) {
- /* Flows for NAT rules that are centralized are only
- * programmed on the "redirect-chassis". */
- priority += 128;
- ds_put_format(&match, " && is_chassis_resident(%s)",
- od->l3redirect_port->json_key);
- }
- ds_clear(&actions);
- if (distributed) {
- ds_put_format(&actions, "eth.src = "ETH_ADDR_FMT"; ",
- ETH_ADDR_ARGS(mac));
- }
- ds_put_format(&actions, "ct_snat(%s);", nat->external_ip);
-
- /* The priority here is calculated such that the
- * nat->logical_ip with the longest mask gets a higher
- * priority. */
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
- priority, ds_cstr(&match),
- ds_cstr(&actions));
- }
- }
-
- /* Logical router ingress table 0:
- * For NAT on a distributed router, add rules allowing
- * ingress traffic with eth.dst matching nat->external_mac
- * on the l3dgw_port instance where nat->logical_port is
- * resident. */
- if (distributed) {
- ds_clear(&match);
- ds_put_format(&match,
- "eth.dst == "ETH_ADDR_FMT" && inport == %s"
- " && is_chassis_resident(\"%s\")",
- ETH_ADDR_ARGS(mac),
- od->l3dgw_port->json_key,
- nat->logical_port);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 50,
- ds_cstr(&match), "next;");
- }
-
- /* Ingress Gateway Redirect Table: For NAT on a distributed
- * router, add flows that are specific to a NAT rule. These
- * flows indicate the presence of an applicable NAT rule that
- * can be applied in a distributed manner. */
- if (distributed) {
- ds_clear(&match);
- ds_put_format(&match, "ip4.src == %s && outport == %s",
- nat->logical_ip,
- od->l3dgw_port->json_key);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 100,
- ds_cstr(&match), "next;");
- }
-
- /* Egress Loopback table: For NAT on a distributed router.
- * If packets in the egress pipeline on the distributed
- * gateway port have ip.dst matching a NAT external IP, then
- * loop a clone of the packet back to the beginning of the
- * ingress pipeline with inport = outport. */
- if (od->l3dgw_port) {
- /* Distributed router. */
- if (!strcmp(nat->type, "dnat_and_snat") &&
- nat->external_mac && nat->external_ip) {
- for (int j = 0; j < od->nbr->n_nat; j++) {
- const struct nbrec_nat *nat2 = od->nbr->nat[j];
-
- if (nat2 == nat ||
- strcmp(nat2->type, "dnat_and_snat") ||
- !nat2->external_mac || !nat2->external_ip) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "is_chassis_resident(\"%s\") && "
- "ip4.src == %s && ip4.dst == %s",
- nat->logical_port, nat2->external_ip,
- nat->external_ip);
- ds_clear(&actions);
- ds_put_format(&actions,
- "inport = outport; outport = \"\"; "
- "flags = 0; flags.loopback = 1; "
- REGBIT_EGRESS_LOOPBACK" = 1; "
- "next(pipeline=ingress, table=0); ");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 300,
- ds_cstr(&match), ds_cstr(&actions));
-
- ds_clear(&match);
- ds_put_format(&match,
- "ip4.src == %s && ip4.dst == %s",
- nat2->external_ip, nat->external_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 200,
- ds_cstr(&match), "next;");
- ds_clear(&match);
- }
- }
-
- ds_clear(&match);
- ds_put_format(&match, "ip4.dst == %s && outport == %s",
- nat->external_ip,
- od->l3dgw_port->json_key);
- ds_clear(&actions);
- ds_put_format(&actions,
- "clone { ct_clear; "
- "inport = outport; outport = \"\"; "
- "flags = 0; flags.loopback = 1; ");
- for (int j = 0; j < MFF_N_LOG_REGS; j++) {
- ds_put_format(&actions, "reg%d = 0; ", j);
- }
- ds_put_format(&actions, REGBIT_EGRESS_LOOPBACK" = 1; "
- "next(pipeline=ingress, table=0); };");
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_EGR_LOOP, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
-
- /* Handle force SNAT options set in the gateway router. */
- if (dnat_force_snat_ip && !od->l3dgw_port) {
- /* If a packet with destination IP address as that of the
- * gateway router (as set in options:dnat_force_snat_ip) is seen,
- * UNSNAT it. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s", dnat_force_snat_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 110,
- ds_cstr(&match), "ct_snat;");
-
- /* Higher priority rules to force SNAT with the IP addresses
- * configured in the Gateway router. This only takes effect
- * when the packet has already been DNATed once. */
- ds_clear(&match);
- ds_put_format(&match, "flags.force_snat_for_dnat == 1 && ip");
- ds_clear(&actions);
- ds_put_format(&actions, "ct_snat(%s);", dnat_force_snat_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
- if (lb_force_snat_ip && !od->l3dgw_port) {
- /* If a packet with destination IP address as that of the
- * gateway router (as set in options:lb_force_snat_ip) is seen,
- * UNSNAT it. */
- ds_clear(&match);
- ds_put_format(&match, "ip && ip4.dst == %s", lb_force_snat_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_UNSNAT, 100,
- ds_cstr(&match), "ct_snat;");
-
- /* Load balanced traffic will have flags.force_snat_for_lb set.
- * Force SNAT it. */
- ds_clear(&match);
- ds_put_format(&match, "flags.force_snat_for_lb == 1 && ip");
- ds_clear(&actions);
- ds_put_format(&actions, "ct_snat(%s);", lb_force_snat_ip);
- ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- if (!od->l3dgw_port) {
- /* For gateway router, re-circulate every packet through
- * the DNAT zone. This helps with the following.
- *
- * Any packet that needs to be unDNATed in the reverse
- * direction gets unDNATed. Ideally this could be done in
- * the egress pipeline. But since the gateway router
- * does not have any feature that depends on the source
- * ip address being external IP address for IP routing,
- * we can do it here, saving a future re-circulation. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 50,
- "ip", "flags.loopback = 1; ct_dnat;");
- } else {
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 400,
- REGBIT_DISTRIBUTED_NAT" == 1", "next;");
-
- /* For NAT on a distributed router, add flows to Ingress
- * IP Routing table, Ingress ARP Resolution table, and
- * Ingress Gateway Redirect Table that are not specific to a
- * NAT rule. */
-
- /* The highest priority IN_IP_ROUTING rule matches packets
- * with REGBIT_NAT_REDIRECT (set in DNAT or UNSNAT stages),
- * with action "ip.ttl--; next;". The IN_GW_REDIRECT table
- * will take care of setting the outport. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 300,
- REGBIT_NAT_REDIRECT" == 1", "ip.ttl--; next;");
-
- /* The highest priority IN_ARP_RESOLVE rule matches packets
- * with REGBIT_NAT_REDIRECT (set in DNAT or UNSNAT stages),
- * then sets eth.dst to the distributed gateway port's
- * ethernet address. */
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;",
- od->l3dgw_port->lrp_networks.ea_s);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 200,
- REGBIT_NAT_REDIRECT" == 1", ds_cstr(&actions));
-
- /* The highest priority IN_GW_REDIRECT rule redirects packets
- * with REGBIT_NAT_REDIRECT (set in DNAT or UNSNAT stages) to
- * the central instance of the l3dgw_port for NAT processing. */
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; next;",
- od->l3redirect_port->json_key);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 200,
- REGBIT_NAT_REDIRECT" == 1", ds_cstr(&actions));
- }
-
- /* Load balancing and packet defrag are only valid on
- * Gateway routers or router with gateway port. */
- if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) {
- continue;
- }
-
- /* A set to hold all ips that need defragmentation and tracking. */
- struct sset all_ips = SSET_INITIALIZER(&all_ips);
-
- for (int i = 0; i < od->nbr->n_load_balancer; i++) {
- struct nbrec_load_balancer *lb = od->nbr->load_balancer[i];
- struct smap *vips = &lb->vips;
- struct smap_node *node;
-
- SMAP_FOR_EACH (node, vips) {
- uint16_t port = 0;
- int addr_family;
-
- /* node->key contains IP:port or just IP. */
- char *ip_address = NULL;
- ip_address_and_port_from_lb_key(node->key, &ip_address, &port,
- &addr_family);
- if (!ip_address) {
- continue;
- }
-
- if (!sset_contains(&all_ips, ip_address)) {
- sset_add(&all_ips, ip_address);
- /* If there are any load balancing rules, we should send
- * the packet to conntrack for defragmentation and
- * tracking. This helps with two things.
- *
- * 1. With tracking, we can send only new connections to
- * pick a DNAT ip address from a group.
- * 2. If there are L4 ports in load balancing rules, we
- * need the defragmentation to match on L4 ports. */
- ds_clear(&match);
- if (addr_family == AF_INET) {
- ds_put_format(&match, "ip && ip4.dst == %s",
- ip_address);
- } else {
- ds_put_format(&match, "ip && ip6.dst == %s",
- ip_address);
- }
- ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG,
- 100, ds_cstr(&match), "ct_next;");
- }
-
- /* Higher priority rules are added for load-balancing in DNAT
- * table. For every match (on a VIP[:port]), we add two flows
- * via add_router_lb_flow(). One flow is for specific matching
- * on ct.new with an action of "ct_lb($targets);". The other
- * flow is for ct.est with an action of "ct_dnat;". */
- ds_clear(&actions);
- ds_put_format(&actions, "ct_lb(%s);", node->value);
-
- ds_clear(&match);
- if (addr_family == AF_INET) {
- ds_put_format(&match, "ip && ip4.dst == %s",
- ip_address);
- } else {
- ds_put_format(&match, "ip && ip6.dst == %s",
- ip_address);
- }
- free(ip_address);
-
- int prio = 110;
- bool is_udp = lb->protocol && !strcmp(lb->protocol, "udp") ?
- true : false;
- if (port) {
- if (is_udp) {
- ds_put_format(&match, " && udp && udp.dst == %d",
- port);
- } else {
- ds_put_format(&match, " && tcp && tcp.dst == %d",
- port);
- }
- prio = 120;
- }
-
- if (od->l3redirect_port) {
- ds_put_format(&match, " && is_chassis_resident(%s)",
- od->l3redirect_port->json_key);
- }
- add_router_lb_flow(lflows, od, &match, &actions, prio,
- lb_force_snat_ip, node->value, is_udp,
- addr_family);
- }
- }
- sset_destroy(&all_ips);
- }
-
- /* Logical router ingress table 5 and 6: IPv6 Router Adv (RA) options and
- * response. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp || op->nbrp->peer || !op->peer) {
- continue;
- }
-
- if (!op->lrp_networks.n_ipv6_addrs) {
- continue;
- }
-
- const char *address_mode = smap_get(
- &op->nbrp->ipv6_ra_configs, "address_mode");
-
- if (!address_mode) {
- continue;
- }
- if (strcmp(address_mode, "slaac") &&
- strcmp(address_mode, "dhcpv6_stateful") &&
- strcmp(address_mode, "dhcpv6_stateless")) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "Invalid address mode [%s] defined",
- address_mode);
- continue;
- }
-
- if (smap_get_bool(&op->nbrp->ipv6_ra_configs, "send_periodic",
- false)) {
- copy_ra_to_sb(op, address_mode);
- }
-
- ds_clear(&match);
- ds_put_format(&match, "inport == %s && ip6.dst == ff02::2 && nd_rs",
- op->json_key);
- ds_clear(&actions);
-
- const char *mtu_s = smap_get(
- &op->nbrp->ipv6_ra_configs, "mtu");
-
- /* As per RFC 2460, 1280 is minimum IPv6 MTU. */
- uint32_t mtu = (mtu_s && atoi(mtu_s) >= 1280) ? atoi(mtu_s) : 0;
-
- ds_put_format(&actions, REGBIT_ND_RA_OPTS_RESULT" = put_nd_ra_opts("
- "addr_mode = \"%s\", slla = %s",
- address_mode, op->lrp_networks.ea_s);
- if (mtu > 0) {
- ds_put_format(&actions, ", mtu = %u", mtu);
- }
-
- bool add_rs_response_flow = false;
-
- for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- if (in6_is_lla(&op->lrp_networks.ipv6_addrs[i].network)) {
- continue;
- }
-
- ds_put_format(&actions, ", prefix = %s/%u",
- op->lrp_networks.ipv6_addrs[i].network_s,
- op->lrp_networks.ipv6_addrs[i].plen);
-
- add_rs_response_flow = true;
- }
-
- if (add_rs_response_flow) {
- ds_put_cstr(&actions, "); next;");
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ND_RA_OPTIONS, 50,
- ds_cstr(&match), ds_cstr(&actions));
- ds_clear(&actions);
- ds_clear(&match);
- ds_put_format(&match, "inport == %s && ip6.dst == ff02::2 && "
- "nd_ra && "REGBIT_ND_RA_OPTS_RESULT, op->json_key);
-
- char ip6_str[INET6_ADDRSTRLEN + 1];
- struct in6_addr lla;
- in6_generate_lla(op->lrp_networks.ea, &lla);
- memset(ip6_str, 0, sizeof(ip6_str));
- ipv6_string_mapped(ip6_str, &lla);
- ds_put_format(&actions, "eth.dst = eth.src; eth.src = %s; "
- "ip6.dst = ip6.src; ip6.src = %s; "
- "outport = inport; flags.loopback = 1; "
- "output;",
- op->lrp_networks.ea_s, ip6_str);
- ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ND_RA_RESPONSE, 50,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
-
- /* Logical router ingress table 5, 6: RS responder, by default goto next.
- * (priority 0)*/
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1", "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;");
- }
-
- /* Logical router ingress table 7: IP Routing.
- *
- * A packet that arrives at this table is an IP packet that should be
- * routed to the address in 'ip[46].dst'. This table sets outport to
- * the correct output port, eth.src to the output port's MAC
- * address, and '[xx]reg0' to the next-hop IP address (leaving
- * 'ip[46].dst', the packet’s final destination, unchanged), and
- * advances to the next table for ARP/ND resolution. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp) {
- continue;
- }
-
- /* create logical flows for DVR floating IPs */
- add_distributed_nat_routes(lflows, op);
-
- for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
- add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s,
- op->lrp_networks.ipv4_addrs[i].network_s,
- op->lrp_networks.ipv4_addrs[i].plen, NULL, NULL);
- }
-
- for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
- add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s,
- op->lrp_networks.ipv6_addrs[i].network_s,
- op->lrp_networks.ipv6_addrs[i].plen, NULL, NULL);
- }
- }
-
- /* Convert the static routes to flows. */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- for (int i = 0; i < od->nbr->n_static_routes; i++) {
- const struct nbrec_logical_router_static_route *route;
-
- route = od->nbr->static_routes[i];
- build_static_route_flow(lflows, od, ports, route);
- }
- }
-
- /* Logical router ingress table 8: Policy.
- *
- * A packet that arrives at this table is an IP packet that should be
- * permitted/denied/rerouted to the address in the rule's nexthop.
- * This table sets outport to the correct out_port,
- * eth.src to the output port's MAC address,
- * and '[xx]reg0' to the next-hop IP address (leaving
- * 'ip[46].dst', the packet’s final destination, unchanged), and
- * advances to the next table for ARP/ND resolution. */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
- /* This is a catch-all rule. It has the lowest priority (0)
- * does a match-all("1") and pass-through (next) */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_POLICY, 0, "1", "next;");
-
- /* Convert routing policies to flows. */
- for (int i = 0; i < od->nbr->n_policies; i++) {
- const struct nbrec_logical_router_policy *rule
- = od->nbr->policies[i];
- build_routing_policy_flow(lflows, od, ports, rule);
- }
- }
-
-
- /* XXX destination unreachable */
-
- /* Local router ingress table 9: ARP Resolution.
- *
- * Any packet that reaches this table is an IP packet whose next-hop IP
- * address is in reg0. (ip4.dst is the final destination.) This table
- * resolves the IP address in reg0 into an output port in outport and an
- * Ethernet address in eth.dst. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (op->nbsp && !lsp_is_enabled(op->nbsp)) {
- continue;
- }
-
- if (op->nbrp) {
- /* This is a logical router port. If next-hop IP address in
- * '[xx]reg0' matches IP address of this router port, then
- * the packet is intended to eventually be sent to this
- * logical port. Set the destination mac address using this
- * port's mac address.
- *
- * The packet is still in peer's logical pipeline. So the match
- * should be on peer's outport. */
- if (op->peer && op->nbrp->peer) {
- if (op->lrp_networks.n_ipv4_addrs) {
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && reg0 == ",
- op->peer->json_key);
- op_put_v4_networks(&match, op, false);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;",
- op->lrp_networks.ea_s);
- ovn_lflow_add(lflows, op->peer->od, S_ROUTER_IN_ARP_RESOLVE,
- 100, ds_cstr(&match), ds_cstr(&actions));
- }
-
- if (op->lrp_networks.n_ipv6_addrs) {
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && xxreg0 == ",
- op->peer->json_key);
- op_put_v6_networks(&match, op);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;",
- op->lrp_networks.ea_s);
- ovn_lflow_add(lflows, op->peer->od, S_ROUTER_IN_ARP_RESOLVE,
- 100, ds_cstr(&match), ds_cstr(&actions));
- }
- }
- } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router")) {
- /* This is a logical switch port that backs a VM or a container.
- * Extract its addresses. For each of the address, go through all
- * the router ports attached to the switch (to which this port
- * connects) and if the address in question is reachable from the
- * router port, add an ARP/ND entry in that router's pipeline. */
-
- for (size_t i = 0; i < op->n_lsp_addrs; i++) {
- const char *ea_s = op->lsp_addrs[i].ea_s;
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) {
- const char *ip_s = op->lsp_addrs[i].ipv4_addrs[j].addr_s;
- for (size_t k = 0; k < op->od->n_router_ports; k++) {
- /* Get the Logical_Router_Port that the
- * Logical_Switch_Port is connected to, as
- * 'peer'. */
- const char *peer_name = smap_get(
- &op->od->router_ports[k]->nbsp->options,
- "router-port");
- if (!peer_name) {
- continue;
- }
-
- struct ovn_port *peer = ovn_port_find(ports, peer_name);
- if (!peer || !peer->nbrp) {
- continue;
- }
-
- if (!find_lrp_member_ip(peer, ip_s)) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && reg0 == %s",
- peer->json_key, ip_s);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;", ea_s);
- ovn_lflow_add(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
-
- for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) {
- const char *ip_s = op->lsp_addrs[i].ipv6_addrs[j].addr_s;
- for (size_t k = 0; k < op->od->n_router_ports; k++) {
- /* Get the Logical_Router_Port that the
- * Logical_Switch_Port is connected to, as
- * 'peer'. */
- const char *peer_name = smap_get(
- &op->od->router_ports[k]->nbsp->options,
- "router-port");
- if (!peer_name) {
- continue;
- }
-
- struct ovn_port *peer = ovn_port_find(ports, peer_name);
- if (!peer || !peer->nbrp) {
- continue;
- }
-
- if (!find_lrp_member_ip(peer, ip_s)) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && xxreg0 == %s",
- peer->json_key, ip_s);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;", ea_s);
- ovn_lflow_add(lflows, peer->od,
- S_ROUTER_IN_ARP_RESOLVE, 100,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
- }
- } else if (!strcmp(op->nbsp->type, "router")) {
- /* This is a logical switch port that connects to a router. */
-
- /* The peer of this switch port is the router port for which
- * we need to add logical flows such that it can resolve
- * ARP entries for all the other router ports connected to
- * the switch in question. */
-
- const char *peer_name = smap_get(&op->nbsp->options,
- "router-port");
- if (!peer_name) {
- continue;
- }
-
- struct ovn_port *peer = ovn_port_find(ports, peer_name);
- if (!peer || !peer->nbrp) {
- continue;
- }
-
- for (size_t i = 0; i < op->od->n_router_ports; i++) {
- const char *router_port_name = smap_get(
- &op->od->router_ports[i]->nbsp->options,
- "router-port");
- struct ovn_port *router_port = ovn_port_find(ports,
- router_port_name);
- if (!router_port || !router_port->nbrp) {
- continue;
- }
-
- /* Skip the router port under consideration. */
- if (router_port == peer) {
- continue;
- }
-
- if (router_port->lrp_networks.n_ipv4_addrs) {
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && reg0 == ",
- peer->json_key);
- op_put_v4_networks(&match, router_port, false);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;",
- router_port->lrp_networks.ea_s);
- ovn_lflow_add(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE,
- 100, ds_cstr(&match), ds_cstr(&actions));
- }
-
- if (router_port->lrp_networks.n_ipv6_addrs) {
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && xxreg0 == ",
- peer->json_key);
- op_put_v6_networks(&match, router_port);
-
- ds_clear(&actions);
- ds_put_format(&actions, "eth.dst = %s; next;",
- router_port->lrp_networks.ea_s);
- ovn_lflow_add(lflows, peer->od, S_ROUTER_IN_ARP_RESOLVE,
- 100, ds_cstr(&match), ds_cstr(&actions));
- }
- }
- }
- }
-
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip4",
- "get_arp(outport, reg0); next;");
-
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "ip6",
- "get_nd(outport, xxreg0); next;");
- }
-
- /* Local router ingress table 10: Check packet length.
- *
- * Any IPv4 packet with outport set to the distributed gateway
- * router port, check the packet length and store the result in the
- * 'REGBIT_PKT_LARGER' register bit.
- *
- * Local router ingress table 11: Handle larger packets.
- *
- * Any IPv4 packet with outport set to the distributed gateway
- * router port and the 'REGBIT_PKT_LARGER' register bit is set,
- * generate ICMPv4 packet with type 3 (Destination Unreachable) and
- * code 4 (Fragmentation needed).
- * */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- /* Packets are allowed by default. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1",
- "next;");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1",
- "next;");
-
- if (od->l3dgw_port && od->l3redirect_port) {
- int gw_mtu = 0;
- if (od->l3dgw_port->nbrp) {
- gw_mtu = smap_get_int(&od->l3dgw_port->nbrp->options,
- "gateway_mtu", 0);
- }
- /* Add the flows only if gateway_mtu is configured. */
- if (gw_mtu <= 0) {
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s && ip4",
- od->l3dgw_port->json_key);
-
- ds_clear(&actions);
- ds_put_format(&actions,
- REGBIT_PKT_LARGER" = check_pkt_larger(%d);"
- " next;", gw_mtu);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- for (size_t i = 0; i < od->nbr->n_ports; i++) {
- struct ovn_port *rp = ovn_port_find(ports,
- od->nbr->ports[i]->name);
- if (!rp || rp == od->l3dgw_port) {
- continue;
- }
- ds_clear(&match);
- ds_put_format(&match, "inport == %s && outport == %s && ip4 "
- "&& "REGBIT_PKT_LARGER,
- rp->json_key, od->l3dgw_port->json_key);
-
- ds_clear(&actions);
- /* Set icmp4.frag_mtu to gw_mtu - 58. 58 is the Geneve tunnel
- * overhead. */
- ds_put_format(&actions,
- "icmp4_error {"
- REGBIT_EGRESS_LOOPBACK" = 1; "
- "eth.dst = %s; "
- "ip4.dst = ip4.src; "
- "ip4.src = %s; "
- "ip.ttl = 255; "
- "icmp4.type = 3; /* Destination Unreachable. */ "
- "icmp4.code = 4; /* Frag Needed and DF was Set. */ "
- "icmp4.frag_mtu = %d; "
- "next(pipeline=ingress, table=0); };",
- rp->lrp_networks.ea_s,
- rp->lrp_networks.ipv4_addrs[0].addr_s,
- gw_mtu - 18);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 50,
- ds_cstr(&match), ds_cstr(&actions));
- }
- }
- }
-
- /* Logical router ingress table 12: Gateway redirect.
- *
- * For traffic with outport equal to the l3dgw_port
- * on a distributed router, this table redirects a subset
- * of the traffic to the l3redirect_port which represents
- * the central instance of the l3dgw_port.
- */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
- if (od->l3dgw_port && od->l3redirect_port) {
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 300,
- REGBIT_DISTRIBUTED_NAT" == 1", "next;");
-
- /* For traffic with outport == l3dgw_port, if the
- * packet did not match any higher priority redirect
- * rule, then the traffic is redirected to the central
- * instance of the l3dgw_port. */
- ds_clear(&match);
- ds_put_format(&match, "outport == %s",
- od->l3dgw_port->json_key);
- ds_clear(&actions);
- ds_put_format(&actions, "outport = %s; next;",
- od->l3redirect_port->json_key);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 50,
- ds_cstr(&match), ds_cstr(&actions));
-
- /* If the Ethernet destination has not been resolved,
- * redirect to the central instance of the l3dgw_port.
- * Such traffic will be replaced by an ARP request or ND
- * Neighbor Solicitation in the ARP request ingress
- * table, before being redirected to the central instance.
- */
- ds_put_format(&match, " && eth.dst == 00:00:00:00:00:00");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 150,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- /* Packets are allowed by default. */
- ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1", "next;");
- }
-
- /* Local router ingress table 13: ARP request.
- *
- * In the common case where the Ethernet destination has been resolved,
- * this table outputs the packet (priority 0). Otherwise, it composes
- * and sends an ARP/IPv6 NA request (priority 100). */
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbr) {
- continue;
- }
-
- for (int i = 0; i < od->nbr->n_static_routes; i++) {
- const struct nbrec_logical_router_static_route *route;
-
- route = od->nbr->static_routes[i];
- struct in6_addr gw_ip6;
- unsigned int plen;
- char *error = ipv6_parse_cidr(route->nexthop, &gw_ip6, &plen);
- if (error || plen != 128) {
- free(error);
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "eth.dst == 00:00:00:00:00:00 && "
- "ip6 && xxreg0 == %s", route->nexthop);
- struct in6_addr sn_addr;
- struct eth_addr eth_dst;
- in6_addr_solicited_node(&sn_addr, &gw_ip6);
- ipv6_multicast_to_ethernet(ð_dst, &sn_addr);
-
- char sn_addr_s[INET6_ADDRSTRLEN + 1];
- ipv6_string_mapped(sn_addr_s, &sn_addr);
-
- ds_clear(&actions);
- ds_put_format(&actions,
- "nd_ns { "
- "eth.dst = "ETH_ADDR_FMT"; "
- "ip6.dst = %s; "
- "nd.target = %s; "
- "output; "
- "};", ETH_ADDR_ARGS(eth_dst), sn_addr_s,
- route->nexthop);
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 200,
- ds_cstr(&match), ds_cstr(&actions));
- }
-
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
- "eth.dst == 00:00:00:00:00:00",
- "arp { "
- "eth.dst = ff:ff:ff:ff:ff:ff; "
- "arp.spa = reg1; "
- "arp.tpa = reg0; "
- "arp.op = 1; " /* ARP request */
- "output; "
- "};");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
- "eth.dst == 00:00:00:00:00:00",
- "nd_ns { "
- "nd.target = xxreg0; "
- "output; "
- "};");
- ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 0, "1", "output;");
- }
-
- /* Logical router egress table 1: Delivery (priority 100).
- *
- * Priority 100 rules deliver packets to enabled logical ports. */
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbrp) {
- continue;
- }
-
- if (!lrport_is_enabled(op->nbrp)) {
- /* Drop packets to disabled logical ports (since logical flow
- * tables are default-drop). */
- continue;
- }
-
- if (op->derived) {
- /* No egress packets should be processed in the context of
- * a chassisredirect port. The chassisredirect port should
- * be replaced by the l3dgw port in the local output
- * pipeline stage before egress processing. */
- continue;
- }
-
- ds_clear(&match);
- ds_put_format(&match, "outport == %s", op->json_key);
- ovn_lflow_add(lflows, op->od, S_ROUTER_OUT_DELIVERY, 100,
- ds_cstr(&match), "output;");
- }
-
- ds_destroy(&match);
- ds_destroy(&actions);
-}
-
-/* Updates the Logical_Flow and Multicast_Group tables in the OVN_SB database,
- * constructing their contents based on the OVN_NB database. */
-static void
-build_lflows(struct northd_context *ctx, struct hmap *datapaths,
- struct hmap *ports, struct hmap *port_groups,
- struct hmap *mcgroups, struct hmap *igmp_groups)
-{
- struct hmap lflows = HMAP_INITIALIZER(&lflows);
-
- build_lswitch_flows(datapaths, ports, port_groups, &lflows, mcgroups,
- igmp_groups);
- build_lrouter_flows(datapaths, ports, &lflows);
-
- /* Push changes to the Logical_Flow table to database. */
- const struct sbrec_logical_flow *sbflow, *next_sbflow;
- SBREC_LOGICAL_FLOW_FOR_EACH_SAFE (sbflow, next_sbflow, ctx->ovnsb_idl) {
- struct ovn_datapath *od
- = ovn_datapath_from_sbrec(datapaths, sbflow->logical_datapath);
- if (!od) {
- sbrec_logical_flow_delete(sbflow);
- continue;
- }
-
- enum ovn_datapath_type dp_type = od->nbs ? DP_SWITCH : DP_ROUTER;
- enum ovn_pipeline pipeline
- = !strcmp(sbflow->pipeline, "ingress") ? P_IN : P_OUT;
- struct ovn_lflow *lflow = ovn_lflow_find(
- &lflows, od, ovn_stage_build(dp_type, pipeline, sbflow->table_id),
- sbflow->priority, sbflow->match, sbflow->actions, sbflow->hash);
- if (lflow) {
- ovn_lflow_destroy(&lflows, lflow);
- } else {
- sbrec_logical_flow_delete(sbflow);
- }
- }
- struct ovn_lflow *lflow, *next_lflow;
- HMAP_FOR_EACH_SAFE (lflow, next_lflow, hmap_node, &lflows) {
- const char *pipeline = ovn_stage_get_pipeline_name(lflow->stage);
- uint8_t table = ovn_stage_get_table(lflow->stage);
-
- sbflow = sbrec_logical_flow_insert(ctx->ovnsb_txn);
- sbrec_logical_flow_set_logical_datapath(sbflow, lflow->od->sb);
- sbrec_logical_flow_set_pipeline(sbflow, pipeline);
- sbrec_logical_flow_set_table_id(sbflow, table);
- sbrec_logical_flow_set_priority(sbflow, lflow->priority);
- sbrec_logical_flow_set_match(sbflow, lflow->match);
- sbrec_logical_flow_set_actions(sbflow, lflow->actions);
-
- /* Trim the source locator lflow->where, which looks something like
- * "ovn/northd/ovn-northd.c:1234", down to just the part following the
- * last slash, e.g. "ovn-northd.c:1234". */
- const char *slash = strrchr(lflow->where, '/');
-#if _WIN32
- const char *backslash = strrchr(lflow->where, '\\');
- if (!slash || backslash > slash) {
- slash = backslash;
- }
-#endif
- const char *where = slash ? slash + 1 : lflow->where;
-
- struct smap ids = SMAP_INITIALIZER(&ids);
- smap_add(&ids, "stage-name", ovn_stage_to_str(lflow->stage));
- smap_add(&ids, "source", where);
- if (lflow->stage_hint) {
- smap_add(&ids, "stage-hint", lflow->stage_hint);
- }
- sbrec_logical_flow_set_external_ids(sbflow, &ids);
- smap_destroy(&ids);
-
- ovn_lflow_destroy(&lflows, lflow);
- }
- hmap_destroy(&lflows);
-
- /* Push changes to the Multicast_Group table to database. */
- const struct sbrec_multicast_group *sbmc, *next_sbmc;
- SBREC_MULTICAST_GROUP_FOR_EACH_SAFE (sbmc, next_sbmc, ctx->ovnsb_idl) {
- struct ovn_datapath *od = ovn_datapath_from_sbrec(datapaths,
- sbmc->datapath);
- if (!od) {
- sbrec_multicast_group_delete(sbmc);
- continue;
- }
-
- struct multicast_group group = { .name = sbmc->name,
- .key = sbmc->tunnel_key };
- struct ovn_multicast *mc = ovn_multicast_find(mcgroups, od, &group);
- if (mc) {
- ovn_multicast_update_sbrec(mc, sbmc);
- ovn_multicast_destroy(mcgroups, mc);
- } else {
- sbrec_multicast_group_delete(sbmc);
- }
- }
- struct ovn_multicast *mc, *next_mc;
- HMAP_FOR_EACH_SAFE (mc, next_mc, hmap_node, mcgroups) {
- if (!mc->datapath) {
- ovn_multicast_destroy(mcgroups, mc);
- continue;
- }
- sbmc = sbrec_multicast_group_insert(ctx->ovnsb_txn);
- sbrec_multicast_group_set_datapath(sbmc, mc->datapath->sb);
- sbrec_multicast_group_set_name(sbmc, mc->group->name);
- sbrec_multicast_group_set_tunnel_key(sbmc, mc->group->key);
- ovn_multicast_update_sbrec(mc, sbmc);
- ovn_multicast_destroy(mcgroups, mc);
- }
-}
-
-static void
-sync_address_set(struct northd_context *ctx, const char *name,
- const char **addrs, size_t n_addrs,
- struct shash *sb_address_sets)
-{
- const struct sbrec_address_set *sb_address_set;
- sb_address_set = shash_find_and_delete(sb_address_sets,
- name);
- if (!sb_address_set) {
- sb_address_set = sbrec_address_set_insert(ctx->ovnsb_txn);
- sbrec_address_set_set_name(sb_address_set, name);
- }
-
- sbrec_address_set_set_addresses(sb_address_set,
- addrs, n_addrs);
-}
-
-/* Go through 'addresses' and add found IPv4 addresses to 'ipv4_addrs' and IPv6
- * addresses to 'ipv6_addrs'.
- */
-static void
-split_addresses(const char *addresses, struct svec *ipv4_addrs,
- struct svec *ipv6_addrs)
-{
- struct lport_addresses laddrs;
- extract_lsp_addresses(addresses, &laddrs);
- for (size_t k = 0; k < laddrs.n_ipv4_addrs; k++) {
- svec_add(ipv4_addrs, laddrs.ipv4_addrs[k].addr_s);
- }
- for (size_t k = 0; k < laddrs.n_ipv6_addrs; k++) {
- svec_add(ipv6_addrs, laddrs.ipv6_addrs[k].addr_s);
- }
- destroy_lport_addresses(&laddrs);
-}
-
-/* OVN_Southbound Address_Set table contains same records as in north
- * bound, plus the records generated from Port_Group table in north bound.
- *
- * There are 2 records generated from each port group, one for IPv4, and
- * one for IPv6, named in the format: _ip4 and
- * _ip6 respectively. MAC addresses are ignored.
- *
- * We always update OVN_Southbound to match the Address_Set and Port_Group
- * in OVN_Northbound, so that the address sets used in Logical_Flows in
- * OVN_Southbound is checked against the proper set.*/
-static void
-sync_address_sets(struct northd_context *ctx)
-{
- struct shash sb_address_sets = SHASH_INITIALIZER(&sb_address_sets);
-
- const struct sbrec_address_set *sb_address_set;
- SBREC_ADDRESS_SET_FOR_EACH (sb_address_set, ctx->ovnsb_idl) {
- shash_add(&sb_address_sets, sb_address_set->name, sb_address_set);
- }
-
- /* sync port group generated address sets first */
- const struct nbrec_port_group *nb_port_group;
- NBREC_PORT_GROUP_FOR_EACH (nb_port_group, ctx->ovnnb_idl) {
- struct svec ipv4_addrs = SVEC_EMPTY_INITIALIZER;
- struct svec ipv6_addrs = SVEC_EMPTY_INITIALIZER;
- for (size_t i = 0; i < nb_port_group->n_ports; i++) {
- for (size_t j = 0; j < nb_port_group->ports[i]->n_addresses; j++) {
- const char *addrs = nb_port_group->ports[i]->addresses[j];
- if (!is_dynamic_lsp_address(addrs)) {
- split_addresses(addrs, &ipv4_addrs, &ipv6_addrs);
- }
- }
- if (nb_port_group->ports[i]->dynamic_addresses) {
- split_addresses(nb_port_group->ports[i]->dynamic_addresses,
- &ipv4_addrs, &ipv6_addrs);
- }
- }
- char *ipv4_addrs_name = xasprintf("%s_ip4", nb_port_group->name);
- char *ipv6_addrs_name = xasprintf("%s_ip6", nb_port_group->name);
- sync_address_set(ctx, ipv4_addrs_name,
- /* "char **" is not compatible with "const char **" */
- (const char **)ipv4_addrs.names,
- ipv4_addrs.n, &sb_address_sets);
- sync_address_set(ctx, ipv6_addrs_name,
- /* "char **" is not compatible with "const char **" */
- (const char **)ipv6_addrs.names,
- ipv6_addrs.n, &sb_address_sets);
- free(ipv4_addrs_name);
- free(ipv6_addrs_name);
- svec_destroy(&ipv4_addrs);
- svec_destroy(&ipv6_addrs);
- }
-
- /* sync user defined address sets, which may overwrite port group
- * generated address sets if same name is used */
- const struct nbrec_address_set *nb_address_set;
- NBREC_ADDRESS_SET_FOR_EACH (nb_address_set, ctx->ovnnb_idl) {
- sync_address_set(ctx, nb_address_set->name,
- /* "char **" is not compatible with "const char **" */
- (const char **)nb_address_set->addresses,
- nb_address_set->n_addresses, &sb_address_sets);
- }
-
- struct shash_node *node, *next;
- SHASH_FOR_EACH_SAFE (node, next, &sb_address_sets) {
- sbrec_address_set_delete(node->data);
- shash_delete(&sb_address_sets, node);
- }
- shash_destroy(&sb_address_sets);
-}
-
-/* Each port group in Port_Group table in OVN_Northbound has a corresponding
- * entry in Port_Group table in OVN_Southbound. In OVN_Northbound the entries
- * contains lport uuids, while in OVN_Southbound we store the lport names.
- */
-static void
-sync_port_groups(struct northd_context *ctx)
-{
- struct shash sb_port_groups = SHASH_INITIALIZER(&sb_port_groups);
-
- const struct sbrec_port_group *sb_port_group;
- SBREC_PORT_GROUP_FOR_EACH (sb_port_group, ctx->ovnsb_idl) {
- shash_add(&sb_port_groups, sb_port_group->name, sb_port_group);
- }
-
- const struct nbrec_port_group *nb_port_group;
- NBREC_PORT_GROUP_FOR_EACH (nb_port_group, ctx->ovnnb_idl) {
- sb_port_group = shash_find_and_delete(&sb_port_groups,
- nb_port_group->name);
- if (!sb_port_group) {
- sb_port_group = sbrec_port_group_insert(ctx->ovnsb_txn);
- sbrec_port_group_set_name(sb_port_group, nb_port_group->name);
- }
-
- const char **nb_port_names = xcalloc(nb_port_group->n_ports,
- sizeof *nb_port_names);
- int i;
- for (i = 0; i < nb_port_group->n_ports; i++) {
- nb_port_names[i] = nb_port_group->ports[i]->name;
- }
- sbrec_port_group_set_ports(sb_port_group,
- nb_port_names,
- nb_port_group->n_ports);
- free(nb_port_names);
- }
-
- struct shash_node *node, *next;
- SHASH_FOR_EACH_SAFE (node, next, &sb_port_groups) {
- sbrec_port_group_delete(node->data);
- shash_delete(&sb_port_groups, node);
- }
- shash_destroy(&sb_port_groups);
-}
-
-struct band_entry {
- int64_t rate;
- int64_t burst_size;
- const char *action;
-};
-
-static int
-band_cmp(const void *band1_, const void *band2_)
-{
- const struct band_entry *band1p = band1_;
- const struct band_entry *band2p = band2_;
-
- if (band1p->rate != band2p->rate) {
- return band1p->rate > band2p->rate ? -1 : 1;
- } else if (band1p->burst_size != band2p->burst_size) {
- return band1p->burst_size > band2p->burst_size ? -1 : 1;
- } else {
- return strcmp(band1p->action, band2p->action);
- }
-}
-
-static bool
-bands_need_update(const struct nbrec_meter *nb_meter,
- const struct sbrec_meter *sb_meter)
-{
- if (nb_meter->n_bands != sb_meter->n_bands) {
- return true;
- }
-
- /* A single band is the most common scenario, so speed up that
- * check. */
- if (nb_meter->n_bands == 1) {
- struct nbrec_meter_band *nb_band = nb_meter->bands[0];
- struct sbrec_meter_band *sb_band = sb_meter->bands[0];
-
- return !(nb_band->rate == sb_band->rate
- && nb_band->burst_size == sb_band->burst_size
- && !strcmp(sb_band->action, nb_band->action));
- }
-
- /* Place the Northbound entries in sorted order. */
- struct band_entry *nb_bands;
- nb_bands = xmalloc(sizeof *nb_bands * nb_meter->n_bands);
- for (size_t i = 0; i < nb_meter->n_bands; i++) {
- struct nbrec_meter_band *nb_band = nb_meter->bands[i];
-
- nb_bands[i].rate = nb_band->rate;
- nb_bands[i].burst_size = nb_band->burst_size;
- nb_bands[i].action = nb_band->action;
- }
- qsort(nb_bands, nb_meter->n_bands, sizeof *nb_bands, band_cmp);
-
- /* Place the Southbound entries in sorted order. */
- struct band_entry *sb_bands;
- sb_bands = xmalloc(sizeof *sb_bands * sb_meter->n_bands);
- for (size_t i = 0; i < sb_meter->n_bands; i++) {
- struct sbrec_meter_band *sb_band = sb_meter->bands[i];
-
- sb_bands[i].rate = sb_band->rate;
- sb_bands[i].burst_size = sb_band->burst_size;
- sb_bands[i].action = sb_band->action;
- }
- qsort(sb_bands, sb_meter->n_bands, sizeof *sb_bands, band_cmp);
-
- bool need_update = false;
- for (size_t i = 0; i < nb_meter->n_bands; i++) {
- if (nb_bands[i].rate != sb_bands[i].rate
- || nb_bands[i].burst_size != sb_bands[i].burst_size
- || strcmp(nb_bands[i].action, sb_bands[i].action)) {
- need_update = true;
- goto done;
- }
- }
-
-done:
- free(nb_bands);
- free(sb_bands);
-
- return need_update;
-}
-
-/* Each entry in the Meter and Meter_Band tables in OVN_Northbound have
- * a corresponding entries in the Meter and Meter_Band tables in
- * OVN_Southbound.
- */
-static void
-sync_meters(struct northd_context *ctx)
-{
- struct shash sb_meters = SHASH_INITIALIZER(&sb_meters);
-
- const struct sbrec_meter *sb_meter;
- SBREC_METER_FOR_EACH (sb_meter, ctx->ovnsb_idl) {
- shash_add(&sb_meters, sb_meter->name, sb_meter);
- }
-
- const struct nbrec_meter *nb_meter;
- NBREC_METER_FOR_EACH (nb_meter, ctx->ovnnb_idl) {
- bool new_sb_meter = false;
-
- sb_meter = shash_find_and_delete(&sb_meters, nb_meter->name);
- if (!sb_meter) {
- sb_meter = sbrec_meter_insert(ctx->ovnsb_txn);
- sbrec_meter_set_name(sb_meter, nb_meter->name);
- new_sb_meter = true;
- }
-
- if (new_sb_meter || bands_need_update(nb_meter, sb_meter)) {
- struct sbrec_meter_band **sb_bands;
- sb_bands = xcalloc(nb_meter->n_bands, sizeof *sb_bands);
- for (size_t i = 0; i < nb_meter->n_bands; i++) {
- const struct nbrec_meter_band *nb_band = nb_meter->bands[i];
-
- sb_bands[i] = sbrec_meter_band_insert(ctx->ovnsb_txn);
-
- sbrec_meter_band_set_action(sb_bands[i], nb_band->action);
- sbrec_meter_band_set_rate(sb_bands[i], nb_band->rate);
- sbrec_meter_band_set_burst_size(sb_bands[i],
- nb_band->burst_size);
- }
- sbrec_meter_set_bands(sb_meter, sb_bands, nb_meter->n_bands);
- free(sb_bands);
- }
-
- sbrec_meter_set_unit(sb_meter, nb_meter->unit);
- }
-
- struct shash_node *node, *next;
- SHASH_FOR_EACH_SAFE (node, next, &sb_meters) {
- sbrec_meter_delete(node->data);
- shash_delete(&sb_meters, node);
- }
- shash_destroy(&sb_meters);
-}
-
-/*
- * struct 'dns_info' is used to sync the DNS records between OVN Northbound db
- * and Southbound db.
- */
-struct dns_info {
- struct hmap_node hmap_node;
- const struct nbrec_dns *nb_dns; /* DNS record in the Northbound db. */
- const struct sbrec_dns *sb_dns; /* DNS record in the Soutbound db. */
-
- /* Datapaths to which the DNS entry is associated with it. */
- const struct sbrec_datapath_binding **sbs;
- size_t n_sbs;
-};
-
-static inline struct dns_info *
-get_dns_info_from_hmap(struct hmap *dns_map, struct uuid *uuid)
-{
- struct dns_info *dns_info;
- size_t hash = uuid_hash(uuid);
- HMAP_FOR_EACH_WITH_HASH (dns_info, hmap_node, hash, dns_map) {
- if (uuid_equals(&dns_info->nb_dns->header_.uuid, uuid)) {
- return dns_info;
- }
- }
-
- return NULL;
-}
-
-static void
-sync_dns_entries(struct northd_context *ctx, struct hmap *datapaths)
-{
- struct hmap dns_map = HMAP_INITIALIZER(&dns_map);
- struct ovn_datapath *od;
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs || !od->nbs->n_dns_records) {
- continue;
- }
-
- for (size_t i = 0; i < od->nbs->n_dns_records; i++) {
- struct dns_info *dns_info = get_dns_info_from_hmap(
- &dns_map, &od->nbs->dns_records[i]->header_.uuid);
- if (!dns_info) {
- size_t hash = uuid_hash(
- &od->nbs->dns_records[i]->header_.uuid);
- dns_info = xzalloc(sizeof *dns_info);;
- dns_info->nb_dns = od->nbs->dns_records[i];
- hmap_insert(&dns_map, &dns_info->hmap_node, hash);
- }
-
- dns_info->n_sbs++;
- dns_info->sbs = xrealloc(dns_info->sbs,
- dns_info->n_sbs * sizeof *dns_info->sbs);
- dns_info->sbs[dns_info->n_sbs - 1] = od->sb;
- }
- }
-
- const struct sbrec_dns *sbrec_dns, *next;
- SBREC_DNS_FOR_EACH_SAFE (sbrec_dns, next, ctx->ovnsb_idl) {
- const char *nb_dns_uuid = smap_get(&sbrec_dns->external_ids, "dns_id");
- struct uuid dns_uuid;
- if (!nb_dns_uuid || !uuid_from_string(&dns_uuid, nb_dns_uuid)) {
- sbrec_dns_delete(sbrec_dns);
- continue;
- }
-
- struct dns_info *dns_info =
- get_dns_info_from_hmap(&dns_map, &dns_uuid);
- if (dns_info) {
- dns_info->sb_dns = sbrec_dns;
- } else {
- sbrec_dns_delete(sbrec_dns);
- }
- }
-
- struct dns_info *dns_info;
- HMAP_FOR_EACH_POP (dns_info, hmap_node, &dns_map) {
- if (!dns_info->sb_dns) {
- sbrec_dns = sbrec_dns_insert(ctx->ovnsb_txn);
- dns_info->sb_dns = sbrec_dns;
- char *dns_id = xasprintf(
- UUID_FMT, UUID_ARGS(&dns_info->nb_dns->header_.uuid));
- const struct smap external_ids =
- SMAP_CONST1(&external_ids, "dns_id", dns_id);
- sbrec_dns_set_external_ids(sbrec_dns, &external_ids);
- free(dns_id);
- }
-
- /* Set the datapaths and records. If nothing has changed, then
- * this will be a no-op.
- */
- sbrec_dns_set_datapaths(
- dns_info->sb_dns,
- (struct sbrec_datapath_binding **)dns_info->sbs,
- dns_info->n_sbs);
- sbrec_dns_set_records(dns_info->sb_dns, &dns_info->nb_dns->records);
- free(dns_info->sbs);
- free(dns_info);
- }
- hmap_destroy(&dns_map);
-}
-
-static void
-destroy_datapaths_and_ports(struct hmap *datapaths, struct hmap *ports,
- struct ovs_list *lr_list)
-{
- struct ovn_datapath *router_dp;
- LIST_FOR_EACH_POP (router_dp, lr_list, lr_list) {
- if (router_dp->lr_group) {
- struct lrouter_group *lr_group = router_dp->lr_group;
-
- for (size_t i = 0; i < lr_group->n_router_dps; i++) {
- lr_group->router_dps[i]->lr_group = NULL;
- }
-
- free(lr_group->router_dps);
- sset_destroy(&lr_group->ha_chassis_groups);
- free(lr_group);
- }
- }
-
- struct ovn_datapath *dp, *next_dp;
- HMAP_FOR_EACH_SAFE (dp, next_dp, key_node, datapaths) {
- ovn_datapath_destroy(datapaths, dp);
- }
- hmap_destroy(datapaths);
-
- struct ovn_port *port, *next_port;
- HMAP_FOR_EACH_SAFE (port, next_port, key_node, ports) {
- ovn_port_destroy(ports, port);
- }
- hmap_destroy(ports);
-}
-
-static void
-build_ip_mcast(struct northd_context *ctx, struct hmap *datapaths)
-{
- struct ovn_datapath *od;
-
- HMAP_FOR_EACH (od, key_node, datapaths) {
- if (!od->nbs) {
- continue;
- }
-
- const struct sbrec_ip_multicast *ip_mcast =
- ip_mcast_lookup(ctx->sbrec_ip_mcast_by_dp, od->sb);
-
- if (!ip_mcast) {
- ip_mcast = sbrec_ip_multicast_insert(ctx->ovnsb_txn);
- }
- store_mcast_info_for_datapath(ip_mcast, od);
- }
-
- /* Delete southbound records without northbound matches. */
- const struct sbrec_ip_multicast *sb, *sb_next;
-
- SBREC_IP_MULTICAST_FOR_EACH_SAFE (sb, sb_next, ctx->ovnsb_idl) {
- if (!sb->datapath ||
- !ovn_datapath_from_sbrec(datapaths, sb->datapath)) {
- sbrec_ip_multicast_delete(sb);
- }
- }
-}
-
-static void
-build_mcast_groups(struct northd_context *ctx,
- struct hmap *datapaths, struct hmap *ports,
- struct hmap *mcast_groups,
- struct hmap *igmp_groups)
-{
- struct ovn_port *op;
-
- hmap_init(mcast_groups);
- hmap_init(igmp_groups);
-
- HMAP_FOR_EACH (op, key_node, ports) {
- if (!op->nbsp) {
- continue;
- }
-
- if (lsp_is_enabled(op->nbsp)) {
- ovn_multicast_add(mcast_groups, &mc_flood, op);
- }
- }
-
- const struct sbrec_igmp_group *sb_igmp, *sb_igmp_next;
-
- SBREC_IGMP_GROUP_FOR_EACH_SAFE (sb_igmp, sb_igmp_next, ctx->ovnsb_idl) {
- /* If this is a stale group (e.g., controller had crashed,
- * purge it).
- */
- if (!sb_igmp->chassis || !sb_igmp->datapath) {
- sbrec_igmp_group_delete(sb_igmp);
- continue;
- }
-
- /* If the datapath value is stale, purge the group. */
- struct ovn_datapath *od =
- ovn_datapath_from_sbrec(datapaths, sb_igmp->datapath);
- if (!od) {
- sbrec_igmp_group_delete(sb_igmp);
- continue;
- }
-
- /* Add the IGMP group entry. Will also try to allocate an ID for it
- * if the multicast group already exists.
- */
- ovn_igmp_group_add(ctx, igmp_groups, od, sb_igmp);
- }
-
- /* Walk the aggregated IGMP groups and allocate IDs for new entries.
- * Then store the ports in the associated multicast group.
- */
- struct ovn_igmp_group *igmp_group, *igmp_group_next;
- HMAP_FOR_EACH_SAFE (igmp_group, igmp_group_next, hmap_node, igmp_groups) {
- if (igmp_group->mcgroup.key == 0) {
- struct mcast_info *mcast_info = &igmp_group->datapath->mcast_info;
- igmp_group->mcgroup.key = ovn_mcast_group_allocate_key(mcast_info);
- }
-
- /* If we ran out of keys just destroy the entry. */
- if (igmp_group->mcgroup.key == 0) {
- ovn_igmp_group_destroy(igmp_groups, igmp_group);
- continue;
- }
-
- /* Aggregate the ports from all SB entries corresponding to this
- * group.
- */
- ovn_igmp_group_aggregate_ports(igmp_group, ports, mcast_groups);
- }
-}
-
-static void
-ovnnb_db_run(struct northd_context *ctx,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- struct ovsdb_idl_loop *sb_loop,
- struct hmap *datapaths, struct hmap *ports,
- struct ovs_list *lr_list)
-{
- if (!ctx->ovnsb_txn || !ctx->ovnnb_txn) {
- return;
- }
- struct hmap port_groups;
- struct hmap mcast_groups;
- struct hmap igmp_groups;
-
- build_datapaths(ctx, datapaths, lr_list);
- build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
- build_ipam(datapaths, ports);
- build_port_group_lswitches(ctx, &port_groups, ports);
- build_lrouter_groups(ports, lr_list);
- build_ip_mcast(ctx, datapaths);
- build_mcast_groups(ctx, datapaths, ports, &mcast_groups, &igmp_groups);
- build_lflows(ctx, datapaths, ports, &port_groups, &mcast_groups,
- &igmp_groups);
-
- sync_address_sets(ctx);
- sync_port_groups(ctx);
- sync_meters(ctx);
- sync_dns_entries(ctx, datapaths);
-
- struct ovn_igmp_group *igmp_group, *next_igmp_group;
-
- HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, &igmp_groups) {
- ovn_igmp_group_destroy(&igmp_groups, igmp_group);
- }
-
- struct ovn_port_group *pg, *next_pg;
- HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, &port_groups) {
- ovn_port_group_destroy(&port_groups, pg);
- }
- hmap_destroy(&igmp_groups);
- hmap_destroy(&mcast_groups);
- hmap_destroy(&port_groups);
-
- /* Sync ipsec configuration.
- * Copy nb_cfg from northbound to southbound database.
- * Also set up to update sb_cfg once our southbound transaction commits. */
- const struct nbrec_nb_global *nb = nbrec_nb_global_first(ctx->ovnnb_idl);
- if (!nb) {
- nb = nbrec_nb_global_insert(ctx->ovnnb_txn);
- }
- const struct sbrec_sb_global *sb = sbrec_sb_global_first(ctx->ovnsb_idl);
- if (!sb) {
- sb = sbrec_sb_global_insert(ctx->ovnsb_txn);
- }
- if (nb->ipsec != sb->ipsec) {
- sbrec_sb_global_set_ipsec(sb, nb->ipsec);
- }
- sbrec_sb_global_set_nb_cfg(sb, nb->nb_cfg);
- sbrec_sb_global_set_options(sb, &nb->options);
- sb_loop->next_cfg = nb->nb_cfg;
-
- const char *mac_addr_prefix = smap_get(&nb->options, "mac_prefix");
- if (mac_addr_prefix) {
- struct eth_addr addr;
-
- memset(&addr, 0, sizeof addr);
- if (ovs_scan(mac_addr_prefix, "%"SCNx8":%"SCNx8":%"SCNx8,
- &addr.ea[0], &addr.ea[1], &addr.ea[2])) {
- mac_prefix = addr;
- }
- } else {
- struct smap options;
-
- smap_clone(&options, &nb->options);
- eth_addr_random(&mac_prefix);
- memset(&mac_prefix.ea[3], 0, 3);
-
- smap_add_format(&options, "mac_prefix",
- "%02"PRIx8":%02"PRIx8":%02"PRIx8,
- mac_prefix.ea[0], mac_prefix.ea[1], mac_prefix.ea[2]);
- nbrec_nb_global_verify_options(nb);
- nbrec_nb_global_set_options(nb, &options);
-
- smap_destroy(&options);
- }
-
- controller_event_en = smap_get_bool(&nb->options,
- "controller_event", false);
-
- cleanup_macam(&macam);
-}
-
-/* Stores the list of chassis which references an ha_chassis_group.
- */
-struct ha_ref_chassis_info {
- const struct sbrec_ha_chassis_group *ha_chassis_group;
- struct sbrec_chassis **ref_chassis;
- size_t n_ref_chassis;
- size_t free_slots;
-};
-
-static void
-add_to_ha_ref_chassis_info(struct ha_ref_chassis_info *ref_ch_info,
- const struct sbrec_chassis *chassis)
-{
- for (size_t j = 0; j < ref_ch_info->n_ref_chassis; j++) {
- if (ref_ch_info->ref_chassis[j] == chassis) {
- return;
- }
- }
-
- /* Allocate space for 3 chassis at a time. */
- if (!ref_ch_info->free_slots) {
- ref_ch_info->ref_chassis =
- xrealloc(ref_ch_info->ref_chassis,
- sizeof *ref_ch_info->ref_chassis *
- (ref_ch_info->n_ref_chassis + 3));
- ref_ch_info->free_slots = 3;
- }
-
- ref_ch_info->ref_chassis[ref_ch_info->n_ref_chassis] =
- CONST_CAST(struct sbrec_chassis *, chassis);
- ref_ch_info->n_ref_chassis++;
- ref_ch_info->free_slots--;
-}
-
-static void
-update_sb_ha_group_ref_chassis(struct shash *ha_ref_chassis_map)
-{
- struct shash_node *node, *next;
- SHASH_FOR_EACH_SAFE (node, next, ha_ref_chassis_map) {
- struct ha_ref_chassis_info *ha_ref_info = node->data;
- sbrec_ha_chassis_group_set_ref_chassis(ha_ref_info->ha_chassis_group,
- ha_ref_info->ref_chassis,
- ha_ref_info->n_ref_chassis);
- free(ha_ref_info->ref_chassis);
- free(ha_ref_info);
- shash_delete(ha_ref_chassis_map, node);
- }
-}
-
-/* This function checks if the port binding 'sb' references
- * a HA chassis group.
- * Eg. Suppose a distributed logical router port - lr0-public
- * uses an HA chassis group - hagrp1 and if hagrp1 has 3 ha
- * chassis - gw1, gw2 and gw3.
- * Or
- * If the distributed logical router port - lr0-public has
- * 3 gateway chassis - gw1, gw2 and gw3.
- * ovn-northd creates ha chassis group - hagrp1 in SB DB
- * and adds gw1, gw2 and gw3 to its ha_chassis list.
- *
- * If port binding 'sb' represents a logical switch port 'p1'
- * and its logical switch is connected to the logical router
- * 'lr0' directly or indirectly (i.e p1's logical switch is
- * connected to a router 'lr1' and 'lr1' has a path to lr0 via
- * transit logical switches) and 'sb' is claimed by chassis - 'c1' then
- * this function adds c1 to the list of the reference chassis
- * - 'ref_chassis' of hagrp1.
- */
-static void
-build_ha_chassis_group_ref_chassis(struct northd_context *ctx,
- const struct sbrec_port_binding *sb,
- struct ovn_port *op,
- struct shash *ha_ref_chassis_map)
-{
- struct lrouter_group *lr_group = NULL;
- for (size_t i = 0; i < op->od->n_router_ports; i++) {
- if (!op->od->router_ports[i]->peer) {
- continue;
- }
-
- lr_group = op->od->router_ports[i]->peer->od->lr_group;
- /* If a logical switch has multiple router ports, then
- * all the logical routers belong to the same logical
- * router group. */
- break;
- }
-
- if (!lr_group) {
- return;
- }
-
- const char *ha_group_name;
- SSET_FOR_EACH (ha_group_name, &lr_group->ha_chassis_groups) {
- const struct sbrec_ha_chassis_group *sb_ha_chassis_grp;
- sb_ha_chassis_grp = ha_chassis_group_lookup_by_name(
- ctx->sbrec_ha_chassis_grp_by_name, ha_group_name);
-
- if (sb_ha_chassis_grp) {
- struct ha_ref_chassis_info *ref_ch_info =
- shash_find_data(ha_ref_chassis_map, sb_ha_chassis_grp->name);
- ovs_assert(ref_ch_info);
- add_to_ha_ref_chassis_info(ref_ch_info, sb->chassis);
- }
- }
-}
-
-/* Handle changes to the 'chassis' column of the 'Port_Binding' table. When
- * this column is not empty, it means we need to set the corresponding logical
- * port as 'up' in the northbound DB. */
-static void
-handle_port_binding_changes(struct northd_context *ctx, struct hmap *ports,
- struct shash *ha_ref_chassis_map)
-{
- const struct sbrec_port_binding *sb;
- bool build_ha_chassis_ref = false;
- if (ctx->ovnsb_txn) {
- const struct sbrec_ha_chassis_group *ha_ch_grp;
- SBREC_HA_CHASSIS_GROUP_FOR_EACH (ha_ch_grp, ctx->ovnsb_idl) {
- struct ha_ref_chassis_info *ref_ch_info =
- xzalloc(sizeof *ref_ch_info);
- ref_ch_info->ha_chassis_group = ha_ch_grp;
- build_ha_chassis_ref = true;
- shash_add(ha_ref_chassis_map, ha_ch_grp->name, ref_ch_info);
- }
- }
-
- SBREC_PORT_BINDING_FOR_EACH(sb, ctx->ovnsb_idl) {
- struct ovn_port *op = ovn_port_find(ports, sb->logical_port);
-
- if (!op || !op->nbsp) {
- /* The logical port doesn't exist for this port binding. This can
- * happen under normal circumstances when ovn-northd hasn't gotten
- * around to pruning the Port_Binding yet. */
- continue;
- }
-
- bool up = (sb->chassis || !strcmp(op->nbsp->type, "router"));
- if (!op->nbsp->up || *op->nbsp->up != up) {
- nbrec_logical_switch_port_set_up(op->nbsp, &up, 1);
- }
-
- if (build_ha_chassis_ref && ctx->ovnsb_txn && sb->chassis) {
- /* Check and add the chassis which has claimed this 'sb'
- * to the ha chassis group's ref_chassis if required. */
- build_ha_chassis_group_ref_chassis(ctx, sb, op,
- ha_ref_chassis_map);
- }
- }
-}
-
-static struct gen_opts_map supported_dhcp_opts[] = {
- OFFERIP,
- DHCP_OPT_NETMASK,
- DHCP_OPT_ROUTER,
- DHCP_OPT_DNS_SERVER,
- DHCP_OPT_LOG_SERVER,
- DHCP_OPT_LPR_SERVER,
- DHCP_OPT_SWAP_SERVER,
- DHCP_OPT_POLICY_FILTER,
- DHCP_OPT_ROUTER_SOLICITATION,
- DHCP_OPT_NIS_SERVER,
- DHCP_OPT_NTP_SERVER,
- DHCP_OPT_SERVER_ID,
- DHCP_OPT_TFTP_SERVER,
- DHCP_OPT_CLASSLESS_STATIC_ROUTE,
- DHCP_OPT_MS_CLASSLESS_STATIC_ROUTE,
- DHCP_OPT_IP_FORWARD_ENABLE,
- DHCP_OPT_ROUTER_DISCOVERY,
- DHCP_OPT_ETHERNET_ENCAP,
- DHCP_OPT_DEFAULT_TTL,
- DHCP_OPT_TCP_TTL,
- DHCP_OPT_MTU,
- DHCP_OPT_LEASE_TIME,
- DHCP_OPT_T1,
- DHCP_OPT_T2,
- DHCP_OPT_WPAD,
- DHCP_OPT_BOOTFILE,
- DHCP_OPT_PATH_PREFIX,
- DHCP_OPT_TFTP_SERVER_ADDRESS,
- DHCP_OPT_DOMAIN_NAME,
-};
-
-static struct gen_opts_map supported_dhcpv6_opts[] = {
- DHCPV6_OPT_IA_ADDR,
- DHCPV6_OPT_SERVER_ID,
- DHCPV6_OPT_DOMAIN_SEARCH,
- DHCPV6_OPT_DNS_SERVER
-};
-
-static void
-check_and_add_supported_dhcp_opts_to_sb_db(struct northd_context *ctx)
-{
- struct hmap dhcp_opts_to_add = HMAP_INITIALIZER(&dhcp_opts_to_add);
- for (size_t i = 0; (i < sizeof(supported_dhcp_opts) /
- sizeof(supported_dhcp_opts[0])); i++) {
- hmap_insert(&dhcp_opts_to_add, &supported_dhcp_opts[i].hmap_node,
- dhcp_opt_hash(supported_dhcp_opts[i].name));
- }
-
- const struct sbrec_dhcp_options *opt_row, *opt_row_next;
- SBREC_DHCP_OPTIONS_FOR_EACH_SAFE(opt_row, opt_row_next, ctx->ovnsb_idl) {
- struct gen_opts_map *dhcp_opt =
- dhcp_opts_find(&dhcp_opts_to_add, opt_row->name);
- if (dhcp_opt) {
- hmap_remove(&dhcp_opts_to_add, &dhcp_opt->hmap_node);
- } else {
- sbrec_dhcp_options_delete(opt_row);
- }
- }
-
- struct gen_opts_map *opt;
- HMAP_FOR_EACH (opt, hmap_node, &dhcp_opts_to_add) {
- struct sbrec_dhcp_options *sbrec_dhcp_option =
- sbrec_dhcp_options_insert(ctx->ovnsb_txn);
- sbrec_dhcp_options_set_name(sbrec_dhcp_option, opt->name);
- sbrec_dhcp_options_set_code(sbrec_dhcp_option, opt->code);
- sbrec_dhcp_options_set_type(sbrec_dhcp_option, opt->type);
- }
-
- hmap_destroy(&dhcp_opts_to_add);
-}
-
-static void
-check_and_add_supported_dhcpv6_opts_to_sb_db(struct northd_context *ctx)
-{
- struct hmap dhcpv6_opts_to_add = HMAP_INITIALIZER(&dhcpv6_opts_to_add);
- for (size_t i = 0; (i < sizeof(supported_dhcpv6_opts) /
- sizeof(supported_dhcpv6_opts[0])); i++) {
- hmap_insert(&dhcpv6_opts_to_add, &supported_dhcpv6_opts[i].hmap_node,
- dhcp_opt_hash(supported_dhcpv6_opts[i].name));
- }
-
- const struct sbrec_dhcpv6_options *opt_row, *opt_row_next;
- SBREC_DHCPV6_OPTIONS_FOR_EACH_SAFE(opt_row, opt_row_next, ctx->ovnsb_idl) {
- struct gen_opts_map *dhcp_opt =
- dhcp_opts_find(&dhcpv6_opts_to_add, opt_row->name);
- if (dhcp_opt) {
- hmap_remove(&dhcpv6_opts_to_add, &dhcp_opt->hmap_node);
- } else {
- sbrec_dhcpv6_options_delete(opt_row);
- }
- }
-
- struct gen_opts_map *opt;
- HMAP_FOR_EACH(opt, hmap_node, &dhcpv6_opts_to_add) {
- struct sbrec_dhcpv6_options *sbrec_dhcpv6_option =
- sbrec_dhcpv6_options_insert(ctx->ovnsb_txn);
- sbrec_dhcpv6_options_set_name(sbrec_dhcpv6_option, opt->name);
- sbrec_dhcpv6_options_set_code(sbrec_dhcpv6_option, opt->code);
- sbrec_dhcpv6_options_set_type(sbrec_dhcpv6_option, opt->type);
- }
-
- hmap_destroy(&dhcpv6_opts_to_add);
-}
-
-static const char *rbac_chassis_auth[] =
- {"name"};
-static const char *rbac_chassis_update[] =
- {"nb_cfg", "external_ids", "encaps", "vtep_logical_switches"};
-
-static const char *rbac_encap_auth[] =
- {"chassis_name"};
-static const char *rbac_encap_update[] =
- {"type", "options", "ip"};
-
-static const char *rbac_port_binding_auth[] =
- {""};
-static const char *rbac_port_binding_update[] =
- {"chassis"};
-
-static const char *rbac_mac_binding_auth[] =
- {""};
-static const char *rbac_mac_binding_update[] =
- {"logical_port", "ip", "mac", "datapath"};
-
-static struct rbac_perm_cfg {
- const char *table;
- const char **auth;
- int n_auth;
- bool insdel;
- const char **update;
- int n_update;
- const struct sbrec_rbac_permission *row;
-} rbac_perm_cfg[] = {
- {
- .table = "Chassis",
- .auth = rbac_chassis_auth,
- .n_auth = ARRAY_SIZE(rbac_chassis_auth),
- .insdel = true,
- .update = rbac_chassis_update,
- .n_update = ARRAY_SIZE(rbac_chassis_update),
- .row = NULL
- },{
- .table = "Encap",
- .auth = rbac_encap_auth,
- .n_auth = ARRAY_SIZE(rbac_encap_auth),
- .insdel = true,
- .update = rbac_encap_update,
- .n_update = ARRAY_SIZE(rbac_encap_update),
- .row = NULL
- },{
- .table = "Port_Binding",
- .auth = rbac_port_binding_auth,
- .n_auth = ARRAY_SIZE(rbac_port_binding_auth),
- .insdel = false,
- .update = rbac_port_binding_update,
- .n_update = ARRAY_SIZE(rbac_port_binding_update),
- .row = NULL
- },{
- .table = "MAC_Binding",
- .auth = rbac_mac_binding_auth,
- .n_auth = ARRAY_SIZE(rbac_mac_binding_auth),
- .insdel = true,
- .update = rbac_mac_binding_update,
- .n_update = ARRAY_SIZE(rbac_mac_binding_update),
- .row = NULL
- },{
- .table = NULL,
- .auth = NULL,
- .n_auth = 0,
- .insdel = false,
- .update = NULL,
- .n_update = 0,
- .row = NULL
- }
-};
-
-static bool
-ovn_rbac_validate_perm(const struct sbrec_rbac_permission *perm)
-{
- struct rbac_perm_cfg *pcfg;
- int i, j, n_found;
-
- for (pcfg = rbac_perm_cfg; pcfg->table; pcfg++) {
- if (!strcmp(perm->table, pcfg->table)) {
- break;
- }
- }
- if (!pcfg->table) {
- return false;
- }
- if (perm->n_authorization != pcfg->n_auth ||
- perm->n_update != pcfg->n_update) {
- return false;
- }
- if (perm->insert_delete != pcfg->insdel) {
- return false;
- }
- /* verify perm->authorization vs. pcfg->auth */
- n_found = 0;
- for (i = 0; i < pcfg->n_auth; i++) {
- for (j = 0; j < perm->n_authorization; j++) {
- if (!strcmp(pcfg->auth[i], perm->authorization[j])) {
- n_found++;
- break;
- }
- }
- }
- if (n_found != pcfg->n_auth) {
- return false;
- }
-
- /* verify perm->update vs. pcfg->update */
- n_found = 0;
- for (i = 0; i < pcfg->n_update; i++) {
- for (j = 0; j < perm->n_update; j++) {
- if (!strcmp(pcfg->update[i], perm->update[j])) {
- n_found++;
- break;
- }
- }
- }
- if (n_found != pcfg->n_update) {
- return false;
- }
-
- /* Success, db state matches expected state */
- pcfg->row = perm;
- return true;
-}
-
-static void
-ovn_rbac_create_perm(struct rbac_perm_cfg *pcfg,
- struct northd_context *ctx,
- const struct sbrec_rbac_role *rbac_role)
-{
- struct sbrec_rbac_permission *rbac_perm;
-
- rbac_perm = sbrec_rbac_permission_insert(ctx->ovnsb_txn);
- sbrec_rbac_permission_set_table(rbac_perm, pcfg->table);
- sbrec_rbac_permission_set_authorization(rbac_perm,
- pcfg->auth,
- pcfg->n_auth);
- sbrec_rbac_permission_set_insert_delete(rbac_perm, pcfg->insdel);
- sbrec_rbac_permission_set_update(rbac_perm,
- pcfg->update,
- pcfg->n_update);
- sbrec_rbac_role_update_permissions_setkey(rbac_role, pcfg->table,
- rbac_perm);
-}
-
-static void
-check_and_update_rbac(struct northd_context *ctx)
-{
- const struct sbrec_rbac_role *rbac_role = NULL;
- const struct sbrec_rbac_permission *perm_row, *perm_next;
- const struct sbrec_rbac_role *role_row, *role_row_next;
- struct rbac_perm_cfg *pcfg;
-
- for (pcfg = rbac_perm_cfg; pcfg->table; pcfg++) {
- pcfg->row = NULL;
- }
-
- SBREC_RBAC_PERMISSION_FOR_EACH_SAFE (perm_row, perm_next, ctx->ovnsb_idl) {
- if (!ovn_rbac_validate_perm(perm_row)) {
- sbrec_rbac_permission_delete(perm_row);
- }
- }
- SBREC_RBAC_ROLE_FOR_EACH_SAFE (role_row, role_row_next, ctx->ovnsb_idl) {
- if (strcmp(role_row->name, "ovn-controller")) {
- sbrec_rbac_role_delete(role_row);
- } else {
- rbac_role = role_row;
- }
- }
-
- if (!rbac_role) {
- rbac_role = sbrec_rbac_role_insert(ctx->ovnsb_txn);
- sbrec_rbac_role_set_name(rbac_role, "ovn-controller");
- }
-
- for (pcfg = rbac_perm_cfg; pcfg->table; pcfg++) {
- if (!pcfg->row) {
- ovn_rbac_create_perm(pcfg, ctx, rbac_role);
- }
- }
-}
-
-/* Updates the sb_cfg and hv_cfg columns in the northbound NB_Global table. */
-static void
-update_northbound_cfg(struct northd_context *ctx,
- struct ovsdb_idl_loop *sb_loop)
-{
- /* Update northbound sb_cfg if appropriate. */
- const struct nbrec_nb_global *nbg = nbrec_nb_global_first(ctx->ovnnb_idl);
- int64_t sb_cfg = sb_loop->cur_cfg;
- if (nbg && sb_cfg && nbg->sb_cfg != sb_cfg) {
- nbrec_nb_global_set_sb_cfg(nbg, sb_cfg);
- }
-
- /* Update northbound hv_cfg if appropriate. */
- if (nbg) {
- /* Find minimum nb_cfg among all chassis. */
- const struct sbrec_chassis *chassis;
- int64_t hv_cfg = nbg->nb_cfg;
- SBREC_CHASSIS_FOR_EACH (chassis, ctx->ovnsb_idl) {
- if (chassis->nb_cfg < hv_cfg) {
- hv_cfg = chassis->nb_cfg;
- }
- }
-
- /* Update hv_cfg. */
- if (nbg->hv_cfg != hv_cfg) {
- nbrec_nb_global_set_hv_cfg(nbg, hv_cfg);
- }
- }
-}
-
-/* Handle a fairly small set of changes in the southbound database. */
-static void
-ovnsb_db_run(struct northd_context *ctx, struct ovsdb_idl_loop *sb_loop,
- struct hmap *ports)
-{
- if (!ctx->ovnnb_txn || !ovsdb_idl_has_ever_connected(ctx->ovnsb_idl)) {
- return;
- }
-
- struct shash ha_ref_chassis_map = SHASH_INITIALIZER(&ha_ref_chassis_map);
- handle_port_binding_changes(ctx, ports, &ha_ref_chassis_map);
- update_northbound_cfg(ctx, sb_loop);
- if (ctx->ovnsb_txn) {
- update_sb_ha_group_ref_chassis(&ha_ref_chassis_map);
- }
- shash_destroy(&ha_ref_chassis_map);
-}
-
-static void
-ovn_db_run(struct northd_context *ctx,
- struct ovsdb_idl_index *sbrec_chassis_by_name,
- struct ovsdb_idl_loop *ovnsb_idl_loop)
-{
- struct hmap datapaths, ports;
- struct ovs_list lr_list;
- ovs_list_init(&lr_list);
- hmap_init(&datapaths);
- hmap_init(&ports);
- ovnnb_db_run(ctx, sbrec_chassis_by_name, ovnsb_idl_loop,
- &datapaths, &ports, &lr_list);
- ovnsb_db_run(ctx, ovnsb_idl_loop, &ports);
- destroy_datapaths_and_ports(&datapaths, &ports, &lr_list);
-}
-
-static void
-parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED)
-{
- enum {
- DAEMON_OPTION_ENUMS,
- VLOG_OPTION_ENUMS,
- SSL_OPTION_ENUMS,
- };
- static const struct option long_options[] = {
- {"ovnsb-db", required_argument, NULL, 'd'},
- {"ovnnb-db", required_argument, NULL, 'D'},
- {"unixctl", required_argument, NULL, 'u'},
- {"help", no_argument, NULL, 'h'},
- {"options", no_argument, NULL, 'o'},
- {"version", no_argument, NULL, 'V'},
- DAEMON_LONG_OPTIONS,
- VLOG_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS,
- {NULL, 0, NULL, 0},
- };
- char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
-
- for (;;) {
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, NULL);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- DAEMON_OPTION_HANDLERS;
- VLOG_OPTION_HANDLERS;
- STREAM_SSL_OPTION_HANDLERS;
-
- case 'd':
- ovnsb_db = optarg;
- break;
-
- case 'D':
- ovnnb_db = optarg;
- break;
-
- case 'u':
- unixctl_path = optarg;
- break;
-
- case 'h':
- usage();
- exit(EXIT_SUCCESS);
-
- case 'o':
- ovs_cmdl_print_options(long_options);
- exit(EXIT_SUCCESS);
-
- case 'V':
- ovs_print_version(0, 0);
- exit(EXIT_SUCCESS);
-
- default:
- break;
- }
- }
-
- if (!ovnsb_db) {
- ovnsb_db = default_sb_db();
- }
-
- if (!ovnnb_db) {
- ovnnb_db = default_nb_db();
- }
-
- free(short_options);
-}
-
-static void
-add_column_noalert(struct ovsdb_idl *idl,
- const struct ovsdb_idl_column *column)
-{
- ovsdb_idl_add_column(idl, column);
- ovsdb_idl_omit_alert(idl, column);
-}
-
-int
-main(int argc, char *argv[])
-{
- int res = EXIT_SUCCESS;
- struct unixctl_server *unixctl;
- int retval;
- bool exiting;
-
- fatal_ignore_sigpipe();
- ovs_cmdl_proctitle_init(argc, argv);
- set_program_name(argv[0]);
- service_start(&argc, &argv);
- parse_options(argc, argv);
-
- daemonize_start(false);
-
- retval = unixctl_server_create(unixctl_path, &unixctl);
- if (retval) {
- exit(EXIT_FAILURE);
- }
- unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, &exiting);
-
- daemonize_complete();
-
- /* We want to detect (almost) all changes to the ovn-nb db. */
- struct ovsdb_idl_loop ovnnb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create(ovnnb_db, &nbrec_idl_class, true, true));
- ovsdb_idl_omit_alert(ovnnb_idl_loop.idl, &nbrec_nb_global_col_sb_cfg);
- ovsdb_idl_omit_alert(ovnnb_idl_loop.idl, &nbrec_nb_global_col_hv_cfg);
-
- /* We want to detect only selected changes to the ovn-sb db. */
- struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
- ovsdb_idl_create(ovnsb_db, &sbrec_idl_class, false, true));
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_sb_global);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_sb_global_col_nb_cfg);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_sb_global_col_options);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_sb_global_col_ipsec);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_logical_flow);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_logical_flow_col_logical_datapath);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_pipeline);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_table_id);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_priority);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_match);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_logical_flow_col_actions);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_multicast_group);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_multicast_group_col_datapath);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_multicast_group_col_tunnel_key);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_multicast_group_col_name);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_multicast_group_col_ports);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_datapath_binding);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_datapath_binding_col_tunnel_key);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_datapath_binding_col_external_ids);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_port_binding);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_binding_col_datapath);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_logical_port);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_tunnel_key);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_parent_port);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_binding_col_tag);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_binding_col_type);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_binding_col_options);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_binding_col_mac);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_nat_addresses);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_port_binding_col_chassis);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_gateway_chassis);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_ha_chassis_group);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_gateway_chassis_col_chassis);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_gateway_chassis_col_name);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_gateway_chassis_col_priority);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_gateway_chassis_col_external_ids);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl,
- &sbrec_gateway_chassis_col_options);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_port_binding_col_external_ids);
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_mac_binding);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_mac_binding_col_datapath);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_mac_binding_col_ip);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_mac_binding_col_mac);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_mac_binding_col_logical_port);
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_dhcp_options);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcp_options_col_code);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcp_options_col_type);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcp_options_col_name);
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_dhcpv6_options);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcpv6_options_col_code);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcpv6_options_col_type);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dhcpv6_options_col_name);
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_address_set);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_address_set_col_name);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_address_set_col_addresses);
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_port_group);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_group_col_name);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_port_group_col_ports);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_dns);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dns_col_datapaths);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dns_col_records);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_dns_col_external_ids);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_rbac_role);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_rbac_role_col_name);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_rbac_role_col_permissions);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_rbac_permission);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_rbac_permission_col_table);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_rbac_permission_col_authorization);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_rbac_permission_col_insert_delete);
- add_column_noalert(ovnsb_idl_loop.idl, &sbrec_rbac_permission_col_update);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_meter);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_col_name);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_col_unit);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_col_bands);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_meter_band);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_band_col_action);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_band_col_rate);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_meter_band_col_burst_size);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_chassis);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_chassis_col_nb_cfg);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_chassis_col_name);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_ha_chassis);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_col_chassis);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_col_priority);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_col_external_ids);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_ha_chassis_group);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_group_col_name);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_group_col_ha_chassis);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_group_col_external_ids);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ha_chassis_group_col_ref_chassis);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_igmp_group);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_igmp_group_col_address);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_igmp_group_col_datapath);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_igmp_group_col_chassis);
- ovsdb_idl_add_column(ovnsb_idl_loop.idl, &sbrec_igmp_group_col_ports);
-
- ovsdb_idl_add_table(ovnsb_idl_loop.idl, &sbrec_table_ip_multicast);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_datapath);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_enabled);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_querier);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_eth_src);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_ip4_src);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_table_size);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_idle_timeout);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_query_interval);
- add_column_noalert(ovnsb_idl_loop.idl,
- &sbrec_ip_multicast_col_query_max_resp);
-
- struct ovsdb_idl_index *sbrec_chassis_by_name
- = chassis_index_create(ovnsb_idl_loop.idl);
-
- struct ovsdb_idl_index *sbrec_ha_chassis_grp_by_name
- = ha_chassis_group_index_create(ovnsb_idl_loop.idl);
-
- struct ovsdb_idl_index *sbrec_mcast_group_by_name_dp
- = mcast_group_index_create(ovnsb_idl_loop.idl);
-
- struct ovsdb_idl_index *sbrec_ip_mcast_by_dp
- = ip_mcast_index_create(ovnsb_idl_loop.idl);
-
- /* Ensure that only a single ovn-northd is active in the deployment by
- * acquiring a lock called "ovn_northd" on the southbound database
- * and then only performing DB transactions if the lock is held. */
- ovsdb_idl_set_lock(ovnsb_idl_loop.idl, "ovn_northd");
- bool had_lock = false;
-
- /* Main loop. */
- exiting = false;
- while (!exiting) {
- struct northd_context ctx = {
- .ovnnb_idl = ovnnb_idl_loop.idl,
- .ovnnb_txn = ovsdb_idl_loop_run(&ovnnb_idl_loop),
- .ovnsb_idl = ovnsb_idl_loop.idl,
- .ovnsb_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
- .sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
- .sbrec_mcast_group_by_name_dp = sbrec_mcast_group_by_name_dp,
- .sbrec_ip_mcast_by_dp = sbrec_ip_mcast_by_dp,
- };
-
- if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
- VLOG_INFO("ovn-northd lock acquired. "
- "This ovn-northd instance is now active.");
- had_lock = true;
- } else if (had_lock && !ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
- VLOG_INFO("ovn-northd lock lost. "
- "This ovn-northd instance is now on standby.");
- had_lock = false;
- }
-
- if (ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
- ovn_db_run(&ctx, sbrec_chassis_by_name, &ovnsb_idl_loop);
- if (ctx.ovnsb_txn) {
- check_and_add_supported_dhcp_opts_to_sb_db(&ctx);
- check_and_add_supported_dhcpv6_opts_to_sb_db(&ctx);
- check_and_update_rbac(&ctx);
- }
- }
-
- unixctl_server_run(unixctl);
- unixctl_server_wait(unixctl);
- if (exiting) {
- poll_immediate_wake();
- }
- ovsdb_idl_loop_commit_and_wait(&ovnnb_idl_loop);
- ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
-
- poll_block();
- if (should_service_stop()) {
- exiting = true;
- }
- }
-
- unixctl_server_destroy(unixctl);
- ovsdb_idl_loop_destroy(&ovnnb_idl_loop);
- ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
- service_stop();
-
- exit(res);
-}
-
-static void
-ovn_northd_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *exiting_)
-{
- bool *exiting = exiting_;
- *exiting = true;
-
- unixctl_command_reply(conn, NULL);
-}
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
deleted file mode 100644
index c4099f25a88..00000000000
--- a/ovn/ovn-architecture.7.xml
+++ /dev/null
@@ -1,2074 +0,0 @@
-
-
- Name
- ovn-architecture -- Open Virtual Network architecture
-
- Description
-
-
- OVN, the Open Virtual Network, is a system to support virtual network
- abstraction. OVN complements the existing capabilities of OVS to add
- native support for virtual network abstractions, such as virtual L2 and L3
- overlays and security groups. Services such as DHCP are also desirable
- features. Just like OVS, OVN's design goal is to have a production-quality
- implementation that can operate at significant scale.
-
-
-
- An OVN deployment consists of several components:
-
-
-
- -
-
- A Cloud Management System (CMS), which is
- OVN's ultimate client (via its users and administrators). OVN
- integration requires installing a CMS-specific plugin and
- related software (see below). OVN initially targets OpenStack
- as CMS.
-
-
-
- We generally speak of ``the'' CMS, but one can imagine scenarios in
- which multiple CMSes manage different parts of an OVN deployment.
-
-
-
- -
- An OVN Database physical or virtual node (or, eventually, cluster)
- installed in a central location.
-
-
- -
- One or more (usually many) hypervisors. Hypervisors must run
- Open vSwitch and implement the interface described in
-
IntegrationGuide.rst
in the OVS source tree. Any hypervisor
- platform supported by Open vSwitch is acceptable.
-
-
- -
-
- Zero or more gateways. A gateway extends a tunnel-based
- logical network into a physical network by bidirectionally forwarding
- packets between tunnels and a physical Ethernet port. This allows
- non-virtualized machines to participate in logical networks. A gateway
- may be a physical host, a virtual machine, or an ASIC-based hardware
- switch that supports the vtep
(5) schema.
-
-
-
- Hypervisors and gateways are together called transport node
- or chassis.
-
-
-
-
-
- The diagram below shows how the major components of OVN and related
- software interact. Starting at the top of the diagram, we have:
-
-
-
- -
- The Cloud Management System, as defined above.
-
-
- -
-
- The OVN/CMS Plugin is the component of the CMS that
- interfaces to OVN. In OpenStack, this is a Neutron plugin.
- The plugin's main purpose is to translate the CMS's notion of logical
- network configuration, stored in the CMS's configuration database in a
- CMS-specific format, into an intermediate representation understood by
- OVN.
-
-
-
- This component is necessarily CMS-specific, so a new plugin needs to be
- developed for each CMS that is integrated with OVN. All of the
- components below this one in the diagram are CMS-independent.
-
-
-
- -
-
- The OVN Northbound Database receives the intermediate
- representation of logical network configuration passed down by the
- OVN/CMS Plugin. The database schema is meant to be ``impedance
- matched'' with the concepts used in a CMS, so that it directly supports
- notions of logical switches, routers, ACLs, and so on. See
- ovn-nb
(5) for details.
-
-
-
- The OVN Northbound Database has only two clients: the OVN/CMS Plugin
- above it and ovn-northd
below it.
-
-
-
- -
-
ovn-northd
(8) connects to the OVN Northbound Database
- above it and the OVN Southbound Database below it. It translates the
- logical network configuration in terms of conventional network
- concepts, taken from the OVN Northbound Database, into logical
- datapath flows in the OVN Southbound Database below it.
-
-
- -
-
- The OVN Southbound Database is the center of the system.
- Its clients are ovn-northd
(8) above it and
- ovn-controller
(8) on every transport node below it.
-
-
-
- The OVN Southbound Database contains three kinds of data: Physical
- Network (PN) tables that specify how to reach hypervisor and
- other nodes, Logical Network (LN) tables that describe the
- logical network in terms of ``logical datapath flows,'' and
- Binding tables that link logical network components'
- locations to the physical network. The hypervisors populate the PN and
- Port_Binding tables, whereas ovn-northd
(8) populates the
- LN tables.
-
-
-
- OVN Southbound Database performance must scale with the number of
- transport nodes. This will likely require some work on
- ovsdb-server
(1) as we encounter bottlenecks.
- Clustering for availability may be needed.
-
-
-
-
-
- The remaining components are replicated onto each hypervisor:
-
-
-
- -
-
ovn-controller
(8) is OVN's agent on each hypervisor and
- software gateway. Northbound, it connects to the OVN Southbound
- Database to learn about OVN configuration and status and to
- populate the PN table and the Chassis
column in
- Binding
table with the hypervisor's status.
- Southbound, it connects to ovs-vswitchd
(8) as an
- OpenFlow controller, for control over network traffic, and to the
- local ovsdb-server
(1) to allow it to monitor and
- control Open vSwitch configuration.
-
-
- -
-
ovs-vswitchd
(8) and ovsdb-server
(1) are
- conventional components of Open vSwitch.
-
-
-
-
- CMS
- |
- |
- +-----------|-----------+
- | | |
- | OVN/CMS Plugin |
- | | |
- | | |
- | OVN Northbound DB |
- | | |
- | | |
- | ovn-northd |
- | | |
- +-----------|-----------+
- |
- |
- +-------------------+
- | OVN Southbound DB |
- +-------------------+
- |
- |
- +------------------+------------------+
- | | |
- HV 1 | | HV n |
-+---------------|---------------+ . +---------------|---------------+
-| | | . | | |
-| ovn-controller | . | ovn-controller |
-| | | | . | | | |
-| | | | | | | |
-| ovs-vswitchd ovsdb-server | | ovs-vswitchd ovsdb-server |
-| | | |
-+-------------------------------+ +-------------------------------+
-
-
- Information Flow in OVN
-
-
- Configuration data in OVN flows from north to south. The CMS, through its
- OVN/CMS plugin, passes the logical network configuration to
- ovn-northd
via the northbound database. In turn,
- ovn-northd
compiles the configuration into a lower-level form
- and passes it to all of the chassis via the southbound database.
-
-
-
- Status information in OVN flows from south to north. OVN currently
- provides only a few forms of status information. First,
- ovn-northd
populates the up
column in the
- northbound Logical_Switch_Port
table: if a logical port's
- chassis
column in the southbound Port_Binding
- table is nonempty, it sets up
to true
, otherwise
- to false
. This allows the CMS to detect when a VM's
- networking has come up.
-
-
-
- Second, OVN provides feedback to the CMS on the realization of its
- configuration, that is, whether the configuration provided by the CMS has
- taken effect. This feature requires the CMS to participate in a sequence
- number protocol, which works the following way:
-
-
-
- -
- When the CMS updates the configuration in the northbound database, as
- part of the same transaction, it increments the value of the
-
nb_cfg
column in the NB_Global
table. (This is
- only necessary if the CMS wants to know when the configuration has been
- realized.)
-
-
- -
- When
ovn-northd
updates the southbound database based on a
- given snapshot of the northbound database, it copies nb_cfg
- from northbound NB_Global
into the southbound database
- SB_Global
table, as part of the same transaction. (Thus, an
- observer monitoring both databases can determine when the southbound
- database is caught up with the northbound.)
-
-
- -
- After
ovn-northd
receives confirmation from the southbound
- database server that its changes have committed, it updates
- sb_cfg
in the northbound NB_Global
table to the
- nb_cfg
version that was pushed down. (Thus, the CMS or
- another observer can determine when the southbound database is caught up
- without a connection to the southbound database.)
-
-
- -
- The
ovn-controller
process on each chassis receives the
- updated southbound database, with the updated nb_cfg
. This
- process in turn updates the physical flows installed in the chassis's
- Open vSwitch instances. When it receives confirmation from Open vSwitch
- that the physical flows have been updated, it updates nb_cfg
- in its own Chassis
record in the southbound database.
-
-
- -
-
ovn-northd
monitors the nb_cfg
column in all of
- the Chassis
records in the southbound database. It keeps
- track of the minimum value among all the records and copies it into the
- hv_cfg
column in the northbound NB_Global
- table. (Thus, the CMS or another observer can determine when all of the
- hypervisors have caught up to the northbound configuration.)
-
-
-
- Chassis Setup
-
-
- Each chassis in an OVN deployment must be configured with an Open vSwitch
- bridge dedicated for OVN's use, called the integration bridge.
- System startup scripts may create this bridge prior to starting
- ovn-controller
if desired. If this bridge does not exist when
- ovn-controller starts, it will be created automatically with the default
- configuration suggested below. The ports on the integration bridge include:
-
-
-
- -
- On any chassis, tunnel ports that OVN uses to maintain logical network
- connectivity.
ovn-controller
adds, updates, and removes
- these tunnel ports.
-
-
- -
- On a hypervisor, any VIFs that are to be attached to logical networks.
- The hypervisor itself, or the integration between Open vSwitch and the
- hypervisor (described in
IntegrationGuide.rst
) takes care of
- this. (This is not part of OVN or new to OVN; this is pre-existing
- integration work that has already been done on hypervisors that support
- OVS.)
-
-
- -
- On a gateway, the physical port used for logical network connectivity.
- System startup scripts add this port to the bridge prior to starting
-
ovn-controller
. This can be a patch port to another bridge,
- instead of a physical port, in more sophisticated setups.
-
-
-
-
- Other ports should not be attached to the integration bridge. In
- particular, physical ports attached to the underlay network (as opposed to
- gateway ports, which are physical ports attached to logical networks) must
- not be attached to the integration bridge. Underlay physical ports should
- instead be attached to a separate Open vSwitch bridge (they need not be
- attached to any bridge at all, in fact).
-
-
-
- The integration bridge should be configured as described below.
- The effect of each of these settings is documented in
- ovs-vswitchd.conf.db
(5):
-
-
-
-
- fail-mode=secure
- -
- Avoids switching packets between isolated logical networks before
-
ovn-controller
starts up. See Controller Failure
- Settings
in ovs-vsctl
(8) for more information.
-
-
- other-config:disable-in-band=true
- -
- Suppresses in-band control flows for the integration bridge. It would be
- unusual for such flows to show up anyway, because OVN uses a local
- controller (over a Unix domain socket) instead of a remote controller.
- It's possible, however, for some other bridge in the same system to have
- an in-band remote controller, and in that case this suppresses the flows
- that in-band control would ordinarily set up. Refer to the documentation
- for more information.
-
-
-
-
- The customary name for the integration bridge is br-int
, but
- another name may be used.
-
-
- Logical Networks
-
-
- A logical network implements the same concepts as physical
- networks, but they are insulated from the physical network with tunnels or
- other encapsulations. This allows logical networks to have separate IP and
- other address spaces that overlap, without conflicting, with those used for
- physical networks. Logical network topologies can be arranged without
- regard for the topologies of the physical networks on which they run.
-
-
-
- Logical network concepts in OVN include:
-
-
-
-
- Life Cycle of a VIF
-
-
- Tables and their schemas presented in isolation are difficult to
- understand. Here's an example.
-
-
-
- A VIF on a hypervisor is a virtual network interface attached either
- to a VM or a container running directly on that hypervisor (This is
- different from the interface of a container running inside a VM).
-
-
-
- The steps in this example refer often to details of the OVN and OVN
- Northbound database schemas. Please see ovn-sb
(5) and
- ovn-nb
(5), respectively, for the full story on these
- databases.
-
-
-
- -
- A VIF's life cycle begins when a CMS administrator creates a new VIF
- using the CMS user interface or API and adds it to a switch (one
- implemented by OVN as a logical switch). The CMS updates its own
- configuration. This includes associating unique, persistent identifier
- vif-id and Ethernet address mac with the VIF.
-
-
- -
- The CMS plugin updates the OVN Northbound database to include the new
- VIF, by adding a row to the
Logical_Switch_Port
- table. In the new row, name
is vif-id,
- mac
is mac, switch
points to
- the OVN logical switch's Logical_Switch record, and other columns
- are initialized appropriately.
-
-
- -
-
ovn-northd
receives the OVN Northbound database update. In
- turn, it makes the corresponding updates to the OVN Southbound database,
- by adding rows to the OVN Southbound database Logical_Flow
- table to reflect the new port, e.g. add a flow to recognize that packets
- destined to the new port's MAC address should be delivered to it, and
- update the flow that delivers broadcast and multicast packets to include
- the new port. It also creates a record in the Binding
table
- and populates all its columns except the column that identifies the
- chassis
.
-
-
- -
- On every hypervisor,
ovn-controller
receives the
- Logical_Flow
table updates that ovn-northd
made
- in the previous step. As long as the VM that owns the VIF is powered
- off, ovn-controller
cannot do much; it cannot, for example,
- arrange to send packets to or receive packets from the VIF, because the
- VIF does not actually exist anywhere.
-
-
- -
- Eventually, a user powers on the VM that owns the VIF. On the hypervisor
- where the VM is powered on, the integration between the hypervisor and
- Open vSwitch (described in
IntegrationGuide.rst
) adds the VIF
- to the OVN integration bridge and stores vif-id in
- external_ids
:iface-id
to indicate that the
- interface is an instantiation of the new VIF. (None of this code is new
- in OVN; this is pre-existing integration work that has already been done
- on hypervisors that support OVS.)
-
-
- -
- On the hypervisor where the VM is powered on,
ovn-controller
- notices external_ids
:iface-id
in the new
- Interface. In response, in the OVN Southbound DB, it updates the
- Binding
table's chassis
column for the
- row that links the logical port from external_ids
:
- iface-id
to the hypervisor. Afterward, ovn-controller
- updates the local hypervisor's OpenFlow tables so that packets to and from
- the VIF are properly handled.
-
-
- -
- Some CMS systems, including OpenStack, fully start a VM only when its
- networking is ready. To support this,
ovn-northd
notices
- the chassis
column updated for the row in
- Binding
table and pushes this upward by updating the
- column
- in the OVN Northbound database's table to indicate that the VIF is now up. The CMS,
- if it uses this feature, can then react by allowing the VM's
- execution to proceed.
-
-
- -
- On every hypervisor but the one where the VIF resides,
-
ovn-controller
notices the completely populated row in the
- Binding
table. This provides ovn-controller
- the physical location of the logical port, so each instance updates the
- OpenFlow tables of its switch (based on logical datapath flows in the OVN
- DB Logical_Flow
table) so that packets to and from the VIF
- can be properly handled via tunnels.
-
-
- -
- Eventually, a user powers off the VM that owns the VIF. On the
- hypervisor where the VM was powered off, the VIF is deleted from the OVN
- integration bridge.
-
-
- -
- On the hypervisor where the VM was powered off,
-
ovn-controller
notices that the VIF was deleted. In
- response, it removes the Chassis
column content in the
- Binding
table for the logical port.
-
-
- -
- On every hypervisor,
ovn-controller
notices the empty
- Chassis
column in the Binding
table's row
- for the logical port. This means that ovn-controller
no
- longer knows the physical location of the logical port, so each instance
- updates its OpenFlow table to reflect that.
-
-
- -
- Eventually, when the VIF (or its entire VM) is no longer needed by
- anyone, an administrator deletes the VIF using the CMS user interface or
- API. The CMS updates its own configuration.
-
-
- -
- The CMS plugin removes the VIF from the OVN Northbound database,
- by deleting its row in the
Logical_Switch_Port
table.
-
-
- -
-
ovn-northd
receives the OVN Northbound update and in turn
- updates the OVN Southbound database accordingly, by removing or updating
- the rows from the OVN Southbound database Logical_Flow
table
- and Binding
table that were related to the now-destroyed
- VIF.
-
-
- -
- On every hypervisor,
ovn-controller
receives the
- Logical_Flow
table updates that ovn-northd
made
- in the previous step. ovn-controller
updates OpenFlow
- tables to reflect the update, although there may not be much to do, since
- the VIF had already become unreachable when it was removed from the
- Binding
table in a previous step.
-
-
-
- Life Cycle of a Container Interface Inside a VM
-
-
- OVN provides virtual network abstractions by converting information
- written in OVN_NB database to OpenFlow flows in each hypervisor. Secure
- virtual networking for multi-tenants can only be provided if OVN controller
- is the only entity that can modify flows in Open vSwitch. When the
- Open vSwitch integration bridge resides in the hypervisor, it is a
- fair assumption to make that tenant workloads running inside VMs cannot
- make any changes to Open vSwitch flows.
-
-
-
- If the infrastructure provider trusts the applications inside the
- containers not to break out and modify the Open vSwitch flows, then
- containers can be run in hypervisors. This is also the case when
- containers are run inside the VMs and Open vSwitch integration bridge
- with flows added by OVN controller resides in the same VM. For both
- the above cases, the workflow is the same as explained with an example
- in the previous section ("Life Cycle of a VIF").
-
-
-
- This section talks about the life cycle of a container interface (CIF)
- when containers are created in the VMs and the Open vSwitch integration
- bridge resides inside the hypervisor. In this case, even if a container
- application breaks out, other tenants are not affected because the
- containers running inside the VMs cannot modify the flows in the
- Open vSwitch integration bridge.
-
-
-
- When multiple containers are created inside a VM, there are multiple
- CIFs associated with them. The network traffic associated with these
- CIFs need to reach the Open vSwitch integration bridge running in the
- hypervisor for OVN to support virtual network abstractions. OVN should
- also be able to distinguish network traffic coming from different CIFs.
- There are two ways to distinguish network traffic of CIFs.
-
-
-
- One way is to provide one VIF for every CIF (1:1 model). This means that
- there could be a lot of network devices in the hypervisor. This would slow
- down OVS because of all the additional CPU cycles needed for the management
- of all the VIFs. It would also mean that the entity creating the
- containers in a VM should also be able to create the corresponding VIFs in
- the hypervisor.
-
-
-
- The second way is to provide a single VIF for all the CIFs (1:many model).
- OVN could then distinguish network traffic coming from different CIFs via
- a tag written in every packet. OVN uses this mechanism and uses VLAN as
- the tagging mechanism.
-
-
-
- -
- A CIF's life cycle begins when a container is spawned inside a VM by
- the either the same CMS that created the VM or a tenant that owns that VM
- or even a container Orchestration System that is different than the CMS
- that initially created the VM. Whoever the entity is, it will need to
- know the vif-id that is associated with the network interface
- of the VM through which the container interface's network traffic is
- expected to go through. The entity that creates the container interface
- will also need to choose an unused VLAN inside that VM.
-
-
- -
- The container spawning entity (either directly or through the CMS that
- manages the underlying infrastructure) updates the OVN Northbound
- database to include the new CIF, by adding a row to the
-
Logical_Switch_Port
table. In the new row,
- name
is any unique identifier,
- parent_name
is the vif-id of the VM
- through which the CIF's network traffic is expected to go through
- and the tag
is the VLAN tag that identifies the
- network traffic of that CIF.
-
-
- -
-
ovn-northd
receives the OVN Northbound database update. In
- turn, it makes the corresponding updates to the OVN Southbound database,
- by adding rows to the OVN Southbound database's Logical_Flow
- table to reflect the new port and also by creating a new row in the
- Binding
table and populating all its columns except the
- column that identifies the chassis
.
-
-
- -
- On every hypervisor,
ovn-controller
subscribes to the
- changes in the Binding
table. When a new row is created
- by ovn-northd
that includes a value in
- parent_port
column of Binding
table, the
- ovn-controller
in the hypervisor whose OVN integration bridge
- has that same value in vif-id in
- external_ids
:iface-id
- updates the local hypervisor's OpenFlow tables so that packets to and
- from the VIF with the particular VLAN tag
are properly
- handled. Afterward it updates the chassis
column of
- the Binding
to reflect the physical location.
-
-
- -
- One can only start the application inside the container after the
- underlying network is ready. To support this,
ovn-northd
- notices the updated chassis
column in Binding
- table and updates the column in the OVN Northbound database's
- table to indicate that the
- CIF is now up. The entity responsible to start the container application
- queries this value and starts the application.
-
-
- -
- Eventually the entity that created and started the container, stops it.
- The entity, through the CMS (or directly) deletes its row in the
-
Logical_Switch_Port
table.
-
-
- -
-
ovn-northd
receives the OVN Northbound update and in turn
- updates the OVN Southbound database accordingly, by removing or updating
- the rows from the OVN Southbound database Logical_Flow
table
- that were related to the now-destroyed CIF. It also deletes the row in
- the Binding
table for that CIF.
-
-
- -
- On every hypervisor,
ovn-controller
receives the
- Logical_Flow
table updates that ovn-northd
made
- in the previous step. ovn-controller
updates OpenFlow
- tables to reflect the update.
-
-
-
- Architectural Physical Life Cycle of a Packet
-
-
- This section describes how a packet travels from one virtual machine or
- container to another through OVN. This description focuses on the physical
- treatment of a packet; for a description of the logical life cycle of a
- packet, please refer to the Logical_Flow
table in
- ovn-sb
(5).
-
-
-
- This section mentions several data and metadata fields, for clarity
- summarized here:
-
-
-
- - tunnel key
- -
- When OVN encapsulates a packet in Geneve or another tunnel, it attaches
- extra data to it to allow the receiving OVN instance to process it
- correctly. This takes different forms depending on the particular
- encapsulation, but in each case we refer to it here as the ``tunnel
- key.'' See
Tunnel Encapsulations
, below, for details.
-
-
- - logical datapath field
- -
- A field that denotes the logical datapath through which a packet is being
- processed.
-
- OVN uses the field that OpenFlow 1.1+ simply (and confusingly) calls
- ``metadata'' to store the logical datapath. (This field is passed across
- tunnels as part of the tunnel key.)
-
-
- - logical input port field
- -
-
- A field that denotes the logical port from which the packet
- entered the logical datapath.
-
- OVN stores this in Open vSwitch extension register number 14.
-
-
-
- Geneve and STT tunnels pass this field as part of the tunnel key.
- Although VXLAN tunnels do not explicitly carry a logical input port,
- OVN only uses VXLAN to communicate with gateways that from OVN's
- perspective consist of only a single logical port, so that OVN can set
- the logical input port field to this one on ingress to the OVN logical
- pipeline.
-
-
-
- - logical output port field
- -
-
- A field that denotes the logical port from which the packet will
- leave the logical datapath. This is initialized to 0 at the
- beginning of the logical ingress pipeline.
-
- OVN stores this in Open vSwitch extension register number 15.
-
-
-
- Geneve and STT tunnels pass this field as part of the tunnel key.
- VXLAN tunnels do not transmit the logical output port field.
- Since VXLAN tunnels do not carry a logical output port field in
- the tunnel key, when a packet is received from VXLAN tunnel by
- an OVN hypervisor, the packet is resubmitted to table 8 to
- determine the output port(s); when the packet reaches table 32,
- these packets are resubmitted to table 33 for local delivery by
- checking a MLF_RCV_FROM_VXLAN flag, which is set when the packet
- arrives from a VXLAN tunnel.
-
-
-
- - conntrack zone field for logical ports
- -
- A field that denotes the connection tracking zone for logical ports.
- The value only has local significance and is not meaningful between
- chassis. This is initialized to 0 at the beginning of the logical
-
- ingress pipeline. OVN stores this in Open vSwitch extension register
- number 13.
-
-
- - conntrack zone fields for routers
- -
- Fields that denote the connection tracking zones for routers. These
- values only have local significance and are not meaningful between
- chassis. OVN stores the zone information for DNATting in Open vSwitch
-
- extension register number 11 and zone information for SNATing in
- Open vSwitch extension register number 12.
-
-
- - logical flow flags
- -
- The logical flags are intended to handle keeping context between
- tables in order to decide which rules in subsequent tables are
- matched. These values only have local significance and are not
- meaningful between chassis. OVN stores the logical flags in
-
- Open vSwitch extension register number 10.
-
-
- - VLAN ID
- -
- The VLAN ID is used as an interface between OVN and containers nested
- inside a VM (see
Life Cycle of a container interface inside a
- VM
, above, for more information).
-
-
-
-
- Initially, a VM or container on the ingress hypervisor sends a packet on a
- port attached to the OVN integration bridge. Then:
-
-
-
- -
-
- OpenFlow table 0 performs physical-to-logical translation. It matches
- the packet's ingress port. Its actions annotate the packet with
- logical metadata, by setting the logical datapath field to identify the
- logical datapath that the packet is traversing and the logical input
- port field to identify the ingress port. Then it resubmits to table 8
- to enter the logical ingress pipeline.
-
-
-
- Packets that originate from a container nested within a VM are treated
- in a slightly different way. The originating container can be
- distinguished based on the VIF-specific VLAN ID, so the
- physical-to-logical translation flows additionally match on VLAN ID and
- the actions strip the VLAN header. Following this step, OVN treats
- packets from containers just like any other packets.
-
-
-
- Table 0 also processes packets that arrive from other chassis. It
- distinguishes them from other packets by ingress port, which is a
- tunnel. As with packets just entering the OVN pipeline, the actions
- annotate these packets with logical datapath and logical ingress port
- metadata. In addition, the actions set the logical output port field,
- which is available because in OVN tunneling occurs after the logical
- output port is known. These three pieces of information are obtained
- from the tunnel encapsulation metadata (see Tunnel
- Encapsulations
for encoding details). Then the actions resubmit
- to table 33 to enter the logical egress pipeline.
-
-
-
- -
-
- OpenFlow tables 8 through 31 execute the logical ingress pipeline from
- the Logical_Flow
table in the OVN Southbound database.
- These tables are expressed entirely in terms of logical concepts like
- logical ports and logical datapaths. A big part of
- ovn-controller
's job is to translate them into equivalent
- OpenFlow (in particular it translates the table numbers:
- Logical_Flow
tables 0 through 23 become OpenFlow tables 8
- through 31).
-
-
-
- Each logical flow maps to one or more OpenFlow flows. An actual packet
- ordinarily matches only one of these, although in some cases it can
- match more than one of these flows (which is not a problem because all
- of them have the same actions). ovn-controller
uses the
- first 32 bits of the logical flow's UUID as the cookie for its OpenFlow
- flow or flows. (This is not necessarily unique, since the first 32
- bits of a logical flow's UUID is not necessarily unique.)
-
-
-
- Some logical flows can map to the Open vSwitch ``conjunctive match''
- extension (see ovs-fields
(7)). Flows with a
- conjunction
action use an OpenFlow cookie of 0, because
- they can correspond to multiple logical flows. The OpenFlow flow for a
- conjunctive match includes a match on conj_id
.
-
-
-
- Some logical flows may not be represented in the OpenFlow tables on a
- given hypervisor, if they could not be used on that hypervisor. For
- example, if no VIF in a logical switch resides on a given hypervisor,
- and the logical switch is not otherwise reachable on that hypervisor
- (e.g. over a series of hops through logical switches and routers
- starting from a VIF on the hypervisor), then the logical flow may not
- be represented there.
-
-
-
- Most OVN actions have fairly obvious implementations in OpenFlow (with
- OVS extensions), e.g. next;
is implemented as
- resubmit
, field =
- constant;
as set_field
. A few are worth
- describing in more detail:
-
-
-
- output:
- -
- Implemented by resubmitting the packet to table 32. If the pipeline
- executes more than one
output
action, then each one is
- separately resubmitted to table 32. This can be used to send
- multiple copies of the packet to multiple ports. (If the packet was
- not modified between the output
actions, and some of the
- copies are destined to the same hypervisor, then using a logical
- multicast output port would save bandwidth between hypervisors.)
-
-
- get_arp(P, A);
- get_nd(P, A);
- -
-
- Implemented by storing arguments into OpenFlow fields, then
- resubmitting to table 66, which ovn-controller
- populates with flows generated from the MAC_Binding
- table in the OVN Southbound database. If there is a match in table
- 66, then its actions store the bound MAC in the Ethernet
- destination address field.
-
-
-
- (The OpenFlow actions save and restore the OpenFlow fields used for
- the arguments, so that the OVN actions do not have to be aware of
- this temporary use.)
-
-
-
- put_arp(P, A, E);
- put_nd(P, A, E);
- -
-
- Implemented by storing the arguments into OpenFlow fields, then
- outputting a packet to ovn-controller
, which updates
- the MAC_Binding
table.
-
-
-
- (The OpenFlow actions save and restore the OpenFlow fields used for
- the arguments, so that the OVN actions do not have to be aware of
- this temporary use.)
-
-
-
-
-
- -
-
- OpenFlow tables 32 through 47 implement the output
action
- in the logical ingress pipeline. Specifically, table 32 handles
- packets to remote hypervisors, table 33 handles packets to the local
- hypervisor, and table 34 checks whether packets whose logical ingress
- and egress port are the same should be discarded.
-
-
-
- Logical patch ports are a special case. Logical patch ports do not
- have a physical location and effectively reside on every hypervisor.
- Thus, flow table 33, for output to ports on the local hypervisor,
- naturally implements output to unicast logical patch ports too.
- However, applying the same logic to a logical patch port that is part
- of a logical multicast group yields packet duplication, because each
- hypervisor that contains a logical port in the multicast group will
- also output the packet to the logical patch port. Thus, multicast
- groups implement output to logical patch ports in table 32.
-
-
-
- Each flow in table 32 matches on a logical output port for unicast or
- multicast logical ports that include a logical port on a remote
- hypervisor. Each flow's actions implement sending a packet to the port
- it matches. For unicast logical output ports on remote hypervisors,
- the actions set the tunnel key to the correct value, then send the
- packet on the tunnel port to the correct hypervisor. (When the remote
- hypervisor receives the packet, table 0 there will recognize it as a
- tunneled packet and pass it along to table 33.) For multicast logical
- output ports, the actions send one copy of the packet to each remote
- hypervisor, in the same way as for unicast destinations. If a
- multicast group includes a logical port or ports on the local
- hypervisor, then its actions also resubmit to table 33. Table 32 also
- includes:
-
-
-
- -
- A higher-priority rule to match packets received from VXLAN tunnels,
- based on flag MLF_RCV_FROM_VXLAN, and resubmit these packets to table
- 33 for local delivery. Packets received from VXLAN tunnels reach
- here because of a lack of logical output port field in the tunnel key
- and thus these packets needed to be submitted to table 8 to
- determine the output port.
-
- -
- A higher-priority rule to match packets received from ports of type
-
localport
, based on the logical input port, and resubmit
- these packets to table 33 for local delivery. Ports of type
- localport
exist on every hypervisor and by definition
- their traffic should never go out through a tunnel.
-
- -
- A higher-priority rule to match packets that have the MLF_LOCAL_ONLY
- logical flow flag set, and whose destination is a multicast address.
- This flag indicates that the packet should not be delivered to remote
- hypervisors, even if the multicast destination includes ports on
- remote hypervisors. This flag is used when
-
ovn-controller
is the originator of the multicast packet.
- Since each ovn-controller
instance is originating these
- packets, the packets only need to be delivered to local ports.
-
- -
- A fallback flow that resubmits to table 33 if there is no other
- match.
-
-
-
-
- Flows in table 33 resemble those in table 32 but for logical ports that
- reside locally rather than remotely. For unicast logical output ports
- on the local hypervisor, the actions just resubmit to table 34. For
- multicast output ports that include one or more logical ports on the
- local hypervisor, for each such logical port P, the actions
- change the logical output port to P, then resubmit to table
- 34.
-
-
-
- A special case is that when a localnet port exists on the datapath,
- remote port is connected by switching to the localnet port. In this
- case, instead of adding a flow in table 32 to reach the remote port, a
- flow is added in table 33 to switch the logical outport to the localnet
- port, and resubmit to table 33 as if it were unicasted to a logical
- port on the local hypervisor.
-
-
-
- Table 34 matches and drops packets for which the logical input and
- output ports are the same and the MLF_ALLOW_LOOPBACK flag is not
- set. It resubmits other packets to table 40.
-
-
-
- -
-
- OpenFlow tables 40 through 63 execute the logical egress pipeline from
- the Logical_Flow
table in the OVN Southbound database.
- The egress pipeline can perform a final stage of validation before
- packet delivery. Eventually, it may execute an output
- action, which ovn-controller
implements by resubmitting to
- table 64. A packet for which the pipeline never executes
- output
is effectively dropped (although it may have been
- transmitted through a tunnel across a physical network).
-
-
-
- The egress pipeline cannot change the logical output port or cause
- further tunneling.
-
-
-
- -
-
- Table 64 bypasses OpenFlow loopback when MLF_ALLOW_LOOPBACK is set.
- Logical loopback was handled in table 34, but OpenFlow by default also
- prevents loopback to the OpenFlow ingress port. Thus, when
- MLF_ALLOW_LOOPBACK is set, OpenFlow table 64 saves the OpenFlow ingress
- port, sets it to zero, resubmits to table 65 for logical-to-physical
- transformation, and then restores the OpenFlow ingress port,
- effectively disabling OpenFlow loopback prevents. When
- MLF_ALLOW_LOOPBACK is unset, table 64 flow simply resubmits to table
- 65.
-
-
-
- -
-
- OpenFlow table 65 performs logical-to-physical translation, the
- opposite of table 0. It matches the packet's logical egress port. Its
- actions output the packet to the port attached to the OVN integration
- bridge that represents that logical port. If the logical egress port
- is a container nested with a VM, then before sending the packet the
- actions push on a VLAN header with an appropriate VLAN ID.
-
-
-
-
- Logical Routers and Logical Patch Ports
-
-
- Typically logical routers and logical patch ports do not have a
- physical location and effectively reside on every hypervisor. This is
- the case for logical patch ports between logical routers and logical
- switches behind those logical routers, to which VMs (and VIFs) attach.
-
-
-
- Consider a packet sent from one virtual machine or container to another
- VM or container that resides on a different subnet. The packet will
- traverse tables 0 to 65 as described in the previous section
- Architectural Physical Life Cycle of a Packet
, using the
- logical datapath representing the logical switch that the sender is
- attached to. At table 32, the packet will use the fallback flow that
- resubmits locally to table 33 on the same hypervisor. In this case,
- all of the processing from table 0 to table 65 occurs on the hypervisor
- where the sender resides.
-
-
-
- When the packet reaches table 65, the logical egress port is a logical
- patch port. The implementation in table 65 differs depending on the OVS
- version, although the observed behavior is meant to be the same:
-
-
-
- -
- In OVS versions 2.6 and earlier, table 65 outputs to an OVS patch
- port that represents the logical patch port. The packet re-enters
- the OpenFlow flow table from the OVS patch port's peer in table 0,
- which identifies the logical datapath and logical input port based
- on the OVS patch port's OpenFlow port number.
-
-
- -
- In OVS versions 2.7 and later, the packet is cloned and resubmitted
- directly to the first OpenFlow flow table in the ingress pipeline,
- setting the logical ingress port to the peer logical patch port, and
- using the peer logical patch port's logical datapath (that
- represents the logical router).
-
-
-
-
- The packet re-enters the ingress pipeline in order to traverse tables
- 8 to 65 again, this time using the logical datapath representing the
- logical router. The processing continues as described in the previous
- section Architectural Physical Life Cycle of a Packet
.
- When the packet reachs table 65, the logical egress port will once
- again be a logical patch port. In the same manner as described above,
- this logical patch port will cause the packet to be resubmitted to
- OpenFlow tables 8 to 65, this time using the logical datapath
- representing the logical switch that the destination VM or container
- is attached to.
-
-
-
- The packet traverses tables 8 to 65 a third and final time. If the
- destination VM or container resides on a remote hypervisor, then table
- 32 will send the packet on a tunnel port from the sender's hypervisor
- to the remote hypervisor. Finally table 65 will output the packet
- directly to the destination VM or container.
-
-
-
- The following sections describe two exceptions, where logical routers
- and/or logical patch ports are associated with a physical location.
-
-
- Gateway Routers
-
-
- A gateway router is a logical router that is bound to a
- physical location. This includes all of the logical patch ports of
- the logical router, as well as all of the peer logical patch ports on
- logical switches. In the OVN Southbound database, the
- Port_Binding
entries for these logical patch ports use
- the type l3gateway
rather than patch
, in
- order to distinguish that these logical patch ports are bound to a
- chassis.
-
-
-
- When a hypervisor processes a packet on a logical datapath
- representing a logical switch, and the logical egress port is a
- l3gateway
port representing connectivity to a gateway
- router, the packet will match a flow in table 32 that sends the
- packet on a tunnel port to the chassis where the gateway router
- resides. This processing in table 32 is done in the same manner as
- for VIFs.
-
-
-
- Gateway routers are typically used in between distributed logical
- routers and physical networks. The distributed logical router and
- the logical switches behind it, to which VMs and containers attach,
- effectively reside on each hypervisor. The distributed router and
- the gateway router are connected by another logical switch, sometimes
- referred to as a join
logical switch. On the other
- side, the gateway router connects to another logical switch that has
- a localnet port connecting to the physical network.
-
-
-
- When using gateway routers, DNAT and SNAT rules are associated with
- the gateway router, which provides a central location that can handle
- one-to-many SNAT (aka IP masquerading).
-
-
- Distributed Gateway Ports
-
-
- Distributed gateway ports are logical router patch ports
- that directly connect distributed logical routers to logical
- switches with localnet ports.
-
-
-
- The primary design goal of distributed gateway ports is to allow as
- much traffic as possible to be handled locally on the hypervisor
- where a VM or container resides. Whenever possible, packets from
- the VM or container to the outside world should be processed
- completely on that VM's or container's hypervisor, eventually
- traversing a localnet port instance on that hypervisor to the
- physical network. Whenever possible, packets from the outside
- world to a VM or container should be directed through the physical
- network directly to the VM's or container's hypervisor, where the
- packet will enter the integration bridge through a localnet port.
-
-
-
- In order to allow for the distributed processing of packets
- described in the paragraph above, distributed gateway ports need to
- be logical patch ports that effectively reside on every hypervisor,
- rather than l3gateway
ports that are bound to a
- particular chassis. However, the flows associated with distributed
- gateway ports often need to be associated with physical locations,
- for the following reasons:
-
-
-
- -
-
- The physical network that the localnet port is attached to
- typically uses L2 learning. Any Ethernet address used over the
- distributed gateway port must be restricted to a single physical
- location so that upstream L2 learning is not confused. Traffic
- sent out the distributed gateway port towards the localnet port
- with a specific Ethernet address must be sent out one specific
- instance of the distributed gateway port on one specific
- chassis. Traffic received from the localnet port (or from a VIF
- on the same logical switch as the localnet port) with a specific
- Ethernet address must be directed to the logical switch's patch
- port instance on that specific chassis.
-
-
-
- Due to the implications of L2 learning, the Ethernet address and
- IP address of the distributed gateway port need to be restricted
- to a single physical location. For this reason, the user must
- specify one chassis associated with the distributed gateway
- port. Note that traffic traversing the distributed gateway port
- using other Ethernet addresses and IP addresses (e.g. one-to-one
- NAT) is not restricted to this chassis.
-
-
-
- Replies to ARP and ND requests must be restricted to a single
- physical location, where the Ethernet address in the reply
- resides. This includes ARP and ND replies for the IP address
- of the distributed gateway port, which are restricted to the
- chassis that the user associated with the distributed gateway
- port.
-
-
-
- -
- In order to support one-to-many SNAT (aka IP masquerading), where
- multiple logical IP addresses spread across multiple chassis are
- mapped to a single external IP address, it will be necessary to
- handle some of the logical router processing on a specific chassis
- in a centralized manner. Since the SNAT external IP address is
- typically the distributed gateway port IP address, and for
- simplicity, the same chassis associated with the distributed
- gateway port is used.
-
-
-
-
- The details of flow restrictions to specific chassis are described
- in the ovn-northd
documentation.
-
-
-
- While most of the physical location dependent aspects of distributed
- gateway ports can be handled by restricting some flows to specific
- chassis, one additional mechanism is required. When a packet
- leaves the ingress pipeline and the logical egress port is the
- distributed gateway port, one of two different sets of actions is
- required at table 32:
-
-
-
- -
- If the packet can be handled locally on the sender's hypervisor
- (e.g. one-to-one NAT traffic), then the packet should just be
- resubmitted locally to table 33, in the normal manner for
- distributed logical patch ports.
-
-
- -
- However, if the packet needs to be handled on the chassis
- associated with the distributed gateway port (e.g. one-to-many
- SNAT traffic or non-NAT traffic), then table 32 must send the
- packet on a tunnel port to that chassis.
-
-
-
-
- In order to trigger the second set of actions, the
- chassisredirect
type of southbound
- Port_Binding
has been added. Setting the logical
- egress port to the type chassisredirect
logical port is
- simply a way to indicate that although the packet is destined for
- the distributed gateway port, it needs to be redirected to a
- different chassis. At table 32, packets with this logical egress
- port are sent to a specific chassis, in the same way that table 32
- directs packets whose logical egress port is a VIF or a type
- l3gateway
port to different chassis. Once the packet
- arrives at that chassis, table 33 resets the logical egress port to
- the value representing the distributed gateway port. For each
- distributed gateway port, there is one type
- chassisredirect
port, in addition to the distributed
- logical patch port representing the distributed gateway port.
-
-
- High Availability for Distributed Gateway Ports
-
-
- OVN allows you to specify a prioritized list of chassis for a distributed
- gateway port. This is done by associating multiple
- Gateway_Chassis
rows with a Logical_Router_Port
- in the OVN_Northbound
database.
-
-
-
- When multiple chassis have been specified for a gateway, all chassis that
- may send packets to that gateway will enable BFD on tunnels to all
- configured gateway chassis. The current master chassis for the gateway
- is the highest priority gateway chassis that is currently viewed as
- active based on BFD status.
-
-
-
- For more information on L3 gateway high availability, please refer to
- http://docs.openvswitch.org/en/latest/topics/high-availability.
-
-
- Multiple localnet logical switches connected to a Logical Router
-
-
- It is possible to have multiple logical switches each with a localnet port
- (representing physical networks) connected to a logical router, in which
- one localnet logical switch may provide the external connectivity via a
- distributed gateway port and rest of the localnet logical switches use
- VLAN tagging in the physical network. It is expected that
- ovn-bridge-mappings
is configured appropriately on the
- chassis for all these localnet networks.
-
-
- East West routing
-
- East-West routing between these localnet VLAN tagged logical switches
- work almost the same way as normal logical switches. When the VM sends
- such a packet, then:
-
-
- -
- It first enters the ingress pipeline, and then egress pipeline of the
- source localnet logical switch datapath. It then enters the ingress
- pipeline of the logical router datapath via the logical router port in
- the source chassis.
-
-
- -
- Routing decision is taken.
-
-
- -
-
- From the router datapath, packet enters the ingress pipeline and then
- egress pipeline of the destination localnet logical switch datapath
- and goes out of the integration bridge to the provider bridge (
- belonging to the destination logical switch) via the localnet port.
- While sending the packet to provider bridge, we also replace router
- port MAC as source MAC with a chassis unique MAC.
