]> git.proxmox.com Git - mirror_ovs.git/blob - ovn/controller/physical.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovn-controller: Rename "ovn-patch-port" to "ovn-localnet-port".
[mirror_ovs.git] / ovn / controller / physical.c
1 /* Copyright (c) 2015 Nicira, Inc.
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <config.h>
17 #include "physical.h"
18 #include "lflow.h"
19 #include "match.h"
20 #include "ofctrl.h"
21 #include "ofp-actions.h"
22 #include "ofpbuf.h"
23 #include "ovn-controller.h"
24 #include "ovn/lib/ovn-sb-idl.h"
25 #include "openvswitch/vlog.h"
26 #include "shash.h"
27 #include "simap.h"
28 #include "smap.h"
29 #include "sset.h"
30 #include "vswitch-idl.h"
31
32 VLOG_DEFINE_THIS_MODULE(physical);
33
34 void
35 physical_register_ovs_idl(struct ovsdb_idl *ovs_idl)
36 {
37 ovsdb_idl_add_table(ovs_idl, &ovsrec_table_bridge);
38 ovsdb_idl_add_column(ovs_idl, &ovsrec_bridge_col_ports);
39
40 ovsdb_idl_add_table(ovs_idl, &ovsrec_table_port);
41 ovsdb_idl_add_column(ovs_idl, &ovsrec_port_col_name);
42 ovsdb_idl_add_column(ovs_idl, &ovsrec_port_col_interfaces);
43 ovsdb_idl_add_column(ovs_idl, &ovsrec_port_col_external_ids);
44
45 ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface);
46 ovsdb_idl_add_column(ovs_idl, &ovsrec_interface_col_name);
47 ovsdb_idl_add_column(ovs_idl, &ovsrec_interface_col_ofport);
48 ovsdb_idl_add_column(ovs_idl, &ovsrec_interface_col_external_ids);
49 }
50
51 /* Maps from a chassis to the OpenFlow port number of the tunnel that can be
52 * used to reach that chassis. */
53 struct chassis_tunnel {
54 struct hmap_node hmap_node;
55 const char *chassis_id;
56 ofp_port_t ofport;
57 enum chassis_tunnel_type type;
58 };
59
60 static struct chassis_tunnel *
61 chassis_tunnel_find(struct hmap *tunnels, const char *chassis_id)
62 {
63 struct chassis_tunnel *tun;
64 HMAP_FOR_EACH_WITH_HASH (tun, hmap_node, hash_string(chassis_id, 0),
65 tunnels) {
66 if (!strcmp(tun->chassis_id, chassis_id)) {
67 return tun;
68 }
69 }
70 return NULL;
71 }
72
73 static void
74 put_load(uint64_t value, enum mf_field_id dst, int ofs, int n_bits,
75 struct ofpbuf *ofpacts)
76 {
77 struct ofpact_set_field *sf = ofpact_put_SET_FIELD(ofpacts);
78 sf->field = mf_from_id(dst);
79 sf->flow_has_vlan = false;
80
81 ovs_be64 n_value = htonll(value);
82 bitwise_copy(&n_value, 8, 0, &sf->value, sf->field->n_bytes, ofs, n_bits);
83 bitwise_one(&sf->mask, sf->field->n_bytes, ofs, n_bits);
84 }
85
86 static void
87 put_move(enum mf_field_id src, int src_ofs,
88 enum mf_field_id dst, int dst_ofs,
89 int n_bits,
90 struct ofpbuf *ofpacts)
91 {
92 struct ofpact_reg_move *move = ofpact_put_REG_MOVE(ofpacts);
93 move->src.field = mf_from_id(src);
94 move->src.ofs = src_ofs;
95 move->src.n_bits = n_bits;
96 move->dst.field = mf_from_id(dst);
97 move->dst.ofs = dst_ofs;
98 move->dst.n_bits = n_bits;
99 }
100
101 static void
102 put_resubmit(uint8_t table_id, struct ofpbuf *ofpacts)
103 {
104 struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(ofpacts);
105 resubmit->in_port = OFPP_IN_PORT;
106 resubmit->table_id = table_id;
107 }
108
109 static void
110 put_encapsulation(enum mf_field_id mff_ovn_geneve,
111 const struct chassis_tunnel *tun,
112 const struct sbrec_datapath_binding *datapath,
113 uint16_t outport, struct ofpbuf *ofpacts)
114 {
115 if (tun->type == GENEVE) {
116 put_load(datapath->tunnel_key, MFF_TUN_ID, 0, 24, ofpacts);
117 put_load(outport, mff_ovn_geneve, 0, 32, ofpacts);
118 put_move(MFF_LOG_INPORT, 0, mff_ovn_geneve, 16, 15, ofpacts);
119 } else if (tun->type == STT) {
120 put_load(datapath->tunnel_key | (outport << 24), MFF_TUN_ID, 0, 64,
121 ofpacts);
122 put_move(MFF_LOG_INPORT, 0, MFF_TUN_ID, 40, 15, ofpacts);
123 } else if (tun->type == VXLAN) {
124 put_load(datapath->tunnel_key, MFF_TUN_ID, 0, 24, ofpacts);
