|
|
9219d1 |
From 025fec42cebe9efc7c6a2d94816b173748e7e4f6 Mon Sep 17 00:00:00 2001
|
|
|
9219d1 |
From: Numan Siddique <numans@ovn.org>
|
|
|
9219d1 |
Date: Tue, 23 Jun 2020 17:07:04 +0530
|
|
|
9219d1 |
Subject: [PATCH 04/22] ovn-nbctl: Enhance lr-policy-add to set the options.
|
|
|
9219d1 |
|
|
|
9219d1 |
The commit [1] added a new column - 'options' to Logical_Router_Policy NB DB
|
|
|
9219d1 |
table. This patch enhances the lr-policy-add command to set the options
|
|
|
9219d1 |
as key=value pairs.
|
|
|
9219d1 |
|
|
|
9219d1 |
For nbctl_lr_policy_add(), this patch now returns after ctl_error() as there is no
|
|
|
9219d1 |
point continuing further and the comments in the ctl_error() implementation says so.
|
|
|
9219d1 |
|
|
|
9219d1 |
[1] - a123ef0fb8fd("Support packet metadata marking for logical router policies.")
|
|
|
9219d1 |
|
|
|
9219d1 |
Acked-by: Mark Michelson <mmichels@redhat.com>
|
|
|
9219d1 |
Signed-off-by: Numan Siddique <numans@ovn.org>
|
|
|
9219d1 |
|
|
|
9219d1 |
(cherry-picked from upstream master commit 742474bad730fbdc9705b4c2784a2b4acca327cf)
|
|
|
9219d1 |
|
|
|
9219d1 |
Change-Id: I64c786ff4c5244b643a57bff270a14d85d5204f1
|
|
|
9219d1 |
---
|
|
|
9219d1 |
tests/ovn-nbctl.at | 15 +++++++++---
|
|
|
9219d1 |
tests/ovn.at | 8 ++-----
|
|
|
9219d1 |
utilities/ovn-nbctl.8.xml | 11 ++++++++-
|
|
|
9219d1 |
utilities/ovn-nbctl.c | 48 ++++++++++++++++++++++++++++++++++-----
|
|
|
9219d1 |
4 files changed, 66 insertions(+), 16 deletions(-)
|
|
|
9219d1 |
|
|
|
9219d1 |
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
|
|
|
9219d1 |
index dc9d9d76a..6d6608729 100644
|
|
|
9219d1 |
--- a/tests/ovn-nbctl.at
|
|
|
9219d1 |
+++ b/tests/ovn-nbctl.at
|
|
|
9219d1 |
@@ -1590,11 +1590,20 @@ AT_CHECK([ovn-nbctl lr-add lr0])
|
|
|
9219d1 |
|
|
|
9219d1 |
dnl Add policies with allow and drop actions
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop])
|
|
|
9219d1 |
-AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.2.0/24" allow])
|
|
|
9219d1 |
+AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.2.0/24" allow pkt_mark=100,foo=bar])
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip4.src == 2.1.1.0/24" allow])
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip4.src == 2.1.2.0/24" drop])
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 101 "ip6.src == 2002::/64" drop])
|
|
|
9219d1 |
|
|
|
9219d1 |
+dnl Incomplete option set.
|
|
|
9219d1 |
+AT_CHECK([ovn-nbctl lr-policy-add lr0 200 "ip4.src == 1.1.4.0/24" reroute 192.168.0.10 foo], [1], [],
|
|
|
9219d1 |
+ [ovn-nbctl: No value specified for the option : foo
|
|
|
9219d1 |
+])
|
|
|
9219d1 |
+
|
|
|
9219d1 |
+AT_CHECK([ovn-nbctl lr-policy-add lr0 200 "ip4.src == 1.1.4.0/24" allow bar=], [1], [],
|
|
|
9219d1 |
+ [ovn-nbctl: No value specified for the option : bar
|
|
|
9219d1 |
+])
|
|
|
9219d1 |
+
|
|
|
9219d1 |
dnl Add duplicated policy
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop], [1], [],
|
|
|
9219d1 |
[ovn-nbctl: Same routing policy already existed on the logical router lr0.
|
|
|
9219d1 |
@@ -1612,14 +1621,14 @@ Routing Policies
|
|
|
9219d1 |
101 ip4.src == 2.1.1.0/24 allow
|
|
|
9219d1 |
101 ip4.src == 2.1.2.0/24 drop
|
|
|
9219d1 |
101 ip6.src == 2002::/64 drop
|
|
|
9219d1 |
- 100 ip4.src == 1.1.2.0/24 allow
|
|
|
9219d1 |
+ 100 ip4.src == 1.1.2.0/24 allow pkt_mark=100,foo=bar
|
|
|
9219d1 |
])
|
|
|
9219d1 |
|
|
|
9219d1 |
dnl Delete all policies for given priority
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-del lr0 101])
|
|
|
9219d1 |
AT_CHECK([ovn-nbctl lr-policy-list lr0], [0], [dnl
|
|
|
9219d1 |
Routing Policies
|
|
|
9219d1 |
- 100 ip4.src == 1.1.2.0/24 allow
|
|
|
9219d1 |
+ 100 ip4.src == 1.1.2.0/24 allow pkt_mark=100,foo=bar
|
|
|
9219d1 |
])