-
-
-
- This chassis unique MAC is configured as global ovs config on each
- chassis (eg. via "ovs-vsctl set open . external-ids:
- ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i"
"). For more
- details, see ovn-controller
(8).
-
-
-
- If the above is not configured, then source MAC would be the router
- port MAC. This could create problem if we have more than one chassis.
- This is because, since the router port is distributed, the same
- (MAC,VLAN) tuple will seen by physical network from other chassis as
- well, which could cause these issues:
-
-
-
- -
- Continuous MAC moves in top-of-rack switch (ToR).
-
- -
- ToR dropping the traffic, which is causing continuous MAC moves.
-
- -
- ToR blocking the ports from which MAC moves are happening.
-
-
-
-
- -
- The destination chassis receives the packet via the localnet port and
- sends it to the integration bridge. The packet enters the
- ingress pipeline and then egress pipeline of the destination localnet
- logical switch and finally gets delivered to the destination VM port.
-
-
-
- External traffic
-
-
- The following happens when a VM sends an external traffic (which requires
- NATting) and the chassis hosting the VM doesn't have a distributed gateway
- port.
-
-
-
- -
- The packet first enters the ingress pipeline, and then egress pipeline of
- the source localnet logical switch datapath. It then enters the ingress
- pipeline of the logical router datapath via the logical router port in
- the source chassis.
-
-
- -
- Routing decision is taken. Since the gateway router or the distributed
- gateway port doesn't reside in the source chassis, the traffic is
- redirected to the gateway chassis via the tunnel port.
-
-
- -
- The gateway chassis receives the packet via the tunnel port and the
- packet enters the egress pipeline of the logical router datapath. NAT
- rules are applied here. The packet then enters the ingress pipeline and
- then egress pipeline of the localnet logical switch datapath which
- provides external connectivity and finally goes out via the localnet
- port of the logical switch which provides external connectivity.
-
-
-
-
- Although this works, the VM traffic is tunnelled when sent from the compute
- chassis to the gateway chassis. In order for it to work properly, the MTU
- of the localnet logical switches must be lowered to account for the tunnel
- encapsulation.
-
-
-
- Centralized routing for localnet VLAN tagged logical switches connected
- to a Logical Router
-
-
-
- To overcome the tunnel encapsulation problem described in the previous
- section, OVN
supports the option of enabling centralized
- routing for localnet VLAN tagged logical switches. CMS can configure the
- option to true
for each
- which connects to the
- localnet VLAN tagged logical switches. This causes the gateway
- chassis (hosting the distributed gateway port) to handle all the
- routing for these networks, making it centralized. It will reply to
- the ARP requests for the logical router port IPs.
-
-
-
- If the logical router doesn't have a distributed gateway port connecting
- to the localnet logical switch which provides external connectivity,
- then this option is ignored by OVN
.
-
-
-
- The following happens when a VM sends an east-west traffic which needs to
- be routed:
-
-
-
- -
- The packet first enters the ingress pipeline, and then egress pipeline of
- the source localnet logical switch datapath and is sent out via the
- localnet port of the source localnet logical switch (instead of sending
- it to router pipeline).
-
-
- -
- The gateway chassis receives the packet via the localnet port of the
- source localnet logical switch and sends it to the integration bridge.
- The packet then enters the ingress pipeline, and then egress pipeline of
- the source localnet logical switch datapath and enters the ingress
- pipeline of the logical router datapath.
-
-
- -
- Routing decision is taken.
-
-
- -
- From the router datapath, packet enters the ingress pipeline and then
- egress pipeline of the destination localnet logical switch datapath.
- It then goes out of the integration bridge to the provider bridge (
- belonging to the destination logical switch) via the localnet port.
-
-
- -
- The destination chassis receives the packet via the localnet port and
- sends it to the integration bridge. The packet enters the
- ingress pipeline and then egress pipeline of the destination localnet
- logical switch and finally delivered to the destination VM port.
-
-
-
-
- The following happens when a VM sends an external traffic which requires
- NATting:
-
-
-
- -
- The packet first enters the ingress pipeline, and then egress pipeline of
- the source localnet logical switch datapath and is sent out via the
- localnet port of the source localnet logical switch (instead of sending
- it to router pipeline).
-
-
- -
- The gateway chassis receives the packet via the localnet port of the
- source localnet logical switch and sends it to the integration bridge.
- The packet then enters the ingress pipeline, and then egress pipeline of
- the source localnet logical switch datapath and enters the ingress
- pipeline of the logical router datapath.
-
-
- -
- Routing decision is taken and NAT rules are applied.
-
-
- -
- From the router datapath, packet enters the ingress pipeline and then
- egress pipeline of the localnet logical switch datapath which provides
- external connectivity. It then goes out of the integration bridge to the
- provider bridge (belonging to the logical switch which provides external
- connectivity) via the localnet port.
-
-
-
-
- The following happens for the reverse external traffic.
-
-
-
- -
- The gateway chassis receives the packet from the localnet port of
- the logical switch which provides external connectivity. The packet then
- enters the ingress pipeline and then egress pipeline of the localnet
- logical switch (which provides external connectivity). The packet then
- enters the ingress pipeline of the logical router datapath.
-
-
- -
- The ingress pipeline of the logical router datapath applies the unNATting
- rules. The packet then enters the ingress pipeline and then egress
- pipeline of the source localnet logical switch. Since the source VM
- doesn't reside in the gateway chassis, the packet is sent out via the
- localnet port of the source logical switch.
-
-
- -
- The source chassis receives the packet via the localnet port and
- sends it to the integration bridge. The packet enters the
- ingress pipeline and then egress pipeline of the source localnet
- logical switch and finally gets delivered to the source VM port.
-
-
-
- Life Cycle of a VTEP gateway
-
-
- A gateway is a chassis that forwards traffic between the OVN-managed
- part of a logical network and a physical VLAN, extending a
- tunnel-based logical network into a physical network.
-
-
-
- The steps below refer often to details of the OVN and VTEP database
- schemas. Please see ovn-sb
(5), ovn-nb
(5)
- and vtep
(5), respectively, for the full story on these
- databases.
-
-
-
- -
- A VTEP gateway's life cycle begins with the administrator registering
- the VTEP gateway as a
Physical_Switch
table entry in the
- VTEP
database. The ovn-controller-vtep
- connected to this VTEP database, will recognize the new VTEP gateway
- and create a new Chassis
table entry for it in the
- OVN_Southbound
database.
-
-
- -
- The administrator can then create a new
Logical_Switch
- table entry, and bind a particular vlan on a VTEP gateway's port to
- any VTEP logical switch. Once a VTEP logical switch is bound to
- a VTEP gateway, the ovn-controller-vtep
will detect
- it and add its name to the vtep_logical_switches
- column of the Chassis
table in the
- OVN_Southbound
database. Note, the tunnel_key
- column of VTEP logical switch is not filled at creation. The
- ovn-controller-vtep
will set the column when the
- correponding vtep logical switch is bound to an OVN logical network.
-
-
- -
- Now, the administrator can use the CMS to add a VTEP logical switch
- to the OVN logical network. To do that, the CMS must first create a
- new
Logical_Switch_Port
table entry in the
- OVN_Northbound
database. Then, the type column
- of this entry must be set to "vtep". Next, the
- vtep-logical-switch and vtep-physical-switch keys
- in the options column must also be specified, since
- multiple VTEP gateways can attach to the same VTEP logical switch.
-
-
- -
- The newly created logical port in the
OVN_Northbound
- database and its configuration will be passed down to the
- OVN_Southbound
database as a new Port_Binding
- table entry. The ovn-controller-vtep
will recognize the
- change and bind the logical port to the corresponding VTEP gateway
- chassis. Configuration of binding the same VTEP logical switch to
- a different OVN logical networks is not allowed and a warning will be
- generated in the log.
-
-
- -
- Beside binding to the VTEP gateway chassis, the
- ovn-controller-vtep
will update the tunnel_key
- column of the VTEP logical switch to the corresponding
- Datapath_Binding
table entry's tunnel_key for the
- bound OVN logical network.
-
-
- -
- Next, the
ovn-controller-vtep
will keep reacting to the
- configuration change in the Port_Binding
in the
- OVN_Northbound
database, and updating the
- Ucast_Macs_Remote
table in the VTEP
database.
- This allows the VTEP gateway to understand where to forward the unicast
- traffic coming from the extended external network.
-
-
- -
- Eventually, the VTEP gateway's life cycle ends when the administrator
- unregisters the VTEP gateway from the
VTEP
database.
- The ovn-controller-vtep
will recognize the event and
- remove all related configurations (Chassis
table entry
- and port bindings) in the OVN_Southbound
database.
-
-
- -
- When the
ovn-controller-vtep
is terminated, all related
- configurations in the OVN_Southbound
database and
- the VTEP
database will be cleaned, including
- Chassis
table entries for all registered VTEP gateways
- and their port bindings, and all Ucast_Macs_Remote
table
- entries and the Logical_Switch
tunnel keys.
-
-
-
- Native OVN services for external logical ports
-
-
- To support OVN native services (like DHCP/IPv6 RA/DNS lookup) to the
- cloud resources which are external, OVN supports external
- logical ports.
-
-
-
- Below are some of the use cases where external
ports can be
- used.
-
-
-
- -
- VMs connected to SR-IOV nics - Traffic from these VMs by passes the
- kernel stack and local
ovn-controller
do not bind these
- ports and cannot serve the native services.
-
- -
- When CMS supports provisioning baremetal servers.
-
-
-
-
- OVN will provide the native services if CMS has done the below
- configuration in the OVN Northbound Database.
-
-
-
- -
- A row is created in
Logical_Switch_Port
, configuring the
- column
- and setting the to external
.
-
-
- -
-
column is configured.
-
-
- -
- The HA chassis which belongs to the HA chassis group has the
-
ovn-bridge-mappings
configured and has proper L2
- connectivity so that it can receive the DHCP and other related request
- packets from these external resources.
-
-
- -
- The Logical_Switch of this port has a
localnet
port.
-
-
- -
- Native OVN services are enabled by configuring the DHCP and other
- options like the way it is done for the normal logical ports.
-
-
-
-
- It is recommended to use the same HA chassis group for all the external
- ports of a logical switch. Otherwise, the physical switch might see MAC
- flap issue when different chassis provide the native services. For
- example when supporting native DHCPv4 service, DHCPv4 server mac
- (configured in column in table ) originating
- from different ports can cause MAC flap issue.
- The MAC of the logical router IP(s) can also flap if the same HA chassis
- group is not set for all the external ports of a logical switch.
-
-
- Security
-
- Role-Based Access Controls for the Soutbound DB
-
- In order to provide additional security against the possibility of an OVN
- chassis becoming compromised in such a way as to allow rogue software to
- make arbitrary modifications to the southbound database state and thus
- disrupt the OVN network, role-based access controls (see
- ovsdb-server(1)
for additional details) are provided for the
- southbound database.
-
-
-
- The implementation of role-based access controls (RBAC) requires the
- addition of two tables to an OVSDB schema: the RBAC_Role
- table, which is indexed by role name and maps the the names of the various
- tables that may be modifiable for a given role to individual rows in a
- permissions table containing detailed permission information for that role,
- and the permission table itself which consists of rows containing the
- following information:
-
-
- Table Name
- -
- The name of the associated table. This column exists primarily as an
- aid for humans reading the contents of this table.
-
-
- Auth Criteria
- -
- A set of strings containing the names of columns (or column:key pairs
- for columns containing string:string maps). The contents of at least
- one of the columns or column:key values in a row to be modified,
- inserted, or deleted must be equal to the ID of the client attempting
- to act on the row in order for the authorization check to pass. If the
- authorization criteria is empty, authorization checking is disabled and
- all clients for the role will be treated as authorized.
-
-
- Insert/Delete
- -
- Row insertion/deletion permission; boolean value indicating whether
- insertion and deletion of rows is allowed for the associated table.
- If true, insertion and deletion of rows is allowed for authorized
- clients.
-
-
- Updatable Columns
- -
- A set of strings containing the names of columns or column:key pairs
- that may be updated or mutated by authorized clients. Modifications to
- columns within a row are only permitted when the authorization check
- for the client passes and all columns to be modified are included in
- this set of modifiable columns.
-
-
-
-
- RBAC configuration for the OVN southbound database is maintained by
- ovn-northd. With RBAC enabled, modifications are only permitted for the
- Chassis
, Encap
, Port_Binding
, and
- MAC_Binding
tables, and are resstricted as follows:
-
-
- Chassis
- -
-
- Authorization
: client ID must match the chassis name.
-
-
- Insert/Delete
: authorized row insertion and deletion
- are permitted.
-
-
- Update
: The columns nb_cfg
,
- external_ids
, encaps
, and
- vtep_logical_switches
may be modified when authorized.
-
-
-
- Encap
- -
-
- Authorization
: client ID must match the chassis name.
-
-
- Insert/Delete
: row insertion and row deletion
- are permitted.
-
-
- Update
: The columns type
,
- options
, and ip
can be modified.
-
-
-
- Port_Binding
- -
-
- Authorization
: disabled (all clients are considered
- authorized. A future enhancement may add columns (or keys to
- external_ids
) in order to control which chassis are
- allowed to bind each port.
-
-
- Insert/Delete
: row insertion/deletion are not permitted
- (ovn-northd maintains rows in this table.
-
-
- Update
: Only modifications to the chassis
- column are permitted.
-
-
-
- MAC_Binding
- -
-
- Authorization
: disabled (all clients are considered
- to be authorized).
-
-
- Insert/Delete
: row insertion/deletion are permitted.
-
-
- Update
: The columns logical_port
,
- ip
, mac
, and datapath
may be
- modified by ovn-controller.
-
-
-
-
-
- Enabling RBAC for ovn-controller connections to the southbound database
- requires the following steps:
-
-
-
- -
- Creating SSL certificates for each chassis with the certificate CN field
- set to the chassis name (e.g. for a chassis with
-
external-ids:system-id=chassis-1
, via the command
- "ovs-pki -u req+sign chassis-1 switch
").
-
- -
- Configuring each ovn-controller to use SSL when connecting to the
- southbound database (e.g. via "
ovs-vsctl set open .
- external-ids:ovn-remote=ssl:x.x.x.x:6642
").
-
- -
- Configuring a southbound database SSL remote with "ovn-controller" role
- (e.g. via "
ovn-sbctl set-connection role=ovn-controller
- pssl:6642
").
-
-
-
- Encrypt Tunnel Traffic with IPsec
-
- OVN tunnel traffic goes through physical routers and switches. These
- physical devices could be untrusted (devices in public network) or might be
- compromised. Enabling encryption to the tunnel traffic can prevent the
- traffic data from being monitored and manipulated.
-
-
- The tunnel traffic is encrypted with IPsec. The CMS sets the
- ipsec
column in the northbound NB_Global
table to
- enable or disable IPsec encrytion. If ipsec
is true, all OVN
- tunnels will be encrypted. If ipsec
is false, no OVN tunnels
- will be encrypted.
-
-
- When CMS updates the ipsec
column in the northbound
- NB_Global
table, ovn-northd
copies the value to
- the ipsec
column in the southbound SB_Global
- table. ovn-controller
in each chassis monitors the southbound
- database and sets the options of the OVS tunnel interface accordingly. OVS
- tunnel interface options are monitored by the
- ovs-monitor-ipsec
daemon which configures IKE daemon to set up
- IPsec connections.
-
-
- Chassis authenticates each other by using certificate. The authentication
- succeeds if the other end in tunnel presents a certificate signed by a
- trusted CA and the common name (CN) matches the expected chassis name. The
- SSL certificates used in role-based access controls (RBAC) can be used in
- IPsec. Or use ovs-pki
to create different certificates. The
- certificate is required to be x.509 version 3, and with CN field and
- subjectAltName field being set to the chassis name.
-
-
- The CA certificate, chassis certificate and private key are required to be
- installed in each chassis before enabling IPsec. Please see
- ovs-vswitchd.conf.db
(5) for setting up CA based IPsec
- authentication.
-
- Design Decisions
-
- Tunnel Encapsulations
-
-
- OVN annotates logical network packets that it sends from one hypervisor to
- another with the following three pieces of metadata, which are encoded in
- an encapsulation-specific fashion:
-
-
-
- -
- 24-bit logical datapath identifier, from the
tunnel_key
- column in the OVN Southbound Datapath_Binding
table.
-
-
- -
- 15-bit logical ingress port identifier. ID 0 is reserved for internal
- use within OVN. IDs 1 through 32767, inclusive, may be assigned to
- logical ports (see the
tunnel_key
column in the OVN
- Southbound Port_Binding
table).
-
-
- -
- 16-bit logical egress port identifier. IDs 0 through 32767 have the same
- meaning as for logical ingress ports. IDs 32768 through 65535,
- inclusive, may be assigned to logical multicast groups (see the
-
tunnel_key
column in the OVN Southbound
- Multicast_Group
table).
-
-
-
-
- For hypervisor-to-hypervisor traffic, OVN supports only Geneve and STT
- encapsulations, for the following reasons:
-
-
-
- -
- Only STT and Geneve support the large amounts of metadata (over 32 bits
- per packet) that OVN uses (as described above).
-
-
- -
- STT and Geneve use randomized UDP or TCP source ports that allows
- efficient distribution among multiple paths in environments that use ECMP
- in their underlay.
-
-
- -
- NICs are available to offload STT and Geneve encapsulation and
- decapsulation.
-
-
-
-
- Due to its flexibility, the preferred encapsulation between hypervisors is
- Geneve. For Geneve encapsulation, OVN transmits the logical datapath
- identifier in the Geneve VNI.
-
-
- OVN transmits the logical ingress and logical egress ports in a TLV with
- class 0x0102, type 0x80, and a 32-bit value encoded as follows, from MSB to
- LSB:
-
-
-
-
-
-
-
- Environments whose NICs lack Geneve offload may prefer STT encapsulation
- for performance reasons. For STT encapsulation, OVN encodes all three
- pieces of logical metadata in the STT 64-bit tunnel ID as follows, from MSB
- to LSB:
-
-
-
-
-
-
-
- For connecting to gateways, in addition to Geneve and STT, OVN supports
- VXLAN, because only VXLAN support is common on top-of-rack (ToR) switches.
- Currently, gateways have a feature set that matches the capabilities as
- defined by the VTEP schema, so fewer bits of metadata are necessary. In
- the future, gateways that do not support encapsulations with large amounts
- of metadata may continue to have a reduced feature set.
-
-
diff --git a/ovn/utilities/automake.mk b/ovn/utilities/automake.mk
index e8c59a2ebd1..c2c3b7d5c92 100644
--- a/ovn/utilities/automake.mk
+++ b/ovn/utilities/automake.mk
@@ -1,43 +1,16 @@
-scripts_SCRIPTS += \
- ovn/utilities/ovn-ctl \
- ovn/utilities/ovndb-servers.ocf
-
man_MANS += \
- ovn/utilities/ovn-ctl.8 \
ovn/utilities/ovn-nbctl.8 \
- ovn/utilities/ovn-sbctl.8 \
- ovn/utilities/ovn-trace.8 \
- ovn/utilities/ovn-detrace.1
+ ovn/utilities/ovn-sbctl.8
MAN_ROOTS += \
- ovn/utilities/ovn-sbctl.8.in \
- ovn/utilities/ovn-detrace.1.in
-
-# Docker drivers
-bin_SCRIPTS += \
- ovn/utilities/ovn-docker-overlay-driver \
- ovn/utilities/ovn-docker-underlay-driver \
- ovn/utilities/ovn-detrace
+ ovn/utilities/ovn-sbctl.8.in
EXTRA_DIST += \
- ovn/utilities/ovn-ctl \
- ovn/utilities/ovn-ctl.8.xml \
- ovn/utilities/ovn-docker-overlay-driver.in \
- ovn/utilities/ovn-docker-underlay-driver.in \
- ovn/utilities/ovn-nbctl.8.xml \
- ovn/utilities/ovn-trace.8.xml \
- ovn/utilities/ovn-detrace.in \
- ovn/utilities/ovndb-servers.ocf
+ ovn/utilities/ovn-nbctl.8.xml
CLEANFILES += \
- ovn/utilities/ovn-ctl.8 \
- ovn/utilities/ovn-docker-overlay-driver \
- ovn/utilities/ovn-docker-underlay-driver \
ovn/utilities/ovn-nbctl.8 \
- ovn/utilities/ovn-sbctl.8 \
- ovn/utilities/ovn-trace.8 \
- ovn/utilities/ovn-detrace.1 \
- ovn/utilities/ovn-detrace
+ ovn/utilities/ovn-sbctl.8
# ovn-nbctl
bin_PROGRAMS += ovn/utilities/ovn-nbctl
@@ -48,10 +21,3 @@ ovn_utilities_ovn_nbctl_LDADD = ovn/lib/libovn.la ovsdb/libovsdb.la lib/libopenv
bin_PROGRAMS += ovn/utilities/ovn-sbctl
ovn_utilities_ovn_sbctl_SOURCES = ovn/utilities/ovn-sbctl.c
ovn_utilities_ovn_sbctl_LDADD = ovn/lib/libovn.la ovsdb/libovsdb.la lib/libopenvswitch.la
-
-# ovn-trace
-bin_PROGRAMS += ovn/utilities/ovn-trace
-ovn_utilities_ovn_trace_SOURCES = ovn/utilities/ovn-trace.c
-ovn_utilities_ovn_trace_LDADD = ovn/lib/libovn.la ovsdb/libovsdb.la lib/libopenvswitch.la
-
-include ovn/utilities/bugtool/automake.mk
diff --git a/ovn/utilities/bugtool/automake.mk b/ovn/utilities/bugtool/automake.mk
deleted file mode 100644
index 8582074a7ea..00000000000
--- a/ovn/utilities/bugtool/automake.mk
+++ /dev/null
@@ -1,9 +0,0 @@
-if HAVE_PYTHON2
-bugtool_plugins += \
- ovn/utilities/bugtool/plugins/network-status/ovn.xml
-
-bugtool_scripts += \
- ovn/utilities/bugtool/ovn-bugtool-nbctl-show \
- ovn/utilities/bugtool/ovn-bugtool-sbctl-show \
- ovn/utilities/bugtool/ovn-bugtool-sbctl-lflow-list
-endif
diff --git a/ovn/utilities/bugtool/ovn-bugtool-nbctl-show b/ovn/utilities/bugtool/ovn-bugtool-nbctl-show
deleted file mode 100644
index 927252745c0..00000000000
--- a/ovn/utilities/bugtool/ovn-bugtool-nbctl-show
+++ /dev/null
@@ -1,19 +0,0 @@
-#! /bin/sh
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General
-# Public License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-# Copyright (C) 2016 Nicira, Inc.
-
-ovn-nbctl --timeout=3 show
diff --git a/ovn/utilities/bugtool/ovn-bugtool-sbctl-lflow-list b/ovn/utilities/bugtool/ovn-bugtool-sbctl-lflow-list
deleted file mode 100644
index 33a15d7d582..00000000000
--- a/ovn/utilities/bugtool/ovn-bugtool-sbctl-lflow-list
+++ /dev/null
@@ -1,19 +0,0 @@
-#! /bin/sh
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General
-# Public License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-# Copyright (C) 2016 Nicira, Inc.
-
-ovn-sbctl --timeout=3 lflow-list
diff --git a/ovn/utilities/bugtool/ovn-bugtool-sbctl-show b/ovn/utilities/bugtool/ovn-bugtool-sbctl-show
deleted file mode 100644
index b6741bcc258..00000000000
--- a/ovn/utilities/bugtool/ovn-bugtool-sbctl-show
+++ /dev/null
@@ -1,19 +0,0 @@
-#! /bin/sh
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General
-# Public License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-# Copyright (C) 2016 Nicira, Inc.
-
-ovn-sbctl --timeout=3 show
diff --git a/ovn/utilities/bugtool/plugins/network-status/ovn.xml b/ovn/utilities/bugtool/plugins/network-status/ovn.xml
deleted file mode 100644
index 3b399feb3af..00000000000
--- a/ovn/utilities/bugtool/plugins/network-status/ovn.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
- /usr/share/openvswitch/scripts/ovn-bugtool-nbctl-show
- /usr/share/openvswitch/scripts/ovn-bugtool-sbctl-show
- /usr/share/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list
-
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
deleted file mode 100755
index 7e5cd469c83..00000000000
--- a/ovn/utilities/ovn-ctl
+++ /dev/null
@@ -1,822 +0,0 @@
-#!/bin/sh
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-case $0 in
- */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
- *) dir0=./ ;;
-esac
-. "$dir0/ovs-lib" || exit 1
-
-for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
- case :$PATH: in
- *:$dir:*) ;;
- *) PATH=$PATH:$dir ;;
- esac
-done
-
-
-ovnnb_active_conf_file="$etcdir/ovnnb-active.conf"
-ovnsb_active_conf_file="$etcdir/ovnsb-active.conf"
-ovn_northd_db_conf_file="$etcdir/ovn-northd-db-params.conf"
-## ----- ##
-## start ##
-## ----- ##
-
-pidfile_is_running () {
- pidfile=$1
- test -e "$pidfile" && pid=`cat "$pidfile"` && pid_exists "$pid"
-} >/dev/null 2>&1
-
-stop_nb_ovsdb() {
- if pidfile_is_running $DB_NB_PID; then
- ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl exit
- fi
-}
-
-stop_sb_ovsdb() {
- if pidfile_is_running $DB_SB_PID; then
- ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl exit
- fi
-}
-
-stop_ovsdb () {
- stop_nb_ovsdb
- stop_sb_ovsdb
-}
-
-demote_ovnnb() {
- if test ! -z "$DB_NB_SYNC_FROM_ADDR"; then
- echo "$DB_NB_SYNC_FROM_PROTO:$DB_NB_SYNC_FROM_ADDR:$DB_NB_SYNC_FROM_PORT" > $ovnnb_active_conf_file
- fi
-
- if test -e $ovnnb_active_conf_file; then
- ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl ovsdb-server/set-active-ovsdb-server `cat $ovnnb_active_conf_file`
- ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl ovsdb-server/connect-active-ovsdb-server
- else
- echo >&2 "$0: active server details not set"
- exit 1
- fi
-}
-
-demote_ovnsb() {
- if test ! -z "$DB_SB_SYNC_FROM_ADDR"; then
- echo "$DB_SB_SYNC_FROM_PROTO:$DB_SB_SYNC_FROM_ADDR:$DB_SB_SYNC_FROM_PORT" > $ovnsb_active_conf_file
- fi
-
- if test -e $ovnsb_active_conf_file; then
- ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl ovsdb-server/set-active-ovsdb-server `cat $ovnsb_active_conf_file`
- ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl ovsdb-server/connect-active-ovsdb-server
- else
- echo >&2 "$0: active server details not set"
- exit 1
- fi
-}
-
-promote_ovnnb() {
- rm -f $ovnnb_active_conf_file
- ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl ovsdb-server/disconnect-active-ovsdb-server
-}
-
-promote_ovnsb() {
- rm -f $ovnsb_active_conf_file
- ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl ovsdb-server/disconnect-active-ovsdb-server
-}
-
-start_ovsdb__() {
- local DB=$1 db=$2 schema_name=$3 table_name=$4
- local db_pid_file
- local cluster_local_addr
- local cluster_local_port
- local cluster_local_proto
- local cluster_remote_addr
- local cluster_remote_port
- local cluster_remote_proto
- local sync_from_proto
- local sync_from_addr
- local sync_from_port
- local file
- local schema
- local logfile
- local log
- local sock
- local detach
- local create_insecure_remote
- local port
- local addr
- local active_conf_file
- local use_remote_in_db
- local ovn_db_ssl_key
- local ovn_db_ssl_cert
- local ovn_db_ssl_cacert
- eval db_pid_file=\$DB_${DB}_PID
- eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
- eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
- eval cluster_local_proto=\$DB_${DB}_CLUSTER_LOCAL_PROTO
- eval cluster_remote_addr=\$DB_${DB}_CLUSTER_REMOTE_ADDR
- eval cluster_remote_port=\$DB_${DB}_CLUSTER_REMOTE_PORT
- eval cluster_remote_proto=\$DB_${DB}_CLUSTER_REMOTE_PROTO
- eval sync_from_proto=\$DB_${DB}_SYNC_FROM_PROTO
- eval sync_from_addr=\$DB_${DB}_SYNC_FROM_ADDR
- eval sync_from_port=\$DB_${DB}_SYNC_FROM_PORT
- eval file=\$DB_${DB}_FILE
- eval schema=\$DB_${DB}_SCHEMA
- eval logfile=\$OVN_${DB}_LOGFILE
- eval log=\$OVN_${DB}_LOG
- eval sock=\$DB_${DB}_SOCK
- eval detach=\$DB_${DB}_DETACH
- eval create_insecure_remote=\$DB_${DB}_CREATE_INSECURE_REMOTE
- eval port=\$DB_${DB}_PORT
- eval addr=\$DB_${DB}_ADDR
- eval active_conf_file=\$ovn${db}_active_conf_file
- eval use_remote_in_db=\$DB_${DB}_USE_REMOTE_IN_DB
- eval ovn_db_ssl_key=\$OVN_${DB}_DB_SSL_KEY
- eval ovn_db_ssl_cert=\$OVN_${DB}_DB_SSL_CERT
- eval ovn_db_ssl_cacert=\$OVN_${DB}_DB_SSL_CA_CERT
-
- install_dir "$OVN_RUNDIR"
- # Check and eventually start ovsdb-server for DB
- if pidfile_is_running $db_pid_file; then
- return
- fi
-
- if test ! -z "$cluster_local_addr"; then
- mode=cluster
- elif test ! -z "$sync_from_addr"; then
- mode=active_passive
- echo "$sync_from_proto:$sync_from_addr:\
-$sync_from_port" > $active_conf_file
- else
- mode=standalone
- fi
-
- if test $mode = cluster; then
- local local=$cluster_local_proto:$cluster_local_addr:\
-$cluster_local_port
- local remote=$cluster_remote_proto:$cluster_remote_addr:\
-$cluster_remote_port
- if test -n "$cluster_remote_addr"; then
- join_cluster "$file" "$schema_name" "$local" "$remote"
- else
- create_cluster "$file" "$schema" "$local"
- fi
- else
- upgrade_db "$file" "$schema"
- fi
-
- set ovsdb-server
- set "$@" $log --log-file=$logfile
- set "$@" --remote=punix:$sock --pidfile=$db_pid_file
- set "$@" --unixctl=ovn${db}_db.ctl
-
- [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
-
- if test X"$detach" != Xno; then
- set "$@" --detach --monitor
- else
- set exec "$@"
- fi
-
- if test X"$use_remote_in_db" != Xno; then
- set "$@" --remote=db:$schema_name,$table_name,connections
- fi
-
- if test X"$ovn_db_ssl_key" != X; then
- set "$@" --private-key=$ovn_db_ssl_key
- else
- set "$@" --private-key=db:$schema_name,SSL,private_key
- fi
- if test X"$ovn_db_ssl_cert" != X; then
- set "$@" --certificate=$ovn_db_ssl_cert
- else
- set "$@" --certificate=db:$schema_name,SSL,certificate
- fi
- if test X"$ovn_db_ssl_cacert" != X; then
- set "$@" --ca-cert=$ovn_db_ssl_cacert
- else
- set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
- fi
-
- set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
- set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
-
- if test X"$create_insecure_remote" = Xyes; then
- set "$@" --remote=ptcp:$port:$addr
- fi
-
- if test $mode = active_passive; then
- set "$@" --sync-from=`cat $active_conf_file`
- fi
-
- "$@" "$file"
-
- # Initialize the database if it's running standalone,
- # active-passive, or is the first server in a cluster.
- if test -z "$cluster_remote_addr"; then
- ovn-${db}ctl init
- fi
-
- if test $mode = cluster; then
- upgrade_cluster "$schema" "unix:$sock"
- fi
-}
-
-start_nb_ovsdb() {
- start_ovsdb__ NB nb OVN_Northbound NB_Global
-}
-
-start_sb_ovsdb() {
- # Increase the limit on the number of open file descriptors, because
- # SB DB may connect to large number of chassises, on top of connections
- # for cluster members, northd, and serveral local unix sockets.
- MAXFD=8192
- if [ $(ulimit -n) -lt $MAXFD ]; then
- ulimit -n $MAXFD
- fi
-
- start_ovsdb__ SB sb OVN_Southbound SB_Global
-}
-
-start_ovsdb () {
- start_nb_ovsdb
- start_sb_ovsdb
-}
-
-sync_status() {
- ovs-appctl -t $OVN_RUNDIR/ovn${1}_db.ctl ovsdb-server/sync-status | awk '{if(NR==1) print $2}'
-}
-
-status_ovnnb() {
- if ! pidfile_is_running $DB_NB_PID; then
- echo "not-running"
- else
- echo "running/$(sync_status nb)"
- fi
-}
-
-status_ovnsb() {
- if ! pidfile_is_running $DB_SB_PID; then
- echo "not-running"
- else
- echo "running/$(sync_status sb)"
- fi
-}
-
-status_ovsdb () {
- if ! pidfile_is_running $DB_NB_PID; then
- log_success_msg "OVN Northbound DB is not running"
- else
- log_success_msg "OVN Northbound DB is running"
- fi
-
- if ! pidfile_is_running $DB_SB_PID; then
- log_success_msg "OVN Southbound DB is not running"
- else
- log_success_msg "OVN Southbound DB is running"
- fi
-}
-
-run_nb_ovsdb() {
- DB_NB_DETACH=no
- start_nb_ovsdb
-}
-
-run_sb_ovsdb() {
- DB_SB_DETACH=no
- start_sb_ovsdb
-}
-
-start_northd () {
- if [ ! -e $ovn_northd_db_conf_file ]; then
- if test X"$OVN_MANAGE_OVSDB" = Xyes; then
- start_ovsdb
-
- if ! pidfile_is_running $DB_NB_PID; then
- log_failure_msg "OVN Northbound DB is not running"
- exit
- fi
- if ! pidfile_is_running $DB_SB_PID; then
- log_failure_msg "OVN Southbound DB is not running"
- exit
- fi
- fi
- ovn_northd_params="--ovnnb-db=$OVN_NORTHD_NB_DB \
- --ovnsb-db=$OVN_NORTHD_SB_DB"
- else
- ovn_northd_params="`cat $ovn_northd_db_conf_file`"
- fi
-
- if daemon_is_running ovn-northd; then
- log_success_msg "ovn-northd is already running"
- else
- set ovn-northd
- if test X"$OVN_NORTHD_LOGFILE" != X; then
- set "$@" --log-file=$OVN_NORTHD_LOGFILE
- fi
-
- [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
-
- set "$@" $OVN_NORTHD_LOG $ovn_northd_params
-
- OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_NORTHD_PRIORITY" "$OVN_NORTHD_WRAPPER" "$@"
- fi
-}
-
-start_controller () {
- set ovn-controller "unix:$DB_SOCK"
- set "$@" $OVN_CONTROLLER_LOG
- if test X"$OVN_CONTROLLER_SSL_KEY" != X; then
- set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY
- fi
- if test X"$OVN_CONTROLLER_SSL_CERT" != X; then
- set "$@" --certificate=$OVN_CONTROLLER_SSL_CERT
- fi
- if test X"$OVN_CONTROLLER_SSL_CA_CERT" != X; then
- set "$@" --ca-cert=$OVN_CONTROLLER_SSL_CA_CERT
- fi
- if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
- set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
- fi
-
- [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
-
- OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
-}
-
-start_controller_vtep () {
- set ovn-controller-vtep
- set "$@" -vconsole:emer -vsyslog:err -vfile:info
- if test X"$OVN_CONTROLLER_SSL_KEY" != X; then
- set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY
- fi
- if test X"$OVN_CONTROLLER_SSL_CERT" != X; then
- set "$@" --certificate=$OVN_CONTROLLER_SSL_CERT
- fi
- if test X"$OVN_CONTROLLER_SSL_CA_CERT" != X; then
- set "$@" --ca-cert=$OVN_CONTROLLER_SSL_CA_CERT
- fi
- if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
- set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
- fi
- if test X"$DB_SOCK" != X; then
- set "$@" --vtep-db=$DB_SOCK
- fi
- if test X"$DB_SB_SOCK" != X; then
- set "$@" --ovnsb-db=$DB_SB_SOCK
- fi
-
- [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
-
- OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
-}
-
-## ---- ##
-## stop ##
-## ---- ##
-
-stop_northd () {
- OVS_RUNDIR=${OVN_RUNDIR} stop_daemon ovn-northd
-
- if [ ! -e $ovn_northd_db_conf_file ]; then
- if test X"$OVN_MANAGE_OVSDB" = Xyes; then
- stop_ovsdb
- fi
- fi
-}
-
-stop_controller () {
- OVS_RUNDIR=${OVN_RUNDIR} stop_daemon ovn-controller "$@"
-}
-
-stop_controller_vtep () {
- OVS_RUNDIR=${OVN_RUNDIR} stop_daemon ovn-controller-vtep
-}
-
-## ------- ##
-## restart ##
-## ------- ##
-
-restart_northd () {
- stop_northd
- start_northd
-}
-
-restart_controller () {
- stop_controller --restart
- start_controller
-}
-
-restart_controller_vtep () {
- stop_controller_vtep
- start_controller_vtep
-}
-
-restart_ovsdb () {
- stop_ovsdb
- start_ovsdb
-}
-
-restart_nb_ovsdb () {
- stop_nb_ovsdb
- start_nb_ovsdb
-}
-
-restart_sb_ovsdb () {
- stop_sb_ovsdb
- start_sb_ovsdb
-}
-
-## ---- ##
-## main ##
-## ---- ##
-
-set_defaults () {
- OVN_MANAGE_OVSDB=yes
-
- OVS_RUNDIR=${OVS_RUNDIR:-${rundir}}
- OVN_RUNDIR=${OVN_RUNDIR:-${OVS_RUNDIR}}
-
- DB_NB_SOCK=$OVN_RUNDIR/ovnnb_db.sock
- DB_NB_PID=$OVN_RUNDIR/ovnnb_db.pid
- DB_NB_FILE=$dbdir/ovnnb_db.db
- DB_NB_ADDR=0.0.0.0
- DB_NB_PORT=6641
- DB_NB_SYNC_FROM_PROTO=tcp
- DB_NB_SYNC_FROM_ADDR=
- DB_NB_SYNC_FROM_PORT=6641
-
- DB_SB_SOCK=$OVN_RUNDIR/ovnsb_db.sock
- DB_SB_PID=$OVN_RUNDIR/ovnsb_db.pid
- DB_SB_FILE=$dbdir/ovnsb_db.db
- DB_SB_ADDR=0.0.0.0
- DB_SB_PORT=6642
- DB_SB_SYNC_FROM_PROTO=tcp
- DB_SB_SYNC_FROM_ADDR=
- DB_SB_SYNC_FROM_PORT=6642
-
- DB_NB_SCHEMA=$datadir/ovn-nb.ovsschema
- DB_SB_SCHEMA=$datadir/ovn-sb.ovsschema
-
- DB_SOCK=$OVN_RUNDIR/db.sock
- DB_CONF_FILE=$dbdir/conf.db
-
- OVN_NORTHD_PRIORITY=-10
- OVN_NORTHD_WRAPPER=
- OVN_CONTROLLER_PRIORITY=-10
- OVN_CONTROLLER_WRAPPER=
-
- OVN_USER=
- OVS_USER=
-
- OVN_CONTROLLER_LOG="-vconsole:emer -vsyslog:err -vfile:info"
- OVN_NORTHD_LOG="-vconsole:emer -vsyslog:err -vfile:info"
- OVN_NORTHD_LOGFILE=""
- OVN_NB_LOG="-vconsole:off -vfile:info"
- OVN_SB_LOG="-vconsole:off -vfile:info"
- OVN_NB_LOGFILE="$logdir/ovsdb-server-nb.log"
- OVN_SB_LOGFILE="$logdir/ovsdb-server-sb.log"
-
- OVN_CONTROLLER_SSL_KEY=""
- OVN_CONTROLLER_SSL_CERT=""
- OVN_CONTROLLER_SSL_CA_CERT=""
- OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
-
- DB_SB_CREATE_INSECURE_REMOTE="no"
- DB_NB_CREATE_INSECURE_REMOTE="no"
-
- MONITOR="yes"
-
- DB_NB_DETACH="yes"
- DB_SB_DETACH="yes"
-
- DB_NB_CLUSTER_LOCAL_ADDR=""
- DB_NB_CLUSTER_LOCAL_PROTO="tcp"
- DB_NB_CLUSTER_LOCAL_PORT=6643
- DB_NB_CLUSTER_REMOTE_ADDR=""
- DB_NB_CLUSTER_REMOTE_PROTO="tcp"
- DB_NB_CLUSTER_REMOTE_PORT=6643
-
- DB_SB_CLUSTER_LOCAL_ADDR=""
- DB_SB_CLUSTER_LOCAL_PROTO="tcp"
- DB_SB_CLUSTER_LOCAL_PORT=6644
- DB_SB_CLUSTER_REMOTE_ADDR=""
- DB_SB_CLUSTER_REMOTE_PROTO="tcp"
- DB_SB_CLUSTER_REMOTE_PORT=6644
-
- OVN_NORTHD_NB_DB="unix:$DB_NB_SOCK"
- OVN_NORTHD_SB_DB="unix:$DB_SB_SOCK"
- DB_NB_USE_REMOTE_IN_DB="yes"
- DB_SB_USE_REMOTE_IN_DB="yes"
-
- OVN_NB_DB_SSL_KEY=""
- OVN_NB_DB_SSL_CERT=""
- OVN_NB_DB_SSL_CA_CERT=""
-
- OVN_SB_DB_SSL_KEY=""
- OVN_SB_DB_SSL_CERT=""
- OVN_SB_DB_SSL_CA_CERT=""
-
-}
-
-set_option () {
- var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
- eval set=\${$var+yes}
- eval old_value=\$$var
- if test X$set = X || \
- (test $type = bool && \
- test X"$old_value" != Xno && test X"$old_value" != Xyes); then
- echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
- return
- fi
- eval $var=\$value
-}
-
-usage () {
- set_defaults
- cat << EOF
-$0: controls Open Virtual Network daemons
-usage: $0 [OPTIONS] COMMAND
-
-This program is intended to be invoked internally by Open Virtual Network
-startup scripts. System administrators should not normally invoke it directly.
-
-Commands:
- start_northd start ovn-northd
- start_ovsdb start ovn related ovsdb-server processes
- start_nb_ovsdb start ovn northbound db ovsdb-server process
- start_sb_ovsdb start ovn southbound db ovsdb-server process
- start_controller start ovn-controller
- start_controller_vtep start ovn-controller-vtep
- stop_northd stop ovn-northd
- stop_ovsdb stop ovn related ovsdb-server processes
- stop_nb_ovsdb stop ovn northbound db ovsdb-server process
- stop_sb_ovsdb stop ovn southbound db ovsdb-server process
- stop_controller stop ovn-controller
- stop_controller_vtep stop ovn-controller-vtep
- restart_northd restart ovn-northd
- restart_ovsdb restart ovn related ovsdb-server processes
- restart_nb_ovsdb restart ovn northbound db ovsdb-server process
- restart_sb_ovsdb restart ovn southbound db ovsdb-server process
- restart_controller restart ovn-controller
- restart_controller_vtep restart ovn-controller-vtep
- status_northd status ovs-northd
- status_ovsdb status related ovsdb-server processes
- status_controller status ovn-controller
- status_controller_vtep status ovn-controller-vtep
- promote_ovnnb promote ovn northbound db backup server to active
- promote_ovnsb promote ovn southbound db backup server to active
- demote_ovnnb demote ovn northbound db active server to backup
- demote_ovnsb demote ovn southbound db active server to backup
- run_nb_ovsdb run ovn northbound db ovsdb-server process
- run_sb_ovsdb run ovn southbound db ovsdb-server process
-
-Options:
- --ovn-northd-priority=NICE set ovn-northd's niceness (default: $OVN_NORTHD_PRIORITY)
- --ovn-northd-wrapper=WRAPPER run with a wrapper like valgrind for debugging
- --ovn-controller-priority=NICE set ovn-controller's niceness (default: $OVN_CONTROLLER_PRIORITY)
- --ovn-controller-wrapper=WRAPPER run with a wrapper like valgrind for debugging
- --ovn-controller-ssl-key=KEY OVN Southbound SSL private key file
- --ovn-controller-ssl-cert=CERT OVN Southbound SSL certificate file
- --ovn-controller-ssl-ca-cert=CERT OVN Southbound SSL CA certificate file
- --ovn-controller-ssl-bootstrap-ca-cert=CERT Bootstrapped OVN Southbound SSL CA certificate file
- --ovn-nb-db-ssl-key=KEY OVN Northbound DB SSL private key file
- --ovn-nb-db-ssl-cert=CERT OVN Northbound DB SSL certificate file
- --ovn-nb-db-ssl-ca-cert=CERT OVN Northbound DB SSL CA certificate file
- --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
- --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
- --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
- --ovn-manage-ovsdb=yes|no Whether or not the OVN databases should be
- automatically started and stopped along
- with ovn-northd. The default is "yes". If
- this is set to "no", the "start_ovsdb" and
- "stop_ovsdb" commands must be used to start
- and stop the OVN databases.
- --ovn-controller-log=STRING ovn controller process logging params (default: $OVN_CONTROLLER_LOG)
- --ovn-northd-log=STRING ovn northd process logging params (default: $OVN_NORTHD_LOG)
- --ovn-northd-logfile=STRING ovn northd process log file (default: $OVN_NORTHD_LOGFILE)
- --ovn-nb-log=STRING ovn NB ovsdb-server processes logging params (default: $OVN_NB_LOG)
- --ovn-sb-log=STRING ovn SB ovsdb-server processes logging params (default: $OVN_SB_LOG)
- --ovn-user="user[:group]" pass the --user flag to the ovn daemons
- --ovs-user="user[:group]" pass the --user flag to ovs daemons
- -h, --help display this help message
-
-File location options:
- --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
- --db-nb-sock=SOCKET OVN_Northbound db socket (default: $DB_NB_SOCK)
- --db-sb-scok=SOCKET OVN_Southbound db socket (default: $DB_SB_SOCK)
- --db-nb-file=FILE OVN_Northbound db file (default: $DB_NB_FILE)
- --db-sb-file=FILE OVN_Southbound db file (default: $DB_SB_FILE)
- --db-nb-schema=FILE OVN_Northbound db file (default: $DB_NB_SCHEMA)
- --db-sb-schema=FILE OVN_Southbound db file (default: $DB_SB_SCHEMA)
- --db-nb-addr=ADDR OVN Northbound db ptcp address (default: $DB_NB_ADDR)
- --db-nb-port=PORT OVN Northbound db ptcp port (default: $DB_NB_PORT)
- --db-sb-addr=ADDR OVN Southbound db ptcp address (default: $DB_SB_ADDR)
- --db-sb-port=PORT OVN Southbound db ptcp port (default: $DB_SB_PORT)
- --ovn-nb-logfile=FILE OVN Northbound log file (default: $OVN_NB_LOGFILE)
- --ovn-sb-logfile=FILE OVN Southbound log file (default: $OVN_SB_LOGFILE)
- --db-nb-sync-from-addr=ADDR OVN Northbound active db tcp address (default: $DB_NB_SYNC_FROM_ADDR)
- --db-nb-sync-from-port=PORT OVN Northbound active db tcp port (default: $DB_NB_SYNC_FROM_PORT)
- --db-nb-sync-from-proto=PROTO OVN Northbound active db transport (default: $DB_NB_SYNC_FROM_PROTO)
- --db-nb-create-insecure-remote=yes|no Create ptcp OVN Northbound remote (default: $DB_NB_CREATE_INSECURE_REMOTE)
- --db-sb-sync-from-addr=ADDR OVN Southbound active db tcp address (default: $DB_SB_SYNC_FROM_ADDR)
- --db-sb-sync-from-port=ADDR OVN Southbound active db tcp port (default: $DB_SB_SYNC_FROM_PORT)
- --db-sb-sync-from-proto=PROTO OVN Southbound active db transport (default: $DB_SB_SYNC_FROM_PROTO)
- --db-sb-create-insecure-remote=yes|no Create ptcp OVN Southbound remote (default: $DB_SB_CREATE_INSECURE_REMOTE)
- --db-nb-cluster-local-addr=ADDR OVN_Northbound cluster local address \
- (default: $DB_NB_CLUSTER_LOCAL_ADDR)
- --db-nb-cluster-local-port=PORT OVN_Northbound cluster local tcp port \
- (default: $DB_NB_CLUSTER_LOCAL_PORT)
- --db-nb-cluster-local-proto=PROTO OVN_Northbound cluster local db transport \
- (default: $DB_NB_CLUSTER_LOCAL_PROTO)
- --db-nb-cluster-remote-addr=ADDR OVN_Northbound cluster remote address \
- (default: $DB_NB_CLUSTER_REMOTE_ADDR)
- --db-nb-cluster-remote-port=PORT OVN_Northbound cluster remote tcp port \
- (default: $DB_NB_CLUSTER_REMOTE_PORT)
- --db-nb-cluster-remote-proto=PROTO OVN_Northbound cluster remote db \
- transport (default: $DB_NB_CLUSTER_REMOTE_PROTO)
- --db-sb-cluster-local-addr=ADDR OVN_Southbound cluster local address \
- (default: $DB_SB_CLUSTER_LOCAL_ADDR)
- --db-sb-cluster-local-port=PORT OVN_Southbound cluster local tcp port \
- (default: $DB_SB_CLUSTER_LOCAL_PORT)
- --db-sb-cluster-local-proto=PROTO OVN_Southbound cluster local db transport \
- (default: $DB_SB_CLUSTER_LOCAL_PROTO)
- --db-sb-cluster-remote-addr=ADDR OVN_Southbound cluster remote address \
- (default: $DB_SB_CLUSTER_REMOTE_ADDR)
- --db-sb-cluster-remote-port=PORT OVN_Southbound cluster remote tcp port \
- (default: $DB_SB_CLUSTER_REMOTE_PORT)
- --db-sb-cluster-remote-proto=PROTO OVN_Southbound cluster remote db \
- transport (default: $DB_SB_CLUSTER_REMOTE_PROTO)
- --ovn-northd-nb-db=NB DB address(es) (default: $OVN_NORTHD_NB_DB)
- --ovn-northd-sb-db=SB DB address(es) (default: $OVN_NORTHD_SB_DB)
- --db-nb-use-remote-in-db=yes|no OVN_Northbound db listen on target connection table (default: $DB_NB_USE_REMOTE_IN_DB)
- --db-sb-use-remote-in-db=yes|no OVN_Southbound db listen on target connection table (default: $DB_SB_USE_REMOTE_IN_DB)
-
-Default directories with "configure" option and environment variable override:
- logs: /usr/local/var/log/openvswitch (--with-logdir, OVS_LOGDIR)
- pidfiles and sockets: /usr/local/var/run/openvswitch (--with-rundir, OVS_RUNDIR)
- ovn-nb.db: /usr/local/etc/openvswitch (--with-dbdir, OVS_DBDIR)
- ovn-sb.db: /usr/local/etc/openvswitch (--with-dbdir, OVS_DBDIR)
- system configuration: /usr/local/etc (--sysconfdir, OVS_SYSCONFDIR)
- data files: /usr/local/share/openvswitch (--pkgdatadir, OVS_PKGDATADIR)
- user binaries: /usr/local/bin (--bindir, OVS_BINDIR)
- system binaries: /usr/local/sbin (--sbindir, OVS_SBINDIR)
-EOF
-}
-
-set_defaults
-command=
-for arg
-do
- case $arg in
- -h | --help)
- usage
- ;;
- --[a-z]*=*)
- option=`expr X"$arg" : 'X--\([^=]*\)'`
- value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
- type=string
- set_option
- ;;
- --no-[a-z]*)
- option=`expr X"$arg" : 'X--no-\(.*\)'`
- value=no
- type=bool
- set_option
- ;;
- --[a-z]*)
- option=`expr X"$arg" : 'X--\(.*\)'`
- value=yes
- type=bool
- set_option
- ;;
- -*)
- echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
- exit 1
- ;;
- *)
- if test X"$command" = X; then
- command=$arg
- else
- echo >&2 "$0: exactly one non-option argument required (use --help for help)"
- exit 1
- fi
- ;;
- esac
-done
-case $command in
- start_northd)
- start_northd
- ;;
- start_ovsdb)
- start_ovsdb
- ;;
- start_nb_ovsdb)
- start_nb_ovsdb
- ;;
- start_sb_ovsdb)
- start_sb_ovsdb
- ;;
- start_controller)
- start_controller
- ;;
- start_controller_vtep)
- start_controller_vtep
- ;;
- stop_northd)
- stop_northd
- ;;
- stop_ovsdb)
- stop_ovsdb
- ;;
- stop_nb_ovsdb)
- stop_nb_ovsdb
- ;;
- stop_sb_ovsdb)
- stop_sb_ovsdb
- ;;
- stop_controller)
- stop_controller
- ;;
- stop_controller_vtep)
- stop_controller_vtep
- ;;
- restart_northd)
- restart_northd
- ;;
- restart_ovsdb)
- restart_ovsdb
- ;;
- restart_nb_ovsdb)
- restart_nb_ovsdb
- ;;
- restart_sb_ovsdb)
- restart_sb_ovsdb
- ;;
- restart_controller)
- restart_controller
- ;;
- restart_controller_vtep)
- restart_controller_vtep
- ;;
- status_northd)
- daemon_status ovn-northd || exit 1
- ;;
- status_ovsdb)
- status_ovsdb
- ;;
- status_controller)
- daemon_status ovn-controller || exit 1
- ;;
- status_controller_vtep)
- daemon_status ovn-controller-vtep || exit 1
- ;;
- promote_ovnnb)
- promote_ovnnb
- ;;
- promote_ovnsb)
- promote_ovnsb
- ;;
- demote_ovnnb)
- demote_ovnnb
- ;;
- demote_ovnsb)
- demote_ovnsb
- ;;
- status_ovnnb)
- status_ovnnb
- ;;
- status_ovnsb)
- status_ovnsb
- ;;
- run_nb_ovsdb)
- run_nb_ovsdb
- ;;
- run_sb_ovsdb)
- run_sb_ovsdb
- ;;
- help)
- usage
- ;;
- preheat)
- echo >&2 "$0: preheating ovn to 350 degrees F."
- exit 1
- ;;
- '')
- echo >&2 "$0: missing command name (use --help for help)"
- exit 1
- ;;
- *)
- echo >&2 "$0: unknown command \"$command\" (use --help for help)"
- exit 1
- ;;
-esac
diff --git a/ovn/utilities/ovn-ctl.8.xml b/ovn/utilities/ovn-ctl.8.xml
deleted file mode 100644
index c5294d794b0..00000000000
--- a/ovn/utilities/ovn-ctl.8.xml
+++ /dev/null
@@ -1,215 +0,0 @@
-
-
- Name
- ovn-ctl -- Open Virtual Network northbound daemon lifecycle utility
-
- Synopsis
- ovn-ctl
[options] command
-
- Description
- This program is intended to be invoked internally by Open Virtual Network
- startup scripts. System administrators should not normally invoke it directly.
-
- Commands
-
-
- start_northd
- start_controller
- start_controller_vtep
- stop_northd
- stop_controller
- stop_controller_vtep
- restart_northd
- restart_controller
- restart_controller_vtep
- promote_ovnnb
- promote_ovnsb
- demote_ovnnb
- demote_ovnsb
- status_ovnnb
- status_ovnsb
- start_ovsdb
- start_nb_ovsdb
- start_sb_ovsdb
- stop_ovsdb
- stop_nb_ovsdb
- stop_sb_ovsdb
- restart_ovsdb
- run_nb_ovsdb
- run_sb_ovsdb
-
-
- Options
- --ovn-northd-priority=NICE
- --ovn-northd-wrapper=WRAPPER
- --ovn-controller-priority=NICE
- --ovn-controller-wrapper=WRAPPER
- --ovn-user=USER:GROUP
- --ovs-user=USER:GROUP
- -h
| --help
-
- File location options
- --db-sock=SOCKET
- --db-nb-file=FILE
- --db-sb-file=FILE
- --db-nb-schema=FILE
- --db-sb-schema=FILE
- --db-sb-create-insecure-remote=yes|no
- --db-nb-create-insecure-remote=yes|no
- --ovn-controller-ssl-key=KEY
- --ovn-controller-ssl-cert=CERT
- --ovn-controller-ssl-ca-cert=CERT
- --ovn-controller-ssl-bootstrap-ca-cert=CERT
-
- Address and port options
- --db-nb-sync-from-addr=IP ADDRESS
- --db-nb-sync-from-port=PORT NUMBER
- --db-nb-sync-from-proto=PROTO
- --db-sb-sync-from-addr=IP ADDRESS
- --db-sb-sync-from-port=PORT NUMBER
- --db-sb-sync-from-proto=PROTO
-
-
- --ovn-northd-nb-db=PROTO:IP ADDRESS:
- PORT..
-
-
-
-
- --ovn-northd-sb-db=PROTO:IP ADDRESS:
- PORT..
-
-
- Clustering options
- --db-nb-cluster-local-addr=IP ADDRESS
- --db-nb-cluster-local-port=PORT NUMBER
- --db-nb-cluster-local-proto=PROTO (tcp/ssl)
- --db-nb-cluster-remote-addr=IP ADDRESS
- --db-nb-cluster-remote-port=PORT NUMBER
- --db-nb-cluster-remote-proto=PROTO (tcp/ssl)
- --db-sb-cluster-local-addr=IP ADDRESS
- --db-sb-cluster-local-port=PORT NUMBER
- --db-sb-cluster-local-proto=PROTO (tcp/ssl)
- --db-sb-cluster-remote-addr=IP ADDRESS
- --db-sb-cluster-remote-port=PORT NUMBER
- --db-sb-cluster-remote-proto=PROTO (tcp/ssl)
-
- Configuration files
- Following are the optional configuration files. If present, it should be located in the etc dir
-
- ovnnb-active.conf
-
- If present, this file should hold the url to connect to the active
- Northbound DB server
-
- tcp:x.x.x.x:6641
-
- ovnsb-active.conf
-
- If present, this file should hold the url to connect to the active
- Southbound DB server
-
- tcp:x.x.x.x:6642
-
- ovn-northd-db-params.conf
-
- If present, start_northd will not start the DB server even if
- --ovn-manage-ovsdb=yes
. This file should hold the database url
- parameters to be passed to ovn-northd.
-
- --ovnnb-db=tcp:x.x.x.x:6641 --ovnsb-db=tcp:x.x.x.x:6642
-
- Running OVN db servers without detaching
- # ovn-ctl run_nb_ovsdb
-
- This command runs the OVN nb ovsdb-server without passing the
- detach
option, making it to block until ovsdb-server exits.
- This command will be useful for starting the OVN nb ovsdb-server in a
- container.
-
- # ovn-ctl run_sb_ovsdb
-
- This command runs the OVN sb ovsdb-server without passing the
- detach
option, making it to block until ovsdb-server exits.
- This command will be useful for starting the OVN sb ovsdb-server in a
- container.
-
-
- Example Usage
- Run ovn-controller on a host already running OVS
- # ovn-ctl start_controller
-
- Run ovn-northd on a host already running OVS
- # ovn-ctl start_northd
-
- All-in-one OVS+OVN for testing
- # ovs-ctl start --system-id="random"
- # ovn-ctl start_northd
- # ovn-ctl start_controller
-
- Promote and demote ovsdb servers
- # ovn-ctl promote_ovnnb
- # ovn-ctl promote_ovnsb
- # ovn-ctl --db-nb-sync-from-addr=x.x.x.x --db-nb-sync-from-port=6641 demote_ovnnb
- # ovn-ctl --db-sb-sync-from-addr=x.x.x.x --db-sb-sync-from-port=6642 demote_ovnsb
-
- Creating a clustered db on 3 nodes with IPs x.x.x.x, y.y.y.y and z.z.z.z
- Starting OVN ovsdb servers and ovn-northd on the node with IP x.x.x.x
-
-
- # ovn-ctl --db-nb-addr=x.x.x.x --db-nb-create-insecure-remote=yes
- --db-sb-addr=x.x.x.x --db-sb-create-insecure-remote=yes
- --db-nb-cluster-local-addr=x.x.x.x
- --db-sb-cluster-local-addr=x.x.x.x
- --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641
- --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642
- start_northd
-
-
-
- Starting OVN ovsdb-servers and ovn-northd on the node with IP y.y.y.y and joining the cluster started at x.x.x.x
-
-
- # ovn-ctl --db-nb-addr=y.y.y.y --db-nb-create-insecure-remote=yes
- --db-sb-addr=y.y.y.y --db-sb-create-insecure-remote=yes
- --db-nb-cluster-local-addr=y.y.y.y
- --db-sb-cluster-local-addr=y.y.y.y
- --db-nb-cluster-remote-addr=x.x.x.x
- --db-sb-cluster-remote-addr=x.x.x.x
- --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641
- --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642
- start_northd
-
-
-
- Starting OVN ovsdb-servers and ovn-northd on the node with IP z.z.z.z and joining the cluster started at x.x.x.x
-
-
- # ovn-ctl --db-nb-addr=z.z.z.z
- --db-nb-create-insecure-remote=yes
- --db-nb-cluster-local-addr=z.z.z.z
- --db-sb-addr=z.z.z.z
- --db-sb-create-insecure-remote=yes
- --db-sb-cluster-local-addr=z.z.z.z
- --db-nb-cluster-remote-addr=x.x.x.x
- --db-sb-cluster-remote-addr=x.x.x.x
- --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641
- --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642
- start_northd
-
-
-
- Passing ssl keys when starting OVN dbs will supercede the default ssl values in db
- Starting standalone ovn db server passing SSL certificates
-
-
- # ovn-ctl --ovn-nb-db-ssl-key=/etc/openvswitch/ovnnb-privkey.pem
- --ovn-nb-db-ssl-cert=/etc/openvswitch/ovnnb-cert.pem
- --ovn-nb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem
- --ovn-sb-db-ssl-key=/etc/openvswitch/ovnsb-privkey.pem
- --ovn-sb-db-ssl-cert=/etc/openvswitch/ovnsb-cert.pem
- --ovn-sb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem
- start_northd
-
-
-
diff --git a/ovn/utilities/ovn-detrace.1.in b/ovn/utilities/ovn-detrace.1.in
deleted file mode 100644
index 2f662d4fe73..00000000000
--- a/ovn/utilities/ovn-detrace.1.in
+++ /dev/null
@@ -1,38 +0,0 @@
-.so lib/ovs.tmac
-.TH ovn\-detrace 1 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
-.
-.SH NAME
-ovn\-detrace \- convert ``ovs\-appctl ofproto/trace'' output to combine
-OVN logical flow information.
-.
-.SH SYNOPSIS
-\fBovn\-detrace < \fIfile\fR
-.so lib/common-syn.man
-.
-.SH DESCRIPTION
-The \fBovn\-detrace\fR program reads \fBovs\-appctl ofproto/trace\fR output on
-stdin, looking for flow cookies, and expand each cookie with corresponding OVN
-logical flows. It expands logical flow further with the north-bound information
-e.g. the ACL that generated the logical flow, when relevant.
-.PP
-.
-.SH "OPTIONS"
-.so lib/common.man
-.
-.IP "\fB\-\-ovnsb=\fIserver\fR"
-The OVN Southbound DB remote to contact. If the \fBOVN_SB_DB\fR
-environment variable is set, its value is used as the default.
-Otherwise, the default is \fBunix:@RUNDIR@/ovnsb_db.sock\fR, but this
-default is unlikely to be useful outside of single-machine OVN test
-environments.
-.
-.IP "\fB\-\-ovnnb=\fIserver\fR"
-The OVN Northbound DB remote to contact. If the \fBOVN_NB_DB\fR
-environment variable is set, its value is used as the default.
-Otherwise, the default is \fBunix:@RUNDIR@/ovnnb_db.sock\fR, but this
-default is unlikely to be useful outside of single-machine OVN test
-environments.
-.
-.SH "SEE ALSO"
-.
-.BR ovs\-appctl (8), ovn\-sbctl (8), ovn-\-nbctl (8), ovn\-trace (8)
diff --git a/ovn/utilities/ovn-detrace.in b/ovn/utilities/ovn-detrace.in
deleted file mode 100755
index c842adc3212..00000000000
--- a/ovn/utilities/ovn-detrace.in
+++ /dev/null
@@ -1,215 +0,0 @@
-#! @PYTHON@
-#
-# Copyright (c) 2017 eBay Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import getopt
-import os
-import re
-import sys
-import time
-
-try:
- from ovs.db import idl
- from ovs import jsonrpc
- from ovs.poller import Poller
- from ovs.stream import Stream
-except Exception:
- print("ERROR: Please install the correct Open vSwitch python support")
- print(" libraries (@VERSION@).")
- print(" Alternatively, check that your PYTHONPATH is pointing to")
- print(" the correct location.")
- sys.exit(1)
-
-
-argv0 = sys.argv[0]
-
-
-def usage():
- print """\
-%(argv0)s:
-usage: %(argv0)s < FILE
-where FILE is output from ovs-appctl ofproto/trace.
-
-The following options are also available:
- -h, --help display this help message
- -V, --version display version information
- --ovnsb=DATABASE use DATABASE as southbound DB
- --ovnnb=DATABASE use DATABASE as northbound DB\
-""" % {'argv0': argv0}
- sys.exit(0)
-
-
-class OVSDB(object):
- @staticmethod
- def wait_for_db_change(idl):
- seq = idl.change_seqno
- stop = time.time() + 10
- while idl.change_seqno == seq and not idl.run():
- poller = Poller()
- idl.wait(poller)
- poller.block()
- if time.time() >= stop:
- raise Exception('Retry Timeout')
-
- def __init__(self, db_sock, schema_name):
- self._db_sock = db_sock
- self._txn = None
- schema = self._get_schema(schema_name)
- schema.register_all()
- self._idl_conn = idl.Idl(db_sock, schema)
- OVSDB.wait_for_db_change(self._idl_conn) # Initial Sync with DB
-
- def _get_schema(self, schema_name):
- error, strm = Stream.open_block(Stream.open(self._db_sock))
- if error:
- raise Exception("Unable to connect to %s" % self._db_sock)
- rpc = jsonrpc.Connection(strm)
- req = jsonrpc.Message.create_request('get_schema', [schema_name])
- error, resp = rpc.transact_block(req)
- rpc.close()
-
- if error or resp.error:
- raise Exception('Unable to retrieve schema.')
- return idl.SchemaHelper(None, resp.result)
-
- def get_table(self, table_name):
- return self._idl_conn.tables[table_name]
-
- def _find_row(self, table_name, find):
- return next(
- (row for row in self.get_table(table_name).rows.values()
- if find(row)), None)
-
- def _find_row_by_name(self, table_name, value):
- return self._find_row(table_name, lambda row: row.name == value)
-
- def find_row_by_partial_uuid(self, table_name, value):
- return self._find_row(table_name, lambda row: value in str(row.uuid))
-
-
-def get_lflow_from_cookie(ovnsb_db, cookie):
- return ovnsb_db.find_row_by_partial_uuid('Logical_Flow', cookie)
-
-
-def print_lflow(lflow, prefix):
- ldp_uuid = lflow.logical_datapath.uuid
- ldp_name = str(lflow.logical_datapath.external_ids.get('name'))
-
- print '%sLogical datapath: "%s" (%s) [%s]' % (prefix,
- ldp_name,
- ldp_uuid,
- lflow.pipeline)
- print "%sLogical flow: table=%s (%s), priority=%s, " \
- "match=(%s), actions=(%s)" % (prefix,
- lflow.table_id,
- lflow.external_ids.get('stage-name'),
- lflow.priority,
- str(lflow.match).strip('"'),
- str(lflow.actions).strip('"'))
-
-
-def print_lflow_nb_hint(lflow, prefix, ovnnb_db):
- external_ids = lflow.external_ids
- if external_ids.get('stage-name') in ['ls_in_acl',
- 'ls_out_acl']:
- acl_hint = external_ids.get('stage-hint')
- if not acl_hint:
- return
- acl = ovnnb_db.find_row_by_partial_uuid('ACL', acl_hint)
- if not acl:
- return
- output = "%sACL: %s, priority=%s, " \
- "match=(%s), %s" % (prefix,
- acl.direction,
- acl.priority,
- acl.match.strip('"'),
- acl.action)
- if acl.log:
- output += ' (log)'
- print output
-
-
-def main():
- try:
- options, args = getopt.gnu_getopt(sys.argv[1:], 'hV',
- ['help', 'version', 'ovnsb=', 'ovnnb='])
- except getopt.GetoptError, geo:
- sys.stderr.write("%s: %s\n" % (argv0, geo.msg))
- sys.exit(1)
-
- ovnsb_db = None
- ovnnb_db = None
-
- for key, value in options:
- if key in ['-h', '--help']:
- usage()
- elif key in ['-V', '--version']:
- print "%s (Open vSwitch) @VERSION@" % argv0
- elif key in ['--ovnsb']:
- ovnsb_db = value
- elif key in ['--ovnnb']:
- ovnnb_db = value
- else:
- sys.exit(0)
-
- if len(args) != 0:
- sys.stderr.write("%s: non-option argument not supported "
- "(use --help for help)\n" % argv0)
- sys.exit(1)
-
- ovs_rundir = os.getenv('OVS_RUNDIR', '@RUNDIR@')
- if not ovnsb_db:
- ovnsb_db = os.getenv('OVN_SB_DB')
- if not ovnsb_db:
- ovnsb_db = 'unix:%s/ovnsb_db.sock' % ovs_rundir
-
- if not ovnnb_db:
- ovnnb_db = os.getenv('OVN_NB_DB')
- if not ovnnb_db:
- ovnnb_db = 'unix:%s/ovnnb_db.sock' % ovs_rundir
-
- ovsdb_ovnsb = OVSDB(ovnsb_db, 'OVN_Southbound')
- ovsdb_ovnnb = OVSDB(ovnnb_db, 'OVN_Northbound')
-
- regex_cookie = re.compile(r'^.*cookie 0x([0-9a-fA-F]+)')
- regex_table_id = re.compile(r'^[0-9]+\.')
- cookie = None
- while True:
- line = sys.stdin.readline()
- if cookie:
- # print lflow info when the current flow block ends
- if regex_table_id.match(line) or line.strip() == '':
- lflow = get_lflow_from_cookie(ovsdb_ovnsb, cookie)
- print_lflow(lflow, " * ")
- print_lflow_nb_hint(lflow, " * ", ovsdb_ovnnb)
- cookie = None
-
- print line.strip()
- if line == "":
- break
-
- m = regex_cookie.match(line)
- if not m:
- continue
- cookie = m.group(1)
-
-
-if __name__ == "__main__":
- main()
-
-
-# Local variables:
-# mode: python
-# End:
diff --git a/ovn/utilities/ovn-docker-overlay-driver.in b/ovn/utilities/ovn-docker-overlay-driver.in
deleted file mode 100755
index 65edfcd9d19..00000000000
--- a/ovn/utilities/ovn-docker-overlay-driver.in
+++ /dev/null
@@ -1,442 +0,0 @@
-#! @PYTHON@
-# Copyright (C) 2015 Nicira, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import argparse
-import ast
-import atexit
-import json
-import os
-import random
-import re
-import shlex
-import subprocess
-import sys
-
-import ovs.dirs
-import ovs.util
-import ovs.daemon
-import ovs.vlog
-
-from flask import Flask, jsonify
-from flask import request, abort
-
-app = Flask(__name__)
-vlog = ovs.vlog.Vlog("ovn-docker-overlay-driver")
-
-OVN_BRIDGE = "br-int"
-OVN_NB = ""
-PLUGIN_DIR = "/etc/docker/plugins"
-PLUGIN_FILE = "/etc/docker/plugins/openvswitch.spec"
-
-
-def call_popen(cmd):
- child = subprocess.Popen(cmd, stdout=subprocess.PIPE)
- output = child.communicate()
- if child.returncode:
- raise RuntimeError("Fatal error executing %s" % (cmd))
- if len(output) == 0 or output[0] == None:
- output = ""
- else:
- output = output[0].strip()
- return output
-
-
-def call_prog(prog, args_list):
- cmd = [prog, "--timeout=5", "-vconsole:off"] + args_list
- return call_popen(cmd)
-
-
-def ovs_vsctl(*args):
- return call_prog("ovs-vsctl", list(args))
-
-
-def ovn_nbctl(*args):
- args_list = list(args)
- database_option = "%s=%s" % ("--db", OVN_NB)
- args_list.insert(0, database_option)
- return call_prog("ovn-nbctl", args_list)
-
-
-def cleanup():
- if os.path.isfile(PLUGIN_FILE):
- os.remove(PLUGIN_FILE)
-
-
-def ovn_init_overlay():
- br_list = ovs_vsctl("list-br").split()
- if OVN_BRIDGE not in br_list:
- ovs_vsctl("--", "--may-exist", "add-br", OVN_BRIDGE,
- "--", "set", "bridge", OVN_BRIDGE,
- "external_ids:bridge-id=" + OVN_BRIDGE,
- "other-config:disable-in-band=true", "fail-mode=secure")
-
- global OVN_NB
- OVN_NB = ovs_vsctl("get", "Open_vSwitch", ".",
- "external_ids:ovn-nb").strip('"')
- if not OVN_NB:
- sys.exit("OVN central database's ip address not set")
-
- ovs_vsctl("set", "open_vswitch", ".",
- "external_ids:ovn-bridge=" + OVN_BRIDGE)
-
-
-def prepare():
- parser = argparse.ArgumentParser()
-
- ovs.vlog.add_args(parser)
- ovs.daemon.add_args(parser)
- args = parser.parse_args()
- ovs.vlog.handle_args(args)
- ovs.daemon.handle_args(args)
- ovn_init_overlay()
-
- if not os.path.isdir(PLUGIN_DIR):
- os.makedirs(PLUGIN_DIR)
-
- ovs.daemon.daemonize()
- try:
- fo = open(PLUGIN_FILE, "w")
- fo.write("tcp://0.0.0.0:5000")
- fo.close()
- except Exception as e:
- ovs.util.ovs_fatal(0, "Failed to write to spec file (%s)" % str(e),
- vlog)
-
- atexit.register(cleanup)
-
-
-@app.route('/Plugin.Activate', methods=['POST'])
-def plugin_activate():
- return jsonify({"Implements": ["NetworkDriver"]})
-
-
-@app.route('/NetworkDriver.GetCapabilities', methods=['POST'])
-def get_capability():
- return jsonify({"Scope": "global"})
-
-
-@app.route('/NetworkDriver.DiscoverNew', methods=['POST'])
-def new_discovery():
- return jsonify({})
-
-
-@app.route('/NetworkDriver.DiscoverDelete', methods=['POST'])
-def delete_discovery():
- return jsonify({})
-
-
-@app.route('/NetworkDriver.CreateNetwork', methods=['POST'])
-def create_network():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- # NetworkID will have docker generated network uuid and it
- # becomes 'name' in a OVN Logical switch record.
- network = data.get("NetworkID", "")
- if not network:
- abort(400)
-
- # Limit subnet handling to ipv4 till ipv6 usecase is clear.
- ipv4_data = data.get("IPv4Data", "")
- if not ipv4_data:
- error = "create_network: No ipv4 subnet provided"
- return jsonify({'Err': error})
-
- subnet = ipv4_data[0].get("Pool", "")
- if not subnet:
- error = "create_network: no subnet in ipv4 data from libnetwork"
- return jsonify({'Err': error})
-
- gateway_ip = ipv4_data[0].get("Gateway", "").rsplit('/', 1)[0]
- if not gateway_ip:
- error = "create_network: no gateway in ipv4 data from libnetwork"
- return jsonify({'Err': error})
-
- try:
- ovn_nbctl("ls-add", network, "--", "set", "Logical_Switch",
- network, "external_ids:subnet=" + subnet,
- "external_ids:gateway_ip=" + gateway_ip)
- except Exception as e:
- error = "create_network: ls-add %s" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-@app.route('/NetworkDriver.DeleteNetwork', methods=['POST'])
-def delete_network():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- try:
- ovn_nbctl("ls-del", nid)
- except Exception as e:
- error = "delete_network: ls-del %s" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-@app.route('/NetworkDriver.CreateEndpoint', methods=['POST'])
-def create_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- interface = data.get("Interface", "")
- if not interface:
- error = "create_endpoint: no interfaces structure supplied by " \
- "libnetwork"
- return jsonify({'Err': error})
-
- ip_address_and_mask = interface.get("Address", "")
- if not ip_address_and_mask:
- error = "create_endpoint: ip address not provided by libnetwork"
- return jsonify({'Err': error})
-
- ip_address = ip_address_and_mask.rsplit('/', 1)[0]
- mac_address_input = interface.get("MacAddress", "")
- mac_address_output = ""
-
- try:
- ovn_nbctl("lsp-add", nid, eid)
- except Exception as e:
- error = "create_endpoint: lsp-add (%s)" % (str(e))
- return jsonify({'Err': error})
-
- if not mac_address_input:
- mac_address = "02:%02x:%02x:%02x:%02x:%02x" % (random.randint(0, 255),
- random.randint(0, 255),
- random.randint(0, 255),
- random.randint(0, 255),
- random.randint(0, 255))
- else:
- mac_address = mac_address_input
-
- try:
- ovn_nbctl("lsp-set-addresses", eid,
- mac_address + " " + ip_address)
- except Exception as e:
- error = "create_endpoint: lsp-set-addresses (%s)" % (str(e))
- return jsonify({'Err': error})
-
- # Only return a mac address if one did not come as request.
- mac_address_output = ""
- if not mac_address_input:
- mac_address_output = mac_address
-
- return jsonify({"Interface": {
- "Address": "",
- "AddressIPv6": "",
- "MacAddress": mac_address_output
- }})
-
-
-def get_lsp_addresses(eid):
- ret = ovn_nbctl("--if-exists", "get", "Logical_Switch_Port", eid,
- "addresses")
- if not ret:
- error = "endpoint not found in OVN database"
- return (None, None, error)
- addresses = ast.literal_eval(ret)
- if len(addresses) == 0:
- error = "unexpected return while fetching addresses"
- return (None, None, error)
- (mac_address, ip_address) = addresses[0].split()
- return (mac_address, ip_address, None)
-
-
-@app.route('/NetworkDriver.EndpointOperInfo', methods=['POST'])
-def show_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- try:
- (mac_address, ip_address, error) = get_lsp_addresses(eid)
- if error:
- jsonify({'Err': error})
- except Exception as e:
- error = "show_endpoint: get Logical_Switch_Port addresses. (%s)" \
- % (str(e))
- return jsonify({'Err': error})
-
- veth_outside = eid[0:15]
- return jsonify({"Value": {"ip_address": ip_address,
- "mac_address": mac_address,
- "veth_outside": veth_outside
- }})
-
-
-@app.route('/NetworkDriver.DeleteEndpoint', methods=['POST'])
-def delete_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- try:
- ovn_nbctl("lsp-del", eid)
- except Exception as e:
- error = "delete_endpoint: lsp-del %s" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-@app.route('/NetworkDriver.Join', methods=['POST'])
-def network_join():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- sboxkey = data.get("SandboxKey", "")
- if not sboxkey:
- abort(400)
-
- # sboxkey is of the form: /var/run/docker/netns/CONTAINER_ID
- vm_id = sboxkey.rsplit('/')[-1]
-
- try:
- (mac_address, ip_address, error) = get_lsp_addresses(eid)
- if error:
- jsonify({'Err': error})
- except Exception as e:
- error = "network_join: %s" % (str(e))
- return jsonify({'Err': error})
-
- veth_outside = eid[0:15]
- veth_inside = eid[0:13] + "_c"
- command = "ip link add %s type veth peer name %s" \
- % (veth_inside, veth_outside)
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to create veth pair (%s)" % (str(e))
- return jsonify({'Err': error})
-
- command = "ip link set dev %s address %s" \
- % (veth_inside, mac_address)
-
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to set veth mac address (%s)" % (str(e))
- return jsonify({'Err': error})
-
- command = "ip link set %s up" % (veth_outside)
-
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to up the veth interface (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ovs_vsctl("add-port", OVN_BRIDGE, veth_outside)
- ovs_vsctl("set", "interface", veth_outside,
- "external_ids:attached-mac=" + mac_address,
- "external_ids:iface-id=" + eid,
- "external_ids:vm-id=" + vm_id,
- "external_ids:iface-status=active")
- except Exception as e:
- error = "network_join: failed to create a port (%s)" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({"InterfaceName": {
- "SrcName": veth_inside,
- "DstPrefix": "eth"
- },
- "Gateway": "",
- "GatewayIPv6": ""})
-
-
-@app.route('/NetworkDriver.Leave', methods=['POST'])
-def network_leave():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- veth_outside = eid[0:15]
- command = "ip link delete %s" % (veth_outside)
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_leave: failed to delete veth pair (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ovs_vsctl("--if-exists", "del-port", veth_outside)
- except Exception as e:
- error = "network_leave: failed to delete port (%s)" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-if __name__ == '__main__':
- prepare()
- app.run(host='0.0.0.0')
diff --git a/ovn/utilities/ovn-docker-underlay-driver.in b/ovn/utilities/ovn-docker-underlay-driver.in
deleted file mode 100755
index d91ce9fca8f..00000000000
--- a/ovn/utilities/ovn-docker-underlay-driver.in
+++ /dev/null
@@ -1,677 +0,0 @@
-#! @PYTHON@
-# Copyright (C) 2015 Nicira, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import argparse
-import atexit
-import getpass
-import json
-import os
-import re
-import shlex
-import subprocess
-import sys
-import time
-import uuid
-
-import ovs.dirs
-import ovs.util
-import ovs.daemon
-import ovs.unixctl.server
-import ovs.vlog
-
-from neutronclient.v2_0 import client
-from flask import Flask, jsonify
-from flask import request, abort
-
-app = Flask(__name__)
-vlog = ovs.vlog.Vlog("ovn-docker-underlay-driver")
-
-AUTH_STRATEGY = ""
-AUTH_URL = ""
-ENDPOINT_URL = ""
-OVN_BRIDGE = ""
-PASSWORD = ""
-PLUGIN_DIR = "/etc/docker/plugins"
-PLUGIN_FILE = "/etc/docker/plugins/openvswitch.spec"
-TENANT_ID = ""
-USERNAME = ""
-VIF_ID = ""
-
-
-def call_popen(cmd):
- child = subprocess.Popen(cmd, stdout=subprocess.PIPE)
- output = child.communicate()
- if child.returncode:
- raise RuntimeError("Fatal error executing %s" % (cmd))
- if len(output) == 0 or output[0] == None:
- output = ""
- else:
- output = output[0].strip()
- return output
-
-
-def call_prog(prog, args_list):
- cmd = [prog, "--timeout=5", "-vconsole:off"] + args_list
- return call_popen(cmd)
-
-
-def ovs_vsctl(*args):
- return call_prog("ovs-vsctl", list(args))
-
-
-def cleanup():
- if os.path.isfile(PLUGIN_FILE):
- os.remove(PLUGIN_FILE)
-
-
-def ovn_init_underlay(args):
- global USERNAME, PASSWORD, TENANT_ID, AUTH_URL, AUTH_STRATEGY, VIF_ID
- global OVN_BRIDGE
-
- if not args.bridge:
- sys.exit("OVS bridge name not provided")
- OVN_BRIDGE = args.bridge
-
- VIF_ID = os.environ.get('OS_VIF_ID', '')
- if not VIF_ID:
- sys.exit("env OS_VIF_ID not set")
- USERNAME = os.environ.get('OS_USERNAME', '')
- if not USERNAME:
- sys.exit("env OS_USERNAME not set")
- TENANT_ID = os.environ.get('OS_TENANT_ID', '')
- if not TENANT_ID:
- sys.exit("env OS_TENANT_ID not set")
- AUTH_URL = os.environ.get('OS_AUTH_URL', '')
- if not AUTH_URL:
- sys.exit("env OS_AUTH_URL not set")
- AUTH_STRATEGY = "keystone"
-
- PASSWORD = os.environ.get('OS_PASSWORD', '')
- if not PASSWORD:
- PASSWORD = getpass.getpass()
-
-
-def prepare():
- parser = argparse.ArgumentParser()
- parser.add_argument('--bridge', help="The Bridge to which containers "
- "interfaces connect to.")
-
- ovs.vlog.add_args(parser)
- ovs.daemon.add_args(parser)
- args = parser.parse_args()
- ovs.vlog.handle_args(args)
- ovs.daemon.handle_args(args)
- ovn_init_underlay(args)
-
- if not os.path.isdir(PLUGIN_DIR):
- os.makedirs(PLUGIN_DIR)
-
- ovs.daemon.daemonize()
- try:
- fo = open(PLUGIN_FILE, "w")
- fo.write("tcp://127.0.0.1:5000")
- fo.close()
- except Exception as e:
- ovs.util.ovs_fatal(0, "Failed to write to spec file (%s)" % str(e),
- vlog)
-
- atexit.register(cleanup)
-
-
-@app.route('/Plugin.Activate', methods=['POST'])
-def plugin_activate():
- return jsonify({"Implements": ["NetworkDriver"]})
-
-
-@app.route('/NetworkDriver.GetCapabilities', methods=['POST'])
-def get_capability():
- return jsonify({"Scope": "global"})
-
-
-@app.route('/NetworkDriver.DiscoverNew', methods=['POST'])
-def new_discovery():
- return jsonify({})
-
-
-@app.route('/NetworkDriver.DiscoverDelete', methods=['POST'])
-def delete_discovery():
- return jsonify({})
-
-
-def neutron_login():
- try:
- neutron = client.Client(username=USERNAME,
- password=PASSWORD,
- tenant_id=TENANT_ID,
- auth_url=AUTH_URL,
- endpoint_url=ENDPOINT_URL,
- auth_strategy=AUTH_STRATEGY)
- except Exception as e:
- raise RuntimeError("Failed to login into Neutron(%s)" % str(e))
- return neutron
-
-
-def get_networkuuid_by_name(neutron, name):
- param = {'fields': 'id', 'name': name}
- ret = neutron.list_networks(**param)
- if len(ret['networks']) > 1:
- raise RuntimeError("More than one network for the given name")
- elif len(ret['networks']) == 0:
- network = None
- else:
- network = ret['networks'][0]['id']
- return network
-
-
-def get_subnetuuid_by_name(neutron, name):
- param = {'fields': 'id', 'name': name}
- ret = neutron.list_subnets(**param)
- if len(ret['subnets']) > 1:
- raise RuntimeError("More than one subnet for the given name")
- elif len(ret['subnets']) == 0:
- subnet = None
- else:
- subnet = ret['subnets'][0]['id']
- return subnet
-
-
-@app.route('/NetworkDriver.CreateNetwork', methods=['POST'])
-def create_network():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- # NetworkID will have docker generated network uuid and it
- # becomes 'name' in a neutron network record.
- network = data.get("NetworkID", "")
- if not network:
- abort(400)
-
- # Limit subnet handling to ipv4 till ipv6 usecase is clear.
- ipv4_data = data.get("IPv4Data", "")
- if not ipv4_data:
- error = "create_network: No ipv4 subnet provided"
- return jsonify({'Err': error})
-
- subnet = ipv4_data[0].get("Pool", "")
- if not subnet:
- error = "create_network: no subnet in ipv4 data from libnetwork"
- return jsonify({'Err': error})
-
- gateway_ip = ipv4_data[0].get("Gateway", "").rsplit('/', 1)[0]
- if not gateway_ip:
- error = "create_network: no gateway in ipv4 data from libnetwork"
- return jsonify({'Err': error})
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "create_network: neutron login. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- if get_networkuuid_by_name(neutron, network):
- error = "create_network: network has already been created"
- return jsonify({'Err': error})
- except Exception as e:
- error = "create_network: neutron network uuid by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- body = {'network': {'name': network, 'admin_state_up': True}}
- ret = neutron.create_network(body)
- network_id = ret['network']['id']
- except Exception as e:
- error = "create_network: neutron net-create call. (%s)" % str(e)
- return jsonify({'Err': error})
-
- subnet_name = "docker-%s" % (network)
-
- try:
- body = {'subnet': {'network_id': network_id,
- 'ip_version': 4,
- 'cidr': subnet,
- 'gateway_ip': gateway_ip,
- 'name': subnet_name}}
- created_subnet = neutron.create_subnet(body)
- except Exception as e:
- error = "create_network: neutron subnet-create call. (%s)" % str(e)
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-@app.route('/NetworkDriver.DeleteNetwork', methods=['POST'])
-def delete_network():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "delete_network: neutron login. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- network = get_networkuuid_by_name(neutron, nid)
- if not network:
- error = "delete_network: failed in network by name. (%s)" % (nid)
- return jsonify({'Err': error})
- except Exception as e:
- error = "delete_network: network uuid by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- neutron.delete_network(network)
- except Exception as e:
- error = "delete_network: neutron net-delete. (%s)" % str(e)
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-def reserve_vlan():
- reserved_vlan = 0
- vlans = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
- "external_ids:vlans").strip('"')
- if not vlans:
- reserved_vlan = 1
- ovs_vsctl("set", "Open_vSwitch", ".",
- "external_ids:vlans=" + str(reserved_vlan))
- return reserved_vlan
-
- vlan_set = str(vlans).split(',')
-
- for vlan in range(1, 4095):
- if str(vlan) not in vlan_set:
- vlan_set.append(str(vlan))
- reserved_vlan = vlan
- vlans = re.sub(r'[ \[\]\']', '', str(vlan_set))
- ovs_vsctl("set", "Open_vSwitch", ".",
- "external_ids:vlans=" + vlans)
- return reserved_vlan
-
- if not reserved_vlan:
- raise RuntimeError("No more vlans available on this host")
-
-
-def unreserve_vlan(reserved_vlan):
- vlans = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
- "external_ids:vlans").strip('"')
- if not vlans:
- return
-
- vlan_set = str(vlans).split(',')
- if str(reserved_vlan) not in vlan_set:
- return
-
- vlan_set.remove(str(reserved_vlan))
- vlans = re.sub(r'[ \[\]\']', '', str(vlan_set))
- if vlans:
- ovs_vsctl("set", "Open_vSwitch", ".", "external_ids:vlans=" + vlans)
- else:
- ovs_vsctl("remove", "Open_vSwitch", ".", "external_ids", "vlans")
-
-
-def create_port_underlay(neutron, network, eid, ip_address, mac_address):
- reserved_vlan = reserve_vlan()
- if mac_address:
- body = {'port': {'network_id': network,
- 'binding:profile': {'parent_name': VIF_ID,
- 'tag': int(reserved_vlan)},
- 'mac_address': mac_address,
- 'fixed_ips': [{'ip_address': ip_address}],
- 'name': eid,
- 'admin_state_up': True}}
- else:
- body = {'port': {'network_id': network,
- 'binding:profile': {'parent_name': VIF_ID,
- 'tag': int(reserved_vlan)},
- 'fixed_ips': [{'ip_address': ip_address}],
- 'name': eid,
- 'admin_state_up': True}}
-
- try:
- ret = neutron.create_port(body)
- mac_address = ret['port']['mac_address']
- except Exception as e:
- unreserve_vlan(reserved_vlan)
- raise RuntimeError("Failed in creation of neutron port (%s)." % str(e))
-
- ovs_vsctl("set", "Open_vSwitch", ".",
- "external_ids:" + eid + "_vlan=" + str(reserved_vlan))
-
- return mac_address
-
-
-def get_endpointuuid_by_name(neutron, name):
- param = {'fields': 'id', 'name': name}
- ret = neutron.list_ports(**param)
- if len(ret['ports']) > 1:
- raise RuntimeError("More than one endpoint for the given name")
- elif len(ret['ports']) == 0:
- endpoint = None
- else:
- endpoint = ret['ports'][0]['id']
- return endpoint
-
-
-@app.route('/NetworkDriver.CreateEndpoint', methods=['POST'])
-def create_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- interface = data.get("Interface", "")
- if not interface:
- error = "create_endpoint: no interfaces supplied by libnetwork"
- return jsonify({'Err': error})
-
- ip_address_and_mask = interface.get("Address", "")
- if not ip_address_and_mask:
- error = "create_endpoint: ip address not provided by libnetwork"
- return jsonify({'Err': error})
-
- ip_address = ip_address_and_mask.rsplit('/', 1)[0]
- mac_address_input = interface.get("MacAddress", "")
- mac_address_output = ""
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "create_endpoint: neutron login. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- endpoint = get_endpointuuid_by_name(neutron, eid)
- if endpoint:
- error = "create_endpoint: Endpoint has already been created"
- return jsonify({'Err': error})
- except Exception as e:
- error = "create_endpoint: endpoint uuid by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- network = get_networkuuid_by_name(neutron, nid)
- if not network:
- error = "Failed to get neutron network record for (%s)" % (nid)
- return jsonify({'Err': error})
- except Exception as e:
- error = "create_endpoint: network uuid by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- mac_address = create_port_underlay(neutron, network, eid, ip_address,
- mac_address_input)
- except Exception as e:
- error = "create_endpoint: neutron port-create (%s)" % (str(e))
- return jsonify({'Err': error})
-
- if not mac_address_input:
- mac_address_output = mac_address
-
- return jsonify({"Interface": {
- "Address": "",
- "AddressIPv6": "",
- "MacAddress": mac_address_output
- }})
-
-
-@app.route('/NetworkDriver.EndpointOperInfo', methods=['POST'])
-def show_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "%s" % (str(e))
- return jsonify({'Err': error})
-
- try:
- endpoint = get_endpointuuid_by_name(neutron, eid)
- if not endpoint:
- error = "show_endpoint: Failed to get endpoint by name"
- return jsonify({'Err': error})
- except Exception as e:
- error = "show_endpoint: get endpoint by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ret = neutron.show_port(endpoint)
- mac_address = ret['port']['mac_address']
- ip_address = ret['port']['fixed_ips'][0]['ip_address']
- except Exception as e:
- error = "show_endpoint: show port (%s)" % (str(e))
- return jsonify({'Err': error})
-
- veth_outside = eid[0:15]
- return jsonify({"Value": {"ip_address": ip_address,
- "mac_address": mac_address,
- "veth_outside": veth_outside
- }})
-
-
-@app.route('/NetworkDriver.DeleteEndpoint', methods=['POST'])
-def delete_endpoint():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "delete_endpoint: neutron login (%s)" % (str(e))
- return jsonify({'Err': error})
-
- endpoint = get_endpointuuid_by_name(neutron, eid)
- if not endpoint:
- return jsonify({})
-
- reserved_vlan = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
- "external_ids:" + eid + "_vlan").strip('"')
- if reserved_vlan:
- unreserve_vlan(reserved_vlan)
- ovs_vsctl("remove", "Open_vSwitch", ".", "external_ids",
- eid + "_vlan")
-
- try:
- neutron.delete_port(endpoint)
- except Exception as e:
- error = "delete_endpoint: neutron port-delete. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-
-@app.route('/NetworkDriver.Join', methods=['POST'])
-def network_join():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- sboxkey = data.get("SandboxKey", "")
- if not sboxkey:
- abort(400)
-
- # sboxkey is of the form: /var/run/docker/netns/CONTAINER_ID
- vm_id = sboxkey.rsplit('/')[-1]
-
- try:
- neutron = neutron_login()
- except Exception as e:
- error = "network_join: neutron login. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- subnet_name = "docker-%s" % (nid)
- try:
- subnet = get_subnetuuid_by_name(neutron, subnet_name)
- if not subnet:
- error = "network_join: can't find subnet in neutron"
- return jsonify({'Err': error})
- except Exception as e:
- error = "network_join: subnet uuid by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ret = neutron.show_subnet(subnet)
- gateway_ip = ret['subnet']['gateway_ip']
- if not gateway_ip:
- error = "network_join: no gateway_ip for the subnet"
- return jsonify({'Err': error})
- except Exception as e:
- error = "network_join: neutron show subnet. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- endpoint = get_endpointuuid_by_name(neutron, eid)
- if not endpoint:
- error = "network_join: Failed to get endpoint by name"
- return jsonify({'Err': error})
- except Exception as e:
- error = "network_join: neutron endpoint by name. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ret = neutron.show_port(endpoint)
- mac_address = ret['port']['mac_address']
- except Exception as e:
- error = "network_join: neutron show port. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- veth_outside = eid[0:15]
- veth_inside = eid[0:13] + "_c"
- command = "ip link add %s type veth peer name %s" \
- % (veth_inside, veth_outside)
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to create veth pair. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- command = "ip link set dev %s address %s" \
- % (veth_inside, mac_address)
-
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to set veth mac address. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- command = "ip link set %s up" % (veth_outside)
-
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_join: failed to up the veth iface. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- reserved_vlan = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
- "external_ids:" + eid + "_vlan").strip('"')
- if not reserved_vlan:
- error = "network_join: no reserved vlan for this endpoint"
- return jsonify({'Err': error})
- ovs_vsctl("add-port", OVN_BRIDGE, veth_outside, "tag=" + reserved_vlan)
- except Exception as e:
- error = "network_join: failed to create a OVS port. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({"InterfaceName": {
- "SrcName": veth_inside,
- "DstPrefix": "eth"
- },
- "Gateway": gateway_ip,
- "GatewayIPv6": ""})
-
-
-@app.route('/NetworkDriver.Leave', methods=['POST'])
-def network_leave():
- if not request.data:
- abort(400)
-
- data = json.loads(request.data)
-
- nid = data.get("NetworkID", "")
- if not nid:
- abort(400)
-
- eid = data.get("EndpointID", "")
- if not eid:
- abort(400)
-
- veth_outside = eid[0:15]
- command = "ip link delete %s" % (veth_outside)
- try:
- call_popen(shlex.split(command))
- except Exception as e:
- error = "network_leave: failed to delete veth pair. (%s)" % (str(e))
- return jsonify({'Err': error})
-
- try:
- ovs_vsctl("--if-exists", "del-port", veth_outside)
- except Exception as e:
- error = "network_leave: Failed to delete port (%s)" % (str(e))
- return jsonify({'Err': error})
-
- return jsonify({})
-
-if __name__ == '__main__':
- prepare()
- app.run(host='127.0.0.1')
diff --git a/ovn/utilities/ovn-trace.8.xml b/ovn/utilities/ovn-trace.8.xml
deleted file mode 100644
index 01e74111901..00000000000
--- a/ovn/utilities/ovn-trace.8.xml
+++ /dev/null
@@ -1,485 +0,0 @@
-
-
- Name
- ovn-trace -- Open Virtual Network logical network tracing utility
-
- Synopsis
- ovn-trace
[options] datapath microflow
- ovn-trace
[options] --detach
-
- Description
-
- This utility simulates packet forwarding within an OVN logical network.
- It can be used to run through ``what-if'' scenarios: if a packet
- originates at a logical port, what will happen to it and where will it
- ultimately end up? Users already familiar with the Open vSwitch
- ofproto/trace
command described in
- ovs-vswitch
(8) will find ovn-trace
to be a
- similar tool for logical networks.
-
-
-
- ovn-trace
works by reading the Logical_Flow
and
- other tables from the OVN southbound database (see
- ovn-sb
(5)). It simulates a packet's path through logical
- networks by repeatedly looking it up in the logical flow table, following
- the entire tree of possibilities.
-
-
-
- ovn-trace
simulates only the OVN logical network. It does
- not simulate the physical elements on which the logical network is
- layered. This means that, for example, it is unimportant how VMs are
- distributed among hypervisors, or whether their hypervisors are
- functioning and reachable, so ovn-trace
will yield the same
- results regardless. There is one important exception:
- ovn-northd
, the daemon that generates the logical flows that
- ovn-trace
simulates, treats logical ports differently based
- on whether they are up or down. Thus, if you see surprising results,
- ensure that the ports involved in a simulation are up.
-
-
-
- The simplest way to use ovn-trace
is to provide
- datapath and microflow arguments on the command
- line. In this case, it simulates the behavior of a single packet and
- exits. For an alternate usage model, see Daemon Mode
below.
-
-
-
- The datapath argument specifies the name of a logical
- datapath. Acceptable names are the name
from the northbound
- Logical_Switch
or Logical_Router
table, the
- UUID of a record from one of those tables, or the UUID of a record from
- the southbound Datapath_Binding
table.
-
-
-
- The microflow argument describes the packet whose forwarding
- is to be simulated, in the syntax of an OVN logical expression, as
- described in ovn-sb
(5), to express constraints. The parser
- understands prerequisites; for example, if the expression refers to
- ip4.src
, there is no need to explicitly state
- ip4
or eth.type == 0x800
.
-
-
-
- For reasonable L2 behavior, the microflow should include at least
- inport
and eth.dst
, plus eth.src
- if port security is enabled. For example:
-
-
- inport == "lp11" && eth.src == 00:01:02:03:04:05 && eth.dst == ff:ff:ff:ff:ff:ff
-
-
-
- For reasonable L3 behavior, microflow should also include
- ip4.src
and ip4.dst
(or ip6.src
- and ip6.dst
) and ip.ttl
. For example:
-
-
- inport == "lp111" && eth.src == f0:00:00:00:01:11 && eth.dst == 00:00:00:00:ff:11
- && ip4.src == 192.168.11.1 && ip4.dst == 192.168.22.2 && ip.ttl == 64
-
-
- Here's an ARP microflow example:
-
- inport == "lp123"
- && eth.dst == ff:ff:ff:ff:ff:ff && eth.src == f0:00:00:00:01:11
- && arp.op == 1 && arp.sha == f0:00:00:00:01:11 && arp.spa == 192.168.1.11
- && arp.tha == ff:ff:ff:ff:ff:ff && arp.tpa == 192.168.2.22
-
-
-
- ovn-trace
will reject erroneous microflow expressions, which
- beyond syntax errors fall into two categories. First, they can be
- ambiguous. For example, tcp.src == 80
is ambiguous because
- it does not state IPv4 or IPv6 as the Ethernet type. ip4
- && tcp.src > 1024
is also ambiguous because it does not
- constrain bits of tcp.src
to particular values. Second,
- they can be contradictory, e.g. ip4 && ip6
.
-
-
- Output
-
-
- ovn-trace
supports the three different forms of output, each
- described in a separate section below. Regardless of the selected output
- format, ovn-trace
starts the output with a line that shows
- the microflow being traced in OpenFlow syntax.
-
-
- Detailed Output
-
-
- The detailed form of output is also the default form. This form groups
- output into sections headed up by the ingress or egress pipeline being
- traversed. Each pipeline lists each table that was visited (by number and
- name), the ovn-northd
source file and line number of the code
- that added the flow, the match expression and priority of the logical flow
- that was matched, and the actions that were executed.
-
-
-
- The execution of OVN logical actions naturally forms a ``control stack''
- that resembles that of a program in conventional programming languages
- such as C or Java. Because the next
action that calls into
- another logical flow table for a lookup is a recursive construct, OVN
- ``programs'' in practice tend to form deep control stacks that, displayed
- in the obvious way using additional indentation for each level, quickly
- use up the horizontal space on all but the widest displays. To make
- detailed output more readable, without loss of generality,
- ovn-trace
omits indentation for ``tail recursion,'' that is,
- when next
is the last action in a logical flow, it does not
- indent details of the next table lookup more deeply. Output still uses
- indentation when it is needed for clarity.
-
-
-
- OVN ``programs'' traces also tend to encounter long strings of logical
- flows with match expression 1
(which matches every packet)
- and the single action next;
. These are uninteresting
- and merely clutter output, so ovn-trace
omits them
- entirely even from detailed output.
-
-
-
- The following excerpt from detailed ovn-trace
output shows a
- section for a packet traversing the ingress pipeline of logical datapath
- ls1
with ingress logical port lp111
. The
- packet matches a logical flow in table 0 (aka
- ls_in_port_sec_l2
) with priority 50 and executes
- next(1);
to pass to table 1. Tables 1 through 11 are
- trivial and omitted. In table 12 (aka ls_in_l2_lkup
), the
- packet matches a flow with priority 50 based on its Ethernet destination
- address and the flow's actions output the packet to the
- lrp11-attachement
logical port.
-
-
-
- ingress(dp="ls1", inport="lp111")
- ---------------------------------
- 0. ls_in_port_sec_l2: inport == "lp111", priority 50
- next(1);
- 12. ls_in_l2_lkup: eth.dst == 00:00:00:00:ff:11, priority 50
- outport = "lrp11-attachment";
- output;
-
-
- Summary Output
-
-
- Summary output includes the logical pipelines visited by a packet and the
- logical actions executed on it. Compared to the detailed output,
- however, it removes details of tables and logical flows traversed by a
- packet. It uses a format closer to that of a programming language and
- does not attempt to avoid indentation. The summary output equivalent to
- the above detailed output fragment is:
-
-
-
- ingress(dp="ls1", inport="lp111") {
- outport = "lrp11-attachment";
- output;
- ...
- };
-
-
- Minimal Output
-
-
- Minimal output includes only actions that modify packet data (not
- including OVN registers or metadata such as outport
) and
- output
actions that actually deliver a packet to a logical
- port (excluding patch ports). The operands of actions that modify packet
- data are displayed reduced to constants, e.g. ip4.dst =
- reg0;
might be show as ip4.dst = 192.168.0.1;
if that
- was the value actually loaded. This yields output even simpler than the
- summary format. (Users familiar with Open vSwitch may recognize this as
- similar in spirit to the datapath actions listed at the bottom of
- ofproto/trace
output.)
-
-
-
- The minimal output format reflects the externally seen behavior of the
- logical networks more than it does the implementation. This makes this
- output format the most suitable for use in regression tests, because it
- is least likely to change when logical flow tables are rearranged without
- semantic change.
-
-
- Stateful Actions
-
-
- Some OVN logical actions use or update state that is not available in the
- southbound database. ovn-trace
handles these actions as
- described below:
-
-
-
- ct_next
- -
- By default
ovn-trace
treats flows as ``tracked'' and
- ``established.'' See the description of the --ct
option for
- a way to override this behavior.
-
-
- ct_dnat
(without an argument)
- -
- Forks the pipeline. In one fork, advances to the next table as if
-
next;
were executed. The packet is not changed, on the
- assumption that no NAT state was available. In the other fork, the
- pipeline continues without change after the ct_dnat
action.
-
-
- ct_snat
(without an argument)
- -
- This action distinguishes between gateway routers and distributed
- routers. A gateway router is defined as a logical datapath that contains
- an
l3gateway
port; any other logical datapath is a
- distributed router. On a gateway router, ct_snat;
is
- treated as a no-op. On a distributed router, it is treated the same way
- as ct_dnat;
.
-
-
- ct_dnat(ip)
- ct_snat(ip)
- -
- Forks the pipeline. In one fork, sets
ip4.dst
(or
- ip4.src
) to ip and ct.dnat
(or
- ct.snat
) to 1 and advances to the next table as if
- next;
were executed. In the other fork, the pipeline
- continues without change after the ct_dnat
(or
- ct_snat
) action.
-
-
- ct_lb;
- ct_lb(ip
[:port
]...);
- -
- Forks the pipeline. In one fork, sets
ip4.dst
(or
- ip6.dst
) to one of the load-balancer addresses and the
- destination port to its associated port, if any, and sets
- ct.dnat
to 1. With one or more arguments, gives preference
- to the address specified on --lb-dst
, if any; without
- arguments, uses the address and port specified on --lb-dst
.
- In the other fork, the pipeline continues without change after the
- ct_lb
action.
-
-
- ct_commit
- put_arp
- put_nd
- -
- These actions are treated as no-ops.
-
-
-
- Daemon Mode
-
-
- If ovn-trace
is invoked with the --detach
option
- (see Daemon Options
, below), it runs in the background as a
- daemon and accepts commands from ovs-appctl
(or another
- JSON-RPC client) indefinitely. The currently supported commands are
- described below.
-
-
-
-
-
-
-
- trace
[options] datapath microflow
- -
- Traces microflow through datapath and replies with
- the results of the trace. Accepts the options described under
-
Trace Options
below.
-
-
- exit
- - Causes
ovn-trace
to gracefully terminate.
-
-
- Options
-
- Trace Options
-
-
- --detailed
- --summary
- --minimal
- -
- These options control the form and level of detail in
-
ovn-trace
output. If more than one of these options is
- specified, all of the selected forms are output, in the order listed
- above, each headed by a banner line. If none of these options is
- given, --detailed
is the default. See
- Output
, above, for a description of each kind of output.
-
-
- --all
- -
- Selects all three forms of output.
-
-
- --ovs
[=
remote]
- -
-
- Makes ovn-trace
attempt to obtain and display the OpenFlow
- flows that correspond to each OVN logical flow. To do so,
- ovn-trace
connects to remote (by default,
- unix:@RUNDIR@/br-int.mgmt
) over OpenFlow and retrieves the
- flows. If remote is specified, it must be an active
- OpenFlow connection method described in ovsdb
(7).
-
-
-
- To make the best use of the output, it is important to understand the
- relationship between logical flows and OpenFlow flows.
- ovn-architecture
(7), under Architectural Physical Life
- Cycle of a Packet, describes this relationship. Keep in mind the
- following points:
-
-
-
- -
-
ovn-trace
currently shows all the OpenFlow flows to
- which a logical flow corresponds, even though an actual packet
- ordinarily matches only one of these.
-
-
- -
- Some logical flows can map to the Open vSwitch ``conjunctive match''
- extension (see
ovs-fields
(7)). Currently
- ovn-trace
cannot display the flows with
- conjunction
actions that effectively produce the
- conj_id
match.
-
-
- -
- Some logical flows may not be represented in the OpenFlow tables on a
- given hypervisor, if they could not be used on that hypervisor.
-
-
- -
- Some OpenFlow flows do not correspond to logical flows, such as
- OpenFlow flows that map between physical and logical ports. These
- flows will never show up in a trace.
-
-
- -
- When
ovn-trace
omits uninteresting logical flows from
- output, it does not look up the corresponding OpenFlow flows.
-
-
-
-
- --ct=flags
- -
-
- This option sets the ct_state
flags that a
- ct_next
logical action will report. The flags
- must be a comma- or space-separated list of the following connection
- tracking flags:
-
-
-
- -
-
trk
: Include to indicate connection tracking has taken
- place. (This bit is set automatically even if not listed in
- flags.
-
- new
: Include to indicate a new flow.
- est
: Include to indicate an established flow.
- rel
: Include to indicate a related flow.
- rpl
: Include to indicate a reply flow.
- inv
: Include to indicate a connection entry in a
- bad state.
- dnat
: Include to indicate a packet whose
- destination IP address has been changed.
- snat
: Include to indicate a packet whose source IP
- address has been changed.
-
-
-
- The ct_next
action is used to implement the OVN
- distributed firewall. For testing, useful flag combinations include:
-
-
-
- trk,new
: A packet in a flow in either direction
- through a firewall that has not yet been committed (with
- ct_commit
).
- trk,est
: A packet in an established flow going out
- through a firewall.
- trk,rpl
: A packet coming in through a firewall in
- reply to an established flow.
- trk,inv
: An invalid packet in either direction.
-
-
-
- A packet might pass through the connection tracker twice in one trip
- through OVN: once following egress from a VM as it passes outward
- through a firewall, and once preceding ingress to a second VM as it
- passes inward through a firewall. Use multiple --ct
- options to specify the flags for multiple ct_next
actions.
-
-
-
- When --ct
is unspecified, or when there are fewer
- --ct
options than ct_next
actions, the
- flags default to trk,est
.
-
-
-
- --lb-dst=
ip[:port
]
- -
- Sets the IP from VIP pool to use as destination of the packet.
-
--lb-dst
is not available in daemon mode.
-
-
- --friendly-names
- --no-friendly-names
- -
- When cloud management systems such as OpenStack are layered on top of
- OVN, they often use long, human-unfriendly names for ports and datapaths,
- for example, ones that include entire UUIDs. They do usually include
- friendlier names, but the long, hard-to-read names are the ones that
- appear in matches and actions. By default, or with
-
--friendly-names
, ovn-trace
substitutes these
- friendlier names for the long names in its output. Use
- --no-friendly-names
to disable this behavior; this option
- might be useful, for example, if a program is going to parse
- ovn-trace
output.
-
-
-
- Daemon Options
-
-
- Logging Options
-
-
- PKI Options
-
- PKI configuration is required to use SSL for the connection to the
- database (and the switch, if --ovs
is specified).
-
-
-
- Other Options
-
-
- --db
database
- -
- The OVSDB database remote to contact. If the OVN_SB_DB
- environment variable is set, its value is used as the default.
- Otherwise, the default is
unix:@RUNDIR@/db.sock
, but this
- default is unlikely to be useful outside of single-machine OVN test
- environments.