125 } else {
126 OVS_NOT_REACHED();
127 }
128 }
129
130 static void
131 put_stack(enum mf_field_id field, struct ofpact_stack *stack)
132 {
133 stack->subfield.field = mf_from_id(field);
134 stack->subfield.ofs = 0;
135 stack->subfield.n_bits = stack->subfield.field->n_bits;
136 }
137
138 void
139 physical_run(struct controller_ctx *ctx, enum mf_field_id mff_ovn_geneve,
140 const struct ovsrec_bridge *br_int, const char *this_chassis_id,
141 const struct simap *ct_zones, struct hmap *flow_table)
142 {
143 struct simap localvif_to_ofport = SIMAP_INITIALIZER(&localvif_to_ofport);
144 struct hmap tunnels = HMAP_INITIALIZER(&tunnels);
145 struct simap localnet_to_ofport = SIMAP_INITIALIZER(&localnet_to_ofport);
146
147 for (int i = 0; i < br_int->n_ports; i++) {
148 const struct ovsrec_port *port_rec = br_int->ports[i];
149 if (!strcmp(port_rec->name, br_int->name)) {
150 continue;
151 }
152
153 const char *chassis_id = smap_get(&port_rec->external_ids,
154 "ovn-chassis-id");
155 if (chassis_id && !strcmp(chassis_id, this_chassis_id)) {
156 continue;
157 }
158
159 const char *localnet = smap_get(&port_rec->external_ids,
160 "ovn-localnet-port");
161
162 for (int j = 0; j < port_rec->n_interfaces; j++) {
163 const struct ovsrec_interface *iface_rec = port_rec->interfaces[j];
164
165 /* Get OpenFlow port number. */
166 if (!iface_rec->n_ofport) {
167 continue;
168 }
169 int64_t ofport = iface_rec->ofport[0];
170 if (ofport < 1 || ofport > ofp_to_u16(OFPP_MAX)) {
171 continue;
172 }
173
174 /* Record as patch to local net, chassis, or local logical port. */
175 if (!strcmp(iface_rec->type, "patch") && localnet) {
176 simap_put(&localnet_to_ofport, localnet, ofport);
177 break;
178 } else if (chassis_id) {
179 enum chassis_tunnel_type tunnel_type;
180 if (!strcmp(iface_rec->type, "geneve")) {
181 tunnel_type = GENEVE;
182 if (!mff_ovn_geneve) {
183 continue;
184 }
185 } else if (!strcmp(iface_rec->type, "stt")) {
186 tunnel_type = STT;
187 } else if (!strcmp(iface_rec->type, "vxlan")) {
188 tunnel_type = VXLAN;
189 } else {
190 continue;
191 }
192
193 struct chassis_tunnel *tun = xmalloc(sizeof *tun);
194 hmap_insert(&tunnels, &tun->hmap_node,
195 hash_string(chassis_id, 0));
196 tun->chassis_id = chassis_id;
197 tun->ofport = u16_to_ofp(ofport);
198 tun->type = tunnel_type;
199 break;
200 } else {
201 const char *iface_id = smap_get(&iface_rec->external_ids,
202 "iface-id");
203 if (iface_id) {
204 simap_put(&localvif_to_ofport, iface_id, ofport);
205 }
206 }
207 }
208 }
209
210 struct ofpbuf ofpacts;
211 ofpbuf_init(&ofpacts, 0);
212
213 struct binding_elem {
214 struct ovs_list list_elem;
215 const struct sbrec_port_binding *binding;
216 };
217 /* The bindings for a given VLAN on a localnet port. */
218 struct localnet_vlan {
219 struct hmap_node node;
220 int tag;
221 struct ovs_list bindings;
222 };
223 /* A hash of localnet_vlans, hashed on VLAN ID, for a localnet port */
224 struct localnet_bindings {
225 ofp_port_t ofport;
226 struct hmap vlans;
227 };
228 /* Maps from network name to "struct localnet_bindings". */
229 struct shash localnet_inputs = SHASH_INITIALIZER(&localnet_inputs);
230
231 /* Contains bare "struct hmap_node"s whose hash values are the tunnel_key
232 * of datapaths with at least one local port binding. */
233 struct hmap local_datapaths = HMAP_INITIALIZER(&local_datapaths);
234
235 /* Set up flows in table 0 for physical-to-logical translation and in table
236 * 64 for logical-to-physical translation. */
237 const struct sbrec_port_binding *binding;
238 SBREC_PORT_BINDING_FOR_EACH (binding, ctx->ovnsb_idl) {
239 /* Find the OpenFlow port for the logical port, as 'ofport'. This is
240 * one of:
241 *
242 * - If the port is a VIF on the chassis we're managing, the
243 * OpenFlow port for the VIF. 'tun' will be NULL.