-
-
-
-
-
-
diff --git a/ovn/utilities/ovn-trace.c b/ovn/utilities/ovn-trace.c
deleted file mode 100644
index 044eb1cc225..00000000000
--- a/ovn/utilities/ovn-trace.c
+++ /dev/null
@@ -1,2373 +0,0 @@
-/*
- * Copyright (c) 2016, 2017 Nicira, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include
-
-#include
-
-#include "command-line.h"
-#include "compiler.h"
-#include "daemon.h"
-#include "dirs.h"
-#include "fatal-signal.h"
-#include "flow.h"
-#include "nx-match.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/json.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofp-flow.h"
-#include "openvswitch/ofp-print.h"
-#include "openvswitch/vconn.h"
-#include "openvswitch/vlog.h"
-#include "ovn/actions.h"
-#include "ovn/expr.h"
-#include "ovn/lex.h"
-#include "ovn/logical-fields.h"
-#include "ovn/lib/acl-log.h"
-#include "ovn/lib/ovn-l7.h"
-#include "ovn/lib/ovn-sb-idl.h"
-#include "ovn/lib/ovn-util.h"
-#include "ovsdb-idl.h"
-#include "openvswitch/poll-loop.h"
-#include "stream-ssl.h"
-#include "stream.h"
-#include "unixctl.h"
-#include "util.h"
-#include "random.h"
-
-VLOG_DEFINE_THIS_MODULE(ovntrace);
-
-/* --db: The database server to contact. */
-static const char *db;
-
-/* --unixctl-path: Path to use for unixctl server, for "monitor" and "snoop"
- commands. */
-static char *unixctl_path;
-
-/* The southbound database. */
-static struct ovsdb_idl *ovnsb_idl;
-
-/* --detailed: Show a detailed, table-by-table trace. */
-static bool detailed;
-
-/* --summary: Show a trace that omits table information. */
-static bool summary;
-
-/* --minimal: Show a trace with only minimal information. */
-static bool minimal;
-
-/* --ovs: OVS instance to contact to get OpenFlow flows. */
-static const char *ovs;
-static struct vconn *vconn;
-
-/* --ct: Connection tracking state to use for ct_next() actions. */
-static uint32_t *ct_states;
-static size_t n_ct_states;
-static size_t ct_state_idx;
-
-/* --lb-dst: load balancer destination info. */
-static struct ovnact_ct_lb_dst lb_dst;
-
-/* --friendly-names, --no-friendly-names: Whether to substitute human-friendly
- * port and datapath names for the awkward UUIDs typically used in the actual
- * logical flows. */
-static bool use_friendly_names = true;
-
-OVS_NO_RETURN static void usage(void);
-static void parse_options(int argc, char *argv[]);
-static char *trace(const char *datapath, const char *flow);
-static void read_db(void);
-static unixctl_cb_func ovntrace_exit;
-static unixctl_cb_func ovntrace_trace;
-
-int
-main(int argc, char *argv[])
-{
- set_program_name(argv[0]);
- service_start(&argc, &argv);
- fatal_ignore_sigpipe();
- vlog_set_levels_from_string_assert("reconnect:warn");
-
- /* Parse command line. */
- parse_options(argc, argv);
- argc -= optind;
- argv += optind;
-
- if (get_detach()) {
- if (argc != 0) {
- ovs_fatal(0, "non-option arguments not supported with --detach "
- "(use --help for help)");
- }
- } else {
- if (argc != 2) {
- ovs_fatal(0, "exactly two non-option arguments are required "
- "(use --help for help)");
- }
- }
-
- struct unixctl_server *server = NULL;
- bool exiting = false;
- if (get_detach()) {
- daemonize_start(false);
- int error = unixctl_server_create(unixctl_path, &server);
- if (error) {
- ovs_fatal(error, "failed to create unixctl server");
- }
- unixctl_command_register("exit", "", 0, 0, ovntrace_exit, &exiting);
- unixctl_command_register("trace", "[OPTIONS] DATAPATH MICROFLOW",
- 2, INT_MAX, ovntrace_trace, NULL);
- }
- ovnsb_idl = ovsdb_idl_create(db, &sbrec_idl_class, true, false);
-
- bool already_read = false;
- for (;;) {
- ovsdb_idl_run(ovnsb_idl);
- unixctl_server_run(server);
- if (!ovsdb_idl_is_alive(ovnsb_idl)) {
- int retval = ovsdb_idl_get_last_error(ovnsb_idl);
- ovs_fatal(0, "%s: database connection failed (%s)",
- db, ovs_retval_to_string(retval));
- }
-
- if (ovsdb_idl_has_ever_connected(ovnsb_idl)) {
- if (!already_read) {
- already_read = true;
- read_db();
- }
-
- daemonize_complete();
- if (!get_detach()) {
- char *output = trace(argv[0], argv[1]);
- fputs(output, stdout);
- free(output);
- return 0;
- }
- }
-
- if (exiting) {
- break;
- }
- ovsdb_idl_wait(ovnsb_idl);
- unixctl_server_wait(server);
- poll_block();
- }
-}
-
-static char *
-default_ovs(void)
-{
- return xasprintf("unix:%s/br-int.mgmt", ovs_rundir());
-}
-
-static void
-parse_ct_option(const char *state_s_)
-{
- uint32_t state;
- struct ds ds = DS_EMPTY_INITIALIZER;
-
- if (!parse_ct_state(state_s_, CS_TRACKED, &state, &ds)) {
- ovs_fatal(0, "%s", ds_cstr(&ds));
- }
- if (!validate_ct_state(state, &ds)) {
- VLOG_WARN("%s", ds_cstr(&ds));
- }
- ds_destroy(&ds);
-
- ct_states = xrealloc(ct_states, (n_ct_states + 1) * sizeof *ct_states);
- ct_states[n_ct_states++] = state;
-}
-
-static void
-parse_lb_option(const char *s)
-{
- struct sockaddr_storage ss;
- if (!inet_parse_active(s, 0, &ss, false)) {
- ovs_fatal(0, "%s: bad address", s);
- }
-
- lb_dst.family = ss.ss_family;
- struct in6_addr a = ss_get_address(&ss);
- if (ss.ss_family == AF_INET) {
- lb_dst.ipv4 = in6_addr_get_mapped_ipv4(&a);
- } else {
- lb_dst.ipv6 = a;
- }
- lb_dst.port = ss_get_port(&ss);
-}
-
-static void
-parse_options(int argc, char *argv[])
-{
- enum {
- OPT_DB = UCHAR_MAX + 1,
- OPT_UNIXCTL,
- OPT_DETAILED,
- OPT_SUMMARY,
- OPT_MINIMAL,
- OPT_ALL,
- OPT_OVS,
- OPT_CT,
- OPT_FRIENDLY_NAMES,
- OPT_NO_FRIENDLY_NAMES,
- DAEMON_OPTION_ENUMS,
- SSL_OPTION_ENUMS,
- VLOG_OPTION_ENUMS,
- OPT_LB_DST
- };
- static const struct option long_options[] = {
- {"db", required_argument, NULL, OPT_DB},
- {"unixctl", required_argument, NULL, OPT_UNIXCTL},
- {"detailed", no_argument, NULL, OPT_DETAILED},
- {"summary", no_argument, NULL, OPT_SUMMARY},
- {"minimal", no_argument, NULL, OPT_MINIMAL},
- {"all", no_argument, NULL, OPT_ALL},
- {"ovs", optional_argument, NULL, OPT_OVS},
- {"ct", required_argument, NULL, OPT_CT},
- {"friendly-names", no_argument, NULL, OPT_FRIENDLY_NAMES},
- {"no-friendly-names", no_argument, NULL, OPT_NO_FRIENDLY_NAMES},
- {"help", no_argument, NULL, 'h'},
- {"version", no_argument, NULL, 'V'},
- {"lb-dst", required_argument, NULL, OPT_LB_DST},
- DAEMON_LONG_OPTIONS,
- VLOG_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS,
- {NULL, 0, NULL, 0},
- };
- char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
-
- for (;;) {
- int idx;
- int c;
-
- c = getopt_long(argc, argv, short_options, long_options, &idx);
- if (c == -1) {
- break;
- }
-
- switch (c) {
- case OPT_DB:
- db = optarg;
- break;
-
- case OPT_UNIXCTL:
- unixctl_path = optarg;
- break;
-
- case OPT_DETAILED:
- detailed = true;
- break;
-
- case OPT_SUMMARY:
- summary = true;
- break;
-
- case OPT_MINIMAL:
- minimal = true;
- break;
-
- case OPT_ALL:
- detailed = summary = minimal = true;
- break;
-
- case OPT_OVS:
- ovs = optarg ? optarg : default_ovs();
- break;
-
- case OPT_CT:
- parse_ct_option(optarg);
- break;
-
- case OPT_FRIENDLY_NAMES:
- use_friendly_names = true;
- break;
-
- case OPT_NO_FRIENDLY_NAMES:
- use_friendly_names = false;
- break;
-
- case OPT_LB_DST:
- parse_lb_option(optarg);
- break;
-
- case 'h':
- usage();
-
- case 'V':
- ovs_print_version(0, 0);
- printf("DB Schema %s\n", sbrec_get_db_version());
- exit(EXIT_SUCCESS);
-
- DAEMON_OPTION_HANDLERS
- VLOG_OPTION_HANDLERS
- STREAM_SSL_OPTION_HANDLERS
-
- case '?':
- exit(EXIT_FAILURE);
-
- default:
- abort();
- }
- }
- free(short_options);
-
- if (!db) {
- db = default_sb_db();
- }
-
- if (!detailed && !summary && !minimal) {
- detailed = true;
- }
-}
-
-static void
-usage(void)
-{
- printf("\
-%s: OVN trace utility\n\
-usage: %s [OPTIONS] DATAPATH MICROFLOW\n\
- %s [OPTIONS] --detach\n\
-\n\
-Output format options:\n\
- --detailed table-by-table \"backtrace\" (default)\n\
- --summary less detailed, more parseable\n\
- --minimal minimum to explain externally visible behavior\n\
- --all provide all forms of output\n\
-Output style options:\n\
- --no-friendly-names do not substitute human friendly names for UUIDs\n",
- program_name, program_name, program_name);
- daemon_usage();
- vlog_usage();
- printf("\n\
-Other options:\n\
- --db=DATABASE connect to DATABASE\n\
- (default: %s)\n\
- --ovs[=REMOTE] obtain corresponding OpenFlow flows from REMOTE\n\
- (default: %s)\n\
- --unixctl=SOCKET set control socket name\n\
- -h, --help display this help message\n\
- -V, --version display version information\n",
- default_sb_db(), default_ovs());
- stream_usage("database", true, true, false);
- vconn_usage(true, false, false);
- exit(EXIT_SUCCESS);
-}
-
-struct ovntrace_datapath {
- struct hmap_node sb_uuid_node;
- struct uuid sb_uuid;
- struct uuid nb_uuid;
- char *name;
- char *name2;
- char *friendly_name;
- uint32_t tunnel_key;
-
- struct ovs_list mcgroups; /* Contains "struct ovntrace_mcgroup"s. */
-
- struct ovntrace_flow **flows;
- size_t n_flows, allocated_flows;
-
- struct hmap mac_bindings; /* Contains "struct ovntrace_mac_binding"s. */
-
- bool has_local_l3gateway;
-};
-
-struct ovntrace_port {
- struct ovntrace_datapath *dp;
- struct uuid uuid;
- char *name;
- char *name2;
- const char *friendly_name;
- char *type;
- uint16_t tunnel_key;
- struct ovntrace_port *peer; /* Patch ports only. */
- struct ovntrace_port *distributed_port; /* chassisredirect ports only. */
-};
-
-struct ovntrace_mcgroup {
- struct ovs_list list_node; /* In struct ovntrace_datapath's 'mcgroups'. */
-
- struct ovntrace_datapath *dp;
- char *name;
-
- uint16_t tunnel_key;
-
- struct ovntrace_port **ports;
- size_t n_ports;
-};
-
-struct ovntrace_flow {
- struct uuid uuid;
- enum ovnact_pipeline pipeline;
- int table_id;
- char *stage_name;
- char *source;
- int priority;
- char *match_s;
- struct expr *match;
- struct ovnact *ovnacts;
- size_t ovnacts_len;
-};
-
-struct ovntrace_mac_binding {
- struct hmap_node node;
- uint16_t port_key;
- struct in6_addr ip;
- struct eth_addr mac;
-};
-
-static inline uint32_t
-hash_mac_binding(uint16_t port_key, const struct in6_addr *ip)
-{
- return hash_bytes(ip, sizeof *ip, port_key);
-}
-
-/* Every ovntrace_datapath, by southbound Datapath_Binding record UUID. */
-static struct hmap datapaths;
-
-/* Every ovntrace_port, by name. */
-static struct shash ports;
-
-/* Symbol table for expressions and actions. */
-static struct shash symtab;
-
-/* Address sets. */
-static struct shash address_sets;
-
-/* Port groups. */
-static struct shash port_groups;
-
-/* DHCP options. */
-static struct hmap dhcp_opts; /* Contains "struct gen_opts_map"s. */
-static struct hmap dhcpv6_opts; /* Contains "struct gen_opts_map"s. */
-static struct hmap nd_ra_opts; /* Contains "struct gen_opts_map"s. */
-
-static struct ovntrace_datapath *
-ovntrace_datapath_find_by_sb_uuid(const struct uuid *sb_uuid)
-{
- struct ovntrace_datapath *dp;
- HMAP_FOR_EACH_WITH_HASH (dp, sb_uuid_node, uuid_hash(sb_uuid),
- &datapaths) {
- if (uuid_equals(&dp->sb_uuid, sb_uuid)) {
- return dp;
- }
- }
- return NULL;
-}
-
-static const struct ovntrace_datapath *
-ovntrace_datapath_find_by_name(const char *name)
-{
- struct ovntrace_datapath *dp;
- HMAP_FOR_EACH (dp, sb_uuid_node, &datapaths) {
- if (!strcmp(name, dp->name)
- || (dp->name2 && !strcmp(name, dp->name2))) {
- return dp;
- }
- }
-
- struct ovntrace_datapath *match = NULL;
- HMAP_FOR_EACH (dp, sb_uuid_node, &datapaths) {
- if (uuid_is_partial_match(&dp->sb_uuid, name) >= 4 ||
- uuid_is_partial_match(&dp->nb_uuid, name) >= 4) {
- if (match) {
- VLOG_WARN("name \"%s\" matches multiple datapaths", name);
- return NULL;
- }
- match = dp;
- }
- }
- return match;
-}
-
-static const struct ovntrace_port *
-ovntrace_port_find_by_key(const struct ovntrace_datapath *dp,
- uint16_t tunnel_key)
-{
- const struct shash_node *node;
- SHASH_FOR_EACH (node, &ports) {
- const struct ovntrace_port *port = node->data;
- if (port->dp == dp && port->tunnel_key == tunnel_key) {
- return port;
- }
- }
- return NULL;
-}
-
-static const char *
-ovntrace_port_key_to_name(const struct ovntrace_datapath *dp,
- uint16_t key)
-{
- const struct ovntrace_port *port = ovntrace_port_find_by_key(dp, key);
- return (port ? port->friendly_name
- : !key ? ""
- : "(unnamed)");
-}
-
-static const struct ovntrace_mcgroup *
-ovntrace_mcgroup_find_by_key(const struct ovntrace_datapath *dp,
- uint16_t tunnel_key)
-{
- const struct ovntrace_mcgroup *mcgroup;
- LIST_FOR_EACH (mcgroup, list_node, &dp->mcgroups) {
- if (mcgroup->tunnel_key == tunnel_key) {
- return mcgroup;
- }
- }
- return NULL;
-}
-
-static const struct ovntrace_mcgroup *
-ovntrace_mcgroup_find_by_name(const struct ovntrace_datapath *dp,
- const char *name)
-{
- const struct ovntrace_mcgroup *mcgroup;
- LIST_FOR_EACH (mcgroup, list_node, &dp->mcgroups) {
- if (!strcmp(mcgroup->name, name)) {
- return mcgroup;
- }
- }
- return NULL;
-}
-
-static const struct ovntrace_mac_binding *
-ovntrace_mac_binding_find(const struct ovntrace_datapath *dp,
- uint16_t port_key, const struct in6_addr *ip)
-{
- const struct ovntrace_mac_binding *bind;
- HMAP_FOR_EACH_WITH_HASH (bind, node, hash_mac_binding(port_key, ip),
- &dp->mac_bindings) {
- if (bind->port_key == port_key && ipv6_addr_equals(ip, &bind->ip)) {
- return bind;
- }
- }
- return NULL;
-}
-
-/* If 's' ends with a UUID, returns a copy of it with the UUID truncated to
- * just the first 6 characters; otherwise, returns a copy of 's'. */
-static char *
-shorten_uuid(const char *s)
-{
- size_t len = strlen(s);
- return (len >= UUID_LEN && uuid_is_partial_string(s + (len - UUID_LEN))
- ? xmemdup0(s, len - (UUID_LEN - 6))
- : xstrdup(s));
-}
-
-static void
-read_datapaths(void)
-{
- hmap_init(&datapaths);
- const struct sbrec_datapath_binding *sbdb;
- SBREC_DATAPATH_BINDING_FOR_EACH (sbdb, ovnsb_idl) {
- struct ovntrace_datapath *dp = xzalloc(sizeof *dp);
- const struct smap *ids = &sbdb->external_ids;
-
- dp->sb_uuid = sbdb->header_.uuid;
- if (!smap_get_uuid(ids, "logical-switch", &dp->nb_uuid) &&
- !smap_get_uuid(ids, "logical-router", &dp->nb_uuid)) {
- dp->nb_uuid = dp->sb_uuid;
- }
-
- const char *name = smap_get(ids, "name");
- dp->name = (name
- ? xstrdup(name)
- : xasprintf(UUID_FMT, UUID_ARGS(&dp->nb_uuid)));
-
- dp->name2 = nullable_xstrdup(smap_get(ids, "name2"));
- dp->friendly_name = (!use_friendly_names
- ? xasprintf(UUID_FMT, UUID_ARGS(&dp->nb_uuid))
- : shorten_uuid(dp->name2 ? dp->name2 : dp->name));
-
- dp->tunnel_key = sbdb->tunnel_key;
-
- ovs_list_init(&dp->mcgroups);
- hmap_init(&dp->mac_bindings);
-
- hmap_insert(&datapaths, &dp->sb_uuid_node, uuid_hash(&dp->sb_uuid));
- }
-}
-
-static void
-read_ports(void)
-{
- shash_init(&ports);
- const struct sbrec_port_binding *sbpb;
- SBREC_PORT_BINDING_FOR_EACH (sbpb, ovnsb_idl) {
- const char *port_name = sbpb->logical_port;
- struct ovntrace_datapath *dp
- = ovntrace_datapath_find_by_sb_uuid(&sbpb->datapath->header_.uuid);
- if (!dp) {
- VLOG_WARN("logical port %s missing datapath", port_name);
- continue;
- }
-
- struct ovntrace_port *port = xzalloc(sizeof *port);
- if (!shash_add_once(&ports, port_name, port)) {
- VLOG_WARN("duplicate logical port name %s", port_name);
- free(port);
- continue;
- }
- port->dp = dp;
- port->uuid = sbpb->header_.uuid;
- port->name = xstrdup(port_name);
- port->type = xstrdup(sbpb->type);
- port->tunnel_key = sbpb->tunnel_key;
-
- port->name2 = nullable_xstrdup(smap_get(&sbpb->external_ids, "name"));
- port->friendly_name = (!use_friendly_names ? xstrdup(port->name)
- : shorten_uuid(port->name2
- ? port->name2 : port->name));
-
- if (!strcmp(sbpb->type, "patch")) {
- const char *peer_name = smap_get(&sbpb->options, "peer");
- if (peer_name) {
- struct ovntrace_port *peer
- = shash_find_data(&ports, peer_name);
- if (peer) {
- port->peer = peer;
- port->peer->peer = port;
- }
- }
- } else if (!strcmp(sbpb->type, "l3gateway")) {
- /* Treat all gateways as local for our purposes. */
- dp->has_local_l3gateway = true;
- const char *peer_name = smap_get(&sbpb->options, "peer");
- if (peer_name) {
- struct ovntrace_port *peer
- = shash_find_data(&ports, peer_name);
- if (peer) {
- port->peer = peer;
- port->peer->peer = port;
- }
- }
- }
- }
-
- SBREC_PORT_BINDING_FOR_EACH (sbpb, ovnsb_idl) {
- if (!strcmp(sbpb->type, "chassisredirect")) {
- struct ovntrace_port *port
- = shash_find_data(&ports, sbpb->logical_port);
- if (port) {
- const char *distributed_name = smap_get(&sbpb->options,
- "distributed-port");
- if (distributed_name) {
- struct ovntrace_port *distributed_port
- = shash_find_data(&ports, distributed_name);
- if (distributed_port && distributed_port->dp == port->dp) {
- port->distributed_port = distributed_port;
- }
- }
- }
- }
- }
-}
-
-static int
-compare_port(const void *a_, const void *b_)
-{
- struct ovntrace_port *const *ap = a_;
- struct ovntrace_port *const *bp = b_;
- const struct ovntrace_port *a = *ap;
- const struct ovntrace_port *b = *bp;
-
- return strcmp(a->name, b->name);
-}
-
-static void
-read_mcgroups(void)
-{
- const struct sbrec_multicast_group *sbmg;
- SBREC_MULTICAST_GROUP_FOR_EACH (sbmg, ovnsb_idl) {
- struct ovntrace_datapath *dp
- = ovntrace_datapath_find_by_sb_uuid(&sbmg->datapath->header_.uuid);
- if (!dp) {
- VLOG_WARN("logical multicast group %s missing datapath",
- sbmg->name);
- continue;
- }
-
- struct ovntrace_mcgroup *mcgroup = xzalloc(sizeof *mcgroup);
- ovs_list_push_back(&dp->mcgroups, &mcgroup->list_node);
- mcgroup->dp = dp;
- mcgroup->tunnel_key = sbmg->tunnel_key;
- mcgroup->name = xstrdup(sbmg->name);
- mcgroup->ports = xmalloc(sbmg->n_ports * sizeof *mcgroup->ports);
- for (size_t i = 0; i < sbmg->n_ports; i++) {
- const char *port_name = sbmg->ports[i]->logical_port;
- struct ovntrace_port *p = shash_find_data(&ports, port_name);
- if (!p) {
- VLOG_WARN("missing port %s", port_name);
- continue;
- }
- if (!uuid_equals(&sbmg->ports[i]->datapath->header_.uuid,
- &p->dp->sb_uuid)) {
- VLOG_WARN("multicast group %s in datapath %s contains "
- "port %s outside that datapath",
- mcgroup->name, mcgroup->dp->name, port_name);
- continue;
- }
- mcgroup->ports[mcgroup->n_ports++] = p;
- }
-
- /* Sort the ports in alphabetical order to make output more
- * predictable. */
- qsort(mcgroup->ports, mcgroup->n_ports, sizeof *mcgroup->ports,
- compare_port);
- }
-}
-
-static void
-read_address_sets(void)
-{
- shash_init(&address_sets);
-
- const struct sbrec_address_set *sbas;
- SBREC_ADDRESS_SET_FOR_EACH (sbas, ovnsb_idl) {
- expr_const_sets_add(&address_sets, sbas->name,
- (const char *const *) sbas->addresses,
- sbas->n_addresses, true);
- }
-}
-
-static void
-read_port_groups(void)
-{
- shash_init(&port_groups);
-
- const struct sbrec_port_group *sbpg;
- SBREC_PORT_GROUP_FOR_EACH (sbpg, ovnsb_idl) {
- expr_const_sets_add(&port_groups, sbpg->name,
- (const char *const *) sbpg->ports,
- sbpg->n_ports, false);
- }
-}
-
-static bool
-ovntrace_is_chassis_resident(const void *aux OVS_UNUSED,
- const char *port_name)
-{
- if (port_name[0] == '\0') {
- return true;
- }
-
- const struct ovntrace_port *port = shash_find_data(&ports, port_name);
- if (port) {
- /* Since ovntrace is not chassis specific, assume any port
- * that exists is resident. */
- return true;
- }
-
- VLOG_WARN("%s: unknown logical port\n", port_name);
- return false;
-}
-
-static int
-compare_flow(const void *a_, const void *b_)
-{
- struct ovntrace_flow *const *ap = a_;
- struct ovntrace_flow *const *bp = b_;
- const struct ovntrace_flow *a = *ap;
- const struct ovntrace_flow *b = *bp;
-
- if (a->pipeline != b->pipeline) {
- /* Sort OVNACT_P_INGRESS before OVNACT_P_EGRESS. */
- return a->pipeline == OVNACT_P_EGRESS ? 1 : -1;
- } else if (a->table_id != b->table_id) {
- /* Sort in increasing order of table_id. */
- return a->table_id > b->table_id ? 1 : -1;
- } else if (a->priority != b->priority) {
- /* Sort in decreasing order of priority. */
- return a->priority > b->priority ? -1 : 1;
- } else {
- /* Otherwise who cares. */
- return 0;
- }
-}
-
-static char *
-ovntrace_make_names_friendly(const char *in)
-{
- if (!use_friendly_names) {
- return xstrdup(in);
- }
-
- struct ds out = DS_EMPTY_INITIALIZER;
- while (*in) {
- struct lex_token token;
- const char *start;
- const char *next;
-
- next = lex_token_parse(&token, in, &start);
- if (token.type == LEX_T_STRING) {
- const struct ovntrace_port *port = shash_find_data(&ports,
- token.s);
- if (port) {
- ds_put_buffer(&out, in, start - in);
- json_string_escape(port->friendly_name, &out);
- } else {
- ds_put_buffer(&out, in, next - in);
- }
- } else if (token.type != LEX_T_END) {
- ds_put_buffer(&out, in, next - in);
- } else {
- break;
- }
- lex_token_destroy(&token);
- in = next;
- }
- return ds_steal_cstr(&out);
-}
-
-static void
-read_flows(void)
-{
- ovn_init_symtab(&symtab);
-
- const struct sbrec_logical_flow *sblf;
- SBREC_LOGICAL_FLOW_FOR_EACH (sblf, ovnsb_idl) {
- const struct sbrec_datapath_binding *sbdb = sblf->logical_datapath;
- struct ovntrace_datapath *dp
- = ovntrace_datapath_find_by_sb_uuid(&sbdb->header_.uuid);
- if (!dp) {
- VLOG_WARN("logical flow missing datapath");
- continue;
- }
-
- char *error;
- struct expr *match;
- match = expr_parse_string(sblf->match, &symtab, &address_sets,
- &port_groups, NULL, &error);
- if (error) {
- VLOG_WARN("%s: parsing expression failed (%s)",
- sblf->match, error);
- free(error);
- continue;
- }
-
- struct ovnact_parse_params pp = {
- .symtab = &symtab,
- .dhcp_opts = &dhcp_opts,
- .dhcpv6_opts = &dhcpv6_opts,
- .nd_ra_opts = &nd_ra_opts,
- .pipeline = (!strcmp(sblf->pipeline, "ingress")
- ? OVNACT_P_INGRESS
- : OVNACT_P_EGRESS),
- .n_tables = 24,
- .cur_ltable = sblf->table_id,
- };
- uint64_t stub[1024 / 8];
- struct ofpbuf ovnacts = OFPBUF_STUB_INITIALIZER(stub);
- struct expr *prereqs;
- error = ovnacts_parse_string(sblf->actions, &pp, &ovnacts, &prereqs);
- if (error) {
- VLOG_WARN("%s: parsing actions failed (%s)", sblf->actions, error);
- free(error);
- expr_destroy(match);
- continue;
- }
-
- match = expr_combine(EXPR_T_AND, match, prereqs);
- match = expr_annotate(match, &symtab, &error);
- if (error) {
- VLOG_WARN("match annotation failed (%s)", error);
- free(error);
- expr_destroy(match);
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
- continue;
- }
- if (match) {
- match = expr_simplify(match, ovntrace_is_chassis_resident, NULL);
- }
-
- struct ovntrace_flow *flow = xzalloc(sizeof *flow);
- flow->uuid = sblf->header_.uuid;
- flow->pipeline = (!strcmp(sblf->pipeline, "ingress")
- ? OVNACT_P_INGRESS
- : OVNACT_P_EGRESS);
- flow->table_id = sblf->table_id;
- flow->stage_name = nullable_xstrdup(smap_get(&sblf->external_ids,
- "stage-name"));
- flow->source = nullable_xstrdup(smap_get(&sblf->external_ids,
- "source"));
- flow->priority = sblf->priority;
- flow->match_s = ovntrace_make_names_friendly(sblf->match);
- flow->match = match;
- flow->ovnacts_len = ovnacts.size;
- flow->ovnacts = ofpbuf_steal_data(&ovnacts);
-
- if (dp->n_flows >= dp->allocated_flows) {
- dp->flows = x2nrealloc(dp->flows, &dp->allocated_flows,
- sizeof *dp->flows);
- }
- dp->flows[dp->n_flows++] = flow;
- }
-
- const struct ovntrace_datapath *dp;
- HMAP_FOR_EACH (dp, sb_uuid_node, &datapaths) {
- qsort(dp->flows, dp->n_flows, sizeof *dp->flows, compare_flow);
- }
-}
-
-static void
-read_gen_opts(void)
-{
- hmap_init(&dhcp_opts);
- const struct sbrec_dhcp_options *sdo;
- SBREC_DHCP_OPTIONS_FOR_EACH (sdo, ovnsb_idl) {
- dhcp_opt_add(&dhcp_opts, sdo->name, sdo->code, sdo->type);
- }
-
-
- hmap_init(&dhcpv6_opts);
- const struct sbrec_dhcpv6_options *sdo6;
- SBREC_DHCPV6_OPTIONS_FOR_EACH(sdo6, ovnsb_idl) {
- dhcp_opt_add(&dhcpv6_opts, sdo6->name, sdo6->code, sdo6->type);
- }
-
- hmap_init(&nd_ra_opts);
- nd_ra_opts_init(&nd_ra_opts);
-}
-
-static void
-read_mac_bindings(void)
-{
- const struct sbrec_mac_binding *sbmb;
- SBREC_MAC_BINDING_FOR_EACH (sbmb, ovnsb_idl) {
- const struct ovntrace_port *port = shash_find_data(
- &ports, sbmb->logical_port);
- if (!port) {
- VLOG_WARN("missing port %s", sbmb->logical_port);
- continue;
- }
-
- if (!uuid_equals(&port->dp->sb_uuid, &sbmb->datapath->header_.uuid)) {
- VLOG_WARN("port %s is in wrong datapath", sbmb->logical_port);
- continue;
- }
-
- struct in6_addr ip6;
- ovs_be32 ip4;
- if (ip_parse(sbmb->ip, &ip4)) {
- ip6 = in6_addr_mapped_ipv4(ip4);
- } else if (!ipv6_parse(sbmb->ip, &ip6)) {
- VLOG_WARN("%s: bad IP address", sbmb->ip);
- continue;
- }
-
- struct eth_addr mac;
- if (!eth_addr_from_string(sbmb->mac, &mac)) {
- VLOG_WARN("%s: bad Ethernet address", sbmb->mac);
- continue;
- }
-
- struct ovntrace_mac_binding *binding = xmalloc(sizeof *binding);
- binding->port_key = port->tunnel_key;
- binding->ip = ip6;
- binding->mac = mac;
- hmap_insert(&port->dp->mac_bindings, &binding->node,
- hash_mac_binding(binding->port_key, &ip6));
- }
-}
-
-static void
-read_db(void)
-{
- read_datapaths();
- read_ports();
- read_mcgroups();
- read_address_sets();
- read_port_groups();
- read_gen_opts();
- read_flows();
- read_mac_bindings();
-}
-
-static const struct ovntrace_port *
-ovntrace_port_lookup_by_name(const char *name)
-{
- const struct ovntrace_port *port = shash_find_data(&ports, name);
- if (port) {
- return port;
- }
-
- const struct ovntrace_port *match = NULL;
-
- struct shash_node *node;
- SHASH_FOR_EACH (node, &ports) {
- port = node->data;
-
- if (port->name2 && !strcmp(port->name2, name)) {
- if (match) {
- VLOG_WARN("name \"%s\" matches multiple ports", name);
- return NULL;
- }
- match = port;
- }
- }
-
- if (uuid_is_partial_string(name) >= 4) {
- SHASH_FOR_EACH (node, &ports) {
- port = node->data;
-
- struct uuid name_uuid;
- if (uuid_is_partial_match(&port->uuid, name)
- || (uuid_from_string(&name_uuid, port->name)
- && uuid_is_partial_match(&name_uuid, name))) {
- if (match && match != port) {
- VLOG_WARN("name \"%s\" matches multiple ports", name);
- return NULL;
- }
- match = port;
- }
- }
- }
-
- return match;
-}
-
-static bool
-ovntrace_lookup_port(const void *dp_, const char *port_name,
- unsigned int *portp)
-{
- const struct ovntrace_datapath *dp = dp_;
-
- if (port_name[0] == '\0') {
- *portp = 0;
- return true;
- }
-
- const struct ovntrace_port *port = ovntrace_port_lookup_by_name(port_name);
- if (port) {
- if (port->dp == dp) {
- *portp = port->tunnel_key;
- return true;
- }
- /* The port is found but not in this datapath. It happens when port
- * group is used in match conditions. */
- return false;
- }
-
- const struct ovntrace_mcgroup *mcgroup = ovntrace_mcgroup_find_by_name(dp, port_name);
- if (mcgroup) {
- *portp = mcgroup->tunnel_key;
- return true;
- }
-
- VLOG_WARN("%s: unknown logical port", port_name);
- return false;
-}
-
-static const struct ovntrace_flow *
-ovntrace_flow_lookup(const struct ovntrace_datapath *dp,
- const struct flow *uflow,
- uint8_t table_id, enum ovnact_pipeline pipeline)
-{
- for (size_t i = 0; i < dp->n_flows; i++) {
- const struct ovntrace_flow *flow = dp->flows[i];
- if (flow->pipeline == pipeline &&
- flow->table_id == table_id &&
- expr_evaluate(flow->match, uflow, ovntrace_lookup_port, dp)) {
- return flow;
- }
- }
- return NULL;
-}
-
-static char *
-ovntrace_stage_name(const struct ovntrace_datapath *dp,
- uint8_t table_id, enum ovnact_pipeline pipeline)
-{
- for (size_t i = 0; i < dp->n_flows; i++) {
- const struct ovntrace_flow *flow = dp->flows[i];
- if (flow->pipeline == pipeline && flow->table_id == table_id) {
- return xstrdup(flow->stage_name);;
- }
- }
- return NULL;
-}
-
-/* Type of a node within a trace. */
-enum ovntrace_node_type {
- /* Nodes that may have children (nonterminal nodes). */
- OVNTRACE_NODE_OUTPUT,
- OVNTRACE_NODE_MODIFY,
- OVNTRACE_NODE_ACTION,
- OVNTRACE_NODE_ERROR,
-
- /* Nodes that never have children (terminal nodes). */
- OVNTRACE_NODE_PIPELINE,
- OVNTRACE_NODE_TABLE,
- OVNTRACE_NODE_TRANSFORMATION
-};
-
-static bool
-ovntrace_node_type_is_terminal(enum ovntrace_node_type type)
-{
- switch (type) {
- case OVNTRACE_NODE_OUTPUT:
- case OVNTRACE_NODE_MODIFY:
- case OVNTRACE_NODE_ACTION:
- case OVNTRACE_NODE_ERROR:
- return true;
-
- case OVNTRACE_NODE_PIPELINE:
- case OVNTRACE_NODE_TABLE:
- case OVNTRACE_NODE_TRANSFORMATION:
- return false;
- }
-
- OVS_NOT_REACHED();
-}
-
-struct ovntrace_node {
- struct ovs_list node; /* In parent. */
-
- enum ovntrace_node_type type;
- char *name;
- bool always_indent;
- struct ovs_list subs; /* List of children. */
-};
-
-static void ovntrace_node_destroy(struct ovntrace_node *);
-
-static struct ovntrace_node * OVS_PRINTF_FORMAT(3, 4)
-ovntrace_node_append(struct ovs_list *super, enum ovntrace_node_type type,
- const char *format, ...)
-{
- va_list args;
- va_start(args, format);
- char *s = xvasprintf(format, args);
- va_end(args);
-
- struct ovntrace_node *node = xmalloc(sizeof *node);
- ovs_list_push_back(super, &node->node);
- node->type = type;
- node->name = s;
- node->always_indent = false;
- ovs_list_init(&node->subs);
-
- return node;
-}
-
-static void
-ovntrace_node_clone(const struct ovs_list *old, struct ovs_list *new)
-{
- const struct ovntrace_node *osub;
- LIST_FOR_EACH (osub, node, old) {
- struct ovntrace_node *nsub = ovntrace_node_append(new, osub->type,
- "%s", osub->name);
- nsub->always_indent = osub->always_indent;
- ovntrace_node_clone(&osub->subs, &nsub->subs);
- }
-}
-
-static void
-ovntrace_node_list_destroy(struct ovs_list *list)
-{
- if (list) {
- struct ovntrace_node *node, *next;
-
- LIST_FOR_EACH_SAFE (node, next, node, list) {
- ovs_list_remove(&node->node);
- ovntrace_node_destroy(node);
- }
- }
-}
-
-static void
-ovntrace_node_destroy(struct ovntrace_node *node)
-{
- if (node) {
- ovntrace_node_list_destroy(&node->subs);
- free(node->name);
- free(node);
- }
-}
-
-static void
-ovntrace_node_print_details(struct ds *output,
- const struct ovs_list *nodes, int level)
-{
- const struct ovntrace_node *sub;
- LIST_FOR_EACH (sub, node, nodes) {
- if (sub->type == OVNTRACE_NODE_MODIFY) {
- continue;
- }
-
- bool more = (sub->node.next != nodes
- || sub->always_indent
- || ovntrace_node_type_is_terminal(sub->type));
- bool title = (sub->type == OVNTRACE_NODE_PIPELINE ||
- sub->type == OVNTRACE_NODE_TRANSFORMATION);
- if (title) {
- ds_put_char(output, '\n');
- }
- ds_put_char_multiple(output, ' ', (level + more) * 4);
- ds_put_format(output, "%s\n", sub->name);
- if (title) {
- ds_put_char_multiple(output, ' ', (level + more) * 4);
- ds_put_char_multiple(output, '-', strlen(sub->name));
- ds_put_char(output, '\n');
- }
-
- ovntrace_node_print_details(output, &sub->subs, level + more + more);
- }
-}
-
-static void
-ovntrace_node_prune_summary(struct ovs_list *nodes)
-{
- struct ovntrace_node *sub, *next;
- LIST_FOR_EACH_SAFE (sub, next, node, nodes) {
- ovntrace_node_prune_summary(&sub->subs);
- if (sub->type == OVNTRACE_NODE_MODIFY ||
- sub->type == OVNTRACE_NODE_TABLE) {
- /* Replace 'sub' by its children, if any, */
- ovs_list_remove(&sub->node);
- ovs_list_splice(&next->node, sub->subs.next, &sub->subs);
- ovntrace_node_destroy(sub);
- }
- }
-}
-
-static void
-ovntrace_node_print_summary(struct ds *output, const struct ovs_list *nodes,
- int level)
-{
- const struct ovntrace_node *sub;
- LIST_FOR_EACH (sub, node, nodes) {
- if (sub->type == OVNTRACE_NODE_ACTION
- && !strncmp(sub->name, "next(", 5)) {
- continue;
- }
-
- ds_put_char_multiple(output, ' ', level * 4);
- ds_put_cstr(output, sub->name);
- if (!ovs_list_is_empty(&sub->subs)) {
- ds_put_cstr(output, " {\n");
- ovntrace_node_print_summary(output, &sub->subs, level + 1);
- ds_put_char_multiple(output, ' ', level * 4);
- ds_put_char(output, '}');
- }
- if (sub->type != OVNTRACE_NODE_ACTION) {
- ds_put_char(output, ';');
- }
- ds_put_char(output, '\n');
- }
-}
-
-static void
-ovntrace_node_prune_hard(struct ovs_list *nodes)
-{
- struct ovntrace_node *sub, *next;
- LIST_FOR_EACH_SAFE (sub, next, node, nodes) {
- ovntrace_node_prune_hard(&sub->subs);
- if (sub->type == OVNTRACE_NODE_ACTION ||
- sub->type == OVNTRACE_NODE_PIPELINE ||
- sub->type == OVNTRACE_NODE_TABLE ||
- sub->type == OVNTRACE_NODE_OUTPUT) {
- /* Replace 'sub' by its children, if any, */
- ovs_list_remove(&sub->node);
- ovs_list_splice(&next->node, sub->subs.next, &sub->subs);
- ovntrace_node_destroy(sub);
- }
- }
-}
-
-static void
-execute_load(const struct ovnact_load *load,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- struct ovs_list *super OVS_UNUSED)
-{
- const struct ovnact_encode_params ep = {
- .lookup_port = ovntrace_lookup_port,
- .aux = dp,
- };
- uint64_t stub[512 / 8];
- struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
-
- ovnacts_encode(&load->ovnact, sizeof *load, &ep, &ofpacts);
-
- struct ofpact *a;
- OFPACT_FOR_EACH (a, ofpacts.data, ofpacts.size) {
- struct ofpact_set_field *sf = ofpact_get_SET_FIELD(a);
-
- if (!mf_is_register(sf->field->id)) {
- struct ds s = DS_EMPTY_INITIALIZER;
- ovnacts_format(&load->ovnact, OVNACT_LOAD_SIZE, &s);
- ds_chomp(&s, ';');
-
- char *friendly = ovntrace_make_names_friendly(ds_cstr(&s));
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY, "%s", friendly);
- free(friendly);
-
- ds_destroy(&s);
- }
-
- if (mf_are_prereqs_ok(sf->field, uflow, NULL)) {
- mf_set_flow_value_masked(sf->field, sf->value,
- ofpact_set_field_mask(sf), uflow);
- }
- }
- ofpbuf_uninit(&ofpacts);
-}
-
-static void
-summarize_move(const struct mf_subfield *rsrc,
- const struct expr_field *dst, const struct mf_subfield *rdst,
- const struct flow *uflow, struct ovs_list *super OVS_UNUSED)
-{
- if (!mf_is_register(rdst->field->id)) {
- struct ds s = DS_EMPTY_INITIALIZER;
- expr_field_format(dst, &s);
- ds_put_cstr(&s, " = ");
-
- if (rsrc->ofs == 0 && rsrc->n_bits >= rsrc->field->n_bits) {
- union mf_value value;
- mf_get_value(rsrc->field, uflow, &value);
- mf_format(rsrc->field, &value, NULL, NULL, &s);
- } else {
- union mf_subvalue cst;
- mf_read_subfield(rsrc, uflow, &cst);
- ds_put_hex(&s, &cst, sizeof cst);
- }
-
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY, "%s", ds_cstr(&s));
-
- ds_destroy(&s);
- }
-}
-
-static void
-execute_move(const struct ovnact_move *move, struct flow *uflow,
- struct ovs_list *super)
-{
- struct mf_subfield dst = expr_resolve_field(&move->lhs);
- struct mf_subfield src = expr_resolve_field(&move->rhs);
- summarize_move(&src, &move->lhs, &dst, uflow, super);
- mf_subfield_copy(&src, &dst, uflow, NULL);
-}
-
-static void
-execute_exchange(const struct ovnact_move *move, struct flow *uflow,
- struct ovs_list *super)
-{
- struct mf_subfield a = expr_resolve_field(&move->lhs);
- struct mf_subfield b = expr_resolve_field(&move->rhs);
- summarize_move(&b, &move->lhs, &a, uflow, super);
- summarize_move(&a, &move->rhs, &b, uflow, super);
- mf_subfield_swap(&a, &b, uflow, NULL);
-}
-
-static void
-trace__(const struct ovntrace_datapath *dp, struct flow *uflow,
- uint8_t table_id, enum ovnact_pipeline pipeline,
- struct ovs_list *super);
-
-static void
-trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- uint8_t table_id, enum ovnact_pipeline pipeline,
- struct ovs_list *super);
-static void
-execute_output(const struct ovntrace_datapath *dp, struct flow *uflow,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- uint16_t key = uflow->regs[MFF_LOG_OUTPORT - MFF_REG0];
- if (!key) {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** output to null logical port");
- return;
- }
-
- const struct ovntrace_port *port = ovntrace_port_find_by_key(dp, key);
- const struct ovntrace_mcgroup *mcgroup = ovntrace_mcgroup_find_by_key(dp,
- key);
- const char *out_name = (port ? port->friendly_name
- : mcgroup ? mcgroup->name
- : "(unnamed)");
- if (!port && !mcgroup) {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** unknown port or multicast group %"PRIu16,
- key);
- }
-
- if (pipeline == OVNACT_P_EGRESS) {
- ovntrace_node_append(super, OVNTRACE_NODE_OUTPUT,
- "/* output to \"%s\", type \"%s\" */",
- out_name, port ? port->type : "");
- if (port && port->peer) {
- const struct ovntrace_port *peer = port->peer;
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_PIPELINE,
- "ingress(dp=\"%s\", inport=\"%s\")",
- peer->dp->friendly_name, peer->friendly_name);
-
- struct flow new_uflow = *uflow;
- new_uflow.regs[MFF_LOG_INPORT - MFF_REG0] = peer->tunnel_key;
- new_uflow.regs[MFF_LOG_OUTPORT - MFF_REG0] = 0;
- trace__(peer->dp, &new_uflow, 0, OVNACT_P_INGRESS, &node->subs);
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY,
- "output(\"%s\")", out_name);
-
- }
- return;
- }
-
- struct flow egress_uflow = *uflow;
- for (int i = 0; i < FLOW_N_REGS; i++) {
- if (i != MFF_LOG_INPORT - MFF_REG0 &&
- i != MFF_LOG_OUTPORT - MFF_REG0) {
- egress_uflow.regs[i] = 0;
- }
- }
-
- uint16_t in_key = uflow->regs[MFF_LOG_INPORT - MFF_REG0];
- const char *inport_name = ovntrace_port_key_to_name(dp, in_key);
- uint32_t flags = uflow->regs[MFF_LOG_FLAGS - MFF_REG0];
- bool allow_loopback = (flags & MLF_ALLOW_LOOPBACK) != 0;
-
- if (mcgroup) {
- struct ovntrace_node *mcnode = ovntrace_node_append(
- super, OVNTRACE_NODE_PIPELINE,
- "multicast(dp=\"%s\", mcgroup=\"%s\")",
- dp->friendly_name, mcgroup->name);
- for (size_t i = 0; i < mcgroup->n_ports; i++) {
- const struct ovntrace_port *p = mcgroup->ports[i];
-
- struct ovntrace_node *node = ovntrace_node_append(
- &mcnode->subs, OVNTRACE_NODE_PIPELINE,
- "egress(dp=\"%s\", inport=\"%s\", outport=\"%s\")",
- dp->friendly_name, inport_name, p->friendly_name);
-
- if (p->tunnel_key != in_key || allow_loopback) {
- node->always_indent = true;
-
- egress_uflow.regs[MFF_LOG_OUTPORT - MFF_REG0] = p->tunnel_key;
- trace__(dp, &egress_uflow, 0, OVNACT_P_EGRESS, &node->subs);
- } else {
- ovntrace_node_append(&node->subs, OVNTRACE_NODE_OUTPUT,
- "/* omitting output because inport == outport && !flags.loopback */");
- }
- }
- return;
- }
-
- if (port && !strcmp(port->type, "chassisredirect")) {
- if (port->distributed_port) {
- ovntrace_node_append(super, OVNTRACE_NODE_OUTPUT,
- "/* Replacing type \"%s\" outport \"%s\""
- " with distributed port \"%s\". */",
- port->type, port->friendly_name,
- port->distributed_port->friendly_name);
- port = port->distributed_port;
- out_name = port->friendly_name;
- egress_uflow.regs[MFF_LOG_OUTPORT - MFF_REG0] = port->tunnel_key;
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** output to type \"%s\" port \"%s\""
- " with no or invalid distributed port",
- port->type, out_name);
- return;
- }
- }
-
- if ((port && port->tunnel_key != in_key) || allow_loopback) {
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_PIPELINE,
- "egress(dp=\"%s\", inport=\"%s\", outport=\"%s\")",
- dp->friendly_name, inport_name, out_name);
-
- trace__(dp, &egress_uflow, 0, OVNACT_P_EGRESS, &node->subs);
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_OUTPUT,
- "/* omitting output because inport == outport && !flags.loopback */");
- }
-}
-
-static void
-execute_clone(const struct ovnact_nest *on, const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow cloned_flow = *uflow;
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "clone");
-
- trace_actions(on->nested, on->nested_len, dp, &cloned_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_arp(const struct ovnact_nest *on, const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow arp_flow = *uflow;
-
- /* Zero fields that are no longer relevant. */
- arp_flow.nw_frag = 0;
- arp_flow.nw_tos = 0;
- arp_flow.nw_ttl = 0;
- arp_flow.tcp_flags = 0;
-
- /* Update fields for ARP. */
- arp_flow.dl_type = htons(ETH_TYPE_ARP);
- arp_flow.nw_proto = ARP_OP_REQUEST;
- arp_flow.arp_sha = arp_flow.dl_src;
- arp_flow.arp_tha = eth_addr_zero;
- /* ARP SPA is already in arp_flow.nw_src. */
- /* ARP TPA is already in arp_flow.nw_dst. */
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "arp");
-
- trace_actions(on->nested, on->nested_len, dp, &arp_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_nd_na(const struct ovnact_nest *on, const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow na_flow = *uflow;
-
- /* Update fields for NA. */
- na_flow.dl_src = uflow->dl_dst;
- na_flow.dl_dst = uflow->dl_src;
- na_flow.ipv6_dst = uflow->ipv6_src;
- na_flow.ipv6_src = uflow->nd_target;
- na_flow.tp_src = htons(136);
- na_flow.arp_sha = eth_addr_zero;
- na_flow.arp_tha = uflow->dl_dst;
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "nd_na");
-
- trace_actions(on->nested, on->nested_len, dp, &na_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_nd_ns(const struct ovnact_nest *on, const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow na_flow = *uflow;
-
- /* Update fields for NA. */
- na_flow.dl_src = uflow->dl_src;
- na_flow.ipv6_src = uflow->ipv6_src;
- na_flow.ipv6_dst = uflow->ipv6_dst;
- struct in6_addr sn_addr;
- in6_addr_solicited_node(&sn_addr, &uflow->ipv6_dst);
- ipv6_multicast_to_ethernet(&na_flow.dl_dst, &sn_addr);
- na_flow.tp_src = htons(135);
- na_flow.arp_sha = eth_addr_zero;
- na_flow.arp_tha = uflow->dl_dst;
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "nd_ns");
-
- trace_actions(on->nested, on->nested_len, dp, &na_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_icmp4(const struct ovnact_nest *on,
- const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow icmp4_flow = *uflow;
-
- /* Update fields for ICMP. */
- icmp4_flow.dl_dst = uflow->dl_dst;
- icmp4_flow.dl_src = uflow->dl_src;
- icmp4_flow.nw_dst = uflow->nw_dst;
- icmp4_flow.nw_src = uflow->nw_src;
- icmp4_flow.nw_proto = IPPROTO_ICMP;
- icmp4_flow.nw_ttl = 255;
- icmp4_flow.tp_src = htons(ICMP4_DST_UNREACH); /* icmp type */
- icmp4_flow.tp_dst = htons(1); /* icmp code */
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "icmp4");
-
- trace_actions(on->nested, on->nested_len, dp, &icmp4_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_icmp6(const struct ovnact_nest *on,
- const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow icmp6_flow = *uflow;
-
- /* Update fields for ICMPv6. */
- icmp6_flow.dl_dst = uflow->dl_dst;
- icmp6_flow.dl_src = uflow->dl_src;
- icmp6_flow.ipv6_dst = uflow->ipv6_dst;
- icmp6_flow.ipv6_src = uflow->ipv6_src;
- icmp6_flow.nw_proto = IPPROTO_ICMPV6;
- icmp6_flow.nw_ttl = 255;
- icmp6_flow.tp_src = htons(ICMP6_DST_UNREACH); /* icmp type */
- icmp6_flow.tp_dst = htons(1); /* icmp code */
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "icmp6");
-
- trace_actions(on->nested, on->nested_len, dp, &icmp6_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_tcp_reset(const struct ovnact_nest *on,
- const struct ovntrace_datapath *dp,
- const struct flow *uflow, uint8_t table_id,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow tcp_flow = *uflow;
-
- /* Update fields for TCP segment. */
- tcp_flow.dl_dst = uflow->dl_dst;
- tcp_flow.dl_src = uflow->dl_src;
- tcp_flow.nw_dst = uflow->nw_dst;
- tcp_flow.nw_src = uflow->nw_src;
- tcp_flow.nw_proto = IPPROTO_TCP;
- tcp_flow.nw_ttl = 255;
- tcp_flow.tp_src = uflow->tp_src;
- tcp_flow.tp_dst = uflow->tp_dst;
- tcp_flow.tcp_flags = htons(TCP_RST);
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "tcp_reset");
-
- trace_actions(on->nested, on->nested_len, dp, &tcp_flow,
- table_id, pipeline, &node->subs);
-}
-
-static void
-execute_get_mac_bind(const struct ovnact_get_mac_bind *bind,
- const struct ovntrace_datapath *dp,
- struct flow *uflow, struct ovs_list *super)
-{
- /* Get logical port number.*/
- struct mf_subfield port_sf = expr_resolve_field(&bind->port);
- ovs_assert(port_sf.n_bits == 32);
- uint32_t port_key = mf_get_subfield(&port_sf, uflow);
-
- /* Get IP address. */
- struct mf_subfield ip_sf = expr_resolve_field(&bind->ip);
- ovs_assert(ip_sf.n_bits == 32 || ip_sf.n_bits == 128);
- union mf_subvalue ip_sv;
- mf_read_subfield(&ip_sf, uflow, &ip_sv);
- struct in6_addr ip = (ip_sf.n_bits == 32
- ? in6_addr_mapped_ipv4(ip_sv.ipv4)
- : ip_sv.ipv6);
-
- const struct ovntrace_mac_binding *binding
- = ovntrace_mac_binding_find(dp, port_key, &ip);
-
- uflow->dl_dst = binding ? binding->mac : eth_addr_zero;
- if (binding) {
- ovntrace_node_append(super, OVNTRACE_NODE_ACTION,
- "/* MAC binding to "ETH_ADDR_FMT". */",
- ETH_ADDR_ARGS(uflow->dl_dst));
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_ACTION,
- "/* No MAC binding. */");
- }
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY,
- "eth.dst = "ETH_ADDR_FMT,
- ETH_ADDR_ARGS(uflow->dl_dst));
-}
-
-static void
-execute_put_opts(const struct ovnact_put_opts *po,
- const char *name, struct flow *uflow,
- struct ovs_list *super)
-{
- /* Format the put_dhcp_opts action. */
- struct ds s = DS_EMPTY_INITIALIZER;
- for (const struct ovnact_gen_option *o = po->options;
- o < &po->options[po->n_options]; o++) {
- if (o != po->options) {
- ds_put_cstr(&s, ", ");
- }
- ds_put_format(&s, "%s = ", o->option->name);
- expr_constant_set_format(&o->value, &s);
- }
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY, "%s(%s)",
- name, ds_cstr(&s));
-
- struct mf_subfield dst = expr_resolve_field(&po->dst);
- if (!mf_is_register(dst.field->id)) {
- /* Format assignment. */
- ds_clear(&s);
- expr_field_format(&po->dst, &s);
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY,
- "%s = 1", ds_cstr(&s));
- }
- ds_destroy(&s);
-
- struct mf_subfield sf = expr_resolve_field(&po->dst);
- union mf_subvalue sv = { .u8_val = 1 };
- mf_write_subfield_flow(&sf, &sv, uflow);
-}
-
-static void
-execute_put_dhcp_opts(const struct ovnact_put_opts *pdo,
- const char *name, struct flow *uflow,
- struct ovs_list *super)
-{
- ovntrace_node_append(
- super, OVNTRACE_NODE_ERROR,
- "/* We assume that this packet is DHCPDISCOVER or DHCPREQUEST. */");
- execute_put_opts(pdo, name, uflow, super);
-}
-
-static void
-execute_put_nd_ra_opts(const struct ovnact_put_opts *pdo,
- const char *name, struct flow *uflow,
- struct ovs_list *super)
-{
- execute_put_opts(pdo, name, uflow, super);
-}
-
-static void
-execute_next(const struct ovnact_next *next,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- if (pipeline != next->pipeline) {
- ovs_assert(next->pipeline == OVNACT_P_INGRESS);
-
- uint16_t in_key = uflow->regs[MFF_LOG_INPORT - MFF_REG0];
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_PIPELINE, "ingress(dp=\"%s\", inport=\"%s\")",
- dp->friendly_name, ovntrace_port_key_to_name(dp, in_key));
- super = &node->subs;
- }
- trace__(dp, uflow, next->ltable, next->pipeline, super);
-}
-
-
-static void
-execute_dns_lookup(const struct ovnact_dns_lookup *dl, struct flow *uflow,
- struct ovs_list *super)
-{
- struct mf_subfield sf = expr_resolve_field(&dl->dst);
- union mf_subvalue sv = { .u8_val = 0 };
- mf_write_subfield_flow(&sf, &sv, uflow);
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** dns_lookup action not implemented");
-}
-
-static void
-execute_ct_next(const struct ovnact_ct_next *ct_next,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- /* Figure out ct_state. */
- uint32_t state;
- const char *comment;
- if (ct_state_idx < n_ct_states) {
- state = ct_states[ct_state_idx++];
- comment = "";
- } else {
- state = CS_ESTABLISHED | CS_TRACKED;
- comment = " /* default (use --ct to customize) */";
- }
-
- /* Make a sub-node for attaching the next table. */
- struct ds s = DS_EMPTY_INITIALIZER;
- format_flags(&s, ct_state_to_string, state, '|');
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "ct_next(ct_state=%s%s)",
- ds_cstr(&s), comment);
- ds_destroy(&s);
-
- /* Trace the actions in the next table. */
- struct flow ct_flow = *uflow;
- ct_flow.ct_state = state;
- trace__(dp, &ct_flow, ct_next->ltable, pipeline, &node->subs);
-
- /* Upon return, we will trace the actions following the ct action in the
- * original table. The pipeline forked, so we're using the original
- * flow, not ct_flow. */
-}
-
-static void
-execute_ct_nat(const struct ovnact_ct_nat *ct_nat,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- bool is_dst = ct_nat->ovnact.type == OVNACT_CT_DNAT;
- if (!is_dst && dp->has_local_l3gateway && !ct_nat->ip) {
- /* "ct_snat;" has no visible effect in a gateway router. */
- return;
- }
- const char *direction = is_dst ? "dst" : "src";
-
- /* Make a sub-node for attaching the next table,
- * and figure out the changes if any. */
- struct flow ct_flow = *uflow;
- struct ds s = DS_EMPTY_INITIALIZER;
- ds_put_format(&s, "ct_%cnat", direction[0]);
- if (ct_nat->ip) {
- ds_put_format(&s, "(ip4.%s="IP_FMT")", direction, IP_ARGS(ct_nat->ip));
- ovs_be32 *ip = is_dst ? &ct_flow.nw_dst : &ct_flow.nw_src;
- *ip = ct_nat->ip;
-
- uint8_t state = is_dst ? CS_DST_NAT : CS_SRC_NAT;
- ct_flow.ct_state |= state;
- } else {
- ds_put_format(&s, " /* assuming no un-%cnat entry, so no change */",
- direction[0]);
- }
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "%s", ds_cstr(&s));
- ds_destroy(&s);
-
- /* Trace the actions in the next table. */
- trace__(dp, &ct_flow, ct_nat->ltable, pipeline, &node->subs);
-
- /* Upon return, we will trace the actions following the ct action in the
- * original table. The pipeline forked, so we're using the original
- * flow, not ct_flow. */
-}
-
-static void
-execute_ct_lb(const struct ovnact_ct_lb *ct_lb,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- enum ovnact_pipeline pipeline, struct ovs_list *super)
-{
- struct flow ct_lb_flow = *uflow;
-
- int family = (ct_lb_flow.dl_type == htons(ETH_TYPE_IP) ? AF_INET
- : ct_lb_flow.dl_type == htons(ETH_TYPE_IPV6) ? AF_INET6
- : AF_UNSPEC);
- if (family != AF_UNSPEC) {
- const struct ovnact_ct_lb_dst *dst = NULL;
- if (ct_lb->n_dsts) {
- /* For ct_lb with addresses, choose one of the addresses. */
- int n = 0;
- for (int i = 0; i < ct_lb->n_dsts; i++) {
- const struct ovnact_ct_lb_dst *d = &ct_lb->dsts[i];
- if (d->family != family) {
- continue;
- }
-
- /* Check for the destination specified by --lb-dst, if any. */
- if (lb_dst.family == family
- && (family == AF_INET
- ? d->ipv4 == lb_dst.ipv4
- : ipv6_addr_equals(&d->ipv6, &lb_dst.ipv6))) {
- lb_dst.family = AF_UNSPEC;
- dst = d;
- break;
- }
-
- /* Select a random destination as a fallback. */
- if (!random_range(++n)) {
- dst = d;
- }
- }
-
- if (!dst) {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** no load balancing destination "
- "(use --lb-dst)");
- }
- } else if (lb_dst.family == family) {
- /* For ct_lb without addresses, use user-specified address. */
- dst = &lb_dst;
- }
-
- if (dst) {
- if (family == AF_INET6) {
- ct_lb_flow.ipv6_dst = dst->ipv6;
- } else {
- ct_lb_flow.nw_dst = dst->ipv4;
- }
- if (dst->port) {
- ct_lb_flow.tp_dst = htons(dst->port);
- }
- ct_lb_flow.ct_state |= CS_DST_NAT;
- }
- }
-
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TRANSFORMATION, "ct_lb");
- trace__(dp, &ct_lb_flow, ct_lb->ltable, pipeline, &node->subs);
-}
-
-static void
-execute_log(const struct ovnact_log *log, struct flow *uflow,
- struct ovs_list *super)
-{
- char *packet_str = flow_to_string(uflow, NULL);
- ovntrace_node_append(super, OVNTRACE_NODE_TRANSFORMATION,
- "LOG: ACL name=%s, verdict=%s, severity=%s, packet=\"%s\"",
- log->name ? log->name : "",
- log_verdict_to_string(log->verdict),
- log_severity_to_string(log->severity),
- packet_str);
- free(packet_str);
-}
-
-static void
-execute_ovnfield_load(const struct ovnact_load *load,
- struct ovs_list *super)
-{
- const struct ovn_field *f = ovn_field_from_name(load->dst.symbol->name);
- switch (f->id) {
- case OVN_ICMP4_FRAG_MTU: {
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY,
- "icmp4.frag_mtu = %u",
- ntohs(load->imm.value.be16_int));
- break;
- }
-
- case OVN_FIELD_N_IDS:
- default:
- OVS_NOT_REACHED();
- }
-}
-
-static void
-trace_actions(const struct ovnact *ovnacts, size_t ovnacts_len,
- const struct ovntrace_datapath *dp, struct flow *uflow,
- uint8_t table_id, enum ovnact_pipeline pipeline,
- struct ovs_list *super)
-{
- if (!ovnacts_len) {
- ovntrace_node_append(super, OVNTRACE_NODE_ACTION, "drop;");
- return;
- }
-
- struct ds s = DS_EMPTY_INITIALIZER;
- const struct ovnact *a;
- OVNACT_FOR_EACH (a, ovnacts, ovnacts_len) {
- ds_clear(&s);
- ovnacts_format(a, sizeof *a * (ovnact_next(a) - a), &s);
- char *friendly = ovntrace_make_names_friendly(ds_cstr(&s));
- ovntrace_node_append(super, OVNTRACE_NODE_ACTION, "%s", friendly);
- free(friendly);
-
- switch (a->type) {
- case OVNACT_OUTPUT:
- execute_output(dp, uflow, pipeline, super);
- break;
-
- case OVNACT_NEXT:
- execute_next(ovnact_get_NEXT(a), dp, uflow, pipeline, super);
- break;
-
- case OVNACT_LOAD:
- execute_load(ovnact_get_LOAD(a), dp, uflow, super);
- break;
-
- case OVNACT_MOVE:
- execute_move(ovnact_get_MOVE(a), uflow, super);
- break;
-
- case OVNACT_EXCHANGE:
- execute_exchange(ovnact_get_EXCHANGE(a), uflow, super);
- break;
-
- case OVNACT_DEC_TTL:
- if (is_ip_any(uflow)) {
- if (uflow->nw_ttl) {
- uflow->nw_ttl--;
- ovntrace_node_append(super, OVNTRACE_NODE_MODIFY,
- "ip.ttl--");
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** TTL underflow");
- }
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** TTL decrement of non-IP packet");
- }
- break;
-
- case OVNACT_CT_NEXT:
- execute_ct_next(ovnact_get_CT_NEXT(a), dp, uflow, pipeline, super);
- break;
-
- case OVNACT_CT_COMMIT:
- /* Nothing to do. */
- break;
-
- case OVNACT_CT_DNAT:
- execute_ct_nat(ovnact_get_CT_DNAT(a), dp, uflow, pipeline, super);
- break;
-
- case OVNACT_CT_SNAT:
- execute_ct_nat(ovnact_get_CT_SNAT(a), dp, uflow, pipeline, super);
- break;
-
- case OVNACT_CT_LB:
- execute_ct_lb(ovnact_get_CT_LB(a), dp, uflow, pipeline, super);
- break;
-
- case OVNACT_CT_CLEAR:
- flow_clear_conntrack(uflow);
- break;
-
- case OVNACT_CLONE:
- execute_clone(ovnact_get_CLONE(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_ARP:
- execute_arp(ovnact_get_ARP(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_ND_NA:
- case OVNACT_ND_NA_ROUTER:
- execute_nd_na(ovnact_get_ND_NA(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_ND_NS:
- execute_nd_ns(ovnact_get_ND_NS(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_GET_ARP:
- execute_get_mac_bind(ovnact_get_GET_ARP(a), dp, uflow, super);
- break;
-
- case OVNACT_GET_ND:
- execute_get_mac_bind(ovnact_get_GET_ND(a), dp, uflow, super);
- break;
-
- case OVNACT_PUT_ARP:
- case OVNACT_PUT_ND:
- /* Nothing to do for tracing. */
- break;
-
- case OVNACT_PUT_DHCPV4_OPTS:
- execute_put_dhcp_opts(ovnact_get_PUT_DHCPV4_OPTS(a),
- "put_dhcp_opts", uflow, super);
- break;
-
- case OVNACT_PUT_DHCPV6_OPTS:
- execute_put_dhcp_opts(ovnact_get_PUT_DHCPV6_OPTS(a),
- "put_dhcpv6_opts", uflow, super);
- break;
-
- case OVNACT_PUT_ND_RA_OPTS:
- execute_put_nd_ra_opts(ovnact_get_PUT_DHCPV6_OPTS(a),
- "put_nd_ra_opts", uflow, super);
- break;
-
- case OVNACT_SET_QUEUE:
- /* The set_queue action is slippery from a logical perspective. It
- * has no visible effect as long as the packet remains on the same
- * chassis: it can bounce from one logical datapath to another
- * retaining the queue and even end up at a VM on the same chassis.
- * Without taking the physical arrangement into account, we can't
- * do anything with this action other than just to note that it
- * happened. If we ever add some physical knowledge to ovn-trace,
- * though, it would be easy enough to track the queue information
- * by adjusting uflow->skb_priority. */
- break;
-
- case OVNACT_DNS_LOOKUP:
- execute_dns_lookup(ovnact_get_DNS_LOOKUP(a), uflow, super);
- break;
-
- case OVNACT_LOG:
- execute_log(ovnact_get_LOG(a), uflow, super);
- break;
-
- case OVNACT_SET_METER:
- /* Nothing to do. */
- break;
-
- case OVNACT_ICMP4:
- execute_icmp4(ovnact_get_ICMP4(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_ICMP4_ERROR:
- execute_icmp4(ovnact_get_ICMP4_ERROR(a), dp, uflow, table_id,
- pipeline, super);
- break;
-
- case OVNACT_ICMP6:
- execute_icmp6(ovnact_get_ICMP6(a), dp, uflow, table_id, pipeline,
- super);
- break;
-
- case OVNACT_IGMP:
- /* Nothing to do for tracing. */
- break;
-
- case OVNACT_TCP_RESET:
- execute_tcp_reset(ovnact_get_TCP_RESET(a), dp, uflow, table_id,
- pipeline, super);
- break;
-
- case OVNACT_OVNFIELD_LOAD:
- execute_ovnfield_load(ovnact_get_OVNFIELD_LOAD(a), super);
- break;
-
- case OVNACT_TRIGGER_EVENT:
- break;
-
- case OVNACT_CHECK_PKT_LARGER:
- break;
- }
- }
- ds_destroy(&s);
-}
-
-static bool
-may_omit_stage(const struct ovntrace_flow *f, uint8_t table_id)
-{
- return (f
- && f->match->type == EXPR_T_BOOLEAN && f->match->boolean
- && f->ovnacts_len == OVNACT_NEXT_SIZE
- && f->ovnacts->type == OVNACT_NEXT
- && ovnact_get_NEXT(f->ovnacts)->ltable == table_id + 1);
-}
-
-static void
-trace_openflow(const struct ovntrace_flow *f, struct ovs_list *super)
-{
- struct ofputil_flow_stats_request fsr = {
- .cookie = htonll(f->uuid.parts[0]),
- .cookie_mask = OVS_BE64_MAX,
- .out_port = OFPP_ANY,
- .out_group = OFPG_ANY,
- .table_id = OFPTT_ALL,
- };
-
- struct ofputil_flow_stats *fses;
- size_t n_fses;
- int error = vconn_dump_flows(vconn, &fsr, OFPUTIL_P_OF13_OXM,
- &fses, &n_fses);
- if (error) {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** error obtaining flow stats (%s)",
- ovs_strerror(error));
- VLOG_WARN("%s: error obtaining flow stats (%s)",
- ovs, ovs_strerror(error));
- return;
- }
-
- if (n_fses) {
- struct ds s = DS_EMPTY_INITIALIZER;
- for (size_t i = 0; i < n_fses; i++) {
- ds_clear(&s);
- ofputil_flow_stats_format(&s, &fses[i], NULL, NULL, true);
- ovntrace_node_append(super, OVNTRACE_NODE_ACTION,
- "%s", ds_cstr(&s));
- }
- ds_destroy(&s);
- } else {
- ovntrace_node_append(super, OVNTRACE_NODE_ERROR,
- "*** no OpenFlow flows");
- }
-
- for (size_t i = 0; i < n_fses; i++) {
- free(CONST_CAST(struct ofpact *, fses[i].ofpacts));
- }
- free(fses);
-}
-
-static void
-trace__(const struct ovntrace_datapath *dp, struct flow *uflow,
- uint8_t table_id, enum ovnact_pipeline pipeline,
- struct ovs_list *super)
-{
- const struct ovntrace_flow *f;
- for (;;) {
- f = ovntrace_flow_lookup(dp, uflow, table_id, pipeline);
- if (!may_omit_stage(f, table_id)) {
- break;
- }
- table_id++;
- }
-
- struct ds s = DS_EMPTY_INITIALIZER;
- ds_put_format(&s, "%2d. ", table_id);
- if (f) {
- if (f->stage_name && f->source) {
- ds_put_format(&s, "%s (%s): ", f->stage_name, f->source);
- } else if (f->stage_name) {
- ds_put_format(&s, "%s: ", f->stage_name);
- } else if (f->source) {
- ds_put_format(&s, "(%s): ", f->source);
- }
- ds_put_format(&s, "%s, priority %d, uuid %08x",
- f->match_s, f->priority, f->uuid.parts[0]);
- } else {
- char *stage_name = ovntrace_stage_name(dp, table_id, pipeline);
- ds_put_format(&s, "%s%sno match (implicit drop)",
- stage_name ? stage_name : "",
- stage_name ? ": " : "");
- free(stage_name);
- }
- struct ovntrace_node *node = ovntrace_node_append(
- super, OVNTRACE_NODE_TABLE, "%s", ds_cstr(&s));
- ds_destroy(&s);
-
- if (f) {
- if (vconn) {
- trace_openflow(f, &node->subs);
- }
- trace_actions(f->ovnacts, f->ovnacts_len, dp, uflow, table_id,
- pipeline, &node->subs);
- }
-}
-
-static char *
-trace(const char *dp_s, const char *flow_s)
-{
- const struct ovntrace_datapath *dp = ovntrace_datapath_find_by_name(dp_s);
- if (!dp) {
- return xasprintf("unknown datapath \"%s\"\n", dp_s);
- }
-
- struct flow uflow;
- char *error = expr_parse_microflow(flow_s, &symtab, &address_sets,
- &port_groups, ovntrace_lookup_port,
- dp, &uflow);
- if (error) {
- char *s = xasprintf("error parsing flow: %s\n", error);
- free(error);
- return s;
- }
-
- uint32_t in_key = uflow.regs[MFF_LOG_INPORT - MFF_REG0];
- if (!in_key) {
- VLOG_WARN("microflow does not specify ingress port");
- }
- const struct ovntrace_port *inport = ovntrace_port_find_by_key(dp, in_key);
- const char *inport_name = inport ? inport->friendly_name : "(unnamed)";
-
- struct ds output = DS_EMPTY_INITIALIZER;
-
- ds_put_cstr(&output, "# ");
- flow_format(&output, &uflow, NULL);
- ds_put_char(&output, '\n');
-
- if (ovs) {
- int retval = vconn_open_block(ovs, 1 << OFP13_VERSION, 0, -1, &vconn);
- if (retval) {
- VLOG_WARN("%s: connection failed (%s)", ovs, ovs_strerror(retval));
- }
- }
-
- struct ovs_list root = OVS_LIST_INITIALIZER(&root);
- struct ovntrace_node *node = ovntrace_node_append(
- &root, OVNTRACE_NODE_PIPELINE, "ingress(dp=\"%s\", inport=\"%s\")",
- dp->friendly_name, inport_name);
- trace__(dp, &uflow, 0, OVNACT_P_INGRESS, &node->subs);
-
- bool multiple = (detailed + summary + minimal) > 1;
- if (detailed) {
- if (multiple) {
- ds_put_cstr(&output, "# Detailed trace.\n");
- }
- ovntrace_node_print_details(&output, &root, 0);
- }
-
- if (summary) {
- if (multiple) {
- ds_put_cstr(&output, "# Summary trace.\n");
- }
- struct ovs_list clone = OVS_LIST_INITIALIZER(&clone);
- ovntrace_node_clone(&root, &clone);
- ovntrace_node_prune_summary(&clone);
- ovntrace_node_print_summary(&output, &clone, 0);
- ovntrace_node_list_destroy(&clone);
- }
-
- if (minimal) {
- if (multiple) {
- ds_put_cstr(&output, "# Minimal trace.\n");
- }
- ovntrace_node_prune_hard(&root);
- ovntrace_node_print_summary(&output, &root, 0);
- }
-
- ovntrace_node_list_destroy(&root);
-
- vconn_close(vconn);
-
- return ds_steal_cstr(&output);
-}
-
-static void
-ovntrace_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
- const char *argv[] OVS_UNUSED, void *exiting_)
-{
- bool *exiting = exiting_;
- *exiting = true;
- unixctl_command_reply(conn, NULL);
-}
-
-static void
-ovntrace_trace(struct unixctl_conn *conn, int argc,
- const char *argv[], void *aux OVS_UNUSED)
-{
- detailed = summary = minimal = false;
- while (argc > 1 && argv[1][0] == '-') {
- if (!strcmp(argv[1], "--detailed")) {
- detailed = true;
- } else if (!strcmp(argv[1], "--summary")) {
- summary = true;
- } else if (!strcmp(argv[1], "--minimal")) {
- minimal = true;
- } else if (!strcmp(argv[1], "--all")) {
- detailed = summary = minimal = true;
- } else {
- unixctl_command_reply_error(conn, "unknown option");
- return;
- }
- argc--;
- argv++;
- }
- if (!detailed && !summary && !minimal) {
- detailed = true;
- }
-
- if (argc != 3) {
- unixctl_command_reply_error(
- conn, "exactly 2 non-option arguments are required");
- return;
- }
-
- char *output = trace(argv[1], argv[2]);
- unixctl_command_reply(conn, output);
- free(output);
-}
diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
deleted file mode 100755
index cd47426689e..00000000000
--- a/ovn/utilities/ovndb-servers.ocf
+++ /dev/null
@@ -1,642 +0,0 @@
-#!/bin/bash
-
-: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
-. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
-: ${OVN_CTL_DEFAULT="/usr/share/openvswitch/scripts/ovn-ctl"}
-: ${NB_MASTER_PORT_DEFAULT="6641"}
-: ${NB_MASTER_PROTO_DEFAULT="tcp"}
-: ${SB_MASTER_PORT_DEFAULT="6642"}
-: ${SB_MASTER_PROTO_DEFAULT="tcp"}
-: ${MANAGE_NORTHD_DEFAULT="no"}
-: ${INACTIVE_PROBE_DEFAULT="5000"}
-: ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}
-: ${NB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnnb-privkey.pem"}
-: ${NB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnnb-cert.pem"}
-: ${NB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
-: ${SB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnsb-privkey.pem"}
-: ${SB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnsb-cert.pem"}
-: ${SB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
-
-CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
-CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name OVN_REPL_INFO -s ovn_ovsdb_master_server"
-OVN_CTL=${OCF_RESKEY_ovn_ctl:-${OVN_CTL_DEFAULT}}
-MASTER_IP=${OCF_RESKEY_master_ip}
-NB_MASTER_PORT=${OCF_RESKEY_nb_master_port:-${NB_MASTER_PORT_DEFAULT}}
-NB_MASTER_PROTO=${OCF_RESKEY_nb_master_protocol:-${NB_MASTER_PROTO_DEFAULT}}
-SB_MASTER_PORT=${OCF_RESKEY_sb_master_port:-${SB_MASTER_PORT_DEFAULT}}
-SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
-MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
-INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}
-NB_PRIVKEY=${OCF_RESKEY_ovn_nb_db_privkey:-${NB_SSL_KEY_DEFAULT}}
-NB_CERT=${OCF_RESKEY_ovn_nb_db_cert:-${NB_SSL_CERT_DEFAULT}}
-NB_CACERT=${OCF_RESKEY_ovn_nb_db_cacert:-${NB_SSL_CACERT_DEFAULT}}
-SB_PRIVKEY=${OCF_RESKEY_ovn_sb_db_privkey:-${SB_SSL_KEY_DEFAULT}}
-SB_CERT=${OCF_RESKEY_ovn_sb_db_cert:-${SB_SSL_CERT_DEFAULT}}
-SB_CACERT=${OCF_RESKEY_ovn_sb_db_cacert:-${SB_SSL_CACERT_DEFAULT}}
-
-
-# In order for pacemaker to work with LB, we can set LISTEN_ON_MASTER_IP_ONLY
-# to false and pass LB vip IP while creating pcs resource.
-LISTEN_ON_MASTER_IP_ONLY=${OCF_RESKEY_listen_on_master_ip_only:-${LISTEN_ON_MASTER_IP_ONLY_DEFAULT}}
-
-# Invalid IP address is an address that can never exist in the network, as
-# mentioned in rfc-5737. The ovsdb servers connects to this IP address till
-# a master is promoted and the IPAddr2 resource is started.
-INVALID_IP_ADDRESS=192.0.2.254
-
-host_name=$(ocf_attribute_target)
-if [ "x$host_name" = "x" ]; then
- # function ocf_attribute_target may not be available if the pacemaker
- # version is old. Fall back to ocf_local_nodename.
- host_name=$(ocf_local_nodename)
-fi
-: ${slave_score=5}
-: ${master_score=10}
-
-ovsdb_server_metadata() {
- cat <
-
-
- 1.0
-
-
- This resource manages ovsdb-server.
-
-
-
- Manages ovsdb-server.
-
-
-
-
-
-
- Location to the ovn-ctl script file
-
- ovn-ctl script
-
-
-
-
-
- The IP address resource which will be available on the master ovsdb server
-
- master ip address
-
-
-
-
-
- The port which the master Northbound database server is listening
-
- master Northbound database port
-
-
-
-
-
- The protocol which the master Northbound database server used, 'tcp' or 'ssl'.
-
- master Northbound database protocol
-
-
-
-
-
- The port which the master Southbound database server is listening
-
- master Southbound database port
-
-
-
-
-
- The protocol which the master Southbound database server used, 'tcp' or 'ssl'.
-
- master Southbound database protocol
-
-
-
-
-
- If set to yes, manages ovn-northd service. ovn-northd will be started in
- the master node.
-
- manage ovn-northd service
-
-
-
-
-
- Inactive probe interval to set for ovsdb-server.
-
- Set inactive probe interval
-
-
-
-
-
- If set to yes, the OVNDBs will listen on master IP. Otherwise, it will
- listen on 0.0.0.0. Set to yes when using pacemaker managed vip resource
- as MASTER_IP; set to no when using external LB VIP.
-
- Listen on master IP or 0.0.0.0
-
-
-
-
-
- OVN NB DB private key absolute path for ssl setup.
-
- OVN NB DB private key file
-
-
-
-
-
- OVN NB DB certificate absolute path for ssl setup.
-
- OVN NB DB cert file
-
-
-
-
-
- OVN NB DB CA certificate absolute path for ssl setup.
-
- OVN NB DB cacert file
-
-
-
-
-
- OVN SB DB private key absolute path for ssl setup.
-
- OVN SB DB private key file
-
-
-
-
-
- OVN SB DB certificate absolute path for ssl setup.
-
- OVN SB DB cert file
-
-
-
-
-
- OVN SB DB CA certificate absolute path for ssl setup.
-
- OVN SB DB cacert file
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-END
- exit $OCF_SUCCESS
-}
-
-ovsdb_server_notify() {
- # requires the notify=true meta resource attribute
- local type_op="${OCF_RESKEY_CRM_meta_notify_type}-${OCF_RESKEY_CRM_meta_notify_operation}"
-
- if [ "$type_op" != "post-promote" ]; then
- # We are only interested in specific events
- return $OCF_SUCCESS
- fi
-
- ocf_log debug "ovndb_server: notified of event $type_op"
- if [ "x$(ovsdb_server_last_known_master)" = "x${host_name}" ]; then
- # Record ourselves so that the agent has a better chance of doing
- # the right thing at startup
- ocf_log debug "ovndb_server: $host_name is the master"
- ${CRM_ATTR_REPL_INFO} -v "$host_name"
- if [ "$MANAGE_NORTHD" = "yes" ]; then
- # Startup ovn-northd service
- ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
- fi
-
- # In order to over-ride inactivity_probe for LB use case, we need to
- # create connection entry to listen on 0.0.0.0 for master node.
- if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
- LISTON_ON_IP="0.0.0.0"
- else
- LISTON_ON_IP=${MASTER_IP}
- fi
- conn=`ovn-nbctl get NB_global . connections`
- if [ "$conn" == "[]" ]
- then
- ovn-nbctl -- --id=@conn_uuid create Connection \
-target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${LISTON_ON_IP}" \
-inactivity_probe=$INACTIVE_PROBE -- set NB_Global . connections=@conn_uuid
- fi
-
- conn=`ovn-sbctl get SB_global . connections`
- if [ "$conn" == "[]" ]
- then
- ovn-sbctl -- --id=@conn_uuid create Connection \
-target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${LISTON_ON_IP}" \
-inactivity_probe=$INACTIVE_PROBE -- set SB_Global . connections=@conn_uuid
- fi
-
- else
- if [ "$MANAGE_NORTHD" = "yes" ]; then
- # Stop ovn-northd service. Set --ovn-manage-ovsdb=no so that
- # ovn-ctl doesn't stop ovsdb-servers.
- ${OVN_CTL} --ovn-manage-ovsdb=no stop_northd
- fi
- # Synchronize with the new master
- ocf_log debug "ovndb_server: Connecting to the new master ${OCF_RESKEY_CRM_meta_notify_promote_uname}"
- ${OVN_CTL} demote_ovnnb --db-nb-sync-from-addr=${MASTER_IP} \
- --db-nb-sync-from-port=${NB_MASTER_PORT} \
- --db-nb-sync-from-proto=${NB_MASTER_PROTO}
- ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${MASTER_IP} \
- --db-sb-sync-from-port=${SB_MASTER_PORT} \
- --db-sb-sync-from-proto=${SB_MASTER_PROTO}
- fi
-}
-
-ovsdb_server_usage() {
- cat < Stop -> Start -> Promote
- # At the point this is run, the only active masters will be
- # previous masters minus any that were scheduled to be demoted
-
- for master in ${OCF_RESKEY_CRM_meta_notify_master_uname}; do
- found=0
- for old in ${OCF_RESKEY_CRM_meta_notify_demote_uname}; do
- if [ $master = $old ]; then
- found=1
- fi
- done
- if [ $found = 0 ]; then
- # Rely on master-max=1
- # Pacemaker will demote any additional ones it finds before starting new copies
- echo "$master"
- return
- fi
- done
-
- local expected_master=$($CRM_ATTR_REPL_INFO --query -q 2>/dev/null)
- case "x${OCF_RESKEY_CRM_meta_notify_start_uname}x" in
- *${expected_master}*) echo "${expected_master}";; # The previous master is expected to start
- esac
-}
-
-ovsdb_server_last_known_master()
-{
- if [ -z "$MASTER_HOST" ]; then
- MASTER_HOST="$(${CRM_ATTR_REPL_INFO} --query -q 2>/dev/null)"
- fi
- echo "$MASTER_HOST"
-}
-
-ovsdb_server_master_update() {
- case $1 in
- $OCF_SUCCESS)
- $CRM_MASTER -N $host_name -v ${slave_score};;
- $OCF_RUNNING_MASTER)
- $CRM_MASTER -N $host_name -v ${master_score};;
- #*) $CRM_MASTER -D;;
- esac
-}
-
-ovsdb_server_monitor() {
- ovsdb_server_check_status $@
- rc=$?
-
- ovsdb_server_master_update $rc
- return $rc
-}
-
-ovsdb_server_check_status() {
- local sb_status=`${OVN_CTL} status_ovnsb`
- local nb_status=`${OVN_CTL} status_ovnnb`
-
- if [[ $sb_status == "running/backup" && $nb_status == "running/backup" ]]; then
- return $OCF_SUCCESS
- fi
-
- check_northd="no"
- if [ "$MANAGE_NORTHD" == "yes" ] && [ "$1" != "ignore_northd" ]; then
- check_northd="yes"
- fi
-
- if [[ $sb_status == "running/active" && $nb_status == "running/active" ]]; then
- if [ "$check_northd" == "yes" ]; then
- # Verify if ovn-northd is running or not.
- ${OVN_CTL} status_northd
- if [ "$?" == "0" ] ; then
- return $OCF_RUNNING_MASTER
- fi
- else
- return $OCF_RUNNING_MASTER
- fi
- fi
-
- # TODO: What about service running but not in either state above?
- # Eg. a transient state where one db is "active" and the other
- # "backup"
-
- return $OCF_NOT_RUNNING
-}
-
-ovsdb_server_start() {
- ovsdb_server_check_status
- local status=$?
- # If not in stopped state, return
- if [ $status -ne $OCF_NOT_RUNNING ]; then
- return $status
- fi
-
- local present_master=$(ovsdb_server_find_active_master)
-
- set ${OVN_CTL}
-
- if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
- set $@ --db-nb-port=${NB_MASTER_PORT}
- set $@ --db-sb-port=${SB_MASTER_PORT}
-
- else
- set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
- set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
- fi
-
- if [ "x${NB_MASTER_PROTO}" = xssl ]; then
- set $@ --ovn-nb-db-ssl-key=${NB_PRIVKEY}
- set $@ --ovn-nb-db-ssl-cert=${NB_CERT}
- set $@ --ovn-nb-db-ssl-ca-cert=${NB_CACERT}
- fi
- if [ "x${SB_MASTER_PROTO}" = xssl ]; then
- set $@ --ovn-sb-db-ssl-key=${SB_PRIVKEY}
- set $@ --ovn-sb-db-ssl-cert=${SB_CERT}
- set $@ --ovn-sb-db-ssl-ca-cert=${SB_CACERT}
- fi
- if [ "x${present_master}" = x ]; then
- # No master detected, or the previous master is not among the
- # set starting.
- #
- # Force all copies to come up as slaves by pointing them into
- # space and let pacemaker pick one to promote:
- #
- if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
- set $@ --db-nb-create-insecure-remote=yes
- fi
-
- if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
- set $@ --db-sb-create-insecure-remote=yes
- fi
- set $@ --db-nb-sync-from-addr=${INVALID_IP_ADDRESS} --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
-
- elif [ ${present_master} != ${host_name} ]; then
- if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xyes ]; then
- if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
- set $@ --db-nb-create-insecure-remote=yes
- fi
-
- if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
- set $@ --db-sb-create-insecure-remote=yes
- fi
- fi
- # An existing master is active, connect to it
- set $@ --db-nb-sync-from-addr=${MASTER_IP} --db-sb-sync-from-addr=${MASTER_IP}
- set $@ --db-nb-sync-from-port=${NB_MASTER_PORT}
- set $@ --db-nb-sync-from-proto=${NB_MASTER_PROTO}
- set $@ --db-sb-sync-from-port=${SB_MASTER_PORT}
- set $@ --db-sb-sync-from-proto=${SB_MASTER_PROTO}
- if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
- set $@ --db-sb-use-remote-in-db="no"
- set $@ --db-nb-use-remote-in-db="no"
- fi
- fi
-
- $@ start_ovsdb
-
- while [ 1 = 1 ]; do
- # It is important that we don't return until we're in a functional
- # state. When checking the status of the ovsdb-server's ignore northd.
- # It is possible that when the resource is restarted ovsdb-server's
- # can be started as masters and ovn-northd would not have been started.
- # ovn-northd will be started once a node is promoted to master and
- # 'manage_northd' is set to yes.
- ovsdb_server_monitor ignore_northd
- rc=$?
- case $rc in
- $OCF_SUCCESS) return $rc;;
- $OCF_RUNNING_MASTER)
- # When a slave node is promoted as master, the action would be
- # STOP -> START -> PROMOTE.
- # When the start action is called, it is possible for the
- # ovsdb-server's to be started as active. This could happen
- # if the node owns the $MASTER_IP. At this point, pacemaker
- # has not promoted this node yet. Demote it and check for
- # status again.
- # Let pacemaker promote it in subsequent actions.
- # As per the OCF guidelines, only monitor action should return
- # OCF_RUNNING_MASTER.
- # http://www.linux-ha.org/doc/dev-guides/_literal_ocf_running_master_literal_8.html
- ${OVN_CTL} demote_ovnnb \
- --db-nb-sync-from-addr=${INVALID_IP_ADDRESS}
- ${OVN_CTL} demote_ovnsb \
- --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
- ;;
- $OCF_ERR_GENERIC) return $rc;;
- # Otherwise loop, waiting for the service to start, until
- # the cluster times the operation out
- esac
- ocf_log warn "ovndb_servers: After starting ovsdb, status is $rc. Checking the status again"
- done
-}
-
-ovsdb_server_stop() {
- if [ "$MANAGE_NORTHD" = "yes" ]; then
- # Stop ovn-northd service in case it was running. This is required
- # when the master is demoted. For other cases, it would be a no-op.
- # Set --ovn-manage-ovsdb=no so that ovn-ctl doesn't stop ovsdb-servers.
- ${OVN_CTL} --ovn-manage-ovsdb=no stop_northd
- fi
-
- ovsdb_server_check_status ignore_northd
- case $? in
- $OCF_NOT_RUNNING)
- # Even if one server is down, check_status returns NOT_RUNNING.
- # So before returning call stop_ovsdb to be sure.
- ${OVN_CTL} stop_ovsdb
- return ${OCF_SUCCESS};;
- esac
-
- ${OVN_CTL} stop_ovsdb
- ovsdb_server_master_update ${OCF_NOT_RUNNING}
-
- while [ 1 = 1 ]; do
- # It is important that we don't return until we're stopped
- ovsdb_server_check_status ignore_northd
- rc=$?
- case $rc in
- $OCF_SUCCESS)
- # Loop, waiting for the service to stop, until the
- # cluster times the operation out
- ocf_log warn "ovndb_servers: Even after stopping, the servers seems to be running"
- ;;
- $OCF_NOT_RUNNING)
- return $OCF_SUCCESS
- ;;
- *)
- return $rc
- ;;
- esac
- done
-
- return $OCF_ERR_GENERIC
-}
-
-ovsdb_server_promote() {
- local state
-
- ovsdb_server_check_status ignore_northd
- rc=$?
- case $rc in
- ${OCF_SUCCESS}) ;;
- ${OCF_RUNNING_MASTER}) ;;
- *)
- ovsdb_server_master_update $OCF_RUNNING_MASTER
- return ${rc}
- ;;
- esac
-
- # Restart ovs so that new master can listen on tcp port
- if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
- ${OVN_CTL} stop_ovsdb
- ovsdb_server_start
- fi
- ${OVN_CTL} promote_ovnnb
- ${OVN_CTL} promote_ovnsb
-
- if [ "$MANAGE_NORTHD" = "yes" ]; then
- # Startup ovn-northd service
- ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
- fi
-
- ocf_log debug "ovndb_servers: Waiting for promotion $host_name as master to complete"
- ovsdb_server_check_status
- state=$?
- while [ "$state" != "$OCF_RUNNING_MASTER" ]; do
- sleep 1
- ovsdb_server_check_status
- state=$?
- done
- ocf_log debug "ovndb_servers: Promotion of $host_name as the master completed"
- # Record ourselves so that the agent has a better chance of doing
- # the right thing at startup
- ${CRM_ATTR_REPL_INFO} -v "$host_name"
- ovsdb_server_master_update $OCF_RUNNING_MASTER
- return $OCF_SUCCESS
-}
-
-ovsdb_server_demote() {
- # While demoting, check the status of ovn_northd.
- # In case ovn_northd is not running, we should return OCF_NOT_RUNNING.
- ovsdb_server_check_status
- if [ $? = $OCF_NOT_RUNNING ]; then
- return $OCF_NOT_RUNNING
- fi
-
- local present_master=$(ovsdb_server_find_active_master)
- local recorded_master=$($CRM_ATTR_REPL_INFO --query -q 2>/dev/null)
-
- ocf_log debug "ovndb_servers: Demoting $host_name, present master ${present_master}, recorded master ${recorded_master}"
- if [ "x${recorded_master}" = "x${host_name}" -a "x${present_master}" = x ]; then
- # We are the one and only master
- # This should be the "normal" case
- # The only way to be demoted is to call demote_ovn*
- #
- # The local database is only reset once we successfully
- # connect to the peer. So specify one that doesn't exist.
- #
- # Eventually a new master will be promoted and we'll resync
- # using the logic in ovsdb_server_notify()
- ${OVN_CTL} demote_ovnnb --db-nb-sync-from-addr=${INVALID_IP_ADDRESS}
- ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
-
- elif [ "x${present_master}" = "x${host_name}" ]; then
- # Safety check, should never be called
- #
- # Never allow sync'ing from ourselves, its a great way to
- # erase the local DB
- ${OVN_CTL} demote_ovnnb --db-nb-sync-from-addr=${INVALID_IP_ADDRESS}
- ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
-
- elif [ "x${present_master}" != x ]; then
- # There are too many masters and we're an extra one that is
- # being demoted. Sync to the surviving one
- ${OVN_CTL} demote_ovnnb --db-nb-sync-from-addr=${MASTER_IP} \
- --db-nb-sync-from-port=${NB_MASTER_PORT} \
- --db-nb-sync-from-proto=${NB_MASTER_PROTO}
- ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${MASTER_IP} \
- --db-sb-sync-from-port=${SB_MASTER_PORT} \
- --db-sb-sync-from-proto=${SB_MASTER_PROTO}
-
- else
- # For completeness, should never be called
- #
- # Something unexpected happened, perhaps CRM_ATTR_REPL_INFO is incorrect
- ${OVN_CTL} demote_ovnnb --db-nb-sync-from-addr=${INVALID_IP_ADDRESS}
- ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
- fi
-
- if [ "$MANAGE_NORTHD" = "yes" ]; then
- # Stop ovn-northd service
- ${OVN_CTL} --ovn-manage-ovsdb=no stop_northd
- fi
- ovsdb_server_master_update $OCF_SUCCESS
- return $OCF_SUCCESS
-}
-
-ovsdb_server_validate() {
- if [ ! -e ${OVN_CTL} ]; then
- return $OCF_ERR_INSTALLED
- fi
- return $OCF_SUCCESS
-}
-
-
-case $__OCF_ACTION in
-start) ovsdb_server_start;;
-stop) ovsdb_server_stop;;
-promote) ovsdb_server_promote;;
-demote) ovsdb_server_demote;;
-notify) ovsdb_server_notify;;
-meta-data) ovsdb_server_metadata;;
-validate-all) ovsdb_server_validate;;
-status|monitor) ovsdb_server_monitor;;
-usage|help) ovsdb_server_usage $OCF_SUCCESS;;
-*) ovsdb_server_usage $OCF_ERR_UNIMPLEMENTED ;;
-esac
-
-rc=$?
-exit $rc
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c47e..6fdb4b5a5b3 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -91,18 +91,17 @@ both its schema and data.)
.
.IP "\fBcreate\-cluster\fI db contents local"
Use this command to initialize the first server in a high-availability
-cluster of 3 (or more) database servers, e.g. for an OVN northbound or
-southbound database in an environment that cannot tolerate a single
-point of failure. It creates clustered database file \fIdb\fR and
-configures the server to listen on \fIlocal\fR, which must take the
-form \fIprotocol\fB:\fIip\fB:\fIport\fR, where \fIprotocol\fR is
-\fBtcp\fR or \fBssl\fR, \fIip\fR is the server's IP (either an IPv4
-address or an IPv6 address enclosed in square brackets), and
-\fIport\fR is a TCP port number. Only one address is specified, for
-the first server in the cluster, ordinarily the one for the server
-running \fBcreate\-cluster\fR. The address is used for communication
-within the cluster, not for communicating with OVSDB clients, and must
-not use the same port used for the OVSDB protocol.
+cluster of 3 (or more) database servers, e.g. for a database in an
+environment that cannot tolerate a single point of failure. It creates
+clustered database file \fIdb\fR and configures the server to listen on
+\fIlocal\fR, which must take the form \fIprotocol\fB:\fIip\fB:\fIport\fR,
+where \fIprotocol\fR is \fBtcp\fR or \fBssl\fR, \fIip\fR is the server's
+IP (either an IPv4 address or an IPv6 address enclosed in square
+brackets), and \fIport\fR is a TCP port number. Only one address is
+specified, for the first server in the cluster, ordinarily the one for
+the server running \fBcreate\-cluster\fR. The address is used for
+communication within the cluster, not for communicating with OVSDB
+clients, and must not use the same port used for the OVSDB protocol.
.IP
The new database is initialized with \fIcontents\fR, which must name a
file that contains either an OVSDB schema in JSON format or a
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 1c5bf153cc7..c75406e0599 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -23,8 +23,6 @@ EXTRA_DIST += \
rhel/openvswitch.spec.in \
rhel/openvswitch-fedora.spec \
rhel/openvswitch-fedora.spec.in \
- rhel/ovn-fedora.spec \
- rhel/ovn-fedora.spec.in \
rhel/usr_share_openvswitch_scripts_ovs-systemd-reload \
rhel/usr_share_openvswitch_scripts_sysconfig.template \
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \
@@ -34,12 +32,7 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovsdb-server.service \
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service \
- rhel/usr_lib_systemd_system_ovn-controller.service \
- rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
- rhel/usr_lib_systemd_system_ovn-northd.service \
- rhel/usr_lib_systemd_system_openvswitch-ipsec.service \
- rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_systemd_system_openvswitch-ipsec.service
DISTCLEANFILES += rhel/usr_lib_systemd_system_ovs-vswitchd.service
@@ -74,13 +67,6 @@ rpm-fedora: dist $(srcdir)/rhel/openvswitch-fedora.spec
-D "_topdir ${RPMBUILD_TOP}" \
-ba $(srcdir)/rhel/openvswitch-fedora.spec
-rpm-fedora-ovn: dist $(srcdir)/rhel/ovn-fedora.spec
- ${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
- cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
- rpmbuild ${RPMBUILD_OPT} \
- -D "_topdir ${RPMBUILD_TOP}" \
- -ba $(srcdir)/rhel/ovn-fedora.spec
-
# Build kernel datapath RPM
rpm-fedora-kmod: dist $(srcdir)/rhel/openvswitch-kmod-fedora.spec
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
deleted file mode 100644
index 2ecc629f2b7..00000000000
--- a/rhel/ovn-fedora.spec.in
+++ /dev/null
@@ -1,432 +0,0 @@
-# Spec file for Open Virtual Network (OVN).
-
-# Copyright (C) 2018 Red Hat, Inc.
-#
-# Copying and distribution of this file, with or without modification,
-# are permitted in any medium without royalty provided the copyright
-# notice and this notice are preserved. This file is offered as-is,
-# without warranty of any kind.
-#
-# If tests have to be skipped while building, specify the '--without check'
-# option. For example:
-# rpmbuild -bb --without check rhel/ovn-fedora.spec
-#
-
-# If libcap-ng isn't available and there is no need for running OVS
-# as regular user, specify the '--without libcapng'
-%bcond_without libcapng
-
-# Enable Python 3 by specifying '--with build_python3'.
-# This is enabled by default for versions of the distribution that
-# have Python 3 by default (Fedora > 22).
-%bcond_with build_python3
-
-# Enable PIE, bz#955181
-%global _hardened_build 1
-
-# some distros (e.g: RHEL-7) don't define _rundir macro yet
-# Fedora 15 onwards uses /run as _rundir
-%if 0%{!?_rundir:1}
-%define _rundir /run
-%endif
-
-# define the python package prefix based on distribution version so that we can
-# simultaneously support RHEL-based and later Fedora versions in this spec file.
-%if 0%{?fedora} >= 25
-%define _py2 python2
-%endif
-
-%if 0%{?rhel} || 0%{?fedora} < 25
-%define _py2 python
-%endif
-
-Name: ovn
-Summary: Open Virtual Network support
-Group: System Environment/Daemons
-URL: http://www.openvswitch.org/
-Version: @VERSION@
-Obsoletes: openvswitch-ovn-common < %{?epoch:%{epoch}:}%{version}-%{release}
-Provides: openvswitch-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
-
-# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
-# lib/sflow*.[ch] files are SISSL
-License: ASL 2.0 and LGPLv2+ and SISSL
-Release: 1%{?dist}
-Source: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
-
-BuildRequires: gcc gcc-c++
-BuildRequires: autoconf automake libtool
-BuildRequires: systemd-units openssl openssl-devel
-BuildRequires: %{_py2}-devel
-%if 0%{?fedora} > 22 || %{with build_python3}
-BuildRequires: python3-devel
-%endif
-BuildRequires: desktop-file-utils
-BuildRequires: groff graphviz
-BuildRequires: checkpolicy, selinux-policy-devel
-BuildRequires: /usr/bin/sphinx-build
-# make check dependencies
-BuildRequires: %{_py2}-twisted%{?rhel:-core} %{_py2}-zope-interface %{_py2}-six
-BuildRequires: procps-ng
-%if %{with libcapng}
-BuildRequires: libcap-ng libcap-ng-devel
-%endif
-BuildRequires: unbound unbound-devel
-
-Requires: openssl hostname iproute module-init-tools openvswitch
-
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-
-# to skip running checks, pass --without check
-%bcond_without check
-
-%description
-OVN, the Open Virtual Network, is a system to support virtual network
-abstraction. OVN complements the existing capabilities of OVS to add
-native support for virtual network abstractions, such as virtual L2 and L3
-overlays and security groups.
-
-%package central
-Summary: Open Virtual Network support
-License: ASL 2.0
-Requires: ovn
-Requires: firewalld-filesystem
-Obsoletes: openvswitch-ovn-central
-Provides: openvswitch-ovn-central = %{?epoch:%{epoch}:}%{version}-%{release}
-
-%description central
-OVN DB servers and ovn-northd running on a central node.
-
-%package host
-Summary: Open Virtual Network support
-License: ASL 2.0
-Requires: ovn
-Requires: firewalld-filesystem
-Obsoletes: openvswitch-ovn-host
-Provides: openvswitch-ovn-host = %{?epoch:%{epoch}:}%{version}-%{release}
-
-%description host
-OVN controller running on each host.
-
-%package vtep
-Summary: Open Virtual Network support
-License: ASL 2.0
-Requires: ovn
-Obsoletes: openvswitch-ovn-vtep
-Provides: openvswitch-ovn-vtep = %{?epoch:%{epoch}:}%{version}-%{release}
-
-%description vtep
-OVN vtep controller
-
-%package docker
-Summary: Open Virtual Network support
-License: ASL 2.0
-Requires: ovn %{_py2}-openvswitch
-Obsoletes: openvswitch-ovn-docker
-Provides: openvswitch-ovn-docker = %{?epoch:%{epoch}:}%{version}-%{release}
-
-%description docker
-Docker network plugins for OVN.
-
-%prep
-%setup -n openvswitch-%{version}
-
-%build
-%configure \
-%if %{with libcapng}
- --enable-libcapng \
-%else
- --disable-libcapng \
-%endif
- --enable-ssl \
- --with-pkidir=%{_sharedstatedir}/openvswitch/pki \
-%if 0%{?fedora} > 22 || %{with build_python3}
- PYTHON3=%{__python3} \
- PYTHON=%{__python2}
-%else
- PYTHON=%{__python}
-%endif
-
-make %{?_smp_mflags}
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-
-for service in ovn-controller ovn-controller-vtep ovn-northd; do
- install -p -D -m 0644 \
- rhel/usr_lib_systemd_system_${service}.service \
- $RPM_BUILD_ROOT%{_unitdir}/${service}.service
-done
-
-rm -rf $RPM_BUILD_ROOT/%{_datadir}/openvswitch/python/
-
-install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
-
-install -d $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/
-install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml
-install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
- $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml
-
-install -d -m 0755 $RPM_BUILD_ROOT%{_prefix}/lib/ocf/resource.d/ovn
-ln -s %{_datadir}/openvswitch/scripts/ovndb-servers.ocf \
- $RPM_BUILD_ROOT%{_prefix}/lib/ocf/resource.d/ovn/ovndb-servers
-
-# remove OVS unpackages files
-rm -f $RPM_BUILD_ROOT%{_bindir}/ovs*
-rm -f $RPM_BUILD_ROOT%{_bindir}/vtep-ctl
-rm -f $RPM_BUILD_ROOT%{_sbindir}/ovs*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovs*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovs*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man5/vtep*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovs*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovs*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man8/vtep*
-rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/ovs*
-rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/vswitch.ovsschema
-rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/vtep.ovsschema
-rm -f $RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/ovs*
-rm -rf $RPM_BUILD_ROOT%{_datadir}/openvswitch/bugtool-plugins
-rm -f $RPM_BUILD_ROOT%{_includedir}/openvswitch/*
-rm -f $RPM_BUILD_ROOT%{_includedir}/openflow/*
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc
-rm -f $RPM_BUILD_ROOT%{_includedir}/openvswitch/*
-rm -f $RPM_BUILD_ROOT%{_includedir}/openflow/*
-rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash
-rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/openvswitch
-
-%check
-%if %{with check}
- touch resolv.conf
- export OVS_RESOLV_CONF=$(pwd)/resolv.conf
- if make check TESTSUITEFLAGS='%{_smp_mflags}' RECHECK=yes; then :;
- else
- cat tests/testsuite.log
- exit 1
- fi
-%endif
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%pre central
-if [ $1 -eq 1 ] ; then
- # Package install.
- /bin/systemctl status ovn-northd.service >/dev/null
- ovn_status=$?
- rpm -ql openvswitch-ovn-central > /dev/null
- if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
- # ovn-northd service is running which means old openvswitch-ovn-central
- # is already installed and it will be cleaned up. So start ovn-northd
- # service when posttrans central is called.
- touch %{_localstatedir}/lib/rpm-state/ovn-northd
- fi
-fi
-
-%pre host
-if [ $1 -eq 1 ] ; then
- # Package install.
- /bin/systemctl status ovn-controller.service >/dev/null
- ovn_status=$?
- rpm -ql openvswitch-ovn-host > /dev/null
- if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
- # ovn-controller service is running which means old
- # openvswitch-ovn-host is installed and it will be cleaned up. So
- # start ovn-controller service when posttrans host is called.
- touch %{_localstatedir}/lib/rpm-state/ovn-controller
- fi
-fi
-
-%pre vtep
-if [ $1 -eq 1 ] ; then
- # Package install.
- /bin/systemctl status ovn-controller-vtep.service >/dev/null
- ovn_status=$?
- rpm -ql openvswitch-ovn-vtep > /dev/null
- if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
- # ovn-controller-vtep service is running which means old
- # openvswitch-ovn-vtep is installed and it will be cleaned up. So
- # start ovn-controller-vtep service when posttrans host is called.
- touch %{_localstatedir}/lib/rpm-state/ovn-controller-vtep
- fi
-fi
-
-%preun central
-%if 0%{?systemd_preun:1}
- %systemd_preun ovn-northd.service
-%else
- if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable ovn-northd.service >/dev/null 2>&1 || :
- /bin/systemctl stop ovn-northd.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%preun host
-%if 0%{?systemd_preun:1}
- %systemd_preun ovn-controller.service
-%else
- if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable ovn-controller.service >/dev/null 2>&1 || :
- /bin/systemctl stop ovn-controller.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%preun vtep
-%if 0%{?systemd_preun:1}
- %systemd_preun ovn-controller-vtep.service
-%else
- if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable ovn-controller-vtep.service >/dev/null 2>&1 || :
- /bin/systemctl stop ovn-controller-vtep.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%post central
-%if 0%{?systemd_post:1}
- %systemd_post ovn-northd.service
-%else
- # Package install, not upgrade
- if [ $1 -eq 1 ]; then
- /bin/systemctl daemon-reload >dev/null || :
- fi
-%endif
-
-%post host
-%if 0%{?systemd_post:1}
- %systemd_post ovn-controller.service
-%else
- # Package install, not upgrade
- if [ $1 -eq 1 ]; then
- /bin/systemctl daemon-reload >dev/null || :
- fi
-%endif
-
-%post vtep
-%if 0%{?systemd_post:1}
- %systemd_post ovn-controller-vtep.service
-%else
- # Package install, not upgrade
- if [ $1 -eq 1 ]; then
- /bin/systemctl daemon-reload >dev/null || :
- fi
-%endif
-
-%postun
-
-%postun central
-%if 0%{?systemd_postun_with_restart:1}
- %systemd_postun_with_restart ovn-northd.service
-%else
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- if [ "$1" -ge "1" ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart ovn-northd.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%postun host
-%if 0%{?systemd_postun_with_restart:1}
- %systemd_postun_with_restart ovn-controller.service
-%else
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- if [ "$1" -ge "1" ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart ovn-controller.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%postun vtep
-%if 0%{?systemd_postun_with_restart:1}
- %systemd_postun_with_restart ovn-controller-vtep.service
-%else
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- if [ "$1" -ge "1" ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart ovn-controller-vtep.service >/dev/null 2>&1 || :
- fi
-%endif
-
-%posttrans central
-if [ $1 -eq 1 ]; then
- # Package install, not upgrade
- if [ -e %{_localstatedir}/lib/rpm-state/ovn-northd ]; then
- rm %{_localstatedir}/lib/rpm-state/ovn-northd
- /bin/systemctl start ovn-northd.service >/dev/null 2>&1 || :
- fi
-fi
-
-
-%posttrans host
-if [ $1 -eq 1 ]; then
- # Package install, not upgrade
- if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller ]; then
- rm %{_localstatedir}/lib/rpm-state/ovn-controller
- /bin/systemctl start ovn-controller.service >/dev/null 2>&1 || :
- fi
-fi
-
-%posttrans vtep
-if [ $1 -eq 1 ]; then
- # Package install, not upgrade
- if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller-vtep ]; then
- rm %{_localstatedir}/lib/rpm-state/ovn-controller-vtep
- /bin/systemctl start ovn-controller-vtep.service >/dev/null 2>&1 || :
- fi
-fi
-
-%files
-%{_bindir}/ovn-nbctl
-%{_bindir}/ovn-sbctl
-%{_bindir}/ovn-trace
-%{_bindir}/ovn-detrace
-%{_datadir}/openvswitch/scripts/ovn-ctl
-%{_datadir}/openvswitch/scripts/ovndb-servers.ocf
-%{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show
-%{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list
-%{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-show
-%{_mandir}/man8/ovn-ctl.8*
-%{_mandir}/man8/ovn-nbctl.8*
-%{_mandir}/man8/ovn-trace.8*
-%{_mandir}/man1/ovn-detrace.1*
-%{_mandir}/man7/ovn-architecture.7*
-%{_mandir}/man8/ovn-sbctl.8*
-%{_mandir}/man5/ovn-nb.5*
-%{_mandir}/man5/ovn-sb.5*
-%{_prefix}/lib/ocf/resource.d/ovn/ovndb-servers
-
-%files docker
-%{_bindir}/ovn-docker-overlay-driver
-%{_bindir}/ovn-docker-underlay-driver
-
-%files central
-%{_bindir}/ovn-northd
-%{_mandir}/man8/ovn-northd.8*
-%config %{_datadir}/openvswitch/ovn-nb.ovsschema
-%config %{_datadir}/openvswitch/ovn-sb.ovsschema
-%{_unitdir}/ovn-northd.service
-%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml
-
-%files host
-%{_bindir}/ovn-controller
-%{_mandir}/man8/ovn-controller.8*
-%{_unitdir}/ovn-controller.service
-%{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml
-
-%files vtep
-%{_bindir}/ovn-controller-vtep
-%{_mandir}/man8/ovn-controller-vtep.8*
-%{_unitdir}/ovn-controller-vtep.service
-
-%changelog
-* Thu Dec 20 2018 Numan Siddique
-- OVS/OVN split.
diff --git a/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml b/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
deleted file mode 100644
index a005f325c30..00000000000
--- a/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
- ovn-central-firewall-service
- Firewall service for ovn central
-
-
-
diff --git a/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml b/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
deleted file mode 100644
index f606890c380..00000000000
--- a/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
- ovn-host-firewall-service
- Firewall service for ovn host
-
-
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
deleted file mode 100644
index b1e239f571f..00000000000
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ /dev/null
@@ -1,50 +0,0 @@
-# See ovn-controller-vtep(8) for details about ovn-controller-vtep.
-#
-# You may override the following variables to customize ovn-controller-vtep
-# behavior:
-#
-# OVN_DB - Set this variable to the location of the ovsdb server that is
-# serving the OVN_Southbound database. See the manpage for
-# ovn-controller-vtep for more details on the format for the db
-# location.
-#
-# VTEP_DB - Set this variable to the location of the ovsdb server that is
-# serving the hardware_vtep database. See the manpage for
-# ovn-controller-vtep for more details on the format for the db
-# location.
-#
-# To override these variables, you may create a configuration file
-# in the /etc/systemd/system/ovn-controller-vtep.d/ directory. For example,
-# you could place the following contents in
-# /etc/systemd/system/ovn-controller-vtep.d/local.conf:
-#
-# [System]
-# Environment="OVN_DB=unix:/usr/local/var/run/openvswitch/db.sock" "VTEP_DB=unix:/usr/local/var/run/openvswitch/vtep.sock"
-#
-# Alternatively, you may specify environment variables in the file /etc/sysconfig/ovn-controller-vtep:
-#
-# OVN_DB="unix:/usr/local/var/run/openvswitch/db.sock"
-# VTEP_DB="unix:/usr/local/var/run/openvswitch/vtep.sock"
-
-[Unit]
-Description=OVN VTEP gateway controller daemon
-After=syslog.target
-Requires=openvswitch.service
-After=openvswitch.service
-
-[Service]
-Type=forking
-PIDFile=/var/run/openvswitch/ovn-controller-vtep.pid
-Restart=on-failure
-Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock
-Environment=VTEP_DB=unix:%t/openvswitch/db.sock
-EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
-EnvironmentFile=/run/openvswitch.useropts
-ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \
- --db-sb-sock=${OVN_DB} --db-sock=${VTEP_DB} \
- --ovn-user=${OVS_USER_ID} \
- start_controller_vtep
-ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep
-
-[Install]
-WantedBy=multi-user.target
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service
deleted file mode 100644
index 335cd5a52a8..00000000000
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ /dev/null
@@ -1,34 +0,0 @@
-# See ovn-controller(8) for details about ovn-controller.
-#
-# To customize the ovn-controller service, you may create a configuration file
-# in the /etc/systemd/system/ovn-controller.d/ directory. For example, to specify
-# additional options to be passed to the "ovn-ctl start_controller" command, you
-# could place the following contents in
-# /etc/systemd/system/ovn-controller.d/local.conf:
-#
-# [System]
-# Environment="OVN_CONTROLLER_OPTS=--ovn-controller-log=-vconsole:emer -vsyslog:err -vfile:info"
-#
-# Alternatively, you may specify environment variables in the file /etc/sysconfig/ovn-controller:
-#
-# OVN_CONTROLLER_OPTS="--ovn-controller-log=-vconsole:emer -vsyslog:err -vfile:info"
-
-[Unit]
-Description=OVN controller daemon
-After=syslog.target
-Requires=openvswitch.service
-After=openvswitch.service
-
-[Service]
-Type=forking
-PIDFile=/var/run/openvswitch/ovn-controller.pid
-Restart=on-failure
-EnvironmentFile=-/etc/sysconfig/ovn-controller
-EnvironmentFile=/run/openvswitch.useropts
-ExecStart=/usr/share/openvswitch/scripts/ovn-ctl --no-monitor \
- --ovn-user=${OVS_USER_ID} \
- start_controller $OVN_CONTROLLER_OPTS
-ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller
-
-[Install]
-WantedBy=multi-user.target
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service
deleted file mode 100644
index ea8c191e314..00000000000
--- a/rhel/usr_lib_systemd_system_ovn-northd.service
+++ /dev/null
@@ -1,35 +0,0 @@
-# See ovn-northd(8) for details about ovn-northd.
-#
-# To customize the ovn-northd service, you may create a configuration file
-# in the /etc/systemd/system/ovn-northd.d/ directory. For example, to specify
-# additional options to be passed to the "ovn-ctl start_northd" command, you
-# could place the following contents in
-# /etc/systemd/system/ovn-northd.d/local.conf:
-#
-# [System]
-# Environment="OVN_NORTHD_OPTS=--db-nb-sock=/usr/local/var/run/openvswitch/ovnnb_db.sock --db-sb-sock=/usr/local/var/run/openvswitch/ovnsb_db.sock"
-#
-# Alternatively, you may specify environment variables in the file /etc/sysconfig/ovn-northd:
-#
-# OVN_NORTHD_OPTS="--db-nb-sock=/usr/local/var/run/openvswitch/ovnnb_db.sock --db-sb-sock=/usr/local/var/run/openvswitch/ovnsb_db.sock"
-
-[Unit]
-Description=OVN northd management daemon
-After=syslog.target
-Requires=openvswitch.service
-After=openvswitch.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-Environment=OVS_RUNDIR=%t/openvswitch OVS_DBDIR=/var/lib/openvswitch
-EnvironmentFile=-/etc/sysconfig/ovn-northd
-EnvironmentFile=/run/openvswitch.useropts
-ExecStartPre=-/usr/bin/chown -R ${OVS_USER_ID} ${OVS_DBDIR}
-ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \
- --ovs-user=${OVS_USER_ID} --ovn-user=${OVS_USER_ID} \
- start_northd $OVN_NORTHD_OPTS
-ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_northd
-
-[Install]
-WantedBy=multi-user.target
diff --git a/tests/atlocal.in b/tests/atlocal.in
index 2e565d788b1..556f8681cf1 100644
--- a/tests/atlocal.in
+++ b/tests/atlocal.in
@@ -217,10 +217,6 @@ unset HTTPS_PROXY
unset FTP_PROXY
unset NO_PROXY
-# Avoid OVN environment variables leaking in from external environment.
-unset OVN_NB_DB
-unset OVN_SB_DB
-
# Prevent logging to syslog during tests.
OVS_SYSLOG_METHOD=null
export OVS_SYSLOG_METHOD
diff --git a/tests/automake.mk b/tests/automake.mk
index 908eb6666c3..0b4f29486bc 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -23,8 +23,7 @@ EXTRA_DIST += \
COMMON_MACROS_AT = \
tests/ovsdb-macros.at \
tests/ovs-macros.at \
- tests/ofproto-macros.at \
- tests/ovn-macros.at
+ tests/ofproto-macros.at
TESTSUITE_AT = \
tests/testsuite.at \
@@ -104,16 +103,9 @@ TESTSUITE_AT = \
tests/vlog.at \
tests/vtep-ctl.at \
tests/auto-attach.at \
- tests/ovn.at \
- tests/ovn-northd.at \
- tests/ovn-nbctl.at \
- tests/ovn-sbctl.at \
- tests/ovn-controller.at \
- tests/ovn-controller-vtep.at \
tests/mcast-snooping.at \
tests/packet-type-aware.at \
- tests/nsh.at \
- tests/ovn-performance.at
+ tests/nsh.at
EXTRA_DIST += $(FUZZ_REGRESSION_TESTS)
FUZZ_REGRESSION_TESTS = \
@@ -158,7 +150,6 @@ SYSTEM_KMOD_TESTSUITE_AT = \
SYSTEM_USERSPACE_TESTSUITE_AT = \
tests/system-userspace-testsuite.at \
- tests/system-ovn.at \
tests/system-userspace-macros.at \
tests/system-userspace-packet-type-aware.at
@@ -169,7 +160,6 @@ SYSTEM_AFXDP_TESTSUITE_AT = \
SYSTEM_TESTSUITE_AT = \
tests/system-common-macros.at \
- tests/system-ovn.at \
tests/system-layer3-tunnels.at \
tests/system-traffic.at \
tests/system-interface.at
@@ -197,7 +187,7 @@ SYSTEM_DPDK_TESTSUITE = $(srcdir)/tests/system-dpdk-testsuite
OVSDB_CLUSTER_TESTSUITE = $(srcdir)/tests/ovsdb-cluster-testsuite
DISTCLEANFILES += tests/atconfig tests/atlocal
-AUTOTEST_PATH = utilities:vswitchd:ovsdb:vtep:tests:$(PTHREAD_WIN32_DIR_DLL):$(SSL_DIR):ovn/controller-vtep:ovn/northd:ovn/utilities:ovn/controller
+AUTOTEST_PATH = utilities:vswitchd:ovsdb:vtep:tests:$(PTHREAD_WIN32_DIR_DLL):$(SSL_DIR):ovn/utilities
check-local:
set $(SHELL) '$(TESTSUITE)' -C tests AUTOTEST_PATH=$(AUTOTEST_PATH); \
@@ -238,9 +228,7 @@ check-lcov: all $(check_DATA) clean-lcov
# valgrind support
valgrind_wrappers = \
- tests/valgrind/ovn-controller \
tests/valgrind/ovn-nbctl \
- tests/valgrind/ovn-northd \
tests/valgrind/ovn-sbctl \
tests/valgrind/ovs-appctl \
tests/valgrind/ovs-ofctl \
@@ -447,7 +435,6 @@ tests_ovstest_SOURCES = \
tests/test-netflow.c \
tests/test-odp.c \
tests/test-ofpbuf.c \
- tests/test-ovn.c \
tests/test-packets.c \
tests/test-random.c \
tests/test-rcu.c \
@@ -475,7 +462,7 @@ tests_ovstest_SOURCES += \
tests/test-netlink-conntrack.c
endif
-tests_ovstest_LDADD = lib/libopenvswitch.la ovn/lib/libovn.la
+tests_ovstest_LDADD = lib/libopenvswitch.la
noinst_PROGRAMS += tests/test-stream
tests_test_stream_SOURCES = tests/test-stream.c
diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at
index db0cd5108fd..04d4ed7e224 100644
--- a/tests/ofproto-macros.at
+++ b/tests/ofproto-macros.at
@@ -214,7 +214,7 @@ check_logs () {
# We most notably ignore 'Broken pipe' warnings. These often and
# intermittently appear in ovsdb-server.log, because *ctl commands
- # (e.g. ovs-vsctl, ovn-nbctl) exit right after committing a change to the
+ # (e.g. ovs-vsctl) exit right after committing a change to the
# database. However, in reaction, some daemon may immediately update the
# database, and this later update may cause database sending update back to
# *ctl command if *ctl has not exited yet. If *ctl command exits before
diff --git a/tests/oss-fuzz/automake.mk b/tests/oss-fuzz/automake.mk
index 5bf7d0d7cbb..2b116e7a51a 100644
--- a/tests/oss-fuzz/automake.mk
+++ b/tests/oss-fuzz/automake.mk
@@ -2,7 +2,6 @@ OSS_FUZZ_TARGETS = \
tests/oss-fuzz/flow_extract_target \
tests/oss-fuzz/json_parser_target \
tests/oss-fuzz/ofp_print_target \
- tests/oss-fuzz/expr_parse_target \
tests/oss-fuzz/odp_target \
tests/oss-fuzz/miniflow_target \
tests/oss-fuzz/ofctl_parse_target
@@ -27,13 +26,6 @@ tests_oss_fuzz_ofp_print_target_SOURCES = \
tests_oss_fuzz_ofp_print_target_LDADD = lib/libopenvswitch.la
tests_oss_fuzz_ofp_print_target_LDFLAGS = $(LIB_FUZZING_ENGINE) -lc++
-tests_oss_fuzz_expr_parse_target_SOURCES = \
- tests/oss-fuzz/expr_parse_target.c \
- tests/oss-fuzz/fuzzer.h
-tests_oss_fuzz_expr_parse_target_LDADD = lib/libopenvswitch.la \
- ovn/lib/libovn.la
-tests_oss_fuzz_expr_parse_target_LDFLAGS = $(LIB_FUZZING_ENGINE) -lc++
-
tests_oss_fuzz_odp_target_SOURCES = \
tests/oss-fuzz/odp_target.c \
tests/oss-fuzz/fuzzer.h
@@ -56,11 +48,9 @@ EXTRA_DIST += \
tests/oss-fuzz/config/flow_extract_target.options \
tests/oss-fuzz/config/json_parser_target.options \
tests/oss-fuzz/config/ofp_print_target.options \
- tests/oss-fuzz/config/expr_parse_target.options \
tests/oss-fuzz/config/odp_target.options \
tests/oss-fuzz/config/miniflow_target.options \
tests/oss-fuzz/config/ofctl_parse_target.options \
tests/oss-fuzz/config/ovs.dict \
- tests/oss-fuzz/config/expr.dict \
tests/oss-fuzz/config/odp.dict \
tests/oss-fuzz/config/ofp-flow.dict
diff --git a/tests/oss-fuzz/config/expr.dict b/tests/oss-fuzz/config/expr.dict
deleted file mode 100644
index 03741ad7d15..00000000000
--- a/tests/oss-fuzz/config/expr.dict
+++ /dev/null
@@ -1,120 +0,0 @@
-" = "
-" = ("
-" = dns_lookup();"
-" { "
-" };"
-"!"
-"!="
-"$"
-"&&"
-"("
-"()"
-")"
-"),commit,table=,zone=NXM_NX_REG)"
-");"
-", "
-", meter=\"\""
-","
-",bucket=bucket_id=,weight:100,actions=ct(nat(dst="
-"--"
-".."
-"/"
-"/%"
-"0"
-":"
-"<"
-"<->"
-"<="
-"="
-"=="
-"=r"
-">"
-">="
-"["
-"\x00"
-"\x28"
-"]"
-"]:"
-"allow"
-"arp"
-"bool"
-"bswap "
-"bswap %0"
-"cc"
-"clone"
-"ct_clear"
-"ct_clear;"
-"ct_commit"
-"ct_commit("
-"ct_dnat"
-"ct_label"
-"ct_label="
-"ct_lb"
-"ct_mark"
-"ct_mark="
-"ct_mark=%#x"
-"ct_next"
-"ct_next;"
-"ct_snat"
-"decimal"
-"dhcpv6_stateful"
-"dhcpv6_stateless"
-"dns_lookup"
-"drop"
-"drop;"
-"egress"
-"error("
-"get_arp"
-"get_nd"
-"hexadecimal"
-"icmp4"
-"icmp6"
-"ingress"
-"ip.ttl"
-"ip.ttl--;"
-"ipv4"
-"ipv6"
-"log"
-"log("
-"mac"
-"meter"
-"name"
-"name=\"\", "
-"nd_na"
-"nd_na_router"
-"nd_ns"
-"next"
-"next();"
-"next(pipeline=, table=);"
-"next;"
-"output"
-"output;"
-"pipeline"
-"put_arp"
-"put_dhcp_opts"
-"put_dhcpv6_opts"
-"put_nd"
-"put_nd_ra_opts"
-"reject"
-"set_meter"
-"set_meter();"
-"set_meter(, );"
-"set_meter(,);"
-"set_queue"
-"set_queue();"
-"severity"
-"severity="
-"slaac"
-"static_routes"
-"str"
-"table"
-"tcp_reset"
-"type=select,selection_method=dp_hash"
-"uint16"
-"uint32"
-"uint8"
-"verdict"
-"verdict=, "
-"{"
-"||"
-"}"
diff --git a/tests/oss-fuzz/config/expr_parse_target.options b/tests/oss-fuzz/config/expr_parse_target.options
deleted file mode 100644
index fc254e84f26..00000000000
--- a/tests/oss-fuzz/config/expr_parse_target.options
+++ /dev/null
@@ -1,3 +0,0 @@
-[libfuzzer]
-dict = expr.dict
-close_fd_mask = 3
diff --git a/tests/oss-fuzz/expr_parse_target.c b/tests/oss-fuzz/expr_parse_target.c
deleted file mode 100644
index 170186d9d87..00000000000
--- a/tests/oss-fuzz/expr_parse_target.c
+++ /dev/null
@@ -1,464 +0,0 @@
-#include
-#include "fuzzer.h"
-#include
-#include
-#include
-
-#include "command-line.h"
-#include "dp-packet.h"
-#include "fatal-signal.h"
-#include "flow.h"
-#include "openvswitch/dynamic-string.h"
-#include "openvswitch/match.h"
-#include "openvswitch/ofp-actions.h"
-#include "openvswitch/ofpbuf.h"
-#include "openvswitch/vlog.h"
-#include "ovn/actions.h"
-#include "ovn/expr.h"
-#include "ovn/lex.h"
-#include "ovn/logical-fields.h"
-#include "ovn/lib/ovn-l7.h"
-#include "ovn/lib/extend-table.h"
-#include "openvswitch/shash.h"
-#include "simap.h"
-#include "util.h"
-
-static void
-compare_token(const struct lex_token *a, const struct lex_token *b)
-{
- if (a->type != b->type) {
- fprintf(stderr, "type differs: %d -> %d\n", a->type, b->type);
- return;
- }
-
- if (!((a->s && b->s && !strcmp(a->s, b->s))
- || (!a->s && !b->s))) {
- fprintf(stderr, "string differs: %s -> %s\n",
- a->s ? a->s : "(null)",
- b->s ? b->s : "(null)");
- return;
- }
-
- if (a->type == LEX_T_INTEGER || a->type == LEX_T_MASKED_INTEGER) {
- if (memcmp(&a->value, &b->value, sizeof a->value)) {
- fprintf(stderr, "value differs\n");
- return;
- }
-
- if (a->type == LEX_T_MASKED_INTEGER
- && memcmp(&a->mask, &b->mask, sizeof a->mask)) {
- fprintf(stderr, "mask differs\n");
- return;
- }
-
- if (a->format != b->format
- && !(a->format == LEX_F_HEXADECIMAL
- && b->format == LEX_F_DECIMAL
- && a->value.integer == 0)) {
- fprintf(stderr, "format differs: %d -> %d\n",
- a->format, b->format);
- }
- }
-}
-
-static void
-test_lex(const char *input)
-{
- struct ds output;
-
- ds_init(&output);
- struct lexer lexer;
-
- lexer_init(&lexer, input);
- ds_clear(&output);
- while (lexer_get(&lexer) != LEX_T_END) {
- size_t len = output.length;
- lex_token_format(&lexer.token, &output);
-
- /* Check that the formatted version can really be parsed back
- * losslessly. */
- if (lexer.token.type != LEX_T_ERROR) {
- const char *s = ds_cstr(&output) + len;
- struct lexer l2;
-
- lexer_init(&l2, s);
- lexer_get(&l2);
- compare_token(&lexer.token, &l2.token);
- lexer_destroy(&l2);
- }
- ds_put_char(&output, ' ');
- }
- lexer_destroy(&lexer);
-
- ds_chomp(&output, ' ');
- puts(ds_cstr(&output));
- ds_destroy(&output);
-}
-
-static void
-create_symtab(struct shash *symtab)
-{
- ovn_init_symtab(symtab);
-
- /* For negative testing. */
- expr_symtab_add_field(symtab, "bad_prereq", MFF_XREG0, "xyzzy", false);
- expr_symtab_add_field(symtab, "self_recurse", MFF_XREG0,
- "self_recurse != 0", false);
- expr_symtab_add_field(symtab, "mutual_recurse_1", MFF_XREG0,
- "mutual_recurse_2 != 0", false);
- expr_symtab_add_field(symtab, "mutual_recurse_2", MFF_XREG0,
- "mutual_recurse_1 != 0", false);
- expr_symtab_add_string(symtab, "big_string", MFF_XREG0, NULL);
-}
-
-static void
-create_gen_opts(struct hmap *dhcp_opts, struct hmap *dhcpv6_opts,
- struct hmap *nd_ra_opts)
-{
- hmap_init(dhcp_opts);
- dhcp_opt_add(dhcp_opts, "offerip", 0, "ipv4");
- dhcp_opt_add(dhcp_opts, "netmask", 1, "ipv4");
- dhcp_opt_add(dhcp_opts, "router", 3, "ipv4");
- dhcp_opt_add(dhcp_opts, "dns_server", 6, "ipv4");
- dhcp_opt_add(dhcp_opts, "log_server", 7, "ipv4");
- dhcp_opt_add(dhcp_opts, "lpr_server", 9, "ipv4");
- dhcp_opt_add(dhcp_opts, "domain_name", 15, "str");
- dhcp_opt_add(dhcp_opts, "swap_server", 16, "ipv4");
- dhcp_opt_add(dhcp_opts, "policy_filter", 21, "ipv4");
- dhcp_opt_add(dhcp_opts, "router_solicitation", 32, "ipv4");
- dhcp_opt_add(dhcp_opts, "nis_server", 41, "ipv4");
- dhcp_opt_add(dhcp_opts, "ntp_server", 42, "ipv4");
- dhcp_opt_add(dhcp_opts, "server_id", 54, "ipv4");
- dhcp_opt_add(dhcp_opts, "tftp_server", 66, "ipv4");
- dhcp_opt_add(dhcp_opts, "classless_static_route", 121, "static_routes");
- dhcp_opt_add(dhcp_opts, "ip_forward_enable", 19, "bool");
- dhcp_opt_add(dhcp_opts, "router_discovery", 31, "bool");
- dhcp_opt_add(dhcp_opts, "ethernet_encap", 36, "bool");
- dhcp_opt_add(dhcp_opts, "default_ttl", 23, "uint8");
- dhcp_opt_add(dhcp_opts, "tcp_ttl", 37, "uint8");
- dhcp_opt_add(dhcp_opts, "mtu", 26, "uint16");
- dhcp_opt_add(dhcp_opts, "lease_time", 51, "uint32");
- dhcp_opt_add(dhcp_opts, "wpad", 252, "str");
-
- /* DHCPv6 options. */
- hmap_init(dhcpv6_opts);
- dhcp_opt_add(dhcpv6_opts, "server_id", 2, "mac");
- dhcp_opt_add(dhcpv6_opts, "ia_addr", 5, "ipv6");
- dhcp_opt_add(dhcpv6_opts, "dns_server", 23, "ipv6");
- dhcp_opt_add(dhcpv6_opts, "domain_search", 24, "str");
-
- /* IPv6 ND RA options. */
- hmap_init(nd_ra_opts);
- nd_ra_opts_init(nd_ra_opts);
-}
-
-static void
-create_addr_sets(struct shash *addr_sets)
-{
- shash_init(addr_sets);
-
- static const char *const addrs1[] = {
- "10.0.0.1", "10.0.0.2", "10.0.0.3",
- };
- static const char *const addrs2[] = {
- "::1", "::2", "::3",
- };
- static const char *const addrs3[] = {
- "00:00:00:00:00:01", "00:00:00:00:00:02", "00:00:00:00:00:03",
- };
- static const char *const addrs4[] = { NULL };
-
- expr_const_sets_add(addr_sets, "set1", addrs1, 3, true);
- expr_const_sets_add(addr_sets, "set2", addrs2, 3, true);
- expr_const_sets_add(addr_sets, "set3", addrs3, 3, true);
- expr_const_sets_add(addr_sets, "set4", addrs4, 0, true);
-}
-
-static void
-create_port_groups(struct shash *port_groups)
-{
- shash_init(port_groups);
-
- static const char *const pg1[] = {
- "lsp1", "lsp2", "lsp3",
- };
- static const char *const pg2[] = { NULL };
-
- expr_const_sets_add(port_groups, "pg1", pg1, 3, false);
- expr_const_sets_add(port_groups, "pg_empty", pg2, 0, false);
-}
-
-static bool
-lookup_port_cb(const void *ports_, const char *port_name, unsigned int *portp)
-{
- const struct simap *ports = ports_;
- const struct simap_node *node = simap_find(ports, port_name);
- if (!node) {
- return false;
- }
- *portp = node->data;
- return true;
-}
-
-static bool
-is_chassis_resident_cb(const void *ports_, const char *port_name)
-{
- const struct simap *ports = ports_;
- const struct simap_node *node = simap_find(ports, port_name);
- if (node) {
- return true;
- }
- return false;
-}
-
-static void
-test_parse_actions(const char *input)
-{
- struct shash symtab;
- struct hmap dhcp_opts;
- struct hmap dhcpv6_opts;
- struct hmap nd_ra_opts;
- struct simap ports;
-
- create_symtab(&symtab);
- create_gen_opts(&dhcp_opts, &dhcpv6_opts, &nd_ra_opts);
-
- /* Initialize group ids. */
- struct ovn_extend_table group_table;
- ovn_extend_table_init(&group_table);
-
- /* Initialize meter ids for QoS. */
- struct ovn_extend_table meter_table;
- ovn_extend_table_init(&meter_table);
-
- simap_init(&ports);
- simap_put(&ports, "eth0", 5);
- simap_put(&ports, "eth1", 6);
- simap_put(&ports, "LOCAL", ofp_to_u16(OFPP_LOCAL));
-
- struct ofpbuf ovnacts;
- struct expr *prereqs;
- char *error;
-
- puts(input);
-
- ofpbuf_init(&ovnacts, 0);
-
- const struct ovnact_parse_params pp = {
- .symtab = &symtab,
- .dhcp_opts = &dhcp_opts,
- .dhcpv6_opts = &dhcpv6_opts,
- .nd_ra_opts = &nd_ra_opts,
- .n_tables = 24,
- .cur_ltable = 10,
- };
- error = ovnacts_parse_string(input, &pp, &ovnacts, &prereqs);
- if (!error) {
- /* Convert the parsed representation back to a string and print it,
- * if it's different from the input. */
- struct ds ovnacts_s = DS_EMPTY_INITIALIZER;
- ovnacts_format(ovnacts.data, ovnacts.size, &ovnacts_s);
- if (strcmp(input, ds_cstr(&ovnacts_s))) {
- printf(" formats as %s\n", ds_cstr(&ovnacts_s));
- }
-
- /* Encode the actions into OpenFlow and print. */
- const struct ovnact_encode_params ep = {
- .lookup_port = lookup_port_cb,
- .aux = &ports,
- .is_switch = true,
- .group_table = &group_table,
- .meter_table = &meter_table,
-
- .pipeline = OVNACT_P_INGRESS,
- .ingress_ptable = 8,
- .egress_ptable = 40,
- .output_ptable = 64,
- .mac_bind_ptable = 65,
- };
- struct ofpbuf ofpacts;
- ofpbuf_init(&ofpacts, 0);
- ovnacts_encode(ovnacts.data, ovnacts.size, &ep, &ofpacts);
- struct ds ofpacts_s = DS_EMPTY_INITIALIZER;
- struct ofpact_format_params fp = { .s = &ofpacts_s };
- ofpacts_format(ofpacts.data, ofpacts.size, &fp);
- printf(" encodes as %s\n", ds_cstr(&ofpacts_s));
- ds_destroy(&ofpacts_s);
- ofpbuf_uninit(&ofpacts);
-
- /* Print prerequisites if any. */
- if (prereqs) {
- struct ds prereqs_s = DS_EMPTY_INITIALIZER;
- expr_format(prereqs, &prereqs_s);
- printf(" has prereqs %s\n", ds_cstr(&prereqs_s));
- ds_destroy(&prereqs_s);
- }
-
- /* Now re-parse and re-format the string to verify that it's
- * round-trippable. */
- struct ofpbuf ovnacts2;
- struct expr *prereqs2;
- ofpbuf_init(&ovnacts2, 0);
- error = ovnacts_parse_string(ds_cstr(&ovnacts_s), &pp, &ovnacts2,
- &prereqs2);
- if (!error) {
- struct ds ovnacts2_s = DS_EMPTY_INITIALIZER;
- ovnacts_format(ovnacts2.data, ovnacts2.size, &ovnacts2_s);
- if (strcmp(ds_cstr(&ovnacts_s), ds_cstr(&ovnacts2_s))) {
- printf(" bad reformat: %s\n", ds_cstr(&ovnacts2_s));
- }
- ds_destroy(&ovnacts2_s);
- } else {
- printf(" reparse error: %s\n", error);
- free(error);
- }
- expr_destroy(prereqs2);
-
- ovnacts_free(ovnacts2.data, ovnacts2.size);
- ofpbuf_uninit(&ovnacts2);
- ds_destroy(&ovnacts_s);
- } else {
- printf(" %s\n", error);
- free(error);
- }
-
- expr_destroy(prereqs);
- ovnacts_free(ovnacts.data, ovnacts.size);
- ofpbuf_uninit(&ovnacts);
-
- simap_destroy(&ports);
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
- dhcp_opts_destroy(&dhcp_opts);
- dhcp_opts_destroy(&dhcpv6_opts);
- nd_ra_opts_destroy(&nd_ra_opts);
- ovn_extend_table_destroy(&group_table);
- ovn_extend_table_destroy(&meter_table);
-}
-
-static void
-test_parse_expr(const char *input)
-{
- struct shash symtab;
- struct shash addr_sets;
- struct shash port_groups;
- struct simap ports;
- struct expr *expr;
- char *error;
-
- create_symtab(&symtab);
- create_addr_sets(&addr_sets);
- create_port_groups(&port_groups);
-
- simap_init(&ports);
- simap_put(&ports, "eth0", 5);
- simap_put(&ports, "eth1", 6);
- simap_put(&ports, "LOCAL", ofp_to_u16(OFPP_LOCAL));
- simap_put(&ports, "lsp1", 0x11);
- simap_put(&ports, "lsp2", 0x12);
- simap_put(&ports, "lsp3", 0x13);
-
- expr = expr_parse_string(input, &symtab, &addr_sets,
- &port_groups, NULL, &error);
- if (!error) {
- expr = expr_annotate(expr, &symtab, &error);
- }
- if (!error) {
- expr = expr_simplify(expr, is_chassis_resident_cb, &ports);
- expr = expr_normalize(expr);
- ovs_assert(expr_is_normalized(expr));
- }
- if (!error) {
- struct hmap matches;
-
- expr_to_matches(expr, lookup_port_cb, &ports, &matches);
- expr_matches_print(&matches, stdout);
- expr_matches_destroy(&matches);
- } else {
- puts(error);
- free(error);
- }
- expr_destroy(expr);
- simap_destroy(&ports);
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
- expr_const_sets_destroy(&addr_sets);
- shash_destroy(&addr_sets);
- expr_const_sets_destroy(&port_groups);
- shash_destroy(&port_groups);
-}
-
-static bool
-lookup_atoi_cb(const void *aux OVS_UNUSED, const char *port_name,
- unsigned int *portp)
-{
- *portp = atoi(port_name);
- return true;
-}
-
-static void
-test_expr_to_packets(const char *input)
-{
- struct shash symtab;
- create_symtab(&symtab);
-
- struct flow uflow;
- char *error = expr_parse_microflow(input, &symtab, NULL, NULL,
- lookup_atoi_cb, NULL, &uflow);
- if (error) {
- puts(error);
- free(error);
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
- return;
- }
-
- uint64_t packet_stub[128 / 8];
- struct dp_packet packet;
- dp_packet_use_stub(&packet, packet_stub, sizeof packet_stub);
- flow_compose(&packet, &uflow, NULL, 64);
-
- struct ds output = DS_EMPTY_INITIALIZER;
- const uint8_t *buf = dp_packet_data(&packet);
- for (int i = 0; i < dp_packet_size(&packet); i++) {
- uint8_t val = buf[i];
- ds_put_format(&output, "%02"PRIx8, val);
- }
- puts(ds_cstr(&output));
- ds_destroy(&output);
- dp_packet_uninit(&packet);
- expr_symtab_destroy(&symtab);
- shash_destroy(&symtab);
-}
-
-int
-LLVMFuzzerTestOneInput(const uint8_t *input_, size_t size)
-{
- /* Bail out if we cannot construct at least a 1 char string. */
- const char *input = (const char *) input_;
- if (size < 2 || input[size - 1] != '\0' || strchr(input, '\n') ||
- strlen(input) != size - 1) {
- return 0;
- }
-
- /* Disable logging to avoid write to disk. */
- static bool isInit = false;
- if (!isInit) {
- vlog_set_verbosity("off");
- isInit = true;
- }
-
- /* Parse, annotate, simplify, normalize expr and convert to flows. */
- test_parse_expr(input);
-
- /* Parse actions. */
- test_parse_actions(input);
-
- /* Test OVN lexer. */
- test_lex(input);
-
- /* Expr to packets. */
- test_expr_to_packets(input);
-
- return 0;
-}
diff --git a/tests/ovn-controller-vtep.at b/tests/ovn-controller-vtep.at
deleted file mode 100644
index a3fe8cb880c..00000000000
--- a/tests/ovn-controller-vtep.at
+++ /dev/null
@@ -1,467 +0,0 @@
-AT_BANNER([ovn_controller_vtep])
-
-# OVN_CONTROLLER_VTEP_START
-#
-# Starts the test with a setup with vtep device. Each test case must first
-# call this macro.