244 *
245 * In this or the next case, for a container nested inside a VM
246 * and accessible via a VLAN, 'tag' is the VLAN ID; otherwise
247 * 'tag' is 0.
248 *
249 * - If the port is on a remote chassis, the OpenFlow port for a
250 * tunnel to the VIF's remote chassis. 'tun' identifies that
251 * tunnel.
252 *
253 * - If the port is a "localnet" port for a network that is
254 * attached to the chassis we're managing, the OpenFlow port for
255 * the localnet port (a patch port).
256 *
257 * The "localnet" port may be configured with a VLAN ID. If so,
258 * 'tag' will be set to that VLAN ID; otherwise 'tag' is 0.
259 */
260
261 int tag = 0;
262 ofp_port_t ofport;
263 if (!strcmp(binding->type, "localnet")) {
264 const char *network = smap_get(&binding->options, "network_name");
265 if (!network) {
266 continue;
267 }
268 ofport = u16_to_ofp(simap_get(&localnet_to_ofport, network));
269 if (ofport && binding->tag) {
270 tag = *binding->tag;
271 }
272 } else if (binding->parent_port) {
273 if (!binding->tag) {
274 continue;
275 }
276 ofport = u16_to_ofp(simap_get(&localvif_to_ofport,
277 binding->parent_port));
278 if (ofport) {
279 tag = *binding->tag;
280 }
281 } else {
282 ofport = u16_to_ofp(simap_get(&localvif_to_ofport,
283 binding->logical_port));
284 }
285
286 const struct chassis_tunnel *tun = NULL;
287 if (!ofport) {
288 if (!binding->chassis) {
289 continue;
290 }
291 tun = chassis_tunnel_find(&tunnels, binding->chassis->name);
292 if (!tun) {
293 continue;
294 }
295 ofport = tun->ofport;
296 }
297
298 struct match match;
299 if (!tun) {
300 int zone_id = simap_get(ct_zones, binding->logical_port);
301 /* Packets that arrive from a vif can belong to a VM or
302 * to a container located inside that VM. Packets that
303 * arrive from containers have a tag (vlan) associated with them.
304 */
305
306 /* Table 0, Priority 150 and 100.
307 * ==============================
308 *
309 * Priority 150 is for tagged traffic. This may be containers in a
310 * VM or a VLAN on a local network. For such traffic, match on the
311 * tags and then strip the tag.
312 *
313 * Priority 100 is for traffic belonging to VMs or untagged locally
314 * connected networks.