-#
-# Uses vtep-ovs to simulate the vtep switch 'br-vtep' with two physical ports
-# 'p0', 'p1'.
-#
-# Configures ovn-nb with a logical switch 'br-test'.
-#
-#
-m4_define([OVN_CONTROLLER_VTEP_START],
- [
- AT_KEYWORDS([ovn])
- # this will cause skip when 'make check' using Windows setup.
- AT_SKIP_IF([test $HAVE_PYTHON = no])
-
- dnl Create databases (ovn-nb, ovn-sb, vtep).
- AT_CHECK([ovsdb-tool create vswitchd.db $abs_top_srcdir/vswitchd/vswitch.ovsschema])
- for daemon in ovn-nb ovn-sb vtep; do
- AT_CHECK([ovsdb-tool create $daemon.db $abs_top_srcdir/${daemon%%-*}/${daemon}.ovsschema])
- done
-
- dnl Start ovsdb-server.
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file --remote=punix:$OVS_RUNDIR/db.sock vswitchd.db vtep.db], [0], [], [stderr])
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovsdb-nb-server.pid --log-file=ovsdb-nb-server.log --remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db], [0], [], [stderr])
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovsdb-sb-server.pid --log-file=ovsdb-sb-server.log --remote=punix:$OVS_RUNDIR/ovnsb_db.sock ovn-sb.db ovn-sb.db], [0], [], [stderr])
- on_exit "kill `cat ovsdb-server.pid` `cat ovsdb-nb-server.pid` `cat ovsdb-sb-server.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d
-/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
- AT_CAPTURE_FILE([ovsdb-server.log])
-
- dnl Start ovs-vswitchd.
- AT_CHECK([ovs-vswitchd --enable-dummy=system --disable-system --detach --no-chdir --pidfile --log-file -vvconn -vofproto_dpif], [0], [], [stderr])
- AT_CAPTURE_FILE([ovs-vswitchd.log])
- on_exit "kill `cat ovs-vswitchd.pid`"
- AT_CHECK([[sed < stderr '
-/ovs_numa|INFO|Discovered /d
-/vlog|INFO|opened log file/d
-/vswitchd|INFO|ovs-vswitchd (Open vSwitch)/d
-/reconnect|INFO|/d
-/ofproto|INFO|using datapath ID/d
-/netlink_socket|INFO|netlink: could not enable listening to all nsid/d
-/ofproto|INFO|datapath ID changed to fedcba9876543210/d']])
- AT_CHECK([ovs-vsctl -- add-br br-vtep \
- -- set bridge br-vtep datapath-type=dummy other-config:datapath-id=fedcba9876543210 other-config:hwaddr=aa:55:aa:55:00:00 protocols=[[OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14,OpenFlow15]] fail-mode=secure \
- -- add-port br-vtep p0 -- set Interface p0 type=dummy ofport_request=1 \
- -- add-port br-vtep p1 -- set Interface p1 type=dummy ofport_request=2])
-
- dnl Start ovs-vtep.
- AT_CHECK([vtep-ctl add-ps br-vtep -- set Physical_Switch br-vtep tunnel_ips=1.2.3.4])
- AT_CHECK([ovs-vtep --log-file=ovs-vtep.log --pidfile=ovs-vtep.pid --detach --no-chdir br-vtep \], [0], [], [stderr])
- on_exit "kill `cat ovs-vtep.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d']])
- # waits until ovs-vtep starts up.
- OVS_WAIT_UNTIL([test -n "`vtep-ctl show | grep Physical_Port`"])
-
- dnl Start ovn-northd.
- AT_CHECK([ovn-nbctl ls-add br-test])
- AT_CHECK([ovn-northd --detach --no-chdir --pidfile --log-file], [0], [], [stderr])
- on_exit "kill `cat ovn-northd.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d']])
- AT_CAPTURE_FILE([ovn-northd.log])
-
- dnl Start ovn-controllger-vtep.
- AT_CHECK([ovn-controller-vtep --detach --no-chdir --pidfile --log-file --vtep-db=unix:$OVS_RUNDIR/db.sock --ovnsb-db=unix:$OVS_RUNDIR/ovnsb_db.sock], [0], [], [stderr])
- AT_CAPTURE_FILE([ovn-controller-vtep.log])
- on_exit "kill `cat ovn-controller-vtep.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d
-/reconnect|INFO|/d']])
-])
-
-# OVN_CONTROLLER_VTEP_STOP
-#
-# So many exits... Yeah, we started a lot daemons~
-#
-m4_define([OVN_CONTROLLER_VTEP_STOP],
- [AT_CHECK([check_logs "$1"])
- OVS_APP_EXIT_AND_WAIT([ovs-vtep])
- OVS_APP_EXIT_AND_WAIT([ovn-northd])
- OVS_APP_EXIT_AND_WAIT([ovn-controller-vtep])
- OVS_APP_EXIT_AND_WAIT([ovsdb-server])
- OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])])
-
-# Adds logical port for a vtep gateway chassis in ovn-nb database.
-#
-# $1: logical switch name in ovn-nb database
-# $2: logical port name
-# $3: physical vtep gateway name
-# $4: logical switch name on vtep gateway chassis
-m4_define([OVN_NB_ADD_VTEP_PORT], [
-AT_CHECK([ovn-nbctl lsp-add $1 $2])
-
-AT_CHECK([ovn-nbctl lsp-set-type $2 vtep])
-AT_CHECK([ovn-nbctl lsp-set-options $2 vtep-physical-switch=$3 vtep-logical-switch=$4])
-])
-
-##############################################
-
-# tests chassis related updates.
-AT_SETUP([ovn-controller-vtep - chassis])
-OVN_CONTROLLER_VTEP_START
-
-# verifies the initial ovn-sb db configuration.
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl show | grep Chassis`"])
-AT_CHECK([ovn-sbctl show], [0], [dnl
-Chassis br-vtep
- Encap vxlan
- ip: "1.2.3.4"
- options: {csum="false"}
-])
-
-# deletes the chassis via ovn-sbctl and check that it is readded back
-# with the log.
-AT_CHECK([ovn-sbctl chassis-del br-vtep])
-OVS_WAIT_UNTIL([test -n "`grep WARN ovn-controller-vtep.log`"])
-AT_CHECK([sed -n 's/^.*\(|WARN|.*\)$/\1/p' ovn-controller-vtep.log], [0], [dnl
-|WARN|Chassis for VTEP physical switch (br-vtep) disappears, maybe deleted by ovn-sbctl, adding it back
-])
-
-# changes the tunnel_ip on physical switch, watches the update of chassis's
-# encap.
-AT_CHECK([vtep-ctl set Physical_Switch br-vtep tunnel_ips=1.2.3.5])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl show | grep 1\.2\.3\.5`"])
-AT_CHECK([ovn-sbctl --columns=ip list Encap | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-"1.2.3.5"
-])
-
-# adds vlan_bindings to physical ports.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0 -- bind-ls br-vtep p0 200 lswitch0 -- bind-ls br-vtep p1 300 lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Chassis | grep -- lswitch0`"])
-AT_CHECK([ovn-sbctl --columns=vtep_logical_switches list Chassis | cut -d ':' -f2 | tr -d ' ' ], [0], [dnl
-[[lswitch0]]
-])
-
-# adds another logical switch and new vlan_bindings.
-AT_CHECK([vtep-ctl add-ls lswitch1 -- bind-ls br-vtep p0 300 lswitch1])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Chassis | grep -- lswitch1`"])
-AT_CHECK([ovn-sbctl --columns=vtep_logical_switches list Chassis | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-[[lswitch0,lswitch1]]
-])
-
-# unbinds one port from lswitch0, nothing should change.
-AT_CHECK([vtep-ctl unbind-ls br-vtep p0 200])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl --columns=vlan_bindings list physical_port p0 | grep -- '200='`"])
-AT_CHECK([ovn-sbctl --columns=vtep_logical_switches list Chassis | cut -d ':' -f2 | tr -d ' ' ], [0], [dnl
-[[lswitch0,lswitch1]]
-])
-
-# unbinds all ports from lswitch0.
-AT_CHECK([vtep-ctl unbind-ls br-vtep p0 100 -- unbind-ls br-vtep p1 300])
-OVS_WAIT_UNTIL([test -z "`ovn-sbctl list Chassis | grep -- br-vtep_lswitch0`"])
-AT_CHECK([ovn-sbctl --columns=vtep_logical_switches list Chassis | cut -d ':' -f2 | tr -d ' ' ], [0], [dnl
-[[lswitch1]]
-])
-
-# unbinds all ports from lswitch1.
-AT_CHECK([vtep-ctl unbind-ls br-vtep p0 300])
-OVS_WAIT_UNTIL([test -z "`ovn-sbctl list Chassis | grep -- br-vtep_lswitch1`"])
-AT_CHECK([ovn-sbctl --columns=vtep_logical_switches list Chassis | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-[[]]
-])
-
-OVN_CONTROLLER_VTEP_STOP([/Chassis for VTEP physical switch (br-vtep) disappears/d])
-AT_CLEANUP
-
-
-# Tests binding updates.
-AT_SETUP([ovn-controller-vtep - binding 1])
-OVN_CONTROLLER_VTEP_START
-
-# adds logical switch 'lswitch0' and vlan_bindings.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0 -- bind-ls br-vtep p1 300 lswitch0])
-# adds logical switch port in ovn-nb database, and sets the type and options.
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0], [br-vtep], [lswitch0])
-ovn-sbctl --timeout=10 wait-until Port_Binding br-vtep_lswitch0 chassis!='[[]]'
-# should see one binding, associated to chassis of 'br-vtep'.
-chassis_uuid=$(ovn-sbctl --columns=_uuid list Chassis br-vtep | cut -d ':' -f2 | tr -d ' ')
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=chassis list Port_Binding br-vtep_lswitch0 | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-${chassis_uuid}
-])
-
-# adds another logical switch 'lswitch1' and vlan_bindings.
-AT_CHECK([vtep-ctl add-ls lswitch1 -- bind-ls br-vtep p0 200 lswitch1])
-# adds logical switch port in ovn-nb database for lswitch1.
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch1], [br-vtep], [lswitch1])
-ovn-sbctl --timeout=10 wait-until Port_Binding br-vtep_lswitch1 chassis!='[[]]'
-# This is allowed, but not recommended, to have two vlan_bindings (to different vtep logical switches)
-# from one vtep gateway physical port in one ovn-nb logical swithch.
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=chassis list Port_Binding | cut -d ':' -f2 | tr -d ' ' | sort], [0], [dnl
-
-${chassis_uuid}
-${chassis_uuid}
-])
-
-# adds another logical switch port in ovn-nb database for lswitch0.
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0_dup], [br-vtep], [lswitch0])
-ovn-sbctl --timeout=10 wait-until Port_Binding br-vtep_lswitch0_dup chassis!='[[]]'
-# it is not allowed to have more than one ovn-nb logical port for the same
-# vtep logical switch on a vtep gateway chassis, so should still see only
-# two port_binding entries bound.
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=chassis list Port_Binding | cut -d ':' -f2 | tr -d ' ' | sort | sort -d], [0], [dnl
-
-
-[[]]
-${chassis_uuid}
-${chassis_uuid}
-])
-# confirms the warning log.
-AT_CHECK([sed -n 's/^.*\(|WARN|.*\)$/\1/p' ovn-controller-vtep.log | sed 's/([[-_0-9a-z]][[-_0-9a-z]]*)/()/g' | uniq], [0], [dnl
-|WARN|logical switch (), on vtep gateway chassis () has already been associated with logical port (), ignore logical port ()
-])
-
-# deletes physical ports from vtep.
-AT_CHECK([ovs-vsctl del-port p0 -- del-port p1])
-OVS_WAIT_UNTIL([test -z "`ovn-sbctl list Chassis | grep -- br-vtep_lswitch`"])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl list physical_port p0`"])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl list physical_port p1`"])
-# should see empty chassis column in both binding entries.
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=chassis list Port_Binding | cut -d ':' -f2 | tr -d ' ' | sort], [0], [dnl
-
-
-[[]]
-[[]]
-[[]]
-])
-
-OVN_CONTROLLER_VTEP_STOP([/has already been associated with logical port/d])
-AT_CLEANUP
-
-
-# Tests corner case: Binding the vtep logical switch from two different
-# datapath.
-AT_SETUP([ovn-controller-vtep - binding 2])
-OVN_CONTROLLER_VTEP_START
-
-# adds logical switch 'lswitch0' and vlan_bindings.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0])
-# adds logical switch port in ovn-nb database, and sets the type and options.
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0], [br-vtep], [lswitch0])
-ovn-sbctl --timeout=10 wait-until Port_Binding br-vtep_lswitch0 chassis!='[[]]'
-
-# adds another lswitch 'br-void' in ovn-nb database.
-AT_CHECK([ovn-nbctl ls-add br-void])
-# adds another vtep pswitch 'br-vtep-void' in vtep database.
-AT_CHECK([vtep-ctl add-ps br-vtep-void -- add-port br-vtep-void p0-void -- bind-ls br-vtep-void p0-void 100 lswitch0])
-# adds a conflicting logical port (both br-vtep_lswitch0 and br-vtep-void_lswitch0
-# are bound to the same logical switch, but they are on different datapath).
-OVN_NB_ADD_VTEP_PORT([br-void], [br-vtep-void_lswitch0], [br-vtep-void], [lswitch0])
-ovn-sbctl --timeout=10 wait-until Port_Binding br-vtep_lswitch0
-OVS_WAIT_UNTIL([test -n "`grep WARN ovn-controller-vtep.log`"])
-# confirms the warning log.
-AT_CHECK([sed -n 's/^.*\(|WARN|.*\)$/\1/p' ovn-controller-vtep.log | sed 's/([[-_0-9a-z]][[-_0-9a-z]]*)/()/g;s/(with tunnel key [[0-9]][[0-9]]*)/()/g' | uniq], [0], [dnl
-|WARN|logical switch (), on vtep gateway chassis () has already been associated with logical datapath (), ignore logical port () which belongs to logical datapath ()
-])
-
-# then deletes 'br-void' and 'br-vtep-void', should see 'br-vtep_lswitch0'
-# bound correctly.
-AT_CHECK([ovn-nbctl ls-del br-void])
-# adds another vtep pswitch 'br-vtep-void' in vtep database.
-AT_CHECK([vtep-ctl del-ps br-vtep-void])
-OVS_WAIT_UNTIL([test -z "`ovn-sbctl list Port_Binding | grep br-vtep-void_lswitch0`"])
-chassis_uuid=$(ovn-sbctl --columns=_uuid list Chassis br-vtep | cut -d ':' -f2 | tr -d ' ')
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=chassis list Port_Binding br-vtep_lswitch0 | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-${chassis_uuid}
-])
-
-OVN_CONTROLLER_VTEP_STOP([/has already been associated with logical datapath/d])
-AT_CLEANUP
-
-
-# Tests vtep module vtep logical switch tunnel key update.
-AT_SETUP([ovn-controller-vtep - vtep-lswitch])
-OVN_CONTROLLER_VTEP_START
-
-# creates the logical switch in vtep and adds the corresponding logical
-# port to 'br-test'.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0])
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0], [br-vtep], [lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep -- br-vtep_lswitch0`"])
-
-# retrieves the expected tunnel key.
-datapath_uuid=$(ovn-sbctl --columns=datapath list Port_Binding br-vtep_lswitch0 | cut -d ':' -f2 | tr -d ' ')
-tunnel_key=$(ovn-sbctl --columns=tunnel_key list Datapath_Binding ${datapath_uuid} | cut -d ':' -f2 | tr -d ' ')
-OVS_WAIT_UNTIL([test -z "`vtep-ctl --columns=tunnel_key list Logical_Switch | grep 0`"])
-# checks the vtep logical switch tunnel key configuration.
-AT_CHECK_UNQUOTED([vtep-ctl --columns=tunnel_key list Logical_Switch | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-${tunnel_key}
-])
-
-# creates a second physical switch in vtep database, and binds its p0 vlan-100
-# to the same logical switch 'lswitch0'.
-AT_CHECK([vtep-ctl add-ps br-vtep-void -- add-port br-vtep-void p0 -- bind-ls br-vtep-void p0 100 lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl --columns=name list Chassis | grep -- br-vtep-void`"])
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep-void_lswitch0], [br-vtep-void], [lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep -- br-vtep-void_lswitch0`"])
-
-# checks the vtep logical switch tunnel key configuration.
-AT_CHECK_UNQUOTED([vtep-ctl --columns=tunnel_key list Logical_Switch | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-${tunnel_key}
-])
-
-# now, deletes br-vtep-void.
-AT_CHECK([vtep-ctl del-ps br-vtep-void])
-OVS_WAIT_UNTIL([test -z "`ovn-sbctl --columns=name list Chassis | grep -- br-vtep-void`"])
-# checks the vtep logical switch tunnel key configuration.
-AT_CHECK_UNQUOTED([vtep-ctl --columns=tunnel_key list Logical_Switch | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-${tunnel_key}
-])
-
-# changes the ovn-nb logical port type so that it is no longer
-# vtep port.
-AT_CHECK([ovn-nbctl lsp-set-type br-vtep_lswitch0 ""])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl --columns=tunnel_key list Logical_Switch | grep 1`"])
-# now should see the tunnel key reset.
-AT_CHECK([vtep-ctl --columns=tunnel_key list Logical_Switch | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-0
-])
-
-OVN_CONTROLLER_VTEP_STOP
-AT_CLEANUP
-
-
-# Tests vtep module 'Ucast_Macs_Remote's.
-AT_SETUP([ovn-controller-vtep - vtep-macs 1])
-OVN_CONTROLLER_VTEP_START
-
-# creates a simple logical network with the vtep device and a fake hv chassis
-# 'ch0'.
-AT_CHECK([ovn-nbctl lsp-add br-test vif0])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-nbctl --timeout=10 --wait=sb sync])
-AT_CHECK([ovn-sbctl chassis-add ch0 vxlan 1.2.3.5])
-AT_CHECK([ovn-sbctl lsp-bind vif0 ch0])
-
-# creates the logical switch in vtep and adds the corresponding logical
-# port to 'br-test'.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0])
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0], [br-vtep], [lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep br-vtep_lswitch0`"])
-
-# adds another lswitch 'br-void' in ovn-nb database.
-AT_CHECK([ovn-nbctl ls-add br-void])
-# adds fake hv chassis 'ch1'.
-AT_CHECK([ovn-nbctl lsp-add br-void vif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif1 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-nbctl --timeout=10 --wait=sb sync])
-AT_CHECK([ovn-sbctl chassis-add ch1 vxlan 1.2.3.6])
-AT_CHECK([ovn-sbctl lsp-bind vif1 ch1])
-
-# checks Ucast_Macs_Remote creation.
-OVS_WAIT_UNTIL([test -n "`vtep-ctl list Ucast_Macs_Remote | grep _uuid`"])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' '], [0], [dnl
-"f0:ab:cd:ef:01:02"
-])
-
-# checks physical locator creation.
-OVS_WAIT_UNTIL([test -n "`vtep-ctl list Physical_Locator | grep _uuid`"])
-AT_CHECK([vtep-ctl --columns=dst_ip list Physical_Locator | cut -d ':' -f2 | tr -d ' ' | grep -v 1.2.3.4 | sed '/^$/d'], [0], [dnl
-"1.2.3.5"
-])
-
-# checks tunnel creation by ovs-vtep.
-OVS_WAIT_UNTIL([test -n "`ovs-vsctl list Interface bfd1.2.3.5`"])
-AT_CHECK([ovs-vsctl --columns=options list Interface bfd1.2.3.5 | cut -d ':' -f2 | tr -d ' '], [0], [dnl
-{remote_ip="1.2.3.5"}
-])
-
-# adds another mac to logical switch port.
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0 f0:ab:cd:ef:01:02 f0:ab:cd:ef:01:03])
-OVS_WAIT_UNTIL([test -n "`vtep-ctl list Ucast_Macs_Remote | grep 03`"])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' ' | sort], [0], [dnl
-
-"f0:ab:cd:ef:01:02"
-"f0:ab:cd:ef:01:03"
-])
-
-# removes one mac to logical switch port.
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0 f0:ab:cd:ef:01:03])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl --columns=MAC list Ucast_Macs_Remote | grep 02`"])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' ' | sort], [0], [dnl
-"f0:ab:cd:ef:01:03"
-])
-
-# migrates mac to logical switch port vif1 on 'br-void'.
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif1 f0:ab:cd:ef:01:03])
-OVS_WAIT_UNTIL([test -z "`vtep-ctl --columns=MAC list Ucast_Macs_Remote | grep 03`"])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' ' | sort], [0], [dnl
-])
-
-OVN_CONTROLLER_VTEP_STOP
-AT_CLEANUP
-
-
-# Tests vtep module 'Ucast_Macs_Remote's (corner cases).
-AT_SETUP([ovn-controller-vtep - vtep-macs 2])
-OVN_CONTROLLER_VTEP_START
-
-# creates a simple logical network with the vtep device and a fake hv chassis
-# 'ch0'.
-AT_CHECK([ovn-nbctl lsp-add br-test vif0])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-nbctl --timeout=10 --wait=sb sync])
-AT_CHECK([ovn-sbctl chassis-add ch0 vxlan 1.2.3.5])
-AT_CHECK([ovn-sbctl lsp-bind vif0 ch0])
-
-# creates another vif in the same logical switch with duplicate mac.
-AT_CHECK([ovn-nbctl lsp-add br-test vif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif1 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-nbctl --timeout=10 --wait=sb sync])
-AT_CHECK([ovn-sbctl lsp-bind vif1 ch0])
-
-# creates the logical switch in vtep and adds the corresponding logical
-# port to 'br-test'.
-AT_CHECK([vtep-ctl add-ls lswitch0 -- bind-ls br-vtep p0 100 lswitch0])
-OVN_NB_ADD_VTEP_PORT([br-test], [br-vtep_lswitch0], [br-vtep], [lswitch0])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep br-vtep_lswitch0`"])
-
-# checks Ucast_Macs_Remote creation. Should still only be one entry, since duplicate
-# mac in the same logical switch is not allowed.
-OVS_WAIT_UNTIL([test -n "`vtep-ctl list Ucast_Macs_Remote | grep _uuid`"])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' '], [0], [dnl
-"f0:ab:cd:ef:01:02"
-])
-# confirms the warning log.
-OVS_WAIT_UNTIL([test -n "`grep WARN ovn-controller-vtep.log`"])
-AT_CHECK([sed -n 's/^.*\(|WARN|.*\)$/\1/p' ovn-controller-vtep.log | sed 's/([[-_:0-9a-z]][[-_:0-9a-z]]*)/()/g' | uniq], [0], [dnl
-|WARN|MAC address () has already been known to be on logical port () in the same logical datapath, so just ignore this logical port ()
-])
-
-# deletes vif1.
-AT_CHECK([ovn-nbctl lsp-del vif1])
-
-# adds another lswitch 'br-void' in ovn-nb database.
-AT_CHECK([ovn-nbctl ls-add br-void])
-# adds fake hv chassis 'ch1' and vif1 with same mac address as vif0.
-AT_CHECK([ovn-nbctl lsp-add br-void vif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif1 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-nbctl --timeout=10 --wait=sb sync])
-AT_CHECK([ovn-sbctl chassis-add ch1 vxlan 1.2.3.6])
-AT_CHECK([ovn-sbctl lsp-bind vif1 ch1])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep vif1`"])
-
-# creates another logical switch in vtep and adds the corresponding logical
-# port to 'br-void'.
-AT_CHECK([vtep-ctl add-ls lswitch1 -- bind-ls br-vtep p0 200 lswitch1])
-OVN_NB_ADD_VTEP_PORT([br-void], [br-void_lswitch1], [br-vtep], [lswitch1])
-OVS_WAIT_UNTIL([test -n "`ovn-sbctl list Port_Binding | grep br-void_lswitch1`"])
-
-# checks Ucast_Macs_Remote creation. Should see two entries since it is allowed
-# to have duplicate macs in different logical switches.
-OVS_WAIT_UNTIL([test `vtep-ctl --columns=MAC list Ucast_Macs_Remote | grep 02 | wc -l` -gt 1])
-AT_CHECK([vtep-ctl --columns=MAC list Ucast_Macs_Remote | cut -d ':' -f2- | tr -d ' ' | sort], [0], [dnl
-
-"f0:ab:cd:ef:01:02"
-"f0:ab:cd:ef:01:02"
-])
-
-OVN_CONTROLLER_VTEP_STOP([/has already been known to be on logical port/d])
-AT_CLEANUP
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
deleted file mode 100644
index 343c2abed49..00000000000
--- a/tests/ovn-controller.at
+++ /dev/null
@@ -1,294 +0,0 @@
-AT_BANNER([ovn-controller])
-
-AT_SETUP([ovn-controller - ovn-bridge-mappings])
-AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0 \
- -- add-br br-eth1 \
- -- add-br br-eth2
-ovn_attach n1 br-phys 192.168.0.1
-
-# Waits until the OVS database contains exactly the specified patch ports.
-# Each argument should be of the form BRIDGE PORT PEER.
-check_patches () {
- # Generate code to check that the set of patch ports is exactly as
- # specified.
- echo 'ovs-vsctl -f csv -d bare --no-headings --columns=name find Interface type=patch | sort' > query
- for patch
- do
- echo $patch
- done | cut -d' ' -f 2 | sort > expout
-
- # Generate code to verify that the configuration of each patch
- # port is correct.
- for patch
- do
- set $patch; bridge=$1 port=$2 peer=$3
- echo >>query "ovs-vsctl iface-to-br $port -- get Interface $port type options"
- echo >>expout "$bridge
-patch
-{peer=$peer}"
- done
-
- # Run the query until we get the expected result (or until a timeout).
- #
- # (We use sed to drop all "s from output because ovs-vsctl quotes some
- # of the port names but not others.)
- AT_CAPTURE_FILE([query])
- AT_CAPTURE_FILE([expout])
- AT_CAPTURE_FILE([stdout])
- OVS_WAIT_UNTIL([. ./query | sed 's/"//g' > stdout #"
- diff -u stdout expout >/dev/null])
-}
-
-# Make sure that the configured bridge mappings in the Open_vSwitch db
-# is mirrored into the Chassis record in the OVN_Southbound db.
-check_bridge_mappings () {
- local_mappings=$1
- sysid=$(ovs-vsctl get Open_vSwitch . external_ids:system-id)
- OVS_WAIT_UNTIL([test x"${local_mappings}" = x$(ovn-sbctl get Chassis ${sysid} external_ids:ovn-bridge-mappings | sed -e 's/\"//g')])
-}
-
-# Initially there should be no patch ports.
-check_patches
-
-# Configure two ovn-bridge mappings, but no patch ports should be created yet
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0,physnet2:br-eth1])
-check_bridge_mappings "physnet1:br-eth0,physnet2:br-eth1"
-check_patches
-
-# Create a localnet port, but we should still have no patch ports, as they
-# won't be created until there's a localnet port on a logical switch with
-# another logical port bound to this chassis.
-ovn-sbctl \
- -- --id=@dp101 create Datapath_Binding tunnel_key=101 \
- -- create Port_Binding datapath=@dp101 logical_port=localnet1 tunnel_key=1 \
- type=localnet options:network_name=physnet1
-check_patches
-
-# Create a localnet port on a logical switch with a port bound to this chassis.
-# Now we should get some patch ports created.
-ovn-sbctl \
- -- --id=@dp102 create Datapath_Binding tunnel_key=102 \
- -- create Port_Binding datapath=@dp102 logical_port=localnet2 tunnel_key=1 \
- type=localnet options:network_name=physnet1 \
- -- create Port_Binding datapath=@dp102 logical_port=localvif2 tunnel_key=2
-ovs-vsctl add-port br-int localvif2 -- set Interface localvif2 external_ids:iface-id=localvif2
-check_patches \
- 'br-int patch-br-int-to-localnet2 patch-localnet2-to-br-int' \
- 'br-eth0 patch-localnet2-to-br-int patch-br-int-to-localnet2'
-
-# Add logical patch ports to connect new logical datapath.
-#
-# OVN no longer uses OVS patch ports to implement logical patch ports, so
-# the set of OVS patch ports doesn't change.
-AT_CHECK([ovn-sbctl \
- -- --id=@dp1 create Datapath_Binding tunnel_key=1 \
- -- --id=@dp2 create Datapath_Binding tunnel_key=2 \
- -- create Port_Binding datapath=@dp1 logical_port=foo tunnel_key=1 type=patch options:peer=bar \
- -- create Port_Binding datapath=@dp2 logical_port=bar tunnel_key=2 type=patch options:peer=foo \
- -- create Port_Binding datapath=@dp1 logical_port=dp1vif tunnel_key=3 \
-| uuidfilt], [0], [<0>
-<1>
-<2>
-<3>
-<4>
-])
-ovs-vsctl add-port br-int dp1vif -- set Interface dp1vif external_ids:iface-id=dp1vif
-check_patches \
- 'br-int patch-br-int-to-localnet2 patch-localnet2-to-br-int' \
- 'br-eth0 patch-localnet2-to-br-int patch-br-int-to-localnet2'
-
-# Delete the mapping and the ovn-bridge-mapping patch ports should go away.
-AT_CHECK([ovs-vsctl remove Open_vSwitch . external-ids ovn-bridge-mappings])
-check_bridge_mappings
-check_patches
-
-# Gracefully terminate daemons
-OVN_CLEANUP_SBOX([hv])
-OVN_CLEANUP_VSWITCH([main])
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-AT_CLEANUP
-
-# Checks that ovn-controller populates datapath-type and iface-types
-# correctly in the Chassis external-ids column.
-AT_SETUP([ovn-controller - Chassis external_ids])
-AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
-
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0 \
- -- add-br br-eth1 \
- -- add-br br-eth2
-ovn_attach n1 br-phys 192.168.0.1
-
-sysid=$(ovs-vsctl get Open_vSwitch . external_ids:system-id)
-
-# Make sure that the datapath_type set in the Bridge table
-# is mirrored into the Chassis record in the OVN_Southbound db.
-check_datapath_type () {
- datapath_type=$1
- chassis_datapath_type=$(ovn-sbctl get Chassis ${sysid} external_ids:datapath-type | sed -e 's/"//g') #"
- test "${datapath_type}" = "${chassis_datapath_type}"
-}
-
-OVS_WAIT_UNTIL([check_datapath_type ""])
-
-ovs-vsctl set Bridge br-int datapath-type=foo
-OVS_WAIT_UNTIL([check_datapath_type foo])
-
-# Change "ovn-bridge-mappings" value. It should not change the "datapath-type".
-ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-mappings=foo-mapping
-check_datapath_type foo
-
-ovs-vsctl set Bridge br-int datapath-type=bar
-OVS_WAIT_UNTIL([check_datapath_type bar])
-
-ovs-vsctl set Bridge br-int datapath-type=\"\"
-OVS_WAIT_UNTIL([check_datapath_type ""])
-
-# Set the datapath_type in external_ids:ovn-bridge-datapath-type.
-ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-datapath-type=foo
-OVS_WAIT_UNTIL([check_datapath_type foo])
-
-# Change the br-int's datapath type to bar.
-# It should be reset to foo since ovn-bridge-datapath-type is configured.
-ovs-vsctl set Bridge br-int datapath-type=bar
-OVS_WAIT_UNTIL([test foo=`ovs-vsctl get Bridge br-int datapath-type`])
-OVS_WAIT_UNTIL([check_datapath_type foo])
-
-ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-datapath-type=foobar
-OVS_WAIT_UNTIL([test foobar=`ovs-vsctl get Bridge br-int datapath-type`])
-OVS_WAIT_UNTIL([check_datapath_type foobar])
-
-expected_iface_types=$(ovs-vsctl get Open_vSwitch . iface_types | tr -d '[[]] ""')
-echo "expected_iface_types = ${expected_iface_types}"
-chassis_iface_types=$(ovn-sbctl get Chassis ${sysid} external_ids:iface-types | sed -e 's/\"//g')
-echo "chassis_iface_types = ${chassis_iface_types}"
-AT_CHECK([test "${expected_iface_types}" = "${chassis_iface_types}"])
-
-# Change the value of external_ids:iface-types using ovn-sbctl.
-# ovn-controller should again set it back to proper one.
-ovn-sbctl set Chassis ${sysid} external_ids:iface-types="foo"
-OVS_WAIT_UNTIL([
- chassis_iface_types=$(ovn-sbctl get Chassis ${sysid} external_ids:iface-types | sed -e 's/\"//g')
- echo "chassis_iface_types = ${chassis_iface_types}"
- test "${expected_iface_types}" = "${chassis_iface_types}"
-])
-
-# Change the value of external_ids:system-id and make sure it's mirrored
-# in the Chassis record in the OVN_Southbound database.
-sysid=${sysid}-foo
-ovs-vsctl set Open_vSwitch . external-ids:system-id="${sysid}"
-OVS_WAIT_UNTIL([
- chassis_id=$(ovn-sbctl get Chassis "${sysid}" name)
- test "${sysid}" = "${chassis_id}"
-])
-
-# Gracefully terminate daemons
-OVN_CLEANUP_SBOX([hv])
-OVN_CLEANUP_VSWITCH([main])
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-AT_CLEANUP
-
-# Checks that ovn-controller correctly maintains the mapping from the Encap
-# table in the Southbound database to OVS in the face of changes on both sides
-AT_SETUP([ovn-controller - change Encap properties])
-AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
-
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0 \
- -- add-br br-eth1 \
- -- add-br br-eth2
-ovn_attach n1 br-phys 192.168.0.1
-
-check_tunnel_property () {
- test "`ovs-vsctl get interface ovn-fakech-0 $1`" = "$2"
-}
-
-# Start off with a remote chassis supporting STT
-ovn-sbctl chassis-add fakechassis stt 192.168.0.2
-OVS_WAIT_UNTIL([check_tunnel_property type stt])
-
-# See if we switch to Geneve as the first choice when it is available
-# With multi-VTEP support we support tunnels with different IPs to the
-# same chassis, and hence use the IP to annotate the tunnel (along with
-# the chassis-id in ovn-chassis-id); if we supply a different IP here
-# we won't be able to co-relate this to the tunnel port that was created
-# in the previous step and, as a result, will end up creating another tunnel,
-# ie. we can't just lookup using "ovn-fakech-0". So, need to use the same IP
-# as above, i.e 192.168.0.2, here.
-encap_uuid=$(ovn-sbctl add chassis fakechassis encaps @encap -- --id=@encap create encap type=geneve ip="192.168.0.2")
-OVS_WAIT_UNTIL([check_tunnel_property type geneve])
-
-# Check that changes within an encap row are propagated
-ovn-sbctl set encap ${encap_uuid} ip=192.168.0.2
-OVS_WAIT_UNTIL([check_tunnel_property options:remote_ip "\"192.168.0.2\""])
-
-# Change the type on the OVS side and check than OVN fixes it
-ovs-vsctl set interface ovn-fakech-0 type=vxlan
-OVS_WAIT_UNTIL([check_tunnel_property type geneve])
-
-# Delete the port entirely and it should be resurrected
-ovs-vsctl del-port ovn-fakech-0
-OVS_WAIT_UNTIL([check_tunnel_property type geneve])
-
-# Gracefully terminate daemons
-OVN_CLEANUP_SBOX([hv])
-OVN_CLEANUP_VSWITCH([main])
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-AT_CLEANUP
-
-# Check ovn-controller connection status to Southbound database
-AT_SETUP([ovn-controller - check sbdb connection])
-AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
-
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0 \
- -- add-br br-eth1 \
- -- add-br br-eth2
-ovn_attach n1 br-phys 192.168.0.1
-
-check_sbdb_connection () {
- test "$(ovs-appctl -t ovn-controller connection-status)" = "$1"
-}
-
-OVS_WAIT_UNTIL([check_sbdb_connection connected])
-
-ovs-vsctl set open . external_ids:ovn-remote=tcp:192.168.0.10:6642
-OVS_WAIT_UNTIL([check_sbdb_connection 'not connected'])
-
-# reset the remote for clean-up
-ovs-vsctl set open . external_ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock
-# Gracefully terminate daemons
-OVN_CLEANUP_SBOX([hv])
-OVN_CLEANUP_VSWITCH([main])
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-AT_CLEANUP
diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
deleted file mode 100644
index 7dba42c9989..00000000000
--- a/tests/ovn-macros.at
+++ /dev/null
@@ -1,180 +0,0 @@
-# OVN_CLEANUP_VSWITCH(sim)
-#
-# Gracefully terminate vswitch daemons in the
-# specified sandbox.
-m4_define([OVN_CLEANUP_VSWITCH],[
- as $1
- OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
- OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-])
-
-# OVN_CLEANUP_SBOX(sbox)
-#
-# Gracefully terminate OVN daemons in the specified
-# sandbox instance. The sandbox name "vtep" is treated
-# as a special case, and is assumed to have ovn-controller-vtep
-# and ovs-vtep daemons running instead of ovn-controller.
-m4_define([OVN_CLEANUP_SBOX],[
- as $1
- if test "$1" = "vtep"; then
- OVS_APP_EXIT_AND_WAIT([ovn-controller-vtep])
- OVS_APP_EXIT_AND_WAIT([ovs-vtep])
- else
- OVS_APP_EXIT_AND_WAIT([ovn-controller])
- fi
- OVN_CLEANUP_VSWITCH([$1])
-])
-
-# OVN_CLEANUP(sim [, sim ...])
-#
-# Gracefully terminate all OVN daemons, including those in the
-# specified sandbox instances.
-m4_define([OVN_CLEANUP],[
- m4_foreach([sbox], [$@], [
- OVN_CLEANUP_SBOX([sbox])
- ])
- as ovn-sb
- OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
- as ovn-nb
- OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
- as northd
- OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
- as northd-backup
- OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
- OVN_CLEANUP_VSWITCH([main])
-])
-
-m4_divert_push([PREPARE_TESTS])
-
-# ovn_init_db DATABASE
-#
-# Creates and initializes the given DATABASE (one of "ovn-sb" or "ovn-nb"),
-# starts its ovsdb-server instance, and sets the appropriate environment
-# variable (OVN_SB_DB or OVN_NB_DB) so that ovn-sbctl or ovn-nbctl uses the
-# database by default.
-#
-# Usually invoked from ovn_start.
-ovn_init_db () {
- echo "creating $1 database"
- local d=$ovs_base/$1
- mkdir "$d" || return 1
- : > "$d"/.$1.db.~lock~
- as $1 ovsdb-tool create "$d"/$1.db "$abs_top_srcdir"/ovn/$1.ovsschema
- as $1 start_daemon ovsdb-server --remote=punix:"$d"/$1.sock "$d"/$1.db
- local var=`echo $1_db | tr a-z- A-Z_`
- AS_VAR_SET([$var], [unix:$ovs_base/$1/$1.sock]); export $var
-}
-
-# ovn_start
-#
-# Creates and initializes ovn-sb and ovn-nb databases and starts their
-# ovsdb-server instance, sets appropriate environment variables so that
-# ovn-sbctl and ovn-nbctl use them by default, and starts ovn-northd running
-# against them.
-ovn_start () {
- ovn_init_db ovn-sb; ovn-sbctl init
- ovn_init_db ovn-nb; ovn-nbctl init
-
- echo "starting ovn-northd"
- mkdir "$ovs_base"/northd
- as northd start_daemon ovn-northd -v \
- --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock \
- --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-
- echo "starting backup ovn-northd"
- mkdir "$ovs_base"/northd-backup
- as northd-backup start_daemon ovn-northd -v \
- --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock \
- --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-}
-
-# Interconnection networks.
-#
-# When multiple sandboxed Open vSwitch instances exist, one will inevitably
-# want to connect them together. These commands allow for that. Conceptually,
-# an interconnection network is a switch for which these functions make it easy
-# to plug into other switches in other sandboxed Open vSwitch instances.
-# Interconnection networks are implemented as bridges in a switch named "main",
-# so to use interconnection networks please avoid working with that switch
-# directly.
-
-# net_add NETWORK
-#
-# Creates a new interconnection network named NETWORK.
-net_add () {
- test -d "$ovs_base"/main || sim_add main || return 1
- as main ovs-vsctl add-br "$1"
-}
-
-# net_attach NETWORK BRIDGE
-#
-# Adds a new port to BRIDGE in the default sandbox (as set with as()) and plugs
-# it into the NETWORK interconnection network. NETWORK must already have been
-# created by a previous invocation of net_add. The default sandbox must not be
-# "main".
-net_attach () {
- local net=$1 bridge=$2
-
- local port=${sandbox}_$bridge
- as main ovs-vsctl \
- -- add-port $net $port \
- -- set Interface $port options:pstream="punix:$ovs_base/main/$port.sock" options:rxq_pcap="$ovs_base/main/$port-rx.pcap" options:tx_pcap="$ovs_base/main/$port-tx.pcap" \
- || return 1
-
- ovs-vsctl \
- -- set Interface $bridge options:tx_pcap="$ovs_base/$sandbox/$bridge-tx.pcap" options:rxq_pcap="$ovs_base/$sandbox/$bridge-rx.pcap" \
- -- add-port $bridge ${bridge}_$net \
- -- set Interface ${bridge}_$net options:stream="unix:$ovs_base/main/$port.sock" options:rxq_pcap="$ovs_base/$sandbox/${bridge}_$net-rx.pcap" options:tx_pcap="$ovs_base/$sandbox/${bridge}_$net-tx.pcap" \
- || return 1
-}
-
-# ovn_attach NETWORK BRIDGE IP [MASKLEN]
-#
-# First, this command attaches BRIDGE to interconnection network NETWORK, just
-# like "net_attach NETWORK BRIDGE". Second, it configures (simulated) IP
-# address IP (with network mask length MASKLEN, which defaults to 24) on
-# BRIDGE. Finally, it configures the Open vSwitch database to work with OVN
-# and starts ovn-controller.
-ovn_attach() {
- local net=$1 bridge=$2 ip=$3 masklen=${4-24}
- net_attach $net $bridge || return 1
-
- mac=`ovs-vsctl get Interface $bridge mac_in_use | sed s/\"//g`
- arp_table="$arp_table $sandbox,$bridge,$ip,$mac"
- ovs-appctl netdev-dummy/ip4addr $bridge $ip/$masklen >/dev/null || return 1
- ovs-appctl ovs/route/add $ip/$masklen $bridge >/dev/null || return 1
- ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=$sandbox \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve,vxlan \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=$ip \
- -- add-br br-int \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true \
- || return 1
- start_daemon ovn-controller || return 1
-}
-
-# OVN_POPULATE_ARP
-#
-# This pre-populates the ARP tables of all of the OVN instances that have been
-# started with ovn_attach(). That means that packets sent from one hypervisor
-# to another never get dropped or delayed by ARP resolution, which makes
-# testing easier.
-ovn_populate_arp__() {
- for e1 in $arp_table; do
- set `echo $e1 | sed 's/,/ /g'`; sb1=$1 br1=$2 ip=$3 mac=$4
- for e2 in $arp_table; do
- set `echo $e2 | sed 's/,/ /g'`; sb2=$1 br2=$2
- if test $sb1,$br1 != $sb2,$br2; then
- as $sb2 ovs-appctl tnl/neigh/set $br2 $ip $mac || return 1
- fi
- done
- done
-}
-m4_divert_pop([PREPARE_TESTS])
-
-m4_define([OVN_POPULATE_ARP], [AT_CHECK(ovn_populate_arp__, [0], [ignore])])
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
deleted file mode 100644
index d99d3af9b0c..00000000000
--- a/tests/ovn-nbctl.at
+++ /dev/null
@@ -1,1660 +0,0 @@
-AT_BANNER([ovn-nbctl])
-
-OVS_START_SHELL_HELPERS
-# OVN_NBCTL_TEST_START
-m4_define([OVN_NBCTL_TEST_START],
- [AT_KEYWORDS([ovn])
- AT_CAPTURE_FILE([ovsdb-server.log])
- ovn_nbctl_test_start $1])
-ovn_nbctl_test_start() {
- dnl Create ovn-nb database.
- AT_CHECK([ovsdb-tool create ovn-nb.db $abs_top_srcdir/ovn/ovn-nb.ovsschema])
-
- dnl Start ovsdb-server.
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file --remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db], [0], [], [stderr])
- on_exit "kill `cat ovsdb-server.pid`"
- AS_CASE([$1],
- [daemon],
- [export OVN_NB_DAEMON=$(ovn-nbctl --pidfile --detach --no-chdir --log-file -vsocket_util:off)
- on_exit "kill `cat ovn-nbctl.pid`"],
- [direct], [],
- [*], [AT_FAIL_IF(:)])
- AT_CHECK([ovn-nbctl init])
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d
-/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
-}
-
-# OVN_NBCTL_TEST_STOP
-m4_define([OVN_NBCTL_TEST_STOP], [ovn_nbctl_test_stop])
-ovn_nbctl_test_stop() {
- AT_CHECK([check_logs "$1"])
- OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-}
-OVS_END_SHELL_HELPERS
-
-# OVN_NBCTL_TEST(NAME, TITLE, COMMANDS)
-m4_define([OVN_NBCTL_TEST],
- [OVS_START_SHELL_HELPERS
- $1() {
- $3
- }
- OVS_END_SHELL_HELPERS
-
- AT_SETUP([ovn-nbctl - $2 - direct])
- OVN_NBCTL_TEST_START direct
- $1
- OVN_NBCTL_TEST_STOP
- AT_CLEANUP
-
- AT_SETUP([ovn-nbctl - $2 - daemon])
- OVN_NBCTL_TEST_START daemon
- $1
- OVN_NBCTL_TEST_STOP
- AT_CLEANUP])
-
-OVN_NBCTL_TEST([ovn_nbctl_basic_switch], [basic switch commands], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
-<0> (ls0)
-])
-
-AT_CHECK([ovn-nbctl ls-add ls1])
-AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
-<0> (ls0)
-<1> (ls1)
-])
-
-AT_CHECK([ovn-nbctl ls-del ls0])
-AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
-<0> (ls1)
-])
-
-AT_CHECK([ovn-nbctl show ls0])
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0],
- [switch <0> (ls0)
-])
-AT_CHECK([ovn-nbctl ls-add ls0], [1], [],
- [ovn-nbctl: ls0: a switch with this name already exists
-])
-AT_CHECK([ovn-nbctl --may-exist ls-add ls0])
-AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0],
- [switch <0> (ls0)
-])
-AT_CHECK([ovn-nbctl --add-duplicate ls-add ls0])
-AT_CHECK([ovn-nbctl --may-exist --add-duplicate ls-add ls0], [1], [],
- [ovn-nbctl: --may-exist and --add-duplicate may not be used together
-])
-AT_CHECK([ovn-nbctl ls-del ls0], [1], [],
- [ovn-nbctl: Multiple logical switches named 'ls0'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl ls-del ls2], [1], [],
- [ovn-nbctl: ls2: switch name not found
-])
-AT_CHECK([ovn-nbctl --if-exists ls-del ls2])
-
-AT_CHECK([ovn-nbctl ls-add])
-AT_CHECK([ovn-nbctl ls-add])
-AT_CHECK([ovn-nbctl --add-duplicate ls-add], [1], [],
- [ovn-nbctl: --add-duplicate requires specifying a name
-])
-AT_CHECK([ovn-nbctl --may-exist ls-add], [1], [],
- [ovn-nbctl: --may-exist requires specifying a name
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_basic_lsp], [basic logical switch port commands], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0], [1], [],
- [ovn-nbctl: lp0: a port with this name already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls0 lp0])
-AT_CHECK([ovn-nbctl lsp-list ls0 | uuidfilt], [0], [dnl
-<0> (lp0)
-])
-
-AT_CHECK([ovn-nbctl lsp-add ls0 lp1])
-AT_CHECK([ovn-nbctl lsp-list ls0 | uuidfilt], [0], [dnl
-<0> (lp0)
-<1> (lp1)
-])
-
-AT_CHECK([ovn-nbctl ls-add ls1])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp1], [1], [],
- [ovn-nbctl: lp1: a port with this name already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls1 lp1], [1], [],
- [ovn-nbctl: lp1: port already exists but in switch ls0
-])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls0 lp1 lp0 5], [1], [],
- [ovn-nbctl: lp1: port already exists but has no parent
-])
-
-AT_CHECK([ovn-nbctl lsp-del lp1])
-AT_CHECK([ovn-nbctl lsp-list ls0 | uuidfilt], [0], [dnl
-<0> (lp0)
-])
-
-AT_CHECK([ovn-nbctl lsp-add ls0 lp2 lp3 5])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls0 lp2 lp4 5], [1], [],
- [ovn-nbctl: lp2: port already exists with different parent lp3
-])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls0 lp2 lp3 10], [1], [],
- [ovn-nbctl: lp2: port already exists with different tag_request 5
-])
-AT_CHECK([ovn-nbctl clear Logical_Switch_Port lp2 tag_request])
-AT_CHECK([ovn-nbctl --may-exist lsp-add ls0 lp2 lp3 5], [1], [],
- [ovn-nbctl: lp2: port already exists but has no tag_request
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lsp_get_ls], [lsp get ls], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-
-AT_CHECK([ovn-nbctl lsp-get-ls lp0 | uuidfilt], [0], [dnl
-<0> (ls0)
-])
-
-AT_CHECK([ovn-nbctl lsp-get-ls lp1], [1], [],
- [ovn-nbctl: lp1: port name not found
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lport_addresses], [lport addresses], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-AT_CHECK([ovn-nbctl lsp-get-addresses lp0], [0], [dnl
-])
-
-AT_CHECK([ovn-nbctl lsp-set-addresses lp0 00:11:22:33:44:55 unknown])
-AT_CHECK([ovn-nbctl lsp-get-addresses lp0], [0], [dnl
-00:11:22:33:44:55
-unknown
-])
-
-AT_CHECK([ovn-nbctl lsp-set-addresses lp0])
-AT_CHECK([ovn-nbctl lsp-get-addresses lp0], [0], [dnl
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_port_security], [port security], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-AT_CHECK([ovn-nbctl lsp-get-addresses lp0], [0], [dnl
-])
-
-AT_CHECK([ovn-nbctl lsp-set-port-security lp0 aa:bb:cc:dd:ee:ff 00:11:22:33:44:55])
-AT_CHECK([ovn-nbctl lsp-get-port-security lp0], [0], [dnl
-00:11:22:33:44:55
-aa:bb:cc:dd:ee:ff
-])
-
-AT_CHECK([ovn-nbctl lsp-set-port-security lp0])
-AT_CHECK([ovn-nbctl lsp-get-port-security lp0], [0], [dnl
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_acls], [ACLs], [
-ovn_nbctl_test_acl() {
- AT_CHECK([ovn-nbctl $2 --log acl-add $1 from-lport 600 udp drop])
- AT_CHECK([ovn-nbctl $2 --log --name=test --severity=info acl-add $1 to-lport 500 udp drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 from-lport 400 tcp drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 300 tcp drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 from-lport 200 ip drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop])
- dnl Add duplicated ACL
- AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], [stderr])
- AT_CHECK([grep 'already existed' stderr], [0], [ignore])
- AT_CHECK([ovn-nbctl $2 --may-exist acl-add $1 to-lport 100 ip drop])
-
- AT_CHECK([ovn-nbctl $2 acl-list $1], [0], [dnl
-from-lport 600 (udp) drop log()
-from-lport 400 (tcp) drop
-from-lport 200 (ip) drop
- to-lport 500 (udp) drop log(name=test,severity=info)
- to-lport 300 (tcp) drop
- to-lport 100 (ip) drop
-])
-
- dnl Delete in one direction.
- AT_CHECK([ovn-nbctl $2 acl-del $1 to-lport])
- AT_CHECK([ovn-nbctl $2 acl-list $1], [0], [dnl
-from-lport 600 (udp) drop log()
-from-lport 400 (tcp) drop
-from-lport 200 (ip) drop
-])
-
- dnl Delete all ACLs.
- AT_CHECK([ovn-nbctl $2 acl-del $1])
- AT_CHECK([ovn-nbctl $2 acl-list $1], [0], [dnl
-])
-
- AT_CHECK([ovn-nbctl $2 acl-add $1 from-lport 600 udp drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 from-lport 400 tcp drop])
- AT_CHECK([ovn-nbctl $2 acl-add $1 from-lport 200 ip drop])
-
- dnl Delete a single flow.
- AT_CHECK([ovn-nbctl $2 acl-del $1 from-lport 400 tcp])
- AT_CHECK([ovn-nbctl $2 acl-list $1], [0], [dnl
-from-lport 600 (udp) drop
-from-lport 200 (ip) drop
-])
-}
-
-AT_CHECK([ovn-nbctl ls-add ls0])
-ovn_nbctl_test_acl ls0
-AT_CHECK([ovn-nbctl ls-add ls1])
-ovn_nbctl_test_acl ls1 --type=switch
-AT_CHECK([ovn-nbctl create port_group name=pg0], [0], [ignore])
-ovn_nbctl_test_acl pg0 --type=port-group
-
-dnl Test when port group doesn't exist
-AT_CHECK([ovn-nbctl --type=port-group acl-add pg1 to-lport 100 ip drop], [1], [], [dnl
-ovn-nbctl: pg1: port group name not found
-])
-
-dnl Test when same name exists in logical switches and portgroups
-AT_CHECK([ovn-nbctl create port_group name=ls0], [0], [ignore])
-AT_CHECK([ovn-nbctl acl-add ls0 to-lport 100 ip drop], [1], [], [stderr])
-AT_CHECK([grep 'exists in both' stderr], [0], [ignore])
-AT_CHECK([ovn-nbctl --type=port-group acl-add ls0 to-lport 100 ip drop], [0], [ignore])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_qos], [QoS], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 tcp dscp=63])
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 500 udp rate=100 burst=1000])
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 400 tcp dscp=0 rate=300 burst=3000])
-AT_CHECK([ovn-nbctl qos-add ls0 to-lport 300 tcp dscp=48])
-AT_CHECK([ovn-nbctl qos-add ls0 to-lport 200 ip rate=101])
-AT_CHECK([ovn-nbctl qos-add ls0 to-lport 100 ip4 dscp=13 rate=301 burst=30000])
-
-dnl Add duplicated qos
-AT_CHECK([ovn-nbctl qos-add ls0 to-lport 100 ip4 dscp=11 rate=302 burst=30002], [1], [], [stderr])
-AT_CHECK([grep 'already existed' stderr], [0], [ignore])
-AT_CHECK([ovn-nbctl --may-exist qos-add ls0 to-lport 100 ip4 dscp=11 rate=302 burst=30002])
-
-AT_CHECK([ovn-nbctl qos-list ls0], [0], [dnl
-from-lport 600 (tcp) dscp=63
-from-lport 500 (udp) rate=100 burst=1000
-from-lport 400 (tcp) rate=300 burst=3000 dscp=0
- to-lport 300 (tcp) dscp=48
- to-lport 200 (ip) rate=101
- to-lport 100 (ip4) rate=301 burst=30000 dscp=13
-])
-
-dnl Delete in one direction.
-AT_CHECK([ovn-nbctl qos-del ls0 to-lport])
-AT_CHECK([ovn-nbctl qos-list ls0], [0], [dnl
-from-lport 600 (tcp) dscp=63
-from-lport 500 (udp) rate=100 burst=1000
-from-lport 400 (tcp) rate=300 burst=3000 dscp=0
-])
-
-dnl Delete all qos_rules.
-AT_CHECK([ovn-nbctl qos-del ls0])
-AT_CHECK([ovn-nbctl qos-list ls0], [0], [dnl
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip rate=1000101])
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 400 tcp dscp=44])
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 200 ip burst=1000102 rate=301 dscp=19])
-
-dnl Delete a single flow.
-AT_CHECK([ovn-nbctl qos-del ls0 from-lport 400 tcp])
-AT_CHECK([ovn-nbctl qos-list ls0], [0], [dnl
-from-lport 600 (ip) rate=1000101
-from-lport 200 (ip) rate=301 burst=1000102 dscp=19
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip rate=100010111111], [1], [],
-[ovn-nbctl: 100010111111: rate must be in the range 1...4294967295
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip burst=100010111112 rate=100010], [1], [],
-[ovn-nbctl: 100010111112: burst must be in the range 1...4294967295
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip dscp=-1], [1], [],
-[ovn-nbctl: -1: dscp must be in the range 0...63
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip dscpa=-1], [1], [],
-[ovn-nbctl: dscpa=-1: supported arguments are "dscp=", "rate=", and "burst="
-])
-
-AT_CHECK([ovn-nbctl qos-add ls0 from-lport 600 ip burst=123], [1], [],
-[ovn-nbctl: Either "rate" and/or "dscp" must be specified
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_meters], [meters], [
-AT_CHECK([ovn-nbctl meter-add meter1 drop 10 kbps])
-AT_CHECK([ovn-nbctl meter-add meter2 drop 3 kbps 2])
-AT_CHECK([ovn-nbctl meter-add meter3 drop 100 kbps 200])
-AT_CHECK([ovn-nbctl meter-add meter4 drop 10 pktps 30])
-
-dnl Add duplicate meter name
-AT_CHECK([ovn-nbctl meter-add meter1 drop 10 kbps], [1], [], [stderr])
-AT_CHECK([grep 'already exists' stderr], [0], [ignore])
-
-dnl Add reserved meter name
-AT_CHECK([ovn-nbctl meter-add __meter1 drop 10 kbps], [1], [], [stderr])
-AT_CHECK([grep 'reserved' stderr], [0], [ignore])
-
-dnl Add meter with invalid rates
-AT_CHECK([ovn-nbctl meter-add meter5 drop 100010111111 kbps], [1], [],
-[ovn-nbctl: rate must be in the range 1...4294967295
-])
-
-dnl Add meter with invalid rates
-AT_CHECK([ovn-nbctl meter-add meter5 drop 100010111111 foo], [1], [],
-[ovn-nbctl: rate must be in the range 1...4294967295
-])
-
-AT_CHECK([ovn-nbctl meter-add meter5 drop 0 kbps], [1], [],
-[ovn-nbctl: rate must be in the range 1...4294967295
-])
-
-dnl Add meter with invalid burst
-AT_CHECK([ovn-nbctl meter-add meter5 drop 10 100010111111 kbps], [1], [],
-[ovn-nbctl: unit must be "kbps" or "pktps"
-])
-
-AT_CHECK([ovn-nbctl meter-list], [0], [dnl
-meter1: bands:
- drop: 10 kbps
-meter2: bands:
- drop: 3 kbps, 2 kb burst
-meter3: bands:
- drop: 100 kbps, 200 kb burst
-meter4: bands:
- drop: 10 pktps, 30 packet burst
-])
-
-dnl Delete a single meter.
-AT_CHECK([ovn-nbctl meter-del meter2])
-AT_CHECK([ovn-nbctl meter-list], [0], [dnl
-meter1: bands:
- drop: 10 kbps
-meter3: bands:
- drop: 100 kbps, 200 kb burst
-meter4: bands:
- drop: 10 pktps, 30 packet burst
-])
-
-dnl Delete all meters.
-AT_CHECK([ovn-nbctl meter-del])
-AT_CHECK([ovn-nbctl meter-list], [0], [dnl
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_nats], [NATs], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snatt 30.0.0.2 192.168.1.2], [1], [],
-[ovn-nbctl: snatt: type must be one of "dnat", "snat" and "dnat_and_snat".
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2a 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2a: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2/24 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2/24: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2:80 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2:80: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2a], [1], [],
-[ovn-nbctl: 192.168.1.2a: should be an IPv4 address or network.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1], [1], [],
-[ovn-nbctl: 192.168.1: should be an IPv4 address or network.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2:80], [1], [],
-[ovn-nbctl: 192.168.1.2:80: should be an IPv4 address or network.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2/a], [1], [],
-[ovn-nbctl: 192.168.1.2/a: should be an IPv4 address or network.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2a], [1], [],
-[ovn-nbctl: 192.168.1.2a: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1], [1], [],
-[ovn-nbctl: 192.168.1: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2:80], [1], [],
-[ovn-nbctl: 192.168.1.2:80: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2/24], [1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2/24], [1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2 lp0], [1], [],
-[ovn-nbctl: lr-nat-add with logical_port must also specify external_mac.
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2 lp0 00:00:00:01:02:03], [1], [],
-[ovn-nbctl: logical_port and external_mac are only valid when type is "dnat_and_snat".
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2 lp0 00:00:00:01:02:03], [1], [],
-[ovn-nbctl: logical_port and external_mac are only valid when type is "dnat_and_snat".
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2 lp0 00:00:00:01:02:03], [1], [],
-[ovn-nbctl: lp0: port name not found
-])
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2 lp0 00:00:00:01:02], [1], [],
-[ovn-nbctl: invalid mac address 00:00:00:01:02.
-])
-
-dnl Add snat and dnat
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.1 192.168.1.2])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.2])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:01:02:03])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
-TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
-dnat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:01:02:03 lp0
-snat 30.0.0.1 192.168.1.0/24
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24], [1], [],
-[ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and logical_ip already exists
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.10/24], [1], [],
-[ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and logical_ip already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.0/24], [1], [],
-[ovn-nbctl: a NAT with this type (snat) and logical_ip (192.168.1.0/24) already exists
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.1 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.1, 192.168.1.2: a NAT with this external_ip and logical_ip already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat 30.0.0.1 192.168.1.2])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.1 192.168.1.3], [1], [],
-[ovn-nbctl: a NAT with this type (dnat) and external_ip (30.0.0.1) already exists
-])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.1, 192.168.1.2: a NAT with this external_ip and logical_ip already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.2])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.3], [1], [],
-[ovn-nbctl: a NAT with this type (dnat_and_snat) and external_ip (30.0.0.1) already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:04:05:06])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
-TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
-dnat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:04:05:06 lp0
-snat 30.0.0.1 192.168.1.0/24
-])
-AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
-TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
-dnat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.2 192.168.1.3
-snat 30.0.0.1 192.168.1.0/24
-])
-
-dnl Deletes the NATs
-AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat 30.0.0.3], [1], [],
-[ovn-nbctl: no matching NAT with the type (dnat_and_snat) and external_ip (30.0.0.3)
-])
-AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat 30.0.0.2], [1], [],
-[ovn-nbctl: no matching NAT with the type (dnat) and external_ip (30.0.0.2)
-])
-AT_CHECK([ovn-nbctl lr-nat-del lr0 snat 192.168.10.0/24], [1], [],
-[ovn-nbctl: no matching NAT with the type (snat) and logical_ip (192.168.10.0/24)
-])
-AT_CHECK([ovn-nbctl --if-exists lr-nat-del lr0 snat 192.168.10.0/24])
-
-AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat 30.0.0.1])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
-TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
-dnat 30.0.0.1 192.168.1.2
-dnat_and_snat 30.0.0.2 192.168.1.3
-snat 30.0.0.1 192.168.1.0/24
-])
-
-AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
-TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
-dnat_and_snat 30.0.0.2 192.168.1.3
-snat 30.0.0.1 192.168.1.0/24
-])
-
-AT_CHECK([ovn-nbctl lr-nat-del lr0])
-AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [])
-AT_CHECK([ovn-nbctl lr-nat-del lr0])
-AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lbs], [LBs], [
-dnl Add two LBs.
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10:80a 192.168.10.10:80,192.168.10.20:80 tcp], [1], [],
-[ovn-nbctl: 30.0.0.10:80a: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10:a80 192.168.10.10:80,192.168.10.20:80 tcp], [1], [],
-[ovn-nbctl: 30.0.0.10:a80: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10:80 192.168.10.10:80,192.168.10.20 tcp], [1], [],
-[ovn-nbctl: 192.168.10.20: should be an IP address and a port number with : as a separator.
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.1a 192.168.10.10:80,192.168.10.20:80], [1], [],
-[ovn-nbctl: 30.0.0.1a: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0 192.168.10.10:80,192.168.10.20:80], [1], [],
-[ovn-nbctl: 30.0.0: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10 192.168.10.10,192.168.10.20:80], [1], [],
-[ovn-nbctl: 192.168.10.20:80: should be an IP address.
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10 192.168.10.10:a80], [1], [],
-[ovn-nbctl: 192.168.10.10:a80: should be an IP address.
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10 192.168.10.10:], [1], [],
-[ovn-nbctl: 192.168.10.10:: should be an IP address.
-])
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 30.0.0.10 192.168.10.1a], [1], [],
-[ovn-nbctl: 192.168.10.1a: should be an IP address.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10: 192.168.10.10:80,192.168.10.20:80 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10 192.168.10.10 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10 192.168.10.10:900 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-dnl Add ips to lb
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10:80 ,,,192.168.10.10:80,,,,,])
-AT_CHECK([ovn-nbctl lb-add lb1 30.0.0.10:80 ,,,192.168.10.10:80,,,,192.168.10.20:80,,,,])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80
-<1> lb1 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-])
-AT_CHECK([ovn-nbctl lb-del lb0])
-AT_CHECK([ovn-nbctl lb-del lb1])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80])
-AT_CHECK([ovn-nbctl lb-add lb1 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80 tcp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-])
-
-dnl Update the VIP of the lb1.
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
-])
-
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080 udp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
-])
-
-dnl Config lb1 with another VIP.
-AT_CHECK([ovn-nbctl lb-add lb1 30.0.0.20:80 192.168.10.10:80 udp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
- udp 30.0.0.20:80 192.168.10.10:80
-])
-
-AT_CHECK([ovn-nbctl lb-del lb1 30.0.0.20:80])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
-])
-
-dnl Add LBs whose vip is just an IP address.
-AT_CHECK([ovn-nbctl lb-add lb2 30.0.0.30 192.168.10.10])
-AT_CHECK([ovn-nbctl lb-add lb3 30.0.0.30 192.168.10.10])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
-<2> lb2 tcp/udp 30.0.0.30 192.168.10.10
-<3> lb3 tcp/udp 30.0.0.30 192.168.10.10
-])
-AT_CHECK([ovn-nbctl lb-del lb2 30.0.0.30])
-AT_CHECK([ovn-nbctl lb-del lb3 30.0.0.30])
-
-AT_CHECK([ovn-nbctl lb-add lb2 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80 tcp])
-AT_CHECK([ovn-nbctl --add-duplicate lb-add lb2 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80 tcp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:8080
-<2> lb2 tcp 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80
-<3> lb2 tcp 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80
-])
-
-dnl If there are multiple load balancers with the same name, use a UUID to update/delete.
-AT_CHECK([ovn-nbctl lb-add lb2 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80 tcp], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl lb-del lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 30.0.0.10:80 192.168.10.10:8080,192.168.10.20:8080 udp])
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 30.0.0.10:8080 192.168.10.10:8080,192.168.10.20:8080 udp])
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 30.0.0.10:9090 192.168.10.10:8080,192.168.10.20:8080 udp])
-AT_CHECK([ovn-nbctl lb-del lb0 30.0.0.10:80])
-AT_CHECK([ovn-nbctl lb-del lb1])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb2 tcp 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80
-<1> lb2 tcp 30.0.0.10:8080 192.168.10.10:80,192.168.10.20:80
-])
-
-dnl Add load balancer to logical switch.
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80])
-AT_CHECK([ovn-nbctl lb-add lb1 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80 udp])
-AT_CHECK([ovn-nbctl lb-add lb3 30.0.0.10 192.168.10.10,192.168.10.20])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl --may-exist ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb3])
-
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<2> lb3 tcp/udp 30.0.0.10 192.168.10.10,192.168.10.20
-])
-
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb3 tcp/udp 30.0.0.10 192.168.10.10,192.168.10.20
-])
-
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb3])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [])
-AT_CHECK([ovn-nbctl --if-exists ls-lb-del ls0 lb1])
-
-dnl Remove all load balancers from logical switch.
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb3])
-AT_CHECK([ovn-nbctl ls-lb-del ls0])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [])
-
-dnl Add load balancer to logical router.
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl --may-exist lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb3])
-
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<2> lb3 tcp/udp 30.0.0.10 192.168.10.10,192.168.10.20
-])
-
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb1 udp 30.0.0.10:80 192.168.10.10:80,192.168.10.20:80
-<1> lb3 tcp/udp 30.0.0.10 192.168.10.10,192.168.10.20
-])
-
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb3])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [])
-AT_CHECK([ovn-nbctl --if-exists lr-lb-del lr0 lb1])
-
-dnl Remove all load balancers from logical router.
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb3])
-AT_CHECK([ovn-nbctl lr-lb-del lr0])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [])
-
-dnl Remove load balancers after adding them to a logical router/switch.
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl lb-del lb0])
-AT_CHECK([ovn-nbctl lb-del lb1])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lbs_ipv6], [LBs IPv6], [
-dnl A bunch of commands that should fail
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 [[ae0f::10]]:80a [[fd0f::10]]:80,[[fd0f::20]]:80 tcp], [1], [],
-[ovn-nbctl: [[ae0f::10]]:80a: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 [[ae0f::10]]:a80 [[fd0f::10]]:80,[[fd0f::20]]:80 tcp], [1], [],
-[ovn-nbctl: [[ae0f::10]]:a80: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 [[ae0f::10]]:80 [[fd0f::10]]:80,fd0f::20 tcp], [1], [],
-[ovn-nbctl: fd0f::20: should be an IP address and a port number with : as a separator.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10fff [[fd0f::10]]:80,fd0f::20 tcp], [1], [],
-[ovn-nbctl: ae0f::10fff: should be an IP address (or an IP address and a port number with : as a separator).
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10 [[fd0f::10]]:80,[[fd0f::20]]:80], [1], [],
-[ovn-nbctl: [[fd0f::10]]:80: should be an IP address.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10 fd0f::10,[[fd0f::20]]:80], [1], [],
-[ovn-nbctl: [[fd0f::20]]:80: should be an IP address.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10 [[fd0f::10]]:a80], [1], [],
-[ovn-nbctl: [[fd0f::10]]:a80: should be an IP address.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10 [[fd0f::10]]:], [1], [],
-[ovn-nbctl: [[fd0f::10]]:: should be an IP address.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 ae0f::10 fd0f::1001a], [1], [],
-[ovn-nbctl: fd0f::1001a: should be an IP address.
-])
-
-
-AT_CHECK([ovn-nbctl -vsocket_util:off lb-add lb0 [[ae0f::10]]: [[fd0f::10]]:80,[[fd0f::20]]:80 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f::10 fd0f::10 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f::10 [[fd0f::10]]:900 tcp], [1], [],
-[ovn-nbctl: Protocol is unnecessary when no port of vip is given.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f::10 192.168.10.10], [1], [],
-[ovn-nbctl: 192.168.10.10: IP address family is different from VIP ae0f::10.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f::10 192.168.10.10], [1], [],
-[ovn-nbctl: 192.168.10.10: IP address family is different from VIP ae0f::10.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 [[ae0f::10]]:80 192.168.10.10:80], [1], [],
-[ovn-nbctl: 192.168.10.10:80: IP address family is different from VIP [[ae0f::10]]:80.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10 ae0f::10], [1], [],
-[ovn-nbctl: ae0f::10: IP address family is different from VIP 30.0.0.10.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 30.0.0.10:80 [[ae0f::10]]:80], [1], [],
-[ovn-nbctl: [[ae0f::10]]:80: IP address family is different from VIP 30.0.0.10:80.
-])
-
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f::10 fd0f::10])
-AT_CHECK([ovn-nbctl lb-add lb0 ae0f:0000:0000:0000:0000:0000:0000:0010 fd0f::20],
-[1], [], [ovn-nbctl: lb0: a load balancer with this vip (ae0f::10) already exists
-])
-
-AT_CHECK([ovn-nbctl lb-del lb0])
-
-dnl Add ips to lb
-AT_CHECK([ovn-nbctl lb-add lb0 [[ae0f::10]]:80 ,,,[[fd0f::10]]:80,,,,,])
-AT_CHECK([ovn-nbctl lb-add lb1 [[ae0f::10]]:80 ,,,[[fd0f::10]]:80,,,,[[fd0f::20]]:80,,,,])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80
-<1> lb1 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-])
-AT_CHECK([ovn-nbctl lb-del lb0])
-AT_CHECK([ovn-nbctl lb-del lb1])
-
-
-AT_CHECK([ovn-nbctl lb-add lb0 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80])
-AT_CHECK([ovn-nbctl lb-add lb1 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80 tcp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-])
-
-dnl Update the VIP of the lb1.
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
-])
-
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080 udp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
-])
-
-dnl Config lb1 with another VIP.
-AT_CHECK([ovn-nbctl lb-add lb1 [[ae0f::20]]:80 [[fd0f::10]]:80 udp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
- udp [[ae0f::20]]:80 [[fd0f::10]]:80
-])
-
-AT_CHECK([ovn-nbctl lb-del lb1 [[ae0f::20]]:80])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
-])
-
-dnl Add LBs whose vip is just an IP address.
-AT_CHECK([ovn-nbctl lb-add lb2 ae0f::30 fd0f::10])
-AT_CHECK([ovn-nbctl lb-add lb3 ae0f::30 fd0f::10])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
-<2> lb2 tcp/udp ae0f::30 fd0f::10
-<3> lb3 tcp/udp ae0f::30 fd0f::10
-])
-AT_CHECK([ovn-nbctl lb-del lb2 ae0f::30])
-AT_CHECK([ovn-nbctl lb-del lb3 ae0f::30])
-
-AT_CHECK([ovn-nbctl lb-add lb2 [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80 tcp])
-AT_CHECK([ovn-nbctl --add-duplicate lb-add lb2 [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80 tcp])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:8080
-<2> lb2 tcp [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80
-<3> lb2 tcp [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80
-])
-
-dnl If there are multiple load balancers with the same name, use a UUID to update/delete.
-AT_CHECK([ovn-nbctl lb-add lb2 [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80 tcp], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl lb-del lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 [[ae0f::10]]:80 [[fd0f::10]]:8080,[[fd0f::20]]:8080 udp])
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 [[ae0f::10]]:8080 [[fd0f::10]]:8080,[[fd0f::20]]:8080 udp])
-AT_CHECK([ovn-nbctl --may-exist lb-add lb1 [[ae0f::10]]:9090 [[fd0f::10]]:8080,[[fd0f::20]]:8080 udp])
-AT_CHECK([ovn-nbctl lb-del lb0 [[ae0f::10]]:80])
-AT_CHECK([ovn-nbctl lb-del lb1])
-AT_CHECK([ovn-nbctl lb-list | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb2 tcp [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb2 tcp [[ae0f::10]]:8080 [[fd0f::10]]:80,[[fd0f::20]]:80
-])
-
-dnl Add load balancer to logical switch.
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lb-add lb0 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80])
-AT_CHECK([ovn-nbctl lb-add lb1 [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80 udp])
-AT_CHECK([ovn-nbctl lb-add lb3 ae0f::10 fd0f::10,fd0f::20])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl --may-exist ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb3])
-
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<2> lb3 tcp/udp ae0f::10 fd0f::10,fd0f::20
-])
-
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb3 tcp/udp ae0f::10 fd0f::10,fd0f::20
-])
-
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-del ls0 lb3])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [])
-AT_CHECK([ovn-nbctl --if-exists ls-lb-del ls0 lb1])
-
-dnl Remove all load balancers from logical switch.
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb0])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb1])
-AT_CHECK([ovn-nbctl ls-lb-add ls0 lb3])
-AT_CHECK([ovn-nbctl ls-lb-del ls0])
-AT_CHECK([ovn-nbctl ls-lb-list ls0 | uuidfilt], [0], [])
-
-dnl Add load balancer to logical router.
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl --may-exist lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb2], [1], [],
-[ovn-nbctl: Multiple load balancers named 'lb2'. Use a UUID.
-])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb3])
-
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb0 tcp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<2> lb3 tcp/udp ae0f::10 fd0f::10,fd0f::20
-])
-
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [dnl
-UUID LB PROTO VIP IPs
-<0> lb1 udp [[ae0f::10]]:80 [[fd0f::10]]:80,[[fd0f::20]]:80
-<1> lb3 tcp/udp ae0f::10 fd0f::10,fd0f::20
-])
-
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-del lr0 lb3])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [])
-AT_CHECK([ovn-nbctl --if-exists lr-lb-del lr0 lb1])
-
-dnl Remove all load balancers from logical router.
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb1])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb3])
-AT_CHECK([ovn-nbctl lr-lb-del lr0])
-AT_CHECK([ovn-nbctl lr-lb-list lr0 | uuidfilt], [0], [])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_basic_lr], [basic logical router commands], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lr-list | uuidfilt], [0], [dnl
-<0> (lr0)
-])
-
-AT_CHECK([ovn-nbctl lr-add lr1])
-AT_CHECK([ovn-nbctl lr-list | uuidfilt], [0], [dnl
-<0> (lr0)
-<1> (lr1)
-])
-
-AT_CHECK([ovn-nbctl lr-del lr0])
-AT_CHECK([ovn-nbctl lr-list | uuidfilt], [0], [dnl
-<0> (lr1)
-])
-
-AT_CHECK([ovn-nbctl show lr0])
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl show lr0 | uuidfilt], [0],
- [router <0> (lr0)
-])
-AT_CHECK([ovn-nbctl lr-add lr0], [1], [],
- [ovn-nbctl: lr0: a router with this name already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lr-add lr0])
-AT_CHECK([ovn-nbctl show lr0 | uuidfilt], [0],
- [router <0> (lr0)
-])
-AT_CHECK([ovn-nbctl --add-duplicate lr-add lr0])
-AT_CHECK([ovn-nbctl --may-exist --add-duplicate lr-add lr0], [1], [],
- [ovn-nbctl: --may-exist and --add-duplicate may not be used together
-])
-AT_CHECK([ovn-nbctl lr-del lr0], [1], [],
- [ovn-nbctl: Multiple logical routers named 'lr0'. Use a UUID.
-])
-
-AT_CHECK([ovn-nbctl lr-del lr2], [1], [],
- [ovn-nbctl: lr2: router name not found
-])
-AT_CHECK([ovn-nbctl --if-exists lr-del lr2])
-
-AT_CHECK([ovn-nbctl lr-add])
-AT_CHECK([ovn-nbctl lr-add])
-AT_CHECK([ovn-nbctl --add-duplicate lr-add], [1], [],
- [ovn-nbctl: --add-duplicate requires specifying a name
-])
-AT_CHECK([ovn-nbctl --may-exist lr-add], [1], [],
- [ovn-nbctl: --may-exist requires specifying a name
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_basic_lrp], [basic logical router port commands], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp0: invalid mac address 00:00:00:01:02
-])
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03:04 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp0: invalid mac address 00:00:00:01:02:03:04
-])
-
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
-
-AT_CHECK([ovn-nbctl show lr0 | uuidfilt], [0], [dnl
-router <0> (lr0)
- port lrp0
- mac: "00:00:00:01:02:03"
- networks: [["192.168.1.1/24"]]
-])
-
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp0: a port with this name already exists
-])
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
-AT_CHECK([ovn-nbctl lrp-list lr0 | uuidfilt], [0], [dnl
-<0> (lrp0)
-])
-
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24 peer=lrp1-peer])
-AT_CHECK([ovn-nbctl lrp-list lr0 | uuidfilt], [0], [dnl
-<0> (lrp0)
-<1> (lrp1)
-])
-
-AT_CHECK([ovn-nbctl lr-add lr1])
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp1: a port with this name already exists
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr1 lrp1 00:00:00:01:02:03 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp1: port already exists but in router lr0
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:04:05:06 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp1: port already exists with mac 00:00:00:01:02:03
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24], [1], [],
- [ovn-nbctl: lrp1: port already exists with mismatching peer
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 10.0.0.1/24 peer=lrp1-peer], [1], [],
- [ovn-nbctl: lrp1: port already exists with different network
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24 peer=lrp1-peer])
-
-AT_CHECK([ovn-nbctl lrp-del lrp1])
-AT_CHECK([ovn-nbctl lrp-list lr0 | uuidfilt], [0], [dnl
-<0> (lrp0)
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24 10.0.0.1/24 peer=lrp1-peer])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 192.168.1.1/24 172.16.0.1/24 peer=lrp1-peer], [1], [],
- [ovn-nbctl: lrp1: port already exists with different network
-])
-
-AT_CHECK([ovn-nbctl --may-exist lrp-add lr0 lrp1 00:00:00:01:02:03 10.0.0.1/24 192.168.1.1/24 peer=lrp1-peer])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lrp_gw_chassi], [logical router port gateway chassis], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [])
-
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lp0 chassis1], [1], [],
-[ovn-nbctl: lp0: port name not found
-])
-
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lp0], [1], [],
-[ovn-nbctl: lp0: port name not found
-])
-
-AT_CHECK([ovn-nbctl lrp-del-gateway-chassis lp0 chassis1], [1], [],
-[ovn-nbctl: lp0: port name not found
-])
-
-AT_CHECK([ovn-nbctl lrp-del-gateway-chassis lrp0 chassis1], [1], [],
-[ovn-nbctl: chassis chassis1 is not added to logical port lrp0
-])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis1])
-
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis1 0
-])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis1 10])
-
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis1 10
-])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis1 20])
-
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis1 20
-])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis2 5])
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis1 20
-lrp0-chassis2 5
-])
-
-AT_CHECK([ovn-nbctl lrp-del-gateway-chassis lrp0 chassis1])
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis2 5
-])
-
-AT_CHECK([ovn-nbctl lrp-del-gateway-chassis lrp0 chassis2])
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0])
-
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis1 1])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis2 10])
-AT_CHECK([ovn-nbctl lrp-set-gateway-chassis lrp0 chassis3 5])
-AT_CHECK([ovn-nbctl lrp-get-gateway-chassis lrp0], [0], [dnl
-lrp0-chassis2 10
-lrp0-chassis3 5
-lrp0-chassis1 1
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lrp_enable], [logical router port enable and disable], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
-AT_CHECK([ovn-nbctl lrp-get-enabled lrp0], [0], [enabled
-])
-
-AT_CHECK([ovn-nbctl lrp-set-enabled lrp0 disabled])
-AT_CHECK([ovn-nbctl lrp-get-enabled lrp0], [0], [disabled
-])
-
-AT_CHECK([ovn-nbctl lrp-set-enabled lrp0 enabled])
-AT_CHECK([ovn-nbctl lrp-get-enabled lrp0], [0], [enabled
-])
-
-AT_CHECK([ovn-nbctl lrp-set-enabled lrp0 xyzzy], [1], [],
- [ovn-nbctl: xyzzy: state must be "enabled" or "disabled"
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_routes], [routes], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-
-dnl Check IPv4 routes
-AT_CHECK([ovn-nbctl lr-route-add lr0 0.0.0.0/0 192.168.0.1])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.1.0/24 11.0.1.1 lp0])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.1/24 11.0.0.2])
-
-dnl Add overlapping route with 10.0.0.1/24
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.111/24 11.0.0.1], [1], [],
- [ovn-nbctl: duplicate prefix: 10.0.0.0/24
-])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.111a/24 11.0.0.1], [1], [],
- [ovn-nbctl: bad prefix argument: 10.0.0.111a/24
-])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.111/24a 11.0.0.1], [1], [],
- [ovn-nbctl: bad prefix argument: 10.0.0.111/24a
-])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.111/24 11.0.0.1a], [1], [],
- [ovn-nbctl: bad next hop argument: 11.0.0.1a
-])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.111/24 11.0.0.1/24], [1], [],
- [ovn-nbctl: bad IPv4 nexthop argument: 11.0.0.1/24
-])
-AT_CHECK([ovn-nbctl lr-route-add lr0 2001:0db8:1::/64 2001:0db8:0:f103::1/64], [1], [],
- [ovn-nbctl: bad IPv6 nexthop argument: 2001:0db8:0:f103::1/64
-])
-
-AT_CHECK([ovn-nbctl --may-exist lr-route-add lr0 10.0.0.111/24 11.0.0.1])
-AT_CHECK([ovn-nbctl --policy=src-ip lr-route-add lr0 9.16.1.0/24 11.0.0.1])
-
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv4 Routes
- 10.0.0.0/24 11.0.0.1 dst-ip
- 10.0.1.0/24 11.0.1.1 dst-ip lp0
- 9.16.1.0/24 11.0.0.1 src-ip
- 0.0.0.0/0 192.168.0.1 dst-ip
-])
-
-AT_CHECK([ovn-nbctl --may-exist lr-route-add lr0 10.0.0.111/24 11.0.0.1 lp1])
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv4 Routes
- 10.0.0.0/24 11.0.0.1 dst-ip lp1
- 10.0.1.0/24 11.0.1.1 dst-ip lp0
- 9.16.1.0/24 11.0.0.1 src-ip
- 0.0.0.0/0 192.168.0.1 dst-ip
-])
-
-dnl Delete non-existent prefix
-AT_CHECK([ovn-nbctl lr-route-del lr0 10.0.2.1/24], [1], [],
- [ovn-nbctl: no matching prefix: 10.0.2.0/24
-])
-AT_CHECK([ovn-nbctl --if-exists lr-route-del lr0 10.0.2.1/24])
-
-AT_CHECK([ovn-nbctl lr-route-del lr0 10.0.1.1/24])
-AT_CHECK([ovn-nbctl lr-route-del lr0 9.16.1.0/24])
-
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv4 Routes
- 10.0.0.0/24 11.0.0.1 dst-ip lp1
- 0.0.0.0/0 192.168.0.1 dst-ip
-])
-
-AT_CHECK([ovn-nbctl lr-route-del lr0])
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-])
-
-dnl Check IPv6 routes
-AT_CHECK([ovn-nbctl lr-route-add lr0 0:0:0:0:0:0:0:0/0 2001:0db8:0:f101::1])
-AT_CHECK([ovn-nbctl lr-route-add lr0 2001:0db8:0::/64 2001:0db8:0:f102::1 lp0])
-AT_CHECK([ovn-nbctl lr-route-add lr0 2001:0db8:1::/64 2001:0db8:0:f103::1])
-
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv6 Routes
- 2001:db8::/64 2001:db8:0:f102::1 dst-ip lp0
- 2001:db8:1::/64 2001:db8:0:f103::1 dst-ip
- ::/0 2001:db8:0:f101::1 dst-ip
-])
-
-AT_CHECK([ovn-nbctl lr-route-del lr0 2001:0db8:0::/64])
-
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv6 Routes
- 2001:db8:1::/64 2001:db8:0:f103::1 dst-ip
- ::/0 2001:db8:0:f101::1 dst-ip
-])
-
-AT_CHECK([ovn-nbctl lr-route-del lr0])
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-])
-
-dnl Check IPv4 and IPv6 routes
-AT_CHECK([ovn-nbctl lr-route-add lr0 0.0.0.0/0 192.168.0.1])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.1.1/24 11.0.1.1 lp0])
-AT_CHECK([ovn-nbctl lr-route-add lr0 10.0.0.1/24 11.0.0.1])
-AT_CHECK([ovn-nbctl lr-route-add lr0 0:0:0:0:0:0:0:0/0 2001:0db8:0:f101::1])
-AT_CHECK([ovn-nbctl lr-route-add lr0 2001:0db8:0::/64 2001:0db8:0:f102::1 lp0])
-AT_CHECK([ovn-nbctl lr-route-add lr0 2001:0db8:1::/64 2001:0db8:0:f103::1])
-
-AT_CHECK([ovn-nbctl lr-route-list lr0], [0], [dnl
-IPv4 Routes
- 10.0.0.0/24 11.0.0.1 dst-ip
- 10.0.1.0/24 11.0.1.1 dst-ip lp0
- 0.0.0.0/0 192.168.0.1 dst-ip
-
-IPv6 Routes
- 2001:db8::/64 2001:db8:0:f102::1 dst-ip lp0
- 2001:db8:1::/64 2001:db8:0:f103::1 dst-ip
- ::/0 2001:db8:0:f101::1 dst-ip
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_policies], [policies], [
-AT_CHECK([ovn-nbctl lr-add lr0])
-
-dnl Add policies with allow and drop actions
-AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop])
-AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.2.0/24" allow])
-AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip4.src == 2.1.1.0/24" allow])
-AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip4.src == 2.1.2.0/24" drop])
-AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip6.src == 2002::/64" drop])
-
-dnl Add duplicated policy
-AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop], [1], [],
- [ovn-nbctl: Same routing policy already existed on the logical router lr0.
-])
-
-dnl Add duplicated policy
-AT_CHECK([ovn-nbctl lr-policy-add lr0 103 "ip4.src == 1.1.1.0/24" deny], [1], [],
- [ovn-nbctl: deny: action must be one of "allow", "drop", and "reroute"
-])
-
-dnl Delete by priority and match string
-AT_CHECK([ovn-nbctl lr-policy-del lr0 100 "ip4.src == 1.1.1.0/24"])
-AT_CHECK([ovn-nbctl lr-policy-list lr0], [0], [dnl
-Routing Policies
- 101 ip4.src == 2.1.1.0/24 allow
- 101 ip4.src == 2.1.2.0/24 drop
- 101 ip6.src == 2002::/64 drop
- 100 ip4.src == 1.1.2.0/24 allow
-])
-
-dnl Delete all policies for given priority
-AT_CHECK([ovn-nbctl lr-policy-del lr0 101])
-AT_CHECK([ovn-nbctl lr-policy-list lr0], [0], [dnl
-Routing Policies
- 100 ip4.src == 1.1.2.0/24 allow
-])
-
-dnl Add policy with reroute action
-AT_CHECK([ovn-nbctl lr-policy-add lr0 102 "ip4.src == 3.1.2.0/24" reroute 3.3.3.3])
-
-dnl Add policy with invalid reroute ip
-AT_CHECK([ovn-nbctl lr-policy-add lr0 103 "ip4.src == 3.1.2.0/24" reroute 3.3.3.x], [1], [],
- [ovn-nbctl: bad next hop argument: 3.3.3.x
-])
-
-dnl Add policy with reroute action
-AT_CHECK([ovn-nbctl lr-policy-add lr0 104 "ip6.src == 2001::/64" reroute 2002::5])
-
-dnl Add policy with invalid reroute ip
-AT_CHECK([ovn-nbctl lr-policy-add lr0 105 "ip6.src == 2001::/64" reroute 2002::x], [1], [],
- [ovn-nbctl: bad next hop argument: 2002::x
-])
-
-])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_lsp_types], [lsp types], [
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 lp0])
-
-dnl switchport type defaults to empty
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-
-])
-
-dnl The following are the valid entries for
-dnl switchport type
-AT_CHECK([ovn-nbctl lsp-set-type lp0 l2gateway])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-l2gateway
-])
-
-AT_CHECK([ovn-nbctl lsp-set-type lp0 router])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-router
-])
-
-AT_CHECK([ovn-nbctl lsp-set-type lp0 localnet])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-localnet
-])
-
-AT_CHECK([ovn-nbctl lsp-set-type lp0 localport])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-localport
-])
-
-AT_CHECK([ovn-nbctl lsp-set-type lp0 vtep])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-vtep
-])
-
-dnl All of these are valid southbound port types but
-dnl should be rejected for northbound logical switch
-dnl ports.
-AT_CHECK([ovn-nbctl lsp-set-type lp0 l3gateway], [1], [], [dnl
-ovn-nbctl: Logical switch port type 'l3gateway' is unrecognized. Not setting type.
-])
-AT_CHECK([ovn-nbctl lsp-set-type lp0 patch], [1], [], [dnl
-ovn-nbctl: Logical switch port type 'patch' is unrecognized. Not setting type.
-])
-AT_CHECK([ovn-nbctl lsp-set-type lp0 chassisredirect], [1], [], [dnl
-ovn-nbctl: Logical switch port type 'chassisredirect' is unrecognized. Not setting type.
-])
-
-dnl switch port type should still be "vtep" since previous
-dnl commands failed.
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-vtep
-])
-
-dnl Attempt a nonsense type
-AT_CHECK([ovn-nbctl lsp-set-type lp0 eggs], [1], [], [dnl
-ovn-nbctl: Logical switch port type 'eggs' is unrecognized. Not setting type.
-])
-
-dnl Empty string should work too
-AT_CHECK([ovn-nbctl lsp-set-type lp0 ""])
-AT_CHECK([ovn-nbctl lsp-get-type lp0], [0], [dnl
-
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_connection], [connection], [
-AT_CHECK([ovn-nbctl --inactivity-probe=30000 set-connection ptcp:6641:127.0.0.1 punix:$OVS_RUNDIR/ovnnb_db.sock])
-AT_CHECK([ovn-nbctl list connection | grep inactivity_probe], [0], [dnl
-inactivity_probe : 30000
-inactivity_probe : 30000
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_dry_run_mode], [dry run mode], [
-dnl Check that dry run has no permanent effect.
-AT_CHECK([ovn-nbctl --dry-run ls-add ls0 -- ls-list | uuidfilt], [0], [dnl
-<0> (ls0)
-])
-AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
-])
-
-dnl Check that dry-run mode is not sticky.
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
-<0> (ls0)
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_oneline_output], [oneline output], [
-AT_CHECK([ovn-nbctl ls-add ls0 -- ls-add ls1])
-
-dnl Expect one line for one command.
-AT_CHECK([ovn-nbctl --oneline ls-list | uuidfilt], [0], [dnl
-<0> (ls0)\n<1> (ls1)
-])
-
-dnl Expect lines for two commands.
-AT_CHECK([ovn-nbctl --oneline ls-list -- ls-list | uuidfilt], [0], [dnl
-<0> (ls0)\n<1> (ls1)
-<0> (ls0)\n<1> (ls1)
-])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_error_paths], [commands parser error paths], [
-dnl FIXME: Duplicate options are allowed when passed with global options.
-dnl For example: ovn-nbctl --if-exists --if-exists list Logical_Switch
-
-dnl Duplicate option
-AT_CHECK([ovn-nbctl -- --if-exists --if-exists list Logical_Switch], [1], [], [stderr])
-AT_CHECK([grep 'option specified multiple times' stderr], [0], [ignore])
-
-dnl Missing command
-AT_CHECK([ovn-nbctl], [1], [], [stderr])
-AT_CHECK([grep 'missing command name' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl --if-exists], [1], [], [stderr])
-AT_CHECK([grep 'missing command name' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl --], [1], [], [stderr])
-AT_CHECK([grep 'missing command name' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- --if-exists], [1], [], [stderr])
-AT_CHECK([grep 'missing command name' stderr], [0], [ignore])
-
-dnl Unknown command
-AT_CHECK([ovn-nbctl foo], [1], [], [stderr])
-AT_CHECK([grep 'unknown command' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- foo], [1], [], [stderr])
-AT_CHECK([grep 'unknown command' stderr], [0], [ignore])
-
-dnl Unknown option
-AT_CHECK([ovn-nbctl --foo list Logical_Switch], [1], [], [stderr])
-AT_CHECK([grep 'unrecognized option' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- --foo list Logical_Switch], [1], [], [stderr])
-AT_CHECK([grep 'command has no .* option' stderr], [0], [ignore])
-
-dnl Missing option argument
-AT_CHECK([ovn-nbctl --columns], [1], [], [stderr])
-AT_CHECK([grep 'option .* requires an argument' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- --columns list Logical_Switch], [1], [], [stderr])
-AT_CHECK([grep 'missing argument to .* option' stderr], [0], [ignore])
-
-dnl Unexpected option argument
-AT_CHECK([ovn-nbctl --if-exists=foo list Logical_Switch], [1], [], [stderr])
-AT_CHECK([egrep 'option .* doesn'\''t allow an argument|option .* requires an argument' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- --if-exists=foo list Logical_Switch], [1], [], [stderr])
-AT_CHECK([grep 'option on .* does not accept an argument' stderr], [0], [ignore])
-
-dnl Not enough arguments
-AT_CHECK([ovn-nbctl list], [1], [], [stderr])
-AT_CHECK([grep 'command requires at least .* arguments' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- list], [1], [], [stderr])
-AT_CHECK([grep 'command requires at least .* arguments' stderr], [0], [ignore])
-
-dnl Too many arguments
-AT_CHECK([ovn-nbctl show foo bar], [1], [], [stderr])
-AT_CHECK([grep 'command takes at most .* arguments' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- show foo bar], [1], [], [stderr])
-AT_CHECK([grep 'command takes at most .* arguments' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl show foo --bar], [1], [], [stderr])
-AT_CHECK([grep 'command takes at most .* arguments' stderr], [0], [ignore])
-
-AT_CHECK([ovn-nbctl -- show foo --bar], [1], [], [stderr])
-AT_CHECK([grep 'command takes at most .* arguments' stderr], [0], [ignore])])
-
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_port_groups], [port groups], [
-dnl Check that port group can be looked up by name
-AT_CHECK([ovn-nbctl create Port_Group name=pg0], [0], [ignore])
-AT_CHECK([ovn-nbctl get Port_Group pg0 name], [0], [dnl
-pg0
-])])
-
-OVN_NBCTL_TEST([ovn_nbctl_extra_newlines], [extra newlines], [
-dnl This test addresses a specific issue seen when running ovn-nbctl in
-dnl daemon mode. All we have to do is ensure that each time we list database
-dnl information, there is not an extra newline at the beginning of the output.
-AT_CHECK([ovn-nbctl ls-add sw1], [0], [ignore])
-AT_CHECK([ovn-nbctl --columns=name list logical_switch sw1], [0], [dnl
-name : sw1
-])
-AT_CHECK([ovn-nbctl --columns=name list logical_switch sw1], [0], [dnl
-name : sw1
-])])
-
-OVN_NBCTL_TEST([ovn_nbctl_table_formatting], [table formatting], [
-dnl This test addresses a specific issue seen when running ovn-nbctl in
-dnl daemon mode. We need to ensure that table formatting options are honored
-dnl when listing database information.
-AT_CHECK([ovn-nbctl ls-add sw1], [0], [ignore])
-AT_CHECK([ovn-nbctl --bare --columns=name list logical_switch sw1], [0], [dnl
-sw1
-])])
-dnl ---------------------------------------------------------------------
-
-OVN_NBCTL_TEST([ovn_nbctl_port_group_commands], [port group commands], [
-AT_CHECK([ovn-nbctl pg-add pg1], [0], [ignore])
-AT_CHECK([ovn-nbctl --bare --columns=name list port_group pg1], [0],
-[pg1
-])
-
-AT_CHECK([ovn-nbctl pg-del pg1], [0], [ignore])
-AT_CHECK([ovn-nbctl list port_group], [0], [])
-
-AT_CHECK([ovn-nbctl ls-add sw1], [0], [ignore])
-AT_CHECK([ovn-nbctl lsp-add sw1 sw1-p1], [0], [ignore])
-SW1P1=$(ovn-nbctl --bare --columns=_uuid list logical_switch_port sw1-p1)
-AT_CHECK([ovn-nbctl lsp-add sw1 sw1-p2], [0], [ignore])
-SW1P2=$(ovn-nbctl --bare --columns=_uuid list logical_switch_port sw1-p2)
-
-AT_CHECK([ovn-nbctl pg-add pg1 sw1-p1], [0], [ignore])
-AT_CHECK([ovn-nbctl --bare --columns=name list port_group pg1], [0],[dnl
-pg1
-])
-AT_CHECK_UNQUOTED([ovn-nbctl --bare --columns=ports list port_group pg1], [0], [dnl
-$SW1P1
-])
-
-AT_CHECK([ovn-nbctl pg-set-ports pg1 sw1-p2], [0], [ignore])
-AT_CHECK_UNQUOTED([ovn-nbctl --bare --columns=ports list port_group pg1], [0], [dnl
-$SW1P2
-])
-
-AT_CHECK([ovn-nbctl pg-del pg1], [0], [ignore])
-AT_CHECK([ovn-nbctl list port_group], [0], [])
-])
-
-AT_SETUP([ovn-nbctl - daemon retry connection])
-OVN_NBCTL_TEST_START daemon
-AT_CHECK([kill `cat ovsdb-server.pid`])
-AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file --remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db], [0], [], [stderr])
-AT_CHECK([ovn-nbctl show], [0], [ignore])
-OVN_NBCTL_TEST_STOP /Terminated/d
-AT_CLEANUP
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
deleted file mode 100644
index 62e58fd0eea..00000000000
--- a/tests/ovn-northd.at
+++ /dev/null
@@ -1,900 +0,0 @@
-AT_BANNER([OVN northd])
-AT_SETUP([ovn -- check from NBDB to SBDB])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl create Logical_Router name=R1
-ovn-sbctl chassis-add gw1 geneve 127.0.0.1
-ovn-sbctl chassis-add gw2 geneve 1.2.4.8
-
-# Connect alice to R1 as distributed router gateway port on hv2
-ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.1/24
-
-ovn-nbctl --wait=sb \
- --id=@gc0 create Gateway_Chassis name=alice_gw1 \
- chassis_name=gw1 \
- priority=20 -- \
- --id=@gc1 create Gateway_Chassis name=alice_gw2 \
- chassis_name=gw2 \
- priority=10 -- \
- set Logical_Router_Port alice 'gateway_chassis=[@gc0,@gc1]'
-
-nb_gwc1_uuid=`ovn-nbctl --bare --columns _uuid find Gateway_Chassis name="alice_gw1"`
-
-# With the new ha_chassis_group table added, there should be no rows in
-# gateway_chassis table in SB DB.
-AT_CHECK([ovn-sbctl list gateway_chassis | wc -l], [0], [0
-])
-
-# There should be one ha_chassis_group with the name "alice"
-ha_chassi_grp_name=`ovn-sbctl --bare --columns name find \
-ha_chassis_group name="alice"`
-
-AT_CHECK([test $ha_chassi_grp_name = alice])
-
-ha_chgrp_uuid=`ovn-sbctl --bare --columns _uuid find ha_chassis_group name=alice`
-
-AT_CHECK([ovn-sbctl --bare --columns ha_chassis_group find port_binding \
-logical_port="cr-alice" | grep $ha_chgrp_uuid | wc -l], [0], [1
-])
-
-# There should be one ha_chassis_group with the name "alice"
-ha_chassi_grp_name=`ovn-sbctl --bare --columns name find \
-ha_chassis_group name="alice"`
-
-AT_CHECK([test $ha_chassi_grp_name = alice])
-
-ha_chgrp_uuid=`ovn-sbctl --bare --columns _uuid find ha_chassis_group name=alice`
-
-AT_CHECK([ovn-sbctl --bare --columns ha_chassis_group find port_binding \
-logical_port="cr-alice" | grep $ha_chgrp_uuid | wc -l], [0], [1
-])
-
-ha_ch=`ovn-sbctl --bare --columns ha_chassis find ha_chassis_group`
-# Trim the spaces.
-ha_ch=`echo $ha_ch | sed 's/ //g'`
-
-ha_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list="$ha_ch_list $i"
-done
-
-# Trim the spaces.
-ha_ch_list=`echo $ha_ch_list | sed 's/ //g'`
-
-AT_CHECK([test "$ha_ch_list" = "$ha_ch"])
-
-# Delete chassis - gw2 in SB DB.
-# ovn-northd should not recreate ha_chassis rows
-# repeatedly when gw2 is deleted.
-ovn-sbctl chassis-del gw2
-
-ha_ch_list_1=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list_1="$ha_ch_list_1 $i"
-done
-
-# Trim the spaces.
-ha_ch_list_1=`echo $ha_ch_list_1 | sed 's/ //g'`
-
-ha_ch_list_2=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list_2="$ha_ch_list_2 $i"
-done
-
-# Trim the spaces.
-ha_ch_list_2=`echo $ha_ch_list_2 | sed 's/ //g'`
-
-AT_CHECK([test "$ha_ch_list_1" = "$ha_ch_list_2"])
-
-# Add back the gw2 chassis
-ovn-sbctl chassis-add gw2 geneve 1.2.4.8
-
-# delete the 2nd Gateway_Chassis on NBDB for alice port
-gw_ch=`ovn-sbctl --bare --columns gateway_chassis find port_binding \
-logical_port="cr-alice"`
-AT_CHECK([test "$gw_ch" = ""])
-
-ha_ch=`ovn-sbctl --bare --columns ha_chassis find ha_chassis_group`
-ha_ch=`echo $ha_ch | sed 's/ //g'`
-# Trim the spaces.
-echo "ha ch in grp = $ha_ch"
-
-ha_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list="$ha_ch_list $i"
-done
-
-# Trim the spaces.
-ha_ch_list=`echo $ha_ch_list | sed 's/ //g'`
-
-AT_CHECK([test "$ha_ch_list" = "$ha_ch"])
-
-# delete the 2nd Gateway_Chassis on NBDB for alice port
-ovn-nbctl --wait=sb set Logical_Router_Port alice gateway_chassis=${nb_gwc1_uuid}
-
-# There should be only 1 row in ha_chassis SB DB table.
-AT_CHECK([ovn-sbctl --bare --columns _uuid list ha_chassis | wc -l], [0], [1
-])
-
-AT_CHECK([ovn-sbctl list gateway_chassis | wc -l], [0], [0
-])
-
-# There should be only 1 row in ha_chassis SB DB table.
-AT_CHECK([ovn-sbctl --bare --columns _uuid list ha_chassis | wc -l], [0], [1
-])
-
-# delete all the gateway_chassis on NBDB for alice port
-
-ovn-nbctl --wait=sb clear Logical_Router_Port alice gateway_chassis
-
-# expect that the ha_chassis doesn't exist anymore
-AT_CHECK([ovn-sbctl list gateway_chassis | wc -l], [0], [0
-])
-
-AT_CHECK([ovn-sbctl list ha_chassis | wc -l], [0], [0
-])
-
-AT_CHECK([ovn-sbctl list ha_chassis_group | wc -l], [0], [0
-])
-
-# expect that the ha_chassis doesn't exist anymore
-AT_CHECK([ovn-sbctl list ha_chassis | wc -l], [0], [0
-])
-AT_CHECK([ovn-sbctl list ha_chassis_group | wc -l], [0], [0
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check Gateway_Chassis propagation from NBDB to SBDB backwards compatibility])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl create Logical_Router name=R1
-ovn-sbctl chassis-add gw1 geneve 127.0.0.1
-ovn-sbctl chassis-add gw2 geneve 1.2.4.8
-
-ovn-nbctl --wait=sb lrp-add R1 bob 00:00:02:01:02:03 172.16.1.1/24 \
- -- set Logical_Router_Port bob options:redirect-chassis="gw1"
-
-
-# It should be converted to ha_chassis_group entries in SBDB, and
-# still redirect-chassis is kept for backwards compatibility
-
-AT_CHECK([ovn-sbctl list gateway_chassis | wc -l], [0], [0
-])
-
-AT_CHECK([ovn-sbctl --bare --columns _uuid list ha_chassis | wc -l], [0], [1
-])
-
-AT_CHECK([ovn-sbctl --bare --columns _uuid list ha_chassis_group | wc -l], [0], [1
-])
-
-# There should be one ha_chassis_group with the name "bob_gw1"
-ha_chassi_grp_name=`ovn-sbctl --bare --columns name find \
-ha_chassis_group name="bob_gw1"`
-
-AT_CHECK([test $ha_chassi_grp_name = bob_gw1])
-
-ha_chgrp_uuid=`ovn-sbctl --bare --columns _uuid find ha_chassis_group name=bob_gw1`
-
-AT_CHECK([ovn-sbctl --bare --columns ha_chassis_group find port_binding \
-logical_port="cr-bob" | grep $ha_chgrp_uuid | wc -l], [0], [1
-])
-
-ovn-nbctl --wait=sb remove Logical_Router_Port bob options redirect-chassis
-
-# expect that the ha_chassis/ha_chassis_group doesn't exist anymore
-
-AT_CHECK([ovn-sbctl find Gateway_Chassis name=bob_gw1], [0], [])
-AT_CHECK([ovn-sbctl list ha_chassis | wc -l], [0], [0
-])
-
-AT_CHECK([ovn-sbctl list ha_chassis_group | wc -l], [0], [0
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check up state of VIF LSP])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add S1
-ovn-nbctl --wait=sb lsp-add S1 S1-vm1
-AT_CHECK([test x`ovn-nbctl lsp-get-up S1-vm1` = xdown])
-
-ovn-sbctl chassis-add hv1 geneve 127.0.0.1
-ovn-sbctl lsp-bind S1-vm1 hv1
-AT_CHECK([test x`ovn-nbctl lsp-get-up S1-vm1` = xup])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check up state of router LSP linked to a distributed LR])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl lr-add R1
-ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24
-
-ovn-nbctl ls-add S1
-ovn-nbctl lsp-add S1 S1-R1
-ovn-nbctl lsp-set-type S1-R1 router
-ovn-nbctl lsp-set-addresses S1-R1 02:ac:10:01:00:01
-ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
-AT_CHECK([test x`ovn-nbctl lsp-get-up S1-R1` = xup])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check up state of router LSP linked to a gateway LR])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-sbctl chassis-add gw1 geneve 127.0.0.1
-
-ovn-nbctl create Logical_Router name=R1 options:chassis=gw1
-ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24
-
-ovn-nbctl ls-add S1
-ovn-nbctl lsp-add S1 S1-R1
-ovn-nbctl lsp-set-type S1-R1 router
-ovn-nbctl lsp-set-addresses S1-R1 02:ac:10:01:00:01
-ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
-
-ovn-sbctl lsp-bind S1-R1 gw1
-AT_CHECK([test x`ovn-nbctl lsp-get-up S1-R1` = xup])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check up state of router LSP linked to an LRP with set Gateway Chassis])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-sbctl chassis-add gw1 geneve 127.0.0.1
-
-ovn-nbctl lr-add R1
-ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24
-ovn-nbctl lrp-set-gateway-chassis R1-S1 gw1
-
-ovn-nbctl ls-add S1
-ovn-nbctl lsp-add S1 S1-R1
-ovn-nbctl lsp-set-type S1-R1 router
-ovn-nbctl lsp-set-addresses S1-R1 router
-ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
-AT_CHECK([test x`ovn-nbctl lsp-get-up S1-R1` = xup])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check IPv6 RA config propagation to SBDB])
-ovn_start
-
-ovn-nbctl lr-add ro
-ovn-nbctl lrp-add ro ro-sw 00:00:00:00:00:01 aef0:0:0:0:0:0:0:1/64
-ovn-nbctl ls-add sw
-ovn-nbctl lsp-add sw sw-ro
-ovn-nbctl lsp-set-type sw-ro router
-ovn-nbctl lsp-set-options sw-ro router-port=ro-sw
-ovn-nbctl lsp-set-addresses sw-ro 00:00:00:00:00:01
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:send_periodic=true
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:address_mode=slaac
-ovn-nbctl --wait=sb set Logical_Router_Port ro-sw ipv6_ra_configs:mtu=1280
-
-uuid=$(ovn-sbctl --columns=_uuid --bare find Port_Binding logical_port=ro-sw)
-
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_send_periodic],
-[0], ["true"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_address_mode],
-[0], [slaac
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[0], ["600"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[0], ["200"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_mtu],
-[0], ["1280"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_src_eth],
-[0], ["00:00:00:00:00:01"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_src_addr],
-[0], ["fe80::200:ff:fe00:1"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_prefixes],
-[0], ["aef0::/64"
-])
-
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:max_interval=300
-ovn-nbctl --wait=sb set Logical_Router_Port ro-sw ipv6_ra_configs:min_interval=600
-
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[0], ["300"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[0], ["225"
-])
-
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:max_interval=300
-ovn-nbctl --wait=sb set Logical_Router_Port ro-sw ipv6_ra_configs:min_interval=250
-
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[0], ["300"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[0], ["225"
-])
-
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:max_interval=0
-ovn-nbctl --wait=sb set Logical_Router_Port ro-sw ipv6_ra_configs:min_interval=0
-
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[0], ["4"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[0], ["3"
-])
-
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:max_interval=3600
-ovn-nbctl --wait=sb set Logical_Router_Port ro-sw ipv6_ra_configs:min_interval=2400
-
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[0], ["1800"
-])
-AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[0], ["1350"
-])
-
-ovn-nbctl --wait=sb set Logical_Router_port ro-sw ipv6_ra_configs:send_periodic=false
-
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_send_periodic],
-[1], [], [ovn-sbctl: no key "ipv6_ra_send_periodic" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_max_interval],
-[1], [], [ovn-sbctl: no key "ipv6_ra_max_interval" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_min_interval],
-[1], [], [ovn-sbctl: no key "ipv6_ra_min_interval" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_mtu],
-[1], [], [ovn-sbctl: no key "ipv6_ra_mtu" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_address_mode],
-[1], [], [ovn-sbctl: no key "ipv6_ra_address_mode" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_src_eth],
-[1], [], [ovn-sbctl: no key "ipv6_ra_src_eth" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_src_addr],
-[1], [], [ovn-sbctl: no key "ipv6_ra_src_addr" in Port_Binding record "${uuid}" column options
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get Port_Binding ${uuid} options:ipv6_ra_prefixes],
-[1], [], [ovn-sbctl: no key "ipv6_ra_prefixes" in Port_Binding record "${uuid}" column options
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- test unixctl])
-ovn_init_db ovn-sb; ovn-sbctl init
-ovn_init_db ovn-nb; ovn-nbctl init
-
-# test unixctl option
-mkdir "$ovs_base"/northd
-as northd start_daemon ovn-northd --unixctl="$ovs_base"/northd/ovn-northd.ctl --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-ovn-nbctl ls-add sw
-ovn-nbctl --wait=sb lsp-add sw p1
-# northd created with unixctl option successfully created port_binding entry
-AT_CHECK([ovn-sbctl --bare --columns datapath find port_binding logical_port="p1" | wc -l], [0], [1
-])
-AT_CHECK([ovn-nbctl --wait=sb lsp-del p1])
-
-# ovs-appctl exit with unixctl option
-OVS_APP_EXIT_AND_WAIT_BY_TARGET(["$ovs_base"/northd/ovn-northd.ctl], ["$ovs_base"/northd/ovn-northd.pid])
-
-# Check no port_binding entry for new port as ovn-northd is not running
-ovn-nbctl lsp-add sw p2
-ovn-nbctl --timeout=10 --wait=sb sync
-AT_CHECK([ovn-sbctl --bare --columns datapath find port_binding logical_port="p2" | wc -l], [0], [0
-])
-
-# test default unixctl path
-as northd start_daemon ovn-northd --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-ovn-nbctl --wait=sb lsp-add sw p3
-# northd created with default unixctl path successfully created port_binding entry
-AT_CHECK([ovn-sbctl --bare --columns datapath find port_binding logical_port="p3" | wc -l], [0], [1
-])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- check HA_Chassis_Group propagation from NBDB to SBDB])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl --wait=sb ha-chassis-group-add hagrp1
-
-# ovn-northd should not create HA chassis group and HA chassis rows
-# unless the HA chassis group in OVN NB DB is associated to
-# a logical router port or logical port of type external.
-AT_CHECK([ovn-sbctl --bare --columns name find ha_chassis_group name="hagrp1" \
-| wc -l], [0], [0
-])
-
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch1 30
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch2 20
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch3 10
-
-# There should be no HA_Chassis rows in SB DB.
-AT_CHECK([ovn-sbctl list ha_chassis | grep chassis | awk '{print $3}' \
-| grep -v '-' | wc -l ], [0], [0
-])
-
-# Add chassis ch1.
-ovn-sbctl chassis-add ch1 geneve 127.0.0.2
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl list chassis | grep ch1 | wc -l`])
-
-# There should be no HA_Chassis rows
-AT_CHECK([ovn-sbctl list ha_chassis | grep chassis | awk '{print $3}' \
-| grep -v '-' | wc -l ], [0], [0
-])
-
-# Create a logical router port and attach ha chassis group.
-ovn-nbctl lr-add lr0
-ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24
-
-hagrp1_uuid=`ovn-nbctl --bare --columns _uuid find ha_chassis_group name=hagrp1`
-ovn-nbctl set logical_router_port lr0-public ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Make sure that ovn-northd doesn't recreate the ha_chassis
-# records if the chassis record is missing in SB DB.
-
-ha_ch_list_1=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list_1="$ha_ch_list_1 $i"
-done
-
-# Trim the spaces.
-ha_ch_list_1=`echo $ha_ch_list_1 | sed 's/ //g'`
-
-ha_ch_list_2=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list_2="$ha_ch_list_2 $i"
-done
-
-# Trim the spaces.
-ha_ch_list_2=`echo $ha_ch_list_2 | sed 's/ //g'`
-
-AT_CHECK([test "$ha_ch_list_1" = "$ha_ch_list_2"])
-
-# 2 HA chassis should be created with 'chassis' column empty because
-# we have not added hv1 and hv2 chassis to the SB DB.
-AT_CHECK([test 2 = `ovn-sbctl list ha_chassis | grep chassis | awk '{print $3}' \
-| grep -v '-' | wc -l`])
-
-# We should have 1 ha chassis with 'chassis' column set for hv1
-AT_CHECK([test 1 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | awk '{print $3}' \
-| grep '-' | wc -l`])
-
-# Create another logical router port and associate to the same ha_chasis_group
-ovn-nbctl lr-add lr1
-ovn-nbctl lrp-add lr1 lr1-public 00:00:20:20:12:14 182.168.0.100/24
-
-ovn-nbctl set logical_router_port lr1-public ha_chassis_group=$hagrp1_uuid
-
-# We should still have 1 HA chassis group and 3 HA chassis in SB DB.
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Change the priority of ch1 - ha chassis in NB DB. It should get
-# reflected in SB DB.
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch1 100
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns priority find \
-ha_chassis | grep 100 | wc -l`])
-
-# Delete ch1 HA chassis in NB DB.
-ovn-nbctl --wait=sb ha-chassis-group-remove-chassis hagrp1 ch1
-
-OVS_WAIT_UNTIL([test 2 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Add back the ha chassis
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch1 40
-OVS_WAIT_UNTIL([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Delete lr0-public. We should still have 1 HA chassis group and
-# 3 HA chassis in SB DB.
-ovn-nbctl --wait=sb lrp-del lr0-public
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Delete lr1-public. There should be no HA chassis group in SB DB.
-ovn-nbctl --wait=sb lrp-del lr1-public
-
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 0 = `ovn-sbctl list ha_chassis | grep chassis | wc -l`])
-
-# Add lr0-public again
-ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24
-ovn-nbctl set logical_router_port lr0-public ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Create a Gateway chassis. ovn-northd should ignore this.
-ovn-nbctl lrp-set-gateway-chassis lr0-public ch-1 20
-
-# There should be only 1 HA chassis group in SB DB with the
-# name hagrp1.
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group | wc -l`])
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Now delete HA chassis group. ovn-northd should create HA chassis group
-# with the Gateway chassis name
-ovn-nbctl clear logical_router_port lr0-public ha_chassis_group
-ovn-nbctl ha-chassis-group-del hagrp1
-
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="lr0-public" | wc -l`])
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns _uuid \
-find ha_chassis | wc -l`])
-
-ovn-nbctl lrp-set-gateway-chassis lr0-public ch2 10
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="lr0-public" | wc -l`])
-
-ovn-sbctl --bare --columns _uuid find ha_chassis
-OVS_WAIT_UNTIL([test 2 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Test if 'ref_chassis' column is properly set or not in
-# SB DB ha_chassis_group.
-ovn-nbctl ls-add sw0
-ovn-nbctl lsp-add sw0 sw0-p1
-
-ovn-sbctl chassis-add ch2 geneve 127.0.0.3
-ovn-sbctl chassis-add ch3 geneve 127.0.0.4
-ovn-sbctl chassis-add comp1 geneve 127.0.0.5
-ovn-sbctl chassis-add comp2 geneve 127.0.0.6
-
-ovn-nbctl lrp-add lr0 lr0-sw0 00:00:20:20:12:14 10.0.0.1/24
-ovn-nbctl lsp-add sw0 sw0-lr0
-ovn-nbctl lsp-set-type sw0-lr0 router
-ovn-nbctl lsp-set-addresses sw0-lr0 router
-ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
-
-ovn-sbctl lsp-bind sw0-p1 comp1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw0-p1` = xup])
-
-comp1_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="comp1"`
-comp2_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="comp2"`
-ch2_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="comp1"`
-
-echo "comp1_ch_uuid = $comp1_ch_uuid"
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp1_ch_uuid" = "$ref_ch_list"])
-
-# unbind sw0-p1
-ovn-sbctl lsp-unbind sw0-p1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw0-p1` = xdown])
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "" = "$ref_ch_list"])
-
-# Bind sw0-p1 in comp2
-ovn-sbctl lsp-bind sw0-p1 comp2
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp2_ch_uuid" = "$ref_ch_list"])
-
-ovn-nbctl ls-add sw1
-ovn-nbctl lsp-add sw1 sw1-p1
-ovn-nbctl lr-add lr1
-ovn-nbctl lrp-add lr1 lr1-sw1 00:00:20:20:12:15 20.0.0.1/24
-ovn-nbctl lsp-add sw1 sw1-lr1
-ovn-nbctl lsp-set-type sw1-lr1 router
-ovn-nbctl lsp-set-addresses sw1-lr1 router
-ovn-nbctl lsp-set-options sw1-lr1 router-port=lr1-sw1
-
-# Bind sw1-p1 in comp1.
-ovn-sbctl lsp-bind sw1-p1 comp1
-# Wait until sw1-p1 is up
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw1-p1` = xup])
-
-# sw1-p1 is not connected to lr0. So comp1 should not be in 'ref_chassis'
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp2_ch_uuid" = "$ref_ch_list"])
-
-# Now attach sw0 to lr1
-ovn-nbctl lrp-add lr1 lr1-sw0 00:00:20:20:12:16 10.0.0.10/24
-ovn-nbctl lsp-add sw0 sw0-lr1
-ovn-nbctl lsp-set-type sw0-lr1 router
-ovn-nbctl lsp-set-addresses sw0-lr1 router
-ovn-nbctl lsp-set-options sw0-lr1 router-port=lr1-sw0
-
-# Both comp1 and comp2 should be in 'ref_chassis' as sw1 is indirectly
-# connected to lr0
-exp_ref_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list chassis | sort`
-do
- if test $i = $comp1_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- elif test $i = $comp2_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- fi
-done
-
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# Unind sw1-p1. comp2 should not be in the ref_chassis.