315 *
316 * For both types of traffic: set MFF_LOG_INPORT to the logical
317 * input port, MFF_LOG_DATAPATH to the logical datapath, and
318 * resubmit into the logical ingress pipeline starting at table
319 * 16. */
320 if (!strcmp(binding->type, "localnet")) {
321 /* The same OpenFlow port may correspond to localnet ports
322 * attached to more than one logical datapath, so keep track of
323 * all associated bindings and add a flow at the end. */
324
325 const char *network
326 = smap_get(&binding->options, "network_name");
327 struct localnet_bindings *ln_bindings;
328 struct hmap_node *node;
329 struct localnet_vlan *ln_vlan;
330
331 ln_bindings = shash_find_data(&localnet_inputs, network);
332 if (!ln_bindings) {
333 ln_bindings = xmalloc(sizeof *ln_bindings);
334 ln_bindings->ofport = ofport;
335 hmap_init(&ln_bindings->vlans);
336 shash_add(&localnet_inputs, network, ln_bindings);
337 }
338 node = hmap_first_with_hash(&ln_bindings->vlans, tag);
339 if (node) {
340 ASSIGN_CONTAINER(ln_vlan, node, node);
341 } else {
342 ln_vlan = xmalloc(sizeof *ln_vlan);
343 ln_vlan->tag = tag;
344 list_init(&ln_vlan->bindings);
345 hmap_insert(&ln_bindings->vlans, &ln_vlan->node, tag);
346 }
347
348 struct binding_elem *b = xmalloc(sizeof *b);
349 b->binding = binding;
350 list_insert(&ln_vlan->bindings, &b->list_elem);
351 } else {
352 struct hmap_node *ld;
353 ld = hmap_first_with_hash(&local_datapaths,
354 binding->datapath->tunnel_key);
355 if (!ld) {
356 ld = xmalloc(sizeof *ld);
357 hmap_insert(&local_datapaths, ld,
358 binding->datapath->tunnel_key);
359 }
360
361 ofpbuf_clear(&ofpacts);
362 match_init_catchall(&match);
363 match_set_in_port(&match, ofport);
364 if (tag) {
365 match_set_dl_vlan(&match, htons(tag));
366 }
367
368 if (zone_id) {
369 put_load(zone_id, MFF_LOG_CT_ZONE, 0, 32, &ofpacts);
370 }
371
372 /* Set MFF_LOG_DATAPATH and MFF_LOG_INPORT. */
373 put_load(binding->datapath->tunnel_key, MFF_LOG_DATAPATH, 0, 64,
374 &ofpacts);
375 put_load(binding->tunnel_key, MFF_LOG_INPORT, 0, 32,
376 &ofpacts);
377
378 /* Strip vlans. */
379 if (tag) {
380 ofpact_put_STRIP_VLAN(&ofpacts);
381 }
382
383 /* Resubmit to first logical ingress pipeline table. */
384 put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
385 ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG,
386 tag ? 150 : 100, &match, &ofpacts);
387 }
388
389 /* Table 33, priority 100.
390 * =======================
391 *
392 * Implements output to local hypervisor. Each flow matches a
393 * logical output port on the local hypervisor, and resubmits to
394 * table 34.
395 */
396
397 match_init_catchall(&match);
398 ofpbuf_clear(&ofpacts);
399
400 /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
401 match_set_metadata(&match, htonll(binding->datapath->tunnel_key));
402 match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0,
403 binding->tunnel_key);
404
405 if (zone_id) {
406 put_load(zone_id, MFF_LOG_CT_ZONE, 0, 32, &ofpacts);
407 }
408
409 /* Resubmit to table 34. */
410 put_resubmit(OFTABLE_DROP_LOOPBACK, &ofpacts);
411 ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, &match,
412 &ofpacts);
413
414 /* Table 64, Priority 100.
415 * =======================
416 *
417 * Deliver the packet to the local vif. */
418 match_init_catchall(&match);
419 ofpbuf_clear(&ofpacts);
420 match_set_metadata(&match, htonll(binding->datapath->tunnel_key));
421 match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0,
422 binding->tunnel_key);
423 if (tag) {
424 /* For containers sitting behind a local vif, tag the packets
425 * before delivering them. */
426 struct ofpact_vlan_vid *vlan_vid;
427 vlan_vid = ofpact_put_SET_VLAN_VID(&ofpacts);
428 vlan_vid->vlan_vid = tag;
429 vlan_vid->push_vlan_if_needed = true;
430
431 /* A packet might need to hair-pin back into its ingress
432 * OpenFlow port (to a different logical port, which we already
433 * checked back in table 34), so set the in_port to zero. */
434 put_stack(MFF_IN_PORT, ofpact_put_STACK_PUSH(&ofpacts));
435 put_load(0, MFF_IN_PORT, 0, 16, &ofpacts);
436 }
437 ofpact_put_OUTPUT(&ofpacts)->port = ofport;
438 if (tag) {
439 /* Revert the tag added to the packets headed to containers
440 * in the previous step. If we don't do this, the packets
441 * that are to be broadcasted to a VM in the same logical
442 * switch will also contain the tag. Also revert the zero'd
443 * in_port. */
444 ofpact_put_STRIP_VLAN(&ofpacts);
445 put_stack(MFF_IN_PORT, ofpact_put_STACK_POP(&ofpacts));
446 }
447 ofctrl_add_flow(flow_table, OFTABLE_LOG_TO_PHY, 100,
448 &match, &ofpacts);
449 } else {
450 /* Table 32, priority 100.
451 * =======================
452 *
453 * Implements output to remote hypervisors. Each flow matches an
454 * output port that includes a logical port on a remote hypervisor,
455 * and tunnels the packet to that hypervisor.
456 */
457
458 match_init_catchall(&match);
459 ofpbuf_clear(&ofpacts);
460
461 /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
462 match_set_metadata(&match, htonll(binding->datapath->tunnel_key));
463 match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0,
464 binding->tunnel_key);
465
466 put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
467 binding->tunnel_key, &ofpacts);
468
469 /* Output to tunnel. */
470 ofpact_put_OUTPUT(&ofpacts)->port = ofport;
471 ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100,
472 &match, &ofpacts);
473 }
474
475 /* Table 34, Priority 100.
476 * =======================
477 *
478 * Drop packets whose logical inport and outport are the same. */
479 match_init_catchall(&match);
480 ofpbuf_clear(&ofpacts);
481 match_set_metadata(&match, htonll(binding->datapath->tunnel_key));
482 match_set_reg(&match, MFF_LOG_INPORT - MFF_REG0, binding->tunnel_key);
483 match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, binding->tunnel_key);
484 ofctrl_add_flow(flow_table, OFTABLE_DROP_LOOPBACK, 100,
485 &match, &ofpacts);
486 }
487
488 /* Handle output to multicast groups, in tables 32 and 33. */
489 const struct sbrec_multicast_group *mc;
490 SBREC_MULTICAST_GROUP_FOR_EACH (mc, ctx->ovnsb_idl) {
491 struct sset remote_chassis = SSET_INITIALIZER(&remote_chassis);
492 struct match match;
493
494 match_init_catchall(&match);
495 match_set_metadata(&match, htonll(mc->datapath->tunnel_key));
496 match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, mc->tunnel_key);
497
498 /* Go through all of the ports in the multicast group:
499 *
500 * - For local ports, add actions to 'ofpacts' to set the output
501 * port and resubmit.
502 *
503 * - For remote ports, add the chassis to 'remote_chassis'. */
504 ofpbuf_clear(&ofpacts);
505 for (size_t i = 0; i < mc->n_ports; i++) {
506 struct sbrec_port_binding *port = mc->ports[i];
507
508 if (port->datapath != mc->datapath) {
509 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
510 VLOG_WARN_RL(&rl, UUID_FMT": multicast group contains ports "
511 "in wrong datapath",
512 UUID_ARGS(&mc->header_.uuid));
513 continue;
514 }
515
516 int zone_id = simap_get(ct_zones, port->logical_port);
517 if (zone_id) {
518 put_load(zone_id, MFF_LOG_CT_ZONE, 0, 32, &ofpacts);
519 }
520
521 if (simap_contains(&localvif_to_ofport,
522 port->parent_port
523 ? port->parent_port : port->logical_port)) {
524 put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
525 put_resubmit(OFTABLE_DROP_LOOPBACK, &ofpacts);
526 } else if (port->chassis) {
527 sset_add(&remote_chassis, port->chassis->name);
528 } else if (!strcmp(port->type, "localnet")) {
529 const char *network = smap_get(&port->options, "network_name");
530 if (!network) {
531 continue;
532 }
533 if (!simap_contains(&localnet_to_ofport, network)) {
534 continue;
535 }
536 put_load(port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
537 put_resubmit(OFTABLE_DROP_LOOPBACK, &ofpacts);
538 }
539 }
540
541 /* Table 33, priority 100.
542 * =======================
543 *
544 * Handle output to the local logical ports in the multicast group, if
545 * any. */
546 bool local_ports = ofpacts.size > 0;
547 if (local_ports) {
548 /* Following delivery to local logical ports, restore the multicast
549 * group as the logical output port. */
550 put_load(mc->tunnel_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
551
552 ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100,
553 &match, &ofpacts);
554 }
555
556 /* Table 32, priority 100.