-ovn-sbctl lsp-unbind sw1-p1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw1-p1` = xdown])
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp2_ch_uuid" = "$ref_ch_list"])
-
-# Create sw2 and attach it to lr2
-ovn-nbctl ls-add sw2
-ovn-nbctl lsp-add sw2 sw2-p1
-ovn-nbctl lr-add lr2
-ovn-nbctl lrp-add lr2 lr2-sw2 00:00:20:20:12:17 30.0.0.1/24
-ovn-nbctl lsp-add sw2 sw2-lr2
-ovn-nbctl lsp-set-type sw2-lr2 router
-ovn-nbctl lsp-set-addresses sw2-lr2 router
-ovn-nbctl lsp-set-options sw2-lr2 router-port=lr2-sw2
-
-# Bind sw2-p1 to comp1
-ovn-sbctl lsp-bind sw2-p1 comp1
-# Wait until sw2-p1 is up
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw2-p1` = xup])
-
-# sw2-p1 is not connected to lr0. So comp1 should not be in 'ref_chassis'
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp2_ch_uuid" = "$ref_ch_list"])
-
-# Now attach sw1 to lr2. With this sw2-p1 is indirectly connected to lr0.
-ovn-nbctl lrp-add lr2 lr2-sw1 00:00:20:20:12:18 20.0.0.10/24
-ovn-nbctl lsp-add sw1 sw1-lr2
-ovn-nbctl lsp-set-type sw1-lr2 router
-ovn-nbctl lsp-set-addresses sw1-lr2 router
-ovn-nbctl lsp-set-options sw1-lr2 router-port=lr2-sw1
-
-# sw2-p1 is indirectly connected to lr0. So comp1 (and comp2) should be in
-# 'ref_chassis'
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# Create sw0-p2 and bind it to comp1
-ovn-nbctl lsp-add sw0 sw0-p2
-ovn-sbctl lsp-bind sw0-p2 comp1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw0-p2` = xup])
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# unbind sw0-p2
-ovn-sbctl lsp-unbind sw0-p2
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw0-p2` = xdown])
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# Delete lr1-sw0. comp1 should be deleted from ref_chassis as there is no link
-# from sw1 and sw2 to lr0.
-ovn-nbctl lrp-del lr1-sw0
-
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$comp2_ch_uuid" = "$ref_ch_list"])
-
-# Set redirect-chassis option to lr0-public. It should be ignored.
-ovn-nbctl set logical_router_port lr0-public options:redirect-chassis=ch1
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group | wc -l`])
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="lr0-public" | wc -l`])
-
-ovn-sbctl --bare --columns _uuid find ha_chassis
-OVS_WAIT_UNTIL([test 2 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Delete the gateway chassis. HA chassis group should be created in SB DB
-# for the redirect-chassis option.
-ovn-nbctl clear logical_router_port lr0-public gateway_chassis
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group | wc -l`])
-
-ovn-sbctl list ha_chassis_group
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="lr0-public_ch1" | wc -l`])
-
-ovn-sbctl --bare --columns _uuid find ha_chassis
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl list ha_chassis | grep chassis |
-grep -v chassis-name | wc -l`])
-
-# Clear the redirect-chassis option.
-ovn-nbctl clear logical_router_port lr0-public options
-
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis_group | wc -l`])
-AT_CHECK([test 0 = `ovn-sbctl list ha_chassis | wc -l`])
-
-# Delete old sw0.
-ovn-nbctl ls-del sw0
-
-# Create external logical ports and associate ha_chassis_group
-ovn-nbctl ls-add sw0
-ovn-nbctl lsp-add sw0 sw0-pext1
-ovn-nbctl lsp-add sw0 sw0-pext2
-ovn-nbctl lsp-add sw0 sw0-p1
-
-ovn-nbctl lsp-set-addresses sw0-pext1 "00:00:00:00:00:03 10.0.0.3"
-ovn-nbctl lsp-set-addresses sw0-pext2 "00:00:00:00:00:03 10.0.0.4"
-ovn-nbctl lsp-set-addresses sw0-p1 "00:00:00:00:00:03 10.0.0.5"
-
-ovn-nbctl --wait=sb ha-chassis-group-add hagrp1
-
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch1 30
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch2 20
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 ch3 10
-
-# ovn-northd should not create HA chassis group and HA chassis rows
-# unless the HA chassis group in OVN NB DB is associated to
-# a logical router port or logical port of type external.
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis_group | wc -l`])
-AT_CHECK([test 0 = `ovn-sbctl list ha_chassis | wc -l`])
-
-hagrp1_uuid=`ovn-nbctl --bare --columns _uuid find ha_chassis_group \
-name=hagrp1`
-
-# The type of the lsp - sw0-pext1 is still not set to external.
-# So ha_chassis_group should be ignored.
-ovn-nbctl set logical_switch_port sw0-pext1 ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 0 = `ovn-sbctl list ha_chassis | grep chassis | wc -l`])
-
-# Set the type of sw0-pext1 to external
-ovn-nbctl lsp-set-type sw0-pext1 external
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-sb_hagrp1_uuid=`ovn-sbctl --bare --columns _uuid find ha_chassis_group \
-name=hagrp1`
-
-AT_CHECK([test "$sb_hagrp1_uuid" = `ovn-sbctl --bare --columns \
-ha_chassis_group find port_binding logical_port=sw0-pext1`])
-
-# Set the type of sw0-pext2 to external and associate ha_chassis_group
-ovn-nbctl lsp-set-type sw0-pext2 external
-ovn-nbctl set logical_switch_port sw0-pext2 ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis |
-grep -v chassis-name | wc -l`])
-AT_CHECK([test "$sb_hagrp1_uuid" = `ovn-sbctl --bare --columns \
-ha_chassis_group find port_binding logical_port=sw0-pext1`])
-
-OVS_WAIT_UNTIL([test "$sb_hagrp1_uuid" = `ovn-sbctl --bare --columns \
-ha_chassis_group find port_binding logical_port=sw0-pext2`])
-
-# sw0-p1 is a normal port. So ha_chassis_group should not be set
-# in port_binding.
-ovn-nbctl --wait=sb set logical_switch_port sw0-p1 \
-ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test x$(ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=sw0-p1) = x], [0], [])
-
-# Clear ha_chassis_group for sw0-pext1
-ovn-nbctl --wait=sb clear logical_switch_port sw0-pext1 ha_chassis_group
-
-OVS_WAIT_UNTIL([test x$(ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=sw0-pext1) = x], [0], [])
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns name find \
-ha_chassis_group name="hagrp1" | wc -l`])
-
-AT_CHECK([test 3 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-# Clear ha_chassis_group for sw0-pext2
-ovn-nbctl --wait=sb clear logical_switch_port sw0-pext2 ha_chassis_group
-
-OVS_WAIT_UNTIL([test x$(ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=sw0-pext2) = x], [0], [])
-
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis_group | wc -l`])
-AT_CHECK([test 0 = `ovn-sbctl list ha_chassis | wc -l`])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-AT_CLEANUP
diff --git a/tests/ovn-performance.at b/tests/ovn-performance.at
deleted file mode 100644
index a8a15f8fe6e..00000000000
--- a/tests/ovn-performance.at
+++ /dev/null
@@ -1,424 +0,0 @@
-#
-# Tests targeting performance of OVN components.
-#
-
-m4_divert_push([PREPARE_TESTS])
-
-# vec_cmp VALUE_VEC OP-VALUE_VEC
-#
-# Compares each value from VALUE_VEC to the operator-value pair from the
-# OP-VALUE_VEC.
-#
-# VALUE_VEC must be a list of values separated by a character from $IFS.
-# OP-VALUE_VEC must be a list of operator-value expressions separated by a
-# character from $IFS. Operator-value expressions cannot contain any characters
-# from $IFS like spaces. '=' is treated as an equality operator ('==') for
-# conciseness.
-#
-# Returns the result of each comparison as a list of boolean values (0 or 1)
-# separated by a new-line character.
-vec_cmp() {
- local a b i j
-
- i=0
- for a in $1; do
- j=0
- for b in $2; do
- if test $i -eq $j; then
- # Replace assignment '=' with equality comparison '=='
- case "$b" in
- =[[0-9]]*) b="=$b" ;;
- esac
-
- echo $(($a $b))
- break
- fi
- j=$((j + 1))
- done
- i=$((i + 1))
- done
-}
-
-# vec_sub VEC_A VEC_B
-#
-# Subtracts two vectors:
-#
-# VEC_A = [a1, a2, ...]
-# VEC_B = [b1, b2, ...]
-# OUT = [(a1 - b1), (a2 - b2), ...]
-#
-# VEC_A and VEC_B must be lists of values separated by a character from $IFS.
-vec_sub() {
- local a b i j
-
- i=0
- for a in $1; do
- j=0
- for b in $2; do
- if test $i -eq $j; then
- echo $((a - b))
- break
- fi
- j=$((j + 1))
- done
- i=$((i + 1))
- done
-}
-
-# vec_fold VEC OP
-#
-# Reduces a vector to a single value by applying the binary operator OP (i.e.,
-# one that requires two arguments) cumulatively to all vector elements from left
-# to right:
-#
-# VEC = [e1, e2, e3 ...]
-# OUT = (...((e1 OP e2) OP e3) OP ...)
-#
-# VEC must be a list of values separated by a character from $IFS.
-vec_fold() {
- local first op prod
-
- first=1
- op=$2
- for a in $1; do
- if test $first -eq 1; then
- prod=$a
- first=0
- else
- prod=$((prod $op a))
- fi
- done
- echo $prod
-}
-
-# read_counters SANDBOXES TARGET COUNTER
-#
-# Prints out the coverage COUNTER for the TARGET in each of the SANDBOXES.
-#
-# SANDBOXES must be a list of strings separated by a character from $IFS.
-read_counters() {
- local sims="$1" target="$2" counter="$3"
-
- for sim in $sims; do
- as $sim ovs-appctl -t "$target" coverage/read-counter "$counter" || return 1
- done
-}
-
-# counter_delta_ SANDBOXES TARGET COUNTER COMMAND
-#
-# Runs the COMMAND and reports the COUNTER change registered during the command
-# run for the given TARGET in each of the SANDBOXES.
-counter_delta_() {
- local sims="$1" target="$2" counter="$3" cmd="$4"
- local before after
-
- before=$(read_counters "$sims" "$target" "$counter") || return 1
- eval "$cmd" >/dev/null || return 1
- after=$(read_counters "$sims" "$target" "$counter") || return 1
-
- vec_sub "$after" "$before"
-}
-
-# counter_delta SANDBOXES TARGET COUNTER COMMAND
-#
-# Same as counter_delta_ but also prints the COUNTER values together with the
-# COMMAND to standard error.
-counter_delta() {
- local cmd="$4"
- local v
-
- v=$(counter_delta_ "$@") || return 1
-
- # Dump the counters and the command for troubleshooting
- echo "$v" | tr '\n' '\t' >&2
- echo "$cmd" >&2
-
- echo "$v"
-}
-
-# vec_cmp_counter_delta SANDBOXES TARGET COUNTER CONDS COMMAND
-#
-# Check if COUNTER change in the TARGET app in each of the SANDBOXES after
-# running the COMMAND meets the conditions listed as operator-value pairs in
-# CONDS.
-vec_cmp_counter_delta() {
- local v
-
- v=$(counter_delta "$1" "$2" "$3" "$5") || return 1
- v=$(vec_cmp "$v" "$4") || return 1
- v=$(vec_fold "$v" "&&") || return 1
-
- echo "$v"
-}
-
-# cmp_counter_delta SANDBOXES TARGET COUNTER COND COMMAND
-#
-# Check if COUNTER change in the TARGET app in each of the SANDBOXES after
-# running the COMMAND meets the COND condition given as a operator-value pair.
-cmp_counter_delta() {
- local conds=""
-
- # Use the same condition for each sandbox
- for _ in $1; do
- conds="$conds $4"
- done
-
- vec_cmp_counter_delta "$1" "$2" "$3" "$conds" "$5"
-}
-
-m4_divert_pop([PREPARE_TESTS])
-
-# CHECK_COUNTER_DELTA_IS_ZERO SANDBOXES TARGET COUNTER COMMAND
-#
-# Runs the COMMAND and checks if the COUNTER value for the TARGET in all of
-# the SANDBOXES did not change.
-m4_define([CHECK_COUNTER_DELTA_IS_ZERO],[
- rv=$(cmp_counter_delta "$1" "$2" "$3" "=0" "$4")
- rc=$?
- AT_CHECK([test $rc -eq 0 -a $rv -eq 1])
-])
-
-# CHECK_COUNTER_DELTA_IS_NOT_ZERO SANDBOXES TARGET COUNTER COMMAND
-#
-# Runs the COMMAND and checks if the COUNTER value for the TARGET in
-# all of the SANDBOXES has changed.
-m4_define([CHECK_COUNTER_DELTA_IS_NOT_ZERO],[
- rv=$(cmp_counter_delta "$1" "$2" "$3" ">0" "$4")
- rc=$?
- AT_CHECK([test $rc -eq 0 -a $rv -eq 1])
-])
-
-# CHECK_COUNTER_DELTA_COND SANDBOXES TARGET COUNTER CONDS COMMAND
-#
-# Runs the COMMAND and checks if the COUNTER value for the TARGET in all of the
-# SANDBOXES satisfies the conditions listed in CONDS.
-m4_define([CHECK_COUNTER_DELTA_COND],[
- rv=$(vec_cmp_counter_delta "$1" "$2" "$3" "$4" "$5")
- rc=$?
- AT_CHECK([test $rc -eq 0 -a $rv -eq 1])
-])
-
-# OVN_CONTROLLER_EXPECT_HIT SANDBOXES COUNTER COMMAND
-#
-# Checks if the COUNTER value has changed for any of the ovn-controller
-# processes in the SANDBOXES when the COMMAND was run.
-m4_define([OVN_CONTROLLER_EXPECT_HIT],[
- CHECK_COUNTER_DELTA_IS_NOT_ZERO([$1], [ovn-controller], [$2], [$3])
-])
-
-# OVN_CONTROLLER_EXPECT_NO_HIT SANDBOXES COUNTER COMMAND
-#
-# Checks if the COUNTER value has not changed for any of the ovn-controller
-# processes in the SANDBOXES when the COMMAND was run.
-m4_define([OVN_CONTROLLER_EXPECT_NO_HIT],[
- CHECK_COUNTER_DELTA_IS_ZERO([$1], [ovn-controller], [$2], [$3])
-])
-
-# OVN_CONTROLLER_EXPECT_HIT_COND SANDBOXES COUNTER CONDS COMMAND
-#
-# Checks if the change of the COUNTER value, when the COMMAND was run, of the
-# ovn-controller process in each of the SANDBOXES meets the conditions in
-# CONDS. CONDS must be a list of operator-value pairs, for example "[>0 =0]",
-# following the same order as SANDBOXES.
-m4_define([OVN_CONTROLLER_EXPECT_HIT_COND],[
- CHECK_COUNTER_DELTA_COND([$1], [ovn-controller], [$2], [$3], [$4])
-])
-
-AT_SETUP([ovn -- ovn-controller incremental processing])
-# Check which operations the trigger full logical flow processing.
-#
-# Create and destroy logical routers, switches, ports, address sets and ACLs
-# while counting calls to lflow_run() in ovn-controller.
-
-ovn_start
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-done
-
-# Add router lr1
-OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lr-add lr1]
-)
-
-for i in 1 2; do
- ls=ls$i
- lsp=$ls-lr1
- lrp=lr1-$ls
-
- # Add switch $ls
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv ls-add $ls]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv add Logical_Switch $ls other_config subnet=10.0.$i.0/24]
- )
-
- # Add router port to $ls
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lrp-add lr1 $lrp 02:00:00:00:0$i:01 10.0.$i.1/24]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-add $ls $lsp]
- )
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-set-type $lsp router]
- )
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-set-options $lsp router-port=$lrp]
- )
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-set-addresses $lsp router]
- )
-done
-
-get_lsp_uuid () {
- ovn-nbctl lsp-list ls${1#lp} | grep $1 | awk '{ print $1 }'
-}
-
-pg_ports=
-
-for i in 1 2; do
- j=$((i%2 + 1))
- as=as$i
- ls=ls$i
- lp=lp$i
- vif=vif$i
-
- # Add port $lp
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-add $ls $lp]
- )
-
- pg_ports="$pg_port `get_lsp_uuid $lp`"
-
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lsp-set-addresses $lp "dynamic"]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl wait-until Logical_Switch_Port $lp dynamic_addresses!=[[]] &&
- ovn-nbctl --wait=hv sync]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl get Logical_Switch_Port $lp dynamic_addresses &&
- ovn-nbctl --wait=hv sync]
- )
-
- # Add address set $as
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv create Address_Set name="$as"]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv add Address_Set "$as" addresses "10.0.$i.10"]
- )
-
- # Add ACLs for port $lp
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv acl-add $ls to-lport 1001 'outport == \"$lp\" && ip4.src == \$$as' allow]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv acl-add $ls to-lport 1000 'outport == \"$lp\"' drop]
- )
-
- # Bind port $lp and wait for it to come up
- OVN_CONTROLLER_EXPECT_HIT_COND(
- [hv$i hv$j], [lflow_run], [>0 =0],
- [as hv$i ovs-vsctl add-port br-int $vif -- set Interface $vif external-ids:iface-id=$lp &&
- ovn-nbctl wait-until Logical_Switch_Port $lp 'up=true' &&
- ovn-nbctl --wait=hv sync]
- )
-done
-
-for i in 1 2; do
- j=$((i%2 + 1))
- as=as$i
- ls=ls$i
- lp=lp$i
-
- # Delete ACLs for port $lp
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv acl-del $ls to-lport 1001 'outport == \"$lp\" && ip4.src == \$$as']
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv acl-del $ls to-lport 1000 'outport == \"$lp\"']
- )
-
- # Delete address set $as
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv remove Address_Set "$as" addresses "10.0.$i.10"]
- )
- OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv destroy Address_Set "$as"]
- )
-done
-
-OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv create Port_Group name=pg1 ports=\"$pg_ports\"]
-)
-
-# Add ACLs for port group pg1
-OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv acl-add pg1 to-lport 1001 'outport == @pg1 && ip4.src == $pg1_ip4' allow]
-)
-
-for i in 1 2; do
- j=$((i%2 + 1))
- lp=lp$i
-
- # Delete port $lp
- OVN_CONTROLLER_EXPECT_HIT_COND(
- [hv$i hv$j], [lflow_run], [>0 =0],
- [ovn-nbctl --wait=hv lsp-del $lp]
- )
-done
-
-# Delete port group pg1
-OVN_CONTROLLER_EXPECT_NO_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv destroy Port_Group pg1]
-)
-
-for i in 1 2; do
- ls=ls$i
-
- # Delete switch $ls
- OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv ls-del $ls]
- )
-done
-
-# Delete router lr1
-OVN_CONTROLLER_EXPECT_HIT(
- [hv1 hv2], [lflow_run],
- [ovn-nbctl --wait=hv lr-del lr1]
-)
-
-OVN_CLEANUP([hv1], [hv2])
-
-AT_CLEANUP
diff --git a/tests/ovn-sbctl.at b/tests/ovn-sbctl.at
deleted file mode 100644
index 650e357dad4..00000000000
--- a/tests/ovn-sbctl.at
+++ /dev/null
@@ -1,150 +0,0 @@
-AT_BANNER([ovn-sbctl])
-
-# OVN_SBCTL_TEST_START
-m4_define([OVN_SBCTL_TEST_START],
- [dnl Create databases (ovn-nb, ovn-sb).
- AT_KEYWORDS([ovn])
- for daemon in ovn-nb ovn-sb; do
- AT_CHECK([ovsdb-tool create $daemon.db $abs_top_srcdir/${daemon%%-*}/${daemon}.ovsschema])
- done
-
- dnl Start ovsdb-servers.
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovnnb_db.pid --unixctl=$OVS_RUNDIR/ovnnb_db.ctl --log-file=ovsdb_nb.log --remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db ], [0], [], [stderr])
- AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovnsb_db.pid --unixctl=$OVS_RUNDIR/ovnsb_db.ctl --log-file=ovsdb_sb.log --remote=punix:$OVS_RUNDIR/ovnsb_db.sock ovn-sb.db], [0], [], [stderr])
- on_exit "kill `cat ovnnb_db.pid` `cat ovnsb_db.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d
-/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
- AT_CAPTURE_FILE([ovsdb-server.log])
-
- dnl Start ovn-northd.
- AT_CHECK([ovn-northd --detach --no-chdir --pidfile --log-file --ovnnb-db=unix:$OVS_RUNDIR/ovnnb_db.sock --ovnsb-db=unix:$OVS_RUNDIR/ovnsb_db.sock], [0], [], [stderr])
- on_exit "kill `cat ovn-northd.pid`"
- AT_CHECK([[sed < stderr '
-/vlog|INFO|opened log file/d']])
- AT_CAPTURE_FILE([ovn-northd.log])
-])
-
-# OVN_SBCTL_TEST_STOP
-m4_define([OVN_SBCTL_TEST_STOP],
- [AT_CHECK([check_logs "$1"])
- OVS_APP_EXIT_AND_WAIT([ovn-northd])
- OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovnnb_db.ctl], [$OVS_RUNDIR/ovnnb_db.pid])
- OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovnsb_db.ctl], [$OVS_RUNDIR/ovnsb_db.pid])])
-
-dnl ---------------------------------------------------------------------
-
-AT_SETUP([ovn-sbctl - chassis commands])
-OVN_SBCTL_TEST_START
-ovn_init_db ovn-sb
-
-AT_CHECK([ovn-sbctl chassis-add ch0 geneve 1.2.3.4])
-AT_CHECK([ovn-sbctl -f csv -d bare --no-headings --columns ip,type list encap | sort],
- [0], [dnl
-1.2.3.4,geneve
-])
-
-AT_CHECK([ovn-sbctl chassis-add ch1 stt,geneve,vxlan 1.2.3.5])
-AT_CHECK([ovn-sbctl -f csv -d bare --no-headings --columns ip,type list encap | sort],
- [0], [dnl
-1.2.3.4,geneve
-1.2.3.5,geneve
-1.2.3.5,stt
-1.2.3.5,vxlan
-])
-
-AT_CHECK([ovn-sbctl chassis-del ch0])
-AT_CHECK([ovn-sbctl -f csv -d bare --no-headings --columns ip,type list encap | sort],
- [0], [dnl
-1.2.3.5,geneve
-1.2.3.5,stt
-1.2.3.5,vxlan
-])
-
-OVN_SBCTL_TEST_STOP
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-AT_CLEANUP
-
-dnl ---------------------------------------------------------------------
-
-AT_SETUP([ovn-sbctl])
-OVN_SBCTL_TEST_START
-
-AT_CHECK([ovn-nbctl ls-add br-test])
-AT_CHECK([ovn-nbctl lsp-add br-test vif0])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif0 f0:ab:cd:ef:01:02])
-AT_CHECK([ovn-sbctl chassis-add ch0 stt 1.2.3.5])
-AT_CHECK([ovn-nbctl --wait=sb sync])
-AT_CHECK([ovn-sbctl lsp-bind vif0 ch0])
-
-AT_CHECK([ovn-sbctl show], [0], [dnl
-Chassis ch0
- Encap stt
- ip: "1.2.3.5"
- options: {csum="true"}
- Port_Binding vif0
-])
-
-# adds another 'vif1'
-AT_CHECK([ovn-nbctl --wait=sb lsp-add br-test vif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses vif1 f0:ab:cd:ef:01:03])
-AT_CHECK([ovn-sbctl lsp-bind vif1 ch0])
-
-AT_CHECK([ovn-sbctl show | sed 's/vif[[0-9]]/vif/'], [0], [dnl
-Chassis ch0
- Encap stt
- ip: "1.2.3.5"
- options: {csum="true"}
- Port_Binding vif
- Port_Binding vif
-])
-
-# deletes 'vif1'
-AT_CHECK([ovn-nbctl lsp-del vif1])
-AT_CHECK([ovn-nbctl --wait=sb sync])
-
-AT_CHECK([ovn-sbctl show], [0], [dnl
-Chassis ch0
- Encap stt
- ip: "1.2.3.5"
- options: {csum="true"}
- Port_Binding vif0
-])
-
-uuid=$(ovn-sbctl --columns=_uuid list Chassis ch0 | cut -d ':' -f2 | tr -d ' ')
-AT_CHECK_UNQUOTED([ovn-sbctl --columns=logical_port,mac,chassis list Port_Binding], [0], [dnl
-logical_port : vif0
-mac : [["f0:ab:cd:ef:01:02"]]
-chassis : ${uuid}
-])
-
-# test the passing down of logical port type and options.
-AT_CHECK([ovn-nbctl --wait=sb lsp-add br-test vtep0])
-AT_CHECK([ovn-nbctl lsp-set-type vtep0 vtep])
-AT_CHECK([ovn-nbctl lsp-set-options vtep0 vtep_physical_switch=p0 vtep_logical_switch=l0])
-
-AT_CHECK([ovn-sbctl --timeout=10 wait-until Port_Binding vtep0 options!={}])
-AT_CHECK([ovn-sbctl --columns=logical_port,mac,type,options list Port_Binding vtep0], [0], [dnl
-logical_port : vtep0
-mac : [[]]
-type : vtep
-options : {vtep_logical_switch=l0, vtep_physical_switch=p0}
-])
-
-OVN_SBCTL_TEST_STOP
-AT_CLEANUP
-
-dnl ---------------------------------------------------------------------
-
-AT_SETUP([ovn-sbctl - connection])
-OVN_SBCTL_TEST_START
-
-AT_CHECK([ovn-sbctl --inactivity-probe=30000 set-connection ptcp:6641:127.0.0.1 punix:$OVS_RUNDIR/ovnsb_db.sock])
-AT_CHECK([ovn-sbctl list connection | grep inactivity_probe], [0], [dnl
-inactivity_probe : 30000
-inactivity_probe : 30000
-])
-
-OVN_SBCTL_TEST_STOP
-AT_CLEANUP
diff --git a/tests/ovn.at b/tests/ovn.at
deleted file mode 100644
index cb380d27576..00000000000
--- a/tests/ovn.at
+++ /dev/null
@@ -1,14702 +0,0 @@
-# OVN_CHECK_PACKETS([PCAP], [EXPECTED])
-#
-# This compares packets read from PCAP, in pcap format, to those read
-# from EXPECTED, which is a text file containing packets as hex
-# strings, one per line. If PCAP contains fewer packets than
-# EXPECTED, it waits up to 10 seconds for more packets to appear.
-#
-# The implementation is an m4 macro that is mostly implemented in
-# terms of a shell function. This reduces the size of the generated
-# testsuite file since the shell function is only emitted once even
-# when this macro is invoked many times.
-m4_divert_text([PREPARE_TESTS],
- [ovn_check_packets__ () {
- echo
- echo "checking packets in $1 against $2:"
- rcv_pcap=$1
- rcv_text=`echo "$rcv_pcap.packets" | sed 's/\.pcap//'`
- exp_text=$2
- exp_n=`wc -l < "$exp_text"`
- OVS_WAIT_UNTIL(
- [$PYTHON "$top_srcdir/utilities/ovs-pcap.in" $rcv_pcap > $rcv_text
- rcv_n=`wc -l < "$rcv_text"`
- echo "rcv_n=$rcv_n exp_n=$exp_n"
- test $rcv_n -ge $exp_n])
- sort $exp_text > expout
- }
-])
-m4_define([OVN_CHECK_PACKETS],
- [ovn_check_packets__ "$1" "$2"
- AT_CHECK([sort $rcv_text], [0], [expout])])
-
-AT_BANNER([OVN components])
-
-AT_SETUP([ovn -- lexer])
-dnl For lines without =>, input and expected output are identical.
-dnl For lines with =>, input precedes => and expected output follows =>.
-AT_DATA([test-cases.txt], [dnl
-foo bar baz quuxquuxquux _abcd_ a.b.c.d a123_.456
-"abc\u0020def" => "abc def"
-" => error("Input ends inside quoted string.")dnl "
-
-$foo $bar $baz $quuxquuxquux $_abcd_ $a.b.c.d $a123_.456
-$1 => error("`$' must be followed by a valid identifier.") 1
-
-a/*b*/c => a c
-a//b c => a
-a/**/b => a b
-a/*/b => a error("`/*' without matching `*/'.")
-a/*/**/b => a b
-a/b => a error("`/' is only valid as part of `//' or `/*'.") b
-
-0 1 12345 18446744073709551615
-18446744073709551616 => error("Decimal constants must be less than 2**64.")
-9999999999999999999999 => error("Decimal constants must be less than 2**64.")
-01 => error("Decimal constants must not have leading zeros.")
-
-0/0
-0/1
-1/0 => error("Value contains unmasked 1-bits.")
-1/1
-128/384
-1/3
-1/ => error("Integer constant expected.")
-
-1/0x123 => error("Value and mask have incompatible formats.")
-
-0x1234
-0x01234 => 0x1234
-0x0 => 0
-0x000 => 0
-0xfedcba9876543210
-0XFEDCBA9876543210 => 0xfedcba9876543210
-0xfedcba9876543210fedcba9876543210
-0x0000fedcba9876543210fedcba9876543210 => 0xfedcba9876543210fedcba9876543210
-0x => error("Hex digits expected following 0x.")
-0X => error("Hex digits expected following 0X.")
-0x0/0x0 => 0/0
-0x0/0x1 => 0/0x1
-0x1/0x0 => error("Value contains unmasked 1-bits.")
-0xffff/0x1ffff
-0x. => error("Invalid syntax in hexadecimal constant.")
-
-192.168.128.1 1.2.3.4 255.255.255.255 0.0.0.0
-256.1.2.3 => error("Invalid numeric constant.")
-192.168.0.0/16
-192.168.0.0/255.255.0.0 => 192.168.0.0/16
-192.168.0.0/255.255.255.0 => 192.168.0.0/24
-192.168.0.0/255.255.0.255
-192.168.0.0/255.0.0.0 => error("Value contains unmasked 1-bits.")
-192.168.0.0/32
-192.168.0.0/255.255.255.255 => 192.168.0.0/32
-1.2.3.4:5 => 1.2.3.4 : 5
-
-::
-::1
-ff00::1234 => ff00::1234
-2001:db8:85a3::8a2e:370:7334
-2001:db8:85a3:0:0:8a2e:370:7334 => 2001:db8:85a3::8a2e:370:7334
-2001:0db8:85a3:0000:0000:8a2e:0370:7334 => 2001:db8:85a3::8a2e:370:7334
-::ffff:192.0.2.128
-::ffff:c000:0280 => ::ffff:192.0.2.128
-::1/::1
-::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff => ::1/128
-::1/128
-ff00::/8
-ff00::/ff00:: => ff00::/8
-
-01:23:45:67:ab:cd
-01:23:45:67:AB:CD => 01:23:45:67:ab:cd
-fe:dc:ba:98:76:54
-FE:DC:ba:98:76:54 => fe:dc:ba:98:76:54
-01:00:00:00:00:00/01:00:00:00:00:00
-ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
-fe:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
-ff:ff:ff:ff:ff:ff/fe:ff:ff:ff:ff:ff => error("Value contains unmasked 1-bits.")
-fe:x => error("Invalid numeric constant.")
-00:01:02:03:04:x => error("Invalid numeric constant.")
-
-# Test that operators are tokenized as expected, even without white space.
-(){}[[]]==!=<<=>>=!&&||..,;=<->--: => ( ) { } [[ ]] == != < <= > >= ! && || .. , ; = <-> -- :
-& => error("`&' is only valid as part of `&&'.")
-| => error("`|' is only valid as part of `||'.")
-- => error("`-' is only valid as part of `--'.")
-
-^ => error("Invalid character `^' in input.")
-])
-AT_CAPTURE_FILE([input.txt])
-sed 's/ =>.*//' test-cases.txt > input.txt
-sed 's/.* => //' test-cases.txt > expout
-AT_CHECK([ovstest test-ovn lex < input.txt], [0], [expout])
-AT_CLEANUP
-
-dnl The OVN expression parser needs to know what fields overlap with one
-dnl another. This test therefore verifies that all the smaller registers
-dnl are defined as terms of subfields of the larger ones.
-dnl
-dnl When we add or remove registers this test needs to be updated, of course.
-AT_SETUP([ovn -- registers])
-AT_CHECK([ovstest test-ovn dump-symtab | grep reg | sort], [0],
-[[reg0 = xxreg0[96..127]
-reg1 = xxreg0[64..95]
-reg2 = xxreg0[32..63]
-reg3 = xxreg0[0..31]
-reg4 = xxreg1[96..127]
-reg5 = xxreg1[64..95]
-reg6 = xxreg1[32..63]
-reg7 = xxreg1[0..31]
-reg8 = xreg4[32..63]
-reg9 = xreg4[0..31]
-xreg0 = xxreg0[64..127]
-xreg1 = xxreg0[0..63]
-xreg2 = xxreg1[64..127]
-xreg3 = xxreg1[0..63]
-xreg4 = OXM_OF_PKT_REG4
-xxreg0 = NXM_NX_XXREG0
-xxreg1 = NXM_NX_XXREG1
-]])
-AT_CLEANUP
-
-dnl Check that the OVN conntrack field definitions are correct.
-AT_SETUP([ovn -- conntrack fields])
-AT_CHECK([ovstest test-ovn dump-symtab | grep ^ct | sort], [0],
-[[ct.dnat = ct_state[7]
-ct.est = ct_state[1]
-ct.inv = ct_state[4]
-ct.new = ct_state[0]
-ct.rel = ct_state[2]
-ct.rpl = ct_state[3]
-ct.snat = ct_state[6]
-ct.trk = ct_state[5]
-ct_label = NXM_NX_CT_LABEL
-ct_label.blocked = ct_label[0]
-ct_mark = NXM_NX_CT_MARK
-ct_state = NXM_NX_CT_STATE
-]])
-AT_CLEANUP
-
-AT_SETUP([ovn -- composition])
-AT_CHECK([ovstest test-ovn composition 2], [0], [ignore])
-AT_CLEANUP
-
-AT_SETUP([ovn -- expression parser])
-dnl For lines without =>, input and expected output are identical.
-dnl For lines with =>, input precedes => and expected output follows =>.
-AT_DATA([test-cases.txt], [[
-eth.type == 0x800
-eth.type==0x800 => eth.type == 0x800
-eth.type[0..15] == 0x800 => eth.type == 0x800
-
-vlan.present
-vlan.present == 1 => vlan.present
-!(vlan.present == 0) => vlan.present
-!(vlan.present != 1) => vlan.present
-!vlan.present
-vlan.present == 0 => !vlan.present
-vlan.present != 1 => !vlan.present
-!(vlan.present == 1) => !vlan.present
-!(vlan.present != 0) => !vlan.present
-
-eth.dst[0]
-eth.dst[0] == 1 => eth.dst[0]
-eth.dst[0] != 0 => eth.dst[0]
-!(eth.dst[0] == 0) => eth.dst[0]
-!(eth.dst[0] != 1) => eth.dst[0]
-
-!eth.dst[0]
-eth.dst[0] == 0 => !eth.dst[0]
-eth.dst[0] != 1 => !eth.dst[0]
-!(eth.dst[0] == 1) => !eth.dst[0]
-!(eth.dst[0] != 0) => !eth.dst[0]
-
-vlan.tci[12..15] == 0x3
-vlan.tci == 0x3000/0xf000 => vlan.tci[12..15] == 0x3
-vlan.tci[12..15] != 0x3
-vlan.tci != 0x3000/0xf000 => vlan.tci[12..15] != 0x3
-
-!vlan.pcp => vlan.pcp == 0
-!(vlan.pcp) => vlan.pcp == 0
-vlan.pcp == 0x4
-vlan.pcp != 0x4
-vlan.pcp > 0x4
-vlan.pcp >= 0x4
-vlan.pcp < 0x4
-vlan.pcp <= 0x4
-!(vlan.pcp != 0x4) => vlan.pcp == 0x4
-!(vlan.pcp == 0x4) => vlan.pcp != 0x4
-!(vlan.pcp <= 0x4) => vlan.pcp > 0x4
-!(vlan.pcp < 0x4) => vlan.pcp >= 0x4
-!(vlan.pcp >= 0x4) => vlan.pcp < 0x4
-!(vlan.pcp > 0x4) => vlan.pcp <= 0x4
-0x4 == vlan.pcp => vlan.pcp == 0x4
-0x4 != vlan.pcp => vlan.pcp != 0x4
-0x4 < vlan.pcp => vlan.pcp > 0x4
-0x4 <= vlan.pcp => vlan.pcp >= 0x4
-0x4 > vlan.pcp => vlan.pcp < 0x4
-0x4 >= vlan.pcp => vlan.pcp <= 0x4
-!(0x4 != vlan.pcp) => vlan.pcp == 0x4
-!(0x4 == vlan.pcp) => vlan.pcp != 0x4
-!(0x4 >= vlan.pcp) => vlan.pcp > 0x4
-!(0x4 > vlan.pcp) => vlan.pcp >= 0x4
-!(0x4 <= vlan.pcp) => vlan.pcp < 0x4
-!(0x4 < vlan.pcp) => vlan.pcp <= 0x4
-
-1 < vlan.pcp < 4 => vlan.pcp > 0x1 && vlan.pcp < 0x4
-1 <= vlan.pcp <= 4 => vlan.pcp >= 0x1 && vlan.pcp <= 0x4
-1 < vlan.pcp <= 4 => vlan.pcp > 0x1 && vlan.pcp <= 0x4
-1 <= vlan.pcp < 4 => vlan.pcp >= 0x1 && vlan.pcp < 0x4
-1 <= vlan.pcp <= 4 => vlan.pcp >= 0x1 && vlan.pcp <= 0x4
-4 > vlan.pcp > 1 => vlan.pcp < 0x4 && vlan.pcp > 0x1
-4 >= vlan.pcp > 1 => vlan.pcp <= 0x4 && vlan.pcp > 0x1
-4 > vlan.pcp >= 1 => vlan.pcp < 0x4 && vlan.pcp >= 0x1
-4 >= vlan.pcp >= 1 => vlan.pcp <= 0x4 && vlan.pcp >= 0x1
-!(1 < vlan.pcp < 4) => vlan.pcp <= 0x1 || vlan.pcp >= 0x4
-!(1 <= vlan.pcp <= 4) => vlan.pcp < 0x1 || vlan.pcp > 0x4
-!(1 < vlan.pcp <= 4) => vlan.pcp <= 0x1 || vlan.pcp > 0x4
-!(1 <= vlan.pcp < 4) => vlan.pcp < 0x1 || vlan.pcp >= 0x4
-!(1 <= vlan.pcp <= 4) => vlan.pcp < 0x1 || vlan.pcp > 0x4
-!(4 > vlan.pcp > 1) => vlan.pcp >= 0x4 || vlan.pcp <= 0x1
-!(4 >= vlan.pcp > 1) => vlan.pcp > 0x4 || vlan.pcp <= 0x1
-!(4 > vlan.pcp >= 1) => vlan.pcp >= 0x4 || vlan.pcp < 0x1
-!(4 >= vlan.pcp >= 1) => vlan.pcp > 0x4 || vlan.pcp < 0x1
-
-vlan.pcp == {1, 2, 3, 4} => vlan.pcp == 0x1 || vlan.pcp == 0x2 || vlan.pcp == 0x3 || vlan.pcp == 0x4
-vlan.pcp == 1 || ((vlan.pcp == 2 || vlan.pcp == 3) || vlan.pcp == 4) => vlan.pcp == 0x1 || vlan.pcp == 0x2 || vlan.pcp == 0x3 || vlan.pcp == 0x4
-
-vlan.pcp != {1, 2, 3, 4} => vlan.pcp != 0x1 && vlan.pcp != 0x2 && vlan.pcp != 0x3 && vlan.pcp != 0x4
-vlan.pcp == 1 && ((vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && vlan.pcp == 0x2 && vlan.pcp == 0x3 && vlan.pcp == 0x4
-
-vlan.pcp == 1 && !((vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && (vlan.pcp != 0x2 || vlan.pcp != 0x3 || vlan.pcp != 0x4)
-vlan.pcp == 1 && (!(vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && (vlan.pcp != 0x2 || vlan.pcp != 0x3) && vlan.pcp == 0x4
-vlan.pcp == 1 && !(!(vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && ((vlan.pcp == 0x2 && vlan.pcp == 0x3) || vlan.pcp != 0x4)
-
-ip4.src == {10.0.0.0/8, 192.168.0.0/16, 172.16.20.0/24, 8.8.8.8} => ip4.src[24..31] == 0xa || ip4.src[16..31] == 0xc0a8 || ip4.src[8..31] == 0xac1014 || ip4.src == 0x8080808
-ip6.src == ::1 => ip6.src == 0x1
-
-ip4.src == 1.2.3.4 => ip4.src == 0x1020304
-ip4.src == ::1.2.3.4/::ffff:ffff => ip4.src == 0x1020304
-ip6.src == ::1 => ip6.src == 0x1
-
-1
-0
-!1 => 0
-!0 => 1
-
-inport == "eth0"
-!(inport != "eth0") => inport == "eth0"
-
-(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((0))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) => 0
-
-ip4.src == "eth0" => Integer field ip4.src is not compatible with string constant.
-inport == 1 => String field inport is not compatible with integer constant.
-ip4.src = 1.2.3.4 => Syntax error at `=' expecting relational operator.
-
-ip4.src > {1, 2, 3} => Only == and != operators may be used with value sets.
-eth.type > 0x800 => Only == and != operators may be used with nominal field eth.type.
-vlan.present > 0 => Only == and != operators may be used with Boolean field vlan.present.
-
-inport != "eth0" => Nominal field inport may only be tested for equality (taking enclosing `!' operators into account).
-!(inport == "eth0") => Nominal field inport may only be tested for equality (taking enclosing `!' operators into account).
-eth.type != 0x800 => Nominal field eth.type may only be tested for equality (taking enclosing `!' operators into account).
-!(eth.type == 0x800) => Nominal field eth.type may only be tested for equality (taking enclosing `!' operators into account).
-inport = "eth0" => Syntax error at `=' expecting relational operator.
-
-123 == 123 => Syntax error at `123' expecting field name.
-
-$name => Syntax error at `$name' expecting address set name.
-@name => Syntax error at `@name' expecting port group name.
-
-123 == xyzzy => Syntax error at `xyzzy' expecting field name.
-xyzzy == 1 => Syntax error at `xyzzy' expecting field name.
-
-inport[1] == 1 => Cannot select subfield of string field inport.
-
-eth.type[] == 1 => Syntax error at `@:>@' expecting small integer.
-eth.type[::1] == 1 => Syntax error at `::1' expecting small integer.
-eth.type[18446744073709551615] == 1 => Syntax error at `18446744073709551615' expecting small integer.
-
-eth.type[5!] => Syntax error at `!' expecting `@:>@'.
-
-eth.type[5..1] => Invalid bit range 5 to 1.
-
-eth.type[12..16] => Cannot select bits 12 to 16 of 16-bit field eth.type.
-
-eth.type[10] == 1 => Cannot select subfield of nominal field eth.type.
-
-eth.type => Explicit `!= 0' is required for inequality test of multibit field against 0.
-
-!(!(vlan.pcp)) => Explicit `!= 0' is required for inequality test of multibit field against 0.
-
-123 => Syntax error at end of input expecting relational operator.
-
-123 x => Syntax error at `x' expecting relational operator.
-
-{1, "eth0"} => Syntax error at `"eth0"' expecting integer.
-
-eth.type == xyzzy => Syntax error at `xyzzy' expecting constant.
-
-(1 x) => Syntax error at `x' expecting `)'.
-
-!0x800 != eth.type => Missing parentheses around operand of !.
-
-eth.type == 0x800 || eth.type == 0x86dd && ip.proto == 17 => && and || must be parenthesized when used together.
-
-eth.dst == {} => Syntax error at `}' expecting constant.
-
-eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff => Only == and != operators may be used with masked constants. Consider using subfields instead (e.g. eth.src[0..15] > 0x1111 in place of eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff).
-
-ip4.src == ::1 => 128-bit constant is not compatible with 32-bit field ip4.src.
-
-1 == eth.type == 2 => Range expressions must have the form `x < field < y' or `x > field > y', with each `<' optionally replaced by `<=' or `>' by `>=').
-
-eth.dst[40] x => Syntax error at `x' expecting end of input.
-
-ip4.src == {1.2.3.4, $set1, $unknownset} => Syntax error at `$unknownset' expecting address set name.
-eth.src == {$set3, badmac, 00:00:00:00:00:01} => Syntax error at `badmac' expecting constant.
-
-((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) => Parentheses nested too deeply.
-
-ct_label > $set4 => Only == and != operators may be used to compare a field against an empty value set.
-]])
-sed 's/ =>.*//' test-cases.txt > input.txt
-sed 's/.* => //' test-cases.txt > expout
-AT_CHECK([ovstest test-ovn parse-expr < input.txt], [0], [expout])
-AT_CLEANUP
-
-AT_SETUP([ovn -- expression annotation])
-dnl Input precedes =>, expected output follows =>.
-dnl Empty lines and lines starting with # are ignored.
-AT_DATA([test-cases.txt], [[
-ip4.src == 1.2.3.4 => ip4.src == 0x1020304 && eth.type == 0x800
-ip4.src != 1.2.3.4 => ip4.src != 0x1020304 && eth.type == 0x800
-ip.proto == 123 => ip.proto == 0x7b && (eth.type == 0x800 || eth.type == 0x86dd)
-ip.proto == {123, 234} => (ip.proto == 0x7b || ip.proto == 0xea) && (eth.type == 0x800 || eth.type == 0x86dd)
-ip4.src == 1.2.3.4 && ip4.dst == 5.6.7.8 => ip4.src == 0x1020304 && eth.type == 0x800 && ip4.dst == 0x5060708 && eth.type == 0x800
-
-# Nested expressions over a single symbol should be annotated with symbol's
-# prerequisites only once, at the top level.
-tcp.dst == 1 || (tcp.dst >= 2 && tcp.dst <= 3) => (tcp.dst == 0x1 || (tcp.dst >= 0x2 && tcp.dst <= 0x3)) && ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-
-ip => eth.type == 0x800 || eth.type == 0x86dd
-ip == 1 => eth.type == 0x800 || eth.type == 0x86dd
-ip[0] == 1 => eth.type == 0x800 || eth.type == 0x86dd
-ip > 0 => Only == and != operators may be used with nominal field ip.
-!ip => Nominal predicate ip may only be tested positively, e.g. `ip' or `ip == 1' but not `!ip' or `ip == 0'.
-ip == 0 => Nominal predicate ip may only be tested positively, e.g. `ip' or `ip == 1' but not `!ip' or `ip == 0'.
-
-vlan.present => vlan.tci[12]
-!vlan.present => !vlan.tci[12]
-
-!vlan.pcp => vlan.tci[13..15] == 0 && vlan.tci[12]
-vlan.pcp == 1 && vlan.vid == 2 => vlan.tci[13..15] == 0x1 && vlan.tci[12] && vlan.tci[0..11] == 0x2 && vlan.tci[12]
-!reg0 && !reg1 && !reg2 && !reg3 => xxreg0[96..127] == 0 && xxreg0[64..95] == 0 && xxreg0[32..63] == 0 && xxreg0[0..31] == 0
-
-ip.first_frag => ip.frag[0] && (eth.type == 0x800 || eth.type == 0x86dd) && (!ip.frag[1] || (eth.type != 0x800 && eth.type != 0x86dd))
-!ip.first_frag => !ip.frag[0] || (eth.type != 0x800 && eth.type != 0x86dd) || (ip.frag[1] && (eth.type == 0x800 || eth.type == 0x86dd))
-ip.later_frag => ip.frag[1] && (eth.type == 0x800 || eth.type == 0x86dd)
-
-bad_prereq != 0 => Error parsing expression `xyzzy' encountered as prerequisite or predicate of initial expression: Syntax error at `xyzzy' expecting field name.
-self_recurse != 0 => Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `self_recurse'.
-mutual_recurse_1 != 0 => Error parsing expression `mutual_recurse_2 != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `mutual_recurse_1 != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `mutual_recurse_1'.
-mutual_recurse_2 != 0 => Error parsing expression `mutual_recurse_1 != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `mutual_recurse_2 != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `mutual_recurse_2'.
-]])
-sed 's/ =>.*//' test-cases.txt > input.txt
-sed 's/.* => //' test-cases.txt > expout
-AT_CHECK([ovstest test-ovn annotate-expr < input.txt], [0], [expout])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 1-term expression conversion])
-AT_CHECK([ovstest test-ovn exhaustive --operation=convert 1], [0],
- [Tested converting all 1-terminal expressions with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 2 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2-term expression conversion])
-AT_CHECK([ovstest test-ovn exhaustive --operation=convert 2], [0],
- [Tested converting 578 expressions of 2 terminals with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 2 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 3-term expression conversion])
-AT_CHECK([ovstest test-ovn exhaustive --operation=convert --bits=2 3], [0],
- [Tested converting 67410 expressions of 3 terminals with 2 numeric vars (each 2 bits) in terms of operators == != < <= > >= and 2 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 3-term numeric expression simplification])
-AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=2 --svars=0 3], [0],
- [Tested simplifying 490770 expressions of 3 terminals with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >=.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term string expression simplification])
-AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=0 --svars=4 4], [0],
- [Tested simplifying 21978 expressions of 4 terminals with 4 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 3-term mixed expression simplification])
-AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=1 --svars=1 3], [0],
- [Tested simplifying 127890 expressions of 3 terminals with 1 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 1 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- simplification special cases])
-simplify() {
- echo "$1" | ovstest test-ovn simplify-expr
-}
-AT_CHECK([simplify 'eth.dst == 0/0'], [0], [1
-])
-AT_CHECK([simplify 'eth.dst != 0/0'], [0], [0
-])
-AT_CHECK([simplify 'tcp.dst >= 0'], [0],
- [ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-])
-AT_CHECK([simplify 'tcp.dst <= 65535'], [0],
- [ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-])
-AT_CHECK([simplify 'tcp.dst > 0'], [0],
- [[(tcp.dst[0] || tcp.dst[1] || tcp.dst[2] || tcp.dst[3] || tcp.dst[4] || tcp.dst[5] || tcp.dst[6] || tcp.dst[7] || tcp.dst[8] || tcp.dst[9] || tcp.dst[10] || tcp.dst[11] || tcp.dst[12] || tcp.dst[13] || tcp.dst[14] || tcp.dst[15]) && ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-]])
-AT_CHECK([simplify 'tcp.dst < 65535'], [0],
- [[(!tcp.dst[0] || !tcp.dst[1] || !tcp.dst[2] || !tcp.dst[3] || !tcp.dst[4] || !tcp.dst[5] || !tcp.dst[6] || !tcp.dst[7] || !tcp.dst[8] || !tcp.dst[9] || !tcp.dst[10] || !tcp.dst[11] || !tcp.dst[12] || !tcp.dst[13] || !tcp.dst[14] || !tcp.dst[15]) && ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-]])
-AT_CLEANUP
-
-AT_SETUP([ovn -- is_chassis_resident simplification])
-simplify() {
- echo "$1" | ovstest test-ovn simplify-expr
-}
-AT_CHECK([simplify 'is_chassis_resident("eth1")'], [0], [1
-])
-AT_CHECK([simplify 'is_chassis_resident("eth2")'], [0], [0
-])
-AT_CHECK([simplify '!is_chassis_resident("eth1")'], [0], [0
-])
-AT_CHECK([simplify '!is_chassis_resident("eth2")'], [0], [1
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term numeric expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=3 --svars=0 --bits=1 4], [0],
- [Tested normalizing 1874026 expressions of 4 terminals with 3 numeric vars (each 1 bits) in terms of operators == != < <= > >=.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term string expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=0 --svars=3 --bits=1 4], [0],
- [Tested normalizing 11242 expressions of 4 terminals with 3 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term mixed expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=1 --bits=1 --svars=2 4], [0],
- [Tested normalizing 175978 expressions of 4 terminals with 1 numeric vars (each 1 bits) in terms of operators == != < <= > >= and 2 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 5-term numeric expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=3 --svars=0 --bits=1 --relops='==' 5], [0],
- [Tested normalizing 1317600 expressions of 5 terminals with 3 numeric vars (each 1 bits) in terms of operators ==.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 5-term string expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=0 --svars=3 --bits=1 --relops='==' 5], [0],
- [Tested normalizing 368550 expressions of 5 terminals with 3 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 5-term mixed expression normalization])
-AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=1 --svars=1 --bits=1 --relops='==' 5], [0],
- [Tested normalizing 216000 expressions of 5 terminals with 1 numeric vars (each 1 bits) in terms of operators == and 1 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term numeric expressions to flows])
-AT_KEYWORDS([expression])
-AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=2 --svars=0 --bits=2 --relops='==' 4], [0],
- [Tested converting to flows 175978 expressions of 4 terminals with 2 numeric vars (each 2 bits) in terms of operators ==.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term string expressions to flows])
-AT_KEYWORDS([expression])
-AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=0 --svars=4 4], [0],
- [Tested converting to flows 21978 expressions of 4 terminals with 4 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4-term mixed expressions to flows])
-AT_KEYWORDS([expression])
-AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=1 --bits=2 --svars=1 --relops='==' 4], [0],
- [Tested converting to flows 48312 expressions of 4 terminals with 1 numeric vars (each 2 bits) in terms of operators == and 1 string vars.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 3-term numeric expressions to flows])
-AT_KEYWORDS([expression])
-AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=3 --svars=0 --bits=3 --relops='==' 3], [0],
- [Tested converting to flows 41328 expressions of 3 terminals with 3 numeric vars (each 3 bits) in terms of operators ==.
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- converting expressions to flows -- string fields])
-AT_KEYWORDS([expression])
-expr_to_flow () {
- echo "$1" | ovstest test-ovn expr-to-flows | sort
-}
-AT_CHECK([expr_to_flow 'inport == "eth0"'], [0], [reg14=0x5
-])
-AT_CHECK([expr_to_flow 'inport == "eth1"'], [0], [reg14=0x6
-])
-AT_CHECK([expr_to_flow 'inport == "eth2"'], [0], [(no flows)
-])
-AT_CHECK([expr_to_flow 'inport == "eth0" && ip'], [0], [dnl
-ip,reg14=0x5
-ipv6,reg14=0x5
-])
-AT_CHECK([expr_to_flow 'inport == "eth1" && ip'], [0], [dnl
-ip,reg14=0x6
-ipv6,reg14=0x6
-])
-AT_CHECK([expr_to_flow 'inport == "eth2" && ip'], [0], [(no flows)
-])
-AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2", "LOCAL"}'], [0],
-[reg14=0x5
-reg14=0x6
-reg14=0xfffe
-])
-AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2"} && ip'], [0], [dnl
-ip,reg14=0x5
-ip,reg14=0x6
-ipv6,reg14=0x5
-ipv6,reg14=0x6
-])
-AT_CHECK([expr_to_flow 'inport == "eth0" && inport == "eth1"'], [0], [dnl
-(no flows)
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- converting expressions to flows -- address sets])
-AT_KEYWORDS([expression])
-expr_to_flow () {
- echo "$1" | ovstest test-ovn expr-to-flows | sort
-}
-AT_CHECK([expr_to_flow 'ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3}'], [0], [dnl
-ip,nw_src=10.0.0.1
-ip,nw_src=10.0.0.2
-ip,nw_src=10.0.0.3
-])
-AT_CHECK([expr_to_flow 'ip4.src == $set1'], [0], [dnl
-ip,nw_src=10.0.0.1
-ip,nw_src=10.0.0.2
-ip,nw_src=10.0.0.3
-])
-AT_CHECK([expr_to_flow 'ip4.src == {1.2.3.4, $set1}'], [0], [dnl
-ip,nw_src=1.2.3.4
-ip,nw_src=10.0.0.1
-ip,nw_src=10.0.0.2
-ip,nw_src=10.0.0.3
-])
-AT_CHECK([expr_to_flow 'ip4.src == {1.2.0.0/20, 5.5.5.0/24, $set1}'], [0], [dnl
-ip,nw_src=1.2.0.0/20
-ip,nw_src=10.0.0.1
-ip,nw_src=10.0.0.2
-ip,nw_src=10.0.0.3
-ip,nw_src=5.5.5.0/24
-])
-AT_CHECK([expr_to_flow 'ip6.src == {::1, ::2, ::3}'], [0], [dnl
-ipv6,ipv6_src=::1
-ipv6,ipv6_src=::2
-ipv6,ipv6_src=::3
-])
-AT_CHECK([expr_to_flow 'ip6.src == {::1, $set2, ::4}'], [0], [dnl
-ipv6,ipv6_src=::1
-ipv6,ipv6_src=::2
-ipv6,ipv6_src=::3
-ipv6,ipv6_src=::4
-])
-AT_CHECK([expr_to_flow 'eth.src == {00:00:00:00:00:01, 00:00:00:00:00:02, 00:00:00:00:00:03}'], [0], [dnl
-dl_src=00:00:00:00:00:01
-dl_src=00:00:00:00:00:02
-dl_src=00:00:00:00:00:03
-])
-AT_CHECK([expr_to_flow 'eth.src == {$set3}'], [0], [dnl
-dl_src=00:00:00:00:00:01
-dl_src=00:00:00:00:00:02
-dl_src=00:00:00:00:00:03
-])
-AT_CHECK([expr_to_flow 'eth.src == {00:00:00:00:00:01, $set3, ba:be:be:ef:de:ad, $set3}'], [0], [dnl
-dl_src=00:00:00:00:00:01
-dl_src=00:00:00:00:00:02
-dl_src=00:00:00:00:00:03
-dl_src=ba:be:be:ef:de:ad
-])
-AT_CHECK([expr_to_flow 'ip4.src == {$set4}'], [0], [dnl
-(no flows)
-])
-AT_CHECK([expr_to_flow 'ip4.src == {1.2.3.4, $set4}'], [0], [dnl
-ip,nw_src=1.2.3.4
-])
-AT_CHECK([expr_to_flow 'ip4.src == 1.2.3.4 || ip4.src == {$set4}'], [0], [dnl
-ip,nw_src=1.2.3.4
-])
-AT_CHECK([expr_to_flow 'ip4.src != {$set4}'], [0], [dnl
-
-])
-AT_CHECK([expr_to_flow 'ip4.src != {1.0.0.0/8, $set4}'], [0], [dnl
-ip,nw_src=0.0.0.0/1.0.0.0
-ip,nw_src=128.0.0.0/1
-ip,nw_src=16.0.0.0/16.0.0.0
-ip,nw_src=2.0.0.0/2.0.0.0
-ip,nw_src=32.0.0.0/32.0.0.0
-ip,nw_src=4.0.0.0/4.0.0.0
-ip,nw_src=64.0.0.0/64.0.0.0
-ip,nw_src=8.0.0.0/8.0.0.0
-])
-AT_CHECK([expr_to_flow 'ip4.src != 1.0.0.0/8 && ip4.src != {$set4}'], [0], [dnl
-ip,nw_src=0.0.0.0/1.0.0.0
-ip,nw_src=128.0.0.0/1
-ip,nw_src=16.0.0.0/16.0.0.0
-ip,nw_src=2.0.0.0/2.0.0.0
-ip,nw_src=32.0.0.0/32.0.0.0
-ip,nw_src=4.0.0.0/4.0.0.0
-ip,nw_src=64.0.0.0/64.0.0.0
-ip,nw_src=8.0.0.0/8.0.0.0
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- converting expressions to flows -- port groups])
-AT_KEYWORDS([expression])
-expr_to_flow () {
- echo "$1" | ovstest test-ovn expr-to-flows | sort
-}
-AT_CHECK([expr_to_flow 'outport == @pg1'], [0], [dnl
-reg15=0x11
-reg15=0x12
-reg15=0x13
-])
-AT_CHECK([expr_to_flow 'outport == {@pg_empty}'], [0], [dnl
-(no flows)
-])
-AT_CHECK([expr_to_flow 'outport == {"lsp1", @pg_empty}'], [0], [dnl
-reg15=0x11
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- converting expressions to flows -- conjunction])
-AT_KEYWORDS([conjunction])
-expr_to_flow () {
- echo "$1" | ovstest test-ovn expr-to-flows | sort
-}
-
-lflow="ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \
-ip4.dst == {20.0.0.1, 20.0.0.2, 20.0.0.3}"
-AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-conj_id=1,ip
-ip,nw_dst=20.0.0.1: conjunction(1, 0/2)
-ip,nw_dst=20.0.0.2: conjunction(1, 0/2)
-ip,nw_dst=20.0.0.3: conjunction(1, 0/2)
-ip,nw_src=10.0.0.1: conjunction(1, 1/2)
-ip,nw_src=10.0.0.2: conjunction(1, 1/2)
-ip,nw_src=10.0.0.3: conjunction(1, 1/2)
-])
-
-lflow="ip && (!ct.est || (ct.est && ct_label.blocked == 1))"
-AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-ct_state=+est+trk,ct_label=0x1/0x1,ip
-ct_state=+est+trk,ct_label=0x1/0x1,ipv6
-ct_state=-est+trk,ip
-ct_state=-est+trk,ipv6
-])
-
-lflow="ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \
-ip4.dst == {20.0.0.1, 20.0.0.2}"
-AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-conj_id=1,ip
-ip,nw_dst=20.0.0.1: conjunction(1, 0/2)
-ip,nw_dst=20.0.0.2: conjunction(1, 0/2)
-ip,nw_src=10.0.0.1: conjunction(1, 1/2)
-ip,nw_src=10.0.0.2: conjunction(1, 1/2)
-ip,nw_src=10.0.0.3: conjunction(1, 1/2)
-])
-
-lflow="ip4 && ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \
-ip4.dst == {20.0.0.1, 20.0.0.2, 20.0.0.3} && \
-tcp.dst >= 1000 && tcp.dst <= 1010"
-
-AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-conj_id=1,tcp
-tcp,nw_dst=20.0.0.1: conjunction(1, 0/3)
-tcp,nw_dst=20.0.0.2: conjunction(1, 0/3)
-tcp,nw_dst=20.0.0.3: conjunction(1, 0/3)
-tcp,nw_src=10.0.0.1: conjunction(1, 1/3)
-tcp,nw_src=10.0.0.2: conjunction(1, 1/3)
-tcp,nw_src=10.0.0.3: conjunction(1, 1/3)
-tcp,tp_dst=0x3ea/0xfffe: conjunction(1, 2/3)
-tcp,tp_dst=0x3ec/0xfffc: conjunction(1, 2/3)
-tcp,tp_dst=0x3f0/0xfffe: conjunction(1, 2/3)
-tcp,tp_dst=1000: conjunction(1, 2/3)
-tcp,tp_dst=1001: conjunction(1, 2/3)
-tcp,tp_dst=1010: conjunction(1, 2/3)
-])
-
-lflow="ip4 && ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && \
-((ip4.dst == {20.0.0.4, 20.0.0.7, 20.0.0.8} && tcp.dst >= 1000 && \
-tcp.dst <= 2000 && tcp.src >=1000 && tcp.src <= 2000) \
-|| ip4.dst == 20.0.0.5 || ip4.dst == 20.0.0.6)"
-
-AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-conj_id=1,tcp
-ip,nw_src=10.0.0.4,nw_dst=20.0.0.5
-ip,nw_src=10.0.0.4,nw_dst=20.0.0.6
-ip,nw_src=10.0.0.5,nw_dst=20.0.0.5
-ip,nw_src=10.0.0.5,nw_dst=20.0.0.6
-ip,nw_src=10.0.0.6,nw_dst=20.0.0.5
-ip,nw_src=10.0.0.6,nw_dst=20.0.0.6
-tcp,nw_dst=20.0.0.4: conjunction(1, 0/4)
-tcp,nw_dst=20.0.0.7: conjunction(1, 0/4)
-tcp,nw_dst=20.0.0.8: conjunction(1, 0/4)
-tcp,nw_src=10.0.0.4: conjunction(1, 1/4)
-tcp,nw_src=10.0.0.5: conjunction(1, 1/4)
-tcp,nw_src=10.0.0.6: conjunction(1, 1/4)
-tcp,tp_dst=0x3ea/0xfffe: conjunction(1, 2/4)
-tcp,tp_dst=0x3ec/0xfffc: conjunction(1, 2/4)
-tcp,tp_dst=0x3f0/0xfff0: conjunction(1, 2/4)
-tcp,tp_dst=0x400/0xfe00: conjunction(1, 2/4)
-tcp,tp_dst=0x600/0xff00: conjunction(1, 2/4)
-tcp,tp_dst=0x700/0xff80: conjunction(1, 2/4)
-tcp,tp_dst=0x780/0xffc0: conjunction(1, 2/4)
-tcp,tp_dst=0x7c0/0xfff0: conjunction(1, 2/4)
-tcp,tp_dst=1000: conjunction(1, 2/4)
-tcp,tp_dst=1001: conjunction(1, 2/4)
-tcp,tp_dst=2000: conjunction(1, 2/4)
-tcp,tp_src=0x3ea/0xfffe: conjunction(1, 3/4)
-tcp,tp_src=0x3ec/0xfffc: conjunction(1, 3/4)
-tcp,tp_src=0x3f0/0xfff0: conjunction(1, 3/4)
-tcp,tp_src=0x400/0xfe00: conjunction(1, 3/4)
-tcp,tp_src=0x600/0xff00: conjunction(1, 3/4)
-tcp,tp_src=0x700/0xff80: conjunction(1, 3/4)
-tcp,tp_src=0x780/0xffc0: conjunction(1, 3/4)
-tcp,tp_src=0x7c0/0xfff0: conjunction(1, 3/4)
-tcp,tp_src=1000: conjunction(1, 3/4)
-tcp,tp_src=1001: conjunction(1, 3/4)
-tcp,tp_src=2000: conjunction(1, 3/4)
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- action parsing])
-dnl Unindented text is input (a set of OVN logical actions).
-dnl Indented text is expected output.
-AT_DATA([test-cases.txt],
-[[# drop
-drop;
- encodes as drop
-drop; next;
- Syntax error at `next' expecting end of input.
-next; drop;
- Syntax error at `drop' expecting action.
-
-# output
-output;
- encodes as resubmit(,64)
-
-# next
-next;
- encodes as resubmit(,19)
-next(11);
- formats as next;
- encodes as resubmit(,19)
-next(0);
- encodes as resubmit(,8)
-next(23);
- encodes as resubmit(,31)
-
-next();
- Syntax error at `)' expecting "pipeline" or "table".
-next(10;
- Syntax error at `;' expecting `)'.
-next(24);
- "next" action cannot advance beyond table 23.
-
-next(table=11);
- formats as next;
- encodes as resubmit(,19)
-next(pipeline=ingress);
- formats as next;
- encodes as resubmit(,19)
-next(table=11, pipeline=ingress);
- formats as next;
- encodes as resubmit(,19)
-next(pipeline=ingress, table=11);
- formats as next;
- encodes as resubmit(,19)
-
-next(pipeline=egress);
- "next" action cannot advance from ingress to egress pipeline (use "output" action instead)
-
-next(table=10);
- formats as next(10);
- encodes as resubmit(,18)
-
-# Loading a constant value.
-tcp.dst=80;
- formats as tcp.dst = 80;
- encodes as set_field:80->tcp_dst
- has prereqs ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-eth.dst[40] = 1;
- encodes as set_field:01:00:00:00:00:00/01:00:00:00:00:00->eth_dst
-vlan.pcp = 2;
- encodes as set_field:0x4000/0xe000->vlan_tci
- has prereqs vlan.tci[12]
-vlan.tci[13..15] = 2;
- encodes as set_field:0x4000/0xe000->vlan_tci
-inport = "";
- encodes as set_field:0->reg14
-ip.ttl=4;
- formats as ip.ttl = 4;
- encodes as set_field:4->nw_ttl
- has prereqs eth.type == 0x800 || eth.type == 0x86dd
-outport="eth0"; next; outport="LOCAL"; next;
- formats as outport = "eth0"; next; outport = "LOCAL"; next;
- encodes as set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19)
-
-inport[1] = 1;
- Cannot select subfield of string field inport.
-ip.proto[1] = 1;
- Cannot select subfield of nominal field ip.proto.
-eth.dst[40] == 1;
- Syntax error at `==' expecting `=' or `<->'.
-ip = 1;
- Predicate symbol ip used where lvalue required.
-ip.proto = 6;
- Field ip.proto is not modifiable.
-inport = {"a", "b"};
- Syntax error at `{' expecting constant.
-inport = {};
- Syntax error at `{' expecting constant.
-bad_prereq = 123;
- Error parsing expression `xyzzy' encountered as prerequisite or predicate of initial expression: Syntax error at `xyzzy' expecting field name.
-self_recurse = 123;
- Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `self_recurse'.
-vlan.present = 0;
- Predicate symbol vlan.present used where lvalue required.
-
-# Moving one field into another.
-reg0=reg1;
- formats as reg0 = reg1;
- encodes as move:NXM_NX_XXREG0[64..95]->NXM_NX_XXREG0[96..127]
-vlan.pcp = reg0[0..2];
- encodes as move:NXM_NX_XXREG0[96..98]->NXM_OF_VLAN_TCI[13..15]
- has prereqs vlan.tci[12]
-reg0[10] = vlan.pcp[1];
- encodes as move:NXM_OF_VLAN_TCI[14]->NXM_NX_XXREG0[106]
- has prereqs vlan.tci[12]
-outport = inport;
- encodes as move:NXM_NX_REG14[]->NXM_NX_REG15[]
-
-reg0[0] = vlan.present;
- Predicate symbol vlan.present used where lvalue required.
-reg0 = reg1[0..10];
- Can't assign 11-bit value to 32-bit destination.
-inport = reg0;
- Can't assign integer field (reg0) to string field (inport).
-inport = big_string;
- String fields inport and big_string are incompatible for assignment.
-ip.proto = reg0[0..7];
- Field ip.proto is not modifiable.
-
-# Exchanging fields.
-reg0 <-> reg1;
- encodes as push:NXM_NX_XXREG0[64..95],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_XXREG0[64..95],pop:NXM_NX_XXREG0[96..127]
-vlan.pcp <-> reg0[0..2];
- encodes as push:NXM_NX_XXREG0[96..98],push:NXM_OF_VLAN_TCI[13..15],pop:NXM_NX_XXREG0[96..98],pop:NXM_OF_VLAN_TCI[13..15]
- has prereqs vlan.tci[12]
-reg0[10] <-> vlan.pcp[1];
- encodes as push:NXM_OF_VLAN_TCI[14],push:NXM_NX_XXREG0[106],pop:NXM_OF_VLAN_TCI[14],pop:NXM_NX_XXREG0[106]
- has prereqs vlan.tci[12]
-outport <-> inport;
- encodes as push:NXM_NX_REG14[],push:NXM_NX_REG15[],pop:NXM_NX_REG14[],pop:NXM_NX_REG15[]
-
-reg0[0] <-> vlan.present;
- Predicate symbol vlan.present used where lvalue required.
-reg0 <-> reg1[0..10];
- Can't exchange 32-bit field with 11-bit field.
-inport <-> reg0;
- Can't exchange string field (inport) with integer field (reg0).
-inport <-> big_string;
- String fields inport and big_string are incompatible for exchange.
-ip.proto <-> reg0[0..7];
- Field ip.proto is not modifiable.
-reg0[0..7] <-> ip.proto;
- Field ip.proto is not modifiable.
-
-# TTL decrement.
-ip.ttl--;
- encodes as dec_ttl
- has prereqs ip
-ip.ttl
- Syntax error at end of input expecting `--'.
-
-# load balancing.
-ct_lb;
- encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat)
- has prereqs ip
-ct_lb();
- formats as ct_lb;
- encodes as ct(table=19,zone=NXM_NX_REG13[0..15],nat)
- has prereqs ip
-ct_lb(192.168.1.2:80, 192.168.1.3:80);
- encodes as group:1
- has prereqs ip
-ct_lb(192.168.1.2, 192.168.1.3, );
- formats as ct_lb(192.168.1.2, 192.168.1.3);
- encodes as group:2
- has prereqs ip
-ct_lb(fd0f::2, fd0f::3, );
- formats as ct_lb(fd0f::2, fd0f::3);
- encodes as group:3
- has prereqs ip
-
-ct_lb(192.168.1.2:);
- Syntax error at `)' expecting port number.
-ct_lb(192.168.1.2:123456);
- Syntax error at `123456' expecting port number.
-ct_lb(foo);
- Syntax error at `foo' expecting IP address.
-ct_lb([192.168.1.2]);
- Syntax error at `192.168.1.2' expecting IPv6 address.
-
-# ct_next
-ct_next;
- encodes as ct(table=19,zone=NXM_NX_REG13[0..15])
- has prereqs ip
-
-# ct_commit
-ct_commit;
- encodes as ct(commit,zone=NXM_NX_REG13[0..15])
- has prereqs ip
-ct_commit();
- formats as ct_commit;
- encodes as ct(commit,zone=NXM_NX_REG13[0..15])
- has prereqs ip
-ct_commit(ct_mark=1);
- formats as ct_commit(ct_mark=0x1);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_mark))
- has prereqs ip
-ct_commit(ct_mark=1/1);
- formats as ct_commit(ct_mark=0x1/0x1);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1/0x1->ct_mark))
- has prereqs ip
-ct_commit(ct_label=1);
- formats as ct_commit(ct_label=0x1);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_label))
- has prereqs ip
-ct_commit(ct_label=1/1);
- formats as ct_commit(ct_label=0x1/0x1);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1/0x1->ct_label))
- has prereqs ip
-ct_commit(ct_mark=1, ct_label=2);
- formats as ct_commit(ct_mark=0x1, ct_label=0x2);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_mark,set_field:0x2->ct_label))
- has prereqs ip
-
-ct_commit(ct_label=0x01020304050607080910111213141516);
- formats as ct_commit(ct_label=0x1020304050607080910111213141516);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1020304050607080910111213141516->ct_label))
- has prereqs ip
-ct_commit(ct_label=0x181716151413121110090807060504030201);
- formats as ct_commit(ct_label=0x16151413121110090807060504030201);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x16151413121110090807060504030201->ct_label))
- has prereqs ip
-ct_commit(ct_label=0x1000000000000000000000000000000/0x1000000000000000000000000000000);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1000000000000000000000000000000/0x1000000000000000000000000000000->ct_label))
- has prereqs ip
-ct_commit(ct_label=18446744073709551615);
- formats as ct_commit(ct_label=0xffffffffffffffff);
- encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0xffffffffffffffff->ct_label))
- has prereqs ip
-ct_commit(ct_label=18446744073709551616);
- Decimal constants must be less than 2**64.
-
-# ct_dnat
-ct_dnat;
- encodes as ct(table=19,zone=NXM_NX_REG11[0..15],nat)
- has prereqs ip
-ct_dnat(192.168.1.2);
- encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2))
- has prereqs ip
-
-ct_dnat(192.168.1.2, 192.168.1.3);
- Syntax error at `,' expecting `)'.
-ct_dnat(foo);
- Syntax error at `foo' expecting IPv4 address.
-ct_dnat(foo, bar);
- Syntax error at `foo' expecting IPv4 address.
-ct_dnat();
- Syntax error at `)' expecting IPv4 address.
-
-# ct_snat
-ct_snat;
- encodes as ct(table=19,zone=NXM_NX_REG12[0..15],nat)
- has prereqs ip
-ct_snat(192.168.1.2);
- encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2))
- has prereqs ip
-
-ct_snat(192.168.1.2, 192.168.1.3);
- Syntax error at `,' expecting `)'.
-ct_snat(foo);
- Syntax error at `foo' expecting IPv4 address.
-ct_snat(foo, bar);
- Syntax error at `foo' expecting IPv4 address.
-ct_snat();
- Syntax error at `)' expecting IPv4 address.
-
-# ct_clear
-ct_clear;
- encodes as ct_clear
-
-# clone
-clone { ip4.dst = 255.255.255.255; output; }; next;
- encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,19)
- has prereqs eth.type == 0x800
-
-# arp
-arp { eth.dst = ff:ff:ff:ff:ff:ff; output; }; output;
- encodes as controller(userdata=00.00.00.00.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip4
-arp { };
- formats as arp { drop; };
- encodes as controller(userdata=00.00.00.00.00.00.00.00)
- has prereqs ip4
-
-# get_arp
-get_arp(outport, ip4.dst);
- encodes as push:NXM_NX_REG0[],push:NXM_OF_IP_DST[],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG0[]
- has prereqs eth.type == 0x800
-get_arp(inport, reg0);
- encodes as push:NXM_NX_REG15[],push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],push:NXM_NX_REG14[],pop:NXM_NX_REG15[],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG0[],pop:NXM_NX_REG15[]
-
-get_arp;
- Syntax error at `;' expecting `('.
-get_arp();
- Syntax error at `)' expecting field name.
-get_arp(inport);
- Syntax error at `)' expecting `,'.
-get_arp(inport ip4.dst);
- Syntax error at `ip4.dst' expecting `,'.
-get_arp(inport, ip4.dst;
- Syntax error at `;' expecting `)'.
-get_arp(inport, eth.dst);
- Cannot use 48-bit field eth.dst[0..47] where 32-bit field is required.
-get_arp(inport, outport);
- Cannot use string field outport where numeric field is required.
-get_arp(reg0, ip4.dst);
- Cannot use numeric field reg0 where string field is required.
-
-# put_arp
-put_arp(inport, arp.spa, arp.sha);
- encodes as push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
- has prereqs eth.type == 0x806 && eth.type == 0x806
-
-# put_dhcp_opts
-reg1[0] = put_dhcp_opts(offerip = 1.2.3.4, router = 10.0.0.1);
- encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.40.01.02.03.04.03.04.0a.00.00.01,pause)
-reg2[5] = put_dhcp_opts(offerip=10.0.0.4,router=10.0.0.1,netmask=255.255.254.0,mtu=1400,domain_name="ovn.org",wpad="https://example.org",bootfile_name="https://127.0.0.1/boot.ipxe",path_prefix="/tftpboot");
- formats as reg2[5] = put_dhcp_opts(offerip = 10.0.0.4, router = 10.0.0.1, netmask = 255.255.254.0, mtu = 1400, domain_name = "ovn.org", wpad = "https://example.org", bootfile_name = "https://127.0.0.1/boot.ipxe", path_prefix = "/tftpboot");
- encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.25.0a.00.00.04.03.04.0a.00.00.01.01.04.ff.ff.fe.00.1a.02.05.78.0f.07.6f.76.6e.2e.6f.72.67.fc.13.68.74.74.70.73.3a.2f.2f.65.78.61.6d.70.6c.65.2e.6f.72.67.43.1b.68.74.74.70.73.3a.2f.2f.31.32.37.2e.30.2e.30.2e.31.2f.62.6f.6f.74.2e.69.70.78.65.d2.09.2f.74.66.74.70.62.6f.6f.74,pause)
-reg0[15] = put_dhcp_opts(offerip=10.0.0.4,router=10.0.0.1,netmask=255.255.255.0,mtu=1400,ip_forward_enable=1,default_ttl=121,dns_server={8.8.8.8,7.7.7.7},classless_static_route={30.0.0.0/24,10.0.0.4,40.0.0.0/16,10.0.0.6,0.0.0.0/0,10.0.0.1},ethernet_encap=1,router_discovery=0,tftp_server_address={10.0.0.4,10.0.0.5});
- formats as reg0[15] = put_dhcp_opts(offerip = 10.0.0.4, router = 10.0.0.1, netmask = 255.255.255.0, mtu = 1400, ip_forward_enable = 1, default_ttl = 121, dns_server = {8.8.8.8, 7.7.7.7}, classless_static_route = {30.0.0.0/24, 10.0.0.4, 40.0.0.0/16, 10.0.0.6, 0.0.0.0/0, 10.0.0.1}, ethernet_encap = 1, router_discovery = 0, tftp_server_address = {10.0.0.4, 10.0.0.5});
- encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.6f.0a.00.00.04.03.04.0a.00.00.01.01.04.ff.ff.ff.00.1a.02.05.78.13.01.01.17.01.79.06.08.08.08.08.08.07.07.07.07.79.14.18.1e.00.00.0a.00.00.04.10.28.00.0a.00.00.06.00.0a.00.00.01.24.01.01.1f.01.00.96.08.0a.00.00.04.0a.00.00.05,pause)
-
-reg1[0..1] = put_dhcp_opts(offerip = 1.2.3.4, router = 10.0.0.1);
- Cannot use 2-bit field reg1[0..1] where 1-bit field is required.
-reg1[0] = put_dhcp_opts();
- put_dhcp_opts requires offerip to be specified.
-reg1[0] = put_dhcp_opts(x = 1.2.3.4, router = 10.0.0.1);
- Syntax error at `x' expecting DHCPv4 option name.
-reg1[0] = put_dhcp_opts(router = 10.0.0.1);
- put_dhcp_opts requires offerip to be specified.
-reg1[0] = put_dhcp_opts(offerip=1.2.3.4, "hi");
- Syntax error at `"hi"'.
-reg1[0] = put_dhcp_opts(offerip=1.2.3.4, xyzzy);
- Syntax error at `xyzzy' expecting DHCPv4 option name.
-reg1[0] = put_dhcp_opts(offerip="xyzzy");
- DHCPv4 option offerip requires numeric value.
-reg1[0] = put_dhcp_opts(offerip=1.2.3.4, domain_name=1.2.3.4);
- DHCPv4 option domain_name requires string value.
-
-# nd_ns
-nd_ns { nd.target = xxreg0; output; };
- encodes as controller(userdata=00.00.00.09.00.00.00.00.ff.ff.00.18.00.00.23.20.00.06.00.80.00.00.00.00.00.01.de.10.00.01.2e.10.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00)
- has prereqs ip6
-
-nd_ns { };
- formats as nd_ns { drop; };
- encodes as controller(userdata=00.00.00.09.00.00.00.00)
- has prereqs ip6
-
-# nd_na
-nd_na { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; /* Allow sending out inport. */ output; };
- formats as nd_na { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; output; };
- encodes as controller(userdata=00.00.00.03.00.00.00.00.00.19.00.10.80.00.08.06.12.34.56.78.9a.bc.00.00.00.19.00.10.80.00.42.06.12.34.56.78.9a.bc.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.01.1c.04.00.01.1e.04.00.19.00.10.00.01.1c.04.00.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00)
- has prereqs nd_ns
-# nd_na_router
-nd_na_router { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; /* Allow sending out inport. */ output; };
- formats as nd_na_router { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; output; };
- encodes as controller(userdata=00.00.00.0c.00.00.00.00.00.19.00.10.80.00.08.06.12.34.56.78.9a.bc.00.00.00.19.00.10.80.00.42.06.12.34.56.78.9a.bc.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.01.1c.04.00.01.1e.04.00.19.00.10.00.01.1c.04.00.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00)
- has prereqs nd_ns
-
-# get_nd
-get_nd(outport, ip6.dst);
- encodes as push:NXM_NX_XXREG0[],push:NXM_NX_IPV6_DST[],pop:NXM_NX_XXREG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_XXREG0[]
- has prereqs eth.type == 0x86dd
-get_nd(inport, xxreg0);
- encodes as push:NXM_NX_REG15[],push:NXM_NX_REG14[],pop:NXM_NX_REG15[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG15[]
-get_nd;
- Syntax error at `;' expecting `('.
-get_nd();
- Syntax error at `)' expecting field name.
-get_nd(inport);
- Syntax error at `)' expecting `,'.
-get_nd(inport ip6.dst);
- Syntax error at `ip6.dst' expecting `,'.
-get_nd(inport, ip6.dst;
- Syntax error at `;' expecting `)'.
-get_nd(inport, eth.dst);
- Cannot use 48-bit field eth.dst[0..47] where 128-bit field is required.
-get_nd(inport, outport);
- Cannot use string field outport where numeric field is required.
-get_nd(xxreg0, ip6.dst);
- Cannot use numeric field xxreg0 where string field is required.
-
-# put_nd
-put_nd(inport, nd.target, nd.sll);
- encodes as push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[]
- has prereqs (icmp6.type == 0x87 || icmp6.type == 0x88) && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
-
-# put_dhcpv6_opts
-reg1[0] = put_dhcpv6_opts(ia_addr = ae70::4, server_id = 00:00:00:00:10:02);
- encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.05.00.10.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.04.00.02.00.06.00.00.00.00.10.02,pause)
-reg1[0] = put_dhcpv6_opts();
- encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40,pause)
-reg1[0] = put_dhcpv6_opts(dns_server={ae70::1,ae70::2});
- formats as reg1[0] = put_dhcpv6_opts(dns_server = {ae70::1, ae70::2});
- encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.17.00.20.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.01.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.02,pause)
-reg1[0] = put_dhcpv6_opts(server_id=12:34:56:78:9a:bc, dns_server={ae70::1,ae89::2});
- formats as reg1[0] = put_dhcpv6_opts(server_id = 12:34:56:78:9a:bc, dns_server = {ae70::1, ae89::2});
- encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.02.00.06.12.34.56.78.9a.bc.00.17.00.20.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.01.ae.89.00.00.00.00.00.00.00.00.00.00.00.00.00.02,pause)
-reg1[0] = put_dhcpv6_opts(domain_search = "ovn.org");
- encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.18.00.07.6f.76.6e.2e.6f.72.67,pause)
-reg1[0] = put_dhcpv6_opts(x = 1.2.3.4);
- Syntax error at `x' expecting DHCPv6 option name.
-reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, "hi");
- Syntax error at `"hi"'.
-reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, xyzzy);
- Syntax error at `xyzzy' expecting DHCPv6 option name.
-reg1[0] = put_dhcpv6_opts(ia_addr="ae70::4");
- DHCPv6 option ia_addr requires numeric value.
-reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, domain_search=ae70::1);
- DHCPv6 option domain_search requires string value.
-
-# set_queue
-set_queue(0);
- encodes as set_queue:0
-set_queue(61440);
- encodes as set_queue:61440
-set_queue(65535);
- Queue ID 65535 for set_queue is not in valid range 0 to 61440.
-
-# dns_lookup
-reg1[0] = dns_lookup();
- encodes as controller(userdata=00.00.00.06.00.00.00.00.00.01.de.10.00.00.00.40,pause)
- has prereqs udp
-reg1[0] = dns_lookup("foo");
- dns_lookup doesn't take any parameters
-
-# set_meter
-set_meter(0);
- Rate 0 for set_meter is not in valid.
-set_meter(1);
- encodes as meter:1
-set_meter(100, 1000);
- encodes as meter:2
-set_meter(100, 1000, );
- Syntax error at `,' expecting `)'.
-set_meter(4294967295, 4294967295);
- encodes as meter:3
-
-# log
-log(verdict=allow, severity=warning);
- encodes as controller(userdata=00.00.00.07.00.00.00.00.00.04)
-log(name="test1", verdict=drop, severity=info);
- encodes as controller(userdata=00.00.00.07.00.00.00.00.01.06.74.65.73.74.31)
-log(verdict=drop, severity=info, meter="meter1");
- encodes as controller(userdata=00.00.00.07.00.00.00.00.01.06,meter_id=4)
-log(name="test1", verdict=drop, severity=info, meter="meter1");
- encodes as controller(userdata=00.00.00.07.00.00.00.00.01.06.74.65.73.74.31,meter_id=4)
-log(verdict=drop);
- formats as log(verdict=drop, severity=info);
- encodes as controller(userdata=00.00.00.07.00.00.00.00.01.06)
-log(verdict=bad_verdict, severity=info);
- Syntax error at `bad_verdict' unknown verdict.
-log(verdict=drop, severity=bad_severity);
- Syntax error at `bad_severity' unknown severity.
-log(severity=notice);
- Syntax error at `;' expecting verdict.
-
-# put_nd_ra_opts
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", mtu = 1500, prefix = aef0::/64, slla = ae:01:02:03:04:05);
- encodes as controller(userdata=00.00.00.08.00.00.00.00.00.01.de.10.00.00.00.40.86.00.00.00.ff.00.ff.ff.00.00.00.00.00.00.00.00.05.01.00.00.00.00.05.dc.03.04.40.c0.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.ae.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.01.01.ae.01.02.03.04.05,pause)
- has prereqs ip6
-reg1[0] = put_nd_ra_opts(addr_mode = "dhcpv6_stateful", slla = ae:01:02:03:04:10, mtu = 1450);
- encodes as controller(userdata=00.00.00.08.00.00.00.00.00.01.de.10.00.00.00.40.86.00.00.00.ff.80.ff.ff.00.00.00.00.00.00.00.00.01.01.ae.01.02.03.04.10.05.01.00.00.00.00.05.aa,pause)
- has prereqs ip6
-reg1[0] = put_nd_ra_opts(addr_mode = "dhcpv6_stateless", slla = ae:01:02:03:04:06, prefix = aef0::/64);
- encodes as controller(userdata=00.00.00.08.00.00.00.00.00.01.de.10.00.00.00.40.86.00.00.00.ff.40.ff.ff.00.00.00.00.00.00.00.00.01.01.ae.01.02.03.04.06.03.04.40.c0.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.ae.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00,pause)
- has prereqs ip6
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", mtu = 1500, prefix = aef0::/64);
- slla option not present
-reg1[0] = put_nd_ra_opts(addr_mode = "dhcpv6_stateful", mtu = 1450, prefix = aef0::/64, prefix = bef0::/64, slla = ae:01:02:03:04:10);
- encodes as controller(userdata=00.00.00.08.00.00.00.00.00.01.de.10.00.00.00.40.86.00.00.00.ff.80.ff.ff.00.00.00.00.00.00.00.00.05.01.00.00.00.00.05.aa.03.04.40.80.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.ae.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.03.04.40.80.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.be.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.01.01.ae.01.02.03.04.10,pause)
- has prereqs ip6
-reg1[0] = put_nd_ra_opts(addr_mode = "dhcpv6_stateful", mtu = 1450, prefix = aef0::/64, prefix = bef0::/64, slla = ae:01:02:03:04:10);
- encodes as controller(userdata=00.00.00.08.00.00.00.00.00.01.de.10.00.00.00.40.86.00.00.00.ff.80.ff.ff.00.00.00.00.00.00.00.00.05.01.00.00.00.00.05.aa.03.04.40.80.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.ae.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.03.04.40.80.ff.ff.ff.ff.ff.ff.ff.ff.00.00.00.00.be.f0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.01.01.ae.01.02.03.04.10,pause)
- has prereqs ip6
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", slla = ae:01:02:03:04:10);
- prefix option needs to be set when address mode is slaac/dhcpv6_stateless.
-reg1[0] = put_nd_ra_opts(addr_mode = "dhcpv6_stateless", slla = ae:01:02:03:04:10);
- prefix option needs to be set when address mode is slaac/dhcpv6_stateless.
-reg1[0] = put_nd_ra_opts(addr_mode = dhcpv6_stateless, prefix = aef0::/64, slla = ae:01:02:03:04:10);
- Syntax error at `dhcpv6_stateless' expecting constant.
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", mtu = 1500, prefix = aef0::, slla = ae:01:02:03:04:10);
- Invalid value for "prefix" option
-reg1[0] = put_nd_ra_opts(addr_mode = "foo", mtu = 1500, slla = ae:01:02:03:04:10);
- Invalid value for "addr_mode" option
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", mtu = "1500", slla = ae:01:02:03:04:10);
- IPv6 ND RA option mtu requires numeric value.
-reg1[0] = put_nd_ra_opts(addr_mode = "slaac", mtu = 10.0.0.4, slla = ae:01:02:03:04:10);
- Invalid value for "mtu" option
-
-# icmp4
-icmp4 { eth.dst = ff:ff:ff:ff:ff:ff; output; }; output;
- encodes as controller(userdata=00.00.00.0a.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip4
-
-icmp4 { };
- formats as icmp4 { drop; };
- encodes as controller(userdata=00.00.00.0a.00.00.00.00)
- has prereqs ip4
-
-# icmp4 with icmp4.frag_mtu
-icmp4 { eth.dst = ff:ff:ff:ff:ff:ff; icmp4.frag_mtu = 1500; output; }; output;
- encodes as controller(userdata=00.00.00.0a.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.28.00.00.23.20.00.25.00.00.00.00.00.00.00.03.00.0e.00.00.00.0d.00.00.00.00.05.dc.00.00.00.04.00.04.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip4
-
-# icmp4_error
-icmp4_error { eth.dst = ff:ff:ff:ff:ff:ff; output; }; output;
- encodes as controller(userdata=00.00.00.0e.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip4
-
-icmp4_error { };
- formats as icmp4_error { drop; };
- encodes as controller(userdata=00.00.00.0e.00.00.00.00)
- has prereqs ip4
-
-# icmp4_error with icmp4.frag_mtu
-icmp4_error { eth.dst = ff:ff:ff:ff:ff:ff; icmp4.frag_mtu = 1500; output; }; output;
- encodes as controller(userdata=00.00.00.0e.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.28.00.00.23.20.00.25.00.00.00.00.00.00.00.03.00.0e.00.00.00.0d.00.00.00.00.05.dc.00.00.00.04.00.04.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip4
-
-icmp4.frag_mtu = 1500;
- encodes as controller(userdata=00.00.00.0d.00.00.00.00.05.dc,pause)
-
-# icmp6
-icmp6 { eth.dst = ff:ff:ff:ff:ff:ff; output; }; output;
- encodes as controller(userdata=00.00.00.0a.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs ip6
-
-icmp6 { };
- formats as icmp6 { drop; };
- encodes as controller(userdata=00.00.00.0a.00.00.00.00)
- has prereqs ip6
-
-# tcp_reset
-tcp_reset { eth.dst = ff:ff:ff:ff:ff:ff; output; }; output;
- encodes as controller(userdata=00.00.00.0b.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00),resubmit(,64)
- has prereqs tcp
-
-tcp_reset { };
- formats as tcp_reset { drop; };
- encodes as controller(userdata=00.00.00.0b.00.00.00.00)
- has prereqs tcp
-
-# trigger_event
-trigger_event(event = "empty_lb_backends", vip = "10.0.0.1:80", protocol = "tcp", load_balancer = "12345678-abcd-9876-fedc-11119f8e7d6c");
- encodes as controller(userdata=00.00.00.0f.00.00.00.00.00.00.00.00.00.01.00.0b.31.30.2e.30.2e.30.2e.31.3a.38.30.00.02.00.03.74.63.70.00.03.00.24.31.32.33.34.35.36.37.38.2d.61.62.63.64.2d.39.38.37.36.2d.66.65.64.63.2d.31.31.31.31.39.66.38.65.37.64.36.63)
-
-# Testing invalid vip results in extra error messages from socket-util.c
-trigger_event(event = "empty_lb_backends", vip = "10.0.0.1:80", protocol = "sctp", load_balancer = "12345678-abcd-9876-fedc-11119f8e7d6c");
- Load balancer protocol 'sctp' is not 'tcp' or 'udp'
-trigger_event(event = "empty_lb_backends", vip = "10.0.0.1:80", protocol = "tcp", load_balancer = "bacon");
- Load balancer 'bacon' is not a UUID
-
-# IGMP
-igmp;
- encodes as controller(userdata=00.00.00.10.00.00.00.00)
-
-# Contradictionary prerequisites (allowed but not useful):
-ip4.src = ip6.src[0..31];
- encodes as move:NXM_NX_IPV6_SRC[0..31]->NXM_OF_IP_SRC[]
- has prereqs eth.type == 0x800 && eth.type == 0x86dd
-ip4.src <-> ip6.src[0..31];
- encodes as push:NXM_NX_IPV6_SRC[0..31],push:NXM_OF_IP_SRC[],pop:NXM_NX_IPV6_SRC[0..31],pop:NXM_OF_IP_SRC[]
- has prereqs eth.type == 0x800 && eth.type == 0x86dd
-
-# check_pkt_larger
-reg0[0] = check_pkt_larger(1500);
- encodes as check_pkt_larger(1500)->NXM_NX_XXREG0[96]
-
-reg0 = check_pkt_larger(1500);
- Cannot use 32-bit field reg0[0..31] where 1-bit field is required.
-
-reg0 = check_pkt_larger(foo);
- Cannot use 32-bit field reg0[0..31] where 1-bit field is required.
-
-reg0[0] = check_pkt_larger(foo);
- Syntax error at `foo' expecting `;'.
-
-# Miscellaneous negative tests.
-;
- Syntax error at `;'.
-xyzzy;
- Syntax error at `xyzzy' expecting action.
-next; 123;
- Syntax error at `123'.
-next; xyzzy;
- Syntax error at `xyzzy' expecting action.
-next
- Syntax error at end of input expecting `;'.
-]])
-sed '/^[[ ]]/d' test-cases.txt > input.txt
-cp test-cases.txt expout
-AT_CHECK([ovstest test-ovn parse-actions < input.txt], [0], [expout])
-AT_CLEANUP
-
-AT_BANNER([OVN end-to-end tests])
-
-# 3 hypervisors, one logical switch, 3 logical ports per hypervisor
-AT_SETUP([ovn -- 3 HVs, 1 LS, 3 lports/HV])
-AT_KEYWORDS([ovnarp])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Create hypervisors hv[123].
-# Add vif1[123] to hv1, vif2[123] to hv2, vif3[123] to hv3.
-# Add all of the vifs to a single logical switch lsw0.
-# Turn on port security on all the vifs except vif[123]1.
-# Make vif13, vif2[23], vif3[123] destinations for unknown MACs.
-# Add some ACLs for Ethertypes 1234, 1235, 1236.
-ovn-nbctl ls-add lsw0
-net_add n1
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2 3; do
- ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
- ovn-nbctl lsp-add lsw0 lp$i$j
- if test $j = 1; then
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" unknown
- else
- if test $j = 3; then
- ip_addrs="192.168.0.$i$j fe80::ea2a:eaff:fe28:$i$j/64 192.169.0.$i$j"
- else
- ip_addrs="192.168.0.$i$j"
- fi
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j $ip_addrs"
- ovn-nbctl lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
- fi
- done
-done
-ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop
-ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1235 && inport == "lp11"' drop
-ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1236 && outport == "lp33"' drop
-ovn-nbctl create Address_Set name=set1 addresses=\"f0:00:00:00:00:11\",\"f0:00:00:00:00:21\",\"f0:00:00:00:00:31\"
-ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1237 && eth.src == $set1 && outport == "lp33"' drop
-
-get_lsp_uuid () {
- ovn-nbctl lsp-list lsw0 | grep $1 | awk '{ print $1 }'
-}
-
-ovn-nbctl create Port_Group name=pg1 ports=`get_lsp_uuid lp22`,`get_lsp_uuid lp33`
-ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1238 && outport == @pg1' drop
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Make sure there is no attempt to adding duplicated flows by ovn-controller
-AT_FAIL_IF([test -n "`grep duplicate hv1/ovn-controller.log`"])
-AT_FAIL_IF([test -n "`grep duplicate hv2/ovn-controller.log`"])
-AT_FAIL_IF([test -n "`grep duplicate hv3/ovn-controller.log`"])
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv${1%?}
-}
-
-# test_packet INPORT DST SRC ETHTYPE OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11.
-for i in 1 2 3; do
- for j in 1 2 3; do
- : > $i$j.expected
- done
-done
-test_packet() {
- local inport=$1 packet=$2$3$4; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-# test_arp INPORT SHA SPA TPA [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
- local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
- hv=`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $request
-
- if test X$reply_ha = X; then
- # Expect to receive the broadcast ARP on the other logical switch ports
- # if no reply is expected.
- local i j
- for i in 1 2 3; do
- for j in 1 2 3; do
- if test $i$j != $inport; then
- echo $request >> $i$j.expected
- fi
- done
- done
- else
- # Expect to receive the reply, if any.
- local reply=${sha}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
- echo $reply >> $inport.expected
- fi
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send packets between all pairs of source and destination ports:
-#
-# 1. Unicast packets are delivered to exactly one logical switch port
-# (except that packets destined to their input ports are dropped).
-#
-# 2. Broadcast and multicast are delivered to all logical switch ports
-# except the input port.
-#
-# 3. When port security is turned on, the switch drops packets from the wrong
-# MAC address.
-#
-# 4. The switch drops all packets with a VLAN tag.
-#
-# 5. The switch drops all packets with a multicast source address. (This only
-# affects behavior when port security is turned off, since otherwise port
-# security would drop the packet anyway.)
-#
-# 6. The switch delivers packets with an unknown destination to logical
-# switch ports with "unknown" among their MAC addresses (and port
-# security disabled).
-#
-# 7. The switch drops unicast packets that violate an ACL.
-#
-# 8. The switch drops multicast and broadcast packets that violate an ACL.
-#
-# 9. OVN generates responses to ARP requests for known IPs, except for
-# requests from a port for the port's own IP.
-#
-# 10. No response to ARP requests for unknown IPs.
-
-for is in 1 2 3; do
- for js in 1 2 3; do
- s=$is$js
- bcast=
- unknown=
- bacl2=
- bacl3=
- for id in 1 2 3; do
- for jd in 1 2 3; do
- d=$id$jd
-
- if test $d != $s; then unicast=$d; else unicast=; fi
- test_packet $s f000000000$d f000000000$s $s$d $unicast #1
-
- if test $d != $s && test $js = 1; then
- impersonate=$d
- else
- impersonate=
- fi
- test_packet $s f000000000$d f00000000055 55$d $impersonate #3
-
- if test $d != $s && test $s != 11; then acl2=$d; else acl2=; fi
- if test $d != $s && test $d != 33; then acl3=$d; else acl3=; fi
- if test $d = $s || (test $js = 1 && test $d = 33); then
- # Source of 11, 21, or 31 and dest of 33 should be dropped
- # due to the 4th ACL that uses address_set(set1).
- acl4=
- else
- acl4=$d
- fi
- if test $d = $s || test $d = 22 || test $d = 33; then
- # dest of 22 and 33 should be dropped
- # due to the 5th ACL that uses port_group(pg1).
- acl5=
- else
- acl5=$d
- fi
- test_packet $s f000000000$d f000000000$s 1234 #7, acl1
- test_packet $s f000000000$d f000000000$s 1235 $acl2 #7, acl2
- test_packet $s f000000000$d f000000000$s 1236 $acl3 #7, acl3
- test_packet $s f000000000$d f000000000$s 1237 $acl4 #7, acl4
- test_packet $s f000000000$d f000000000$s 1238 $acl5 #7, acl5
-
- test_packet $s f000000000$d f00000000055 810000091234 #4
- test_packet $s f000000000$d 0100000000$s $s$d #5
-
- if test $d != $s && test $jd = 1; then
- unknown="$unknown $d"
- fi
- bcast="$bcast $unicast"
- bacl2="$bacl2 $acl2"
- bacl3="$bacl3 $acl3"
-
- sip=`ip_to_hex 192 168 0 $is$js`
- tip=`ip_to_hex 192 168 0 $id$jd`
- tip_unknown=`ip_to_hex 11 11 11 11`
- if test $d != $s; then
- reply_ha=f000000000$d
- else
- reply_ha=
- fi
- test_arp $s f000000000$s $sip $tip $reply_ha #9
- test_arp $s f000000000$s $sip $tip_unknown #10
-
- if test $jd = 3; then
- # lsp[123]3 has an additional ip 192.169.0.[123]3.
- tip=`ip_to_hex 192 169 0 $id$jd`
- test_arp $s f000000000$s $sip $tip $reply_ha #9
- fi
- done
- done
-
- # Broadcast and multicast.
- test_packet $s ffffffffffff f000000000$s ${s}ff $bcast #2
- test_packet $s 010000000000 f000000000$s ${s}ff $bcast #2
- if test $js = 1; then
- bcast_impersonate=$bcast
- else
- bcast_impersonate=
- fi
- test_packet $s 010000000000 f00000000044 44ff $bcast_impersonate #3
-
- test_packet $s f0000000ffff f000000000$s ${s}66 $unknown #6
-
- test_packet $s ffffffffffff f000000000$s 1234 #8, acl1
- test_packet $s ffffffffffff f000000000$s 1235 $bacl2 #8, acl2
- test_packet $s ffffffffffff f000000000$s 1236 $bacl3 #8, acl3
- test_packet $s 010000000000 f000000000$s 1234 #8, acl1
- test_packet $s 010000000000 f000000000$s 1235 $bacl2 #8, acl2
- test_packet $s 010000000000 f000000000$s 1236 $bacl3 #8, acl3
- done
-done
-
-# set address for lp13 with invalid characters.
-# lp13 should be configured with only 192.168.0.13.
-ovn-nbctl lsp-set-addresses lp13 "f0:00:00:00:00:13 192.168.0.13 invalid 192.169.0.13"
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-sip=`ip_to_hex 192 168 0 11`
-tip=`ip_to_hex 192 168 0 13`
-test_arp 11 f00000000011 $sip $tip f00000000013
-
-tip=`ip_to_hex 192 169 0 13`
-#arp request for 192.169.0.13 should be flooded
-test_arp 11 f00000000011 $sip $tip
-
-# dump information and flows with counters
-ovn-sbctl dump-flows -- list multicast_group
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv3 dump ------"
-as hv3 ovs-vsctl show
-as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- for j in 1 2 3; do
- OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
- done
-done
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-# 2 hypervisors, one logical switch, 2 logical ports per hypervisor
-# logical ports bound to chassis encap-ip.
-AT_SETUP([ovn -- 2 HVs, 1 LS, 2 lports/HV])
-AT_KEYWORDS([ovnarp])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Create hypervisors hv[12].
-# Add vif1[12] to hv1, vif2[12] to hv2
-ovn-nbctl ls-add lsw0
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2; do
- ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
- ovn-nbctl lsp-add lsw0 lp$i$j
- ip_addrs="192.168.0.$i$j"
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j $ip_addrs"
- ovn-nbctl --wait=hv lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
- done
-done
-
-get_lsp_uuid () {
- ovn-nbctl lsp-list lsw0 | grep $1 | awk '{ print $1 }'
-}
-
-# XXX-Check how to pass lp$i1 in AT_CHECK_UNQUOTED, for now just do it
-# explictly
-
-# For Chassis hv1
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp11], [0], [dnl
-encap : [[]]
-])
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp12], [0], [dnl
-encap : [[]]
-])
-
-# For Chassis hv2
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp21], [0], [dnl
-encap : [[]]
-])
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp22], [0], [dnl
-encap : [[]]
-])
-
-# Bind the ports to the encap-ip
-for i in 1 2; do
- for j in 1 2; do
- as hv$i
- ovs-vsctl set Interface vif$i$j external-ids:encap-ip=192.168.0.$i
- done
-done
-
-sleep 1
-
-# dump port bindings; since we have vxlan and geneve tunnels, we expect the
-# ports to be bound to geneve tunnels.
-
-# For Chassis 1
-encap_rec=`ovn-sbctl --data=bare --no-heading --column _uuid find encap chassis_name=hv1 type=geneve ip=192.168.0.1`
-
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp11], [0], [dnl
-encap : ${encap_rec}
-])
-
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp12], [0], [dnl
-encap : ${encap_rec}
-])
-
-# For Chassis 2
-encap_rec=`ovn-sbctl --data=bare --no-heading --column _uuid find encap chassis_name=hv2 type=geneve ip=192.168.0.2`
-
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp21], [0], [dnl
-encap : ${encap_rec}
-])
-
-AT_CHECK_UNQUOTED([ovn-sbctl --column encap list port_binding lp22], [0], [dnl
-encap : ${encap_rec}
-])
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Make sure there is no attempt to adding duplicated flows by ovn-controller
-AT_FAIL_IF([test -n "`grep duplicate hv1/ovn-controller.log`"])
-AT_FAIL_IF([test -n "`grep duplicate hv2/ovn-controller.log`"])
-AT_FAIL_IF([test -n "`grep duplicate hv3/ovn-controller.log`"])
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv${1%?}
-}
-
-# test_packet INPORT DST SRC ETHTYPE OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11.
-for i in 1 2; do
- for j in 1 2; do
- : > $i$j.expected
- done
-done
-test_packet() {
- local inport=$1 packet=$2$3$4; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send packets between all pairs of source and destination ports:
-#
-# 1. Unicast packets are delivered to exactly one logical switch port
-# (except that packets destined to their input ports are dropped).
-
-for is in 1 2; do
- for js in 1 2; do
- s=$is$js
- bcast=
- unknown=
- bacl2=
- bacl3=
- for id in 1 2 3; do
- for jd in 1 2 3; do
- d=$id$jd
-
- if test $d != $s; then unicast=$d; else unicast=; fi
- test_packet $s f000000000$d f000000000$s $s$d $unicast #1
- done
- done
-
- done
-done
-
-# dump information and flows with counters
-ovn-sbctl dump-flows -- list multicast_group
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv3 dump ------"
-as hv3 ovs-vsctl show
-as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2; do
- for j in 1 2; do
- OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
- done
-done
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- trace 1 LS, 3 LSPs])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Create a logical switch and some logical ports.
-# Turn on port security on all lports except ls1.
-# Make ls1 a destination for unknown MACs.
-# Add some ACLs for Ethertypes 1234, 1235, 1236.
-ovn-nbctl ls-add lsw0
-ovn-sbctl chassis-add hv0 geneve 127.0.0.1
-for i in 1 2 3; do
- ovn-nbctl lsp-add lsw0 lp$i
-done
-ovn-nbctl --wait=sb sync
-for i in 1 2 3; do
- ovn-sbctl lsp-bind lp$i hv0
- if test $i = 1; then
- ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:0$i 192.168.0.$i" unknown
- else
- if test $i = 3; then
- ip_addrs="192.168.0.$i fe80::ea2a:eaff:fe28:$i/64 192.169.0.$i"
- else
- ip_addrs="192.168.0.$i"
- fi
- ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:0$i $ip_addrs"
- ovn-nbctl lsp-set-port-security lp$i f0:00:00:00:00:0$i
- fi
-done
-ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop
-ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1235 && inport == "lp1"' drop
-ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1236 && outport == "lp3"' drop
-ovn-nbctl create Address_Set name=set1 addresses=\"f0:00:00:00:00:01\",\"f0:00:00:00:00:02\"
-ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1237 && eth.src == $set1 && outport == "lp3"' drop
-
-ovn-nbctl --wait=sb sync
-on_exit 'kill `cat ovn-trace.pid`'
-ovn-trace --detach --pidfile --no-chdir
-
-# test_packet INPORT DST SRC [-vlan] [-eth TYPE] OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11.
-test_packet() {
- local inport=$1 eth_dst=$2 eth_src=$3; shift; shift; shift
- uflow="inport==\"lp$inport\" && eth.dst==$eth_dst && eth.src==$eth_src"
- while :; do
- case $1 in # (
- -vlan) uflow="$uflow && vlan.vid == 1234"; shift ;; # (
- -eth) uflow="$uflow && eth.type == 0x$2"; shift; shift ;; # (
- *) break ;;
- esac
- done
- for outport; do
- echo "output(\"lp$outport\");"
- done > expout
-
- AT_CAPTURE_FILE([trace])
- AT_CHECK([ovs-appctl -t ovn-trace trace --all lsw0 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout])
-}
-
-# test_arp INPORT SHA SPA TPA [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
-
- local request="inport == \"lp$inport\"
- && eth.dst == ff:ff:ff:ff:ff:ff && eth.src == $sha
- && arp.op == 1 && arp.sha == $sha && arp.spa == $spa
- && arp.tha == ff:ff:ff:ff:ff:ff && arp.tpa == $tpa"
-
- if test -z "$reply_ha"; then
- reply=
- local i
- for i in 1 2 3; do
- if test $i != $inport; then
- reply="${reply}output(\"lp$i\");
-"
- fi
- done
- else
- reply="\
-eth.dst = $sha;
-eth.src = $reply_ha;
-arp.op = 2;
-arp.tha = $sha;
-arp.sha = $reply_ha;
-arp.tpa = $spa;
-arp.spa = $tpa;
-output(\"lp$inport\");
-"
- fi
-
- AT_CAPTURE_FILE([trace])
- AT_CHECK_UNQUOTED([ovs-appctl -t ovn-trace trace --all lsw0 "$request" | tee trace | sed '1,/Minimal trace/d'], [0], [$reply])
-}
-
-# Send packets between all pairs of source and destination ports:
-#
-# 1. Unicast packets are delivered to exactly one logical switch port
-# (except that packets destined to their input ports are dropped).
-#
-# 2. Broadcast and multicast are delivered to all logical switch ports
-# except the input port.
-#
-# 3. When port security is turned on, the switch drops packets from the wrong
-# MAC address.
-#
-# 4. The switch drops all packets with a VLAN tag.
-#
-# 5. The switch drops all packets with a multicast source address. (This only
-# affects behavior when port security is turned off, since otherwise port
-# security would drop the packet anyway.)
-#
-# 6. The switch delivers packets with an unknown destination to logical
-# switch ports with "unknown" among their MAC addresses (and port
-# security disabled).
-#
-# 7. The switch drops unicast packets that violate an ACL.
-#
-# 8. The switch drops multicast and broadcast packets that violate an ACL.
-#
-# 9. OVN generates responses to ARP requests for known IPs, except for
-# requests from a port for the port's own IP.
-#
-# 10. No response to ARP requests for unknown IPs.
-
-for s in 1 2 3; do
- bcast=
- unknown=
- bacl2=
- bacl3=
- for d in 1 2 3; do
- echo
- echo "lp$s -> lp$d"
- if test $d != $s; then unicast=$d; else unicast=; fi
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s $unicast #1
-
- if test $d != $s && test $s = 1; then
- impersonate=$d
- else
- impersonate=
- fi
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 $impersonate #3
-
- if test $d != $s && test $s != 1; then acl2=$d; else acl2=; fi
- if test $d != $s && test $d != 3; then acl3=$d; else acl3=; fi
- if test $d = $s || ( (test $s = 1 || test $s = 2) && test $d = 3); then
- # Source of 1 or 2 and dest of 3 should be dropped
- # due to the 4th ACL that uses address_set(set1).
- acl4=
- else
- acl4=$d
- fi
-
- #7, acl1 to acl4:
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1234
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1235 $acl2
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1236 $acl3
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1237 $acl4
-
- test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 -vlan #4
- test_packet $s f0:00:00:00:00:0$d 01:00:00:00:00:0$s #5
-
- if test $d != $s && test $d = 1; then
- unknown="$unknown $d"
- fi
- bcast="$bcast $unicast"
- bacl2="$bacl2 $acl2"
- bacl3="$bacl3 $acl3"
-
- sip=192.168.0.$s
- tip=192.168.0.$d
- tip_unknown=11.11.11.11
- if test $d != $s; then reply_ha=f0:00:00:00:00:0$d; else reply_ha=; fi
- test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9
- test_arp $s f0:00:00:00:00:0$s $sip $tip_unknown #10
-
- if test $d = 3; then
- # lp3 has an additional ip 192.169.0.[123]3.
- tip=192.169.0.$d
- test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9
- fi
- done
-
- # Broadcast and multicast.
- test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s $bcast #2
- test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s $bcast #2
- if test $s = 1; then
- bcast_impersonate=$bcast
- else
- bcast_impersonate=
- fi
- test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:44 $bcast_impersonate #3
-
- test_packet $s f0:00:00:00:ff:ff f0:00:00:00:00:0$s $unknown #6
-
- #8, acl1 to acl3:
- test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1234
- test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1235 $bacl2
- test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1236 $bacl3
-
- #8, acl1 to acl3:
- test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1234
- test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1235 $bacl2
- test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1236 $bacl3
-done
-
-AT_CLEANUP
-
-# 2 hypervisors, 4 logical ports per HV
-# 2 locally attached networks (one flat, one vlan tagged over same device)
-# 2 ports per HV on each network
-AT_SETUP([ovn -- 2 HVs, 4 lports/HV, localnet ports])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# In this test cases we create 3 switches, all connected to same
-# physical network (through br-phys on each HV). Each switch has
-# VIF ports across 2 HVs. Each HV has 5 VIF ports. The first digit
-# of VIF port name indicates the hypervisor it is bound to, e.g.
-# lp23 means VIF 3 on hv2.
-#
-# Each switch's VLAN tag and their logical switch ports are:
-# - ls1:
-# - untagged
-# - ports: lp11, lp12, lp21, lp22
-#
-# - ls2:
-# - tagged with VLAN 101
-# - ports: lp13, lp14, lp23, lp24
-# - ls3:
-# - untagged
-# - ports: lp15, lp25
-#
-# Note: a localnet port is created for each switch to connect to
-# physical network.
-
-for i in 1 2 3; do
- ls_name=ls$i
- ovn-nbctl ls-add $ls_name
- ln_port_name=ln$i
- if test $i -eq 2; then
- ovn-nbctl lsp-add $ls_name $ln_port_name "" 101
- else
- ovn-nbctl lsp-add $ls_name $ln_port_name
- fi
- ovn-nbctl lsp-set-addresses $ln_port_name unknown
- ovn-nbctl lsp-set-type $ln_port_name localnet
- ovn-nbctl lsp-set-options $ln_port_name network_name=phys
-done
-
-# lsp_to_ls LSP
-#
-# Prints the name of the logical switch that contains LSP.
-lsp_to_ls () {
- case $1 in dnl (
- lp?[[12]]) echo ls1 ;; dnl (
- lp?[[34]]) echo ls2 ;; dnl (
- lp?5) echo ls3 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2 3 4 5; do
- ovs-vsctl add-port br-int vif$i$j -- \
- set Interface vif$i$j external-ids:iface-id=lp$i$j \
- options:tx_pcap=hv$i/vif$i$j-tx.pcap \
- options:rxq_pcap=hv$i/vif$i$j-rx.pcap \
- ofport-request=$i$j
-
- lsp_name=lp$i$j
- ls_name=$(lsp_to_ls $lsp_name)
-
- ovn-nbctl lsp-add $ls_name $lsp_name
- ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:00:$i$j
- ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$j
-
- OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup])
- done
-done
-ovn-nbctl --wait=sb sync
-ovn-sbctl dump-flows
-
-OVN_POPULATE_ARP
-
-# XXX This is now the 3rd copy of these functions in this file ...
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv${1%?}
-}
-#
-# test_packet INPORT DST SRC ETHTYPE EOUT LOUT
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). INPORT is specified as
-# logical switch port numbers, e.g. 11 for vif11.
-#
-# EOUT is the end-to-end output port, that is, where the packet will end up
-# after possibly bouncing through one or more localnet ports. LOUT is the
-# logical output port, which might be a localnet port, as seen by ovn-trace
-# (which doesn't know what localnet ports are connected to and therefore can't
-# figure out the end-to-end answer).
-for i in 1 2; do
- for j in 1 2 3 4 5; do
- : > $i$j.expected
- done
-done
-test_packet() {
- local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6
- echo "$@"
-
- # First try tracing the packet.
- uflow="inport==\"lp$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth"
- if test $lout != drop; then
- echo "output(\"$lout\");"
- fi > expout
- AT_CAPTURE_FILE([trace])
- AT_CHECK([ovn-trace --all $(lsp_to_ls lp$inport) "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout])
-
- # Then actually send a packet, for an end-to-end test.
- local packet=$(echo $dst$src | sed 's/://g')${eth}
- hv=`vif_to_hv $inport`
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- if test $eout != drop; then
- echo $packet >> ${eout#lp}.expected
- fi
-}
-
-# lp11 and lp21 are on the same network (phys, untagged)
-# and on different hypervisors
-test_packet 11 f0:00:00:00:00:21 f0:00:00:00:00:11 1121 lp21 lp21
-test_packet 21 f0:00:00:00:00:11 f0:00:00:00:00:21 2111 lp11 lp11
-
-# lp11 and lp12 are on the same network (phys, untagged)
-# and on the same hypervisor
-test_packet 11 f0:00:00:00:00:12 f0:00:00:00:00:11 1112 lp12 lp12
-test_packet 12 f0:00:00:00:00:11 f0:00:00:00:00:12 1211 lp11 lp11
-
-# lp13 and lp23 are on the same network (phys, VLAN 101)
-# and on different hypervisors
-test_packet 13 f0:00:00:00:00:23 f0:00:00:00:00:13 1323 lp23 lp23
-test_packet 23 f0:00:00:00:00:13 f0:00:00:00:00:23 2313 lp13 lp13
-
-# lp13 and lp14 are on the same network (phys, VLAN 101)
-# and on the same hypervisor
-test_packet 13 f0:00:00:00:00:14 f0:00:00:00:00:13 1314 lp14 lp14
-test_packet 14 f0:00:00:00:00:13 f0:00:00:00:00:14 1413 lp13 lp13
-
-# lp11 and lp15 are on the same network (phys, untagged),
-# same hypervisor, and on different switches
-test_packet 11 f0:00:00:00:00:15 f0:00:00:00:00:11 1115 lp15 ln1
-test_packet 15 f0:00:00:00:00:11 f0:00:00:00:00:15 1511 lp11 ln3
-
-# lp11 and lp25 are on the same network (phys, untagged),
-# different hypervisors, and on different switches
-test_packet 11 f0:00:00:00:00:25 f0:00:00:00:00:11 1125 lp25 ln1
-test_packet 25 f0:00:00:00:00:11 f0:00:00:00:00:25 2511 lp11 ln3
-
-# Ports that should not be able to communicate
-test_packet 11 f0:00:00:00:00:13 f0:00:00:00:00:11 1113 drop ln1
-test_packet 11 f0:00:00:00:00:23 f0:00:00:00:00:11 1123 drop ln1
-test_packet 21 f0:00:00:00:00:13 f0:00:00:00:00:21 2113 drop ln1
-test_packet 21 f0:00:00:00:00:23 f0:00:00:00:00:21 2123 drop ln1
-test_packet 13 f0:00:00:00:00:11 f0:00:00:00:00:13 1311 drop ln2
-test_packet 13 f0:00:00:00:00:21 f0:00:00:00:00:13 1321 drop ln2
-test_packet 23 f0:00:00:00:00:11 f0:00:00:00:00:23 2311 drop ln2
-test_packet 23 f0:00:00:00:00:21 f0:00:00:00:00:23 2321 drop ln2
-
-# Dump a bunch of info helpful for debugging if there's a failure.
-
-echo "------ OVN dump ------"
-ovn-nbctl show
-ovn-sbctl show
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2; do
- for j in 1 2 3 4 5; do
- OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
- done
-done
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- vtep: 3 HVs, 1 VIFs/HV, 1 GW, 1 LS])
-AT_KEYWORDS([vtep])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Configure the Northbound database
-ovn-nbctl ls-add lsw0
-
-ovn-nbctl lsp-add lsw0 lp1
-ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
-
-ovn-nbctl lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
-
-ovn-nbctl lsp-add lsw0 lp-vtep
-ovn-nbctl lsp-set-type lp-vtep vtep
-ovn-nbctl lsp-set-options lp-vtep vtep-physical-switch=br-vtep vtep-logical-switch=lsw0
-ovn-nbctl lsp-set-addresses lp-vtep unknown
-
-# lpr, lr and lrp1 are used for the ARP request handling test only.
-ovn-nbctl lsp-add lsw0 lpr
-ovn-nbctl lr-add lr
-ovn-nbctl lrp-add lr lrp1 f0:00:00:00:00:f1 192.168.1.1/24
-ovn-nbctl set Logical_Switch_Port lpr type=router \
- options:router-port=lrp1 \
- addresses='"f0:00:00:00:00:f1 192.168.1.1"'
-
-
-net_add n1 # Network to connect hv1, hv2, and vtep
-net_add n2 # Network to connect vtep and hv3
-
-# Create hypervisor hv1 connected to n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
-
-# Create hypervisor hv2 connected to n1
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv2/vif2-tx.pcap options:rxq_pcap=hv2/vif2-rx.pcap ofport-request=1
-
-
-# Start the vtep emulator with a leg in both networks
-sim_add vtep
-as vtep
-
-ovsdb-tool create "$ovs_base"/vtep/vtep.db "$abs_top_srcdir"/vtep/vtep.ovsschema || return 1
-ovs-appctl -t ovsdb-server ovsdb-server/add-db "$ovs_base"/vtep/vtep.db
-
-ovs-vsctl add-br br-phys
-net_attach n1 br-phys
-
-mac=`ovs-vsctl get Interface br-phys mac_in_use | sed s/\"//g`
-arp_table="$arp_table $sandbox,br-phys,192.168.0.3,$mac"
-ovs-appctl netdev-dummy/ip4addr br-phys 192.168.0.3/24 >/dev/null || return 1
-ovs-appctl ovs/route/add 192.168.0.3/24 br-phys >/dev/null || return 1
-
-ovs-vsctl add-br br-vtep
-net_attach n2 br-vtep
-
-vtep-ctl add-ps br-vtep
-vtep-ctl set Physical_Switch br-vtep tunnel_ips=192.168.0.3
-vtep-ctl add-ls lsw0
-
-start_daemon ovs-vtep br-vtep
-start_daemon ovn-controller-vtep --vtep-db=unix:"$ovs_base"/vtep/db.sock --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-
-OVS_WAIT_UNTIL([vtep-ctl bind-ls br-vtep br-vtep_n2 0 lsw0])
-
-OVS_WAIT_UNTIL([test -n "`as vtep vtep-ctl get-replication-mode lsw0 |
- grep -- source`"])
-# It takes more time for the update to be processed by ovs-vtep.
-sleep 1
-
-# Add hv3 on the other side of the vtep
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-net_attach n2 br-phys
-
-ovs-vsctl add-port br-phys vif3 -- set Interface vif3 options:tx_pcap=hv3/vif3-tx.pcap options:rxq_pcap=hv3/vif3-rx.pcap ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# test_packet INPORT DST SRC ETHTYPE OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 1 for vif1.
-for i in 1 2 3; do
- : > $i.expected
-done
-test_packet() {
- local inport=$1 packet=$2$3$4; shift; shift; shift; shift
- #hv=hv`echo $inport | sed 's/^\(.\).*/\1/'`
- hv=hv$inport
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-# Send packets between all pairs of source and destination ports:
-#
-# 1. Unicast packets are delivered to exactly one logical switch port
-# (except that packets destined to their input ports are dropped).
-#
-# 2. Broadcast and multicast are delivered to all logical switch ports
-# except the input port.
-#
-# 3. The switch delivers packets with an unknown destination to logical
-# switch ports with "unknown" among their MAC addresses (and port
-# security disabled).
-for s in 1 2 3; do
- bcast=
- unknown=
- for d in 1 2 3; do
- if test $d != $s; then unicast=$d; else unicast=; fi
- test_packet $s f0000000000$d f0000000000$s 00$s$d $unicast #1
-
- # The vtep (vif3) is the only one configured for "unknown"
- if test $d != $s && test $d = 3; then
- unknown="$unknown $d"
- fi
- bcast="$bcast $unicast"
- done
-
- # Broadcast and multicast.