557 * =======================
558 *
559 * Handle output to the remote chassis in the multicast group, if
560 * any. */
561 if (!sset_is_empty(&remote_chassis)) {
562 ofpbuf_clear(&ofpacts);
563
564 const char *chassis;
565 const struct chassis_tunnel *prev = NULL;
566 SSET_FOR_EACH (chassis, &remote_chassis) {
567 const struct chassis_tunnel *tun
568 = chassis_tunnel_find(&tunnels, chassis);
569 if (!tun) {
570 continue;
571 }
572
573 if (!prev || tun->type != prev->type) {
574 put_encapsulation(mff_ovn_geneve, tun,
575 mc->datapath, mc->tunnel_key, &ofpacts);
576 prev = tun;
577 }
578 ofpact_put_OUTPUT(&ofpacts)->port = tun->ofport;
579 }
580
581 if (ofpacts.size) {
582 if (local_ports) {
583 put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
584 }
585 ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100,
586 &match, &ofpacts);
587 }
588 }
589 sset_destroy(&remote_chassis);
590 }
591
592 /* Table 0, priority 100.
593 * ======================
594 *
595 * Process packets that arrive from a remote hypervisor (by matching
596 * on tunnel in_port). */
597
598 /* Add flows for Geneve and STT encapsulations. These
599 * encapsulations have metadata about the ingress and egress logical
600 * ports. We set MFF_LOG_DATAPATH, MFF_LOG_INPORT, and
601 * MFF_LOG_OUTPORT from the tunnel key data, then resubmit to table
602 * 33 to handle packets to the local hypervisor. */
603 struct chassis_tunnel *tun;
604 HMAP_FOR_EACH (tun, hmap_node, &tunnels) {
605 struct match match = MATCH_CATCHALL_INITIALIZER;
606 match_set_in_port(&match, tun->ofport);
607
608 ofpbuf_clear(&ofpacts);
609 if (tun->type == GENEVE) {
610 put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
611 put_move(mff_ovn_geneve, 16, MFF_LOG_INPORT, 0, 15,
612 &ofpacts);
613 put_move(mff_ovn_geneve, 0, MFF_LOG_OUTPORT, 0, 16,
614 &ofpacts);
615 } else if (tun->type == STT) {
616 put_move(MFF_TUN_ID, 40, MFF_LOG_INPORT, 0, 15, &ofpacts);
617 put_move(MFF_TUN_ID, 24, MFF_LOG_OUTPORT, 0, 16, &ofpacts);
618 put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
619 } else if (tun->type == VXLAN) {
620 /* We'll handle VXLAN later. */
621 continue;
622 } else {
623 OVS_NOT_REACHED();
624 }
625
626 put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
627
628 ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 100, &match, &ofpacts);
629 }
630
631 /* Add flows for VXLAN encapsulations. Due to the limited amount of
632 * metadata, we only support VXLAN for connections to gateways. The
633 * VNI is used to populate MFF_LOG_DATAPATH. The gateway's logical
634 * port is set to MFF_LOG_INPORT. Then the packet is resubmitted to
635 * table 16 to determine the logical egress port.
636 *
637 * xxx Due to resubmitting to table 16, broadcasts will be re-sent to
638 * xxx all logical ports, including non-local ones which could cause
639 * xxx duplicate packets to be received by multiply-connected gateways. */
640 HMAP_FOR_EACH (tun, hmap_node, &tunnels) {
641 if (tun->type != VXLAN) {
642 continue;
643 }
644
645 SBREC_PORT_BINDING_FOR_EACH (binding, ctx->ovnsb_idl) {
646 struct match match = MATCH_CATCHALL_INITIALIZER;
647
648 if (!binding->chassis ||
649 strcmp(tun->chassis_id, binding->chassis->name)) {
650 continue;
651 }
652
653 match_set_in_port(&match, tun->ofport);
654 match_set_tun_id(&match, htonll(binding->datapath->tunnel_key));
655
656 ofpbuf_clear(&ofpacts);
657 put_move(MFF_TUN_ID, 0, MFF_LOG_DATAPATH, 0, 24, &ofpacts);
658 put_load(binding->tunnel_key, MFF_LOG_INPORT, 0, 15, &ofpacts);
659 put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
660
661 ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 100, &match,
662 &ofpacts);
663 }
664 }
665
666 /* Table 32, Priority 0.