- test_packet $s ffffffffffff f0000000000$s 0${s}ff $bcast #2
- test_packet $s 010000000000 f0000000000$s 0${s}ff $bcast #2
-
- test_packet $s f0000000ffff f0000000000$s 0${s}66 $unknown #3
-done
-
-# ARP request should not be responded to by logical switch router
-# type arp responder on HV1 and HV2 and should reach directly to
-# vif1 and vif2
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-sha=f00000000003
-spa=`ip_to_hex 192 168 1 2`
-tpa=`ip_to_hex 192 168 1 1`
-request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
-as hv3 ovs-appctl netdev-dummy/receive vif3 $request
-echo $request >> 1.expected
-echo $request >> 2.expected
-
-# dump information with counters
-echo "------ OVN dump ------"
-ovn-nbctl show
-ovn-sbctl show
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 show br-int
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-ofctl -O OpenFlow13 show br-int
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv3 dump ------"
-as hv3 ovs-vsctl show
-# note: hv3 has no logical port bind, thus it should not have br-int
-AT_CHECK([as hv3 ovs-ofctl -O OpenFlow13 show br-int], [1], [],
-[ovs-ofctl: br-int is not a bridge or a socket
-])
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- OVN_CHECK_PACKETS([hv$i/vif$i-tx.pcap], [$i.expected])
-done
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1],[hv2],[vtep])
-OVN_CLEANUP_VSWITCH([hv3])
-
-AT_CLEANUP
-
-# Similar test to "hardware GW"
-AT_SETUP([ovn -- 3 HVs, 1 VIFs/HV, 1 software GW, 1 LS])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Configure the Northbound database
-ovn-nbctl ls-add lsw0
-
-ovn-nbctl lsp-add lsw0 lp1
-ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
-
-ovn-nbctl lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
-
-ovn-nbctl lsp-add lsw0 lp-gw
-ovn-nbctl lsp-set-type lp-gw l2gateway
-ovn-nbctl lsp-set-options lp-gw network_name=physnet1 l2gateway-chassis=hv_gw
-ovn-nbctl lsp-set-addresses lp-gw unknown
-
-net_add n1 # Network to connect hv1, hv2, and gw
-net_add n2 # Network to connect gw and hv3
-
-# Create hypervisor hv1 connected to n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
-
-# Create hypervisor hv2 connected to n1
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv2/vif2-tx.pcap options:rxq_pcap=hv2/vif2-rx.pcap ofport-request=1
-
-# Create hypervisor hv_gw connected to n1 and n2
-# connect br-phys bridge to n1; connect hv-gw bridge to n2
-sim_add hv_gw
-as hv_gw
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl add-br br-phys2
-net_attach n2 br-phys2
-ovs-vsctl set open . external_ids:ovn-bridge-mappings="physnet1:br-phys2"
-
-# Add hv3 on the other side of the GW
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-net_attach n2 br-phys
-ovs-vsctl add-port br-phys vif3 -- set Interface vif3 options:tx_pcap=hv3/vif3-tx.pcap options:rxq_pcap=hv3/vif3-rx.pcap ofport-request=1
-
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# test_packet INPORT DST SRC ETHTYPE OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as lport numbers, e.g. 1 for vif1.
-for i in 1 2 3; do
- : > $i.expected
-done
-test_packet() {
- local inport=$1 packet=$2$3$4; shift; shift; shift; shift
- #hv=hv`echo $inport | sed 's/^\(.\).*/\1/'`
- hv=hv$inport
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-# Send packets between all pairs of source and destination ports:
-#
-# 1. Unicast packets are delivered to exactly one lport (except that packets
-# destined to their input ports are dropped).
-#
-# 2. Broadcast and multicast are delivered to all lports except the input port.
-#
-# 3. The lswitch delivers packets with an unknown destination to lports with
-# "unknown" among their MAC addresses (and port security disabled).
-for s in 1 2 3 ; do
- bcast=
- unknown=
- for d in 1 2 3 ; do
- if test $d != $s; then unicast=$d; else unicast=; fi
- test_packet $s f0000000000$d f0000000000$s 00$s$d $unicast #1
-
- # The vtep (vif3) is the only one configured for "unknown"
- if test $d != $s && test $d = 3; then
- unknown="$unknown $d"
- fi
- bcast="$bcast $unicast"
- done
-
- test_packet $s ffffffffffff f0000000000$s 0${s}ff $bcast #2
- test_packet $s 010000000000 f0000000000$s 0${s}ff $bcast #3
- test_packet $s f0000000ffff f0000000000$s 0${s}66 $unknown #4
-done
-
-echo "------ ovn-nbctl show ------"
-ovn-nbctl show
-echo "------ ovn-sbctl show ------"
-ovn-sbctl show
-
-echo "------ hv1 ------"
-as hv1 ovs-vsctl show
-echo "------ hv1 br-int ------"
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-echo "------ hv1 br-phys ------"
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-phys
-
-echo "------ hv2 ------"
-as hv2 ovs-vsctl show
-echo "------ hv2 br-int ------"
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-echo "------ hv2 br-phys ------"
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-phys
-
-echo "------ hv_gw ------"
-as hv_gw ovs-vsctl show
-echo "------ hv_gw br-phys ------"
-as hv_gw ovs-ofctl -O OpenFlow13 dump-flows br-phys
-echo "------ hv_gw br-phys2 ------"
-as hv_gw ovs-ofctl -O OpenFlow13 dump-flows br-phys2
-
-echo "------ hv3 ------"
-as hv3 ovs-vsctl show
-echo "------ hv3 br-phys ------"
-as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-phys
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- OVN_CHECK_PACKETS([hv$i/vif$i-tx.pcap], [$i.expected])
-done
-AT_CLEANUP
-
-# 3 hypervisors, 3 logical switches with 3 logical ports each, 1 logical router
-AT_SETUP([ovn -- 3 HVs, 3 LS, 3 lports/LS, 1 LR])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-#
-# Three logical switches ls1, ls2, ls3.
-# One logical router lr0 connected to ls[123],
-# with nine subnets, three per logical switch:
-#
-# lrp11 on ls1 for subnet 192.168.11.0/24
-# lrp12 on ls1 for subnet 192.168.12.0/24
-# lrp13 on ls1 for subnet 192.168.13.0/24
-# ...
-# lrp33 on ls3 for subnet 192.168.33.0/24
-#
-# 27 VIFs, 9 per LS, 3 per subnet: lp[123][123][123], where the first two
-# digits are the subnet and the last digit distinguishes the VIF.
-for i in 1 2 3; do
- ovn-nbctl ls-add ls$i
- for j in 1 2 3; do
- for k in 1 2 3; do
- # Add "unknown" to MAC addresses for lp?11, so packets for
- # MAC-IP bindings discovered via ARP later have somewhere to go.
- if test $j$k = 11; then unknown=unknown; else unknown=; fi
-
- ovn-nbctl \
- -- lsp-add ls$i lp$i$j$k \
- -- lsp-set-addresses lp$i$j$k \
- "f0:00:00:00:0$i:$j$k 192.168.$i$j.$k" $unknown
- done
- done
-done
-
-ovn-nbctl lr-add lr0
-for i in 1 2 3; do
- for j in 1 2 3; do
- ovn-nbctl lrp-add lr0 lrp$i$j 00:00:00:00:ff:$i$j 192.168.$i$j.254/24
- ovn-nbctl \
- -- lsp-add ls$i lrp$i$j-attachment \
- -- set Logical_Switch_Port lrp$i$j-attachment type=router \
- options:router-port=lrp$i$j \
- addresses='"00:00:00:00:ff:'$i$j'"'
- done
-done
-
-ovn-nbctl set Logical_Switch_Port lrp33-attachment \
- addresses='"00:00:00:00:ff:33 192.168.33.254"'
-
-# Physical network:
-#
-# Three hypervisors hv[123].
-# lp?1[123] spread across hv[123]: lp?11 on hv1, lp?12 on hv2, lp?13 on hv3.
-# lp?2[123] spread across hv[23]: lp?21 and lp?22 on hv2, lp?23 on hv3.
-# lp?3[123] all on hv3.
-
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- case $1 in dnl (
- ?11) echo 1 ;; dnl (
- ?12 | ?21 | ?22) echo 2 ;; dnl (
- ?13 | ?23 | ?3?) echo 3 ;;
- esac
-}
-
-# Given the name of a logical port, prints the name of its logical router
-# port, e.g. "vif_to_lrp 123" yields 12.
-vif_to_lrp() {
- echo ${1%?}
-}
-
-# Given the name of a logical port, prints the name of its logical
-# switch, e.g. "vif_to_ls 123" yields 1.
-vif_to_ls() {
- echo ${1%??}
-}
-
-net_add n1
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-done
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- hv=`vif_to_hv $i$j$k`
- as hv$hv ovs-vsctl \
- -- add-port br-int vif$i$j$k \
- -- set Interface vif$i$j$k \
- external-ids:iface-id=lp$i$j$k \
- options:tx_pcap=hv$hv/vif$i$j$k-tx.pcap \
- options:rxq_pcap=hv$hv/vif$i$j$k-rx.pcap \
- ofport-request=$i$j$k
- done
- done
-done
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 123 for vif123.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- : > $i$j$k.expected
- done
- done
-done
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- in_ls=`vif_to_ls $inport`
- in_lrp=`vif_to_lrp $inport`
- for outport; do
- out_ls=`vif_to_ls $outport`
- if test $in_ls = $out_ls; then
- # Ports on the same logical switch receive exactly the same packet.
- echo $packet
- else
- # Routing decrements TTL and updates source and dest MAC
- # (and checksum).
- out_lrp=`vif_to_lrp $outport`
- echo f00000000${outport}00000000ff${out_lrp}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
- fi >> $outport.expected
- done
-}
-
-# test_arp INPORT SHA SPA TPA [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
- local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $request
- as $hv ovs-appctl ofproto/trace br-int in_port=$inport $request
-
- # Expect to receive the broadcast ARP on the other logical switch ports if
- # IP address is not configured to the switch patch port.
- local i=`vif_to_ls $inport`
- local j k
- for j in 1 2 3; do
- for k in 1 2 3; do
- # 192.168.33.254 is configured to the switch patch port for lrp33,
- # so no ARP flooding expected for it.
- if test $i$j$k != $inport && test $tpa != `ip_to_hex 192 168 33 254`; then
- echo $request >> $i$j$k.expected
- fi
- done
- done
-
- # Expect to receive the reply, if any.
- if test X$reply_ha != X; then
- lrp=`vif_to_lrp $inport`
- local reply=${sha}00000000ff${lrp}08060001080006040002${reply_ha}${tpa}${sha}${spa}
- echo $reply >> $inport.expected
- fi
-}
-
-as hv1 ovs-vsctl --columns=name,ofport list interface
-as hv1 ovn-sbctl list port_binding
-as hv1 ovn-sbctl list datapath_binding
-as hv1 ovn-sbctl dump-flows
-as hv1 ovs-ofctl dump-flows br-int
-
-# Send IP packets between all pairs of source and destination ports:
-#
-# 1. Unicast IP packets are delivered to exactly one logical switch port
-# (except that packets destined to their input ports are dropped).
-#
-# 2. Broadcast IP packets are delivered to all logical switch ports
-# except the input port.
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-for is in 1 2 3; do
- for js in 1 2 3; do
- for ks in 1 2 3; do
- bcast=
- s=$is$js$ks
- smac=f00000000$s
- sip=`ip_to_hex 192 168 $is$js $ks`
- for id in 1 2 3; do
- for jd in 1 2 3; do
- for kd in 1 2 3; do
- d=$id$jd$kd
- dip=`ip_to_hex 192 168 $id$jd $kd`
- if test $is = $id; then dmac=f00000000$d; else dmac=00000000ff$is$js; fi
- if test $d != $s; then unicast=$d; else unicast=; fi
-
- test_ip $s $smac $dmac $sip $dip $unicast #1
-
- if test $id = $is && test $d != $s; then bcast="$bcast $d"; fi
- done
- done
- done
- test_ip $s $smac ffffffffffff $sip ffffffff $bcast #2
- done
- done
-done
-
-: > mac_bindings.expected
-
-# 3. Send an IP packet from every logical port to every other subnet,
-# to an IP address that does not have a static IP-MAC binding.
-# This should generate a broadcast ARP request for the destination
-# IP address in the destination subnet.
-# Moreover generate an ARP reply for each of the IP addresses ARPed
-for is in 1 2 3; do
- for js in 1 2 3; do
- for ks in 1 2 3; do
- s=$is$js$ks
- smac=f00000000$s
- sip=`ip_to_hex 192 168 $is$js $ks`
- for id in 1 2 3; do
- for jd in 1 2 3; do
- if test $is$js = $id$jd; then
- continue
- fi
-
- # Send the packet.
- dmac=00000000ff$is$js
- # Calculate a 4th octet for the destination that is
- # unique per $s, avoids the .1 .2 .3 and .254 IP addresses
- # that have static MAC bindings, and fits in the range
- # 0-255.
- o4=`expr $is '*' 9 + $js '*' 3 + $ks + 10`
- dip=`ip_to_hex 192 168 $id$jd $o4`
- test_ip $s $smac $dmac $sip $dip
-
- # Every LP on the destination subnet's lswitch should
- # receive the ARP request.
- lrmac=00000000ff$id$jd
- lrip=`ip_to_hex 192 168 $id$jd 254`
- arp=ffffffffffff${lrmac}08060001080006040001${lrmac}${lrip}000000000000${dip}
- for jd2 in 1 2 3; do
- for kd in 1 2 3; do
- echo $arp >> $id$jd2$kd.expected
- done
- done
-
- hmac=8000000000$o4
- rmac=00000000ff$id$jd
- echo ${hmac}${rmac}08004500001c00000000"3f1101"00${sip}${dip}0035111100080000 >> ${id}11.expected
-
- host_mac=8000000000$o4
- lrmac=00000000ff$id$jd
-
- arp_reply=${lrmac}${host_mac}08060001080006040002${host_mac}${dip}${lrmac}${lrip}
-
- hv=hv`vif_to_hv ${id}${jd}1`
- as $hv ovs-appctl netdev-dummy/receive vif${id}${jd}1 $arp_reply
-
- host_ip_pretty=192.168.$id$jd.$o4
- host_mac_pretty=80:00:00:00:00:$o4
- echo lrp$id$jd,$host_ip_pretty,$host_mac_pretty >> mac_bindings.expected
- done
- done
- done
- done
-done
-
-# Test router replies to ARP requests from all source ports:
-#
-# 4. Router replies to query for its MAC address from port's own IP address.
-#
-# 5. Router replies to query for its MAC address from any random IP address
-# in its subnet.
-#
-# 6. No reply to query for IP address other than router IP.
-#
-# 7. No reply to query from another subnet.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- smac=f00000000$i$j$k # Source MAC
- sip=`ip_to_hex 192 168 $i$j $k` # Source IP
- rip=`ip_to_hex 192 168 $i$j 254` # Router IP
- rmac=00000000ff$i$j # Router MAC
- otherip=`ip_to_hex 192 168 $i$j 55` # Some other IP in subnet
- externalip=`ip_to_hex 1 2 3 4` # Some other IP not in subnet
-
- test_arp $i$j$k $smac $sip $rip $rmac #4
- test_arp $i$j$k $smac $otherip $rip $rmac #5
- test_arp $i$j$k $smac $sip $otherip #6
-
- # When rip is 192.168.33.254, ARP request from externalip won't be
- # filtered, because 192.168.33.254 is configured to switch peer port
- # for lrp33.
- lrp33_rsp=
- if test $i = 3 && test $j = 3; then
- lrp33_rsp=$rmac
- fi
- test_arp $i$j$k $smac $externalip $rip $lrp33_rsp #7
-
- # MAC binding should be learned from ARP request.
- host_mac_pretty=f0:00:00:00:0$i:$j$k
-
- host_ip_pretty=192.168.$i$j.$k
- echo lrp$i$j,$host_ip_pretty,$host_mac_pretty >> mac_bindings.expected
-
- # mac_binding is learned and overwritten so only the last one remains.
- if test $k = 3; then
- # lrp33 will not learn from ARP request, because 192.168.33.254 is
- # configured to switch peer port for lrp33.
- if test $i != 3 || test $j != 3; then
- host_ip_pretty=192.168.$i$j.55
- echo lrp$i$j,$host_ip_pretty,$host_mac_pretty >> mac_bindings.expected
- fi
- fi
-
- done
- done
-done
-
-
-# Allow some time for packet forwarding.
-# XXX This can be improved.
-sleep 1
-
-# 8. Send an IP packet from every logical port to every other subnet. These
-# are the same packets already sent as #3, but now the destinations' IP-MAC
-# bindings have been discovered via ARP, so instead of provoking an ARP
-# request, these packets now get routed to their destinations (which don't
-# have static MAC bindings, so they go to the port we've designated as
-# accepting "unknown" MACs.)
-for is in 1 2 3; do
- for js in 1 2 3; do
- for ks in 1 2 3; do
- s=$is$js$ks
- smac=f00000000$s
- sip=`ip_to_hex 192 168 $is$js $ks`
- for id in 1 2 3; do
- for jd in 1 2 3; do
- if test $is$js = $id$jd; then
- continue
- fi
-
- # Send the packet.
- dmac=00000000ff$is$js
- # Calculate a 4th octet for the destination that is
- # unique per $s, avoids the .1 .2 .3 and .254 IP addresses
- # that have static MAC bindings, and fits in the range
- # 0-255.
- o4=`expr $is '*' 9 + $js '*' 3 + $ks + 10`
- dip=`ip_to_hex 192 168 $id$jd $o4`
- test_ip $s $smac $dmac $sip $dip
-
- # Expect the packet egress.
- host_mac=8000000000$o4
- outport=${id}11
- out_lrp=$id$jd
- echo ${host_mac}00000000ff${out_lrp}08004500001c00000000"3f1101"00${sip}${dip}0035111100080000 >> $outport.expected
- done
- done
- done
- done
-done
-
-ovn-sbctl -f csv -d bare --no-heading \
- -- --columns=logical_port,ip,mac list mac_binding > mac_bindings
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- OVN_CHECK_PACKETS([hv`vif_to_hv $i$j$k`/vif$i$j$k-tx.pcap],
- [$i$j$k.expected])
- done
- done
-done
-
-# Check the MAC bindings against those expected.
-AT_CHECK_UNQUOTED([sort < mac_bindings], [0], [`sort < mac_bindings.expected`
-])
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1], [hv2], [hv3])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- IP relocation using GARP request])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-#
-# Two logical switches ls1, ls2.
-# One logical router lr0 connected to ls[12],
-# with 2 subnets, 1 per logical switch:
-#
-# lrp1 on ls1 for subnet 192.168.1.1/24
-# lrp2 on ls2 for subnet 192.168.2.1/24
-#
-# 4 VIFs, 2 per LS lp[12][12], first digit being LS.
-# VIFs' fixed IP addresses are 192.168.[12].1[12].
-#
-# There is a secondary IP 192.168.1.100 that is unknown in NB and learned
-# through ARP only, and it can move between lp11 and lp12.
-#
-ovn-nbctl lr-add lr0
-for i in 1 2 ; do
- ovn-nbctl ls-add ls$i
- ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.1/24
- ovn-nbctl \
- -- lsp-add ls$i lrp$i-attachment \
- -- set Logical_Switch_Port lrp$i-attachment type=router \
- options:router-port=lrp$i \
- addresses=router
- for j in 1 2; do
- ovn-nbctl \
- -- lsp-add ls$i lp$i$j \
- -- lsp-set-addresses lp$i$j \
- "f0:00:00:00:00:$i$j 192.168.$i.1$j"
- done
-done
-
-# Physical network:
-# 2 hypervisors hv[12], lp?1 on hv1, lp?2 on hv2.
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located, e.g. "vif_to_hv 12" yields 2.
-vif_to_hv() {
- echo ${1#?}
-}
-
-# Given the name of a logical port, prints the name of its logical router
-# port, e.g. "vif_to_lrp 12" yields 1.
-vif_to_lrp() {
- echo ${1%?}
-}
-
-# Given the name of a logical port, prints the name of its logical
-# switch, e.g. "vif_to_ls 12" yields 1.
-vif_to_ls() {
- echo ${1%?}
-}
-
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-done
-for i in 1 2; do
- for j in 1 2; do
- hv=`vif_to_hv $i$j`
- as hv$hv ovs-vsctl \
- -- add-port br-int vif$i$j \
- -- set Interface vif$i$j \
- external-ids:iface-id=lp$i$j \
- options:tx_pcap=hv$hv/vif$i$j-tx.pcap \
- options:rxq_pcap=hv$hv/vif$i$j-rx.pcap \
- ofport-request=$i$j
- done
-done
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 12 for vif12.
-for i in 1 2; do
- for j in 1 2; do
- : > $i$j.expected
- done
-done
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- in_ls=`vif_to_ls $inport`
- in_lrp=`vif_to_lrp $inport`
- for outport; do
- out_ls=`vif_to_ls $outport`
- if test $in_ls = $out_ls; then
- # Ports on the same logical switch receive exactly the same packet.
- echo $packet
- else
- # Routing decrements TTL and updates source and dest MAC
- # (and checksum).
- out_lrp=`vif_to_lrp $outport`
- echo f000000000${outport}00000000ff0${out_lrp}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
- fi >> $outport.expected
- done
-}
-
-# test_arp INPORT SHA SPA TPA [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
- local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $request
-
- # Expect to receive the broadcast ARP on the other logical switch ports if
- # IP address is not configured to the switch patch port.
- local i=`vif_to_ls $inport`
- local j
- for j in 1 2; do
- if test $i$j != $inport; then
- echo $request >> $i$j$k.expected
- fi
- done
-
- # Expect to receive the reply, if any.
- if test X$reply_ha != X; then
- lrp=`vif_to_lrp $inport`
- local reply=${sha}00000000ff0${lrp}08060001080006040002${reply_ha}${tpa}${sha}${spa}
- echo $reply >> $inport.expected
- fi
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# lp11 send GARP request to announce ownership of 192.168.1.100.
-
-sha=f00000000011
-spa=`ip_to_hex 192 168 1 100`
-tpa=$spa
-test_arp 11 $sha $spa $tpa
-OVS_WAIT_UNTIL([test `ovn-sbctl find mac_binding ip="192.168.1.100" | wc -l` -gt 0])
-ovn-nbctl --wait=hv sync
-
-# Send an IP packet from lp21 to 192.168.1.100, which should go to lp11.
-
-smac=f00000000021
-dmac=00000000ff02
-sip=`ip_to_hex 192 168 2 11`
-dip=`ip_to_hex 192 168 1 100`
-test_ip 21 $smac $dmac $sip $dip 11
-
-# lp12 send GARP request to announce ownership of 192.168.1.100.
-
-sha=f00000000012
-test_arp 12 $sha $spa $tpa
-OVS_WAIT_UNTIL([ovn-sbctl find mac_binding ip="192.168.1.100" | grep f0:00:00:00:00:12])
-ovn-nbctl --wait=hv sync
-# give to the hv the time to send queued ip packets
-sleep 1
-
-# Send an IP packet from lp21 to 192.168.1.100, which should go to lp12.
-
-test_ip 21 $smac $dmac $sip $dip 12
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2; do
- for j in 1 2; do
- OVN_CHECK_PACKETS([hv`vif_to_hv $i$j`/vif$i$j-tx.pcap],
- [$i$j.expected])
- done
-done
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1], [hv2])
-
-AT_CLEANUP
-
-# 3 hypervisors, one logical switch, 3 logical ports per hypervisor
-AT_SETUP([ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Create hypervisors hv[123].
-# Add vif1[123] to hv1, vif2[123] to hv2, vif3[123] to hv3.
-# Add all of the vifs to a single logical switch lsw0.
-# Turn off port security on vifs vif[123]1
-# Turn on l2 port security on vifs vif[123]2
-# Turn of l2 and l3 port security on vifs vif[123]3
-# Make vif13, vif2[23], vif3[123] destinations for unknown MACs.
-ovn-nbctl ls-add lsw0
-net_add n1
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2 3; do
- ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
- ovn-nbctl lsp-add lsw0 lp$i$j
- if test $j = 1; then
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" unknown
- elif test $j = 2; then
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j"
- ovn-nbctl lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
- else
- extra_addr="f0:00:00:00:0$i:$i$j fe80::ea2a:eaff:fe28:$i$j"
- ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" "$extra_addr"
- ovn-nbctl lsp-set-port-security lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" "$extra_addr"
- fi
- done
-done
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv${1%?}
-}
-
-for i in 1 2 3; do
- for j in 1 2 3; do
- : > $i$j.expected
- done
-done
-
-# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-#
-# This shell function causes an ip packet to be received on INPORT.
-# The packet's content has Ethernet destination DST and source SRC
-# (each exactly 12 hex digits) and Ethernet type ETHTYPE (4 hex digits).
-# The OUTPORTs (zero or more) list the VIFs on which the packet should
-# be received. INPORT and the OUTPORTs are specified as logical switch
-# port numbers, e.g. 11 for vif11.
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-# test_arp INPORT SHA SPA TPA DROP [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local inport=$1 smac=$2 sha=$3 spa=$4 tpa=$5 drop=$6 reply_ha=$7
- local request=ffffffffffff${smac}08060001080006040001${sha}${spa}ffffffffffff${tpa}
- hv=`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $request
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $request
- if test $drop != 1; then
- if test X$reply_ha = X; then
- # Expect to receive the broadcast ARP on the other logical switch ports
- # if no reply is expected.
- local i j
- for i in 1 2 3; do
- for j in 1 2 3; do
- if test $i$j != $inport; then
- echo $request >> $i$j.expected
- fi
- done
- done
- else
- # Expect to receive the reply, if any.
- local reply=${smac}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
- echo $reply >> $inport.expected
- fi
- fi
-}
-
-# test_ipv6 INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-# This function is similar to test_ip() except that it sends
-# ipv6 packet
-test_ipv6() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}0000000000000000
- shift; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-# test_icmpv6 INPORT SRC_MAC DST_MAC SRC_IP DST_IP ICMP_TYPE OUTPORT...
-# This function is similar to test_ipv6() except it specifies the ICMPv6 type
-# of the test packet
-test_icmpv6() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 icmp_type=$6
- local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}${icmp_type}00000000000000
- shift; shift; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# no port security
-sip=`ip_to_hex 192 168 0 12`
-tip=`ip_to_hex 192 168 0 13`
-# the arp packet should be allowed even if lp[123]1 is
-# not configured with mac f00000000023 and ip 192.168.0.12
-for i in 1 2 3; do
- test_arp ${i}1 f00000000023 f00000000023 $sip $tip 0 f00000000013
- for j in 1 2 3; do
- if test $i != $j; then
- test_ip ${i}1 f000000000${i}1 f000000000${j}1 $sip $tip ${j}1
- fi
- done
-done
-
-# l2 port security
-sip=`ip_to_hex 192 168 0 12`
-tip=`ip_to_hex 192 168 0 13`
-
-# arp packet should be allowed since lp22 is configured with
-# mac f00000000022
-test_arp 22 f00000000022 f00000000022 $sip $tip 0 f00000000013
-
-# arp packet should not be allowed since lp32 is not configured with
-# mac f00000000021
-test_arp 32 f00000000021 f00000000021 $sip $tip 1
-
-# arp packet with sha set to f00000000021 should not be allowed
-# for lp12
-test_arp 12 f00000000012 f00000000021 $sip $tip 1
-
-# ip packets should be allowed and received since lp[123]2 do not
-# have l3 port security
-sip=`ip_to_hex 192 168 0 55`
-tip=`ip_to_hex 192 168 0 66`
-for i in 1 2 3; do
- for j in 1 2 3; do
- if test $i != $j; then
- test_ip ${i}2 f000000000${i}2 f000000000${j}2 $sip $tip ${j}2
- fi
- done
-done
-
-# ipv6 packets should be received by lp[123]2
-# lp[123]1 can send ipv6 traffic as there is no port security
-sip=fe800000000000000000000000000000
-tip=ff020000000000000000000000000000
-
-for i in 1 2 3; do
- test_ipv6 ${i}1 f000000000${i}1 f000000000${i}2 $sip $tip ${i}2
-done
-
-
-# l2 and l3 port security
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 22`
-# arp packet should be allowed since lp13 is configured with
-# f00000000013 and 192.168.0.13
-test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
-
-# the arp packet should be dropped because lp23 is not configured
-# with mac f00000000022
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 22`
-test_arp 23 f00000000022 f00000000022 $sip $tip 1
-
-# the arp packet should be dropped because lp33 is not configured
-# with ip 192.168.0.55
-spa=`ip_to_hex 192 168 0 55`
-tpa=`ip_to_hex 192 168 0 22`
-test_arp 33 f00000000031 f00000000031 $spa $tpa 1
-
-# ip packets should not be received by lp[123]3 since
-# l3 port security is enabled
-sip=`ip_to_hex 192 168 0 55`
-tip=`ip_to_hex 192 168 0 66`
-for i in 1 2 3; do
- for j in 1 2 3; do
- test_ip ${i}2 f000000000${i}2 f000000000${j}3 $sip $tip
- done
-done
-
-# ipv6 packets should be dropped for lp[123]3 since
-# it is configured with only ipv4 address
-sip=fe800000000000000000000000000000
-tip=ff020000000000000000000000000000
-
-for i in 1 2 3; do
- test_ipv6 ${i}3 f000000000${i}3 f00000000022 $sip $tip
-done
-
-# ipv6 packets should not be received by lp[123]3 with mac f000000000$[123]3
-# lp[123]1 can send ipv6 traffic as there is no port security
-for i in 1 2 3; do
- test_ipv6 ${i}1 f000000000${i}1 f000000000${i}3 $sip $tip
-done
-
-# lp13 has extra port security with mac f0000000113 and ipv6 addr
-# fe80::ea2a:eaff:fe28:0012
-
-# ipv4 packet should be dropped for lp13 with mac f0000000113
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 23`
-test_ip 13 f00000000113 f00000000023 $sip $tip
-
-# ipv6 packet should be received by lp[123]3 with mac f00000000${i}${i}3
-# and ip6.dst as fe80::ea2a:eaff:fe28:0${i}${i}3.
-# lp11 can send ipv6 traffic as there is no port security
-sip=ee800000000000000000000000000000
-for i in 1 2 3; do
- tip=fe80000000000000ea2aeafffe2800${i}3
- test_ipv6 11 f00000000011 f00000000${i}${i}3 $sip $tip ${i}3
-done
-
-
-# ipv6 packet should not be received by lp33 with mac f0000000333
-# and ip6.dst as fe80::ea2a:eaff:fe28:0023 as it is
-# configured with fe80::ea2a:eaff:fe28:0033
-# lp11 can send ipv6 traffic as there is no port security
-
-sip=ee800000000000000000000000000000
-tip=fe80000000000000ea2aeafffe280023
-test_ipv6 11 f00000000011 f00000000333 $sip $tip
-
-# ipv6 packet should be allowed for lp[123]3 with mac f0000000${i}${i}3
-# and ip6.src fe80::ea2a:eaff:fe28:0${i}${i}3 and ip6.src ::.
-# and should be dropped for any other ip6.src
-# lp21 can receive ipv6 traffic as there is no port security
-
-tip=ee800000000000000000000000000000
-for i in 1 2 3; do
- sip=fe80000000000000ea2aeafffe2800${i}3
- test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 21
-
- # Test ICMPv6 MLD reports (v1 and v2) and NS for DAD
- sip=00000000000000000000000000000000
- test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 83 21
- test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 8f 21
- test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff0200000000000000ea2aeafffe2800 87 21
- # Traffic to non-multicast traffic should be dropped
- test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 83
- # Traffic of other ICMPv6 types should be dropped
- test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 80
-
- # should be dropped
- sip=ae80000000000000ea2aeafffe2800aa
- test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip
-done
-
-# configure lsp13 to send and received IPv4 packets with an address range
-ovn-nbctl lsp-set-port-security lp13 "f0:00:00:00:00:13 192.168.0.13 20.0.0.4/24 10.0.0.0/24"
-
-sleep 2
-
-sip=`ip_to_hex 10 0 0 13`
-tip=`ip_to_hex 192 168 0 22`
-# arp packet with inner ip 10.0.0.13 should be allowed for lsp13
-test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
-
-sip=`ip_to_hex 10 0 0 14`
-tip=`ip_to_hex 192 168 0 23`
-# IPv4 packet from lsp13 with src ip 10.0.0.14 destined to lsp23
-# with dst ip 192.168.0.23 should be allowed
-test_ip 13 f00000000013 f00000000023 $sip $tip 23
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 10 0 0 15`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 10.0.0.15 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 4`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 20.0.0.4 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 5`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 20.0.0.5 should not be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 255`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 20.0.0.255 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 192 168 0 255`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 192.168.0.255 should not be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip
-
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 224 0 0 4`
-# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
-# with dst ip 224.0.0.4 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
-
-#dump information including flow counters
-ovn-nbctl show
-ovn-sbctl dump-flows -- list multicast_group
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 show br-int
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-ofctl -O OpenFlow13 show br-int
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-echo "------ hv3 dump ------"
-as hv3 ovs-vsctl show
-as hv3 ovs-ofctl -O OpenFlow13 show br-int
-as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- for j in 1 2 3; do
- OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
- done
-done
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 2 LS, 1 lport/LS, 2 peer LRs])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other as peers in 20.0.0.0/24
-# network. R1 has a switchs ls1 (191.168.1.0/24) connected to it.
-# R2 has ls2 (172.16.1.0/24) connected to it.
-
-ls1_lp1_mac="f0:00:00:01:02:03"
-rp_ls1_mac="00:00:00:01:02:03"
-rp_ls2_mac="00:00:00:01:02:04"
-ls2_lp1_mac="f0:00:00:01:02:04"
-
-ls1_lp1_ip="192.168.1.2"
-ls2_lp1_ip="172.16.1.2"
-
-ovn-nbctl lr-add R1
-ovn-nbctl lr-add R2
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 $rp_ls1_mac 192.168.1.1/24
-
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
- options:router-port=ls1 addresses=\"$rp_ls1_mac\"
-
-# Connect ls2 to R2
-ovn-nbctl lrp-add R2 ls2 $rp_ls2_mac 172.16.1.1/24
-
-ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 type=router \
- options:router-port=ls2 addresses=\"$rp_ls2_mac\"
-
-# Connect R1 to R2
-ovn-nbctl lrp-add R1 R1_R2 00:00:00:02:03:04 20.0.0.1/24 peer=R2_R1
-ovn-nbctl lrp-add R2 R2_R1 00:00:00:02:03:05 20.0.0.2/24 peer=R1_R2
-
-ovn-nbctl lr-route-add R1 "0.0.0.0/0" 20.0.0.2
-ovn-nbctl lr-route-add R2 "0.0.0.0/0" 20.0.0.1
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "$ls1_lp1_mac $ls1_lp1_ip"
-
-# Create logical port ls2-lp1 in ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "$ls2_lp1_mac $ls2_lp1_ip"
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Packet to send.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_lp1_mac && eth.dst==$rp_ls1_mac &&
- ip4 && ip.ttl==64 && ip4.src==$ls1_lp1_ip && ip4.dst==$ls2_lp1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-
-# Packet to Expect
-# The TTL should be decremented by 2.
-packet="eth.src==$rp_ls2_mac && eth.dst==$ls2_lp1_mac &&
- ip4 && ip.ttl==62 && ip4.src==$ls1_lp1_ip && ip4.dst==$ls2_lp1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $packet | ovstest test-ovn expr-to-packets > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_arp_resolve | \
-grep "reg0 == 172.16.1.2" | wc -l], [0], [1
-])
-
-# Disable the ls2-lp1 port.
-ovn-nbctl --wait=hv set logical_switch_port ls2-lp1 enabled=false
-
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_arp_resolve | \
-grep "reg0 == 172.16.1.2" | wc -l], [0], [0
-])
-
-# Generate the packet destined for ls2-lp1 and it should not be delivered.
-# Packet to send.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_lp1_mac && eth.dst==$rp_ls1_mac &&
- ip4 && ip.ttl==64 && ip4.src==$ls1_lp1_ip && ip4.dst==$ls2_lp1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-# The 2nd packet sent shound not be received.
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-
-AT_SETUP([ovn -- 1 HV, 1 LS, 2 lport/LS, 1 LR])
-AT_KEYWORDS([router-admin-state])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR - R1 has switch ls1 with two subnets attached to it (191.168.1.0/24
-# and 172.16.1.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add ls1
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:03 192.168.1.1/24 172.16.1.1/24
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
- options:router-port=ls1 addresses=\"00:00:00:01:02:03\"
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
- -- lsp-set-addresses ls1-lp1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port ls1-lp2 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp2 \
- -- lsp-set-addresses ls1-lp2 "f0:00:00:01:02:04 172.16.1.2"
-
-# Create one hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int vif1 -- \
- set interface vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif2 -- \
- set interface vif2 external-ids:iface-id=ls1-lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=1
-
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Send ip packets between the two ports.
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Packet to send.
-src_mac="f00000010203"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
-
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-
-#Disable router R1
-ovn-nbctl set Logical_Router R1 enabled=false
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
-
-# Packet to Expect
-expect_src_mac="000000010203"
-expect_dst_mac="f00000010204"
-echo "${expect_dst_mac}${expect_src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-
-AT_SETUP([ovn -- 1 HV, 2 LSs, 1 lport/LS, 1 LR])
-AT_KEYWORDS([router-admin-state])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
-# and has switch ls2 (172.16.1.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
- options:router-port=ls1 addresses=\"00:00:00:01:02:03\"
-
-# Connect ls2 to R1
-ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:04 172.16.1.1/24
-ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 type=router \
- options:router-port=ls2 addresses=\"00:00:00:01:02:04\"
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port ls2-lp1 in ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Create one hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int vif1 -- \
- set interface vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif2 -- \
- set interface vif2 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=1
-
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Send ip packets between the two ports.
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Packet to send.
-src_mac="f00000010203"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
-
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-#Disable router R1
-ovn-nbctl set Logical_Router R1 enabled=false
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-# Allow some time for the disabling of logical router R1 to propagate.
-# XXX This should be more systematic.
-sleep 1
-
-as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
-
-# Packet to Expect
-expect_src_mac="000000010204"
-expect_dst_mac="f00000010204"
-echo "${expect_dst_mac}${expect_src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 3 LS, 1 lport/LS, 2 peer LRs, static routes])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other as peers in 20.0.0.0/24
-# network. R1 has switchess foo (192.168.1.0/24)
-# connected to it.
-# R2 has alice (172.16.1.0/24) and bob (172.16.2.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-ovn-nbctl lr-add R2
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add bob
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo addresses=\"00:00:00:01:02:03\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:00:01:02:04 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:00:01:02:04\"
-
-# Connect bob to R2
-ovn-nbctl lrp-add R2 bob 00:00:00:01:02:05 172.16.2.1/24
-ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob type=router \
- options:router-port=bob addresses=\"00:00:00:01:02:05\"
-
-# Connect R1 to R2
-ovn-nbctl lrp-add R1 R1_R2 00:00:00:02:03:04 20.0.0.1/24 peer=R2_R1
-ovn-nbctl lrp-add R2 R2_R1 00:00:00:02:03:05 20.0.0.2/24 peer=R1_R2
-
-#install static routes
-ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
-ovn-nbctl lr-route-add R2 172.16.2.0/24 20.0.0.2 R1_R2
-ovn-nbctl lr-route-add R2 192.168.1.0/24 20.0.0.1
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port alice1 in alice
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Create logical port bob1 in bob
-ovn-nbctl lsp-add bob bob1 \
--- lsp-set-addresses bob1 "f0:00:00:01:02:05 172.16.2.2"
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=alice1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=bob1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and alice1
-src_mac="f00000010203"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-# Send ip packets between foo1 and bob1
-src_mac="f00000010203"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 2 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump ----------"
-as hv2 ovs-ofctl dump-flows br-int
-
-# Packet to Expect at bob1
-src_mac="000000010205"
-dst_mac="f00000010205"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 2 2`
-echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Packet to Expect at alice1
-src_mac="000000010204"
-dst_mac="f00000010204"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- send gratuitous arp on localnet])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-ovn-nbctl ls-add lsw0
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0
-
-ovn_attach n1 br-phys 192.168.0.1
-
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
-AT_CHECK([ovs-vsctl add-port br-eth0 snoopvif -- set Interface snoopvif options:tx_pcap=hv/snoopvif-tx.pcap options:rxq_pcap=hv/snoopvif-rx.pcap])
-
-# Create a vif.
-AT_CHECK([ovn-nbctl lsp-add lsw0 localvif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses localvif1 "f0:00:00:00:00:01 192.168.1.2"])
-AT_CHECK([ovn-nbctl lsp-set-port-security localvif1 "f0:00:00:00:00:01"])
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add lsw0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
-
-AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 external_ids:iface-id=localvif1])
-
-# Wait for packet to be received.
-echo "fffffffffffff0000000000108060001080006040001f00000000001c0a80102000000000000c0a80102" > expected
-OVN_CHECK_PACKETS([hv/snoopvif-tx.pcap], [expected])
-
-# Check GARP packet when restart openflow connection.
-as hv
-OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
-
-OVS_WAIT_UNTIL([grep -c "waiting 4 seconds before reconnect" hv/ovn-controller.log])
-
-as hv
-start_daemon ovs-vswitchd --enable-dummy=system -vvconn -vofproto_dpif -vunixctl
-
-# Wait for packet to be received.
-echo "fffffffffffff0000000000108060001080006040001f00000000001c0a80102000000000000c0a80102" > expected
-OVN_CHECK_PACKETS([hv/snoopvif-tx.pcap], [expected])
-
-# Delete the localnet ports.
-AT_CHECK([ovs-vsctl del-port localvif1])
-AT_CHECK([ovn-nbctl lsp-del ln_port])
-
-OVN_CLEANUP([hv])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 3 LRs connected via LS, static routes])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24)
-# connected to it. R2 has alice (172.16.1.0/24) and R3 has bob (10.32.1.0/24)
-# connected to it.
-
-ovn-nbctl lr-add R1
-ovn-nbctl lr-add R2
-ovn-nbctl lr-add R3
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add bob
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect bob to R3
-ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 10.32.1.1/24
-ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
- type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Connect R3 to join
-ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
-ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
- type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
-
-#install static routes
-ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
-ovn-nbctl lr-route-add R1 10.32.1.0/24 20.0.0.3
-
-ovn-nbctl lr-route-add R2 192.168.1.0/24 20.0.0.1
-ovn-nbctl lr-route-add R2 10.32.1.0/24 20.0.0.3
-
-ovn-nbctl lr-route-add R3 192.168.1.0/24 20.0.0.1
-ovn-nbctl lr-route-add R3 172.16.1.0/24 20.0.0.2
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port alice1 in alice
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Create logical port bob1 in bob
-ovn-nbctl lsp-add bob bob1 \
--- lsp-set-addresses bob1 "f0:00:00:01:02:05 10.32.1.2"
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=alice1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=bob1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and alice1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
-
-# Send ip packets between foo1 and bob1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 10 32 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-echo "----------------------------"
-
-# Packet to Expect at bob1
-src_mac="000003010203"
-dst_mac="f00000010205"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 10 32 1 2`
-echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Packet to Expect at alice1
-src_mac="000002010203"
-dst_mac="f00000010204"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- dhcpv4 : 1 HV, 2 LS, 2 LSPs/LS])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-ovn-nbctl lsp-add ls1 ls1-lp2 \
--- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
-
-ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
-
-ovn-nbctl ls-add ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "f0:00:00:00:00:03 30.0.0.6 40.0.0.4"
-ovn-nbctl lsp-set-port-security ls2-lp1 "f0:00:00:00:00:03 30.0.0.6 40.0.0.4"
-ovn-nbctl lsp-add ls2 ls2-lp2 \
--- lsp-set-addresses ls2-lp2 "f0:00:00:00:00:04 30.0.0.7"
-ovn-nbctl lsp-set-port-security ls2-lp2 "f0:00:00:00:00:04 30.0.0.7"
-
-d1="$(ovn-nbctl create DHCP_Options cidr=10.0.0.0/24 \
-options="\"server_id\"=\"10.0.0.1\" \"server_mac\"=\"ff:10:00:00:00:01\" \
-\"lease_time\"=\"3600\" \"router\"=\"10.0.0.1\"")"
-
-ovn-nbctl lsp-set-dhcpv4-options ls1-lp1 ${d1}
-ovn-nbctl lsp-set-dhcpv4-options ls1-lp2 ${d1}
-
-d2="$(ovn-nbctl create DHCP_Options cidr=30.0.0.0/24 \
-options="\"server_id\"=\"30.0.0.1\" \"server_mac\"=\"ff:10:00:00:00:02\" \
-\"lease_time\"=\"3600\"")"
-
-ovn-nbctl lsp-set-dhcpv4-options ls2-lp2 ${d2}
-
-net_add n1
-sim_add hv1
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-ovs-vsctl -- add-port br-int hv1-vif3 -- \
- set interface hv1-vif3 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=hv1/vif3-tx.pcap \
- options:rxq_pcap=hv1/vif3-rx.pcap \
- ofport-request=3
-
-ovs-vsctl -- add-port br-int hv1-vif4 -- \
- set interface hv1-vif4 external-ids:iface-id=ls2-lp2 \
- options:tx_pcap=hv1/vif4-tx.pcap \
- options:rxq_pcap=hv1/vif4-rx.pcap \
- ofport-request=4
-
-OVN_POPULATE_ARP
-
-sleep 2
-
-as hv1 ovs-vsctl show
-
-# This shell function sends a DHCP request packet
-# test_dhcp INPORT SRC_MAC DHCP_TYPE OFFER_IP REQUEST_IP ...
-test_dhcp() {
- local inport=$1 src_mac=$2 dhcp_type=$3 ciaddr=$4 offer_ip=$5 request_ip=$6 use_ip=$7
- shift; shift; shift; shift; shift; shift; shift;
- if test $use_ip != 0; then
- src_ip=$1
- dst_ip=$2
- shift; shift;
- else
- src_ip=`ip_to_hex 0 0 0 0`
- dst_ip=`ip_to_hex 255 255 255 255`
- fi
- if test $request_ip != 0; then
- ip_len=0120
- udp_len=010b
- else
- ip_len=011a
- udp_len=0106
- fi
- local request=ffffffffffff${src_mac}08004510${ip_len}0000000080110000${src_ip}${dst_ip}
- # udp header and dhcp header
- request=${request}00440043${udp_len}0000
- request=${request}010106006359aa7600000000${ciaddr}000000000000000000000000${src_mac}
- # client hardware padding
- request=${request}00000000000000000000
- # server hostname
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- # boot file name
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- # dhcp magic cookie
- request=${request}63825363
- # dhcp message type
- request=${request}3501${dhcp_type}
- # dhcp unknown option
- request=${request}d70701020304050607
- # dhcp pad option
- request=${request}00
- if test $request_ip != 0; then
- # dhcp requested ip
- request=${request}3204${request_ip}
- fi
- # dhcp end option
- request=${request}ff
-
- for port in $inport "$@"; do
- : >> $port.expected
- done
- if test $offer_ip != 0; then
- local srv_mac=$1 srv_ip=$2 dhcp_reply_type=$3 expected_dhcp_opts=$4
- # total IP length will be the IP length of the request packet
- # (which is 272 in our case) + 8 (padding bytes) + (expected_dhcp_opts / 2)
- ip_len=`expr 280 + ${#expected_dhcp_opts} / 2`
- udp_len=`expr $ip_len - 20`
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- # $ip_len var will be in 3 digits i.e 134. So adding a '0' before $ip_len
- local reply=${src_mac}${srv_mac}080045100${ip_len}000000008011XXXX${srv_ip}${offer_ip}
- # udp header and dhcp header.
- # $udp_len var will be in 3 digits. So adding a '0' before $udp_len
- reply=${reply}004300440${udp_len}0000020106006359aa7600000000${ciaddr}
- # your ip address; 0 for NAK
- if test $dhcp_reply_type = 06; then
- reply=${reply}00000000
- else
- reply=${reply}${offer_ip}
- fi
- # next server ip address, relay agent ip address, client mac address
- reply=${reply}0000000000000000${src_mac}
- # client hardware padding
- reply=${reply}00000000000000000000
- # server hostname
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- # boot file name
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- # dhcp magic cookie
- reply=${reply}63825363
- reply=${reply}3501${dhcp_reply_type}${expected_dhcp_opts}00000000ff00000000
- echo $reply >> $inport.expected
- else
- for outport; do
- echo $request >> $outport.expected
- done
- fi
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-AT_CAPTURE_FILE([ofctl_monitor0.log])
-as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-# Send DHCPDISCOVER.
-offer_ip=`ip_to_hex 10 0 0 4`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=`ip_to_hex 0 0 0 0`
-request_ip=0
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 1 f00000000001 01 $ciaddr $offer_ip $request_ip 0 ff1000000001 $server_ip 02 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 1.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-cat 1.expected | cut -c -48 > expout
-AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 1.expected | cut -c 53- > expout
-AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
-
-# ovs-ofctl also resumes the packets and this causes other ports to receive
-# the DHCP request packet. So reset the pcap files so that its easier to test.
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST in the SELECTING/INIT-REBOOT state with the offered IP
-# address in the Requested IP Address option.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=`ip_to_hex 0 0 0 0`
-request_ip=$offer_ip
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 0 ff1000000001 $server_ip 05 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST in the SELECTING/INIT-REBOOT state with a mismatched IP in
-# the Requested IP Address option, expect a DHCPNAK.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=`ip_to_hex 0 0 0 0`
-request_ip=`ip_to_hex 10 0 0 7`
-expected_dhcp_opts=""
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 0 ff1000000001 $server_ip 06 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 3.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send Invalid DHCPv4 packet on ls1-lp2. It should be received by ovn-controller
-# but should be resumed without the reply.
-# ls1-lp1 (vif1-tx.pcap) should receive the DHCPv4 request packet twice,
-# one from ovn-controller and the other from "ovs-ofctl resume."
-ciaddr=`ip_to_hex 0 0 0 0`
-offer_ip=0
-request_ip=0
-test_dhcp 2 f00000000002 08 $ciaddr $offer_ip $request_ip 0 1 1
-
-# NXT_RESUMEs should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-# vif1-tx.pcap should have received the DHCPv4 (invalid) request packet
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [1.expected])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPv4 packet on ls2-lp1. It doesn't have any DHCPv4 options defined.
-# ls2-lp2 (vif4-tx.pcap) should receive the DHCPv4 request packet once.
-
-ciaddr=`ip_to_hex 0 0 0 0`
-test_dhcp 3 f00000000003 01 $ciaddr 0 0 4 0
-
-# Send DHCPv4 packet on ls2-lp2. "router" DHCPv4 option is not defined for
-# this lport.
-ciaddr=`ip_to_hex 0 0 0 0`
-test_dhcp 4 f00000000004 01 $ciaddr 0 0 3 0
-
-# NXT_RESUMEs should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-#OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [3.expected])
-#OVN_CHECK_PACKETS([hv1/vif4-tx.pcap], [4.expected])
-
-# Send DHCPREQUEST in the RENEWING/REBINDING state with ip4.src set to 10.0.0.6
-# and ip4.dst set to 10.0.0.1.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=$offer_ip
-request_ip=0
-src_ip=$offer_ip
-dst_ip=$server_ip
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 05 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 5.
-OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST in the RENEWING/REBINDING state with ip4.src set to 10.0.0.6
-# and ip4.dst set to 255.255.255.255.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=$offer_ip
-request_ip=0
-src_ip=$offer_ip
-dst_ip=`ip_to_hex 255 255 255 255`
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 05 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 6.
-OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST in the RENEWING/REBINDING state with a mismatched IP in the
-# ciaddr, expect a DHCPNAK.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=`ip_to_hex 10 0 0 7`
-request_ip=0
-src_ip=$offer_ip
-dst_ip=`ip_to_hex 255 255 255 255`
-expected_dhcp_opts=""
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 06 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 7.
-OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST in the RENEWING/REBINDING state without a specifyied ciaddr,
-# expect a DHCPNAK.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-ciaddr=`ip_to_hex 0 0 0 0`
-request_ip=0
-src_ip=$offer_ip
-dst_ip=`ip_to_hex 255 255 255 255`
-expected_dhcp_opts=""
-test_dhcp 2 f00000000002 03 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 06 $expected_dhcp_opts
-
-# NXT_RESUMEs should be 8.
-OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Send DHCPREQUEST with ip4.src set to 10.0.0.6 and ip4.dst set to 10.0.0.4.
-# The packet should not be received by ovn-controller.
-ciaddr=`ip_to_hex 0 0 0 0`
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 4`
-test_dhcp 2 f00000000002 03 $ciaddr 0 0 1 $src_ip $dst_ip 1
-
-# NXT_RESUMEs should be 8.
-OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-# vif1-tx.pcap should have received the DHCPv4 request packet
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [1.expected])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- dhcpv6 : 1 HV, 2 LS, 5 LSPs])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 ae70::4"
-
-ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 ae70::4"
-
-ovn-nbctl lsp-add ls1 ls1-lp2 \
--- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 ae70::5"
-
-ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 ae70::5"
-
-ovn-nbctl lsp-add ls1 ls1-lp3 \
--- lsp-set-addresses ls1-lp3 "f0:00:00:00:00:22 ae70::22"
-
-ovn-nbctl lsp-set-port-security ls1-lp3 "f0:00:00:00:00:22 ae70::22"
-
-d1="$(ovn-nbctl create DHCP_Options cidr="ae70\:\:/64" \
-options="\"server_id\"=\"00:00:00:10:00:01\"")"
-
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp1 ${d1}
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp2 ${d1}
-
-d2="$(ovn-nbctl create DHCP_Options cidr="ae70\:\:/64" \
-options="\"dhcpv6_stateless\"=\"true\" \"server_id\"=\"00:00:00:10:00:01\"")"
-
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp3 ${d2}
-
-ovn-nbctl ls-add ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "f0:00:00:00:00:03 be70::3"
-ovn-nbctl lsp-set-port-security ls2-lp1 "f0:00:00:00:00:03 be70::3"
-ovn-nbctl lsp-add ls2 ls2-lp2 \
--- lsp-set-addresses ls2-lp2 "f0:00:00:00:00:04 be70::4"
-ovn-nbctl lsp-set-port-security ls2-lp2 "f0:00:00:00:00:04 be70::4"
-
-net_add n1
-sim_add hv1
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-ovs-vsctl -- add-port br-int hv1-vif3 -- \
- set interface hv1-vif3 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=hv1/vif3-tx.pcap \
- options:rxq_pcap=hv1/vif3-rx.pcap \
- ofport-request=3
-
-ovs-vsctl -- add-port br-int hv1-vif4 -- \
- set interface hv1-vif4 external-ids:iface-id=ls2-lp2 \
- options:tx_pcap=hv1/vif4-tx.pcap \
- options:rxq_pcap=hv1/vif4-rx.pcap \
- ofport-request=4
-
-ovs-vsctl -- add-port br-int hv1-vif5 -- \
- set interface hv1-vif5 external-ids:iface-id=ls1-lp3 \
- options:tx_pcap=hv1/vif5-tx.pcap \
- options:rxq_pcap=hv1/vif5-rx.pcap \
- ofport-request=5
-
-OVN_POPULATE_ARP
-
-sleep 2
-
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-# This shell function sends a DHCPv6 request packet
-# test_dhcpv6 INPORT SRC_MAC SRC_LLA DHCPv6_MSG_TYPE OFFER_IP OUTPORT...
-# The OUTPORTs (zero or more) list the VIFs on which the original DHCPv6
-# packet should be received twice (one from ovn-controller and the other
-# from the "ovs-ofctl monitor br-int resume"
-test_dhcpv6() {
- local inport=$1 src_mac=$2 src_lla=$3 msg_code=$4 offer_ip=$5
- if test $msg_code != 0b; then
- req_len=2a
- else
- req_len=1a
- fi
- local request=ffffffffffff${src_mac}86dd0000000000${req_len}1101${src_lla}
- # dst ip ff02::1:2
- request=${request}ff020000000000000000000000010002
- # udp header and dhcpv6 header
- request=${request}0222022300${req_len}ffff${msg_code}010203
- # Client identifier
- request=${request}0001000a00030001${src_mac}
- # Add IA-NA (Identity Association for Non Temporary Address) if msg_code
- # is not 11 (information request packet)
- if test $msg_code != 0b; then
- request=${request}0003000c0102030400000e1000001518
- fi
- shift; shift; shift; shift; shift;
- if test $offer_ip != 0; then
- local server_mac=000000100001
- local server_lla=fe80000000000000020000fffe100001
- local reply_code=07
- if test $msg_code = 01; then
- reply_code=02
- fi
- local msg_len=54
- if test $offer_ip = 1; then
- msg_len=28
- fi
- local reply=${src_mac}${server_mac}86dd0000000000${msg_len}1101${server_lla}${src_lla}
- # udp header and dhcpv6 header
- reply=${reply}0223022200${msg_len}ffff${reply_code}010203
- # Client identifier
- reply=${reply}0001000a00030001${src_mac}
- # IA-NA
- if test $offer_ip != 1; then
- reply=${reply}0003002801020304ffffffffffffffff00050018${offer_ip}ffffffffffffffff
- fi
- # Server identifier
- reply=${reply}0002000a00030001${server_mac}
- echo $reply | trim_zeros >> $inport.expected
- else
- for outport; do
- echo $request | trim_zeros >> $outport.expected
- done
- fi
-
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-AT_CAPTURE_FILE([ofctl_monitor0.log])
-as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-src_mac=f00000000001
-src_lla=fe80000000000000f20000fffe000001
-offer_ip=ae700000000000000000000000000004
-test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip
-
-# NXT_RESUMEs should be 1.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | trim_zeros > 1.packets
-# cat 1.expected | trim_zeros > expout
-cat 1.expected | cut -c -120 > expout
-AT_CHECK([cat 1.packets | cut -c -120], [0], [expout])
-# Skipping the UDP checksum
-cat 1.expected | cut -c 125- > expout
-AT_CHECK([cat 1.packets | cut -c 125-], [0], [expout])
-
-rm 1.expected
-
-# Send invalid packet on ls1-lp2. ovn-controller should resume the packet
-# without any modifications and the packet should be received by ls1-lp1.
-# ls1-lp1 will receive the packet twice, one from the ovn-controller after the
-# resume and the other from ovs-ofctl monitor resume.
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-
-src_mac=f00000000002
-src_lla=fe80000000000000f20000fffe000002
-offer_ip=ae700000000000000000000000000005
-# Set invalid msg_type
-
-test_dhcpv6 2 $src_mac $src_lla 10 0 1 1
-
-# NXT_RESUMEs should be 2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-# vif2-tx.pcap should not have received the DHCPv6 reply packet
-rm 2.packets
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap | trim_zeros > 2.packets
-AT_CHECK([cat 2.packets], [0], [])
-
-# vif1-tx.pcap should have received the DHCPv6 (invalid) request packet
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | trim_zeros > 1.packets
-cat 1.expected > expout
-AT_CHECK([cat 1.packets], [0], [expout])
-
-# Send DHCPv6 packet on ls2-lp1. native DHCPv6 is disabled on this port.
-# There should be no DHCPv6 reply from ovn-controller and the request packet
-# should be received by ls2-lp2.
-
-src_mac=f00000000003
-src_lla=fe80000000000000f20000fffe000003
-test_dhcpv6 3 $src_mac $src_lla 01 0 4
-
-# NXT_RESUMEs should be 2 only.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-# vif3-tx.pcap should not have received the DHCPv6 reply packet
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap | trim_zeros > 3.packets
-AT_CHECK([cat 3.packets], [0], [])
-
-# vif4-tx.pcap should have received the DHCPv6 request packet
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif4-tx.pcap | trim_zeros > 4.packets
-cat 4.expected > expout
-AT_CHECK([cat 4.packets], [0], [expout])
-
-# Send DHCPv6 packet on ls1-lp3. native DHCPv6 works as stateless mode for this port.
-# The DHCPv6 reply shouldn't contain offer_ip.
-src_mac=f00000000022
-src_lla=fe80000000000000f20000fffe000022
-reset_pcap_file hv1-vif5 hv1/vif5
-test_dhcpv6 5 $src_mac $src_lla 01 1 5
-
-# NXT_RESUMEs should be 3.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif5-tx.pcap | trim_zeros > 5.packets
-# Skipping the UDP checksum
-cat 5.expected | cut -c 1-120,125- > expout
-AT_CHECK([cat 5.packets | cut -c 1-120,125- ], [0], [expout])
-
-# Send DHCPv6 information request (code 11) on ls1-lp3. The DHCPv6 reply
-# shouldn't contain offer_ip
-src_mac=f00000000022
-src_lla=fe80000000000000f20000fffe000022
-reset_pcap_file hv1-vif5 hv1/vif5
-rm -f 5.expected
-test_dhcpv6 5 $src_mac $src_lla 0b 1 5
-
-# NXT_RESUMEs should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif5-tx.pcap |
-trim_zeros > 5.packets
-# Skipping the UDP checksum
-cat 5.expected | cut -c 1-120,125- > expout
-AT_CHECK([cat 5.packets | cut -c 1-120,125- ], [0], [expout])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 2 LRs connected via LS, gateway router])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24)
-# connected to it. R2 has alice (172.16.1.0/24) connected to it.
-# R2 is a gateway router.
-
-
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=alice1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-
-#install static routes
-ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
-ip_prefix=172.16.1.0/24 nexthop=20.0.0.2 -- add Logical_Router \
-R1 static_routes @lrt
-
-ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
-ip_prefix=192.168.1.0/24 nexthop=20.0.0.1 -- add Logical_Router \
-R2 static_routes @lrt
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port alice1 in alice
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 2
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and alice1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-ovn-sbctl list chassis
-ovn-sbctl list encap
-echo "---------------------"
-
-# Packet to Expect at alice1
-src_mac="000002010203"
-dst_mac="f00000010204"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
-
-
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
-
-echo "------ hv1 dump after packet 1 ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump after packet 1 ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-echo "----------------------------"
-
-echo $expected > expected
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Delete the router and re-create it. Things should work as before.
-ovn-nbctl lr-del R2
-ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-
-ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
-ip_prefix=192.168.1.0/24 nexthop=20.0.0.1 -- add Logical_Router \
-R2 static_routes @lrt
-
-# Wait for ovn-controller to catch up.
-sleep 1
-
-# Send the packet again.
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-echo "------ hv1 dump after packet 2 ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump after packet 2 ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-echo "----------------------------"
-
-echo $expected >> expected
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- icmp_reply: 1 HVs, 2 LSs, 1 lport/LS, 1 LR])
-AT_KEYWORDS([router-icmp-reply])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
-# and has switch ls2 (172.16.1.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:f1 192.168.1.1/24
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
- type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
-
-# Connect ls2 to R1
-ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:f2 172.16.1.1/24
-ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 \
- type=router options:router-port=ls2 addresses=\"00:00:00:01:02:f2\"
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.168.1.2"
-
-# Create logical port ls2-lp1 in ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "00:00:00:01:02:04 172.16.1.2"
-
-# Create one hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int vif1 -- \
- set interface vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif2 -- \
- set interface vif2 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=1
-
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-for i in 1 2; do
- : > vif$i.expected
-done
-# test_ipv4_icmp_request INPORT ETH_SRC ETH_DST IPV4_SRC IPV4_DST IP_CHKSUM ICMP_CHKSUM [EXP_IP_CHKSUM EXP_ICMP_CHKSUM]
-#
-# Causes a packet to be received on INPORT. The packet is an ICMPv4
-# request with ETH_SRC, ETH_DST, IPV4_SRC, IPV4_DST, IP_CHSUM and
-# ICMP_CHKSUM as specified. If EXP_IP_CHKSUM and EXP_ICMP_CHKSUM are
-# provided, then it should be the ip and icmp checksums of the packet
-# responded; otherwise, no reply is expected.
-# In the absence of an ip checksum calculation helpers, this relies
-# on the caller to provide the checksums for the ip and icmp headers.
-# XXX This should be more systematic.
-#
-# INPORT is an lport number, e.g. 11 for vif11.
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC and IPV4_DST are each 8 hex digits.
-# IP_CHSUM and ICMP_CHKSUM are each 4 hex digits.
-# EXP_IP_CHSUM and EXP_ICMP_CHKSUM are each 4 hex digits.
-test_ipv4_icmp_request() {
- local inport=$1 eth_src=$2 eth_dst=$3 ipv4_src=$4 ipv4_dst=$5 ip_chksum=$6 icmp_chksum=$7
- local exp_ip_chksum=$8 exp_icmp_chksum=$9
- shift; shift; shift; shift; shift; shift; shift
- shift; shift
-
- # Use ttl to exercise section 4.2.2.9 of RFC1812
- local ip_ttl=01
- local icmp_id=5fbf
- local icmp_seq=0001
- local icmp_data=$(seq 1 56 | xargs printf "%02x")
- local icmp_type_code_request=0800
- local icmp_payload=${icmp_type_code_request}${icmp_chksum}${icmp_id}${icmp_seq}${icmp_data}
- local packet=${eth_dst}${eth_src}08004500005400004000${ip_ttl}01${ip_chksum}${ipv4_src}${ipv4_dst}${icmp_payload}
-
- as hv1 ovs-appctl netdev-dummy/receive vif$inport $packet
- if test X$exp_icmp_chksum != X; then
- # Expect to receive the reply, if any. In same port where packet was sent.
- # Note: src and dst fields are expected to be reversed.
- local icmp_type_code_response=0000
- local reply_icmp_ttl=fe
- local reply_icmp_payload=${icmp_type_code_response}${exp_icmp_chksum}${icmp_id}${icmp_seq}${icmp_data}
- local reply=${eth_src}${eth_dst}08004500005400004000${reply_icmp_ttl}01${exp_ip_chksum}${ipv4_dst}${ipv4_src}${reply_icmp_payload}
- echo $reply >> vif$inport.expected
- fi
-}
-
-# Send ping packet to router's ip addresses, from each of the 2 logical ports.
-rtr_l1_ip=$(ip_to_hex 192 168 1 1)
-rtr_l2_ip=$(ip_to_hex 172 16 1 1)
-l1_ip=$(ip_to_hex 192 168 1 2)
-l2_ip=$(ip_to_hex 172 16 1 2)
-
-# Ping router ip address that is on same subnet as the logical port
-test_ipv4_icmp_request 1 000000010203 0000000102f1 $l1_ip $rtr_l1_ip 0000 8510 02ff 8d10
-test_ipv4_icmp_request 2 000000010204 0000000102f2 $l2_ip $rtr_l2_ip 0000 8510 02ff 8d10
-
-# Ping router ip address that is on the other side of the logical ports
-test_ipv4_icmp_request 1 000000010203 0000000102f1 $l1_ip $rtr_l2_ip 0000 8510 02ff 8d10
-test_ipv4_icmp_request 2 000000010204 0000000102f2 $l2_ip $rtr_l1_ip 0000 8510 02ff 8d10
-
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list logical_flow
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-# Now check the packets actually received against the ones expected.
-for inport in 1 2; do
- OVN_CHECK_PACKETS([hv1/vif${inport}-tx.pcap], [vif$inport.expected])
-done
-
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- policy-based routing: 1 HVs, 2 LSs, 1 lport/LS, 1 LR])
-AT_KEYWORDS([policy-based-routing])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
-# and has switch ls2 (172.16.1.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-ovn-nbctl ls-add ls3
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:f1 192.168.1.1/24
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
- type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
-
-# Connect ls2 to R1
-ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:f2 172.16.1.1/24
-ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 \
- type=router options:router-port=ls2 addresses=\"00:00:00:01:02:f2\"
-
-# Connect ls3 to R1
-ovn-nbctl lrp-add R1 ls3 00:00:00:01:02:f3 20.20.1.1/24
-ovn-nbctl lsp-add ls3 rp-ls3 -- set Logical_Switch_Port rp-ls3 \
- type=router options:router-port=ls3 addresses=\"00:00:00:01:02:f3\"
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.168.1.2"
-
-# Create logical port ls2-lp1 in ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "00:00:00:01:02:04 172.16.1.2"
-
-# Create logical port ls3-lp1 in ls3
-ovn-nbctl lsp-add ls3 ls3-lp1 \
--- lsp-set-addresses ls3-lp1 "00:00:00:01:02:05 20.20.1.2"
-
-# Create one hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add pbr-hv
-as pbr-hv
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-
-ovs-vsctl -- add-port br-int vif1 -- \
- set interface vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=pbr-hv/vif1-tx.pcap \
- options:rxq_pcap=pbr-hv/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif2 -- \
- set interface vif2 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=pbr-hv/vif2-tx.pcap \
- options:rxq_pcap=pbr-hv/vif2-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif3 -- \
- set interface vif3 external-ids:iface-id=ls3-lp1 \
- options:tx_pcap=pbr-hv/vif3-tx.pcap \
- options:rxq_pcap=pbr-hv/vif3-rx.pcap \
- ofport-request=1
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ls1_ro_mac=00:00:00:01:02:f1
-ls1_ro_ip=192.168.1.1
-
-ls2_ro_mac=00:00:00:01:02:f2
-ls2_ro_ip=172.16.1.1
-
-ls3_ro_mac=00:00:00:01:02:f3
-
-ls1_p1_mac=00:00:00:01:02:03
-ls1_p1_ip=192.168.1.2
-
-ls2_p1_mac=00:00:00:01:02:04
-ls2_p1_ip=172.16.1.2
-
-ls3_p1_mac=00:00:00:01:02:05
-
-# Create a drop policy
-ovn-nbctl lr-policy-add R1 10 "ip4.src==192.168.1.0/24 && ip4.dst==172.16.1.0/24" drop
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | grep "192.168.1.0" | wc -l], [0], [dnl
-1
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip4 && ip.ttl==64 && ip4.src==$ls1_p1_ip && ip4.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Check if packet hit the drop policy
-AT_CHECK([ovs-ofctl dump-flows br-int | \
- grep "nw_src=192.168.1.0/24,nw_dst=172.16.1.0/24 actions=drop" | \
- grep "priority=10" | \
- grep "n_packets=1" | wc -l], [0], [dnl
-1
-])
-
-# Expected to drop the packet.
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" pbr-hv/vif2-tx.pcap > vif2.packets
-rcvd_packet=`cat vif2.packets`
-AT_FAIL_IF([rcvd_packet = ""])
-
-# Override drop policy with allow
-ovn-nbctl lr-policy-add R1 20 "ip4.src==192.168.1.0/24 && ip4.dst==172.16.1.0/24" allow
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | grep "192.168.1.0" | wc -l], [0], [dnl
-2
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip4 && ip.ttl==64 && ip4.src==$ls1_p1_ip && ip4.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Check if packet hit the allow policy
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | \
- grep "192.168.1.0" | \
- grep "priority=20" | wc -l], [0], [dnl
-1
-])
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$ls2_ro_mac && eth.dst==$ls2_p1_mac &&
- ip4 && ip.ttl==63 && ip4.src==$ls1_p1_ip && ip4.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > expected
-
-OVN_CHECK_PACKETS([pbr-hv/vif2-tx.pcap], [expected])
-
-# Override allow policy with reroute
-ovn-nbctl lr-policy-add R1 30 "ip4.src==192.168.1.0/24 && ip4.dst==172.16.1.0/24" reroute 20.20.1.2
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | \
- grep "192.168.1.0" | \
- grep "priority=30" | wc -l], [0], [dnl
-1
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip4 && ip.ttl==64 && ip4.src==$ls1_p1_ip && ip4.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-echo "southbound flows"
-
-ovn-sbctl dump-flows | grep lr_in_policy
-echo "ovs flows"
-ovs-ofctl dump-flows br-int
-# Check if packet hit the allow policy
-AT_CHECK([ovs-ofctl dump-flows br-int | \
- grep "nw_src=192.168.1.0/24,nw_dst=172.16.1.0/24" | \
- grep "priority=30" | \
- grep "n_packets=1" | wc -l], [0], [dnl
-1
-])
-echo "packet hit reroute policy"
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$ls3_ro_mac && eth.dst==$ls3_p1_mac &&
- ip4 && ip.ttl==63 && ip4.src==$ls1_p1_ip && ip4.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > 3.expected
-
-OVN_CHECK_PACKETS([pbr-hv/vif3-tx.pcap], [3.expected])
-
-OVN_CLEANUP([pbr-hv])
-AT_CLEANUP
-
-AT_SETUP([ovn -- policy-based routing IPv6: 1 HVs, 3 LSs, 1 lport/LS, 1 LR])
-AT_KEYWORDS([policy-based-routing])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
-# and has switch ls2 (172.16.1.0/24) connected to it.
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-ovn-nbctl ls-add ls3
-
-# Connect ls1 to R1
-ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:f1 2001::1/64
-ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
- type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
-
-# Connect ls2 to R1
-ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:f2 2002::1/64
-ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 \
- type=router options:router-port=ls2 addresses=\"00:00:00:01:02:f2\"
-
-# Connect ls3 to R1
-ovn-nbctl lrp-add R1 ls3 00:00:00:01:02:f3 2003::1/64
-ovn-nbctl lsp-add ls3 rp-ls3 -- set Logical_Switch_Port rp-ls3 \
- type=router options:router-port=ls3 addresses=\"00:00:00:01:02:f3\"
-
-# Create logical port ls1-lp1 in ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 2001::2"
-
-# Create logical port ls2-lp1 in ls2
-ovn-nbctl lsp-add ls2 ls2-lp1 \
--- lsp-set-addresses ls2-lp1 "00:00:00:01:02:04 2002::2"
-
-# Create logical port ls3-lp1 in ls3
-ovn-nbctl lsp-add ls3 ls3-lp1 \
--- lsp-set-addresses ls3-lp1 "00:00:00:01:02:05 2003::2"
-
-# Create one hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add pbr-hv
-as pbr-hv
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-
-ovs-vsctl -- add-port br-int vif1 -- \
- set interface vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=pbr-hv/vif1-tx.pcap \
- options:rxq_pcap=pbr-hv/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif2 -- \
- set interface vif2 external-ids:iface-id=ls2-lp1 \
- options:tx_pcap=pbr-hv/vif2-tx.pcap \
- options:rxq_pcap=pbr-hv/vif2-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int vif3 -- \
- set interface vif3 external-ids:iface-id=ls3-lp1 \
- options:tx_pcap=pbr-hv/vif3-tx.pcap \
- options:rxq_pcap=pbr-hv/vif3-rx.pcap \
- ofport-request=1
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ls1_ro_mac=00:00:00:01:02:f1
-ls1_ro_ip=2001::1
-
-ls2_ro_mac=00:00:00:01:02:f2
-ls2_ro_ip=2002::1
-
-ls3_ro_mac=00:00:00:01:02:f3
-
-ls1_p1_mac=00:00:00:01:02:03
-ls1_p1_ip=2001::2
-
-ls2_p1_mac=00:00:00:01:02:04
-ls2_p1_ip=2002::2
-
-ls3_p1_mac=00:00:00:01:02:05
-
-# Create a drop policy
-ovn-nbctl lr-policy-add R1 10 "ip6.src==2001::/64 && ip6.dst==2002::/64" drop
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | grep "2001" | wc -l], [0], [dnl
-1
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip6 && ip.ttl==64 && ip6.src==$ls1_p1_ip && ip6.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Check if packet hit the drop policy
-AT_CHECK([ovs-ofctl dump-flows br-int | \
- grep "ipv6_src=2001::/64,ipv6_dst=2002::/64 actions=drop" | \
- grep "priority=10" | \
- grep "n_packets=1" | wc -l], [0], [dnl
-1
-])
-
-# Expected to drop the packet.
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" pbr-hv/vif2-tx.pcap > vif2.packets
-rcvd_packet=`cat vif2.packets`
-AT_FAIL_IF([rcvd_packet = ""])
-
-# Override drop policy with allow
-ovn-nbctl lr-policy-add R1 20 "ip6.src==2001::/64 && ip6.dst==2002::/64" allow
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | grep "2001" | wc -l], [0], [dnl
-2
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip6 && ip.ttl==64 && ip6.src==$ls1_p1_ip && ip6.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Check if packet hit the allow policy
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | \
- grep "2001" | \
- grep "priority=20" | wc -l], [0], [dnl
-1
-])
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$ls2_ro_mac && eth.dst==$ls2_p1_mac &&
- ip6 && ip.ttl==63 && ip6.src==$ls1_p1_ip && ip6.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > expected
-
-OVN_CHECK_PACKETS([pbr-hv/vif2-tx.pcap], [expected])
-
-# Override allow policy with reroute
-ovn-nbctl lr-policy-add R1 30 "ip6.src==2001::/64 && ip6.dst==2002::/64" reroute 2003::2
-
-# Check logical flow
-AT_CHECK([ovn-sbctl dump-flows | grep lr_in_policy | \
- grep "2001" | \
- grep "priority=30" | wc -l], [0], [dnl
-1
-])
-
-# Send packet.
-packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$ls1_ro_mac &&
- ip6 && ip.ttl==64 && ip6.src==$ls1_p1_ip && ip6.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-as pbr-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-echo "southbound flows"
-
-ovn-sbctl dump-flows | grep lr_in_policy
-echo "ovs flows"
-ovs-ofctl dump-flows br-int
-# Check if packet hit the allow policy
-AT_CHECK([ovs-ofctl dump-flows br-int | \
- grep "ipv6_src=2001::/64,ipv6_dst=2002::/64" | \
- grep "priority=30" | \
- grep "n_packets=1" | wc -l], [0], [dnl
-1
-])
-echo "packet hit reroute policy"
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$ls3_ro_mac && eth.dst==$ls3_p1_mac &&
- ip6 && ip.ttl==63 && ip6.src==$ls1_p1_ip && ip6.dst==$ls2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > 3.expected
-
-OVN_CHECK_PACKETS([pbr-hv/vif3-tx.pcap], [3.expected])
-
-OVN_CLEANUP([pbr-hv])
-AT_CLEANUP
-
-# 1 hypervisor, 1 port
-# make sure that the port state is properly set to up and back down
-# when created and deleted.
-AT_SETUP([ovn -- port state up and down])
-ovn_start
-
-ovn-nbctl ls-add ls1
-ovn-nbctl lsp-add ls1 lp1
-ovn-nbctl lsp-set-addresses lp1 unknown
-
-net_add n1
-sim_add hv1
-as hv1 ovs-vsctl add-br br-phys
-as hv1 ovn_attach n1 br-phys 192.168.0.1
-
-as hv1 ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xup])
-
-as hv1 ovs-vsctl del-port br-int vif1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xdown])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-# 1 hypervisor, 1 port
-# make sure that the OF rules created to support a datapath are added/cleared
-# when logical switch is created and removed.
-AT_SETUP([ovn -- datapath rules added/removed])
-AT_KEYWORDS([cleanup])
-ovn_start
-
-net_add n1
-sim_add hv1
-as hv1 ovs-vsctl add-br br-phys
-as hv1 ovn_attach n1 br-phys 192.168.0.1
-
-# This shell function checks if OF rules in br-int have clauses
-# related to OVN datapaths. The caller determines if it should find
-# a match in the output, or not.
-#
-# EXPECT_DATAPATH param determines whether flows that refer to
-# datapath to should be present or not. 0 means
-# they should not be.
-# STAGE_INFO param is a simple string to help identify the stage
-# in the test when this function was invoked.
-test_datapath_in_of_rules() {
- local expect_datapath=$1 stage_info=$2
- echo "------ ovn-nbctl show ${stage_info} ------"
- ovn-nbctl show
- echo "------ ovn-sbctl show ${stage_info} ------"
- ovn-sbctl show
- echo "------ OF rules ${stage_info} ------"
- AT_CHECK([ovs-ofctl dump-flows br-int], [0], [stdout])
- # if there is a datapath mentioned in the output, check for the
- # magic keyword that represents one, based on the exit status of
- # a quiet grep
- if test $expect_datapath != 0; then
- AT_CHECK([grep -q -i 'metadata=' stdout], [0], [ignore-nolog])
- else
- AT_CHECK([grep -q -i 'metadata=' stdout], [1], [ignore-nolog])
- fi
-}
-
-test_datapath_in_of_rules 0 "before ls+port create"
-
-ovn-nbctl ls-add ls1
-ovn-nbctl lsp-add ls1 lp1
-ovn-nbctl lsp-set-addresses lp1 unknown
-
-as hv1 ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xup])
-
-test_datapath_in_of_rules 1 "after port is bound"
-
-as hv1 ovs-vsctl del-port br-int vif1
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xdown])
-
-ovn-nbctl lsp-set-addresses lp1
-ovn-nbctl lsp-del lp1
-ovn-nbctl ls-del ls1
-
-# wait for earlier changes to take effect
-AT_CHECK([ovn-nbctl --timeout=3 --wait=sb sync], [0], [ignore])
-
-# ensure OF rules are no longer present. There used to be a bug here.
-test_datapath_in_of_rules 0 "after lport+ls removal"
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- nd_na ])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-#TODO: since patch port for IPv6 logical router port is not ready not,
-# so we are not going to test vifs on different lswitches cases. Try
-# to update for that once relevant stuff implemented.
-
-# In this test cases we create 1 lswitch, it has 2 VIF ports attached
-# with. NS packet we test, from one VIF for another VIF, will be replied
-# by local ovn-controller, but not by target VIF.
-
-# Create hypervisors and logical switch lsw0.
-ovn-nbctl ls-add lsw0
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-# Add vif1 to hv1 and lsw0, turn on l2 port security on vif1.
-ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
-ovn-nbctl lsp-add lsw0 lp1
-ovn-nbctl lsp-set-addresses lp1 "fa:16:3e:94:05:98 192.168.0.3 fd81:ce49:a948:0:f816:3eff:fe94:598"
-ovn-nbctl lsp-set-port-security lp1 "fa:16:3e:94:05:98 192.168.0.3 fd81:ce49:a948:0:f816:3eff:fe94:598"
-
-# Add vif2 to hv1 and lsw0, turn on l2 port security on vif2.
-ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv1/vif2-tx.pcap options:rxq_pcap=hv1/vif2-rx.pcap ofport-request=2
-ovn-nbctl lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp2 "fa:16:3e:a1:f9:ae 192.168.0.4 fd81:ce49:a948:0:f816:3eff:fea1:f9ae"
-ovn-nbctl lsp-set-port-security lp2 "fa:16:3e:a1:f9:ae 192.168.0.4 fd81:ce49:a948:0:f816:3eff:fea1:f9ae"
-
-# Add ACL rule for ICMPv6 on lsw0
-ovn-nbctl acl-add lsw0 from-lport 1002 'ip6 && icmp6' allow-related
-ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp1" && ip6 && icmp6' allow-related
-ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip6 && icmp6' allow-related
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv1${1%?}
-}
-for i in 1 2; do
- : > $i.expected
-done
-
-# Complete Neighbor Solicitation packet and Neighbor Advertisement packet
-# vif1 -> NS -> vif2. vif1 <- NA <- ovn-controller.
-# vif2 will not receive NS packet, since ovn-controller will reply for it.
-ns_packet=3333ffa1f9aefa163e94059886dd6000000000203afffd81ce49a9480000f8163efffe940598fd81ce49a9480000f8163efffea1f9ae8700e01160000000fd81ce49a9480000f8163efffea1f9ae0101fa163e940598
-na_packet=fa163e940598fa163ea1f9ae86dd6000000000203afffd81ce49a9480000f8163efffea1f9aefd81ce49a9480000f8163efffe9405988800e9ed60000000fd81ce49a9480000f8163efffea1f9ae0201fa163ea1f9ae
-
-as hv1 ovs-appctl netdev-dummy/receive vif1 $ns_packet
-echo $na_packet >> 1.expected
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-ofctl -O OpenFlow13 show br-int
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-
-for i in 1 2; do
- OVN_CHECK_PACKETS([hv1/vif$i-tx.pcap], [$i.expected])
-done
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- address sets modification/removal smoke test])
-ovn_start
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-
-row=`ovn-nbctl create Address_Set name=set1 addresses=\"1.1.1.1\"`
-ovn-nbctl set Address_Set $row name=set1 addresses=\"1.1.1.1,1.1.1.2\"
-ovn-nbctl destroy Address_Set $row
-
-sleep 1
-
-# A bug previously existed in the address set support code
-# that caused ovn-controller to crash after an address set
-# was updated and then removed. This test case ensures
-# that ovn-controller is at least still running after
-# creating, updating, and deleting an address set.
-AT_CHECK([ovs-appctl -t ovn-controller version], [0], [ignore])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ipam])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Add a port to a switch that does not have a subnet set, then set the
-# subnet which should result in an address being allocated for the port.
-ovn-nbctl --wait=hv set NB_Global . options:mac_prefix="0a:00:00:00:00:00"
-ovn-nbctl ls-add sw0
-ovn-nbctl lsp-add sw0 p0 -- lsp-set-addresses p0 dynamic
-ovn-nbctl --wait=sb add Logical-Switch sw0 other_config subnet=192.168.1.0/24
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p0 dynamic_addresses], [0],
- ["0a:00:00:a8:01:03 192.168.1.2"
-])
-
-# Add 9 more ports to sw0, addresses should all be unique.
-for n in `seq 1 9`; do
- ovn-nbctl --wait=sb lsp-add sw0 "p$n" -- lsp-set-addresses "p$n" dynamic
-done
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p1 dynamic_addresses], [0],
- ["0a:00:00:a8:01:04 192.168.1.3"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p2 dynamic_addresses], [0],
- ["0a:00:00:a8:01:05 192.168.1.4"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p3 dynamic_addresses], [0],
- ["0a:00:00:a8:01:06 192.168.1.5"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p4 dynamic_addresses], [0],
- ["0a:00:00:a8:01:07 192.168.1.6"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p5 dynamic_addresses], [0],
- ["0a:00:00:a8:01:08 192.168.1.7"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p6 dynamic_addresses], [0],
- ["0a:00:00:a8:01:09 192.168.1.8"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p7 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0a 192.168.1.9"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p8 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0b 192.168.1.10"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p9 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0c 192.168.1.11"
-])
-
-# Trying similar tests with a second switch. MAC addresses should be unique
-# across both switches but IP's only need to be unique within the same switch.
-ovn-nbctl ls-add sw1
-ovn-nbctl lsp-add sw1 p10 -- lsp-set-addresses p10 dynamic
-ovn-nbctl --wait=sb add Logical-Switch sw1 other_config subnet=192.168.1.0/24
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p10 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0d 192.168.1.2"
-])
-
-for n in `seq 11 19`; do
- ovn-nbctl --wait=sb lsp-add sw1 "p$n" -- lsp-set-addresses "p$n" dynamic
-done
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p11 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0e 192.168.1.3"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p12 dynamic_addresses], [0],
- ["0a:00:00:a8:01:0f 192.168.1.4"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p13 dynamic_addresses], [0],
- ["0a:00:00:a8:01:10 192.168.1.5"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p14 dynamic_addresses], [0],
- ["0a:00:00:a8:01:11 192.168.1.6"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p15 dynamic_addresses], [0],
- ["0a:00:00:a8:01:12 192.168.1.7"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p16 dynamic_addresses], [0],
- ["0a:00:00:a8:01:13 192.168.1.8"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p17 dynamic_addresses], [0],
- ["0a:00:00:a8:01:14 192.168.1.9"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p18 dynamic_addresses], [0],
- ["0a:00:00:a8:01:15 192.168.1.10"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p19 dynamic_addresses], [0],
- ["0a:00:00:a8:01:16 192.168.1.11"
-])
-
-# Change a port's address to test for multiple ip's for a single address entry
-# and addresses set by the user.
-ovn-nbctl lsp-set-addresses p0 "0a:00:00:a8:01:17 192.168.1.2 192.168.1.12 192.168.1.14"
-ovn-nbctl --wait=sb lsp-add sw0 p20 -- lsp-set-addresses p20 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p20 dynamic_addresses], [0],
- ["0a:00:00:a8:01:18 192.168.1.13"
-])
-
-# Test for logical router port address management.
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl -- --id=@lrp create Logical_Router_port name=sw0 \
-network="192.168.1.1/24" mac=\"0a:00:00:a8:01:19\" \
--- add Logical_Router R1 ports @lrp -- lsp-add sw0 rp-sw0 \
--- set Logical_Switch_Port rp-sw0 type=router options:router-port=sw0
-ovn-nbctl --wait=sb lsp-add sw0 p21 -- lsp-set-addresses p21 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p21 dynamic_addresses], [0],
- ["0a:00:00:a8:01:1a 192.168.1.15"
-])
-
-# Test for address reuse after logical port is deleted.
-ovn-nbctl lsp-del p0
-ovn-nbctl --wait=sb lsp-add sw0 p23 -- lsp-set-addresses p23 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p23 dynamic_addresses], [0],
- ["0a:00:00:a8:01:03 192.168.1.2"
-])
-
-# Test for multiple addresses to one logical port.
-ovn-nbctl lsp-add sw0 p25 -- lsp-set-addresses p25 \
-"0a:00:00:a8:01:1b 192.168.1.12" "0a:00:00:a8:01:1c 192.168.1.14"
-ovn-nbctl --wait=sb lsp-add sw0 p26 -- lsp-set-addresses p26 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p26 dynamic_addresses], [0],
- ["0a:00:00:a8:01:17 192.168.1.16"
-])
-
-# Test for exhausting subnet address space.
-ovn-nbctl ls-add sw2 -- add Logical-Switch sw2 other_config subnet=172.16.1.0/30
-ovn-nbctl --wait=sb lsp-add sw2 p27 -- lsp-set-addresses p27 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p27 dynamic_addresses], [0],
- ["0a:00:00:10:01:03 172.16.1.2"
-])
-
-ovn-nbctl --wait=sb lsp-add sw2 p28 -- lsp-set-addresses p28 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p28 dynamic_addresses], [0],
- ["0a:00:00:00:00:01"
-])
-
-# Test that address management does not add duplicate MAC for lsp/lrp peers.
-ovn-nbctl create Logical_Router name=R2
-ovn-nbctl ls-add sw3
-ovn-nbctl lsp-add sw3 p29 -- lsp-set-addresses p29 \
-"0a:00:00:a8:01:18"
-ovn-nbctl -- --id=@lrp create Logical_Router_port name=sw3 \
-network="192.168.2.1/24" mac=\"0a:00:00:a8:01:18\" \
--- add Logical_Router R2 ports @lrp -- lsp-add sw3 rp-sw3 \
--- set Logical_Switch_Port rp-sw3 type=router options:router-port=sw3
-ovn-nbctl --wait=sb lsp-add sw0 p30 -- lsp-set-addresses p30 dynamic
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p30 dynamic_addresses], [0],
- ["0a:00:00:a8:01:1d 192.168.1.17"
-])
-
-# Test static MAC address with dynamically allocated IP
-ovn-nbctl --wait=sb lsp-add sw0 p31 -- lsp-set-addresses p31 \
-"fe:dc:ba:98:76:54 dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p31 dynamic_addresses], [0],
- ["fe:dc:ba:98:76:54 192.168.1.18"
-])
-
-# Update the static MAC address with dynamically allocated IP and check
-# if the MAC address is updated in 'Logical_Switch_Port.dynamic_adddresses'
-ovn-nbctl --wait=sb lsp-set-addresses p31 "fe:dc:ba:98:76:55 dynamic"
-
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p31 dynamic_addresses], [0],
- ["fe:dc:ba:98:76:55 192.168.1.18"
-])
-
-ovn-nbctl --wait=sb lsp-set-addresses p31 "dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p31 dynamic_addresses], [0],
- ["0a:00:00:a8:01:1e 192.168.1.18"
-])
-
-ovn-nbctl --wait=sb lsp-set-addresses p31 "fe:dc:ba:98:76:56 dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p31 dynamic_addresses], [0],
- ["fe:dc:ba:98:76:56 192.168.1.18"
-])
-
-
-# Test the exclude_ips from the IPAM list
-ovn-nbctl --wait=sb set logical_switch sw0 \
-other_config:exclude_ips="192.168.1.19 192.168.1.21 192.168.1.23..192.168.1.50"
-
-ovn-nbctl --wait=sb lsp-add sw0 p32 -- lsp-set-addresses p32 \
-"dynamic"
-# 192.168.1.20 should be assigned as 192.168.1.19 is excluded.
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p32 dynamic_addresses], [0],
- ["0a:00:00:a8:01:1e 192.168.1.20"
-])
-
-ovn-nbctl --wait=sb lsp-add sw0 p33 -- lsp-set-addresses p33 \
-"dynamic"
-# 192.168.1.22 should be assigned as 192.168.1.21 is excluded.
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p33 dynamic_addresses], [0],
- ["0a:00:00:a8:01:1f 192.168.1.22"
-])
-
-ovn-nbctl --wait=sb lsp-add sw0 p34 -- lsp-set-addresses p34 \
-"dynamic"
-# 192.168.1.51 should be assigned as 192.168.1.23-192.168.1.50 is excluded.
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p34 dynamic_addresses], [0],
- ["0a:00:00:a8:01:34 192.168.1.51"
-])
-
-# Now clear the exclude_ips list. 192.168.1.19 should be assigned.
-ovn-nbctl --wait=sb set Logical-switch sw0 other_config:exclude_ips="invalid"
-ovn-nbctl --wait=sb lsp-add sw0 p35 -- lsp-set-addresses p35 \
-"dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p35 dynamic_addresses], [0],
- ["0a:00:00:a8:01:20 192.168.1.19"
-])
-
-# Set invalid data in exclude_ips list. It should be ignored.
-ovn-nbctl --wait=sb set Logical-switch sw0 other_config:exclude_ips="182.168.1.30"
-ovn-nbctl --wait=sb lsp-add sw0 p36 -- lsp-set-addresses p36 \
-"dynamic"
-# 192.168.1.21 should be assigned as that's the next free one.
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p36 dynamic_addresses], [0],
- ["0a:00:00:a8:01:21 192.168.1.21"
-])
-
-# Clear the dynamic addresses assignment request.
-ovn-nbctl --wait=sb clear logical_switch_port p36 addresses
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p36 dynamic_addresses], [0],
- [[[]]
-])
-
-# Set IPv6 prefix
-ovn-nbctl --wait=sb set Logical-switch sw0 other_config:ipv6_prefix="aef0::"
-ovn-nbctl --wait=sb lsp-add sw0 p37 -- lsp-set-addresses p37 \
-"dynamic"
-
-# With prefix aef0 and mac 0a:00:00:00:00:26, the dynamic IPv6 should be
-# - aef0::800:ff:fe00:26 (EUI64)
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p37 dynamic_addresses], [0],
- ["0a:00:00:a8:01:21 192.168.1.21 aef0::800:ff:fea8:121"
-])
-
-ovn-nbctl --wait=sb ls-add sw4
-ovn-nbctl --wait=sb set Logical-switch sw4 other_config:ipv6_prefix="bef0::" \
--- set Logical-switch sw4 other_config:subnet=192.168.2.0/30
-ovn-nbctl --wait=sb lsp-add sw4 p38 -- lsp-set-addresses p38 \
-"dynamic"
-
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p38 dynamic_addresses], [0],
- ["0a:00:00:a8:02:03 192.168.2.2 bef0::800:ff:fea8:203"
-])
-
-ovn-nbctl --wait=sb lsp-add sw4 p39 -- lsp-set-addresses p39 \
-"f0:00:00:00:10:12 dynamic"
-
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p39 dynamic_addresses], [0],
- ["f0:00:00:00:10:12 bef0::f200:ff:fe00:1012"
-])
-
-# Test the case where IPv4 addresses are exhausted and IPv6 prefix is set
-# p40 should not have an IPv4 address since the pool is exhausted
-ovn-nbctl --wait=sb lsp-add sw4 p40 -- lsp-set-addresses p40 \
-"dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p40 dynamic_addresses], [0],
- ["0a:00:00:00:00:02 bef0::800:ff:fe00:2"
-])
-
-# Test dynamic changes on switch ports.
-#
-ovn-nbctl --wait=sb ls-add sw5
-ovn-nbctl --wait=sb lsp-add sw5 p41 -- lsp-set-addresses p41 \
-"dynamic"
-# p41 will start with nothing
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- [[[]]
-])
-
-# Set a subnet. Now p41 should have an ipv4 address, too
-ovn-nbctl --wait=sb add Logical-Switch sw5 other_config subnet=192.168.1.0/24
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["0a:00:00:a8:01:22 192.168.1.2"
-])
-
-# Clear the other_config. The IPv4 address should be gone
-ovn-nbctl --wait=sb clear Logical-Switch sw5 other_config
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- [[[]]
-])
-
-# Set an IPv6 prefix. Now p41 should have an IPv6 address.
-ovn-nbctl --wait=sb set Logical-Switch sw5 other_config:ipv6_prefix="aef0::"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["0a:00:00:00:00:03 aef0::800:ff:fe00:3"
-])
-
-# Change the MAC address to a static one. The IPv6 address should update.
-ovn-nbctl --wait=sb lsp-set-addresses p41 "f0:00:00:00:10:2b dynamic"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["f0:00:00:00:10:2b aef0::f200:ff:fe00:102b"
-])
-
-# Change the IPv6 prefix. The IPv6 address should update.
-ovn-nbctl --wait=sb set Logical-Switch sw5 other_config:ipv6_prefix="bef0::"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["f0:00:00:00:10:2b bef0::f200:ff:fe00:102b"
-])
-
-# Clear the other_config. The IPv6 address should be gone
-ovn-nbctl --wait=sb clear Logical-Switch sw5 other_config
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- [[[]]
-])
-
-# Set the subnet again. Now p41 should get the IPv4 address again.
-ovn-nbctl --wait=sb add Logical-Switch sw5 other_config subnet=192.168.1.0/24
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["f0:00:00:00:10:2b 192.168.1.2"
-])
-
-# Add an excluded IP address that conflicts with p41. p41 should update.
-ovn-nbctl --wait=sb add Logical-Switch sw5 other_config \
-exclude_ips="192.168.1.2"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["f0:00:00:00:10:2b 192.168.1.3"
-])
-
-# Add static ip address
-ovn-nbctl --wait=sb lsp-set-addresses p41 "dynamic 192.168.1.100"
-ovn-nbctl list Logical-Switch-Port p41
-ovn-nbctl --wait=sb lsp-add sw5 p42 -- lsp-set-addresses p42 \
-"dynamic 192.168.1.101"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p41 dynamic_addresses], [0],
- ["0a:00:00:a8:01:65 192.168.1.100"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p42 dynamic_addresses], [0],
- ["0a:00:00:a8:01:66 192.168.1.101"
-])
-
-# define a mac address prefix
-ovn-nbctl ls-add sw6
-ovn-nbctl --wait=hv set NB_Global . options:mac_prefix="00:11:22:33:44:55"
-ovn-nbctl --wait=sb set Logical-Switch sw6 other_config:subnet=192.168.100.0/24
-for n in $(seq 1 3); do
- ovn-nbctl --wait=sb lsp-add sw6 "p5$n" -- lsp-set-addresses "p5$n" dynamic
-done
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p51 dynamic_addresses], [0],
- ["00:11:22:a8:64:03 192.168.100.2"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p52 dynamic_addresses], [0],
- ["00:11:22:a8:64:04 192.168.100.3"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p53 dynamic_addresses], [0],
- ["00:11:22:a8:64:05 192.168.100.4"
-])
-
-# verify configuration order does not break IPAM/MACAM
-ovn-nbctl ls-add sw7
-for n in $(seq 1 3); do
- ovn-nbctl --wait=sb lsp-add sw7 "p7$n" -- lsp-set-addresses "p7$n" dynamic
-done
-ovn-nbctl --wait=sb set Logical-Switch sw7 other_config:ipv6_prefix="bef0::"
-p71_addr=$(ovn-nbctl get Logical-Switch-Port p71 dynamic_addresses)
-p72_addr=$(ovn-nbctl get Logical-Switch-Port p72 dynamic_addresses)
-p73_addr=$(ovn-nbctl get Logical-Switch-Port p73 dynamic_addresses)
-AT_CHECK([test "$p71_addr" != "$p72_addr"], [0], [])
-AT_CHECK([test "$p71_addr" != "$p73_addr"], [0], [])
-AT_CHECK([test "$p72_addr" != "$p73_addr"], [0], [])
-
-# request to assign mac only
-#
-ovn-nbctl ls-add sw8
-ovn-nbctl --wait=sb set Logical-Switch sw8 other_config:mac_only=true
-for n in $(seq 1 3); do
- ovn-nbctl --wait=sb lsp-add sw8 "p8$n" -- lsp-set-addresses "p8$n" dynamic
-done
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p81 dynamic_addresses], [0],
- ["00:11:22:00:00:06"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p82 dynamic_addresses], [0],
- ["00:11:22:00:00:07"
-])
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p83 dynamic_addresses], [0],
- ["00:11:22:00:00:08"
-])
-
-# clear mac_prefix and check it is allocated in a random manner
-ovn-nbctl --wait=hv remove NB_Global . options mac_prefix
-ovn-nbctl ls-add sw9
-ovn-nbctl --wait=sb set Logical-Switch sw9 other_config:mac_only=true
-ovn-nbctl --wait=sb lsp-add sw9 p91 -- lsp-set-addresses p91 dynamic
-
-mac_prefix=$(ovn-nbctl --wait=sb get NB_Global . options:mac_prefix | tr -d \")
-port_addr=$(ovn-nbctl get Logical-Switch-Port p91 dynamic_addresses | tr -d \")
-AT_CHECK([test "$port_addr" = "${mac_prefix}:00:00:09"], [0], [])
-
-ovn-nbctl --wait=hv set NB_Global . options:mac_prefix="00:11:22"
-ovn-nbctl ls-add sw10
-ovn-nbctl --wait=sb set Logical-Switch sw10 other_config:ipv6_prefix="ae01::"
-ovn-nbctl --wait=sb lsp-add sw10 p101 -- lsp-set-addresses p101 "dynamic ae01::1"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p101 dynamic_addresses], [0],
- ["00:11:22:00:00:0a ae01::1"
-])
-
-ovn-nbctl --wait=sb set Logical-Switch sw10 other_config:subnet=192.168.110.0/24
-ovn-nbctl --wait=sb lsp-add sw10 p102 -- lsp-set-addresses p102 "dynamic 192.168.110.10 ae01::2"
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p102 dynamic_addresses], [0],
- ["00:11:22:a8:6e:0b 192.168.110.10 ae01::2"
-])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as northd-backup
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ipam connectivity])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl lr-add R1
-
-# Test for a ping using dynamically allocated addresses.
-ovn-nbctl --wait=hv set NB_Global . options:mac_prefix="0a:00:00:00:00:00"
-ovn-nbctl ls-add foo -- add Logical_Switch foo other_config subnet=192.168.1.0/24
-ovn-nbctl ls-add alice -- add Logical_Switch alice other_config subnet=192.168.2.0/24
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo \
- -- lsp-set-addresses rp-foo router
-
-# Connect alice to R1
-ovn-nbctl lrp-add R1 alice 00:00:00:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice type=router \
- options:router-port=alice addresses=\"00:00:00:01:02:04\"
-
-# Create logical port foo1 in foo
-ovn-nbctl --wait=sb lsp-add foo foo1 \
--- lsp-set-addresses foo1 "dynamic"
-AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port foo1 dynamic_addresses='"0a:00:00:a8:01:03 192.168.1.2"'], [0])
-
-# Create logical port alice1 in alice
-ovn-nbctl --wait=sb lsp-add alice alice1 \
--- lsp-set-addresses alice1 "dynamic"
-AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port alice1 dynamic_addresses='"0a:00:00:a8:02:03 192.168.2.2"'])
-
-# Create logical port foo2 in foo
-ovn-nbctl --wait=sb lsp-add foo foo2 \
--- lsp-set-addresses foo2 "dynamic"
-AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port foo2 dynamic_addresses='"0a:00:00:a8:01:04 192.168.1.3"'])
-
-# Create a hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=foo2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-ovs-vsctl -- add-port br-int hv1-vif3 -- \
- set interface hv1-vif3 external-ids:iface-id=alice1 \
- options:tx_pcap=hv1/vif3-tx.pcap \
- options:rxq_pcap=hv1/vif3-rx.pcap \
- ofport-request=3
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and foo2
-src_mac="0a0000a80103"
-dst_mac="0a0000a80104"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 1 3`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-# Send ip packets between foo1 and alice1
-src_mac="0a0000a80103"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-
-# Packet to Expect at foo2
-src_mac="0a0000a80103"
-dst_mac="0a0000a80104"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 1 3`
-expected=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > received1.packets
-echo $expected > expout
-AT_CHECK([cat received1.packets], [0], [expout])
-
-# Packet to Expect at alice1
-src_mac="000000010204"
-dst_mac="0a0000a80203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap > received2.packets
-echo $expected > expout
-AT_CHECK([cat received2.packets], [0], [expout])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ovs-vswitchd restart])
-AT_KEYWORDS([vswitchd])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-net_add n1
-sim_add hv1
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-OVN_POPULATE_ARP
-sleep 2
-
-as hv1 ovs-vsctl show
-
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl dump-flows br-int
-total_flows=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
-
-echo "Total flows before vswitchd restart = " $total_flows
-
-# Code taken from ovs-save utility
-save_flows () {
- echo "ovs-ofctl add-flows br-int - << EOF" > restore_flows.sh
- as hv1 ovs-ofctl dump-flows "br-int" | sed -e '/NXST_FLOW/d' \
- -e 's/\(idle\|hard\)_age=[^,]*,//g' >> restore_flows.sh
- echo "EOF" >> restore_flows.sh
-}
-
-restart_vswitchd () {
- restore_flows=$1
-
- if test $restore_flows = true; then
- save_flows
- fi
-
- as hv1
- OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
-
- if test $restore_flows = true; then
- as hv1
- ovs-vsctl --no-wait set open_vswitch . other_config:flow-restore-wait="true"
- fi
-
- as hv1
- start_daemon ovs-vswitchd --enable-dummy=system -vvconn -vofproto_dpif -vunixctl
- ovs-ofctl dump-flows br-int
-
- if test $restore_flows = true; then
- sh ./restore_flows.sh
- echo "Flows after restore"
- as hv1
- ovs-ofctl dump-flows br-int
- ovs-vsctl --no-wait --if-exists remove open_vswitch . other_config \
- flow-restore-wait="true"
- fi
-}
-
-# Save the flows, restart vswitchd and restore the flows
-restart_vswitchd true
-OVS_WAIT_UNTIL([
- total_flows_after_restart=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
- echo "Total flows after vswitchd restart = " $total_flows_after_restart
- test "${total_flows}" = "${total_flows_after_restart}"
-])
-
-# Restart vswitchd without restoring
-restart_vswitchd false
-OVS_WAIT_UNTIL([
- total_flows_after_restart=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
- echo "Total flows after vswitchd restart = " $total_flows_after_restart
- test "${total_flows}" = "${total_flows_after_restart}"
-])
-
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- send arp for nexthop])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Topology: Two LSs - ls1 and ls2 are connected via router r0
-
-# Create logical switches
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-
-# Create router
-ovn-nbctl create Logical_Router name=lr0
-
-# Add router ls1p1 port to gateway router
-ovn-nbctl lrp-add lr0 lrp-ls1lp1 f0:00:00:00:00:01 192.168.0.1/24
-ovn-nbctl lsp-add ls1 ls1lp1 -- set Logical_Switch_Port ls1lp1 \
- type=router options:router-port=lrp-ls1lp1 \
- addresses='"f0:00:00:00:00:01 192.168.0.1"'
-
-# Add router ls2p2 port to gateway router
-ovn-nbctl lrp-add lr0 lrp-ls2lp1 f0:00:00:00:00:02 192.168.1.1/24
-ovn-nbctl lsp-add ls2 ls2lp1 -- set Logical_Switch_Port ls2lp1 \
- type=router options:router-port=lrp-ls2lp1 \
- addresses='"f0:00:00:00:00:02 192.168.1.1"'
-
-# Set default gateway (nexthop) to 192.168.1.254
-ovn-nbctl lr-route-add lr0 "0.0.0.0/0" 192.168.1.254 lrp-ls2lp1
-
-# Create logical port ls1lp2 in ls1
-ovn-nbctl lsp-add ls1 ls1lp2 \
--- lsp-set-addresses ls1lp2 "f0:00:00:00:00:03 192.168.0.2"
-
-# Create logical port ls2lp2 in ls2
-ovn-nbctl lsp-add ls2 ls2lp2 \
--- lsp-set-addresses ls2lp2 "f0:00:00:00:00:04 192.168.1.10"
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-ls1lp2 -- \
- set interface hv1-ls1lp2 external-ids:iface-id=ls1lp2 \
- options:tx_pcap=hv1/ls1lp2-tx.pcap \
- options:rxq_pcap=hv1/ls1lp2-rx.pcap \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv1-ls2lp2 -- \
- set interface hv1-ls2lp2 external-ids:iface-id=ls2lp2 \
- options:tx_pcap=hv1/ls2lp2-tx.pcap \
- options:rxq_pcap=hv1/ls2lp2-rx.pcap \
- ofport-request=2
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-ovn-sbctl list chassis
-ovn-sbctl list encap
-echo "---------------------"
-
-echo "------Flows dump-----"
-as hv1
-ovs-ofctl dump-flows
-echo "---------------------"
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-src_mac="f00000000003"
-dst_mac="f00000000001"
-src_ip=`ip_to_hex 192 168 0 2`
-dst_ip=`ip_to_hex 8 8 8 8`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-# Send IP packet destined to 8.8.8.8 from lsp1lp2
-as hv1 ovs-appctl netdev-dummy/receive hv1-ls1lp2 $packet
-
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-# ARP packet should be received with Target IP Address set to 192.168.1.254 and
-# not 8.8.8.8
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ls2lp2-tx.pcap | trim_zeros > packets
-expected="fffffffffffff0000000000208060001080006040001f00000000002c0a80101000000000000c0a801fe"
-echo $expected > expout
-AT_CHECK([cat packets], [0], [expout])
-cat packets
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- send gratuitous arp for nat ips in localnet])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-# Create logical switch
-ovn-nbctl ls-add ls0
-# Create gateway router
-ovn-nbctl create Logical_Router name=lr0 options:chassis=hv1
-# Add router port to gateway router
-ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:01 192.168.0.1/24
-ovn-nbctl lsp-add ls0 lrp0-rp -- set Logical_Switch_Port lrp0-rp \
- type=router options:router-port=lrp0 addresses='"f0:00:00:00:00:01"'
-# Add nat-address option
-ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="f0:00:00:00:00:01 192.168.0.2"
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0
-
-ovn_attach n1 br-phys 192.168.0.1
-
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
-AT_CHECK([ovs-vsctl add-port br-eth0 snoopvif -- set Interface snoopvif options:tx_pcap=hv1/snoopvif-tx.pcap options:rxq_pcap=hv1/snoopvif-rx.pcap])
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add ls0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
-
-# Wait until the patch ports are created in hv1 to connect br-int to br-eth0
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-vsctl show | \
-grep "Port patch-br-int-to-ln_port" | wc -l`])
-
-# Wait for packet to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 50])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros > packets
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80001000000000000c0a80001"
-echo $expected > expout
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80002000000000000c0a80002"
-echo $expected >> expout
-AT_CHECK([sort packets], [0], [expout])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- send gratuitous arp with nat-addresses router in localnet])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-# Create logical switch
-ovn-nbctl ls-add ls0
-# Create gateway router
-ovn-nbctl create Logical_Router name=lr0 options:chassis=hv1
-# Add router port to gateway router
-ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:01 192.168.0.1/24
-ovn-nbctl lsp-add ls0 lrp0-rp -- set Logical_Switch_Port lrp0-rp \
- type=router options:router-port=lrp0 addresses='"f0:00:00:00:00:01"'
-# Add nat-address option
-ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="router"
-# Add NAT rules
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 192.168.0.1 10.0.0.0/24])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 192.168.0.2 10.0.0.1])
-# Add load balancers
-AT_CHECK([ovn-nbctl lb-add lb0 192.168.0.3:80 10.0.0.2:80,10.0.0.3:80])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb0])
-AT_CHECK([ovn-nbctl lb-add lb1 192.168.0.3:8080 10.0.0.2:8080,10.0.0.3:8080])
-AT_CHECK([ovn-nbctl lr-lb-add lr0 lb1])
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl \
- -- add-br br-phys \
- -- add-br br-eth0
-
-ovn_attach n1 br-phys 192.168.0.1
-
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
-AT_CHECK([ovs-vsctl add-port br-eth0 snoopvif -- set Interface snoopvif options:tx_pcap=hv1/snoopvif-tx.pcap options:rxq_pcap=hv1/snoopvif-rx.pcap])
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add ls0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
-
-# Wait until the patch ports are created to connect br-int to br-eth0
-OVS_WAIT_UNTIL([test 1 = `ovs-vsctl show | \
-grep "Port patch-br-int-to-ln_port" | wc -l`])
-
-ovn-sbctl list port_binding lrp0-rp
-echo "*****"
-ovn-nbctl list logical_switch_port lrp0-rp
-ovn-nbctl list logical_router_port lrp0
-ovn-nbctl show
-# Wait for packet to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 50])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros > packets
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80001000000000000c0a80001"
-echo $expected > expout
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80002000000000000c0a80002"
-echo $expected >> expout
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80003000000000000c0a80003"
-echo $expected >> expout
-AT_CHECK([sort packets], [0], [expout])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- delete mac bindings])
-ovn_start
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl -- add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-# Create logical switch ls0
-ovn-nbctl ls-add ls0
-# Create ports lp0, lp1 in ls0
-ovn-nbctl lsp-add ls0 lp0
-ovn-nbctl lsp-add ls0 lp1
-ovn-nbctl lsp-set-addresses lp0 "f0:00:00:00:00:01 192.168.0.1"
-ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:02 192.168.0.2"
-dp_uuid=`ovn-sbctl find datapath | grep uuid | cut -f2 -d ":" | cut -f2 -d " "`
-ovn-sbctl create MAC_Binding ip=10.0.0.1 datapath=$dp_uuid logical_port=lp0 mac="mac1"
-ovn-sbctl create MAC_Binding ip=10.0.0.1 datapath=$dp_uuid logical_port=lp1 mac="mac2"
-ovn-sbctl find MAC_Binding
-# Delete port lp0 and check that its MAC_Binding is deleted.
-ovn-nbctl lsp-del lp0
-ovn-sbctl find MAC_Binding
-OVS_WAIT_UNTIL([test `ovn-sbctl find MAC_Binding logical_port=lp0 | wc -l` = 0])
-# Delete logical switch ls0 and check that its MAC_Binding is deleted.
-ovn-nbctl ls-del ls0
-ovn-sbctl find MAC_Binding
-OVS_WAIT_UNTIL([test `ovn-sbctl find MAC_Binding | wc -l` = 0])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- conntrack zone allocation])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# 2 logical switches "foo" (192.168.1.0/24) and "bar" (172.16.1.0/24)
-# connected to a router R1.
-# foo has foo1 to act as a client.
-# bar has bar1, bar2, bar3 to act as servers.
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-for i in foo1 bar1 bar2 bar3; do
- ovs-vsctl -- add-port br-int $i -- \
- set interface $i external-ids:iface-id=$i \
- options:tx_pcap=hv1/$i-tx.pcap \
- options:rxq_pcap=hv1/$i-rx.pcap
-done
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 172.16.1.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
- type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port bar1, bar2 and bar3 in bar
-for i in `seq 1 3`; do
- ip=`expr $i + 1`
- ovn-nbctl lsp-add bar bar$i \
- -- lsp-set-addresses bar$i "f0:00:0a:01:02:$i 172.16.1.$ip"
-done
-
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=0 | grep REG13 | wc -l` -eq 4])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- tag allocation])
-ovn_start
-
-AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl lsp-add ls0 parent1])
-AT_CHECK([ovn-nbctl lsp-add ls0 parent2])
-AT_CHECK([ovn-nbctl ls-add ls1])
-
-dnl When a tag is provided, no allocation is done
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c0 parent1 3])
-AT_CHECK([ovn-nbctl lsp-get-tag c0], [0], [3
-])
-dnl The same 'tag' gets created in southbound database.
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c0"], [0], [3
-])
-
-dnl Allocate tags and see it getting created in both NB and SB
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c1 parent1 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c1], [0], [1
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c1"], [0], [1
-])
-
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c2 parent1 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c2], [0], [2
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c2"], [0], [2
-])
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c3 parent1 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c3], [0], [4
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c3"], [0], [4
-])
-
-dnl A different parent.
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c4 parent2 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c4], [0], [1
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c4"], [0], [1
-])
-
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c5 parent2 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c5"], [0], [2
-])
-
-dnl Delete a logical port and create a new one.
-AT_CHECK([ovn-nbctl --wait=sb lsp-del c1])
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c6 parent1 0])
-AT_CHECK([ovn-nbctl lsp-get-tag c6], [0], [1
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c6"], [0], [1
-])
-
-dnl Restart northd to see that the same allocation remains.
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-start_daemon ovn-northd \
- --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock \
- --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
-
-dnl Create a switch to make sure that ovn-northd has run through the main loop.
-AT_CHECK([ovn-nbctl --wait=sb ls-add ls-dummy])
-AT_CHECK([ovn-nbctl lsp-get-tag c0], [0], [3
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c6], [0], [1
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c2], [0], [2
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c3], [0], [4
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c4], [0], [1
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
-])
-
-dnl Create a switch port with a tag that has already been allocated.
-dnl It should go through fine with a duplicate tag.
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c7 parent2 2])
-AT_CHECK([ovn-nbctl lsp-get-tag c7], [0], [2
-])
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="c7"], [0], [2
-])
-AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
-])
-
-AT_CHECK([ovn-nbctl ls-add ls2])
-dnl When there is no parent_name provided (for say, 'localnet'), 'tag_request'
-dnl gets copied to 'tag'
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls2 local0 "" 25])
-AT_CHECK([ovn-nbctl lsp-get-tag local0], [0], [25
-])
-dnl The same 'tag' gets created in southbound database.
-AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
-logical_port="local0"], [0], [25
-])
-dnl If 'tag_request' is 0 for localnet, nothing gets written to 'tag'
-AT_CHECK([ovn-nbctl --wait=sb lsp-add ls2 local1 "" 0])
-AT_CHECK([ovn-nbctl lsp-get-tag local1])
-dnl change the tag_request.
-AT_CHECK([ovn-nbctl --wait=sb set logical_switch_port local1 tag_request=50])
-AT_CHECK([ovn-nbctl lsp-get-tag local1], [0], [50
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- lsp deletion and broadcast-flow deletion on localnet])
-ovn_start
-ovn-nbctl ls-add lsw0
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
- ovs-vsctl add-br br-eth0
- AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
-done
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add lsw0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
-
-
-# Create 3 vifs.
-AT_CHECK([ovn-nbctl lsp-add lsw0 localvif1])
-AT_CHECK([ovn-nbctl lsp-set-addresses localvif1 "f0:00:00:00:00:01 192.168.1.1"])
-AT_CHECK([ovn-nbctl lsp-set-port-security localvif1 "f0:00:00:00:00:01"])
-AT_CHECK([ovn-nbctl lsp-add lsw0 localvif2])
-AT_CHECK([ovn-nbctl lsp-set-addresses localvif2 "f0:00:00:00:00:02 192.168.1.2"])
-AT_CHECK([ovn-nbctl lsp-set-port-security localvif2 "f0:00:00:00:00:02"])
-AT_CHECK([ovn-nbctl lsp-add lsw0 localvif3])
-AT_CHECK([ovn-nbctl lsp-set-addresses localvif3 "f0:00:00:00:00:03 192.168.1.3"])
-AT_CHECK([ovn-nbctl lsp-set-port-security localvif3 "f0:00:00:00:00:03"])
-
-# Bind the localvif1 to hv1.
-as hv1
-AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 external_ids:iface-id=localvif1])
-
-# On hv1, check that there are no flows outputting bcast to tunnel
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
-
-# On hv2, check that no flow outputs bcast to tunnel to hv1.
-as hv2
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
-
-# Now bind vif2 on hv2.
-AT_CHECK([ovs-vsctl add-port br-int localvif2 -- set Interface localvif2 external_ids:iface-id=localvif2])
-
-# At this point, the broadcast flow on vif2 should be deleted.
-# because, there is now a localnet vif bound (table=32 programming logic)
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
-
-# Verify that the local net patch port exists on hv2.
-OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
-
-# Now bind vif3 on hv2.
-AT_CHECK([ovs-vsctl add-port br-int localvif3 -- set Interface localvif3 external_ids:iface-id=localvif3])
-
-# Verify that the local net patch port still exists on hv2
-OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
-
-# Delete localvif2
-AT_CHECK([ovn-nbctl lsp-del localvif2])
-
-# Verify that the local net patch port still exists on hv2,
-# because, localvif3 is still bound.
-OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-
-AT_SETUP([ovn -- ACL logging])
-AT_KEYWORDS([ovn])
-ovn_start
-
-net_add n1
-
-sim_add hv
-as hv
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-for i in lp1 lp2; do
- ovs-vsctl -- add-port br-int $i -- \
- set interface $i external-ids:iface-id=$i \
- options:tx_pcap=hv/$i-tx.pcap \
- options:rxq_pcap=hv/$i-rx.pcap
-done
-
-lp1_mac="f0:00:00:00:00:01"
-lp1_ip="192.168.1.2"
-
-lp2_mac="f0:00:00:00:00:02"
-lp2_ip="192.168.1.3"
-
-ovn-nbctl ls-add lsw0
-ovn-nbctl --wait=sb lsp-add lsw0 lp1
-ovn-nbctl --wait=sb lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp1 $lp1_mac
-ovn-nbctl lsp-set-addresses lp2 $lp2_mac
-ovn-nbctl --wait=sb sync
-
-ovn-nbctl acl-add lsw0 to-lport 1000 'tcp.dst==80' drop
-ovn-nbctl --log --severity=alert --name=drop-flow acl-add lsw0 to-lport 1000 'tcp.dst==81' drop
-
-ovn-nbctl acl-add lsw0 to-lport 1000 'tcp.dst==82' allow
-ovn-nbctl --log --severity=info --name=allow-flow acl-add lsw0 to-lport 1000 'tcp.dst==83' allow
-
-ovn-nbctl acl-add lsw0 to-lport 1000 'tcp.dst==84' allow-related
-ovn-nbctl --log acl-add lsw0 to-lport 1000 'tcp.dst==85' allow-related
-
-ovn-nbctl acl-add lsw0 to-lport 1000 'tcp.dst==86' reject
-ovn-nbctl --wait=hv --log --severity=alert --name=reject-flow acl-add lsw0 to-lport 1000 'tcp.dst==87' reject
-
-ovn-sbctl dump-flows
-
-
-# Send packet that should be dropped without logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4360 && tcp.dst==80"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should be dropped with logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4361 && tcp.dst==81"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should be allowed without logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4362 && tcp.dst==82"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should be allowed with logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4363 && tcp.dst==83"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should allow related flows without logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4364 && tcp.dst==84"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should allow related flows with logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4365 && tcp.dst==85"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should be rejected without logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4366 && tcp.dst==86"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Send packet that should be rejected with logging.
-packet="inport==\"lp1\" && eth.src==$lp1_mac && eth.dst==$lp2_mac &&
- ip4 && ip.ttl==64 && ip4.src==$lp1_ip && ip4.dst==$lp2_ip &&
- tcp && tcp.flags==2 && tcp.src==4367 && tcp.dst==87"
-as hv ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-OVS_WAIT_UNTIL([ test 4 = $(grep -c 'acl_log' hv/ovn-controller.log) ])
-
-AT_CHECK([grep 'acl_log' hv/ovn-controller.log | sed 's/.*name=/name=/'], [0], [dnl
-name="drop-flow", verdict=drop, severity=alert: tcp,vlan_tci=0x0000,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,nw_src=192.168.1.2,nw_dst=192.168.1.3,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4361,tp_dst=81,tcp_flags=syn
-name="allow-flow", verdict=allow, severity=info: tcp,vlan_tci=0x0000,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,nw_src=192.168.1.2,nw_dst=192.168.1.3,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4363,tp_dst=83,tcp_flags=syn
-name="", verdict=allow, severity=info: tcp,vlan_tci=0x0000,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,nw_src=192.168.1.2,nw_dst=192.168.1.3,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4365,tp_dst=85,tcp_flags=syn
-name="reject-flow", verdict=reject, severity=alert: tcp,vlan_tci=0x0000,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,nw_src=192.168.1.2,nw_dst=192.168.1.3,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4367,tp_dst=87,tcp_flags=syn
-])
-
-OVN_CLEANUP([hv])
-AT_CLEANUP
-
-
-AT_SETUP([ovn -- ACL rate-limited logging])
-AT_KEYWORDS([ovn])
-ovn_start
-
-net_add n1
-
-sim_add hv
-as hv
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-for i in lp1 lp2; do
- ovs-vsctl -- add-port br-int $i -- \
- set interface $i external-ids:iface-id=$i \
- options:tx_pcap=hv/$i-tx.pcap \
- options:rxq_pcap=hv/$i-rx.pcap
-done
-
-lp1_mac="f0:00:00:00:00:01"
-lp1_ip="192.168.1.2"
-
-lp2_mac="f0:00:00:00:00:02"
-lp2_ip="192.168.1.3"
-
-ovn-nbctl ls-add lsw0
-ovn-nbctl --wait=sb lsp-add lsw0 lp1
-ovn-nbctl --wait=sb lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp1 $lp1_mac
-ovn-nbctl lsp-set-addresses lp2 $lp2_mac
-ovn-nbctl --wait=sb sync
-
-
-# Add an ACL that rate-limits logs at 10 per second.
-ovn-nbctl meter-add http-rl1 drop 10 pktps
-ovn-nbctl --log --severity=alert --meter=http-rl1 --name=http-acl1 acl-add lsw0 to-lport 1000 'tcp.dst==80' drop
-
-# Add an ACL that rate-limits logs at 5 per second.
-ovn-nbctl meter-add http-rl2 drop 5 pktps
-ovn-nbctl --log --severity=alert --meter=http-rl2 --name=http-acl2 acl-add lsw0 to-lport 1000 'tcp.dst==81' allow
-
-# Add an ACL that doesn't rate-limit logs.
-ovn-nbctl --log --severity=alert --name=http-acl3 acl-add lsw0 to-lport 1000 'tcp.dst==82' drop
-ovn-nbctl --wait=hv sync
-
-# For each ACL, send 100 packets.
-for i in `seq 1 100`; do
- ovs-appctl netdev-dummy/receive lp1 'in_port(1),eth(src=f0:00:00:00:00:01,dst=f0:00:00:00:00:02),eth_type(0x0800),ipv4(src=192.168.1.2,dst=192.168.1.3,proto=6,tos=0,ttl=64,frag=no),tcp(src=7777,dst=80)'
-
- ovs-appctl netdev-dummy/receive lp1 'in_port(1),eth(src=f0:00:00:00:00:01,dst=f0:00:00:00:00:02),eth_type(0x0800),ipv4(src=192.168.1.2,dst=192.168.1.3,proto=6,tos=0,ttl=64,frag=no),tcp(src=7777,dst=81)'
-
- ovs-appctl netdev-dummy/receive lp1 'in_port(1),eth(src=f0:00:00:00:00:01,dst=f0:00:00:00:00:02),eth_type(0x0800),ipv4(src=192.168.1.2,dst=192.168.1.3,proto=6,tos=0,ttl=64,frag=no),tcp(src=7777,dst=82)'
-done
-
-# The rate at which packets are sent is highly system-dependent, so we
-# can't count on precise drop counts. To work around that, we just
-# check that exactly 100 "http-acl3" actions were logged and that there
-# were more "http-acl1" actions than "http-acl2" ones.