667 * =======================
668 *
669 * Resubmit packets that are not directed at tunnels or part of a
670 * multicast group to the local output table. */
671 struct match match;
672 match_init_catchall(&match);
673 ofpbuf_clear(&ofpacts);
674 put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
675 ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 0, &match, &ofpacts);
676
677 /* Table 34, Priority 0.
678 * =======================
679 *
680 * Resubmit packets that don't output to the ingress port (already checked
681 * in table 33) to the logical egress pipeline, clearing the logical
682 * registers (for consistent behavior with packets that get tunneled). */
683 match_init_catchall(&match);
684 ofpbuf_clear(&ofpacts);
685 #define MFF_LOG_REG(ID) put_load(0, ID, 0, 32, &ofpacts);
686 MFF_LOG_REGS;
687 #undef MFF_LOG_REGS
688 put_resubmit(OFTABLE_LOG_EGRESS_PIPELINE, &ofpacts);
689 ofctrl_add_flow(flow_table, OFTABLE_DROP_LOOPBACK, 0, &match, &ofpacts);
690
691 ofpbuf_uninit(&ofpacts);
692 simap_destroy(&localvif_to_ofport);
693 struct chassis_tunnel *tun_next;
694 HMAP_FOR_EACH_SAFE (tun, tun_next, hmap_node, &tunnels) {
695 hmap_remove(&tunnels, &tun->hmap_node);
696 free(tun);
697 }
698 hmap_destroy(&tunnels);
699
700 /* Table 0, Priority 150 and 100.
701 * ==============================
702 *
703 * We have now determined the full set of port bindings associated with
704 * each "localnet" network. Only create flows for datapaths that have
705 * another local binding. Otherwise, we know it would just be dropped.
706 *
707 * Use priority 150 for inputs that match both the network and a VLAN tag.
708 * Use priority 100 for matching untagged traffic from the local network.
709 */
710 struct shash_node *ln_bindings_node, *ln_bindings_node_next;
711 SHASH_FOR_EACH_SAFE (ln_bindings_node, ln_bindings_node_next,
712 &localnet_inputs) {
713 struct localnet_bindings *ln_bindings = ln_bindings_node->data;
714 struct localnet_vlan *ln_vlan, *ln_vlan_next;
715 HMAP_FOR_EACH_SAFE (ln_vlan, ln_vlan_next, node, &ln_bindings->vlans) {
716 struct match match;
717 match_init_catchall(&match);
718 match_set_in_port(&match, ln_bindings->ofport);
719 if (ln_vlan->tag) {
720 match_set_dl_vlan(&match, htons(ln_vlan->tag));
721 }
722
723 struct ofpbuf ofpacts;
724 ofpbuf_init(&ofpacts, 0);
725
726 if (ln_vlan->tag) {
727 ofpact_put_STRIP_VLAN(&ofpacts);
728 }
729 uint32_t ofpacts_orig_size = ofpacts.size;
730
731 struct binding_elem *b;
732 LIST_FOR_EACH_POP (b, list_elem, &ln_vlan->bindings) {
733 struct hmap_node *ld;
734 ld = hmap_first_with_hash(&local_datapaths,
735 b->binding->datapath->tunnel_key);
736 if (ld) {
737 /* Set MFF_LOG_DATAPATH and MFF_LOG_INPORT. */
738 put_load(b->binding->datapath->tunnel_key, MFF_LOG_DATAPATH,
739 0, 64, &ofpacts);
740 put_load(b->binding->tunnel_key, MFF_LOG_INPORT, 0, 32,
741 &ofpacts);
742 put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
743 }
744
745 free(b);
746 }
747
748 if (ofpacts.size > ofpacts_orig_size) {
749 ofctrl_add_flow(flow_table, 0, ln_vlan->tag ? 150 : 100,
750 &match, &ofpacts);
751 }
752
753 ofpbuf_uninit(&ofpacts);
754
755 hmap_remove(&ln_bindings->vlans, &ln_vlan->node);
756 free(ln_vlan);
757 }
758 shash_delete(&localnet_inputs, ln_bindings_node);
759 hmap_destroy(&ln_bindings->vlans);
760 free(ln_bindings);
761 }
762 shash_destroy(&localnet_inputs);
763
764 struct hmap_node *node;
765 while ((node = hmap_first(&local_datapaths))) {
766 hmap_remove(&local_datapaths, node);
767 free(node);
768 }
769 hmap_destroy(&local_datapaths);
770
771 simap_destroy(&localnet_to_ofport);
772 }
openvswitch mirror