-OVS_WAIT_UNTIL([ test 100 = $(grep -c 'http-acl3' hv/ovn-controller.log) ])
-
-# On particularly slow or overloaded systems, the transmission rate may
-# be lower than the configured meter rate. To prevent false test
-# failures, we check the duration count of the meter, and if it's
-# greater than nine seconds, just skip the test.
-d_secs=$(as hv ovs-ofctl -O OpenFlow13 meter-stats br-int | grep "meter:1" | sed 's/.* duration:\([[0-9]]\{1,\}\)\.[[0-9]]\+s .*/\1/')
-
-echo "Meter duration: $d_secs"
-AT_SKIP_IF([test $d_secs -gt 9])
-
-# Print some information that may help debugging.
-as hv ovs-appctl -t ovn-controller meter-table-list
-as hv ovs-ofctl -O OpenFlow13 meter-stats br-int
-
-n_acl1=$(grep -c 'http-acl1' hv/ovn-controller.log)
-n_acl2=$(grep -c 'http-acl2' hv/ovn-controller.log)
-n_acl3=$(grep -c 'http-acl3' hv/ovn-controller.log)
-
-AT_CHECK([ test $n_acl3 -gt $n_acl1 ], [0], [])
-AT_CHECK([ test $n_acl1 -gt $n_acl2 ], [0], [])
-
-OVN_CLEANUP([hv])
-AT_CLEANUP
-
-
-AT_SETUP([ovn -- DSCP marking and meter check])
-AT_KEYWORDS([ovn])
-ovn_start
-
-ovn-nbctl ls-add lsw0
-ovn-nbctl --wait=sb lsp-add lsw0 lp1
-ovn-nbctl --wait=sb lsp-add lsw0 lp2
-ovn-nbctl --wait=sb lsp-add lsw0 lp3
-ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
-ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
-ovn-nbctl lsp-set-addresses lp3 f0:00:00:00:00:03
-ovn-nbctl lsp-set-port-security lp1 f0:00:00:00:00:01
-ovn-nbctl lsp-set-port-security lp2 f0:00:00:00:00:02
-ovn-nbctl --wait=sb sync
-net_add n1
-sim_add hv
-as hv
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=vif1-tx.pcap options:rxq_pcap=vif1-rx.pcap ofport-request=1
-ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=vif2-tx.pcap options:rxq_pcap=vif2-rx.pcap ofport-request=2
-
-AT_CAPTURE_FILE([trace])
-ovn_trace () {
- ovn-trace --all "$@" | tee trace | sed '1,/Minimal trace/d'
-}
-
-# Extracts nw_tos from the final flow from ofproto/trace output and prints
-# it on stdout. Prints "none" if no nw_tos was included.
-get_final_nw_tos() {
- if flow=$(grep '^Final flow:' stdout); then :; else
- # The output didn't have a final flow.
- return 99
- fi
-
- tos=$(echo "$flow" | sed -n 's/.*nw_tos=\([[0-9]]\{1,\}\).*/\1/p')
- case $tos in
- '') echo none ;;
- *) echo $tos ;;
- esac
-}
-
-# check_tos TOS
-#
-# Checks that a packet from 1.1.1.1 to 1.1.1.2 gets its DSCP set to TOS.
-check_tos() {
- # First check with ovn-trace for logical flows.
- echo "checking for tos $1"
- (if test $1 != 0; then echo "ip.dscp = $1;"; fi;
- echo 'output("lp2");') > expout
- AT_CHECK_UNQUOTED([ovn_trace lsw0 'inport == "lp1" && eth.src == f0:00:00:00:00:01 && eth.dst == f0:00:00:00:00:02 && ip4.src == 1.1.1.1 && ip4.dst == 1.1.1.2'], [0], [expout])
-
- # Then re-check with ofproto/trace for a physical packet.
- AT_CHECK([ovs-appctl ofproto/trace br-int 'in_port=1,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,dl_type=0x800,nw_src=1.1.1.1,nw_dst=1.1.1.2'], [0], [stdout-nolog])
- AT_CHECK_UNQUOTED([get_final_nw_tos], [0], [`expr $1 \* 4`
-])
-}
-
-# check at L2
-AT_CHECK([ovn_trace lsw0 'inport == "lp1" && eth.src == f0:00:00:00:00:01 && eth.dst == f0:00:00:00:00:02'], [0], [output("lp2");
-])
-AT_CHECK([ovs-appctl ofproto/trace br-int 'in_port=1,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02'], [0], [stdout-nolog])
-AT_CHECK([get_final_nw_tos], [0], [none
-])
-
-# check at L3 without dscp marking
-check_tos 0
-
-# Mark DSCP with a valid value
-qos_id=$(ovn-nbctl --wait=hv -- --id=@lp1-qos create QoS priority=100 action=dscp=48 match="inport\=\=\"lp1\"\ &&\ is_chassis_resident(\"lp1\")" direction="from-lport" -- set Logical_Switch lsw0 qos_rules=@lp1-qos)
-AT_CHECK([as hv ovn-nbctl qos-list lsw0 | wc -l], [0], [1
-])
-check_tos 48
-
-# check at hv without qos meter
-AT_CHECK([as hv ovs-ofctl dump-flows br-int -O OpenFlow13 | grep meter | wc -l], [0], [0
-])
-
-# Update the meter rate
-ovn-nbctl --wait=hv set QoS $qos_id bandwidth=rate=100
-
-# check at hv with a qos meter table
-AT_CHECK([as hv ovs-ofctl dump-meters br-int -O OpenFlow13 | grep rate=100 | wc -l], [0], [1
-])
-AT_CHECK([as hv ovs-ofctl dump-flows br-int -O OpenFlow13 | grep meter | wc -l], [0], [1
-])
-
-# Update the DSCP marking
-ovn-nbctl --wait=hv set QoS $qos_id action=dscp=63
-check_tos 63
-
-# Update the meter rate
-ovn-nbctl --wait=hv set QoS $qos_id bandwidth=rate=4294967295,burst=4294967295
-
-# check at hv with a qos meter table
-AT_CHECK([as hv ovs-ofctl dump-meters br-int -O OpenFlow13 | grep burst_size=4294967295 | wc -l], [0], [1
-])
-AT_CHECK([as hv ovs-ofctl dump-flows br-int -O OpenFlow13 | grep meter | wc -l], [0], [1
-])
-
-ovn-nbctl --wait=hv set QoS $qos_id match="outport\=\=\"lp2\"" direction="to-lport"
-check_tos 63
-
-# Disable DSCP marking
-ovn-nbctl --wait=hv qos-del lsw0
-AT_CHECK([as hv ovn-nbctl qos-list lsw0 | wc -l], [0], [0
-])
-check_tos 0
-
-# check at hv without qos meter
-AT_CHECK([as hv ovs-ofctl dump-flows br-int -O OpenFlow13 | grep meter | wc -l], [0], [0
-])
-
-# check meter with chassis not resident
-ovn-nbctl qos-add lsw0 to-lport 1001 'inport=="lp3" && is_chassis_resident("lp3")' rate=11123 burst=111230
-AT_CHECK([as hv ovn-nbctl qos-list lsw0 | wc -l], [0], [1
-])
-
-# check no meter table
-AT_CHECK([as hv ovs-ofctl dump-flows br-int -O OpenFlow13 | grep meter | wc -l], [0], [0
-])
-AT_CHECK([as hv ovs-ofctl dump-meters br-int -O OpenFlow13 | grep rate=11123 | wc -l], [0], [0
-])
-
-OVN_CLEANUP([hv])
-AT_CLEANUP
-
-AT_SETUP([ovn -- read-only sb db:ptcp access])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-
-: > .$1.db.~lock~
-ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
-
-# Add read-only remote to sb ovsdb-server
-AT_CHECK(
- [ovsdb-tool transact ovn-sb.db \
- ['["OVN_Southbound",
- {"op": "insert",
- "table": "SB_Global",
- "row": {
- "connections": ["set", [["named-uuid", "xyz"]]]}},
- {"op": "insert",
- "table": "Connection",
- "uuid-name": "xyz",
- "row": {"target": "ptcp:0:127.0.0.1",
- "read_only": true}}]']], [0], [ignore], [ignore])
-
-start_daemon ovsdb-server --remote=punix:ovn-sb.sock --remote=db:OVN_Southbound,SB_Global,connections ovn-sb.db
-
-PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
-
-# read-only accesses should succeed
-AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT list SB_Global], [0], [stdout], [ignore])
-AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT list Connection], [0], [stdout], [ignore])
-
-# write access should fail
-AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT chassis-add ch vxlan 1.2.4.8], [1], [ignore],
-[ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"}
-])
-
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-AT_CLEANUP
-
-AT_SETUP([ovn -- read-only sb db:pssl access])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
-PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
-AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
-\\]"])
-
-: > .$1.db.~lock~
-ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
-
-# Add read-only remote to sb ovsdb-server
-AT_CHECK(
- [ovsdb-tool transact ovn-sb.db \
- ['["OVN_Southbound",
- {"op": "insert",
- "table": "SB_Global",
- "row": {
- "connections": ["set", [["named-uuid", "xyz"]]]}},
- {"op": "insert",
- "table": "Connection",
- "uuid-name": "xyz",
- "row": {"target": "pssl:0:127.0.0.1",
- "read_only": true}}]']], [0], [ignore], [ignore])
-
-start_daemon ovsdb-server --remote=punix:ovn-sb.sock \
- --remote=db:OVN_Southbound,SB_Global,connections \
- --private-key="$PKIDIR/testpki-privkey2.pem" \
- --certificate="$PKIDIR/testpki-cert2.pem" \
- --ca-cert="$PKIDIR/testpki-cacert.pem" \
- ovn-sb.db
-
-PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
-
-# read-only accesses should succeed
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list SB_Global], [0], [stdout], [ignore])
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list Connection], [0], [stdout], [ignore])
-
-# write access should fail
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- chassis-add ch vxlan 1.2.4.8], [1], [ignore],
-[ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"}
-])
-
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-AT_CLEANUP
-
-AT_SETUP([ovn -- nb connection/ssl commands])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
-PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
-AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
-\\]"])
-
-: > .$1.db.~lock~
-ovsdb-tool create ovn-nb.db "$abs_top_srcdir"/ovn/ovn-nb.ovsschema
-
-# Start nb db server using db connection/ssl entries (unpopulated initially)
-start_daemon ovsdb-server --remote=punix:ovnnb_db.sock \
- --remote=db:OVN_Northbound,NB_Global,connections \
- --private-key=db:OVN_Northbound,SSL,private_key \
- --certificate=db:OVN_Northbound,SSL,certificate \
- --ca-cert=db:OVN_Northbound,SSL,ca_cert \
- ovn-nb.db
-
-# Populate SSL configuration entries in nb db
-AT_CHECK(
- [ovn-nbctl set-ssl $PKIDIR/testpki-privkey.pem \
- $PKIDIR/testpki-cert.pem \
- $PKIDIR/testpki-cacert.pem], [0], [stdout], [ignore])
-
-# Populate a passive SSL connection in nb db
-AT_CHECK([ovn-nbctl set-connection pssl:0:127.0.0.1], [0], [stdout], [ignore])
-
-PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
-
-# Verify SSL connetivity to nb db server
-AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list NB_Global],
- [0], [stdout], [ignore])
-AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list Connection],
- [0], [stdout], [ignore])
-AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- get-connection],
- [0], [stdout], [ignore])
-
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-AT_CLEANUP
-
-AT_SETUP([ovn -- sb connection/ssl commands])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
-PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
-AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
-\\]"])
-
-: > .$1.db.~lock~
-ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
-
-# Start sb db server using db connection/ssl entries (unpopulated initially)
-start_daemon ovsdb-server --remote=punix:ovnsb_db.sock \
- --remote=db:OVN_Southbound,SB_Global,connections \
- --private-key=db:OVN_Southbound,SSL,private_key \
- --certificate=db:OVN_Southbound,SSL,certificate \
- --ca-cert=db:OVN_Southbound,SSL,ca_cert \
- ovn-sb.db
-
-# Populate SSL configuration entries in sb db
-AT_CHECK(
- [ovn-sbctl set-ssl $PKIDIR/testpki-privkey.pem \
- $PKIDIR/testpki-cert.pem \
- $PKIDIR/testpki-cacert.pem], [0], [stdout], [ignore])
-
-# Populate a passive SSL connection in sb db
-AT_CHECK([ovn-sbctl set-connection pssl:0:127.0.0.1], [0], [stdout], [ignore])
-
-PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
-
-# Verify SSL connetivity to sb db server
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list SB_Global],
- [0], [stdout], [ignore])
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- list Connection],
- [0], [stdout], [ignore])
-AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
- --private-key=$PKIDIR/testpki-privkey.pem \
- --certificate=$PKIDIR/testpki-cert.pem \
- --ca-cert=$PKIDIR/testpki-cacert.pem \
- get-connection],
- [0], [stdout], [ignore])
-
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-AT_CLEANUP
-
-AT_SETUP([ovn -- nested containers])
-ovn_start
-
-# Physical network:
-# 2 HVs. HV1 has 2 VMs - "VM1" and "bar3". HV2 has 1 VM - "VM2"
-
-# Logical network:
-# 3 Logical switches - "mgmt" (172.16.1.0/24), "foo" (192.168.1.0/24)
-# and "bar" (192.168.2.0/24). They are all connected to router R1.
-
-ovn-nbctl lr-add R1
-ovn-nbctl ls-add mgmt
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-
-# Connect mgmt to R1
-ovn-nbctl lrp-add R1 mgmt 00:00:00:01:02:02 172.16.1.1/24
-ovn-nbctl lsp-add mgmt rp-mgmt -- set Logical_Switch_Port rp-mgmt type=router \
- options:router-port=mgmt addresses=\"00:00:00:01:02:02\"
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo addresses=\"00:00:00:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:00:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar type=router \
- options:router-port=bar addresses=\"00:00:00:01:02:04\"
-
-# "mgmt" has VM1 and VM2 connected
-ovn-nbctl lsp-add mgmt vm1 \
--- lsp-set-addresses vm1 "f0:00:00:01:02:03 172.16.1.2"
-
-ovn-nbctl lsp-add mgmt vm2 \
--- lsp-set-addresses vm2 "f0:00:00:01:02:04 172.16.1.3"
-
-# "foo1" and "foo2" are containers belonging to switch "foo"
-# "foo1" has "VM1" as parent_port and "foo2" has "VM2" as parent_port.
-ovn-nbctl lsp-add foo foo1 vm1 1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:05 192.168.1.2"
-
-ovn-nbctl lsp-add foo foo2 vm2 2 \
--- lsp-set-addresses foo2 "f0:00:00:01:02:06 192.168.1.3"
-
-# "bar1" and "bar2" are containers belonging to switch "bar"
-# "bar1" has "VM1" as parent_port and "bar2" has "VM2" as parent_port.
-ovn-nbctl lsp-add bar bar1 vm1 2 \
--- lsp-set-addresses bar1 "f0:00:00:01:02:07 192.168.2.2"
-
-ovn-nbctl lsp-add bar bar2 vm2 1 \
--- lsp-set-addresses bar2 "f0:00:00:01:02:08 192.168.2.3"
-
-# bar3 is a standalone VM belonging to switch "bar"
-ovn-nbctl lsp-add bar bar3 \
--- lsp-set-addresses bar3 "f0:00:00:01:02:09 192.168.2.4"
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int vm1 -- \
- set interface vm1 external-ids:iface-id=vm1 \
- options:tx_pcap=hv1/vm1-tx.pcap \
- options:rxq_pcap=hv1/vm1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int bar3 -- \
- set interface bar3 external-ids:iface-id=bar3 \
- options:tx_pcap=hv1/bar3-tx.pcap \
- options:rxq_pcap=hv1/bar3-rx.pcap \
- ofport-request=2
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int vm2 -- \
- set interface vm2 external-ids:iface-id=vm2 \
- options:tx_pcap=hv2/vm2-tx.pcap \
- options:rxq_pcap=hv2/vm2-rx.pcap \
- ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and foo2 (same switch, different HVs and
-# different VLAN tags).
-src_mac="f00000010205"
-dst_mac="f00000010206"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 1 3`
-packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at foo2
-packet=${dst_mac}${src_mac}8100000208004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-echo $packet > expected
-OVN_CHECK_PACKETS([hv2/vm2-tx.pcap], [expected])
-
-# Send ip packets between foo1 and bar2 (different switch, different HV)
-src_mac="f00000010205"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 3`
-packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at bar2
-src_mac="000000010204"
-dst_mac="f00000010208"
-packet=${dst_mac}${src_mac}8100000108004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-echo $packet >> expected
-OVN_CHECK_PACKETS([hv2/vm2-tx.pcap], [expected])
-
-# Send ip packets between foo1 and bar1
-# (different switch, loopback to same vm but different tag)
-src_mac="f00000010205"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at bar1
-src_mac="000000010204"
-dst_mac="f00000010207"
-packet=${dst_mac}${src_mac}8100000208004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-echo $packet > expected1
-OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
-
-# Send ip packets between bar1 and bar3
-# (same switch. But one is container and another is a standalone VM)
-src_mac="f00000010207"
-dst_mac="f00000010209"
-src_ip=`ip_to_hex 192 168 2 2`
-dst_ip=`ip_to_hex 192 168 2 3`
-packet=${dst_mac}${src_mac}8100000208004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at bar3
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-echo $packet > expected
-OVN_CHECK_PACKETS([hv1/bar3-tx.pcap], [expected])
-
-# Send ip packets between foo1 and vm1.
-(different switch, container to the VM hosting it.)
-src_mac="f00000010205"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 2`
-packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at vm1
-src_mac="000000010202"
-dst_mac="f00000010203"
-packet=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-echo $packet >> expected1
-OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
-
-# Send packets from vm1 to bar1.
-(different switch, A hosting VM to a container inside it)
-src_mac="f00000010203"
-dst_mac="000000010202"
-src_ip=`ip_to_hex 172 16 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at vm1
-src_mac="000000010204"
-dst_mac="f00000010207"
-packet=${dst_mac}${src_mac}8100000208004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-echo $packet >> expected1
-OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
-
-# Send broadcast packet from foo1. foo1 should not receive the same packet.
-src_mac="f00000010205"
-dst_mac="ffffffffffff"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 255 255 255 255`
-packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
-
-# expected packet at VM1
-OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 3 HVs, 3 LRs connected via LS, source IP based routes])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and bar
-# (192.168.2.0/24) connected to it.
-#
-# R2 and R3 are gateway routers.
-# R2 has alice (172.16.1.0/24) and R3 has bob (172.16.1.0/24)
-# connected to it. Note how both alice and bob have the same subnet behind it.
-# We are trying to simulate external network via those 2 switches. In real
-# world the switch ports of these switches will have addresses set as "unknown"
-# to make them learning switches. Or those switches will be "localnet" ones.
-
-# Create three hypervisors and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=bar1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=alice1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-int hv3-vif1 -- \
- set interface hv3-vif1 external-ids:iface-id=bob1 \
- options:tx_pcap=hv3/vif1-tx.pcap \
- options:rxq_pcap=hv3/vif1-rx.pcap \
- ofport-request=1
-
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
-ovn-nbctl create Logical_Router name=R3 options:chassis="hv3"
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add bob
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar type=router \
- options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect bob to R3
-ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24
-ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
- type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Connect R3 to join
-ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
-ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
- type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
-
-# Install static routes with source ip address as the policy for routing.
-# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
-ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
-ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
-
-# Install static routes with destination ip address as the policy for routing.
-ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
-
-ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port bar1 in bar
-ovn-nbctl lsp-add bar bar1 \
--- lsp-set-addresses bar1 "f0:00:00:01:02:04 192.168.2.2"
-
-# Create logical port alice1 in alice
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:05 172.16.1.3"
-
-# Create logical port bob1 in bob
-ovn-nbctl lsp-add bob bob1 \
--- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4"
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-# Send ip packets between foo1 and bar1
-# (East-west traffic should flow normally)
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-# Send ip packets between foo1 and alice1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 3`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
-
-# Send ip packets between bar1 and bob1
-src_mac="f00000010204"
-dst_mac="000001010204"
-src_ip=`ip_to_hex 192 168 2 2`
-dst_ip=`ip_to_hex 172 16 1 4`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif2 $packet
-#as hv1 ovs-appctl ofproto/trace br-int in_port=2 $packet
-
-# Packet to expect at bar1
-src_mac="000001010204"
-dst_mac="f00000010204"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 192 168 2 2`
-expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-echo $expected > expected
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-
-# Packet to Expect at alice1
-src_mac="000002010203"
-dst_mac="f00000010205"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 3`
-expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
-echo $expected > expected
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Packet to Expect at bob1
-src_mac="000003010203"
-dst_mac="f00000010206"
-src_ip=`ip_to_hex 192 168 2 2`
-dst_ip=`ip_to_hex 172 16 1 4`
-expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
-echo $expected > expected
-OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- dns lookup : 1 HV, 2 LS, 2 LSPs/LS])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 aef0::4"
-
-ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 aef0::4"
-
-ovn-nbctl lsp-add ls1 ls1-lp2 \
--- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
-
-ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
-
-DNS1=`ovn-nbctl create DNS records={}`
-DNS2=`ovn-nbctl create DNS records={}`
-
-ovn-nbctl set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4"
-ovn-nbctl set DNS $DNS1 records:vm2.ovn.org="10.0.0.6 20.0.0.4"
-ovn-nbctl set DNS $DNS2 records:vm3.ovn.org="40.0.0.4"
-
-ovn-nbctl set Logical_switch ls1 dns_records="$DNS1"
-
-net_add n1
-sim_add hv1
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-OVN_POPULATE_ARP
-sleep 2
-as hv1 ovs-vsctl show
-
-echo "*************************"
-ovn-sbctl list DNS
-echo "*************************"
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-# set_dns_params host_name
-# Sets the dns_req_data and dns_resp_data
-set_dns_params() {
- local hname=$1
- local ttl=00000e10
- an_count=0001
- type=0001
- case $hname in
- vm1)
- # vm1.ovn.org
- query_name=03766d31036f766e036f726700
- # IPv4 address - 10.0.0.4
- expected_dns_answer=${query_name}00010001${ttl}00040a000004
- ;;
- vm2)
- # vm2.ovn.org
- query_name=03766d32036f766e036f726700
- # IPv4 address - 10.0.0.6
- expected_dns_answer=${query_name}00010001${ttl}00040a000006
- # IPv4 address - 20.0.0.4
- expected_dns_answer=${expected_dns_answer}${query_name}00010001${ttl}000414000004
- an_count=0002
- ;;
- vm3)
- # vm3.ovn.org
- query_name=03766d33036f766e036f726700
- # IPv4 address - 40.0.0.4
- expected_dns_answer=${query_name}00010001${ttl}000428000004
- ;;
- vm1_ipv6_only)
- # vm1.ovn.org
- query_name=03766d31036f766e036f726700
- # IPv6 address - aef0::4
- type=001c
- expected_dns_answer=${query_name}${type}0001${ttl}0010aef00000000000000000000000000004
- ;;
- vm1_ipv4_v6)
- # vm1.ovn.org
- query_name=03766d31036f766e036f726700
- type=00ff
- an_count=0002
- # IPv4 address - 10.0.0.4
- # IPv6 address - aef0::4
- expected_dns_answer=${query_name}00010001${ttl}00040a000004
- expected_dns_answer=${expected_dns_answer}${query_name}001c0001${ttl}0010
- expected_dns_answer=${expected_dns_answer}aef00000000000000000000000000004
- ;;
- vm1_invalid_type)
- # vm1.ovn.org
- query_name=03766d31036f766e036f726700
- # IPv6 address - aef0::4
- type=0002
- ;;
- vm1_incomplete)
- # set type to none
- type=''
- esac
- # TTL - 3600
- local dns_req_header=010201200001000000000000
- local dns_resp_header=010281200001${an_count}00000000
- dns_req_data=${dns_req_header}${query_name}${type}0001
- dns_resp_data=${dns_resp_header}${query_name}${type}0001${expected_dns_answer}
-}
-
-# This shell function sends a DNS request packet
-# test_dns INPORT SRC_MAC DST_MAC SRC_IP DST_IP DNS_QUERY EXPEC
-test_dns() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 dns_reply=$6
- local dns_query_data=$7
- shift; shift; shift; shift; shift; shift; shift;
- # Packet size => IPv4 header (20) + UDP header (8) +
- # DNS data (header + query)
- ip_len=`expr 28 + ${#dns_query_data} / 2`
- udp_len=`expr $ip_len - 20`
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- local request=${dst_mac}${src_mac}0800450000${ip_len}0000000080110000
- request=${request}${src_ip}${dst_ip}9234003500${udp_len}0000
- # dns data
- request=${request}${dns_query_data}
-
- if test $dns_reply != 0; then
- local dns_reply=$1
- ip_len=`expr 28 + ${#dns_reply} / 2`
- udp_len=`expr $ip_len - 20`
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- local reply=${src_mac}${dst_mac}0800450000${ip_len}0000000080110000
- reply=${reply}${dst_ip}${src_ip}0035923400${udp_len}0000${dns_reply}
- echo $reply >> $inport.expected
- else
- for outport; do
- echo $request >> $outport.expected
- done
- fi
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
-}
-
-test_dns6() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 dns_reply=$6
- local dns_query_data=$7
- shift; shift; shift; shift; shift; shift; shift;
- # Packet size => UDP header (8) +
- # DNS data (header + query)
- ip_len=`expr 8 + ${#dns_query_data} / 2`
- udp_len=$ip_len
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- local request=${dst_mac}${src_mac}86dd6000000000${ip_len}11ff${src_ip}${dst_ip}
- request=${request}9234003500${udp_len}0000
- #dns data
- request=${request}${dns_query_data}
-
- if test $dns_reply != 0; then
- local dns_reply=$1
- ip_len=`expr 8 + ${#dns_reply} / 2`
- udp_len=$ip_len
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- local reply=${src_mac}${dst_mac}86dd6000000000${ip_len}11ff${dst_ip}${src_ip}
- reply=${reply}0035923400${udp_len}0000${dns_reply}
- echo $reply >> $inport.expected
- else
- for outport; do
- echo $request >> $outport.expected
- done
- fi
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
-}
-
-AT_CAPTURE_FILE([ofctl_monitor0.log])
-as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
-
-set_dns_params vm2
-src_ip=`ip_to_hex 10 0 0 4`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=1
-test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 1.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-cat 1.expected | cut -c -48 > expout
-AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 1.expected | cut -c 53- > expout
-AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-set_dns_params vm1
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=1
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Clear the query name options for ls1-lp2
-ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org
-
-set_dns_params vm2
-src_ip=`ip_to_hex 10 0 0 4`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=0
-test_dns 1 f00000000001 f00000000002 $src_ip $dst_ip $dns_reply $dns_req_data
-
-# NXT_RESUMEs should be 3.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-AT_CHECK([cat 1.packets], [0], [])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Clear the query name for ls1-lp1
-# Since ls1 has no query names configued,
-# ovn-northd should not add the DNS flows.
-ovn-nbctl --wait=hv remove DNS $DNS1 records vm1.ovn.org
-
-set_dns_params vm1
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=0
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
-
-# NXT_RESUMEs should be 3 only.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-AT_CHECK([cat 2.packets], [0], [])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Test IPv6 (AAAA records) using IPv4 packet.
-# Add back the DNS options for ls1-lp1.
-ovn-nbctl --wait=hv set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4"
-
-set_dns_params vm1_ipv6_only
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=1
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Test both IPv4 (A) and IPv6 (AAAA records) using IPv4 packet.
-set_dns_params vm1_ipv4_v6
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=1
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 5.
-OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-cat 2.expected | cut -c -48 > expout
-AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 2.expected | cut -c 53- > expout
-AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Invalid type.
-set_dns_params vm1_invalid_type
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=0
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
-
-# NXT_RESUMEs should be 6.
-OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-AT_CHECK([cat 2.packets], [0], [])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Incomplete DNS packet.
-set_dns_params vm1_incomplete
-src_ip=`ip_to_hex 10 0 0 6`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=0
-test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
-
-# NXT_RESUMEs should be 7.
-OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-AT_CHECK([cat 2.packets], [0], [])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Add one more DNS record to the ls1.
-ovn-nbctl --wait=hv set Logical_switch ls1 dns_records="$DNS1 $DNS2"
-
-set_dns_params vm3
-src_ip=`ip_to_hex 10 0 0 4`
-dst_ip=`ip_to_hex 10 0 0 1`
-dns_reply=1
-test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 8.
-OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-cat 1.expected | cut -c -48 > expout
-AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat 1.expected | cut -c 53- > expout
-AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-# Try DNS query over IPv6
-set_dns_params vm1
-src_ip=aef00000000000000000000000000004
-dst_ip=aef00000000000000000000000000001
-dns_reply=1
-test_dns6 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
-
-# NXT_RESUMEs should be 9.
-OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-# Skipping the UDP checksum.
-cat 1.expected | cut -c 1-120,125- > expout
-AT_CHECK([cat 1.packets | cut -c 1-120,125-], [0], [expout])
-
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-rm -f 1.expected
-rm -f 2.expected
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4 HV, 1 LS, 1 LR, packet test with HA distributed router gateway port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add gw1
-as gw1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-sim_add gw2
-as gw2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.4
-
-sim_add ext1
-as ext1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-int ext1-vif1 -- \
- set interface ext1-vif1 external-ids:iface-id=outside1 \
- options:tx_pcap=ext1/vif1-tx.pcap \
- options:rxq_pcap=ext1/vif1-rx.pcap \
- ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add outside
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo \
- -- lsp-set-addresses rp-foo router
-
-# Connect alice to R1 as distributed router gateway port on gw1
-ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.1/24
-
-ovn-nbctl \
- --id=@gc0 create Gateway_Chassis name=alice_gw1 \
- chassis_name=gw1 \
- priority=20 -- \
- --id=@gc1 create Gateway_Chassis name=alice_gw2 \
- chassis_name=gw2 \
- priority=10 -- \
- set Logical_Router_Port alice 'gateway_chassis=[@gc0,@gc1]'
-
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice \
- -- lsp-set-addresses rp-alice router
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port outside1 in outside
-ovn-nbctl lsp-add outside outside1 \
--- lsp-set-addresses outside1 "f0:00:00:01:02:04 172.16.1.3"
-
-# Create localnet port in alice
-ovn-nbctl lsp-add alice ln-alice
-ovn-nbctl lsp-set-addresses ln-alice unknown
-ovn-nbctl lsp-set-type ln-alice localnet
-ovn-nbctl lsp-set-options ln-alice network_name=phys
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Create bridge-mappings on gw1, gw2 and ext1, hv1 doesn't need
-# mapping to the external network, is the one generating packets
-as gw1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-as gw2 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-as ext1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-AT_CHECK([ovn-nbctl --timeout=3 --wait=sb sync], [0], [ignore])
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 2
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-test_ip_packet()
-{
- local active_gw=$1
- local backup_gw=$2
- local backup_vswitchd_dead=$3
-
- # Send ip packet between foo1 and outside1
- src_mac="f00000010203" # foo1 mac
- dst_mac="000001010203" # rp-foo mac (internal router leg)
- src_ip=`ip_to_hex 192 168 1 2`
- dst_ip=`ip_to_hex 172 16 1 3`
- packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
- # ARP request packet to expect at outside1
- #arp_request=ffffffffffff${src_mac}08060001080006040001${src_mac}${src_ip}000000000000${dst_ip}
-
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
- # Send ARP reply from outside1 back to the router
- # XXX: note, we could avoid this if we plug this port into a netns
- # and setup the IP address into the port, so the kernel would simply reply
- src_mac="000002010203"
- reply_mac="f00000010204"
- dst_ip=`ip_to_hex 172 16 1 3`
- src_ip=`ip_to_hex 172 16 1 1`
- arp_reply=${src_mac}${reply_mac}08060001080006040002${reply_mac}${dst_ip}${src_mac}${src_ip}
-
- as ext1 ovs-appctl netdev-dummy/receive ext1-vif1 $arp_reply
-
- OVS_WAIT_UNTIL([
- test `as $active_gw ovs-ofctl dump-flows br-int | grep table=66 | \
-grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
- ])
-
- # Packet to Expect at ext1 chassis, outside1 port
- src_mac="000002010203"
- dst_mac="f00000010204"
- src_ip=`ip_to_hex 192 168 1 2`
- dst_ip=`ip_to_hex 172 16 1 3`
- expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
- echo $expected > ext1-vif1.expected
- exp_gw_ip_garp=ffffffffffff00000201020308060001080006040001000002010203ac100101000000000000ac100101
- echo $exp_gw_ip_garp >> ext1-vif1.expected
- as $active_gw reset_pcap_file br-phys_n1 $active_gw/br-phys_n1
-
- if test $backup_vswitchd_dead != 1; then
- # Reset the file only if vswitchd in backup gw is alive
- as $backup_gw reset_pcap_file br-phys_n1 $backup_gw/br-phys_n1
- fi
- as ext1 reset_pcap_file ext1-vif1 ext1/vif1
-
- # Resend packet from foo1 to outside1
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
- sleep 1
-
- OVN_CHECK_PACKETS([ext1/vif1-tx.pcap], [ext1-vif1.expected])
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $active_gw/br-phys_n1-tx.pcap > packets
- cat packets | grep $expected > exp
- # Its possible that $active_gw/br-phys_n1-tx.pcap may have received multiple
- # garp packets. So consider only the first packet.
- cat packets | grep $exp_gw_ip_garp | head -1 >> exp
- AT_CHECK([cat exp], [0], [expout])
- rm -f expout
- if test $backup_vswitchd_dead != 1; then
- # Check for backup gw only if vswitchd is alive
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $backup_gw/br-phys_n1-tx.pcap > packets
- AT_CHECK([grep $expected packets | sort], [0], [])
- fi
-}
-
-test_ip_packet gw1 gw2 0
-
-ovn-nbctl --timeout=3 --wait=hv \
- --id=@gc0 create Gateway_Chassis name=alice_gw1 \
- chassis_name=gw1 \
- priority=10 -- \
- --id=@gc1 create Gateway_Chassis name=alice_gw2 \
- chassis_name=gw2 \
- priority=20 -- \
- set Logical_Router_Port alice 'gateway_chassis=[@gc0,@gc1]'
-
-test_ip_packet gw2 gw1 0
-
-# Get the claim count of both gw1 and gw2.
-gw1_claim_ct=`grep "cr-alice: Claiming" gw1/ovn-controller.log | wc -l`
-gw2_claim_ct=`grep "cr-alice: Claiming" gw2/ovn-controller.log | wc -l`
-
-# Stop ovs-vswitchd in gw2. gw1 should claim the gateway port.
-as gw2
-OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
-
-# gw1 should claim the cr-alice and the claim count of gw1 should be
-# incremented by 1.
-gw1_claim_ct=$((gw1_claim_ct+1))
-
-OVS_WAIT_UNTIL([test $gw1_claim_ct = `cat gw1/ovn-controller.log \
-| grep -c "cr-alice: Claiming"`])
-
-AT_CHECK([test $gw2_claim_ct = `cat gw2/ovn-controller.log | \
-grep -c "cr-alice: Claiming"`])
-
-test_ip_packet gw1 gw2 1
-
-as gw2
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-OVN_CLEANUP([hv1],[gw1],[ext1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 4 HV, 3 LS, 2 LR, packet test with HA distributed router gateway port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add gw1
-as gw1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-sim_add gw2
-as gw2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.4
-
-sim_add ext1
-as ext1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-int ext1-vif1 -- \
- set interface ext1-vif1 external-ids:iface-id=outside1 \
- options:tx_pcap=ext1/vif1-tx.pcap \
- options:rxq_pcap=ext1/vif1-rx.pcap \
- ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R0
-ovn-nbctl create Logical_Router name=R1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add join
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add outside
-
-#Connect foo to R0
-ovn-nbctl lrp-add R0 R0-foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo foo-R0 -- set Logical_Switch_Port foo-R0 \
- type=router options:router-port=R0-foo \
- -- lsp-set-addresses foo-R0 router
-
-#Connect R0 to join
-ovn-nbctl lrp-add R0 R0-join 00:00:0d:01:02:03 100.60.1.1/24
-ovn-nbctl lsp-add join join-R0 -- set Logical_Switch_Port join-R0 \
- type=router options:router-port=R0-join \
- -- lsp-set-addresses join-R0 router
-
-#Connect join to R1
-ovn-nbctl lrp-add R1 R1-join 00:00:0e:01:02:03 100.60.1.2/24
-ovn-nbctl lsp-add join join-R1 -- set Logical_Switch_Port join-R1 \
- type=router options:router-port=R1-join \
- -- lsp-set-addresses join-R1 router
-
-#add route rules
-ovn-nbctl lr-route-add R0 0.0.0.0/0 100.60.1.2
-ovn-nbctl lr-route-add R1 192.168.0.0/16 100.60.1.1
-
-# Connect alice to R1 as distributed router gateway port on gw1
-ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.1/24
-
-ovn-nbctl \
- --id=@gc0 create Gateway_Chassis name=alice_gw1 \
- chassis_name=gw1 \
- priority=20 -- \
- --id=@gc1 create Gateway_Chassis name=alice_gw2 \
- chassis_name=gw2 \
- priority=10 -- \
- set Logical_Router_Port alice 'gateway_chassis=[@gc0,@gc1]'
-
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice \
- -- lsp-set-addresses rp-alice router
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port outside1 in outside
-ovn-nbctl lsp-add outside outside1 \
--- lsp-set-addresses outside1 "f0:00:00:01:02:04 172.16.1.3"
-
-# Create localnet port in alice
-ovn-nbctl lsp-add alice ln-alice
-ovn-nbctl lsp-set-addresses ln-alice unknown
-ovn-nbctl lsp-set-type ln-alice localnet
-ovn-nbctl lsp-set-options ln-alice network_name=phys
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Create bridge-mappings on gw1, gw2 and ext1, hv1 doesn't need
-# mapping to the external network, is the one generating packets
-as gw1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-as gw2 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-as ext1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-AT_CHECK([ovn-nbctl --timeout=3 --wait=sb sync], [0], [ignore])
-
-# hv1 should be in 'ref_chassis' of the ha_chasssi_group as logical
-# switch 'foo' can reach the router 'R1' (which has gw router port)
-# via foo1 -> foo -> R0 -> join -> R1
-hv1_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv1"`
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$hv1_ch_uuid" = "$ref_ch_list"])
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 2
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-test_ip_packet()
-{
- local active_gw=$1
- local backup_gw=$2
-
- # Send ip packet between foo1 and outside1
- src_mac="f00000010203" # foo1 mac
- dst_mac="000001010203" # foo-R0 mac (internal router leg)
- src_ip=`ip_to_hex 192 168 1 2`
- dst_ip=`ip_to_hex 172 16 1 3`
- packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
- # ARP request packet to expect at outside1
- #arp_request=ffffffffffff${src_mac}08060001080006040001${src_mac}${src_ip}000000000000${dst_ip}
-
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
- # Send ARP reply from outside1 back to the router
- # XXX: note, we could avoid this if we plug this port into a netns
- # and setup the IP address into the port, so the kernel would simply reply
- src_mac="000002010203"
- reply_mac="f00000010204"
- dst_ip=`ip_to_hex 172 16 1 3`
- src_ip=`ip_to_hex 172 16 1 1`
- arp_reply=${src_mac}${reply_mac}08060001080006040002${reply_mac}${dst_ip}${src_mac}${src_ip}
-
- as ext1 ovs-appctl netdev-dummy/receive ext1-vif1 $arp_reply
-
- OVS_WAIT_UNTIL([
- test `as $active_gw ovs-ofctl dump-flows br-int | grep table=66 | \
-grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
- ])
-
- # Packet to Expect at ext1 chassis, outside1 port
- src_mac="000002010203"
- dst_mac="f00000010204"
- src_ip=`ip_to_hex 192 168 1 2`
- dst_ip=`ip_to_hex 172 16 1 3`
- expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
- echo $expected > ext1-vif1.expected
- exp_gw_ip_garp=ffffffffffff00000201020308060001080006040001000002010203ac100101000000000000ac100101
- echo $exp_gw_ip_garp >> ext1-vif1.expected
-
- as $active_gw reset_pcap_file br-phys_n1 $active_gw/br-phys_n1
- as $backup_gw reset_pcap_file br-phys_n1 $backup_gw/br-phys_n1
- as ext1 reset_pcap_file ext1-vif1 ext1/vif1
-
- # Resend packet from foo1 to outside1
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
- OVN_CHECK_PACKETS([ext1/vif1-tx.pcap], [ext1-vif1.expected])
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $active_gw/br-phys_n1-tx.pcap > packets
- cat packets | grep $expected > exp
- cat packets | grep $exp_gw_ip_garp | head -1 >> exp
- AT_CHECK([cat exp], [0], [expout])
-
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $backup_gw/br-phys_n1-tx.pcap > packets
- AT_CHECK([grep $expected packets | sort], [0], [])
-}
-
-test_ip_packet gw1 gw2
-
-ovn-nbctl --timeout=3 --wait=hv \
- --id=@gc0 create Gateway_Chassis name=alice_gw1 \
- chassis_name=gw1 \
- priority=10 -- \
- --id=@gc1 create Gateway_Chassis name=alice_gw2 \
- chassis_name=gw2 \
- priority=20 -- \
- set Logical_Router_Port alice 'gateway_chassis=[@gc0,@gc1]'
-
-test_ip_packet gw2 gw1
-
-OVN_CLEANUP([hv1],[gw1],[gw2],[ext1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 1 LR with distributed router gateway port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR R1 that has switches foo (192.168.1.0/24) and
-# alice (172.16.1.0/24) connected to it. The logical port
-# between R1 and alice has a "redirect-chassis" specified,
-# i.e. it is the distributed router gateway port.
-# Switch alice also has a localnet port defined.
-# An additional switch outside has a localnet port and the
-# same subnet as alice (172.16.1.0/24).
-
-# Physical network:
-# Three hypervisors hv[123].
-# hv1 hosts vif foo1.
-# hv2 is the "redirect-chassis" that hosts the distributed
-# router gateway port.
-# hv3 hosts vif outside1.
-# In order to show that connectivity works only through hv2,
-# an initial round of tests is run without any bridge-mapping
-# defined for the localnet on hv2. These tests are expected
-# to fail.
-# Subsequent tests are run after defining the bridge-mapping
-# for the localnet on hv2. These tests are expected to succeed.
-
-# Create three hypervisors and create OVS ports corresponding
-# to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-int hv3-vif1 -- \
- set interface hv3-vif1 external-ids:iface-id=outside1 \
- options:tx_pcap=hv3/vif1-tx.pcap \
- options:rxq_pcap=hv3/vif1-rx.pcap \
- ofport-request=1
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add outside
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo \
- -- lsp-set-addresses rp-foo router
-
-# Connect alice to R1 as distributed router gateway port on hv2
-ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.1/24 \
- -- set Logical_Router_Port alice options:redirect-chassis="hv2"
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice \
- -- lsp-set-addresses rp-alice router
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port outside1 in outside
-ovn-nbctl lsp-add outside outside1 \
--- lsp-set-addresses outside1 "f0:00:00:01:02:04 172.16.1.3"
-
-# Create localnet port in alice
-ovn-nbctl lsp-add alice ln-alice
-ovn-nbctl lsp-set-addresses ln-alice unknown
-ovn-nbctl lsp-set-type ln-alice localnet
-ovn-nbctl lsp-set-options ln-alice network_name=phys
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Create bridge-mappings on hv1 and hv3, leaving hv2 for later
-as hv1 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-as hv3 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 2
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-ovn-sbctl list chassis
-ovn-sbctl list encap
-echo "------ Gateway_Chassis dump (SBDB) -------"
-ovn-sbctl list Gateway_Chassis
-echo "------ Port_Binding chassisredirect -------"
-ovn-sbctl find Port_Binding type=chassisredirect
-echo "-------------------------------------------"
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-echo "------ hv3 dump ----------"
-as hv3 ovs-ofctl show br-int
-as hv3 ovs-ofctl dump-flows br-int
-echo "--------------------------"
-
-
-# Check that redirect mapping is programmed only on hv2
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=33 | grep =0x3,metadata=0x1 | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=33 | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l], [0], [1
-])
-# Check that hv1 sends chassisredirect port traffic to hv2
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=32 | grep =0x3,metadata=0x1 | grep output | wc -l], [0], [1
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=32 | grep =0x3,metadata=0x1 | wc -l], [0], [0
-])
-# Check that arp reply on distributed gateway port is only programmed on hv2
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep arp | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep arp | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l], [0], [1
-])
-
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-
-: > hv2-vif1.expected
-: > hv3-vif1.expected
-
-# test_arp INPORT SHA SPA TPA [REPLY_HA]
-#
-# Causes a packet to be received on INPORT. The packet is an ARP
-# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
-# it should be the hardware address of the target to expect to receive in an
-# ARP reply; otherwise no reply is expected.
-#
-# INPORT is an logical switch port number, e.g. 11 for vif11.
-# SHA and REPLY_HA are each 12 hex digits.
-# SPA and TPA are each 8 hex digits.
-test_arp() {
- local hv=$1 inport=$2 sha=$3 spa=$4 tpa=$5 reply_ha=$6
- local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
- as hv$hv ovs-appctl netdev-dummy/receive hv${hv}-vif$inport $request
-
- if test X$reply_ha != X; then
- # Expect to receive the reply, if any.
- local reply=${sha}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
- echo $reply >> hv${hv}-vif$inport.expected
- fi
-}
-
-rtr_ip=$(ip_to_hex 172 16 1 1)
-foo_ip=$(ip_to_hex 192 168 1 2)
-outside_ip=$(ip_to_hex 172 16 1 3)
-
-echo $rtr_ip
-echo $foo_ip
-echo $outside_ip
-
-# ARP for router IP address from outside1, no response expected
-test_arp 3 1 f00000010204 $outside_ip $rtr_ip
-
-# Now check the packets actually received against the ones expected.
-OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
-
-# Send ip packet between foo1 and outside1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 3`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-# Now check the packets actually received against the ones expected.
-OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
-
-# Now add bridge-mappings on hv2, which should make everything work
-as hv2 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-# Wait until the patch ports are created in hv2 to connect br-int to br-phys
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-vsctl show | \
-grep "Port patch-br-int-to-ln-alice" | wc -l`])
-
-# ARP for router IP address from outside1
-test_arp 3 1 f00000010204 $outside_ip $rtr_ip 000002010203
-
-# hv3-vif1.expected should also have the gw router port garp packet.
-exp_gw_ip_garp=ffffffffffff00000201020308060001080006040001000002010203ac100101000000000000ac100101
-echo $exp_gw_ip_garp >> hv3-vif1.expected
-
-# Now check the packets actually received against the ones expected.
-OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
-
-# Send ip packet between foo1 and outside1
-src_mac="f00000010203"
-dst_mac="000001010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 172 16 1 3`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-# Packet to Expect at outside1
-src_mac="000002010203"
-dst_mac="f00000010204"
-expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
-echo "------ hv1 dump ----------"
-as hv1 ovs-ofctl show br-int
-as hv1 ovs-ofctl dump-flows br-int
-echo "------ hv2 dump ----------"
-as hv2 ovs-ofctl show br-int
-as hv2 ovs-ofctl dump-flows br-int
-echo "------ hv3 dump ----------"
-as hv3 ovs-ofctl show br-int
-as hv3 ovs-ofctl dump-flows br-int
-echo "----------------------------"
-
-echo $expected >> hv3-vif1.expected
-OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
-
-#Check ovn-trace over "chassisredirect" port
-AT_CAPTURE_FILE([trace])
-ovn_trace () {
- ovn-trace --all "$@" | tee trace | sed '1,/Minimal trace/d'
-}
-
-echo 'ip.ttl--;' > expout
-echo 'eth.src = 00:00:02:01:02:03;' >> expout
-echo 'eth.dst = f0:00:00:01:02:04;' >> expout
-echo 'output("ln-alice");' >> expout
-AT_CHECK_UNQUOTED([ovn_trace foo 'inport == "foo1" && eth.src == f0:00:00:01:02:03 && eth.dst == 00:00:01:01:02:03 && ip4.src == 192.168.1.2 && ip4.dst == 172.16.1.3 && ip.ttl == 0xff'], [0], [expout])
-
-# Create logical port alice1 in alice on hv1
-as hv1 ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=alice1 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=1
-
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:05 172.16.1.4"
-
-# Create logical port foo2 in foo on hv2
-as hv2 ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=foo2 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-ovn-nbctl lsp-add foo foo2 \
--- lsp-set-addresses foo2 "f0:00:00:01:02:06 192.168.1.3"
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-: > hv1-vif2.expected
-
-# Send ip packet between alice1 and foo2
-src_mac="f00000010205"
-dst_mac="000002010203"
-src_ip=`ip_to_hex 172 16 1 4`
-dst_ip=`ip_to_hex 192 168 1 3`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif2 $packet
-
-# Packet to Expect at foo2
-src_mac="000001010203"
-dst_mac="f00000010206"
-src_ip=`ip_to_hex 172 16 1 4`
-dst_ip=`ip_to_hex 192 168 1 3`
-expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
-
-echo $expected >> hv2-vif1.expected
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [hv2-vif1.expected])
-
-AT_CHECK([ovn-sbctl --bare --columns _uuid find Port_Binding logical_port=cr-alice | wc -l], [0], [1
-])
-
-ovn-nbctl --timeout=3 --wait=sb remove Logical_Router_Port alice options redirect-chassis
-
-AT_CHECK([ovn-sbctl find Port_Binding logical_port=cr-alice | wc -l], [0], [0
-])
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- send gratuitous arp for NAT rules on distributed router])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-# Create logical switches
-ovn-nbctl ls-add ls0
-ovn-nbctl ls-add ls1
-# Create distributed router
-ovn-nbctl create Logical_Router name=lr0
-# Add distributed gateway port to distributed router
-ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:01 192.168.0.1/24 \
- -- set Logical_Router_Port lrp0 options:redirect-chassis="hv2"
-ovn-nbctl lsp-add ls0 lrp0-rp -- set Logical_Switch_Port lrp0-rp \
- type=router options:router-port=lrp0 addresses="router"
-# Add router port to ls1
-ovn-nbctl lrp-add lr0 lrp1 f0:00:00:00:00:02 10.0.0.1/24
-ovn-nbctl lsp-add ls1 lrp1-rp -- set Logical_Switch_Port lrp1-rp \
- type=router options:router-port=lrp1 addresses="router"
-# Add logical ports for NAT rules
-ovn-nbctl lsp-add ls1 foo1 \
--- lsp-set-addresses foo1 "00:00:00:00:00:03 10.0.0.3"
-ovn-nbctl lsp-add ls1 foo2 \
--- lsp-set-addresses foo2 "00:00:00:00:00:04 10.0.0.4"
-# Add nat-addresses option
-ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="router"
-# Add NAT rules
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 192.168.0.1 10.0.0.0/24])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 192.168.0.2 10.0.0.2])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 192.168.0.3 10.0.0.3 foo1 f0:00:00:00:00:03])
-AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 192.168.0.4 10.0.0.4 foo2 f0:00:00:00:00:04])
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-AT_CHECK([ovs-vsctl add-port br-phys snoopvif -- set Interface snoopvif options:tx_pcap=hv1/snoopvif-tx.pcap options:rxq_pcap=hv1/snoopvif-rx.pcap])
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-# Initially test with no bridge-mapping on hv2, expect to receive no packets
-
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-# Initially test with no bridge-mapping on hv3
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add ls0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl --wait=hv lsp-set-options ln_port network_name=physnet1])
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 2
-
-# Expect no packets when hv2 bridge-mapping is not present
-: > packets
-OVN_CHECK_PACKETS([hv1/snoopvif-tx.pcap], [packets])
-
-# Add bridge-mapping on hv2
-AT_CHECK([as hv2 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-
-# Wait until the patch ports are created in hv2 to connect br-int to br-phys
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-vsctl show | \
-grep "Port patch-br-int-to-ln_port" | wc -l`])
-
-# Wait for packets to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 100])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros > packets
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80001000000000000c0a80001"
-echo $expected > expout
-expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80002000000000000c0a80002"
-echo $expected >> expout
-AT_CHECK([sort packets], [0], [expout])
-sort packets | cat
-
-# Temporarily remove nat-addresses option to avoid race conditions
-# due to GARP backoff
-ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses=""
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-as hv1 reset_pcap_file snoopvif hv1/snoopvif
-
-# Add OVS ports for foo1 and foo2 on hv3
-ovs-vsctl -- add-port br-int hv3-vif1 -- \
- set interface hv3-vif1 external-ids:iface-id=foo1 \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv3-vif2 -- \
- set interface hv3-vif2 external-ids:iface-id=foo2 \
- ofport-request=2
-
-# Add bridge-mapping on hv3
-AT_CHECK([as hv3 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-
-# Wait until the patch ports are created in hv3 to connect br-int to br-phys
-OVS_WAIT_UNTIL([test 1 = `as hv3 ovs-vsctl show | \
-grep "Port patch-br-int-to-ln_port" | wc -l`])
-
-# Re-add nat-addresses option
-ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="router"
-
-# Wait for packets to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 250])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros > packets
-garp_1="fffffffffffff0000000000308060001080006040001f00000000003c0a80003000000000000c0a80003"
-echo $garp_1 > expout
-garp_2="fffffffffffff0000000000408060001080006040001f00000000004c0a80004000000000000c0a80004"
-echo $garp_2 >> expout
-
-cat packets | grep $garp_1 | head -1 > exp
-cat packets | grep $garp_2 | head -1 >> exp
-AT_CHECK([cat exp], [0], [expout])
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-# VLAN traffic for external network redirected through distributed router
-# gateway port should use vlans(i.e input network vlan tag) across hypervisors
-# instead of tunneling.
-AT_SETUP([ovn -- vlan traffic for external network with distributed router gateway port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# # One LR R1 that has switches foo (192.168.1.0/24) and
-# # alice (172.16.1.0/24) connected to it. The logical port
-# # between R1 and alice has a "redirect-chassis" specified,
-# # i.e. it is the distributed router gateway port(172.16.1.6).
-# # Switch alice also has a localnet port defined.
-# # An additional switch outside has the same subnet as alice
-# # (172.16.1.0/24), a localnet port and nexthop port(172.16.1.1)
-# # which will receive the packet destined for external network
-# # (i.e 8.8.8.8 as destination ip).
-
-# Physical network:
-# # Four hypervisors hv[1234].
-# # hv1 hosts vif foo1.
-# # hv2 is the "redirect-chassis" that hosts the distributed router gateway port.
-# # Later to test GARPs for the router port - foo, hv2 and hv4 are added to the ha_chassis_group
-# # hv3 hosts nexthop port vif outside1.
-# # All other tests connect hypervisors to network n1 through br-phys for tunneling.
-# # But in this test, hv1 won't connect to n1(and no br-phys in hv1), and
-# # in order to show vlans(instead of tunneling) used between hv1 and hv2,
-# # a new network n2 created and hv1 and hv2 connected to this network through br-ex.
-# # hv2 and hv3 are still connected to n1 network through br-phys.
-net_add n1
-
-# We are not calling ovn_attach for hv1, to avoid adding br-phys.
-# Tunneling won't work in hv1 as ovn-encap-ip is not added to any bridge in hv1
-sim_add hv1
-as hv1
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve,vxlan \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=192.168.0.1 \
- -- add-br br-int \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true \
- -- set Open_vSwitch . external-ids:ovn-bridge-mappings=public:br-ex
-
-start_daemon ovn-controller
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings="public:br-ex,phys:br-phys"
-
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-int hv3-vif1 -- \
- set interface hv3-vif1 external-ids:iface-id=outside1 \
- options:tx_pcap=hv3/vif1-tx.pcap \
- options:rxq_pcap=hv3/vif1-rx.pcap \
- ofport-request=1
-ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings="phys:br-phys"
-
-sim_add hv4
-as hv4
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.4
-ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings="public:br-ex,phys:br-phys"
-
-# Create network n2 for vlan connectivity between hv1 and hv2
-net_add n2
-
-as hv1
-ovs-vsctl add-br br-ex
-net_attach n2 br-ex
-
-as hv2
-ovs-vsctl add-br br-ex
-net_attach n2 br-ex
-
-as hv4
-ovs-vsctl add-br br-ex
-net_attach n2 br-ex
-
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add outside
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo \
- -- lsp-set-addresses rp-foo router
-
-# Connect alice to R1 as distributed router gateway port (172.16.1.6) on hv2
-ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.6/24 \
- -- set Logical_Router_Port alice options:redirect-chassis="hv2"
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice \
- -- lsp-set-addresses rp-alice router \
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port outside1 in outside, which is a nexthop address
-# for 172.16.1.0/24
-ovn-nbctl lsp-add outside outside1 \
--- lsp-set-addresses outside1 "f0:00:00:01:02:04 172.16.1.1"
-
-# Set default gateway (nexthop) to 172.16.1.1
-ovn-nbctl lr-route-add R1 "0.0.0.0/0" 172.16.1.1 alice
-AT_CHECK([ovn-nbctl lr-nat-add R1 snat 172.16.1.6 192.168.1.1/24])
-ovn-nbctl set Logical_Switch_Port rp-alice options:nat-addresses=router
-
-ovn-nbctl lsp-add foo ln-foo
-ovn-nbctl lsp-set-addresses ln-foo unknown
-ovn-nbctl lsp-set-options ln-foo network_name=public
-ovn-nbctl lsp-set-type ln-foo localnet
-AT_CHECK([ovn-nbctl set Logical_Switch_Port ln-foo tag=2])
-
-# Create localnet port in alice
-ovn-nbctl lsp-add alice ln-alice
-ovn-nbctl lsp-set-addresses ln-alice unknown
-ovn-nbctl lsp-set-type ln-alice localnet
-ovn-nbctl lsp-set-options ln-alice network_name=phys
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-ovn-nbctl --wait=hv --timeout=3 sync
-
-# Check that there is a logical flow in logical switch foo's pipeline
-# to set the outport to rp-foo (which is expected).
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl dump-flows foo | grep ls_in_l2_lkup | \
-grep rp-foo | grep -v is_chassis_resident | wc -l`])
-
-# Set the option 'reside-on-redirect-chassis' for foo
-ovn-nbctl set logical_router_port foo options:reside-on-redirect-chassis=true
-# Check that there is a logical flow in logical switch foo's pipeline
-# to set the outport to rp-foo with the condition is_chassis_redirect.
-ovn-sbctl dump-flows foo
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl dump-flows foo | grep ls_in_l2_lkup | \
-grep rp-foo | grep is_chassis_resident | wc -l`])
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list nat
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-ovn-sbctl list chassis
-echo "---------------------"
-
-for chassis in hv1 hv2 hv3; do
- as $chassis
- echo "------ $chassis dump ----------"
- ovs-vsctl show br-int
- ovs-ofctl show br-int
- ovs-ofctl dump-flows br-int
- echo "--------------------------"
-done
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-foo1_ip=$(ip_to_hex 192 168 1 2)
-gw_ip=$(ip_to_hex 172 16 1 6)
-dst_ip=$(ip_to_hex 8 8 8 8)
-nexthop_ip=$(ip_to_hex 172 16 1 1)
-
-foo1_mac="f00000010203"
-foo_mac="000001010203"
-gw_mac="000002010203"
-nexthop_mac="f00000010204"
-
-# Send ip packet from foo1 to 8.8.8.8
-src_mac="f00000010203"
-dst_mac="000001010203"
-packet=${foo_mac}${foo1_mac}08004500001c0000000040110000${foo1_ip}${dst_ip}0035111100080000
-
-# Wait for GARPs announcing gw IP to arrive
-OVS_WAIT_UNTIL([
- test `as hv2 ovs-ofctl dump-flows br-int | grep table=66 | \
-grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
- ])
-
-# VLAN tagged packet with router port(192.168.1.1) MAC as destination MAC
-# is expected on bridge connecting hv1 and hv2
-expected=${foo_mac}${foo1_mac}8100000208004500001c0000000040110000${foo1_ip}${dst_ip}0035111100080000
-echo $expected > hv1-br-ex_n2.expected
-
-# Packet to Expect at outside1 i.e nexthop(172.16.1.1) port.
-# As connection tracking not enabled for this test, snat can't be done on the packet.
-# We still see foo1 as the source ip address. But source mac(gateway MAC) and
-# dest mac(nexthop mac) are properly configured.
-expected=${nexthop_mac}${gw_mac}08004500001c000000003f110100${foo1_ip}${dst_ip}0035111100080000
-echo $expected > hv3-vif1.expected
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-as hv1 reset_pcap_file br-ex_n2 hv1/br-ex_n2
-as hv3 reset_pcap_file hv3-vif1 hv3/vif1
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-sleep 2
-
-# On hv1, table 32 check that no packet goes via the tunnel port
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=32 \
-| grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0
-]])
-
-ip_packet() {
- grep "1010203f00000010203"
-}
-
-# Check vlan tagged packet on the bridge connecting hv1 and hv2 with the
-# foo1's mac.
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-ex_n2-tx.pcap | ip_packet | uniq > hv1-br-ex_n2
-cat hv1-br-ex_n2.expected > expout
-AT_CHECK([sort hv1-br-ex_n2], [0], [expout])
-
-# Check expected packet on nexthop interface
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv3/vif1-tx.pcap | grep ${foo1_ip}${dst_ip} | uniq > hv3-vif1
-cat hv3-vif1.expected > expout
-AT_CHECK([sort hv3-vif1], [0], [expout])
-
-# Test the GARP for the router port ip - 192.168.1.1
-ovn-nbctl --wait=sb ha-chassis-group-add hagrp1
-
-as hv1 reset_pcap_file hv1-vif1 hv1/vif1
-as hv2 reset_pcap_file br-ex_n2 hv2/br-ex_n2
-as hv4 reset_pcap_file br-ex_n2 hv4/br-ex_n2
-
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 hv2 30
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 hv4 20
-
-hagrp1_uuid=`ovn-nbctl --bare --columns _uuid find ha_chassis_group name=hagrp1`
-ovn-nbctl remove logical_router_port alice options redirect-chassis
-ovn-nbctl --wait=sb set logical_router_port alice ha_chassis_group=$hagrp1_uuid
-
-# When hv2 claims the gw router port cr-alice, it should send out
-# GARP for 192.168.1.1 and it should be received by foo1 on hv1.
-
-# foo1 (on hv1) should receive GARP without VLAN tag
-exp_garp_on_foo1="ffffffffffff00000101020308060001080006040001000001010203c0a80101000000000000c0a80101"
-echo $exp_garp_on_foo1 > foo1.expout
-
-# ovn-controller on hv2 should send garp with VLAN tag
-sent_garp="ffffffffffff0000010102038100000208060001080006040001000001010203c0a80101000000000000c0a80101"
-
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [foo1.expout])
-# Wait until we receive atleast 1 packet
-OVS_WAIT_UNTIL([test 1=`$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-ex_n2-tx.pcap | wc -l`])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-ex_n2-tx.pcap | head -1 > packets
-echo $sent_garp > expout
-AT_CHECK([cat packets], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv4/br-ex_n2-tx.pcap > empty
-AT_CHECK([cat empty], [0], [])
-
-# Make hv4 master
-as hv1 reset_pcap_file hv1-vif1 hv1/vif1
-as hv4 reset_pcap_file br-ex_n2 hv4/br-ex_n2
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 hv4 40
-
-# Wait till cr-alice is claimed by hv4
-hv4_chassis=$(ovn-sbctl --bare --columns=_uuid find Chassis name=hv4)
-# check that the chassis redirect port has been claimed by the gw1 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-alice | grep $hv4_chassis | wc -l], [0],[[1
-]])
-
-# Reset the pcap file for hv2/br-ex_n2. From now on ovn-controller in hv2
-# should not send GARPs for the router ports.
-as hv2 reset_pcap_file br-ex_n2 hv2/br-ex_n2
-
-echo $sent_garp > br-ex_n2.expout
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [foo1.expout])
-OVN_CHECK_PACKETS([hv4/br-ex_n2-tx.pcap], [br-ex_n2.expout])
-
-sleep 2
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-ex_n2-tx.pcap > empty
-AT_CHECK([cat empty], [0], [])
-
-OVN_CLEANUP([hv1],[hv2],[hv3], [hv4])
-AT_CLEANUP
-
-AT_SETUP([ovn -- IPv6 ND Router Solicitation responder])
-AT_KEYWORDS([ovn-nd_ra])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# In this test case we create 1 lswitch with 3 VIF ports attached,
-# and a lrouter connected to the lswitch.
-# We generate the Router solicitation packet and verify the Router Advertisement
-# reply packet from the ovn-controller.
-
-# Create hypervisor and logical switch lsw0, logical router lr0, attach lsw0
-# onto lr0, set Logical_Router_Port.ipv6_ra_configs:address_mode column to
-# 'slaac' to allow lrp0 send RA for SLAAC mode.
-ovn-nbctl ls-add lsw0
-ovn-nbctl lr-add lr0
-ovn-nbctl lrp-add lr0 lrp0 fa:16:3e:00:00:01 fdad:1234:5678::1/64
-ovn-nbctl set Logical_Router_Port lrp0 ipv6_ra_configs:address_mode="slaac"
-ovn-nbctl \
- -- lsp-add lsw0 lsp0 \
- -- set Logical_Switch_Port lsp0 type=router \
- options:router-port=lrp0 \
- addresses='"fa:16:3e:00:00:01 fdad:1234:5678::1"'
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-ovn-nbctl lsp-add lsw0 lp1
-ovn-nbctl lsp-set-addresses lp1 "fa:16:3e:00:00:02 10.0.0.12 fdad:1234:5678:0:f816:3eff:fe:2"
-ovn-nbctl lsp-set-port-security lp1 "fa:16:3e:00:00:02 10.0.0.12 fdad:1234:5678:0:f816:3eff:fe:2"
-
-ovn-nbctl lsp-add lsw0 lp2
-ovn-nbctl lsp-set-addresses lp2 "fa:16:3e:00:00:03 10.0.0.13 fdad:1234:5678:0:f816:3eff:fe:3"
-ovn-nbctl lsp-set-port-security lp2 "fa:16:3e:00:00:03 10.0.0.13 fdad:1234:5678:0:f816:3eff:fe:3"
-
-ovn-nbctl lsp-add lsw0 lp3
-ovn-nbctl lsp-set-addresses lp3 "fa:16:3e:00:00:04 10.0.0.14 fdad:1234:5678:0:f816:3eff:fe:4"
-ovn-nbctl lsp-set-port-security lp3 "fa:16:3e:00:00:04 10.0.0.14 fdad:1234:5678:0:f816:3eff:fe:4"
-
-# Add ACL rule for ICMPv6 on lsw0
-ovn-nbctl acl-add lsw0 from-lport 1002 'ip6 && icmp6' allow-related
-ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp1" && ip6 && icmp6' allow-related
-ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip6 && icmp6' allow-related
-ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp3" && ip6 && icmp6' allow-related
-
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-ovs-vsctl -- add-port br-int hv1-vif3 -- \
- set interface hv1-vif3 external-ids:iface-id=lp3 \
- options:tx_pcap=hv1/vif3-tx.pcap \
- options:rxq_pcap=hv1/vif3-rx.pcap \
- ofport-request=3
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-# Make sure that ovn-controller has installed the corresponding OF Flow.
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int | grep -c "ipv6_dst=ff02::2,nw_ttl=255,icmp_type=133,icmp_code=0"`])
-
-# This shell function sends a Router Solicitation packet.
-# test_ipv6_ra INPORT SRC_MAC SRC_LLA ADDR_MODE MTU RA_PREFIX_OPT
-test_ipv6_ra() {
- local inport=$1 src_mac=$2 src_lla=$3 addr_mode=$4 mtu=$5 prefix_opt=$6
- local request=333300000002${src_mac}86dd6000000000103aff${src_lla}ff02000000000000000000000000000285000efc000000000101${src_mac}
-
- local len=24
- local mtu_opt=""
- if test $mtu != 0; then
- len=`expr $len + 8`
- mtu_opt=05010000${mtu}
- fi
-
- if test ${#prefix_opt} != 0; then
- prefix_opt=${prefix_opt}fdad1234567800000000000000000000
- len=`expr $len + ${#prefix_opt} / 2`
- fi
-
- len=$(printf "%x" $len)
- local lrp_mac=fa163e000001
- local lrp_lla=fe80000000000000f8163efffe000001
- local reply=${src_mac}${lrp_mac}86dd6000000000${len}3aff${lrp_lla}${src_lla}8600XXXXff${addr_mode}ffff00000000000000000101${lrp_mac}${mtu_opt}${prefix_opt}
- echo $reply >> $inport.expected
-
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif${inport} $request
-}
-
-AT_CAPTURE_FILE([ofctl_monitor0.log])
-as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
-
-# MTU is not set and the address mode is set to slaac
-addr_mode=00
-default_prefix_option_config=030440c0ffffffffffffffff00000000
-src_mac=fa163e000002
-src_lla=fe80000000000000f8163efffe000002
-test_ipv6_ra 1 $src_mac $src_lla $addr_mode 0 $default_prefix_option_config
-
-# NXT_RESUME should be 1.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-
-cat 1.expected | cut -c -112 > expout
-AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum.
-cat 1.expected | cut -c 117- > expout
-AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
-
-rm -f *.expected
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-reset_pcap_file hv1-vif3 hv1/vif3
-
-# Set the MTU to 1500
-ovn-nbctl --wait=hv set Logical_Router_Port lrp0 ipv6_ra_configs:mtu=1500
-
-# Make sure that ovn-controller has installed the corresponding OF Flow.
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int | grep -c "ipv6_dst=ff02::2,nw_ttl=255,icmp_type=133,icmp_code=0"`])
-
-addr_mode=00
-default_prefix_option_config=030440c0ffffffffffffffff00000000
-src_mac=fa163e000003
-src_lla=fe80000000000000f8163efffe000003
-mtu=000005dc
-
-test_ipv6_ra 2 $src_mac $src_lla $addr_mode $mtu $default_prefix_option_config
-
-# NXT_RESUME should be 2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-
-cat 2.expected | cut -c -112 > expout
-AT_CHECK([cat 2.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum.
-cat 2.expected | cut -c 117- > expout
-AT_CHECK([cat 2.packets | cut -c 117-], [0], [expout])
-
-rm -f *.expected
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-reset_pcap_file hv1-vif3 hv1/vif3
-
-# Set the address mode to dhcpv6_stateful
-ovn-nbctl --wait=hv set Logical_Router_Port lrp0 ipv6_ra_configs:address_mode=dhcpv6_stateful
-# Make sure that ovn-controller has installed the corresponding OF Flow.
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int | grep -c "ipv6_dst=ff02::2,nw_ttl=255,icmp_type=133,icmp_code=0"`])
-
-addr_mode=80
-default_prefix_option_config=03044080ffffffffffffffff00000000
-src_mac=fa163e000004
-src_lla=fe80000000000000f8163efffe000004
-mtu=000005dc
-
-test_ipv6_ra 3 $src_mac $src_lla $addr_mode $mtu $default_prefix_option_config
-
-# NXT_RESUME should be 3.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap > 3.packets
-
-cat 3.expected | cut -c -112 > expout
-AT_CHECK([cat 3.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum.
-cat 3.expected | cut -c 117- > expout
-AT_CHECK([cat 3.packets | cut -c 117-], [0], [expout])
-
-rm -f *.expected
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-reset_pcap_file hv1-vif3 hv1/vif3
-
-# Set the address mode to dhcpv6_stateless
-ovn-nbctl --wait=hv set Logical_Router_Port lrp0 ipv6_ra_configs:address_mode=dhcpv6_stateless
-# Make sure that ovn-controller has installed the corresponding OF Flow.
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int | grep -c "ipv6_dst=ff02::2,nw_ttl=255,icmp_type=133,icmp_code=0"`])
-
-addr_mode=40
-default_prefix_option_config=030440c0ffffffffffffffff00000000
-src_mac=fa163e000002
-src_lla=fe80000000000000f8163efffe000002
-mtu=000005dc
-
-test_ipv6_ra 1 $src_mac $src_lla $addr_mode $mtu $default_prefix_option_config
-
-# NXT_RESUME should be 4.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-
-cat 1.expected | cut -c -112 > expout
-AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum.
-cat 1.expected | cut -c 117- > expout
-AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
-
-rm -f *.expected
-reset_pcap_file hv1-vif1 hv1/vif1
-reset_pcap_file hv1-vif2 hv1/vif2
-reset_pcap_file hv1-vif3 hv1/vif3
-
-# Set the address mode to invalid.
-ovn-nbctl --wait=hv set Logical_Router_Port lrp0 ipv6_ra_configs:address_mode=invalid
-# Make sure that ovn-controller has not installed any OF Flow for IPv6 ND RA.
-OVS_WAIT_UNTIL([test 0 = `as hv1 ovs-ofctl dump-flows br-int | grep -c "ipv6_dst=ff02::2,nw_ttl=255,icmp_type=133,icmp_code=0"`])
-
-addr_mode=40
-default_prefix_option_config=""
-src_mac=fa163e000002
-src_lla=fe80000000000000f8163efffe000002
-mtu=000005dc
-
-test_ipv6_ra 1 $src_mac $src_lla $addr_mode $mtu $default_prefix_option_config
-
-# NXT_RESUME should be 4 only.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
-AT_CHECK([cat 1.packets], [0], [])
-
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- /32 router IP address])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# 2 LS 'foo' and 'alice' connected via router R1.
-# R1 connects to 'alice' with a /32 IP address. We use static routes and
-# nexthop to push traffic to a logical port in switch 'alice'
-
-ovn-nbctl lr-add R1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
- options:router-port=foo addresses=\"00:00:00:01:02:03\"
-
-# Connect alice to R1.
-ovn-nbctl lrp-add R1 alice 00:00:00:01:02:04 172.16.1.1/32
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:00:01:02:04\"
-
-# Create logical port foo1 in foo
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical port alice1 in alice
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 10.0.0.2"
-
-#install default route in R1 to use alice1's IP address as nexthop
-ovn-nbctl lr-route-add R1 0.0.0.0/0 10.0.0.2 alice
-
-# Create two hypervisor and create OVS ports corresponding to logical ports.
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=foo1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=alice1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-# Send ip packets between foo1 and alice1
-src_mac="f00000010203"
-dst_mac="000000010203"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 10 0 0 2`
-packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
-
-# Send the first packet to trigger a ARP response and population of
-# mac_bindings table.
-as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-OVS_WAIT_UNTIL([test `ovn-sbctl find mac_binding ip="10.0.0.2" | wc -l` -gt 0])
-ovn-nbctl --wait=hv sync
-
-# Packet to Expect at 'alice1'
-src_mac="000000010204"
-dst_mac="f00000010204"
-src_ip=`ip_to_hex 192 168 1 2`
-dst_ip=`ip_to_hex 10 0 0 2`
-echo "${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000" > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 1 lport/HV, localport ports])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-# Add localport to the switch
-ovn-nbctl lsp-add ls1 lp01
-ovn-nbctl lsp-set-addresses lp01 f0:00:00:00:00:01
-ovn-nbctl lsp-set-type lp01 localport
-
-net_add n1
-
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
- ovs-vsctl add-port br-int vif01 -- \
- set Interface vif01 external-ids:iface-id=lp01 \
- options:tx_pcap=hv${i}/vif01-tx.pcap \
- options:rxq_pcap=hv${i}/vif01-rx.pcap \
- ofport-request=${i}0
-
- ovs-vsctl add-port br-int vif${i}1 -- \
- set Interface vif${i}1 external-ids:iface-id=lp${i}1 \
- options:tx_pcap=hv${i}/vif${i}1-tx.pcap \
- options:rxq_pcap=hv${i}/vif${i}1-rx.pcap \
- ofport-request=${i}1
-
- ovn-nbctl lsp-add ls1 lp${i}1
- ovn-nbctl lsp-set-addresses lp${i}1 f0:00:00:00:00:${i}1
- ovn-nbctl lsp-set-port-security lp${i}1 f0:00:00:00:00:${i}1
-
- OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp${i}1` = xup])
-done
-
-ovn-nbctl --wait=sb sync
-ovn-sbctl dump-flows
-
-OVN_POPULATE_ARP
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- echo hv${1%?}
-}
-#
-# test_packet INPORT DST SRC ETHTYPE EOUT LOUT DEFHV
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). INPORT is specified as
-# logical switch port numbers, e.g. 11 for vif11.
-#
-# EOUT is the end-to-end output port, that is, where the packet will end up
-# after possibly bouncing through one or more localnet ports. LOUT is the
-# logical output port, which might be a localnet port, as seen by ovn-trace
-# (which doesn't know what localnet ports are connected to and therefore can't
-# figure out the end-to-end answer).
-#
-# DEFHV is the default hypervisor from where the packet is going to be sent
-# if the source port is a localport.
-for i in 1 2; do
- for j in 0 1; do
- : > $i$j.expected
- done
-done
-test_packet() {
- local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6 defhv=$7
- echo "$@"
-
- # First try tracing the packet.
- uflow="inport==\"lp$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth"
- if test $lout != drop; then
- echo "output(\"$lout\");"
- fi > expout
- AT_CAPTURE_FILE([trace])
- AT_CHECK([ovn-trace --all ls1 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout])
-
- # Then actually send a packet, for an end-to-end test.
- local packet=$(echo $dst$src | sed 's/://g')${eth}
- hv=`vif_to_hv $inport`
- # If hypervisor 0 (localport) use the defhv parameter
- if test $hv = hv0; then
- hv=$defhv
- fi
- vif=vif$inport
- as $hv ovs-appctl netdev-dummy/receive $vif $packet
- if test $eout != drop; then
- echo $packet >> ${eout#lp}.expected
- fi
-}
-
-
-# lp11 and lp21 are on different hypervisors
-test_packet 11 f0:00:00:00:00:21 f0:00:00:00:00:11 1121 lp21 lp21
-test_packet 21 f0:00:00:00:00:11 f0:00:00:00:00:21 2111 lp11 lp11
-
-# Both VIFs should be able to reach the localport on their own HV
-test_packet 11 f0:00:00:00:00:01 f0:00:00:00:00:11 1101 lp01 lp01
-test_packet 21 f0:00:00:00:00:01 f0:00:00:00:00:21 2101 lp01 lp01
-
-# Packet sent from localport on same hv should reach the vif
-test_packet 01 f0:00:00:00:00:11 f0:00:00:00:00:01 0111 lp11 lp11 hv1
-test_packet 01 f0:00:00:00:00:21 f0:00:00:00:00:01 0121 lp21 lp21 hv2
-
-# Packet sent from localport on different hv should be dropped
-test_packet 01 f0:00:00:00:00:21 f0:00:00:00:00:01 0121 drop lp21 hv1
-test_packet 01 f0:00:00:00:00:11 f0:00:00:00:00:01 0111 drop lp11 hv2
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2; do
- for j in 0 1; do
- OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
- done
-done
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- 1 LR with HA distributed router gateway port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-
-# create gateways with external network connectivity
-
-for i in 1 2; do
- sim_add gw$i
- as gw$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
- ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-done
-
-ovn-nbctl ls-add inside
-ovn-nbctl ls-add outside
-
-# create hypervisors with a vif port each to an internal network
-
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.1$i
- ovs-vsctl -- add-port br-int hv$i-vif1 -- \
- set interface hv$i-vif1 external-ids:iface-id=inside$i \
- options:tx_pcap=hv$i/vif1-tx.pcap \
- options:rxq_pcap=hv$i/vif1-rx.pcap \
- ofport-request=1
-
- ovn-nbctl lsp-add inside inside$i \
- -- lsp-set-addresses inside$i "f0:00:00:01:22:$i 192.168.1.10$i"
-
-done
-
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-
-# Connect inside to R1
-ovn-nbctl lrp-add R1 inside 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add inside rp-inside -- set Logical_Switch_Port rp-inside \
- type=router options:router-port=inside \
- -- lsp-set-addresses rp-inside router
-
-# Connect outside to R1 as distributed router gateway port on gw1+gw2
-ovn-nbctl lrp-add R1 outside 00:00:02:01:02:04 192.168.0.101/24
-
-ovn-nbctl --id=@gc0 create Gateway_Chassis \
- name=outside_gw1 chassis_name=gw1 priority=20 -- \
- --id=@gc1 create Gateway_Chassis \
- name=outside_gw2 chassis_name=gw2 priority=10 -- \
- set Logical_Router_Port outside 'gateway_chassis=[@gc0,@gc1]'
-
-ovn-nbctl lsp-add outside rp-outside -- set Logical_Switch_Port rp-outside \
- type=router options:router-port=outside \
- -- lsp-set-addresses rp-outside router
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-ovn-nbctl --wait=hv --timeout=3 sync
-
-echo "---------NB dump-----"
-ovn-nbctl show
-echo "---------------------"
-ovn-nbctl list logical_router
-echo "---------------------"
-ovn-nbctl list logical_router_port
-echo "---------------------"
-
-echo "---------SB dump-----"
-ovn-sbctl list datapath_binding
-echo "---------------------"
-ovn-sbctl list port_binding
-echo "---------------------"
-ovn-sbctl dump-flows
-echo "---------------------"
-ovn-sbctl list chassis
-ovn-sbctl list encap
-echo "---------------------"
-echo "------ Gateway_Chassis dump (SBDB) -------"
-ovn-sbctl list Gateway_Chassis
-echo "------ Port_Binding chassisredirect -------"
-ovn-sbctl find Port_Binding type=chassisredirect
-echo "-------------------------------------------"
-
-# There should be one ha_chassis_group with the name "outside"
-ha_chassi_grp_name=`ovn-sbctl --bare --columns name find \
-ha_chassis_group name="outside"`
-
-AT_CHECK([test $ha_chassi_grp_name = outside])
-
-# There should be 2 ha_chassis rows in SB DB.
-AT_CHECK([ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | awk '{print $3}' \
-| grep '-' | wc -l ], [0], [2
-])
-
-ha_ch=`ovn-sbctl --bare --columns ha_chassis find ha_chassis_group`
-# Trim the spaces.
-ha_ch=`echo $ha_ch | sed 's/ //g'`
-
-ha_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list ha_chassis | sort`
-do
- ha_ch_list="$ha_ch_list $i"
-done
-
-# Trim the spaces.
-ha_ch_list=`echo $ha_ch_list | sed 's/ //g'`
-
-AT_CHECK([test "$ha_ch_list" = "$ha_ch"])
-
-for chassis in gw1 gw2 hv1 hv2; do
- as $chassis
- echo "------ $chassis dump ----------"
- ovs-ofctl show br-int
- ovs-ofctl dump-flows br-int
- echo "--------------------------"
-done
-bfd_dump() {
- for chassis in gw1 gw2 hv1 hv2; do
- as $chassis
- echo "------ $chassis dump (BFD)----"
- echo "BFD (from $chassis):"
- # dump BFD config and status to the other chassis
- for chassis2 in gw1 gw2 hv1 hv2; do
- if [[ "$chassis" != "$chassis2" ]]; then
- echo " -> $chassis2:"
- echo " $(ovs-vsctl --bare --columns bfd,bfd_status find Interface name=ovn-$chassis2-0)"
- fi
- done
- echo "--------------------------"
- done
-}
-
-bfd_dump
-
-hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw1-0)
-hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0)
-hv2_gw1_ofport=$(as hv2 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw1-0)
-hv2_gw2_ofport=$(as hv2 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0)
-
-echo $hv1_gw1_ofport
-echo $hv1_gw2_ofport
-echo $hv2_gw1_ofport
-echo $hv2_gw2_ofport
-
-echo "--- hv1 ---"
-as hv1 ovs-ofctl dump-flows br-int table=32
-
-echo "--- hv2 ---"
-as hv2 ovs-ofctl dump-flows br-int table=32
-
-gw1_chassis=$(ovn-sbctl --bare --columns=_uuid find Chassis name=gw1)
-gw2_chassis=$(ovn-sbctl --bare --columns=_uuid find Chassis name=gw2)
-
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv1_gw1_ofport,$hv1_gw2_ofport \
-| wc -l], [0], [1
-])
-
-OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv2_gw1_ofport,$hv2_gw2_ofport \
-| wc -l], [0], [1
-])
-
-# make sure that flows for handling the outside router port reside on gw1
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# make sure ARP responder flows for outside router port reside on gw1 too
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=9 | \
-grep arp_tpa=192.168.0.101 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=9 | grep arp_tpa=192.168.0.101 | wc -l], [0], [[0
-]])
-
-# check that the chassis redirect port has been claimed by the gw1 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw1_chassis | wc -l], [0],[[1
-]])
-
-hv1_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv1"`
-hv2_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv2"`
-
-exp_ref_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list chassis | sort`
-do
- if test $i = $hv1_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- elif test $i = $hv2_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- fi
-done
-
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-
-# at this point, we invert the priority of the gw chassis between gw1 and gw2
-
-ovn-nbctl --id=@gc0 create Gateway_Chassis \
- name=outside_gw1 chassis_name=gw1 priority=10 -- \
- --id=@gc1 create Gateway_Chassis \
- name=outside_gw2 chassis_name=gw2 priority=20 -- \
- set Logical_Router_Port outside 'gateway_chassis=[@gc0,@gc1]'
-
-
-# XXX: Let the change propagate down to the ovn-controllers
-ovn-nbctl --wait=hv --timeout=3 sync
-
-# we make sure that the hypervisors noticed, and inverted the slave ports
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv1_gw2_ofport,$hv1_gw1_ofport \
-| wc -l], [0], [1
-])
-
-OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv2_gw2_ofport,$hv2_gw1_ofport \
-| wc -l], [0], [1
-])
-
-# check that the chassis redirect port has been reclaimed by the gw2 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw2_chassis | wc -l], [0],[[1
-]])
-
-# check BFD enablement on tunnel ports from gw1 #########
-as gw1
-for chassis in gw2 hv1 hv2; do
- echo "checking gw1 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-
-
-# check BFD enablement on tunnel ports from gw2 ##########
-as gw2
-for chassis in gw1 hv1 hv2; do
- echo "checking gw2 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-
-# check BFD enablement on tunnel ports from hv1 ###########
-as hv1
-for chassis in gw1 gw2; do
- echo "checking hv1 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-# make sure BFD is not enabled to hv2, we don't need it
-AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv2-0],[0],
- [[
-]])
-
-
-# check BFD enablement on tunnel ports from hv2 ##########
-as hv2
-for chassis in gw1 gw2; do
- echo "checking hv2 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-# make sure BFD is not enabled to hv1, we don't need it
-AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv1-0],[0],
- [[
-]])
-
-# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# disconnect GW2 from the network, GW1 should take over
-as gw2
-port=${sandbox}_br-phys
-as main ovs-vsctl del-port n1 $port
-
-bfd_dump
-
-# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=25 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# check that the chassis redirect port has been reclaimed by the gw1 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw1_chassis | wc -l], [0],[[1
-]])
-
-ovn-nbctl --wait=hv set NB_Global . options:"bfd-min-rx"=2000
-as gw2
-for chassis in gw1 hv1 hv2; do
- echo "checking gw2 -> $chassis"
- OVS_WAIT_UNTIL([
- bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0)
- test "$bfd_cfg" = "enable=true min_rx=2000"
-])
-done
-ovn-nbctl --wait=hv set NB_Global . options:"bfd-min-tx"=1500
-for chassis in gw1 hv1 hv2; do
- echo "checking gw2 -> $chassis"
- OVS_WAIT_UNTIL([
- bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0)
- test "$bfd_cfg" = "enable=true min_rx=2000 min_tx=1500"
-])
-done
-ovn-nbctl remove NB_Global . options "bfd-min-rx"
-ovn-nbctl --wait=hv set NB_Global . options:"bfd-mult"=5
-for chassis in gw1 hv1 hv2; do
- echo "checking gw2 -> $chassis"
- OVS_WAIT_UNTIL([
- bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0)
- test "$bfd_cfg" = "enable=true min_tx=1500 mult=5"
-])
-done
-
-# Delete the inside1 vif. The ref_chassis in ha_chassis_group shouldn't have
-# reference to hv1.
-as hv1 ovs-vsctl del-port hv1-vif1
-
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$hv2_ch_uuid" = "$ref_ch_list"])
-
-# Delete the inside2 vif.
-ovn-sbctl show
-
-echo "Deleting hv2-vif1"
-as hv2 ovs-vsctl del-port hv2-vif1
-
-# ref_chassis of ha_chassis_group should be empty
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- exp_ref_ch_list=""
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# Delete the Gateway_Chassis for lrp - outside
-ovn-nbctl clear Logical_Router_Port outside gateway_chassis
-
-# There shoud be no ha_chassis_group rows in SB DB.
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis_group | wc -l`])
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis | wc -l`])
-
-ovn-nbctl remove NB_Global . options "bfd-min-rx"
-ovn-nbctl remove NB_Global . options "bfd-min-tx"
-ovn-nbctl remove NB_Global . options "bfd-mult"
-
-# Now test with HA chassis group instead of Gateway chassis in NB DB
-ovn-nbctl --wait=sb ha-chassis-group-add hagrp1
-
-ovn-nbctl list ha_chassis_group
-ovn-nbctl --bare --columns _uuid find ha_chassis_group name=hagrp1
-hagrp1_uuid=`ovn-nbctl --bare --columns _uuid find ha_chassis_group name=hagrp1`
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 gw1 30
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 gw2 20
-
-# ovn-northd should not create HA chassis group and HA chassis rows
-# unless the HA chassis group in OVN NB DB is associated to
-# a logical router port.
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl list ha_chassis | wc -l`])
-
-# Associate hagrp1 to outside logical router port
-ovn-nbctl set Logical_Router_Port outside ha_chassis_group=$hagrp1_uuid
-
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns _uuid \
-find ha_chassis_group | wc -l`])
-
-OVS_WAIT_UNTIL([test 2 = `ovn-sbctl list ha_chassis | grep chassis | \
-grep -v chassis-name | wc -l`])
-
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv1_gw1_ofport,$hv1_gw2_ofport \
-| wc -l], [0], [1
-])
-
-OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv2_gw1_ofport,$hv2_gw2_ofport \
-| wc -l], [0], [1
-])
-
-# make sure that flows for handling the outside router port reside on gw1
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# make sure ARP responder flows for outside router port reside on gw1 too
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=9 | \
-grep arp_tpa=192.168.0.101 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=9 | grep arp_tpa=192.168.0.101 | wc -l], [0], [[0
-]])
-
-# check that the chassis redirect port has been claimed by the gw1 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw1_chassis | wc -l], [0],[[1
-]])
-
-# Re add the ovs ports.
-for i in 1 2; do
- as hv$i
- ovs-vsctl -- add-port br-int hv$i-vif1 -- \
- set interface hv$i-vif1 external-ids:iface-id=inside$i \
- options:tx_pcap=hv$i/vif1-tx.pcap \
- options:rxq_pcap=hv$i/vif1-rx.pcap \
- ofport-request=1
-done
-
-hv1_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv1"`
-hv2_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv2"`
-
-exp_ref_ch_list=''
-for i in `ovn-sbctl --bare --columns _uuid list chassis | sort`
-do
- if test $i = $hv1_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- elif test $i = $hv2_ch_uuid; then
- exp_ref_ch_list="${exp_ref_ch_list}$i"
- fi
-done
-
-OVS_WAIT_UNTIL(
- [ref_ch_list=`ovn-sbctl --bare --columns ref_chassis find ha_chassis_group | sort`
- # Trim the spaces.
- ref_ch_list=`echo $ref_ch_list | sed 's/ //g'`
- test "$exp_ref_ch_list" = "$ref_ch_list"])
-
-# Increase the priority of gw2
-ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 gw2 40
-
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv1_gw2_ofport,$hv1_gw1_ofport \
-| wc -l], [0], [1
-])
-
-OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=32 | \
-grep active_backup | grep slaves:$hv2_gw2_ofport,$hv2_gw1_ofport \
-| wc -l], [0], [1
-])
-
-# check that the chassis redirect port has been reclaimed by the gw2 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw2_chassis | wc -l], [0],[[1
-]])
-
-# check BFD enablement on tunnel ports from gw1 #########
-as gw1
-for chassis in gw2 hv1 hv2; do
- echo "checking gw1 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-
-# check BFD enablement on tunnel ports from gw2 ##########
-as gw2
-for chassis in gw1 hv1 hv2; do
- echo "checking gw2 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-
-# check BFD enablement on tunnel ports from hv1 ###########
-as hv1
-for chassis in gw1 gw2; do
- echo "checking hv1 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-# make sure BFD is not enabled to hv2, we don't need it
-AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv2-0],[0],
- [[
-]])
-
-# check BFD enablement on tunnel ports from hv2 ##########
-as hv2
-for chassis in gw1 gw2; do
- echo "checking hv2 -> $chassis"
- AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-$chassis-0],[0],
- [[enable=true
-]])
-done
-# make sure BFD is not enabled to hv1, we don't need it
-AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv1-0],[0],
- [[
-]])
-
-# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# disconnect GW2 from the network, GW1 should take over
-as gw2
-port=${sandbox}_br-phys
-as main ovs-vsctl del-port n1 $port
-
-bfd_dump
-
-# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_UNTIL([as gw1 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[1
-]])
-OVS_WAIT_UNTIL([as gw2 ovs-ofctl dump-flows br-int table=24 | \
-grep 00:00:02:01:02:04 | wc -l], [0], [[0
-]])
-
-# check that the chassis redirect port has been reclaimed by the gw1 chassis
-OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
-logical_port=cr-outside | grep $gw1_chassis | wc -l], [0],[[1
-]])
-
-OVN_CLEANUP([gw1],[gw2],[hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- send gratuitous ARP for NAT rules on HA distributed router])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-ovn-nbctl ls-add ls0
-ovn-nbctl ls-add ls1
-ovn-nbctl create Logical_Router name=lr0
-ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:01 192.168.0.100/24
-
-ovn-nbctl --id=@gc0 create Gateway_Chassis \
- name=outside_gw1 chassis_name=hv2 priority=10 -- \
- --id=@gc1 create Gateway_Chassis \
- name=outside_gw2 chassis_name=hv3 priority=1 -- \
- set Logical_Router_Port lrp0 'gateway_chassis=[@gc0,@gc1]'
-
-ovn-nbctl lsp-add ls0 lrp0-rp -- set Logical_Switch_Port lrp0-rp \
- type=router options:router-port=lrp0 addresses="router"
-ovn-nbctl lrp-add lr0 lrp1 f0:00:00:00:00:02 10.0.0.1/24
-ovn-nbctl lsp-add ls1 lrp1-rp -- set Logical_Switch_Port lrp1-rp \
- type=router options:router-port=lrp1 addresses="router"
-
-# Add NAT rules
-AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 192.168.0.100 10.0.0.0/24])
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-AT_CHECK([ovs-vsctl add-port br-phys snoopvif -- set Interface snoopvif options:tx_pcap=hv1/snoopvif-tx.pcap options:rxq_pcap=hv1/snoopvif-rx.pcap])
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-AT_CHECK([as hv2 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-
-sim_add hv3
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-AT_CHECK([as hv3 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-phys])
-
-# Create a localnet port.
-AT_CHECK([ovn-nbctl lsp-add ls0 ln_port])
-AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
-AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
-AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
-
-# wait for earlier changes to take effect
-AT_CHECK([ovn-nbctl --timeout=3 --wait=hv sync], [0], [ignore])
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-as hv1 reset_pcap_file snoopvif hv1/snoopvif
-as hv2 reset_pcap_file br-phys_n1 hv2/br-phys_n1
-as hv3 reset_pcap_file br-phys_n1 hv3/br-phys_n1
-# add nat-addresses option
-ovn-nbctl --wait=hv lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="router"
-
-# Wait for packets to be received through hv2.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 100])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-only_broadcast_from_lrp1() {
- grep "fffffffffffff00000000001"
-}
-
-garp="fffffffffffff0000000000108060001080006040001f00000000001c0a80064000000000000c0a80064"
-echo $garp > expout
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv1_snoop_tx
-echo "packets on hv1-snoopvif:"
-cat hv1_snoop_tx
-AT_CHECK([sort hv1_snoop_tx], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv2_br_phys_tx
-echo "packets on hv2 br-phys tx"
-cat hv2_br_phys_tx
-AT_CHECK([grep $garp hv2_br_phys_tx | sort], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv3/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv3_br_phys_tx
-echo "packets on hv3 br-phys tx"
-cat hv3_br_phys_tx
-AT_CHECK([grep $garp hv3_br_phys_tx | sort], [0], [])
-
-
-# at this point, we invert the priority of the gw chassis between hv2 and hv3
-
-ovn-nbctl --wait=hv \
- --id=@gc0 create Gateway_Chassis \
- name=outside_gw1 chassis_name=hv2 priority=1 -- \
- --id=@gc1 create Gateway_Chassis \
- name=outside_gw2 chassis_name=hv3 priority=10 -- \
- set Logical_Router_Port lrp0 'gateway_chassis=[@gc0,@gc1]'
-
-
-as hv1 reset_pcap_file snoopvif hv1/snoopvif
-as hv2 reset_pcap_file br-phys_n1 hv2/br-phys_n1
-as hv3 reset_pcap_file br-phys_n1 hv3/br-phys_n1
-
-# Wait for packets to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 100])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv1_snoopvif_tx
-AT_CHECK([sort hv1_snoopvif_tx], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv3/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv3_br_phys_tx
-AT_CHECK([grep $garp hv3_br_phys_tx | sort], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv2_br_phys_tx
-AT_CHECK([grep $garp hv2_br_phys_tx | sort], [0], [])
-
-# change localnet port tag.
-AT_CHECK([ovn-nbctl set Logical_Switch_Port ln_port tag=2014])
-
-# wait for earlier changes to take effect
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=65 | \
-grep "actions=mod_vlan_vid:2014" | wc -l`
-])
-
-OVS_WAIT_UNTIL([test 1 = `as hv3 ovs-ofctl dump-flows br-int table=65 | \
-grep "actions=mod_vlan_vid:2014" | wc -l`
-])
-
-# update nat-addresses option
-ovn-nbctl --wait=hv clear logical_switch_port lrp0-rp options
-
-#Wait until the Port_Binding.nat_addresses is cleared.
-OVS_WAIT_UNTIL([test 0 = `ovn-sbctl --bare --columns nat_addresses find port_binding \
-logical_port=lrp0-rp | grep is_chassis | wc -l`])
-
-as hv1 reset_pcap_file snoopvif hv1/snoopvif
-as hv2 reset_pcap_file br-phys_n1 hv2/br-phys_n1
-as hv3 reset_pcap_file br-phys_n1 hv3/br-phys_n1
-
-ovn-nbctl --wait=hv lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="router"
-
-#Wait until the Port_Binding.nat_addresses is set.
-OVS_WAIT_UNTIL([test 1 = `ovn-sbctl --bare --columns nat_addresses find port_binding \
-logical_port=lrp0-rp | grep is_chassis | wc -l`])
-
-# Wait for packets to be received.
-OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 100])
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-garp="fffffffffffff00000000001810007de08060001080006040001f00000000001c0a80064000000000000c0a80064"
-echo $garp > expout
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv1_snoopvif_tx
-AT_CHECK([sort hv1_snoopvif_tx], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv3/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv3_br_phys_tx
-AT_CHECK([grep $garp hv3_br_phys_tx | sort], [0], [expout])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap | trim_zeros | only_broadcast_from_lrp1 | uniq > hv2_br_phys_tx
-AT_CHECK([grep $garp hv2_br_phys_tx | sort], [0], [])
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ensure one gw controller restart in HA doesn't bounce the master])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-
-# create two gateways with external network connectivity
-for i in 1 2; do
- sim_add gw$i
- as gw$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
- ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-done
-
-ovn-nbctl ls-add inside
-ovn-nbctl ls-add outside
-
-# create one hypervisors with a vif port the internal network
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.11
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=inside1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovn-nbctl lsp-add inside inside1 \
- -- lsp-set-addresses inside1 "f0:00:00:01:22:01 192.168.1.101"
-
-
-OVN_POPULATE_ARP
-
-ovn-nbctl create Logical_Router name=R1
-
-# Connect inside to R1
-ovn-nbctl lrp-add R1 inside 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add inside rp-inside -- set Logical_Switch_Port rp-inside \
- type=router options:router-port=inside \
- -- lsp-set-addresses rp-inside router
-
-# Connect outside to R1 as distributed router gateway port on gw1+gw2
-ovn-nbctl lrp-add R1 outside 00:00:02:01:02:04 192.168.0.101/24
-
-ovn-nbctl --id=@gc0 create Gateway_Chassis \
- name=outside_gw1 chassis_name=gw1 priority=20 -- \
- --id=@gc1 create Gateway_Chassis \
- name=outside_gw2 chassis_name=gw2 priority=10 -- \
- set Logical_Router_Port outside 'gateway_chassis=[@gc0,@gc1]'
-
-ovn-nbctl lsp-add outside rp-outside -- set Logical_Switch_Port rp-outside \
- type=router options:router-port=outside \
- -- lsp-set-addresses rp-outside router
-
-# Create localnet port in outside
-ovn-nbctl lsp-add outside ln-outside
-ovn-nbctl lsp-set-addresses ln-outside unknown
-ovn-nbctl lsp-set-type ln-outside localnet
-ovn-nbctl lsp-set-options ln-outside network_name=phys
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-ovn-nbctl --wait=hv --timeout=3 sync
-
-# currently when ovn-controller is restarted, the old entry is deleted
-# and a new one is created, which leaves the Gateway_Chassis with
-# an empty chassis for a while. NOTE: restarting ovn-controller in tests
-# doesn't have the same effect because "name" is conserved, and the
-# Chassis entry is not replaced.
-
-> gw1/ovn-controller.log
-
-gw2_chassis=$(ovn-sbctl --bare --columns=_uuid find Chassis name=gw2)
-ovn-sbctl destroy Chassis $gw2_chassis
-
-OVS_WAIT_UNTIL([test 0 = `grep -c "Releasing lport" gw1/ovn-controller.log`])
-
-OVN_CLEANUP([gw1],[gw2],[hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- IPv6 Neighbor Solicitation for unknown MAC])
-AT_KEYWORDS([ovn-nd_ns for unknown mac])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add sw0_ip6
-ovn-nbctl lsp-add sw0_ip6 sw0_ip6-port1
-ovn-nbctl lsp-set-addresses sw0_ip6-port1 \
-"50:64:00:00:00:02 aef0::5264:00ff:fe00:0002"
-
-ovn-nbctl lsp-set-port-security sw0_ip6-port1 \
-"50:64:00:00:00:02 aef0::5264:00ff:fe00:0002"
-
-ovn-nbctl lr-add lr0_ip6
-ovn-nbctl lrp-add lr0_ip6 lrp0_ip6 00:00:00:00:af:01 aef0:0:0:0:0:0:0:0/64
-ovn-nbctl lsp-add sw0_ip6 lrp0_ip6-attachment
-ovn-nbctl lsp-set-type lrp0_ip6-attachment router
-ovn-nbctl lsp-set-addresses lrp0_ip6-attachment router
-ovn-nbctl lsp-set-options lrp0_ip6-attachment router-port=lrp0_ip6
-ovn-nbctl set logical_router_port lrp0_ip6 ipv6_ra_configs:address_mode=slaac
-
-ovn-nbctl ls-add public
-ovn-nbctl lsp-add public ln-public
-ovn-nbctl lsp-set-addresses ln-public unknown
-ovn-nbctl lsp-set-type ln-public localnet
-ovn-nbctl lsp-set-options ln-public network_name=phys
-
-ovn-nbctl lrp-add lr0_ip6 ip6_public 00:00:02:01:02:04 \
-2001:db8:1:0:200:02ff:fe01:0204/64 \
--- set Logical_Router_port ip6_public options:redirect-chassis="hv1"
-
-#install static route
-ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
-ip_prefix="\:\:/0" nexthop="2001\:db8\:1\:0\:200\:02ff\:fe01\:1305" \
--- add Logical_Router lr0_ip6 static_routes @lrt
-
-ovn-nbctl lsp-add public rp-ip6_public -- set Logical_Switch_Port \
-rp-ip6_public type=router options:router-port=ip6_public \
--- lsp-set-addresses rp-ip6_public router
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw0_ip6-port1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw0_ip6-port1` = xup])
-
-# There should be 2 Neighbor Advertisement flows for the router port
-# aef0:: ip address in logical switch pipeline with action nd_na_router.
-AT_CHECK([ovn-sbctl dump-flows sw0_ip6 | grep ls_in_arp_rsp | \
-grep "nd_na_router" | wc -l], [0], [2
-])
-
-# There should be 4 Neighbor Advertisement flows with action nd_na_router
-# in the router pipeline for the router lr0_ip6.
-AT_CHECK([ovn-sbctl dump-flows lr0_ip6 | grep nd_na_router | \
-wc -l], [0], [4
-])
-
-cr_uuid=`ovn-sbctl find port_binding logical_port=cr-ip6_public | grep _uuid | cut -f2 -d ":"`
-
-# There is only one chassis.
-chassis_uuid=`ovn-sbctl list chassis | grep _uuid | cut -f2 -d ":"`
-OVS_WAIT_UNTIL([test $chassis_uuid = `ovn-sbctl get port_binding $cr_uuid chassis`])
-
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-# Test the IPv6 Neighbor Solicitation (NS) - nd_ns action for unknown MAC
-# addresses. ovn-controller should generate an IPv6 NS request for IPv6
-# packets whose MAC is unknown (in the ARP_REQUEST router pipeline stage.
-# test_ipv6 INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-# This function sends ipv6 packet
-test_ipv6() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local dst_mcast_mac=$6 mcast_node_ip=$7 nd_target=$8
-
- local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}
- packet=${packet}8000000000000000
-
- src_mac=000002010204
- expected_packet=${dst_mcast_mac}${src_mac}86dd6000000000203aff${src_ip}
- expected_packet=${expected_packet}${mcast_node_ip}8700XXXX00000000
- expected_packet=${expected_packet}${nd_target}0101${src_mac}
-
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif${inport} $packet
- rm -f ipv6_ns.expected
- echo $expected_packet >> ipv6_ns.expected
-}
-
-src_mac=506400000002
-dst_mac=00000000af01
-src_ip=aef0000000000000526400fffe000002
-dst_ip=20010db800010000020002fffe010205
-dst_mcast_mac=3333ff010205
-mcast_node_ip=ff0200000000000000000001ff010205
-nd_target=20010db800010000020002fffe010205
-# Send an IPv6 packet. Generated IPv6 Neighbor solicitation packet
-# should be received by the ports attached to br-phys.
-test_ipv6 1 $src_mac $dst_mac $src_ip $dst_ip $dst_mcast_mac \
-$mcast_node_ip $nd_target
-
-OVS_WAIT_WHILE([test 24 = $(wc -c hv1/br-phys_n1-tx.pcap | cut -d " " -f1)])
-OVS_WAIT_WHILE([test 24 = $(wc -c hv1/br-phys-tx.pcap | cut -d " " -f1)])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap | \
-trim_zeros > 1.packets
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys-tx.pcap | \
-trim_zeros > 2.packets
-
-cat ipv6_ns.expected | cut -c -112 > expout
-AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
-AT_CHECK([cat 2.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum
-cat ipv6_ns.expected | cut -c 117- > expout
-AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
-AT_CHECK([cat 2.packets | cut -c 117-], [0], [expout])
-
-# Now send a packet with destination ip other than
-# 2001:db8:1:0:200:02ff:fe01:0204/64 prefix.
-reset_pcap_file br-phys_n1 hv1/br-phys_n1
-reset_pcap_file br-phys hv1/br-phys
-
-src_mac=506400000002
-dst_mac=00000000af01
-src_ip=aef0000000000000526400fffe000002
-dst_ip=20020ab8000100000200020000020306
-# multicast mac of the nexthop IP - 2001:db8:1:0:200:02ff:fe01:1305
-dst_mcast_mac=3333ff011305
-mcast_node_ip=ff0200000000000000000001ff011305
-nd_target=20010db800010000020002fffe011305
-test_ipv6 1 $src_mac $dst_mac $src_ip $dst_ip $dst_mcast_mac \
-$mcast_node_ip $nd_target
-
-OVS_WAIT_WHILE([test 24 = $(wc -c hv1/br-phys_n1-tx.pcap | cut -d " " -f1)])
-OVS_WAIT_WHILE([test 24 = $(wc -c hv1/br-phys-tx.pcap | cut -d " " -f1)])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap | \
-trim_zeros > 1.packets
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys-tx.pcap | \
-trim_zeros > 2.packets
-
-cat ipv6_ns.expected | cut -c -112 > expout
-AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
-AT_CHECK([cat 2.packets | cut -c -112], [0], [expout])
-
-# Skipping the ICMPv6 checksum
-cat ipv6_ns.expected | cut -c 117- > expout
-AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
-AT_CHECK([cat 2.packets | cut -c 117-], [0], [expout])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- options:requested-chassis for logical port])
-ovn_start
-
-net_add n1
-
-ovn-nbctl ls-add ls0
-ovn-nbctl lsp-add ls0 lsp0
-
-# create two hypervisors, each with one vif port
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.11
-ovs-vsctl -- add-port br-int hv1-vif0 -- \
-set Interface hv1-vif0 ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.12
-ovs-vsctl -- add-port br-int hv2-vif0 -- \
-set Interface hv2-vif0 ofport-request=1
-
-# Allow only chassis hv1 to bind logical port lsp0.
-ovn-nbctl lsp-set-options lsp0 requested-chassis=hv1
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-ovn-nbctl --wait=hv --timeout=3 sync
-
-# Retrieve hv1 and hv2 chassis UUIDs from southbound database
-ovn-sbctl wait-until chassis hv1
-ovn-sbctl wait-until chassis hv2
-hv1_uuid=$(ovn-sbctl --bare --columns _uuid find chassis name=hv1)
-hv2_uuid=$(ovn-sbctl --bare --columns _uuid find chassis name=hv2)
-
-# (1) Chassis hv2 should not bind lsp0 when requested-chassis is hv1.
-echo "verifying that hv2 does not bind lsp0 when hv2 physical/logical mapping is added"
-as hv2
-ovs-vsctl set interface hv2-vif0 external-ids:iface-id=lsp0
-
-OVS_WAIT_UNTIL([test 1 = $(grep -c "Not claiming lport lsp0" hv2/ovn-controller.log)])
-AT_CHECK([test x$(ovn-sbctl --bare --columns chassis find port_binding logical_port=lsp0) = x], [0], [])
-
-# (2) Chassis hv2 should not add flows in OFTABLE_PHY_TO_LOG and OFTABLE_LOG_TO_PHY tables.
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [1], [])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=65 | grep output], [1], [])
-
-# (3) Chassis hv1 should bind lsp0 when physical to logical mapping exists on hv1.
-echo "verifying that hv1 binds lsp0 when hv1 physical/logical mapping is added"
-as hv1
-ovs-vsctl set interface hv1-vif0 external-ids:iface-id=lsp0
-
-OVS_WAIT_UNTIL([test 1 = $(grep -c "Claiming lport lsp0" hv1/ovn-controller.log)])
-AT_CHECK([test x$(ovn-sbctl --bare --columns chassis find port_binding logical_port=lsp0) = x"$hv1_uuid"], [0], [])
-
-# (4) Chassis hv1 should add flows in OFTABLE_PHY_TO_LOG and OFTABLE_LOG_TO_PHY tables.
-as hv1 ovs-ofctl dump-flows br-int
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [0], [ignore])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep actions=output:1], [0], [ignore])
-
-# (5) Chassis hv1 should release lsp0 binding and chassis hv2 should bind lsp0 when
-# the requested chassis for lsp0 is changed from hv1 to hv2.
-echo "verifying that lsp0 binding moves when requested-chassis is changed"
-
-ovn-nbctl lsp-set-options lsp0 requested-chassis=hv2
-OVS_WAIT_UNTIL([test 1 = $(grep -c "Releasing lport lsp0 from this chassis" hv1/ovn-controller.log)])
-OVS_WAIT_UNTIL([test x$(ovn-sbctl --bare --columns chassis find port_binding logical_port=lsp0) = x"$hv2_uuid"])
-
-# (6) Chassis hv2 should add flows and hv1 should not.
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [0], [ignore])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=65 | grep actions=output:1], [0], [ignore])
-
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [1], [])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep output], [1], [])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- options:requested-chassis with hostname])
-
-ovn_start
-
-ovn-nbctl ls-add ls0
-ovn-nbctl lsp-add ls0 lsp0
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.11
-ovs-vsctl -- add-port br-int hv1-vif0 -- set Interface hv1-vif0 ofport-request=1
-
-ovn-sbctl wait-until chassis hv1
-hv1_hostname=$(ovn-sbctl --bare --columns hostname find Chassis name=hv1)
-echo "hv1_hostname=${hv1_hostname}"
-ovn-nbctl --wait=hv --timeout=3 lsp-set-options lsp0 requested-chassis=${hv1_hostname}
-as hv1 ovs-vsctl set interface hv1-vif0 external-ids:iface-id=lsp0
-
-hv1_uuid=$(ovn-sbctl --bare --columns _uuid find Chassis name=hv1)
-echo "hv1_uuid=${hv1_uuid}"
-OVS_WAIT_UNTIL([test 1 = $(grep -c "Claiming lport lsp0" hv1/ovn-controller.log)])
-AT_CHECK([test x$(ovn-sbctl --bare --columns chassis find port_binding logical_port=lsp0) = x"$hv1_uuid"], [0], [])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [0], [ignore])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep actions=output:1], [0], [ignore])
-
-ovn-nbctl --wait=hv --timeout=3 lsp-set-options lsp0 requested-chassis=non-existant-chassis
-OVS_WAIT_UNTIL([test 1 = $(grep -c "Releasing lport lsp0 from this chassis" hv1/ovn-controller.log)])
-ovn-nbctl --wait=hv --timeout=3 sync
-AT_CHECK([test x$(ovn-sbctl --bare --columns chassis find port_binding logical_port=lsp0) = x], [0], [])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [1], [])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep output], [1], [])
-
-OVN_CLEANUP([hv1])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- IPv6 periodic RA])
-ovn_start
-
-# This test sets up two hypervisors.
-# hv1 and hv2 run ovn-controllers, and
-# each has a VIF connected to the same
-# logical switch in OVN. The logical
-# switch is connected to a logical
-# router port that is configured to send
-# periodic router advertisements.
-#
-# The reason for having two ovn-controller
-# hypervisors is to ensure that the
-# periodic RAs being sent by each ovn-controller
-# are kept to their local hypervisors. If the
-# packets are not kept local, then each port
-# will receive too many RAs.
-
-net_add n1
-sim_add hv1
-sim_add hv2
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-
-ovn-nbctl lr-add ro
-ovn-nbctl lrp-add ro ro-sw 00:00:00:00:00:01 aef0:0:0:0:0:0:0:1/64
-
-ovn-nbctl ls-add sw
-ovn-nbctl lsp-add sw sw-ro
-ovn-nbctl lsp-set-type sw-ro router
-ovn-nbctl lsp-set-options sw-ro router-port=ro-sw
-ovn-nbctl lsp-set-addresses sw-ro 00:00:00:00:00:01
-ovn-nbctl lsp-add sw sw-p1
-ovn-nbctl lsp-set-addresses sw-p1 "00:00:00:00:00:02 aef0::200:ff:fe00:2"
-ovn-nbctl lsp-add sw sw-p2
-ovn-nbctl lsp-set-addresses sw-p2 "00:00:00:00:00:03 aef0::200:ff:fe00:3"
-
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:send_periodic=true
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:address_mode=slaac
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:max_interval=4
-ovn-nbctl set Logical_Router_Port ro-sw ipv6_ra_configs:min_interval=3
-
-for i in 1 2 ; do
- as hv$i
- ovs-vsctl -- add-port br-int hv$i-vif1 -- \
- set interface hv$i-vif1 external-ids:iface-id=sw-p$i \
- options:tx_pcap=hv$i/vif1-tx.pcap \
- options:rxq_pcap=hv$i/vif1-rx.pcap \
- ofport-request=1
-done
-
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw-p1` = xup])
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up sw-p2` = xup])
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-
-}
-
-construct_expected_ra() {
- local src_mac=000000000001
- local dst_mac=333300000001
- local src_addr=fe80000000000000020000fffe000001
- local dst_addr=ff020000000000000000000000000001
-
- local mtu=$1
- local ra_mo=$2
- local ra_prefix_la=$3
-
- local slla=0101${src_mac}
- local mtu_opt=""
- if test $mtu != 0; then
- mtu_opt=05010000${mtu}
- fi
- shift 3
-
- local prefix=""
- while [[ $# -gt 0 ]] ; do
- local size=$1
- local net=$2
- prefix=${prefix}0304${size}${ra_prefix_la}ffffffffffffffff00000000${net}
- shift 2
- done
-
- local ra=ff${ra_mo}ffff0000000000000000${slla}${mtu_opt}${prefix}
- local icmp=8600XXXX${ra}
-
- local ip_len=$(expr ${#icmp} / 2)
- ip_len=$(echo "$ip_len" | awk '{printf "%0.4x\n", $0}')
-
- local ip=60000000${ip_len}3aff${src_addr}${dst_addr}${icmp}
- local eth=${dst_mac}${src_mac}86dd${ip}
- local packet=${eth}
- echo $packet >> expected
-}
-
-ra_test() {
- construct_expected_ra $@
-
- for i in hv1 hv2 ; do
- OVS_WAIT_WHILE([test 24 = $(wc -c $i/vif1-tx.pcap | cut -d " " -f1)])
-
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $i/vif1-tx.pcap > packets
-
- cat expected | cut -c -112 > expout
- AT_CHECK([cat packets | cut -c -112], [0], [expout])
-
- # Skip ICMPv6 checksum.
- cat expected | cut -c 117- > expout
- AT_CHECK([cat packets | cut -c 117-], [0], [expout])
-
- rm -f packets
- as $i reset_pcap_file $i-vif1 $i/vif1
- done
-
- rm -f expected
-}
-
-# Baseline test with no MTU
-ra_test 0 00 c0 40 aef00000000000000000000000000000
-
-# Now make sure an MTU option makes it
-ovn-nbctl --wait=hv set Logical_Router_Port ro-sw ipv6_ra_configs:mtu=1500
-ra_test 000005dc 00 c0 40 aef00000000000000000000000000000
-
-# Now test for multiple network prefixes
-ovn-nbctl --wait=hv set Logical_Router_port ro-sw networks='aef0\:\:1/64 fd0f\:\:1/48'
-ra_test 000005dc 00 c0 40 aef00000000000000000000000000000 30 fd0f0000000000000000000000000000
-
-# Test a different address mode now
-ovn-nbctl --wait=hv set Logical_Router_Port ro-sw ipv6_ra_configs:address_mode=dhcpv6_stateful
-ra_test 000005dc 80 80 40 aef00000000000000000000000000000 30 fd0f0000000000000000000000000000
-
-# And the other address mode
-ovn-nbctl --wait=hv set Logical_Router_Port ro-sw ipv6_ra_configs:address_mode=dhcpv6_stateless
-ra_test 000005dc 40 c0 40 aef00000000000000000000000000000 30 fd0f0000000000000000000000000000
-
-OVN_CLEANUP([hv1],[hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ACL reject rule test])
-AT_KEYWORDS([acl-reject])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# test_ip_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_DST IP_CHKSUM EXP_IP_CHKSUM EXP_ICMP_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv4 packet with
-# ETH_SRC, ETH_DST, IPV4_SRC, IPV4_DST, IP_CHKSUM as specified.
-# EXP_IP_CHKSUM and EXP_ICMP_CHKSUM are the ip and icmp checksums of the icmp destination
-# unreachable frame generated from ACL rule hit
-#
-# INPORT is a lport number, e.g. 11 for vif11.
-# HV is a hypervisor number
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC and IPV4_DST are each 8 hex digits.
-# IP_CHKSUM, EXP_IP_CHSUM and EXP_ICMP_CHKSUM are each 4 hex digits
-test_ip_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ipv4_dst=$6 ip_chksum=$7
- local exp_ip_chksum=$8 exp_icmp_chksum=$9
- shift 9
-
- local ip_ttl=ff
- local packet=${eth_dst}${eth_src}08004500001400004000${ip_ttl}01${ip_chksum}${ipv4_src}${ipv4_dst}
-
- local reply_icmp_ttl=ff
- local icmp_type_code_response=0301
- local icmp_data=00000000
- local reply_icmp_payload=${icmp_type_code_response}${exp_icmp_chksum}${icmp_data}
- local reply=${eth_src}${eth_dst}08004500001c00004000${reply_icmp_ttl}01${exp_ip_chksum}${ipv4_dst}${ipv4_src}${reply_icmp_payload}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_ipv6_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_DST EXP_ICMP_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv6 packet with
-# ETH_SRC, ETH_DST, IPV6_SRC, IPV6_DST as specified.
-# EXP_ICMP_CHKSUM is the icmp6 checksums of the icmp6 destination unreachable frame generated from ACL rule hit
-test_ipv6_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 exp_icmp_chksum=$7
- shift 7
-
- local ip6_hdr=6000000000083aff${ipv6_src}${ipv6_dst}
- local packet=${eth_dst}${eth_src}86dd${ip6_hdr}0000000000000000
-
- local reply=${eth_src}${eth_dst}86dd6000000000303aff${ipv6_dst}${ipv6_src}0101${exp_icmp_chksum}00000000${ip6_hdr}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_tcp_syn_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_DST IP_CHKSUM TCP_SPORT TCP_DPORT TCP_CHKSUM EXP_IP_CHKSUM EXP_TCP_RST_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an TCP syn segment with
-# ETH_SRC, ETH_DST, IPV4_SRC, IPV4_DST, IP_CHKSUM, TCP_SPORT, TCP_DPORT, TCP_CHKSUM as specified.
-# EXP_IP_CHKSUM and EXP_TCP_RST_CHKSUM are the ip and tcp checksums of the tcp reset segment generated from ACL rule hit
-#
-# INPORT is an lport number, e.g. 11 for vif11.
-# HV is an hypervisor number
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC and IPV4_DST are each 8 hex digits.
-# TCP_SPORT and TCP_DPORT are 4 hex digits.
-# IP_CHKSUM, TCP_CHKSUM, EXP_IP_CHSUM and EXP_TCP_RST_CHKSUM are each 4 hex digits
-test_tcp_syn_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ipv4_dst=$6 ip_chksum=$7
- local tcp_sport=$8 tcp_dport=$9 tcp_chksum=${10}
- local exp_ip_chksum=${11} exp_tcp_rst_chksum=${12}
- shift 12
-
- local ip_ttl=ff
- local packet=${eth_dst}${eth_src}08004500002800004000${ip_ttl}06${ip_chksum}${ipv4_src}${ipv4_dst}${tcp_sport}${tcp_dport}000000010000000050027210${tcp_chksum}0000
-
- local tcp_rst_ttl=ff
- local reply=${eth_src}${eth_dst}08004500002800004000${tcp_rst_ttl}06${exp_ip_chksum}${ipv4_dst}${ipv4_src}${tcp_dport}${tcp_sport}000000000000000150040000${exp_tcp_rst_chksum}0000
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# Create hypervisors hv[123].
-# Add vif1[123] to hv1, vif2[123] to hv2, vif3[123] to hv3.
-# Add all of the vifs to a single logical switch sw0.
-
-net_add n1
-ovn-nbctl ls-add sw0
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2 3; do
- ovn-nbctl lsp-add sw0 sw0-p$i$j -- \
- lsp-set-addresses sw0-p$i$j "00:00:00:00:00:$i$j 192.168.1.$i$j"
-
- ovs-vsctl -- add-port br-int vif$i$j -- \
- set interface vif$i$j \
- external-ids:iface-id=sw0-p$i$j \
- options:tx_pcap=hv$i/vif$i$j-tx.pcap \
- options:rxq_pcap=hv$i/vif$i$j-rx.pcap \
- ofport-request=$i$j
- done
-done
-
-OVN_POPULATE_ARP
-# allow some time for ovn-northd and ovn-controller to catch up.
-sleep 1
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-for i in 1 2 3; do
- : > vif${i}1.expected
-done
-
-ovn-nbctl --log acl-add sw0 to-lport 1000 "outport == \"sw0-p12\"" reject
-ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p11\"" reject
-ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p21\"" reject
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-ovn-nbctl --timeout=3 --wait=hv sync
-
-test_ip_packet 11 1 000000000011 000000000021 $(ip_to_hex 192 168 1 11) $(ip_to_hex 192 168 1 21) 0000 7d8d fcfe
-test_ip_packet 21 2 000000000021 000000000011 $(ip_to_hex 192 168 1 21) $(ip_to_hex 192 168 1 11) 0000 7d8d fcfe
-test_ip_packet 31 3 000000000031 000000000012 $(ip_to_hex 192 168 1 31) $(ip_to_hex 192 168 1 12) 0000 7d82 fcfe
-
-test_ipv6_packet 11 1 000000000011 000000000021 fe80000000000000020001fffe000001 fe80000000000000020001fffe000002 6183
-
-test_tcp_syn_packet 11 1 000000000011 000000000021 $(ip_to_hex 192 168 1 11) $(ip_to_hex 192 168 1 21) 0000 8b40 3039 0000 7d8d 4486
-test_tcp_syn_packet 21 2 000000000021 000000000011 $(ip_to_hex 192 168 1 21) $(ip_to_hex 192 168 1 11) 0000 8b40 3039 0000 7d8d 4486
-test_tcp_syn_packet 31 3 000000000031 000000000012 $(ip_to_hex 192 168 1 31) $(ip_to_hex 192 168 1 12) 0000 8b40 3039 0000 7d82 4486
-
-for i in 1 2 3; do
- OVN_CHECK_PACKETS([hv$i/vif${i}1-tx.pcap], [vif${i}1.expected])
-done
-
-OVN_CLEANUP([hv1], [hv2], [hv3])
-AT_CLEANUP
-
-AT_SETUP([ovn -- Port Groups])
-AT_KEYWORDS([ovnpg])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-#
-# Three logical switches ls1, ls2, ls3.
-# One logical router lr0 connected to ls[123],
-# with nine subnets, three per logical switch:
-#
-# lrp11 on ls1 for subnet 192.168.11.0/24
-# lrp12 on ls1 for subnet 192.168.12.0/24
-# lrp13 on ls1 for subnet 192.168.13.0/24
-# ...
-# lrp33 on ls3 for subnet 192.168.33.0/24
-#
-# 27 VIFs, 9 per LS, 3 per subnet: lp[123][123][123], where the first two
-# digits are the subnet and the last digit distinguishes the VIF.
-#
-# This test will create two port groups and uses them in ACL.
-
-get_lsp_uuid () {
- ovn-nbctl lsp-list ls${1%??} | grep lp$1 | awk '{ print $1 }'
-}
-
-pg1_ports=
-pg2_ports=
-for i in 1 2 3; do
- ovn-nbctl ls-add ls$i
- for j in 1 2 3; do
- for k in 1 2 3; do
- ovn-nbctl \
- -- lsp-add ls$i lp$i$j$k \
- -- lsp-set-addresses lp$i$j$k \
- "f0:00:00:00:0$i:$j$k 192.168.$i$j.$k"
- # logical ports lp[12]?1 belongs to port group pg1
- if test $i != 3 && test $k == 1; then
- pg1_ports="$pg1_ports `get_lsp_uuid $i$j$k`"
- fi
- # logical ports lp[23]?2 belongs to port group pg2
- if test $i != 1 && test $k == 2; then
- pg2_ports="$pg2_ports `get_lsp_uuid $i$j$k`"
- fi
- done
- done
-done
-
-ovn-nbctl lr-add lr0
-for i in 1 2 3; do
- for j in 1 2 3; do
- ovn-nbctl lrp-add lr0 lrp$i$j 00:00:00:00:ff:$i$j 192.168.$i$j.254/24
- ovn-nbctl \
- -- lsp-add ls$i lrp$i$j-attachment \
- -- set Logical_Switch_Port lrp$i$j-attachment type=router \
- options:router-port=lrp$i$j \
- addresses='"00:00:00:00:ff:'$i$j'"'
- done
-done
-
-ovn-nbctl create Port_Group name=pg1 ports="$pg1_ports"
-ovn-nbctl create Port_Group name=pg2 ports="$pg2_ports"
-
-# create ACLs on all lswitches to drop traffic from pg2 to pg1
-ovn-nbctl acl-add ls1 to-lport 1001 'outport == @pg1 && ip4.src == $pg2_ip4' drop
-ovn-nbctl acl-add ls2 to-lport 1001 'outport == @pg1 && ip4.src == $pg2_ip4' drop
-ovn-nbctl acl-add ls3 to-lport 1001 'outport == @pg1 && ip4.src == $pg2_ip4' drop
-
-# Physical network:
-#
-# Three hypervisors hv[123].
-# lp?1[123] spread across hv[123]: lp?11 on hv1, lp?12 on hv2, lp?13 on hv3.
-# lp?2[123] spread across hv[23]: lp?21 and lp?22 on hv2, lp?23 on hv3.
-# lp?3[123] all on hv3.
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- case $1 in dnl (
- ?11) echo 1 ;; dnl (
- ?12 | ?21 | ?22) echo 2 ;; dnl (
- ?13 | ?23 | ?3?) echo 3 ;;
- esac
-}
-
-# Given the name of a logical port, prints the name of its logical router
-# port, e.g. "vif_to_lrp 123" yields 12.
-vif_to_lrp() {
- echo ${1%?}
-}
-
-# Given the name of a logical port, prints the name of its logical
-# switch, e.g. "vif_to_ls 123" yields 1.
-vif_to_ls() {
- echo ${1%??}
-}
-
-net_add n1
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-done
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- hv=`vif_to_hv $i$j$k`
- as hv$hv ovs-vsctl \
- -- add-port br-int vif$i$j$k \
- -- set Interface vif$i$j$k \
- external-ids:iface-id=lp$i$j$k \
- options:tx_pcap=hv$hv/vif$i$j$k-tx.pcap \
- options:rxq_pcap=hv$hv/vif$i$j$k-rx.pcap \
- ofport-request=$i$j$k
- done
- done
-done
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-#
-# This shell function causes a packet to be received on INPORT. The packet's
-# content has Ethernet destination DST and source SRC (each exactly 12 hex
-# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
-# more) list the VIFs on which the packet should be received. INPORT and the
-# OUTPORTs are specified as logical switch port numbers, e.g. 123 for vif123.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- : > $i$j$k.expected
- done
- done
-done
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- in_ls=`vif_to_ls $inport`
- in_lrp=`vif_to_lrp $inport`
- for outport; do
- out_ls=`vif_to_ls $outport`
- if test $in_ls = $out_ls; then
- # Ports on the same logical switch receive exactly the same packet.
- echo $packet
- else
- # Routing decrements TTL and updates source and dest MAC
- # (and checksum).
- out_lrp=`vif_to_lrp $outport`
- echo f00000000${outport}00000000ff${out_lrp}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
- fi >> $outport.expected
- done
-}
-
-as hv1 ovs-vsctl --columns=name,ofport list interface
-as hv1 ovn-sbctl list port_binding
-as hv1 ovn-sbctl list datapath_binding
-as hv1 ovn-sbctl list port_group
-as hv1 ovn-sbctl list address_set
-as hv1 ovn-sbctl dump-flows
-as hv1 ovs-ofctl dump-flows br-int
-
-# Send IP packets between all pairs of source and destination ports,
-# packets matches ACL (pg2 to pg1) should be dropped
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-for is in 1 2 3; do
- for js in 1 2 3; do
- for ks in 1 2 3; do
- bcast=
- s=$is$js$ks
- smac=f00000000$s
- sip=`ip_to_hex 192 168 $is$js $ks`
- for id in 1 2 3; do
- for jd in 1 2 3; do
- for kd in 1 2 3; do
- d=$id$jd$kd
- dip=`ip_to_hex 192 168 $id$jd $kd`
- if test $is = $id; then dmac=f00000000$d; else dmac=00000000ff$is$js; fi
- if test $d != $s; then unicast=$d; else unicast=; fi
-
- # packets matches ACL should be dropped
- if test $id != 3 && test $kd == 1; then
- if test $is != 1 && test $ks == 2; then
- unicast=
- fi
- fi
- test_ip $s $smac $dmac $sip $dip $unicast #1
- done
- done
- done
- done
- done
-done
-
-# Allow some time for packet forwarding.
-# XXX This can be improved.
-sleep 1
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- OVN_CHECK_PACKETS([hv`vif_to_hv $i$j$k`/vif$i$j$k-tx.pcap],
- [$i$j$k.expected])
- done
- done
-done
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1], [hv2], [hv3])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ACLs on Port Groups])
-AT_KEYWORDS([ovnpg_acl])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-#
-# Three logical switches ls1, ls2, ls3.
-# One logical router lr0 connected to ls[123],
-# with nine subnets, three per logical switch:
-#
-# lrp11 on ls1 for subnet 192.168.11.0/24
-# lrp12 on ls1 for subnet 192.168.12.0/24
-# lrp13 on ls1 for subnet 192.168.13.0/24
-# ...
-# lrp33 on ls3 for subnet 192.168.33.0/24
-#
-# 27 VIFs, 9 per LS, 3 per subnet: lp[123][123][123], where the first two
-# digits are the subnet and the last digit distinguishes the VIF.
-#
-# This test will create two port groups and ACLs will be applied on them.
-
-get_lsp_uuid () {
- ovn-nbctl lsp-list ls${1%??} | grep lp$1 | awk '{ print $1 }'
-}
-
-pg1_ports=
-pg2_ports=
-for i in 1 2 3; do
- ovn-nbctl ls-add ls$i
- for j in 1 2 3; do
- for k in 1 2 3; do
- ovn-nbctl \
- -- lsp-add ls$i lp$i$j$k \
- -- lsp-set-addresses lp$i$j$k \
- "f0:00:00:00:0$i:$j$k 192.168.$i$j.$k"
- # logical ports lp[12]?1 belongs to port group pg1
- if test $i != 3 && test $k == 1; then
- pg1_ports="$pg1_ports `get_lsp_uuid $i$j$k`"
- fi
- # logical ports lp[23]?2 belongs to port group pg2
- if test $i != 1 && test $k == 2; then
- pg2_ports="$pg2_ports `get_lsp_uuid $i$j$k`"
- fi
- done
- done
-done
-
-ovn-nbctl lr-add lr0
-for i in 1 2 3; do
- for j in 1 2 3; do
- ovn-nbctl lrp-add lr0 lrp$i$j 00:00:00:00:ff:$i$j 192.168.$i$j.254/24
- ovn-nbctl \
- -- lsp-add ls$i lrp$i$j-attachment \
- -- set Logical_Switch_Port lrp$i$j-attachment type=router \
- options:router-port=lrp$i$j \
- addresses='"00:00:00:00:ff:'$i$j'"'
- done
-done
-
-ovn-nbctl create Port_Group name=pg1 ports="$pg1_ports"
-ovn-nbctl create Port_Group name=pg2 ports="$pg2_ports"
-
-# create ACLs on pg1 to drop traffic from pg2 to pg1
-ovn-nbctl acl-add pg1 to-lport 1001 'outport == @pg1' drop
-ovn-nbctl --type=port-group acl-add pg1 to-lport 1002 \
- 'outport == @pg1 && ip4.src == $pg2_ip4' allow-related
-
-# Physical network:
-#
-# Three hypervisors hv[123].
-# lp?1[123] spread across hv[123]: lp?11 on hv1, lp?12 on hv2, lp?13 on hv3.
-# lp?2[123] spread across hv[23]: lp?21 and lp?22 on hv2, lp?23 on hv3.
-# lp?3[123] all on hv3.
-
-# Given the name of a logical port, prints the name of the hypervisor
-# on which it is located.
-vif_to_hv() {
- case $1 in dnl (
- ?11) echo 1 ;; dnl (
- ?12 | ?21 | ?22) echo 2 ;; dnl (
- ?13 | ?23 | ?3?) echo 3 ;;
- esac
-}
-
-# Given the name of a logical port, prints the name of its logical router
-# port, e.g. "vif_to_lrp 123" yields 12.
-vif_to_lrp() {
- echo ${1%?}
-}
-
-# Given the name of a logical port, prints the name of its logical
-# switch, e.g. "vif_to_ls 123" yields 1.
-vif_to_ls() {
- echo ${1%??}
-}
-
-net_add n1
-for i in 1 2 3; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-done
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- hv=`vif_to_hv $i$j$k`
- as hv$hv ovs-vsctl \
- -- add-port br-int vif$i$j$k \
- -- set Interface vif$i$j$k \
- external-ids:iface-id=lp$i$j$k \
- options:tx_pcap=hv$hv/vif$i$j$k-tx.pcap \
- options:rxq_pcap=hv$hv/vif$i$j$k-rx.pcap \
- ofport-request=$i$j$k
- done
- done
-done
-
-# Pre-populate the hypervisors' ARP tables so that we don't lose any
-# packets for ARP resolution (native tunneling doesn't queue packets
-# for ARP resolution).
-OVN_POPULATE_ARP
-
-# Allow some time for ovn-northd and ovn-controller to catch up.
-# XXX This should be more systematic.
-sleep 1
-
-lsp_to_mac() {
- echo f0:00:00:00:0${1:0:1}:${1:1:2}
-}
-
-lrp_to_mac() {
- echo 00:00:00:00:ff:$1
-}
-
-# test_icmp INPORT SRC_MAC DST_MAC SRC_IP DST_IP ICMP_TYPE OUTPORT...
-#
-# This shell function causes a ICMP packet to be received on INPORT.
-# The OUTPORTs (zero or more) list the VIFs on which the packet should
-# be received. INPORT and the OUTPORTs are specified as logical switch
-# port numbers, e.g. 123 for vif123.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- : > $i$j$k.expected
- done
- done
-done
-
-test_icmp() {
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 icmp_type=$6
- local packet="inport==\"lp$inport\" && eth.src==$src_mac &&
- eth.dst==$dst_mac && ip.ttl==64 && ip4.src==$src_ip
- && ip4.dst==$dst_ip && icmp4.type==$icmp_type &&
- icmp4.code==0"
- shift; shift; shift; shift; shift; shift
- hv=hv`vif_to_hv $inport`
- as $hv ovs-appctl -t ovn-controller inject-pkt "$packet"
- in_ls=`vif_to_ls $inport`
- in_lrp=`vif_to_lrp $inport`
- for outport; do
- out_ls=`vif_to_ls $outport`
- if test $in_ls = $out_ls; then
- # Ports on the same logical switch receive exactly the same packet.
- echo $packet | ovstest test-ovn expr-to-packets
- else
- # Routing decrements TTL and updates source and dest MAC
- # (and checksum).
- out_lrp=`vif_to_lrp $outport`
- exp_smac=`lrp_to_mac $out_lrp`
- exp_dmac=`lsp_to_mac $outport`
- exp_packet="eth.src==$exp_smac && eth.dst==$exp_dmac &&
- ip.ttl==63 && ip4.src==$src_ip && ip4.dst==$dst_ip &&
- icmp4.type==$icmp_type && icmp4.code==0"
- echo $exp_packet | ovstest test-ovn expr-to-packets
-
- fi >> $outport.expected
- done
-}
-
-as hv1 ovs-vsctl --columns=name,ofport list interface
-as hv1 ovn-sbctl list port_binding
-as hv1 ovn-sbctl list datapath_binding
-as hv1 ovn-sbctl list port_group
-as hv1 ovn-sbctl list address_set
-as hv1 ovn-sbctl dump-flows
-as hv1 ovs-ofctl dump-flows br-int
-
-# Send IP packets between all pairs of source and destination ports,
-# packets matches ACL1 but not ACL2 should be dropped
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-for is in 1 2 3; do
- for js in 1 2 3; do
- for ks in 1 2 3; do
- bcast=
- s=$is$js$ks
- slsp_mac=`lsp_to_mac $s`
- slrp_mac=`lrp_to_mac $is$js`
- sip=192.168.$is$js.$ks
- for id in 1 2 3; do
- for jd in 1 2 3; do
- for kd in 1 2 3; do
- d=$id$jd$kd
- dlsp_mac=`lsp_to_mac $d`
- dlrp_mac=`lrp_to_mac $id$jd`
- dip=192.168.$id$jd.$kd
- if test $is = $id; then dmac=$dlsp_mac; else dmac=$slrp_mac; fi
- if test $d != $s; then unicast=$d; else unicast=; fi
-
- # packets matches ACL1 but not ACL2 should be dropped
- if test $id != 3 && test $kd == 1; then
- if test $is == 1 || test $ks != 2; then
- unicast=
- fi
- fi
- # icmp request (type = 8)
- test_icmp $s $slsp_mac $dmac $sip $dip 8 $unicast
-
- # if packets are not dropped, test the return traffic (icmp echo)
- # to make sure stateful works, too.
- if test x$unicast != x; then
- if test $is = $id; then dmac=$slsp_mac; else dmac=$dlrp_mac; fi
- # icmp echo (type = 0)
- test_icmp $unicast $dlsp_mac $dmac $dip $sip 0 $s
- fi
- done
- done
- done
- done
- done
-done
-
-# Allow some time for packet forwarding.
-# XXX This can be improved.
-sleep 1
-
-# Now check the packets actually received against the ones expected.
-for i in 1 2 3; do
- for j in 1 2 3; do
- for k in 1 2 3; do
- OVN_CHECK_PACKETS([hv`vif_to_hv $i$j$k`/vif$i$j$k-tx.pcap],
- [$i$j$k.expected])
- done
- done
-done
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1], [hv2], [hv3])
-AT_CLEANUP
-
-AT_SETUP([ovn -- Address Set generation from Port Groups (static addressing)])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-ovn-nbctl lsp-add ls1 lp1
-ovn-nbctl lsp-add ls1 lp2
-ovn-nbctl lsp-add ls1 lp3
-
-ovn-nbctl lsp-set-addresses lp1 "02:00:00:00:00:01 10.0.0.1 2001:db8::1"
-ovn-nbctl lsp-set-addresses lp2 "02:00:00:00:00:02 10.0.0.2 2001:db8::2"
-ovn-nbctl lsp-set-addresses lp3 "02:00:00:00:00:03 10.0.0.3 2001:db8::3"
-
-ovn-nbctl create Port_Group name=pg1
-ovn-nbctl create Port_Group name=pg2
-
-ovn-nbctl --id=@p get Logical_Switch_Port lp1 -- add Port_Group pg1 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp2 -- add Port_Group pg1 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp2 -- add Port_Group pg2 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp3 -- add Port_Group pg2 ports @p
-
-ovn-nbctl --wait=sb sync
-
-dnl Check if port group address sets were populated with ports' addresses
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip4 addresses],
- [0], [[["10.0.0.1", "10.0.0.2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg2_ip4 addresses],
- [0], [[["10.0.0.2", "10.0.0.3"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip6 addresses],
- [0], [[["2001:db8::1", "2001:db8::2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg2_ip6 addresses],
- [0], [[["2001:db8::2", "2001:db8::3"]]
-])
-
-ovn-nbctl --wait=sb lsp-set-addresses lp1 \
- "02:00:00:00:00:01 10.0.0.11 2001:db8::11"
-
-dnl Check if updated address got propagated to the port group address sets
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip4 addresses],
- [0], [[["10.0.0.11", "10.0.0.2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip6 addresses],
- [0], [[["2001:db8::11", "2001:db8::2"]]
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- Address Set generation from Port Groups (dynamic addressing)])
-ovn_start
-
-ovn-nbctl ls-add ls1
-ovn-nbctl ls-add ls2
-ovn-nbctl ls-add ls3
-
-ovn-nbctl set Logical_Switch ls1 \
- other_config:subnet=10.1.0.0/24 other_config:ipv6_prefix="2001:db8:1::"
-ovn-nbctl set Logical_Switch ls2 \
- other_config:subnet=10.2.0.0/24 other_config:ipv6_prefix="2001:db8:2::"
-ovn-nbctl set Logical_Switch ls3 \
- other_config:subnet=10.3.0.0/24 other_config:ipv6_prefix="2001:db8:3::"
-
-ovn-nbctl lsp-add ls1 lp1
-ovn-nbctl lsp-add ls2 lp2
-ovn-nbctl lsp-add ls3 lp3
-
-ovn-nbctl lsp-set-addresses lp1 "02:00:00:00:00:01 dynamic"
-ovn-nbctl lsp-set-addresses lp2 "02:00:00:00:00:02 dynamic"
-ovn-nbctl lsp-set-addresses lp3 "02:00:00:00:00:03 dynamic"
-
-ovn-nbctl create Port_Group name=pg1
-ovn-nbctl create Port_Group name=pg2
-
-ovn-nbctl --id=@p get Logical_Switch_Port lp1 -- add Port_Group pg1 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp2 -- add Port_Group pg1 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp2 -- add Port_Group pg2 ports @p
-ovn-nbctl --id=@p get Logical_Switch_Port lp3 -- add Port_Group pg2 ports @p
-
-ovn-nbctl --wait=sb sync
-
-dnl Check if port group address sets were populated with ports' addresses
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip4 addresses],
- [0], [[["10.1.0.2", "10.2.0.2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg2_ip4 addresses],
- [0], [[["10.2.0.2", "10.3.0.2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip6 addresses],
- [0], [[["2001:db8:1::ff:fe00:1", "2001:db8:2::ff:fe00:2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg2_ip6 addresses],
- [0], [[["2001:db8:2::ff:fe00:2", "2001:db8:3::ff:fe00:3"]]
-])
-
-ovn-nbctl --wait=sb set Logical_Switch ls1 \
- other_config:subnet=10.11.0.0/24 other_config:ipv6_prefix="2001:db8:11::"
-
-dnl Check if updated address got propagated to the port group address sets
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip4 addresses],
- [0], [[["10.11.0.2", "10.2.0.2"]]
-])
-AT_CHECK([ovn-sbctl get Address_Set pg1_ip6 addresses],
- [0], [[["2001:db8:11::ff:fe00:1", "2001:db8:2::ff:fe00:2"]]
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ACL conjunction])
-ovn_start
-
-ovn-nbctl ls-add ls1
-
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
-
-ovn-nbctl lsp-add ls1 ls1-lp2 \
--- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.6"
-
-ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6"
-
-net_add n1
-sim_add hv1
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=2
-
-ovn-nbctl create Address_Set name=set1 \
-addresses=\"10.0.0.4\",\"10.0.0.5\",\"10.0.0.6\"
-ovn-nbctl create Address_Set name=set2 \
-addresses=\"10.0.0.7\",\"10.0.0.8\",\"10.0.0.9\"
-ovn-nbctl acl-add ls1 to-lport 1002 \
-'ip4 && ip4.src == $set1 && ip4.dst == $set1' allow
-ovn-nbctl acl-add ls1 to-lport 1001 \
-'ip4 && ip4.src == $set1 && ip4.dst == $set2' drop
-
-# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
-#
-# This shell function causes an ip packet to be received on INPORT.
-# The packet's content has Ethernet destination DST and source SRC
-# (each exactly 12 hex digits) and Ethernet type ETHTYPE (4 hex digits).
-# The OUTPORTs (zero or more) list the VIFs on which the packet should
-# be received. INPORT and the OUTPORTs are specified as logical switch
-# port numbers, e.g. 11 for vif11.
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}\
-${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
- for outport; do
- echo $packet >> $outport.expected
- done
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-
-sip=`ip_to_hex 10 0 0 4`
-dip=`ip_to_hex 10 0 0 6`
-
-test_ip 1 f00000000001 f00000000002 $sip $dip 2
-
-cat 2.expected > expout
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-AT_CHECK([cat 2.packets], [0], [expout])
-
-# There should be total of 12 flows present with conjunction action and 2 flows
-# with conj match. Eg.
-# table=44, priority=2002,conj_id=2,metadata=0x1 actions=resubmit(,45)
-# table=44, priority=2001,conj_id=3,metadata=0x1 actions=drop
-# priority=2002,ip,metadata=0x1,nw_dst=10.0.0.6 actions=conjunction(2,2/2)
-# priority=2002,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(2,2/2)
-# priority=2002,ip,metadata=0x1,nw_dst=10.0.0.5 actions=conjunction(2,2/2)
-# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.7 actions=conjunction(3,2/2)
-# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(3,2/2)
-# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(3,2/2)
-# priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
-# priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
-# priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
-# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(3,1/2)
-# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(3,1/2)
-# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(3,1/2)
-
-OVS_WAIT_UNTIL([test 12 = `as hv1 ovs-ofctl dump-flows br-int | \
-grep conjunction | wc -l`])
-OVS_WAIT_UNTIL([test 2 = `as hv1 ovs-ofctl dump-flows br-int | \
-grep conj_id | wc -l`])
-
-as hv1 ovs-ofctl dump-flows br-int
-
-# Set the ip address for ls1-lp2 from set2 so that the drop ACL flow is hit.
-ovn-nbctl lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.7 20.0.0.4"
-ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.7 20.0.0.4"
-
-reset_pcap_file hv1-vif2 hv1/vif2
-
-rm -f 2.packets
-
-sip=`ip_to_hex 10 0 0 4`
-dip=`ip_to_hex 10 0 0 7`
-
-test_ip 1 f00000000001 f00000000002 $sip $dip
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
-AT_CHECK([cat 2.packets], [0], [])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- TTL exceeded])
-AT_KEYWORDS([ttl-exceeded])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# test_ip_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_DST IPV4_ROUTER IP_CHKSUM EXP_IP_CHKSUM EXP_ICMP_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv4 packet with
-# ETH_SRC, ETH_DST, IPV4_SRC, IPV4_DST, IP_CHKSUM as specified and TTL set to 1.
-# EXP_IP_CHKSUM and EXP_ICMP_CHKSUM are the ip and icmp checksums of the icmp time exceeded frame
-# generated by OVN logical router
-#
-# INPORT is a lport number, e.g. 11 for vif11.
-# HV is a hypervisor number
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC, IPV4_DST and IPV4_ROUTER are each 8 hex digits.
-# IP_CHKSUM, EXP_IP_CHSUM and EXP_ICMP_CHKSUM are each 4 hex digits
-test_ip_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ipv4_dst=$6 ip_router=$7 ip_chksum=$8
- local exp_ip_chksum=$9 exp_icmp_chksum=${10}
- shift 10
-
- local ip_ttl=01
- local packet=${eth_dst}${eth_src}08004500001400004000${ip_ttl}01${ip_chksum}${ipv4_src}${ipv4_dst}
-
- local reply_icmp_ttl=fe
- local icmp_type_code_response=0b00
- local icmp_data=00000000
- local reply_icmp_payload=${icmp_type_code_response}${exp_icmp_chksum}${icmp_data}
- local reply=${eth_src}${eth_dst}08004500001c00004000${reply_icmp_ttl}01${exp_ip_chksum}${ip_router}${ipv4_src}${reply_icmp_payload}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_ip6_packet INPORT HV ETH_SRC ETH_DST IPV6_SRC IPV6_DST IPV6_ROUTER EXP_ICMP_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv6
-# packet with ETH_SRC, ETH_DST, IPV6_SRC and IPV6_DST as specified.
-# IPV6_ROUTER and EXP_ICMP_CHKSUM are the source IP and checksum of the icmpv6 ttl exceeded
-# packet sent by OVN logical router
-test_ip6_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 ipv6_router=$7 exp_icmp_chksum=$8
- shift 8
-
- local ip6_hdr=6000000000151101${ipv6_src}${ipv6_dst}
- local packet=${eth_dst}${eth_src}86dd${ip6_hdr}dbb8303900155bac6b646f65206676676e6d66720a
-
- local reply=${eth_src}${eth_dst}86dd6000000000303afe${ipv6_router}${ipv6_src}0300${exp_icmp_chksum}00000000${ip6_hdr}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-for i in 1 2; do
- net_add n$i
- ovn-nbctl ls-add sw$i
-
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n$i br-phys 192.168.$i.1
-
- ovn-nbctl lsp-add sw$i sw$i-p${i}0 -- \
- lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1 2001:db8:$i::11"
-
- ovs-vsctl -- add-port br-int vif$i -- \
- set interface vif$i \
- external-ids:iface-id=sw$i-p${i}0 \
- options:tx_pcap=hv$i/vif$i-tx.pcap \
- options:rxq_pcap=hv$i/vif$i-rx.pcap \
- ofport-request=$i
-done
-
-ovn-nbctl lr-add lr0
-for i in 1 2; do
- ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24 2001:db8:$i::1/64
- ovn-nbctl -- lsp-add sw$i lrp$i-attachment \
- -- set Logical_Switch_Port lrp$i-attachment type=router \
- options:router-port=lrp$i addresses='"00:00:00:00:ff:0'$i' 192.168.'$i'.254 2001:db8:'$i'::1"'
-done
-
-OVN_POPULATE_ARP
-# allow some time for ovn-northd and ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-
-test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 1 254) 0000 7dae f4ff
-test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 20010db8000200000000000000000011 20010db8000100000000000000000001 d461
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected])
-
-OVN_CLEANUP([hv1], [hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- router port unreachable])
-AT_KEYWORDS([router-port-unreachable])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# test_ip_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_ROUTER L4_PROTCOL IP_CHKSUM EXP_IP_CHKSUM EXP_ICMP_CHKSUM EXP_ICMP_CODE
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv4 packet with
-# ETH_SRC, ETH_DST, IPV4_SRC, IPV4_ROUTER, L4_PROTCOL, IP_CHKSUM as specified.
-# EXP_IP_CHKSUM and EXP_ICMP_CHKSUM are the ip and icmp checksums of the icmp frame generated by OVN logical router
-# EXP_ICMP_CODE are code and type of the icmp frame generated by OVN logical router
-#
-# INPORT is a lport number, e.g. 11 for vif11.
-# HV is a hypervisor number
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC and IPV4_ROUTER are each 8 hex digits.
-# IP_CHKSUM, EXP_IP_CHSUM and EXP_ICMP_CHKSUM are each 4 hex digits
-test_ip_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ip_router=$6 l4_proto=$7 ip_chksum=$8
- local exp_ip_chksum=$9 exp_icmp_chksum=${10} exp_icmp_code=${11}
- shift 11
-
- local ip_ttl=ff
- local packet=${eth_dst}${eth_src}08004500001400004000${ip_ttl}${l4_proto}${ip_chksum}${ipv4_src}${ip_router}
-
- local reply_icmp_ttl=fe
- local icmp_data=00000000
- local reply_icmp_payload=${exp_icmp_code}${exp_icmp_chksum}${icmp_data}
- local reply=${eth_src}${eth_dst}08004500001c00004000${reply_icmp_ttl}01${exp_ip_chksum}${ip_router}${ipv4_src}${reply_icmp_payload}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_tcp_syn_packet INPORT HV ETH_SRC ETH_DST IPV4_SRC IPV4_ROUTER IP_CHKSUM TCP_SPORT TCP_DPORT TCP_CHKSUM EXP_IP_CHKSUM EXP_TCP_RST_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an TCP syn segment with
-# ETH_SRC, ETH_DST, IPV4_SRC, IPV4_ROUTER, IP_CHKSUM, TCP_SPORT, TCP_DPORT, TCP_CHKSUM as specified.
-# EXP_IP_CHKSUM and EXP_TCP_RST_CHKSUM are the ip and tcp checksums of the tcp reset segment generated by OVN logical router
-#
-# INPORT is an lport number, e.g. 11 for vif11.
-# HV is an hypervisor number
-# ETH_SRC and ETH_DST are each 12 hex digits.
-# IPV4_SRC and IPV4_ROUTER are each 8 hex digits.
-# TCP_SPORT and TCP_DPORT are 4 hex digits.
-# IP_CHKSUM, TCP_CHKSUM, EXP_IP_CHSUM and EXP_TCP_RST_CHKSUM are each 4 hex digits
-test_tcp_syn_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ip_router=$6 ip_chksum=$7
- local tcp_sport=$8 tcp_dport=$9 tcp_chksum=${10}
- local exp_ip_chksum=${11} exp_tcp_rst_chksum=${12}
- shift 12
-
- local ip_ttl=ff
- local packet=${eth_dst}${eth_src}08004500002800004000${ip_ttl}06${ip_chksum}${ipv4_src}${ip_router}${tcp_sport}${tcp_dport}000000010000000050027210${tcp_chksum}0000
-
- local tcp_rst_ttl=fe
- local reply=${eth_src}${eth_dst}08004500002800004000${tcp_rst_ttl}06${exp_ip_chksum}${ip_router}${ipv4_src}${tcp_dport}${tcp_sport}000000000000000150040000${exp_tcp_rst_chksum}0000
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_tcp6_packet INPORT HV ETH_SRC ETH_DST IPV6_SRC IPV6_ROUTER TCP_SPORT TCP_DPORT TCP_CHKSUM EXP_TCP_RST_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is a TCP syn segment with
-# ETH_SRC, ETH_DST, IPV6_SRC, IPV6_ROUTER, TCP_SPORT, TCP_DPORT and TCP_CHKSUM as specified.
-# EXP_TCP_RST_CHKSUM is the tcp checksums of the tcp reset segment generated by OVN logical router
-test_tcp6_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_router=$6
- local tcp_sport=$7 tcp_dport=$8 tcp_chksum=$9
- local exp_tcp_rst_chksum=${10}
- shift 10
-
- local ip6_hdr=60000000001406ff${ipv6_src}${ipv6_router}
- local packet=${eth_dst}${eth_src}86dd${ip6_hdr}${tcp_sport}${tcp_dport}000000010000000050027210${tcp_chksum}0000
-
- local reply=${eth_src}${eth_dst}86dd60000000001406fe${ipv6_router}${ipv6_src}${tcp_dport}${tcp_sport}000000000000000150040000${exp_tcp_rst_chksum}0000
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-# test_ip6_packet INPORT HV ETH_SRC ETH_DST IPV6_SRC IPV6_DST IPV6_PROTO IPV6_LEN DATA EXP_ICMP_CODE EXP_ICMP_CHKSUM
-#
-# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv6
-# packet with ETH_SRC, ETH_DST, IPV6_SRC, IPV6_DST, IPV6_PROTO, IPV6_LEN and DATA as specified.
-# EXP_ICMP_CODE and EXP_ICMP_CHKSUM are the code and checksum of the icmp6 packet sent by OVN logical router
-test_ip6_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 ipv6_proto=$7 ipv6_len=$8 data=$9
- local exp_icmp_code=${10} exp_icmp_chksum=${11}
- shift 11
-
- local ip6_hdr=60000000${ipv6_len}${ipv6_proto}ff${ipv6_src}${ipv6_dst}
- local packet=${eth_dst}${eth_src}86dd${ip6_hdr}${data}
-
- local reply=${eth_src}${eth_dst}86dd6000000000303afe${ipv6_dst}${ipv6_src}${exp_icmp_code}${exp_icmp_chksum}00000000${ip6_hdr}
- echo $reply >> vif$inport.expected
-
- as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-for i in 1 2; do
- net_add n$i
- ovn-nbctl ls-add sw$i
-
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n$i br-phys 192.168.$i.1
-
- ovn-nbctl lsp-add sw$i sw$i-p${i}0 -- \
- lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1 2001:db8:$i::11"
-
- ovs-vsctl -- add-port br-int vif$i -- \
- set interface vif$i \
- external-ids:iface-id=sw$i-p${i}0 \
- options:tx_pcap=hv$i/vif$i-tx.pcap \
- options:rxq_pcap=hv$i/vif$i-rx.pcap \
- ofport-request=$i
-done
-
-ovn-nbctl lr-add lr0
-for i in 1 2; do
- ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24 2001:db8:$i::1/64
- ovn-nbctl -- lsp-add sw$i lrp$i-attachment \
- -- set Logical_Switch_Port lrp$i-attachment type=router \
- options:router-port=lrp$i addresses='"00:00:00:00:ff:0'$i' 192.168.'$i'.254 2001:db8:'$i'::1"'
-done
-
-OVN_POPULATE_ARP
-# allow some time for ovn-northd and ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-
-test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 11 0000 7dae fcfc 0303
-test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 84 0000 7dae fcfd 0302
-test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 20010db8000100000000000000000001 11 0015 dbb8303900155bac6b646f65206676676e6d66720a 0104 d570
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected])
-
-test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486
-test_ip6_packet 2 2 000000000002 00000000ff02 20010db8000200000000000000000011 20010db8000200000000000000000001 84 0004 01020304 0103 627e
-test_tcp6_packet 2 2 000000000002 00000000ff02 20010db8000200000000000000000011 20010db8000200000000000000000001 8b40 3039 0000 4486
-OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [vif2.expected])
-
-OVN_CLEANUP([hv1], [hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ovn-controller exit])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-# Logical network:
-# One Logical Router: ro, with two logical switches sw1 and sw2.
-# sw1 is for subnet 10.0.0.0/8
-# sw2 is for subnet 20.0.0.0/8
-# sw1 has a single port bound on hv1
-# sw2 has a single port bound on hv2
-
-ovn-nbctl lr-add ro
-ovn-nbctl ls-add sw1
-ovn-nbctl ls-add sw2
-
-sw1_ro_mac=00:00:10:00:00:01
-sw1_ro_ip=10.0.0.1
-sw2_ro_mac=00:00:20:00:00:01
-sw2_ro_ip=20.0.0.1
-sw1_p1_mac=00:00:10:00:00:02
-sw1_p1_ip=10.0.0.2
-sw2_p1_mac=00:00:20:00:00:02
-sw2_p1_ip=20.0.0.2
-
-ovn-nbctl lrp-add ro ro-sw1 $sw1_ro_mac ${sw1_ro_ip}/8
-ovn-nbctl lrp-add ro ro-sw2 $sw2_ro_mac ${sw2_ro_ip}/8
-ovn-nbctl lsp-add sw1 sw1-ro -- set Logical_Switch_Port sw1-ro type=router \
- options:router-port=ro-sw1 addresses=\"$sw1_ro_mac\"
-ovn-nbctl lsp-add sw2 sw2-ro -- set Logical_Switch_Port sw2-ro type=router \
- options:router-port=ro-sw2 addresses=\"$sw2_ro_mac\"
-
-ovn-nbctl lsp-add sw1 sw1-p1 \
--- lsp-set-addresses sw1-p1 "$sw1_p1_mac $sw1_p1_ip"
-
-ovn-nbctl lsp-add sw2 sw2-p1 \
--- lsp-set-addresses sw2-p1 "$sw2_p1_mac $sw2_p1_ip"
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw1-p1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=sw2-p1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-OVN_POPULATE_ARP
-
-sleep 1
-
-packet="inport==\"sw1-p1\" && eth.src==$sw1_p1_mac && eth.dst==$sw1_ro_mac &&
- ip4 && ip.ttl==64 && ip4.src==$sw1_p1_ip && ip4.dst==$sw2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-
-# Start by Sending the packet and make sure it makes it there as expected
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$sw2_ro_mac && eth.dst==$sw2_p1_mac &&
- ip4 && ip.ttl==63 && ip4.src==$sw1_p1_ip && ip4.dst==$sw2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Stop ovn-controller on hv2
-as hv2 ovs-appctl -t ovn-controller exit
-
-# Now send the packet again. This time, it should not arrive.
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Start ovn-controller again just so OVN_CLEANUP doesn't complain
-as hv2 start_daemon ovn-controller
-
-OVN_CLEANUP([hv1],[hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- external logical port])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-sim_add hv1
-sim_add hv2
-sim_add hv3
-
-ovn-nbctl ls-add ls1
-ovn-nbctl lsp-add ls1 ls1-lp1 \
--- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 ae70::4"
-
-# Add a couple of external logical port
-ovn-nbctl lsp-add ls1 ls1-lp_ext1 \
--- lsp-set-addresses ls1-lp_ext1 "f0:00:00:00:00:03 10.0.0.6 ae70::6"
-ovn-nbctl lsp-set-port-security ls1-lp_ext1 \
-"f0:00:00:00:00:03 10.0.0.6 ae70::6"
-ovn-nbctl lsp-set-type ls1-lp_ext1 external
-
-ovn-nbctl lsp-add ls1 ls1-lp_ext2 \
--- lsp-set-addresses ls1-lp_ext2 "f0:00:00:00:00:04 10.0.0.7 ae70::7"
-ovn-nbctl lsp-set-port-security ls1-lp_ext2 \
-"f0:00:00:00:00:04 10.0.0.7 ae70::8"
-ovn-nbctl lsp-set-type ls1-lp_ext2 external
-
-d1="$(ovn-nbctl create DHCP_Options cidr=10.0.0.0/24 \
-options="\"server_id\"=\"10.0.0.1\" \"server_mac\"=\"ff:10:00:00:00:01\" \
-\"lease_time\"=\"3600\" \"router\"=\"10.0.0.1\"")"
-
-d2="$(ovn-nbctl create DHCP_Options cidr="ae70\:\:/64" \
-options="\"server_id\"=\"00:00:00:10:00:01\"")"
-
-ovn-nbctl lsp-set-dhcpv4-options ls1-lp1 ${d1}
-ovn-nbctl lsp-set-dhcpv4-options ls1-lp_ext1 ${d1}
-ovn-nbctl lsp-set-dhcpv4-options ls1-lp_ext2 ${d1}
-
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp1 ${d2}
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp_ext1 ${d2}
-ovn-nbctl lsp-set-dhcpv6-options ls1-lp_ext2 ${d2}
-
-# Create a logical router and connect it to ls1
-ovn-nbctl lr-add lr0
-ovn-nbctl lrp-add lr0 lr0-ls1 a0:10:00:00:00:01 10.0.0.1/24
-ovn-nbctl lsp-add ls1 ls1-lr0
-ovn-nbctl set Logical_Switch_Port ls1-lr0 type=router \
- options:router-port=lr0-ls1 addresses=router
-
-# Create HA chassis group
-ovn-nbctl ha-chassis-group-add hagrp1
-ovn-nbctl ha-chassis-group-add-chassis hagrp1 hv1 30
-
-hagrp1_uuid=`ovn-nbctl --bare --columns _uuid find ha_chassis_group name="hagrp1"`
-
-# There should be 1 HA_Chassis rows with chassis sets
-OVS_WAIT_UNTIL([ovn-sbctl list ha_chassis | grep chassis | awk '{print $3}' \
-| grep '-' | wc -l ], [0], [1
-])
-
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-phys hv1-ext1 -- \
- set interface hv1-ext1 options:tx_pcap=hv1/ext1-tx.pcap \
- options:rxq_pcap=hv1/ext1-rx.pcap \
- ofport-request=2
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-phys hv2-ext2 -- \
- set interface hv2-ext2 options:tx_pcap=hv2/ext2-tx.pcap \
- options:rxq_pcap=hv2/ext2-rx.pcap \
- ofport-request=2
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-as hv3
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.3
-ovs-vsctl -- add-port br-phys hv3-ext3 -- \
- set interface hv3-ext3 options:tx_pcap=hv3/ext3-tx.pcap \
- options:rxq_pcap=hv3/ext3-rx.pcap \
- ofport-request=2
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-# No DHCPv4/v6 flows for the external port - ls1-lp_ext1 - 10.0.0.6 in hv1 and
-# hv2 as ha-chassis-group is not set and no localnet port added to ls1.
-AT_CHECK([ovn-sbctl dump-flows ls1 | grep "offerip = 10.0.0.6" | \
-wc -l], [0], [0
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
-])
-
-hv1_uuid=$(ovn-sbctl list chassis hv1 | grep uuid | awk '{print $3}')
-hv2_uuid=$(ovn-sbctl list chassis hv2 | grep uuid | awk '{print $3}')
-hv3_uuid=$(ovn-sbctl list chassis hv3 | grep uuid | awk '{print $3}')
-
-# The port_binding row for ls1-lp_ext1 should have empty chassis
-chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
-
-AT_CHECK([test x$chassis == x], [0], [])
-
-# Associate hagrp1 ha-chassis-group to ls1-lp_ext1
-ovn-nbctl --wait=hv set Logical_Switch_Port ls1-lp_ext1 \
-ha-chassis-group=$hagrp1_uuid
-
-# Get the hagrp1 uuid in SB DB.
-sb_hagrp1_uuid=`ovn-sbctl --bare --columns _uuid find ha_chassis_group \
-name="hagrp1"`
-
-# Wait till ls1-lp_ext1 port_binding has ha_chassis_group set
-OVS_WAIT_UNTIL(
- [sb_pb_hagrp=`ovn-sbctl --bare --columns ha_chassis_group find \
-port_binding logical_port=ls1-lp_ext1`
- test "$sb_pb_hagrp" = "$sb_hagrp1_uuid"])
-
-# No DHCPv4/v6 flows for the external port - ls1-lp_ext1 - 10.0.0.6 in hv1 and hv2
-# as no localnet port added to ls1 yet.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
-])
-
-# Add the localnet port to the logical switch ls1
-ovn-nbctl lsp-add ls1 ln-public
-ovn-nbctl lsp-set-addresses ln-public unknown
-ovn-nbctl lsp-set-type ln-public localnet
-ovn-nbctl --wait=hv lsp-set-options ln-public network_name=phys
-
-ln_public_key=$(ovn-sbctl list port_binding ln-public | grep tunnel_key | \
-awk '{print $3}')
-
-# The ls1-lp_ext1 should be bound to hv1 as only hv1 is part of the
-# ha chassis group.
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = "$hv1_uuid"])
-
-# There should be DHCPv4/v6 OF flows for the ls1-lp_ext1 port in hv1
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | grep reg14=0x$ln_public_key | \
-wc -l], [0], [3
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | \
-grep reg14=0x$ln_public_key | wc -l], [0], [1
-])
-
-# There should be no DHCPv4/v6 flows for ls1-lp_ext1 on hv2
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
-])
-
-# No DHCPv4/v6 flows for the external port - ls1-lp_ext2 - 10.0.0.7 in hv1 and
-# hv2 as requested-chassis option is not set.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.07" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.07" | wc -l], [0], [0
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.07" | wc -l], [0], [0
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.07" | wc -l], [0], [0
-])
-
-as hv1
-ovs-vsctl show
-
-# This shell function sends a DHCP request packet
-# test_dhcp INPORT SRC_MAC DHCP_TYPE OFFER_IP ...
-test_dhcp() {
- local inport=$1 src_mac=$2 dhcp_type=$3 offer_ip=$4 use_ip=$5
- shift; shift; shift; shift; shift;
- if test $use_ip != 0; then
- src_ip=$1
- dst_ip=$2
- shift; shift;
- else
- src_ip=`ip_to_hex 0 0 0 0`
- dst_ip=`ip_to_hex 255 255 255 255`
- fi
- local request=ffffffffffff${src_mac}0800451001100000000080110000${src_ip}${dst_ip}
- # udp header and dhcp header
- request=${request}0044004300fc0000
- request=${request}010106006359aa760000000000000000000000000000000000000000${src_mac}
- # client hardware padding
- request=${request}00000000000000000000
- # server hostname
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- # boot file name
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- request=${request}0000000000000000000000000000000000000000000000000000000000000000
- # dhcp magic cookie
- request=${request}63825363
- # dhcp message type
- request=${request}3501${dhcp_type}ff
-
- local srv_mac=$1 srv_ip=$2 expected_dhcp_opts=$3
- # total IP length will be the IP length of the request packet
- # (which is 272 in our case) + 8 (padding bytes) + (expected_dhcp_opts / 2)
- ip_len=`expr 280 + ${#expected_dhcp_opts} / 2`
- udp_len=`expr $ip_len - 20`
- ip_len=$(printf "%x" $ip_len)
- udp_len=$(printf "%x" $udp_len)
- # $ip_len var will be in 3 digits i.e 134. So adding a '0' before $ip_len
- local reply=${src_mac}${srv_mac}080045100${ip_len}000000008011XXXX${srv_ip}${offer_ip}
- # udp header and dhcp header.
- # $udp_len var will be in 3 digits. So adding a '0' before $udp_len
- reply=${reply}004300440${udp_len}0000020106006359aa760000000000000000
- # your ip address
- reply=${reply}${offer_ip}
- # next server ip address, relay agent ip address, client mac address
- reply=${reply}0000000000000000${src_mac}
- # client hardware padding
- reply=${reply}00000000000000000000
- # server hostname
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- # boot file name
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
- # dhcp magic cookie
- reply=${reply}63825363
- # dhcp message type
- local dhcp_reply_type=02
- if test $dhcp_type = 03; then
- dhcp_reply_type=05
- fi
- reply=${reply}3501${dhcp_reply_type}${expected_dhcp_opts}00000000ff00000000
- echo $reply >> ext1_v4.expected
-
- as hv1 ovs-appctl netdev-dummy/receive hv${inport}-ext${inport} $request
-}
-
-
-trim_zeros() {
- sed 's/\(00\)\{1,\}$//'
-}
-
-# This shell function sends a DHCPv6 request packet
-# test_dhcpv6 INPORT SRC_MAC SRC_LLA DHCPv6_MSG_TYPE OFFER_IP OUTPORT...
-# The OUTPORTs (zero or more) list the VIFs on which the original DHCPv6
-# packet should be received twice (one from ovn-controller and the other
-# from the "ovs-ofctl monitor br-int resume"
-test_dhcpv6() {
- local inport=$1 src_mac=$2 src_lla=$3 msg_code=$4 offer_ip=$5
- local req_pkt_in_expected=$6
- local request=ffffffffffff${src_mac}86dd00000000002a1101${src_lla}
- # dst ip ff02::1:2
- request=${request}ff020000000000000000000000010002
- # udp header and dhcpv6 header
- request=${request}02220223002affff${msg_code}010203
- # Client identifier
- request=${request}0001000a00030001${src_mac}
- # IA-NA (Identity Association for Non Temporary Address)
- request=${request}0003000c0102030400000e1000001518
- shift; shift; shift; shift; shift;
-
- local server_mac=000000100001
- local server_lla=fe80000000000000020000fffe100001
- local reply_code=07
- if test $msg_code = 01; then
- reply_code=02
- fi
- local msg_len=54
- if test $offer_ip = 1; then
- msg_len=28
- fi
- local reply=${src_mac}${server_mac}86dd0000000000${msg_len}1101
- reply=${reply}${server_lla}${src_lla}
-
- # udp header and dhcpv6 header
- reply=${reply}0223022200${msg_len}ffff${reply_code}010203
- # Client identifier
- reply=${reply}0001000a00030001${src_mac}
- # IA-NA
- if test $offer_ip != 1; then
- reply=${reply}0003002801020304ffffffffffffffff00050018${offer_ip}
- reply=${reply}ffffffffffffffff
- fi
- # Server identifier
- reply=${reply}0002000a00030001${server_mac}
-
- echo $reply | trim_zeros >> ext${inport}_v6.expected
- # The inport also receives the request packet since it is connected
- # to the br-phys.
- #echo $request >> ext${inport}_v6.expected
-
- as hv1 ovs-appctl netdev-dummy/receive hv${inport}-ext${inport} $request
-}
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-AT_CAPTURE_FILE([ofctl_monitor0_hv1.log])
-as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0_hv1.log
-
-AT_CAPTURE_FILE([ofctl_monitor0_hv2.log])
-as hv2 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0_hv2.log
-
-AT_CAPTURE_FILE([ofctl_monitor0_hv3.log])
-as hv3 ovs-ofctl monitor br-int resume --detach --no-chdir \
---pidfile=ovs-ofctl0.pid 2> ofctl_monitor0_hv3.log
-
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-# Send DHCPDISCOVER.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-server_mac=ff1000000001
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 1 f00000000003 01 $offer_ip 0 $server_mac $server_ip \
-$expected_dhcp_opts
-
-# NXT_RESUMEs should be 1 in hv1.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 0 in hv2.
-OVS_WAIT_UNTIL([test 0 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap > ext1_v4.packets
-cat ext1_v4.expected | cut -c -48 > expout
-AT_CHECK([cat ext1_v4.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat ext1_v4.expected | cut -c 53- > expout
-AT_CHECK([cat ext1_v4.packets | cut -c 53-], [0], [expout])
-
-# ovs-ofctl also resumes the packets and this causes other ports to receive
-# the DHCP request packet. So reset the pcap files so that its easier to test.
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-rm -f ext1_v4.expected
-rm -f ext1_v4.packets
-
-# Send DHCPv6 request
-src_mac=f00000000003
-src_lla=fe80000000000000f20000fffe000003
-offer_ip=ae700000000000000000000000000006
-test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip
-
-# NXT_RESUMEs should be 2 in hv1.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 0 in hv2.
-OVS_WAIT_UNTIL([test 0 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap | \
-sort > ext1_v6.packets
-cat ext1_v6.expected | cut -c -120 > expout
-AT_CHECK([cat ext1_v6.packets | cut -c -120], [0], [expout])
-# Skipping the UDP checksum
-cat ext1_v6.expected | cut -c 125- > expout
-AT_CHECK([cat ext1_v6.packets | cut -c 125-], [0], [expout])
-
-rm -f ext1_v6.expected
-rm -f ext1_v6.packets
-
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-# Delete the ha-chassis hv1.
-ovn-nbctl ha-chassis-group-remove-chassis hagrp1 hv1
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = ""])
-
-# Add hv2 to the ha chassis group
-ovn-nbctl --wait=hv ha-chassis-group-add-chassis hagrp1 hv2 20
-
-ovn-sbctl list ha_chassis_group
-ovn-sbctl list ha_chassis
-
-ovn-sbctl find port_binding logical_port=ls1-lp_ext1
-
-# The ls1-lp_ext1 should be bound to hv2
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = "$hv2_uuid"])
-
-# There should be OF flows for DHCP4/v6 for the ls1-lp_ext1 port in hv2
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | grep reg14=0x$ln_public_key | \
-wc -l], [0], [3
-])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | \
-grep reg14=0x$ln_public_key | wc -l], [0], [1
-])
-
-# There should be no DHCPv4/v6 flows for ls1-lp_ext1 on hv1
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep "0a.00.00.06" | wc -l], [0], [0
-])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=20 | \
-grep controller | grep tp_src=546 | grep \
-"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | \
-grep reg14=0x$ln_public_key | wc -l], [0], [0
-])
-
-# Send DHCPDISCOVER again for hv1/ext1. The DHCP response should come from
-# hv2 ovn-controller.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-server_mac=ff1000000001
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 1 f00000000003 01 $offer_ip 0 $server_mac $server_ip \
-$expected_dhcp_opts
-
-# NXT_RESUMEs should be 2 in hv1.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 1 in hv2.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap > ext1_v4.packets
-cat ext1_v4.expected | cut -c -48 > expout
-AT_CHECK([cat ext1_v4.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat ext1_v4.expected | cut -c 53- > expout
-AT_CHECK([cat ext1_v4.packets | cut -c 53-], [0], [expout])
-
-# ovs-ofctl also resumes the packets and this causes other ports to receive
-# the DHCP request packet. So reset the pcap files so that its easier to test.
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-rm -f ext1_v4.expected
-
-# Send DHCPv6 request again
-src_mac=f00000000003
-src_lla=fe80000000000000f20000fffe000003
-offer_ip=ae700000000000000000000000000006
-test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip 1
-
-# NXT_RESUMEs should be 2 in hv1.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap | \
-sort > ext1_v6.packets
-cat ext1_v6.expected | cut -c -120 > expout
-AT_CHECK([cat ext1_v6.packets | cut -c -120], [0], [expout])
-# Skipping the UDP checksum
-cat ext1_v6.expected | cut -c 125- > expout
-AT_CHECK([cat ext1_v6.packets | cut -c 125-], [0], [expout])
-
-rm -f ext1_v6.expected
-rm -f ext1_v6.packets
-
-as hv1
-ovs-vsctl show
-reset_pcap_file hv1-ext1 hv1/ext1
-reset_pcap_file br-phys_n1 hv1/br-phys_n1
-reset_pcap_file br-phys hv1/br-phys
-
-as hv2
-ovs-vsctl show
-reset_pcap_file hv2-ext2 hv2/ext2
-reset_pcap_file br-phys_n1 hv2/br-phys_n1
-reset_pcap_file br-phys hv2/br-phys
-
-# From ls1-lp_ext1, send ARP request for the router ip. The ARP
-# response should come from the router pipeline of hv2.
-ext1_mac=f00000000003
-router_mac=a01000000001
-ext1_ip=`ip_to_hex 10 0 0 6`
-router_ip=`ip_to_hex 10 0 0 1`
-arp_request=ffffffffffff${ext1_mac}08060001080006040001${ext1_mac}${ext1_ip}000000000000${router_ip}
-
-as hv1 ovs-appctl netdev-dummy/receive hv1-ext1 $arp_request
-expected_response=${src_mac}${router_mac}08060001080006040002${router_mac}${router_ip}${ext1_mac}${ext1_ip}
-echo $expected_response > expout
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap > ext1_arp_resp
-AT_CHECK([cat ext1_arp_resp], [0], [expout])
-
-# Verify that the response came from hv2
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap > ext1_arp_resp
-AT_CHECK([cat ext1_arp_resp], [0], [expout])
-
-# Now add 3 ha chassis to the ha chassis group
-ovn-nbctl ha-chassis-group-add-chassis hagrp1 hv1 30
-ovn-nbctl ha-chassis-group-add-chassis hagrp1 hv2 20
-ovn-nbctl ha-chassis-group-add-chassis hagrp1 hv3 10
-
-# hv1 should be master and claim ls1-lp_ext1
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = "$hv1_uuid"])
-
-as hv1
-ovs-vsctl show
-reset_pcap_file hv1-ext1 hv1/ext1
-reset_pcap_file br-phys_n1 hv1/br-phys_n1
-reset_pcap_file br-phys hv1/br-phys
-
-as hv2
-ovs-vsctl show
-reset_pcap_file hv2-ext2 hv2/ext2
-reset_pcap_file br-phys_n1 hv2/br-phys_n1
-reset_pcap_file br-phys hv2/br-phys
-
-as hv3
-ovs-vsctl show
-reset_pcap_file hv3-ext3 hv3/ext3
-reset_pcap_file br-phys_n1 hv3/br-phys_n1
-reset_pcap_file br-phys hv3/br-phys
-
-# Send DHCPDISCOVER.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-server_mac=ff1000000001
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 1 f00000000003 01 $offer_ip 0 $server_mac $server_ip \
-$expected_dhcp_opts
-
-# NXT_RESUMEs should be 3 in hv1.
-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap > ext1_v4.packets
-cat ext1_v4.expected | cut -c -48 > expout
-AT_CHECK([cat ext1_v4.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat ext1_v4.expected | cut -c 53- > expout
-AT_CHECK([cat ext1_v4.packets | cut -c 53-], [0], [expout])
-
-# ovs-ofctl also resumes the packets and this causes other ports to receive
-# the DHCP request packet. So reset the pcap files so that its easier to test.
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-rm -f ext1_v4.expected
-rm -f ext1_v4.packets
-
-# Send DHCPv6 request
-src_mac=f00000000003
-src_lla=fe80000000000000f20000fffe000003
-offer_ip=ae700000000000000000000000000006
-test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip
-
-# NXT_RESUMEs should be 4 in hv1.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap | \
-sort > ext1_v6.packets
-cat ext1_v6.expected | cut -c -120 > expout
-AT_CHECK([cat ext1_v6.packets | cut -c -120], [0], [expout])
-# Skipping the UDP checksum
-cat ext1_v6.expected | cut -c 125- > expout
-AT_CHECK([cat ext1_v6.packets | cut -c 125-], [0], [expout])
-
-rm -f ext1_v6.expected
-rm -f ext1_v6.packets
-as hv1 reset_pcap_file hv1-ext1 hv1/ext1
-
-# Now increase the priority of hv3 so it becomes master.
-ovn-nbctl ha-chassis-group-add-chassis hagrp1 hv3 50
-
-# hv3 should be master and claim ls1-lp_ext1
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = "$hv3_uuid"])
-
-as hv1
-ovs-vsctl show
-reset_pcap_file hv1-ext1 hv1/ext1
-reset_pcap_file br-phys_n1 hv1/br-phys_n1
-reset_pcap_file br-phys hv1/br-phys
-
-as hv2
-ovs-vsctl show
-reset_pcap_file hv2-ext2 hv2/ext2
-reset_pcap_file br-phys_n1 hv2/br-phys_n1
-reset_pcap_file br-phys hv2/br-phys
-
-as hv2
-ovs-vsctl show
-reset_pcap_file hv3-ext3 hv3/ext3
-reset_pcap_file br-phys_n1 hv3/br-phys_n1
-reset_pcap_file br-phys hv3/br-phys
-
-# Send DHCPDISCOVER.
-offer_ip=`ip_to_hex 10 0 0 6`
-server_ip=`ip_to_hex 10 0 0 1`
-server_mac=ff1000000001
-expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
-test_dhcp 1 f00000000003 01 $offer_ip 0 $server_mac $server_ip \
-$expected_dhcp_opts
-
-# NXT_RESUMEs should be 4 in hv1.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 1 in hv3.
-OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor0_hv3.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap > ext1_v4.packets
-cat ext1_v4.expected | cut -c -48 > expout
-AT_CHECK([cat ext1_v4.packets | cut -c -48], [0], [expout])
-# Skipping the IPv4 checksum.
-cat ext1_v4.expected | cut -c 53- > expout
-AT_CHECK([cat ext1_v4.packets | cut -c 53-], [0], [expout])
-
-# ovs-ofctl also resumes the packets and this causes other ports to receive
-# the DHCP request packet. So reset the pcap files so that its easier to test.
-as hv1
-reset_pcap_file hv1-ext1 hv1/ext1
-
-rm -f ext1_v4.expected
-rm -f ext1_v4.packets
-
-# Send DHCPv6 request
-src_mac=f00000000003
-src_lla=fe80000000000000f20000fffe000003
-offer_ip=ae700000000000000000000000000006
-test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip
-
-# NXT_RESUMEs should be 4 in hv1.
-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor0_hv1.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv2.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv2.log | grep -c NXT_RESUME`])
-
-# NXT_RESUMEs should be 2 in hv3.
-OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor0_hv3.log | grep -c NXT_RESUME`])
-
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ext1-tx.pcap | \
-sort > ext1_v6.packets
-cat ext1_v6.expected | cut -c -120 > expout
-AT_CHECK([cat ext1_v6.packets | cut -c -120], [0], [expout])
-# Skipping the UDP checksum
-cat ext1_v6.expected | cut -c 125- > expout
-AT_CHECK([cat ext1_v6.packets | cut -c 125-], [0], [expout])
-
-# disconnect hv3 from the network, hv1 should take over
-as hv3
-port=${sandbox}_br-phys
-as main ovs-vsctl del-port n1 $port
-
-# hv1 should be master and claim ls1-lp_ext1
-OVS_WAIT_UNTIL(
- [chassis=`ovn-sbctl --bare --columns chassis find port_binding \
-logical_port=ls1-lp_ext1`
- test "$chassis" = "$hv1_uuid"])
-
-OVN_CLEANUP([hv1],[hv2],[hv3])
-AT_CLEANUP
-
-AT_SETUP([ovn -- Address Set Incremental Processing])
-AT_KEYWORDS([ovn_as_inc])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.10
-
-ovn-nbctl ls-add ls1
-for i in 1 2; do
- ovn-nbctl lsp-add ls1 lp$i \
- -- lsp-set-addresses lp$i "f0:00:00:00:00:0$i 192.168.1.$i"
- as hv1 ovs-vsctl \
- -- add-port br-int vif$i \
- -- set Interface vif$i \
- external-ids:iface-id=lp$i
-done
-
-for i in 1 2 3; do
- as1_uuid=`ovn-nbctl --wait=hv create addr name=as1`
- as2_uuid=`ovn-nbctl --wait=hv create addr name=as2`
- ovn-nbctl --wait=hv acl-add ls1 to-lport 200 \
- 'outport=="lp1" && ip4 && ip4.src == {$as1, $as2}' allow-related
- ovn-nbctl --wait=hv set addr as1 addresses="10.1.2.10"
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.10"], [0], [ignore])
-
- # Update address set as1
- ovn-nbctl --wait=hv set addr as1 addresses="10.1.2.10 10.1.2.11"
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.11"], [0], [ignore])
-
- # Update address set as2
- ovn-nbctl --wait=hv set addr as2 addresses="10.1.2.12 10.1.2.13"
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.12"], [0], [ignore])
-
- # Add another ACL referencing as1
- n_flows_before=`ovs-ofctl dump-flows br-int | grep "10.1.2.10" | wc -l`
- ovn-nbctl --wait=hv acl-add ls1 to-lport 200 \
- 'outport=="lp2" && ip4 && ip4.src == $as1' allow-related
- n_flows_after=`ovs-ofctl dump-flows br-int | grep "10.1.2.10" | wc -l`
- AT_CHECK([test $(expr $n_flows_before \* 2) = $n_flows_after], [0], [ignore])
-
- # Remove an ACL
- ovn-nbctl --wait=hv acl-del ls1 to-lport 200 \
- 'outport=="lp2" && ip4 && ip4.src == $as1'
- n_flows_after=`ovs-ofctl dump-flows br-int | grep "10.1.2.10" | wc -l`
- AT_CHECK([test $n_flows_before = $n_flows_after], [0], [ignore])
-
- # Remove as1 while it is still used by an ACL, the lflows should be reparsed and
- # parsing should fail.
- echo "before del as1"
- ovn-nbctl list addr | grep as1
- ovn-nbctl --wait=hv destroy addr $as1_uuid
- echo "after del as1"
- ovn-nbctl list addr | grep as1
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.10"], [1], [ignore])
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.12"], [1], [ignore])
-
- # Recreate as1
- as1_uuid=`ovn-nbctl --wait=hv create addr name=as1`
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.12"], [0], [ignore])
-
- # Remove ACLs and address sets
- ovn-nbctl --wait=hv destroy addr $as1_uuid -- destroy addr $as2_uuid
- AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.12"], [1], [ignore])
-
- ovn-nbctl --wait=hv acl-del ls1
-done
-
-# Gracefully terminate daemons
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ovn-controller restart])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One Logical Router: ro, with two logical switches sw1 and sw2.
-# sw1 is for subnet 10.0.0.0/8
-# sw2 is for subnet 20.0.0.0/8
-# sw1 has a single port bound on hv1
-# sw2 has a single port bound on hv2
-
-ovn-nbctl lr-add ro
-ovn-nbctl ls-add sw1
-ovn-nbctl ls-add sw2
-
-sw1_ro_mac=00:00:10:00:00:01
-sw1_ro_ip=10.0.0.1
-sw2_ro_mac=00:00:20:00:00:01
-sw2_ro_ip=20.0.0.1
-sw1_p1_mac=00:00:10:00:00:02
-sw1_p1_ip=10.0.0.2
-sw2_p1_mac=00:00:20:00:00:02
-sw2_p1_ip=20.0.0.2
-
-ovn-nbctl lrp-add ro ro-sw1 $sw1_ro_mac ${sw1_ro_ip}/8
-ovn-nbctl lrp-add ro ro-sw2 $sw2_ro_mac ${sw2_ro_ip}/8
-ovn-nbctl lsp-add sw1 sw1-ro -- set Logical_Switch_Port sw1-ro type=router \
- options:router-port=ro-sw1 addresses=\"$sw1_ro_mac\"
-ovn-nbctl lsp-add sw2 sw2-ro -- set Logical_Switch_Port sw2-ro type=router \
- options:router-port=ro-sw2 addresses=\"$sw2_ro_mac\"
-
-ovn-nbctl lsp-add sw1 sw1-p1 \
--- lsp-set-addresses sw1-p1 "$sw1_p1_mac $sw1_p1_ip"
-
-ovn-nbctl lsp-add sw2 sw2-p1 \
--- lsp-set-addresses sw2-p1 "$sw2_p1_mac $sw2_p1_ip"
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw1-p1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=sw2-p1 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-OVN_POPULATE_ARP
-
-sleep 1
-
-packet="inport==\"sw1-p1\" && eth.src==$sw1_p1_mac && eth.dst==$sw1_ro_mac &&
- ip4 && ip.ttl==64 && ip4.src==$sw1_p1_ip && ip4.dst==$sw2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-
-# Start by Sending the packet and make sure it makes it there as expected
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-# Expected packet has TTL decreased by 1
-expected="eth.src==$sw2_ro_mac && eth.dst==$sw2_p1_mac &&
- ip4 && ip.ttl==63 && ip4.src==$sw1_p1_ip && ip4.dst==$sw2_p1_ip &&
- udp && udp.src==53 && udp.dst==4369"
-echo $expected | ovstest test-ovn expr-to-packets > expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-# Stop ovn-controller on hv2 with --restart flag
-as hv2 ovs-appctl -t ovn-controller exit --restart
-
-# Now send the packet again. This time, it should still arrive
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-cat expected expected > expected2
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected2])
-
-# Start ovn-controller again just so OVN_CLEANUP doesn't complain
-as hv2 start_daemon ovn-controller
-
-OVN_CLEANUP([hv1],[hv2])
-
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- ovn-nbctl duplicate addresses])
-ovn_start
-
-# Set up a switch with some switch ports of varying address types
-ovn-nbctl ls-add sw1
-ovn-nbctl set logical_switch sw1 other_config:subnet=192.168.0.0/24
-
-ovn-nbctl lsp-add sw1 sw1-p1
-ovn-nbctl lsp-add sw1 sw1-p2
-ovn-nbctl lsp-add sw1 sw1-p3
-ovn-nbctl lsp-add sw1 sw1-p4
-
-ovn-nbctl lsp-set-addresses sw1-p1 "00:00:00:00:00:01 10.0.0.1 aef0::1" "00:00:00:00:00:02 10.0.0.2 aef0::2"
-ovn-nbctl lsp-set-addresses sw1-p2 "00:00:00:00:00:03 dynamic"
-ovn-nbctl lsp-set-addresses sw1-p3 "dynamic"
-ovn-nbctl lsp-set-addresses sw1-p4 "router"
-ovn-nbctl lsp-set-addresses sw1-p5 "unknown"
-
-ovn-nbctl list logical_switch_port
-
-# Now try to add duplicate addresses on a new port. These should all fail
-ovn-nbctl --wait=sb lsp-add sw1 sw1-p5
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 10.0.0.1"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.1
-])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 10.0.0.2"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.2
-])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 aef0::1"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::1
-])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 aef0::2"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::2
-])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 192.168.0.2"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.2
-])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 192.168.0.3"], [1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.3
-])
-
-# Now try re-setting sw1-p1. This should succeed
-AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p1 "00:00:00:00:00:01 10.0.0.1 aef0::1"])
-
-# Now create a new switch and try setting IP addresses the same as the
-# first switch. This should succeed.
-ovn-nbctl ls-add sw2
-ovn-nbctl lsp-add sw2 sw2-p1
-
-AT_CHECK([ovn-nbctl lsp-set-addresses sw2-p1 "00:00:00:00:00:04 10.0.0.1"])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw2-p1 "00:00:00:00:00:04 192.168.0.2"])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw2-p1 "00:00:00:00:00:04 192.168.0.3"])
-AT_CHECK([ovn-nbctl lsp-set-addresses sw2-p1 "00:00:00:00:00:04 aef0::1"])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- router - check packet length - icmp defrag])
-AT_KEYWORDS([check packet length])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-ovn-nbctl ls-add sw0
-ovn-nbctl lsp-add sw0 sw0-port1
-ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 10.0.0.3"
-
-ovn-nbctl lr-add lr0
-ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
-ovn-nbctl lsp-add sw0 sw0-lr0
-ovn-nbctl lsp-set-type sw0-lr0 router
-ovn-nbctl lsp-set-addresses sw0-lr0 router
-ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
-
-ovn-nbctl ls-add public
-ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24
-ovn-nbctl lsp-add public public-lr0
-ovn-nbctl lsp-set-type public-lr0 router
-ovn-nbctl lsp-set-addresses public-lr0 router
-ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public
-
-# localnet port
-ovn-nbctl lsp-add public ln-public
-ovn-nbctl lsp-set-type ln-public localnet
-ovn-nbctl lsp-set-addresses ln-public unknown
-ovn-nbctl lsp-set-options ln-public network_name=phys
-
-ovn-nbctl lrp-set-gateway-chassis lr0-public hv1 20
-ovn-nbctl lr-nat-add lr0 snat 172.168.0.100 10.0.0.0/24
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw0-port1 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
- options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
- options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-test_ip_packet_larger() {
- local icmp_pmtu_reply_expected=$1
-
- # Send ip packet from sw0-port1 to outside
- src_mac="505400000001" # sw-port1 mac
- dst_mac="00000000ff01" # sw0-lr0 mac (internal router leg)
- src_ip=`ip_to_hex 10 0 0 3`
- dst_ip=`ip_to_hex 172 168 0 3`
- # Set the packet length to 100.
- pkt_len=0064
- packet=${dst_mac}${src_mac}08004500${pkt_len}0000000040010000
- orig_packet_l3=${src_ip}${dst_ip}0304000000000000
- orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
- orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
- orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
- orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
- packet=${packet}${orig_packet_l3}
-
- gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064
-
- # If icmp_pmtu_reply_expected is 0, it means the packet is lesser than
- # the gateway mtu and should be delivered to the provider bridge via the
- # localnet port.
- # If icmp_pmtu_reply_expected is 1, it means the packet is larger than
- # the gateway mtu and ovn-controller should drop the packet and instead
- # generate ICMPv4 Destination Unreachable message with pmtu set to 42.
- if test $icmp_pmtu_reply_expected = 0; then
- # Packet to expect at br-phys.
- src_mac="000020201213"
- dst_mac="00000012af11"
- src_ip=`ip_to_hex 10 0 0 3`
- dst_ip=`ip_to_hex 172 168 0 3`
- expected=${dst_mac}${src_mac}08004500${pkt_len}000000003f010100
- expected=${expected}${src_ip}${dst_ip}0304000000000000
- expected=${expected}000000000000000000000000000000000000
- expected=${expected}000000000000000000000000000000000000
- expected=${expected}000000000000000000000000000000000000
- expected=${expected}000000000000000000000000000000000000
- echo $expected > br_phys_n1.expected
- echo $gw_ip_garp >> br_phys_n1.expected
- else
- # MTU would be 100 - 18 = 82 (hex 0052)
- mtu=0052
- src_ip=`ip_to_hex 10 0 0 1`
- dst_ip=`ip_to_hex 10 0 0 3`
- # pkt len should be 128 (28 (icmp packet) + 100 (orig ip + payload))
- reply_pkt_len=0080
- ip_csum=bd91
- icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe016879
- icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000${mtu}
- icmp_reply=${icmp_reply}4500${pkt_len}000000003f010100
- icmp_reply=${icmp_reply}${orig_packet_l3}
- echo $icmp_reply > hv1-vif1.expected
- fi
-
- as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1
- as hv1 reset_pcap_file hv1-vif1 hv1/vif1
-
- # Send packet from sw0-port1 to outside
- as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
-
- if test $icmp_pmtu_reply_expected = 0; then
- OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br_phys_n1.expected])
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > pkts
- # hv1/vif1-tx.pcap can receive the GARP packet generated by ovn-controller
- # for the gateway router port. So ignore this packet.
- cat pkts | grep -v $gw_ip_garp > packets
- AT_CHECK([cat packets], [0], [])
- else
- OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [hv1-vif1.expected])
- $PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap > \
- pkts
- # hv1/br-phys_n1-tx.pcap can receive the GARP packet generated by ovn-controller
- # for the gateway router port. So ignore this packet.
- cat pkts | grep -v $gw_ip_garp > packets
- AT_CHECK([cat packets], [0], [])
- fi
-}
-
-ovn-nbctl show
-ovn-sbctl show
-
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int \
-| grep "check_pkt_larger" | wc -l], [0], [[0
-]])
-dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \
-awk '{print $3}')
-ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \
-logical_port=lr0-public mac="00\:00\:00\:12\:af\:11"
-
-# Set the gateway mtu to 100. If the packet length is > 100, ovn-controller
-# should send icmp host not reachable with pmtu set to 100.
-ovn-nbctl --wait=hv set logical_router_port lr0-public options:gateway_mtu=100
-as hv3 ovs-appctl netdev-dummy/receive hv3-vif1 $arp_reply
-OVS_WAIT_UNTIL([
- test `as hv1 ovs-ofctl dump-flows br-int | grep "check_pkt_larger(100)" | \
- wc -l` -eq 1
-])
-
-icmp_reply_expected=1
-test_ip_packet_larger $icmp_reply_expected
-
-# Set the gateway mtu to 500.
-ovn-nbctl --wait=hv set logical_router_port lr0-public options:gateway_mtu=500
-as hv3 ovs-appctl netdev-dummy/receive hv3-vif1 $arp_reply
-OVS_WAIT_UNTIL([
- test `as hv1 ovs-ofctl dump-flows br-int | grep "check_pkt_larger(500)" | \
- wc -l` -eq 1
-])
-
-# Now the packet should be sent via the localnet port to br-phys.
-icmp_reply_expected=0
-test_ip_packet_larger $icmp_reply_expected
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- IP packet buffering])
-AT_KEYWORDS([ip-buffering])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# One LR lr0 that has switches sw0 (192.168.1.0/24) and
-# sw1 (172.16.1.0/24) connected to it.
-#
-# Physical network:
-# Tw0 hypervisors hv[12].
-# hv1 hosts vif sw0-p0.
-# hv1 hosts vif sw1-p0.
-
-send_icmp_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv4_src=$5 ipv4_dst=$6 ip_chksum=$7 data=$8
- shift 8
-
- local ip_ttl=ff
- local ip_len=001c
- local packet=${eth_dst}${eth_src}08004500${ip_len}00004000${ip_ttl}01${ip_chksum}${ipv4_src}${ipv4_dst}${data}
- as hv$hv ovs-appctl netdev-dummy/receive hv$hv-vif$inport $packet
-}
-
-send_icmp6_packet() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 ipv6_router=$7 exp_icmp_chksum=$8
- shift 8
-
- local ip6_hdr=6000000000083aff${ipv6_src}${ipv6_dst}
- local packet=${eth_dst}${eth_src}86dd${ip6_hdr}8000dcb662f00001
-
- as hv$hv ovs-appctl netdev-dummy/receive hv$hv-vif$inport $packet
-}
-
-get_arp_req() {
- local eth_src=$1 spa=$2 tpa=$3
- local request=ffffffffffff${eth_src}08060001080006040001${eth_src}${spa}000000000000${tpa}
- echo $request
-}
-
-send_arp_reply() {
- local hv=$1 inport=$2 eth_src=$3 eth_dst=$4 spa=$5 tpa=$6
- local request=${eth_dst}${eth_src}08060001080006040002${eth_src}${spa}${eth_dst}${tpa}
- as hv$hv ovs-appctl netdev-dummy/receive hv${hv}-vif$inport $request
-}
-
-send_na() {
- local hv=$1 inport=$2 eth_src=$3 eth_dst=$4 src_ip=$5 dst_ip=$6
- local ip6_hdr=6000000000203aff${src_ip}${dst_ip}
- local request=${eth_dst}${eth_src}86dd${ip6_hdr}8800d78440000000${src_ip}0201${eth_src}
-
- as hv$hv ovs-appctl netdev-dummy/receive hv${hv}-vif$inport $request
-}
-
-get_nd() {
- local eth_src=$1 src_ip=$2 dst_ip=$3 ta=$4
- local ip6_hdr=6000000000203aff${src_ip}${dst_ip}
- request=3333ff000010${eth_src}86dd${ip6_hdr}8700357600000000${ta}0101${eth_src}
-
- echo $request
-}
-
-net_add n1
-
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw0-p0 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=sw1-p0 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-
-ovn-nbctl create Logical_Router name=lr0 options:chassis=hv1
-ovn-nbctl ls-add sw0
-ovn-nbctl ls-add sw1
-
-ovn-nbctl lrp-add lr0 sw0 00:00:01:01:02:03 192.168.1.1/24 2001:0:0:0:0:0:0:1/64
-ovn-nbctl lsp-add sw0 rp-sw0 -- set Logical_Switch_Port rp-sw0 \
- type=router options:router-port=sw0 \
- -- lsp-set-addresses rp-sw0 router
-
-ovn-nbctl lrp-add lr0 sw1 00:00:02:01:02:03 172.16.1.1/24 2002:0:0:0:0:0:0:1/64
-ovn-nbctl lsp-add sw1 rp-sw1 -- set Logical_Switch_Port rp-sw1 \
- type=router options:router-port=sw1 \
- -- lsp-set-addresses rp-sw1 router
-
-ovn-nbctl lsp-add sw0 sw0-p0 \
- -- lsp-set-addresses sw0-p0 "f0:00:00:01:02:03 192.168.1.2 2001::2"
-
-ovn-nbctl lsp-add sw1 sw1-p0 \
- -- lsp-set-addresses sw1-p0 unknown
-
-OVN_POPULATE_ARP
-ovn-nbctl --wait=hv sync
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-src_mac=f00000010203
-src_ip=$(ip_to_hex 192 168 1 2)
-src_ip6=20010000000000000000000000000002
-
-router_mac0=000001010203
-router_mac1=000002010203
-router_ip=$(ip_to_hex 172 16 1 1)
-router_ip6=20020000000000000000000000000001
-
-dst_mac=001122334455
-dst_ip=$(ip_to_hex 172 16 1 10)
-dst_ip6=20020000000000000000000000000010
-
-data=0800bee4391a0001
-
-send_icmp_packet 1 1 $src_mac $router_mac0 $src_ip $dst_ip 0000 $data
-send_arp_reply 2 1 $dst_mac $router_mac1 $dst_ip $router_ip
-echo $(get_arp_req $router_mac1 $router_ip $dst_ip) > expected
-echo "${dst_mac}${router_mac1}08004500001c00004000fe010100${src_ip}${dst_ip}${data}" >> expected
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-nd_ip=ff0200000000000000000001ff000010
-ip6_hdr=6000000000083afe${src_ip6}${dst_ip6}
-
-send_icmp6_packet 1 1 $src_mac $router_mac0 $src_ip6 $dst_ip6
-echo $(get_nd $router_mac1 $src_ip6 $nd_ip $dst_ip6) >> expected
-echo "${dst_mac}${router_mac1}86dd${ip6_hdr}8000dcb662f00001" >> expected
-send_na 2 1 $dst_mac $router_mac1 $dst_ip6 $router_ip6
-
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1],[hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- neighbor update on same HV])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# A public switch (pub) with a localnet port connected to two LRs (lr0 and lr1)
-# each with a distributed gateway port.
-# Two VMs: lp0 on sw0 connected to lr0
-# lp1 on sw1 connected to lr1
-#
-# This test adds a floating IP to each VM so when they are bound to the same
-# hypervisor, it checks that the GARP sent by ovn-controller causes the
-# MAC_Binding entries to be updated properly on each logical router.
-# It will also capture packets on the physical interface to make sure that the
-# GARPs have been sent out to the external network as well.
-
-# Create logical switches
-ovn-nbctl ls-add sw0
-ovn-nbctl ls-add sw1
-ovn-nbctl ls-add pub
-
-# Created localnet port on public switch
-ovn-nbctl lsp-add pub ln-pub
-ovn-nbctl lsp-set-type ln-pub localnet
-ovn-nbctl lsp-set-addresses ln-pub unknown
-ovn-nbctl lsp-set-options ln-pub network_name=phys
-
-# Create logical routers and connect them to public switch
-ovn-nbctl create Logical_Router name=lr0
-ovn-nbctl create Logical_Router name=lr1
-
-ovn-nbctl lrp-add lr0 lr0-pub f0:00:00:00:00:01 172.24.4.220/24
-ovn-nbctl lsp-add pub pub-lr0 -- set Logical_Switch_Port pub-lr0 \
- type=router options:router-port=lr0-pub options:nat-addresses="router" addresses="router"
-ovn-nbctl lrp-add lr1 lr1-pub f0:00:00:00:01:01 172.24.4.221/24
-ovn-nbctl lsp-add pub pub-lr1 -- set Logical_Switch_Port pub-lr1 \
- type=router options:router-port=lr1-pub options:nat-addresses="router" addresses="router"
-
-ovn-nbctl lrp-set-gateway-chassis lr0-pub hv1 10
-ovn-nbctl lrp-set-gateway-chassis lr1-pub hv1 10
-
-# Connect sw0 and sw1 to lr0 and lr1
-ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.254/24
-ovn-nbctl lsp-add sw0 sw0-lr0 -- set Logical_Switch_Port sw0-lr0 type=router \
- options:router-port=lr0-sw0 addresses="router"
-ovn-nbctl lrp-add lr1 lr1-sw1 00:00:00:00:ff:02 20.0.0.254/24
-ovn-nbctl lsp-add sw1 sw1-lr1 -- set Logical_Switch_Port sw1-lr1 type=router \
- options:router-port=lr1-sw1 addresses="router"
-
-
-# Add SNAT rules
-ovn-nbctl lr-nat-add lr0 snat 172.24.4.220 10.0.0.0/24
-ovn-nbctl lr-nat-add lr1 snat 172.24.4.221 20.0.0.0/24
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 172.24.4.1
-ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
-
-ovs-vsctl add-port br-int vif0 -- set Interface vif0 external-ids:iface-id=lp0
-ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
-
-ovn-nbctl lsp-add sw0 lp0
-ovn-nbctl lsp-add sw1 lp1
-ovn-nbctl lsp-set-addresses lp0 "50:54:00:00:00:01 10.0.0.10"
-ovn-nbctl lsp-set-addresses lp1 "50:54:00:00:00:02 20.0.0.10"
-
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp0` = xup])
-OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xup])
-
-# Create two floating IPs, one for each VIF
-ovn-nbctl lr-nat-add lr0 dnat_and_snat 172.24.4.100 10.0.0.10
-ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.24.4.200 20.0.0.10
-
-# Check that the MAC_Binding entries have been properly created
-OVS_WAIT_UNTIL([test `ovn-sbctl find mac_binding logical_port="lr0-pub" ip="172.24.4.200" | wc -l` -gt 0])
-OVS_WAIT_UNTIL([test `ovn-sbctl find mac_binding logical_port="lr1-pub" ip="172.24.4.100" | wc -l` -gt 0])
-
-# Check that the GARPs went also to the external physical network
-# Wait until at least 4 packets have arrived and copy them to a separate file as
-# more GARPs are expected in the capture in order to avoid race conditions.
-OVS_WAIT_UNTIL([test `$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys-tx.pcap | wc -l` -gt 4])
-$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys-tx.pcap | head -n4 > hv1/br-phys-tx4.pcap
-
-# GARP for lp0 172.24.4.100 on lr0-pub MAC (f0:00:00:00:00:01)
-echo "fffffffffffff0000000000108060001080006040001f00000000001ac180464000000000000ac180464" > expout
-# GARP for 172.24.4.220 on lr0-pub (f0:00:00:00:00:01)
-echo "fffffffffffff0000000000108060001080006040001f00000000001ac1804dc000000000000ac1804dc" >> expout
-# GARP for lp1 172.24.4.200 on lr1-pub MAC (f0:00:00:00:01:01)
-echo "fffffffffffff0000000010108060001080006040001f00000000101ac1804c8000000000000ac1804c8" >> expout
-# GARP for 172.24.4.221 on lr1-pub (f0:00:00:00:01:01)
-echo "fffffffffffff0000000010108060001080006040001f00000000101ac1804dd000000000000ac1804dd" >> expout
-AT_CHECK([sort hv1/br-phys-tx4.pcap], [0], [expout])
-#OVN_CHECK_PACKETS([hv1/br-phys-tx4.pcap], [br-phys.expected])
-
-OVN_CLEANUP([hv1])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ipam to non-ipam])
-ovn_start
-
-ovn-nbctl --wait=hv set NB_Global . options:mac_prefix="0a:00:00:00:00:00"
-ovn-nbctl ls-add sw0
-ovn-nbctl lsp-add sw0 p0 -- lsp-set-addresses p0 dynamic
-ovn-nbctl --wait=sb add Logical-Switch sw0 other_config subnet=192.168.1.0/24
-
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p0 dynamic_addresses], [0],
- ["0a:00:00:a8:01:03 192.168.1.2"
-])
-
-ovn-nbctl --wait=sb lsp-set-addresses p0 router
-
-ovn-nbctl get Logical-Switch-Port p0 dynamic_addresses
-
-AT_CHECK([ovn-nbctl get Logical-Switch-Port p0 dynamic_addresses], [0], [[[]]
-])
-AT_CLEANUP
-
-AT_SETUP([ovn -- ipam router ports])
-ovn_start
-
-ovn-nbctl ls-add sw
-ovn-nbctl set logical_switch sw other-config:subnet=192.168.1.0/24
-
-for i in 2 3 4; do
- ovn-nbctl lr-add ro$i
- ovn-nbctl lsp-add sw swp$i
- ovn-nbctl --wait=sb lsp-set-addresses swp$i "02:00:00:00:00:0$i dynamic"
- cidr=$(ovn-nbctl get logical_switch_port swp$i dynamic_addresses |cut -f2 -d' '|cut -f1 -d\")
- ovn-nbctl lrp-add ro$i rop$i 02:00:00:00:00:0$i $cidr/24 -- set logical_switch_port swp$i type=router options:router-port=rop$i addresses=router;
- AT_CHECK_UNQUOTED([ovn-nbctl get logical_router_port rop$i networks], [0], [[["192.168.1.$i/24"]]
-])
-done
-
-ovn-nbctl list logical_switch_port
-ovn-nbctl list logical_router_port
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- test transport zones])
-ovn_start
-
-net_add n1
-for i in 1 2 3 4 5; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.$i.1
-done
-
-dnl Wait for the changes to be propagated
-ovn-nbctl --wait=sb --timeout=3 sync
-ovn-nbctl --wait=hv --timeout=3 sync
-
-dnl Assert that each Chassis has a tunnel formed to every other Chassis
-as hv1
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv2-0
-ovn-hv3-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv2
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv3-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv3
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv4
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv3-0
-ovn-hv5-0
-]])
-
-as hv5
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv3-0
-ovn-hv4-0
-]])
-
-dnl Let's now add some Chassis to different transport zones
-dnl * hv1: Will be part of two transport zones: tz1 and tz2 so it
-dnl should have tunnels formed between the other two Chassis (hv2 and hv3)
-dnl
-dnl * hv2: Will be part of one transport zone: tz1. It should have a tunnel
-dnl to hv1 but not to hv3
-dnl
-dnl * hv3: Will be part of one transport zone: tz2. It should have a tunnel
-dnl to hv1 but not to hv2
-dnl
-dnl * hv4 and hv5: Will not have any TZ set so they will keep the tunnels
-dnl between themselves and remove the tunnels to other Chassis which now
-dnl belongs to some TZs
-dnl
-as hv1
-ovs-vsctl set open . external-ids:ovn-transport-zones=tz1,tz2
-
-as hv2
-ovs-vsctl set open . external-ids:ovn-transport-zones=tz1
-
-as hv3
-ovs-vsctl set open . external-ids:ovn-transport-zones=tz2
-
-dnl Wait for the changes to be propagated
-ovn-nbctl --wait=sb --timeout=3 sync
-ovn-nbctl --wait=hv --timeout=3 sync
-
-as hv1
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv2-0
-ovn-hv3-0
-]])
-
-as hv2
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-]])
-
-as hv3
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-]])
-
-as hv4
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv5-0
-]])
-
-as hv5
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv4-0
-]])
-
-dnl Removing the transport zones should make all Chassis to create
-dnl tunnels between every other Chassis again
-for i in 1 2 3; do
- as hv$i
- ovs-vsctl remove open . external-ids ovn-transport-zones
-done
-
-dnl Wait for the changes to be propagated
-ovn-nbctl --wait=sb --timeout=3 sync
-ovn-nbctl --wait=hv --timeout=3 sync
-
-as hv1
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv2-0
-ovn-hv3-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv2
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv3-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv3
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv4-0
-ovn-hv5-0
-]])
-
-as hv4
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv3-0
-ovn-hv5-0
-]])
-
-as hv5
-AT_CHECK([ovs-vsctl --bare --columns=name find interface type="geneve" | awk NF | sort], [0],
-[[ovn-hv1-0
-ovn-hv2-0
-ovn-hv3-0
-ovn-hv4-0
-]])
-
-OVN_CLEANUP([hv1], [hv2], [hv3])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR chassis mac])
-ovn_start
-
-
-# In this test cases we create 2 switches, all connected to same
-# physical network (through br-phys on each HV). Each switch has
-# 1 VIF. Each HV has 1 VIF port. The first digit
-# of VIF port name indicates the hypervisor it is bound to, e.g.
-# lp23 means VIF 3 on hv2.
-#
-# Each switch's VLAN tag and their logical switch ports are:
-# - ls1:
-# - tagged with VLAN 101
-# - ports: lp11
-# - ls2:
-# - tagged with VLAN 201
-# - ports: lp22
-#
-# Note: a localnet port is created for each switch to connect to
-# physical network.
-
-for i in 1 2; do
- ls_name=ls$i
- ovn-nbctl ls-add $ls_name
- ln_port_name=ln$i
- if test $i -eq 1; then
- ovn-nbctl lsp-add $ls_name $ln_port_name "" 101
- elif test $i -eq 2; then
- ovn-nbctl lsp-add $ls_name $ln_port_name "" 201
- fi
- ovn-nbctl lsp-set-addresses $ln_port_name unknown
- ovn-nbctl lsp-set-type $ln_port_name localnet
- ovn-nbctl lsp-set-options $ln_port_name network_name=phys
-done
-
-# lsp_to_ls LSP
-#
-# Prints the name of the logical switch that contains LSP.
-lsp_to_ls () {
- case $1 in dnl (
- lp?[[11]]) echo ls1 ;; dnl (
- lp?[[12]]) echo ls2 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-vif_to_ls () {
- case $1 in dnl (
- vif?[[11]]) echo ls1 ;; dnl (
- vif?[[12]]) echo ls2 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-hv_to_num () {
- case $1 in dnl (
- hv1) echo 1 ;; dnl (
- hv2) echo 2 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-vif_to_num () {
- case $1 in dnl (
- vif22) echo 22 ;; dnl (
- vif21) echo 21 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-vif_to_hv () {
- case $1 in dnl (
- vif[[1]]?) echo hv1 ;; dnl (
- vif[[2]]?) echo hv2 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-vif_to_lrp () {
- echo router-to-`vif_to_ls $1`
-}
-
-hv_to_chassis_mac () {
- case $1 in dnl (
- hv[[1]]) echo aa:bb:cc:dd:ee:11 ;; dnl (
- hv[[2]]) echo aa:bb:cc:dd:ee:22 ;; dnl (
- *) AT_FAIL_IF([:]) ;;
- esac
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-net_add n1
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
- ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i"
- ovn_attach n1 br-phys 192.168.0.$i
-
- ovs-vsctl add-port br-int vif$i$i -- \
- set Interface vif$i$i external-ids:iface-id=lp$i$i \
- options:tx_pcap=hv$i/vif$i$i-tx.pcap \
- options:rxq_pcap=hv$i/vif$i$i-rx.pcap \
- ofport-request=$i$i
-
- lsp_name=lp$i$i
- ls_name=$(lsp_to_ls $lsp_name)
-
- ovn-nbctl lsp-add $ls_name $lsp_name
- ovn-nbctl lsp-set-addresses $lsp_name "f0:00:00:00:00:$i$i 192.168.$i.$i"
- ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$i
-
- OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup])
-
-done
-
-ovn-nbctl lr-add router
-ovn-nbctl lrp-add router router-to-ls1 00:00:01:01:02:03 192.168.1.3/24
-ovn-nbctl lrp-add router router-to-ls2 00:00:01:01:02:05 192.168.2.3/24
-
-ovn-nbctl lsp-add ls1 ls1-to-router -- set Logical_Switch_Port ls1-to-router type=router options:router-port=router-to-ls1 -- lsp-set-addresses ls1-to-router router
-ovn-nbctl lsp-add ls2 ls2-to-router -- set Logical_Switch_Port ls2-to-router type=router options:router-port=router-to-ls2 -- lsp-set-addresses ls2-to-router router
-
-ovn-nbctl --wait=sb sync
-#ovn-sbctl dump-flows
-
-ovn-nbctl show
-ovn-sbctl show
-
-OVN_POPULATE_ARP
-
-test_ip() {
- # This packet has bad checksums but logical L3 routing doesn't check.
- local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
- local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
- shift; shift; shift; shift; shift
- hv=`vif_to_hv $inport`
- hv_num=`hv_to_num $hv`
- chassis_mac=`hv_to_chassis_mac $hv`
- as $hv ovs-appctl netdev-dummy/receive $inport $packet
- #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
- in_ls=`vif_to_ls $inport`
- in_lrp=`vif_to_lrp $inport`
- for outport; do
- out_ls=`vif_to_ls $outport`
- if test $in_ls = $out_ls; then
- # Ports on the same logical switch receive exactly the same packet.
- echo $packet
- else
- # Routing decrements TTL and updates source and dest MAC
- # (and checksum).
- outport_num=`vif_to_num $outport`
- out_lrp=`vif_to_lrp $outport`
- echo f000000000${outport_num}aabbccddee${hv_num}${hv_num}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
- fi >> $outport.expected
- done
-}
-
-# Dump a bunch of info helpful for debugging if there's a failure.
-
-echo "------ OVN dump ------"
-ovn-nbctl show
-ovn-sbctl show
-
-echo "------ hv1 dump ------"
-as hv1 ovs-vsctl show
-as hv1 ovs-vsctl list Open_Vswitch
-
-echo "------ hv2 dump ------"
-as hv2 ovs-vsctl show
-as hv2 ovs-vsctl list Open_Vswitch
-
-echo "Send traffic"
-sip=`ip_to_hex 192 168 1 1`
-dip=`ip_to_hex 192 168 2 2`
-test_ip vif11 f00000000011 000001010203 $sip $dip vif22
-
-echo "----------- Post Traffic hv1 dump -----------"
-as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
-as hv1 ovs-appctl fdb/show br-phys
-
-echo "----------- Post Traffic hv2 dump -----------"
-as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
-as hv2 ovs-appctl fdb/show br-phys
-
-OVN_CHECK_PACKETS([hv2/vif22-tx.pcap], [vif22.expected])
-
-OVN_CLEANUP([hv1],[hv2])
-
-AT_CLEANUP
-
-# Run ovn-nbctl in daemon mode, change to a backup database and verify that
-# an insert operation is not allowed.
-AT_SETUP([ovn -- can't write to a backup database server instance])
-ovn_start
-on_exit 'kill $(cat ovn-nbctl.pid)'
-export OVN_NB_DAEMON=$(ovn-nbctl --pidfile --detach)
-
-AT_CHECK([ovn-nbctl ls-add sw0])
-as ovn-nb
-AT_CHECK([ovs-appctl -t ovsdb-server ovsdb-server/sync-status | grep active | wc -l], [0], [1
-])
-ovs-appctl -t ovsdb-server ovsdb-server/set-active-ovsdb-server tcp:192.0.2.2:6641
-ovs-appctl -t ovsdb-server ovsdb-server/connect-active-ovsdb-server
-AT_CHECK([ovs-appctl -t ovsdb-server ovsdb-server/sync-status | grep -c backup], [0], [1
-])
-AT_CHECK([ovn-nbctl ls-add sw1], [1], [ignore],
-[ovn-nbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"}
-])
-
-AT_CLEANUP
-
-AT_SETUP([ovn -- controller event])
-AT_KEYWORDS([ovn_controller_event])
-ovn_start
-
-# Create hypervisors hv[12].
-# Add vif1[12] to hv1, vif2[12] to hv2
-# Add all of the vifs to a single logical switch sw0.
-
-net_add n1
-ovn-nbctl ls-add sw0
-for i in 1 2; do
- sim_add hv$i
- as hv$i
- ovs-vsctl add-br br-phys
- ovn_attach n1 br-phys 192.168.0.$i
-
- for j in 1 2; do
- ovn-nbctl lsp-add sw0 sw0-p$i$j -- \
- lsp-set-addresses sw0-p$i$j "00:00:00:00:00:$i$j 192.168.1.$i$j"
-
- ovs-vsctl -- add-port br-int vif$i$j -- \
- set interface vif$i$j \
- external-ids:iface-id=sw0-p$i$j \
- options:tx_pcap=hv$i/vif$i$j-tx.pcap \
- options:rxq_pcap=hv$i/vif$i$j-rx.pcap \
- ofport-request=$i$j
- done
-done
-
-ovn-nbctl --wait=hv set NB_Global . options:controller_event=true
-ovn-nbctl lb-add lb0 192.168.1.100:80 ""
-ovn-nbctl ls-lb-add sw0 lb0
-uuid_lb=$(ovn-nbctl --bare --columns=_uuid find load_balancer name=lb0)
-
-OVN_POPULATE_ARP
-ovn-nbctl --timeout=3 --wait=hv sync
-ovn-sbctl lflow-list
-as hv1 ovs-ofctl dump-flows br-int
-
-packet="inport==\"sw0-p11\" && eth.src==00:00:00:00:00:11 && eth.dst==00:00:00:00:00:21 &&
- ip4 && ip.ttl==64 && ip4.src==192.168.1.11 && ip4.dst==192.168.1.100 &&
- tcp && tcp.src==10000 && tcp.dst==80"
-as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
-
-ovn-sbctl list controller_event
-uuid=$(ovn-sbctl list controller_event | awk '/_uuid/{print $3}')
-AT_CHECK([ovn-sbctl get controller_event $uuid event_type], [0], [dnl
-empty_lb_backends
-])
-AT_CHECK([ovn-sbctl get controller_event $uuid event_info:vip], [0], [dnl
-"192.168.1.100:80"
-])
-AT_CHECK([ovn-sbctl get controller_event $uuid event_info:protocol], [0], [dnl
-tcp
-])
-AT_CHECK_UNQUOTED([ovn-sbctl get controller_event $uuid event_info:load_balancer], [0], [dnl
-"$uuid_lb"
-])
-AT_CHECK([ovn-sbctl get controller_event $uuid seq_num], [0], [dnl
-1
-])
-
-OVN_CLEANUP([hv1], [hv2])
-AT_CLEANUP
-
-AT_SETUP([ovn -- IGMP snoop/querier])
-AT_SKIP_IF([test $HAVE_PYTHON = no])
-ovn_start
-
-# Logical network:
-# Two independent logical switches (sw1 and sw2).
-# sw1:
-# - subnet 10.0.0.0/8
-# - 2 ports bound on hv1 (sw1-p11, sw1-p12)
-# - 2 ports bound on hv2 (sw1-p21, sw1-p22)
-# sw2:
-# - subnet 20.0.0.0/8
-# - 1 port bound on hv1 (sw2-p1)
-# - 1 port bound on hv2 (sw2-p2)
-# - IGMP Querier from 20.0.0.254
-
-reset_pcap_file() {
- local iface=$1
- local pcap_file=$2
- ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
-options:rxq_pcap=dummy-rx.pcap
- rm -f ${pcap_file}*.pcap
- ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
-options:rxq_pcap=${pcap_file}-rx.pcap
-}
-
-ip_to_hex() {
- printf "%02x%02x%02x%02x" "$@"
-}
-
-#
-# send_igmp_v3_report INPORT HV ETH_SRC IP_SRC IP_CSUM GROUP REC_TYPE
-# IGMP_CSUM OUTFILE
-#
-# This shell function causes an IGMPv3 report to be received on INPORT of HV.
-# The packet's content has Ethernet destination 01:00:5E:00:00:22 and source
-# ETH_SRC (exactly 12 hex digits). Ethernet type is set to IP.
-# GROUP is the IP multicast group to be joined/to leave (based on REC_TYPE).
-# REC_TYPE == 04: join GROUP
-# REC_TYPE == 03: leave GROUP
-# The packet hexdump is also stored in OUTFILE.
-#
-send_igmp_v3_report() {
- local inport=$1 hv=$2 eth_src=$3 ip_src=$4 ip_chksum=$5 group=$6
- local rec_type=$7 igmp_chksum=$8 outfile=$9
-
- local eth_dst=01005e000016
- local ip_dst=$(ip_to_hex 224 0 0 22)
- local ip_ttl=01
- local ip_ra_opt=94040000
-
- local igmp_type=2200
- local num_rec=00000001
- local aux_dlen=00
- local num_src=0000
-
- local eth=${eth_dst}${eth_src}0800
- local ip=46c0002800004000${ip_ttl}02${ip_chksum}${ip_src}${ip_dst}${ip_ra_opt}
- local igmp=${igmp_type}${igmp_chksum}${num_rec}${rec_type}${aux_dlen}${num_src}${group}
- local packet=${eth}${ip}${igmp}
-
- echo ${packet} >> ${outfile}
- as $hv ovs-appctl netdev-dummy/receive ${inport} ${packet}
-}
-
-#
-# store_igmp_v3_query ETH_SRC IP_SRC IP_CSUM OUTFILE
-#
-# This shell function builds an IGMPv3 general query from ETH_SRC and IP_SRC
-# and stores the hexdump of the packet in OUTFILE.
-#
-store_igmp_v3_query() {
- local eth_src=$1 ip_src=$2 ip_chksum=$3 outfile=$4
-
- local eth_dst=01005e000001
- local ip_dst=$(ip_to_hex 224 0 0 1)
- local ip_ttl=01
- local igmp_type=11
- local max_resp=0a
- local igmp_chksum=eeeb
- local addr=00000000
-
- local eth=${eth_dst}${eth_src}0800
- local ip=4500002000004000${ip_ttl}02${ip_chksum}${ip_src}${ip_dst}
- local igmp=${igmp_type}${max_resp}${igmp_chksum}${addr}000a0000
- local packet=${eth}${ip}${igmp}
-
- echo ${packet} >> ${outfile}
-}
-
-#
-# send_ip_multicast_pkt INPORT HV ETH_SRC ETH_DST IP_SRC IP_DST IP_LEN
-# IP_PROTO DATA OUTFILE
-#
-# This shell function causes an IP multicast packet to be received on INPORT
-# of HV.
-# The hexdump of the packet is stored in OUTFILE.
-#
-send_ip_multicast_pkt() {
- local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ip_src=$5 ip_dst=$6
- local ip_len=$7 ip_chksum=$8 proto=$9 data=${10} outfile=${11}
-
- local ip_ttl=20
-
- local eth=${eth_dst}${eth_src}0800
- local ip=450000${ip_len}95f14000${ip_ttl}${proto}${ip_chksum}${ip_src}${ip_dst}
- local packet=${eth}${ip}${data}
-
- as $hv ovs-appctl netdev-dummy/receive ${inport} ${packet}
- echo ${packet} >> ${outfile}
-}
-
-ovn-nbctl ls-add sw1
-ovn-nbctl ls-add sw2
-
-ovn-nbctl lsp-add sw1 sw1-p11
-ovn-nbctl lsp-add sw1 sw1-p12
-ovn-nbctl lsp-add sw1 sw1-p21
-ovn-nbctl lsp-add sw1 sw1-p22
-ovn-nbctl lsp-add sw2 sw2-p1
-ovn-nbctl lsp-add sw2 sw2-p2
-
-net_add n1
-sim_add hv1
-as hv1
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.1
-ovs-vsctl -- add-port br-int hv1-vif1 -- \
- set interface hv1-vif1 external-ids:iface-id=sw1-p11 \
- options:tx_pcap=hv1/vif1-tx.pcap \
- options:rxq_pcap=hv1/vif1-rx.pcap \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv1-vif2 -- \
- set interface hv1-vif2 external-ids:iface-id=sw1-p12 \
- options:tx_pcap=hv1/vif2-tx.pcap \
- options:rxq_pcap=hv1/vif2-rx.pcap \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv1-vif3 -- \
- set interface hv1-vif3 external-ids:iface-id=sw2-p1 \
- options:tx_pcap=hv1/vif3-tx.pcap \
- options:rxq_pcap=hv1/vif3-rx.pcap \
- ofport-request=1
-
-sim_add hv2
-as hv2
-ovs-vsctl add-br br-phys
-ovn_attach n1 br-phys 192.168.0.2
-ovs-vsctl -- add-port br-int hv2-vif1 -- \
- set interface hv2-vif1 external-ids:iface-id=sw1-p21 \
- options:tx_pcap=hv2/vif1-tx.pcap \
- options:rxq_pcap=hv2/vif1-rx.pcap \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv2-vif2 -- \
- set interface hv2-vif2 external-ids:iface-id=sw1-p22 \
- options:tx_pcap=hv2/vif2-tx.pcap \
- options:rxq_pcap=hv2/vif2-rx.pcap \
- ofport-request=1
-ovs-vsctl -- add-port br-int hv2-vif3 -- \
- set interface hv2-vif3 external-ids:iface-id=sw2-p2 \
- options:tx_pcap=hv2/vif3-tx.pcap \
- options:rxq_pcap=hv2/vif3-rx.pcap \
- ofport-request=1
-
-OVN_POPULATE_ARP
-
-# Enable IGMP snooping on sw1.
-ovn-nbctl set Logical_Switch sw1 other_config:mcast_querier="false"
-ovn-nbctl set Logical_Switch sw1 other_config:mcast_snoop="true"
-
-# No IGMP query should be generated by sw1 (mcast_querier="false").
-truncate -s 0 expected
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected])
-
-ovn-nbctl --wait=hv sync
-
-# Inject IGMP Join for 239.0.1.68 on sw1-p11.
-send_igmp_v3_report hv1-vif1 hv1 \
- 000000000001 $(ip_to_hex 10 0 0 1) f9f8 \
- $(ip_to_hex 239 0 1 68) 04 e9b9 \
- /dev/null
-# Inject IGMP Join for 239.0.1.68 on sw1-p21.
-send_igmp_v3_report hv2-vif1 hv2 000000000002 $(ip_to_hex 10 0 0 2) f9f9 \
- $(ip_to_hex 239 0 1 68) 04 e9b9 \
- /dev/null
-
-# Check that the IGMP Group is learned on both hv.
-OVS_WAIT_UNTIL([
- total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l`
- test "${total_entries}" = "2"
-])
-
-# Send traffic and make sure it gets forwarded only on the two ports that
-# joined.
-truncate -s 0 expected
-truncate -s 0 expected_empty
-send_ip_multicast_pkt hv1-vif2 hv1 \
- 000000000001 01005e000144 \
- $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e ca70 11 \
- e518e518000a3b3a0000 \
- expected
-
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected_empty])
-
-# Inject IGMP Leave for 239.0.1.68 on sw1-p11.
-send_igmp_v3_report hv1-vif1 hv1 \
- 000000000001 $(ip_to_hex 10 0 0 1) f9f8 \
- $(ip_to_hex 239 0 1 68) 03 eab9 \
- /dev/null
-
-# Check IGMP_Group table on both HV.
-OVS_WAIT_UNTIL([
- total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l`
- test "${total_entries}" = "1"
-])
-
-# Send traffic traffic and make sure it gets forwarded only on the port that
-# joined.
-as hv1 reset_pcap_file hv1-vif1 hv1/vif1
-as hv2 reset_pcap_file hv2-vif1 hv2/vif1
-truncate -s 0 expected
-truncate -s 0 expected_empty
-send_ip_multicast_pkt hv1-vif2 hv1 \
- 000000000001 01005e000144 \
- $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e ca70 11 \
- e518e518000a3b3a0000 \
- expected
-
-OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected_empty])
-OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected_empty])
-
-# Flush IGMP groups.
-ovn-sbctl ip-multicast-flush sw1
-ovn-nbctl --wait=hv -t 3 sync
-OVS_WAIT_UNTIL([
- total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l`
- test "${total_entries}" = "0"
-])
-
-# Enable IGMP snooping and querier on sw2 and set query interval to minimum.
-ovn-nbctl set Logical_Switch sw2 \
- other_config:mcast_snoop="true" \
- other_config:mcast_querier="true" \
- other_config:mcast_query_interval=1 \
- other_config:mcast_eth_src="00:00:00:00:02:fe" \
- other_config:mcast_ip4_src="20.0.0.254"
-
-# Wait for 1 query interval (1 sec) and check that two queries are generated.
-truncate -s 0 expected
-store_igmp_v3_query 0000000002fe $(ip_to_hex 20 0 0 254) 84dd expected
-store_igmp_v3_query 0000000002fe $(ip_to_hex 20 0 0 254) 84dd expected
-
-sleep 1
-OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected])
-OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected])
-
-OVN_CLEANUP([hv1], [hv2])
-AT_CLEANUP
diff --git a/tests/system-kmod-testsuite.at b/tests/system-kmod-testsuite.at
index 2fe2e8f9418..3de0290c02f 100644
--- a/tests/system-kmod-testsuite.at
+++ b/tests/system-kmod-testsuite.at
@@ -19,11 +19,9 @@ m4_ifdef([AT_COLOR_TESTS], [AT_COLOR_TESTS])
m4_include([tests/ovs-macros.at])
m4_include([tests/ovsdb-macros.at])
m4_include([tests/ofproto-macros.at])
-m4_include([tests/ovn-macros.at])
m4_include([tests/system-common-macros.at])
m4_include([tests/system-kmod-macros.at])
m4_include([tests/system-traffic.at])
m4_include([tests/system-layer3-tunnels.at])
-m4_include([tests/system-ovn.at])
m4_include([tests/system-interface.at])
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
deleted file mode 100644
index f88ad31e410..00000000000
--- a/tests/system-ovn.at
+++ /dev/null
@@ -1,1667 +0,0 @@
-AT_BANNER([system-ovn])
-
-AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT])
-AT_KEYWORDS([ovnnat])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
-# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
-# to it. R2 is a gateway router on which we add NAT rules.
-#
-# foo -- R1 -- join - R2 -- alice
-# |
-# bar ----
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
- type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Static routes.
-ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
-ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
-
-# Logical port 'foo1' in switch 'foo'.
-ADD_NAMESPACES(foo1)
-ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
- "192.168.1.1")
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Logical port 'alice1' in switch 'alice'.
-ADD_NAMESPACES(alice1)
-ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
- "172.16.1.1")
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Logical port 'bar1' in switch 'bar'.
-ADD_NAMESPACES(bar1)
-ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
-"192.168.2.1")
-ovn-nbctl lsp-add bar bar1 \
--- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
-
-# Add a DNAT rule.
-ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
- external_ip=30.0.0.2 -- add logical_router R2 nat @nat
-
-# Add a SNAT rule
-ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
- external_ip=30.0.0.1 -- add logical_router R2 nat @nat
-
-# wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=30.0.0.1)'])
-
-# 'alice1' should be able to ping 'foo1' directly.
-NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 192.168.1.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# North-South DNAT: 'alice1' should also be able to ping 'foo1' via 30.0.0.2
-NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# Check conntrack entries.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.2) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=172.16.1.2,dst=30.0.0.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.2,id=,type=0,code=0),zone=
-])
-
-# South-North SNAT: 'bar1' pings 'alice1'. But 'alice1' receives traffic
-# from 30.0.0.1
-NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# We verify that SNAT indeed happened via 'dump-conntrack' command.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.2.2,dst=172.16.1.2,id=,type=8,code=0),reply=(src=172.16.1.2,dst=30.0.0.1,id=,type=0,code=0),zone=
-])
-
-# Add static routes to handle east-west NAT.
-ovn-nbctl lr-route-add R1 30.0.0.0/24 20.0.0.2
-
-# wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-
-# Flush conntrack entries for easier output parsing of next test.
-AT_CHECK([ovs-appctl dpctl/flush-conntrack])
-
-# East-west DNAT and SNAT: 'bar1' pings 30.0.0.2. 'foo1' receives it.
-NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# As we have a static route that sends all packets with destination
-# 30.0.0.2 to R2, it hits the DNAT rule and converts 30.0.0.2 to 192.168.1.2
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.2.2,dst=30.0.0.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=192.168.2.2,id=,type=0,code=0),zone=
-])
-
-# As we have a SNAT rule that converts 192.168.2.2 to 30.0.0.1, the source is
-# SNATted and 'foo1' receives it.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.2.2,dst=192.168.1.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=30.0.0.1,id=,type=0,code=0),zone=
-])
-
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
-AT_CLEANUP
-
-AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT])
-AT_KEYWORDS([ovnnat])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) connected
-# to it. R2 has alice (172.16.1.0/24) connected to it.
-# R2 is a gateway router on which we add NAT rules.
-#
-# foo -- R1 -- join - R2 -- alice
-
-ovn-nbctl lr-add R1
-ovn-nbctl lr-add R2 -- set Logical_Router R2 options:chassis=hv1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add join
-
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-
-# Connect foo to R1
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect alice to R2
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Static routes.
-ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
-ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
-
-# Logical port 'foo1' in switch 'foo'.
-ADD_NAMESPACES(foo1)
-ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
- "192.168.1.1")
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Logical port 'alice1' in switch 'alice'.
-ADD_NAMESPACES(alice1)
-ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
- "172.16.1.1")
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Add a SNAT rule
-ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.1.2 \
- external_ip=172.16.1.1 -- add logical_router R2 nat @nat
-
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=172.16.1.1)'])
-
-# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
-# from 172.16.1.1
-NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# We verify that SNAT indeed happened via 'dump-conntrack' command.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.1.2,dst=172.16.1.2,id=,type=8,code=0),reply=(src=172.16.1.2,dst=172.16.1.1,id=,type=0,code=0),zone=
-])
-
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
-AT_CLEANUP
-
-AT_SETUP([ovn -- multiple gateway routers, SNAT and DNAT])
-AT_KEYWORDS([ovnnat])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
-# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
-# to it. R3 has bob (172.16.1.0/24) connected to it. Note how both alice and
-# bob have the same subnet behind it. We are trying to simulate external
-# network via those 2 switches. In real world the switch ports of these
-# switches will have addresses set as "unknown" to make them learning switches.
-# Or those switches will be "localnet" ones.
-#
-# foo -- R1 -- join - R2 -- alice
-# | |
-# bar ---- - R3 --- bob
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
-ovn-nbctl create Logical_Router name=R3 options:chassis=hv1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add bob
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
- type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect bob to R3
-ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24
-ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
- type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Connect R3 to join
-ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
-ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
- type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
-
-# Install static routes with source ip address as the policy for routing.
-# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
-ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
-ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
-
-# Static routes.
-ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
-ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
-
-# For gateway routers R2 and R3, set a force SNAT rule.
-ovn-nbctl set logical_router R2 options:dnat_force_snat_ip=20.0.0.2
-ovn-nbctl set logical_router R3 options:dnat_force_snat_ip=20.0.0.3
-
-# Logical port 'foo1' in switch 'foo'.
-ADD_NAMESPACES(foo1)
-ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
- "192.168.1.1")
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Logical port 'alice1' in switch 'alice'.
-ADD_NAMESPACES(alice1)
-ADD_VETH(alice1, alice1, br-int, "172.16.1.3/24", "f0:00:00:01:02:04", \
- "172.16.1.1")
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.3"
-
-# Logical port 'bar1' in switch 'bar'.
-ADD_NAMESPACES(bar1)
-ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
-"192.168.2.1")
-ovn-nbctl lsp-add bar bar1 \
--- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
-
-# Logical port 'bob1' in switch 'bob'.
-ADD_NAMESPACES(bob1)
-ADD_VETH(bob1, bob1, br-int, "172.16.1.4/24", "f0:00:00:01:02:06", \
- "172.16.1.2")
-ovn-nbctl lsp-add bob bob1 \
--- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4"
-
-# Router R2
-# Add a DNAT rule.
-ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
- external_ip=30.0.0.2 -- add logical_router R2 nat @nat
-
-# Add a SNAT rule
-ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.1.2 \
- external_ip=30.0.0.1 -- add logical_router R2 nat @nat
-
-# Router R3
-# Add a DNAT rule.
-ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
- external_ip=30.0.0.3 -- add logical_router R3 nat @nat
-
-# Add a SNAT rule
-ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
- external_ip=30.0.0.4 -- add logical_router R3 nat @nat
-
-# wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=30.0.0.4)'])
-
-# North-South DNAT: 'alice1' should be able to ping 'foo1' via 30.0.0.2
-NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# Check conntrack entries.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.3) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=172.16.1.3,dst=30.0.0.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.3,id=,type=0,code=0),zone=
-])
-
-# But foo1 should receive traffic from 20.0.0.2
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.2) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=172.16.1.3,dst=192.168.1.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=20.0.0.2,id=,type=0,code=0),zone=
-])
-
-# North-South DNAT: 'bob1' should be able to ping 'foo1' via 30.0.0.3
-NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.3 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# Check conntrack entries.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.4) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=172.16.1.4,dst=30.0.0.3,id=,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.4,id=,type=0,code=0),zone=
-])
-
-# But foo1 should receive traffic from 20.0.0.3
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.3) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=172.16.1.4,dst=192.168.1.2,id=,type=8,code=0),reply=(src=192.168.1.2,dst=20.0.0.3,id=,type=0,code=0),zone=
-])
-
-# South-North SNAT: 'bar1' pings 'bob1'. But 'bob1' receives traffic
-# from 30.0.0.4
-NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.4 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# We verify that SNAT indeed happened via 'dump-conntrack' command.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.4) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.2.2,dst=172.16.1.4,id=,type=8,code=0),reply=(src=172.16.1.4,dst=30.0.0.4,id=,type=0,code=0),zone=
-])
-
-# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
-# from 30.0.0.1
-NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.3 | FORMAT_PING], \
-[0], [dnl
-3 packets transmitted, 3 received, 0% packet loss, time 0ms
-])
-
-# We verify that SNAT indeed happened via 'dump-conntrack' command.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-icmp,orig=(src=192.168.1.2,dst=172.16.1.3,id=,type=8,code=0),reply=(src=172.16.1.3,dst=30.0.0.1,id=,type=0,code=0),zone=
-])
-
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
-AT_CLEANUP
-
-AT_SETUP([ovn -- load-balancing])
-AT_KEYWORDS([ovnlb])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# 2 logical switches "foo" (192.168.1.0/24) and "bar" (172.16.1.0/24)
-# connected to a router R1.
-# foo has foo1 to act as a client.
-# bar has bar1, bar2, bar3 to act as servers.
-#
-# Loadbalancer VIPs in 30.0.0.0/24 network.
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 172.16.1.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
- type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Create logical port 'foo1' in switch 'foo'.
-ADD_NAMESPACES(foo1)
-ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
- "192.168.1.1")
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Create logical ports 'bar1', 'bar2', 'bar3' in switch 'bar'.
-ADD_NAMESPACES(bar1)
-ADD_VETH(bar1, bar1, br-int, "172.16.1.2/24", "f0:00:0f:01:02:03", \
- "172.16.1.1")
-ovn-nbctl lsp-add bar bar1 \
--- lsp-set-addresses bar1 "f0:00:0f:01:02:03 172.16.1.2"
-
-ADD_NAMESPACES(bar2)
-ADD_VETH(bar2, bar2, br-int, "172.16.1.3/24", "f0:00:0f:01:02:04", \
- "172.16.1.1")
-ovn-nbctl lsp-add bar bar2 \
--- lsp-set-addresses bar2 "f0:00:0f:01:02:04 172.16.1.3"
-
-ADD_NAMESPACES(bar3)
-ADD_VETH(bar3, bar3, br-int, "172.16.1.4/24", "f0:00:0f:01:02:05", \
- "172.16.1.1")
-ovn-nbctl lsp-add bar bar3 \
--- lsp-set-addresses bar3 "f0:00:0f:01:02:05 172.16.1.4"
-
-# Config OVN load-balancer with a VIP.
-uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="172.16.1.2,172.16.1.3,172.16.1.4"`
-ovn-nbctl set logical_switch foo load_balancer=$uuid
-
-# Create another load-balancer with another VIP.
-uuid=`ovn-nbctl create load_balancer vips:30.0.0.3="172.16.1.2,172.16.1.3,172.16.1.4"`
-ovn-nbctl add logical_switch foo load_balancer $uuid
-
-# Config OVN load-balancer with another VIP (this time with ports).
-ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"172.16.1.2:80,172.16.1.3:80,172.16.1.4:80"'
-
-# Wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
-grep 'nat(dst=172.16.1.4:80)'])
-
-# Start webservers in 'bar1', 'bar2' and 'bar3'.
-OVS_START_L7([bar1], [http])
-OVS_START_L7([bar2], [http])
-OVS_START_L7([bar3], [http])
-
-dnl Should work with the virtual IP 30.0.0.1 address through NAT
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([foo1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=172.16.1.2,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=172.16.1.3,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=172.16.1.4,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-dnl Should work with the virtual IP 30.0.0.3 address through NAT
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([foo1], [wget 30.0.0.3 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.3) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=,dport=),reply=(src=172.16.1.2,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=,dport=),reply=(src=172.16.1.3,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=,dport=),reply=(src=172.16.1.4,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-dnl Test load-balancing that includes L4 ports in NAT.
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([foo1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=172.16.1.2,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=172.16.1.3,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=172.16.1.4,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
-AT_CLEANUP
-
-AT_SETUP([ovn -- load-balancing - same subnet.])
-AT_KEYWORDS([ovnlb])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# 1 logical switch "foo" (192.168.1.0/24) connected to router R1.
-# foo has foo1, foo2, foo3, foo4 as logical ports.
-#
-# Loadbalancer VIPs in 30.0.0.0/24 network. Router is needed for default
-# gateway. We will test load-balancing with foo1 as a client and foo2, foo3 and
-# foo4 as servers.
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl ls-add foo
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Create logical port 'foo1', 'foo2', 'foo3' and 'foo4' in switch 'foo'.
-ADD_NAMESPACES(foo1, foo2, foo3, foo4)
-for i in `seq 1 4`; do
- j=`expr $i + 1`
- ADD_VETH(foo$i, foo$i, br-int, "192.168.1.$j/24", "f0:00:00:01:02:0$j", \
- "192.168.1.1")
- ovn-nbctl lsp-add foo foo$i \
- -- lsp-set-addresses foo$i "f0:00:00:01:02:0$j 192.168.1.$j"
-done
-
-# Config OVN load-balancer with a VIP.
-uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="192.168.1.3,192.168.1.4,192.168.1.5"`
-ovn-nbctl set logical_switch foo load_balancer=$uuid
-
-# Config OVN load-balancer with another VIP (this time with ports).
-ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.3:80,192.168.1.4:80,192.168.1.5:80"'
-
-# Wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
-grep 'nat(dst=192.168.1.5:80)'])
-
-# Start webservers in 'foo2', 'foo3' and 'foo4'.
-OVS_START_L7([foo2], [http])
-OVS_START_L7([foo3], [http])
-OVS_START_L7([foo4], [http])
-
-dnl Should work with the virtual IP address through NAT
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([foo1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=192.168.1.3,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=192.168.1.4,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=192.168.1.5,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-dnl Test load-balancing that includes L4 ports in NAT.
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([foo1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=192.168.1.3,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=192.168.1.4,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(src=192.168.1.5,dst=192.168.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-
-OVS_APP_EXIT_AND_WAIT([ovn-controller])
-
-as ovn-sb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as ovn-nb
-OVS_APP_EXIT_AND_WAIT([ovsdb-server])
-
-as northd
-OVS_APP_EXIT_AND_WAIT([ovn-northd])
-
-as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
-AT_CLEANUP
-
-AT_SETUP([ovn -- load balancing in gateway router])
-AT_KEYWORDS([ovnlb])
-
-CHECK_CONNTRACK()
-CHECK_CONNTRACK_NAT()
-ovn_start
-OVS_TRAFFIC_VSWITCHD_START()
-ADD_BR([br-int])
-
-# Set external-ids in br-int needed for ovn-controller
-ovs-vsctl \
- -- set Open_vSwitch . external-ids:system-id=hv1 \
- -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
- -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
- -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
- -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
-
-# Start ovn-controller
-start_daemon ovn-controller
-
-# Logical network:
-# Two LRs - R1 and R2 that are connected to each other via LS "join"
-# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
-# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
-# to it. R2 is a gateway router on which we add load-balancing rules.
-#
-# foo -- R1 -- join - R2 -- alice
-# |
-# bar ----
-
-ovn-nbctl create Logical_Router name=R1
-ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
-
-ovn-nbctl ls-add foo
-ovn-nbctl ls-add bar
-ovn-nbctl ls-add alice
-ovn-nbctl ls-add join
-
-# Connect foo to R1
-ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
-ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
- type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
-
-# Connect bar to R1
-ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
-ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
- type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
-
-# Connect alice to R2
-ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
-ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
- type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
-
-# Connect R1 to join
-ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
-ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
- type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
-
-# Connect R2 to join
-ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
-ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
- type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
-
-# Static routes.
-ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
-ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
-
-# Logical port 'foo1' in switch 'foo'.
-ADD_NAMESPACES(foo1)
-ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
- "192.168.1.1")
-ovn-nbctl lsp-add foo foo1 \
--- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
-
-# Logical port 'alice1' in switch 'alice'.
-ADD_NAMESPACES(alice1)
-ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
- "172.16.1.1")
-ovn-nbctl lsp-add alice alice1 \
--- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
-
-# Logical port 'bar1' in switch 'bar'.
-ADD_NAMESPACES(bar1)
-ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
-"192.168.2.1")
-ovn-nbctl lsp-add bar bar1 \
--- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
-
-# Config OVN load-balancer with a VIP.
-uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="192.168.1.2,192.168.2.2"`
-ovn-nbctl set logical_router R2 load_balancer=$uuid
-
-# Config OVN load-balancer with another VIP (this time with ports).
-ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.168.2.2:80"'
-
-# Add SNAT rule to make sure that Load-balancing still works with a SNAT rule.
-ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
- external_ip=30.0.0.2 -- add logical_router R2 nat @nat
-
-
-# Wait for ovn-controller to catch up.
-ovn-nbctl --wait=hv sync
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
-grep 'nat(dst=192.168.2.2:80)'])
-
-# Start webservers in 'foo1', 'bar1'.
-OVS_START_L7([foo1], [http])
-OVS_START_L7([bar1], [http])
-
-dnl Should work with the virtual IP address through NAT
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([alice1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) |
-sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-tcp,orig=(src=172.16.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=192.168.1.2,dst=172.16.1.2,sport=,dport=),zone=,protoinfo=(state=)
-tcp,orig=(src=172.16.1.2,dst=30.0.0.1,sport=,dport=),reply=(src=192.168.2.2,dst=172.16.1.2,sport=,dport=),zone=,protoinfo=(state=)
-])
-
-dnl Test load-balancing that includes L4 ports in NAT.
-for i in `seq 1 20`; do
- echo Request $i
- NS_CHECK_EXEC([alice1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
-done
-
-dnl Each server should have at least one connection.
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) |
-sed -e 's/zone=[[0-9]]*/zone=