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
diff --git a/tests/ovn.at b/tests/ovn.at
|
|
|
9219d1 |
index 8ce45823f..b84cf75fd 100644
|
|
|
9219d1 |
--- a/tests/ovn.at
|
|
|
9219d1 |
+++ b/tests/ovn.at
|
|
|
9219d1 |
@@ -20286,20 +20286,16 @@ static_routes @lrt
|
|
|
9219d1 |
ovn-nbctl --wait=hv sync
|
|
|
9219d1 |
|
|
|
9219d1 |
# Add logical router policy and set pkt_mark on it.
|
|
|
9219d1 |
-ovn-nbctl lr-policy-add lr0 2000 "ip4.src == 10.0.0.3" allow
|
|
|
9219d1 |
+ovn-nbctl lr-policy-add lr0 2000 "ip4.src == 10.0.0.3" allow pkt_mark=100
|
|
|
9219d1 |
ovn-nbctl lr-policy-add lr0 1000 "ip4.src == 10.0.0.4" allow
|
|
|
9219d1 |
-ovn-nbctl lr-policy-add lr0 900 "ip4.src == 10.0.0.5" reroute 172.168.0.200
|
|
|
9219d1 |
+ovn-nbctl lr-policy-add lr0 900 "ip4.src == 10.0.0.5" reroute 172.168.0.200 pkt_mark=3
|
|
|
9219d1 |
ovn-nbctl lr-policy-add lr0 2001 "ip6.dst == bef0::5" reroute bef0::6
|
|
|
9219d1 |
ovn-nbctl lr-policy-add lr0 1001 "ip6" allow
|
|
|
9219d1 |
|
|
|
9219d1 |
-
|
|
|
9219d1 |
pol1=$(ovn-nbctl --bare --columns _uuid find logical_router_policy priority=2000)
|
|
|
9219d1 |
-pol3=$(ovn-nbctl --bare --columns _uuid find logical_router_policy priority=900)
|
|
|
9219d1 |
pol4=$(ovn-nbctl --bare --columns _uuid find logical_router_policy priority=2001)
|
|
|
9219d1 |
pol5=$(ovn-nbctl --bare --columns _uuid find logical_router_policy priority=1001)
|
|
|
9219d1 |
|
|
|
9219d1 |
-ovn-nbctl set logical_router_policy $pol1 options:pkt_mark=100
|
|
|
9219d1 |
-ovn-nbctl set logical_router_policy $pol3 options:pkt_mark=3
|
|
|
9219d1 |
ovn-nbctl set logical_router_policy $pol4 options:pkt_mark=4
|
|
|
9219d1 |
ovn-nbctl set logical_router_policy $pol5 options:pkt_mark=5
|
|
|
9219d1 |
ovn-nbctl --wait=hv sync
|
|
|
9219d1 |
diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
|
|
|
9219d1 |
index d265c7fcc..de86b70e6 100644
|
|
|
9219d1 |
--- a/utilities/ovn-nbctl.8.xml
|
|
|
9219d1 |
+++ b/utilities/ovn-nbctl.8.xml
|
|
|
9219d1 |
@@ -721,7 +721,8 @@
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
lr-policy-add router priority
|
|
|
9219d1 |
- match action [nexthop]
|
|
|
9219d1 |
+ match action [nexthop]
|
|
|
9219d1 |
+ [options key=value]]
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
Add Policy to router which provides a way to configure
|
|
|
9219d1 |
@@ -732,6 +733,8 @@
|
|
|
9219d1 |
only when action is reroute. A policy is
|
|
|
9219d1 |
uniquely identified by priority and match.
|
|
|
9219d1 |
Multiple policies can have the same priority.
|
|
|
9219d1 |
+ options sets the router policy options as key-value pair.
|
|
|
9219d1 |
+ The supported option is : pkt_mark .
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
@@ -743,6 +746,12 @@
|
|
|
9219d1 |
lr-policy-add lr1 100 ip4.src == 192.168.100.0/24 drop .
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
+
|
|
|
9219d1 |
+
|
|
|
9219d1 |
+ lr-policy-add lr1 100 ip4.src == 192.168.100.0/24 allow
|
|
|
9219d1 |
+ pkt_mark=100
|
|
|
9219d1 |
+ .
|
|
|
9219d1 |
+
|
|
|
9219d1 |
|
|
|
9219d1 |
|
|
|
9219d1 |
lr-policy-del router [{priority | uuid}
|
|
|
9219d1 |
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
|
|
|
9219d1 |
index 159a44960..7578b9928 100644
|
|
|
9219d1 |
--- a/utilities/ovn-nbctl.c
|
|
|
9219d1 |
+++ b/utilities/ovn-nbctl.c
|
|
|
9219d1 |
@@ -694,7 +694,8 @@ Route commands:\n\
|
|
|
9219d1 |
lr-route-list ROUTER print routes for ROUTER\n\
|
|
|
9219d1 |
\n\
|
|
|
9219d1 |
Policy commands:\n\
|
|
|
9219d1 |
- lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP]\n\
|
|
|
9219d1 |
+ lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP] \
|
|
|
9219d1 |
+[OPTIONS KEY=VALUE ...] \n\
|
|
|
9219d1 |
add a policy to router\n\
|
|
|
9219d1 |
lr-policy-del ROUTER [{PRIORITY | UUID} [MATCH]]\n\
|
|
|
9219d1 |
remove policies from ROUTER\n\
|
|
|
9219d1 |
@@ -3609,16 +3610,19 @@ nbctl_lr_policy_add(struct ctl_context *ctx)
|
|
|
9219d1 |
const char *action = ctx->argv[4];
|
|
|
9219d1 |
char *next_hop = NULL;
|
|
|
9219d1 |
|
|
|
9219d1 |
+ bool reroute = false;
|
|
|
9219d1 |
/* Validate action. */
|
|
|
9219d1 |
if (strcmp(action, "allow") && strcmp(action, "drop")
|
|
|
9219d1 |
&& strcmp(action, "reroute")) {
|
|
|
9219d1 |
ctl_error(ctx, "%s: action must be one of \"allow\", \"drop\", "
|
|
|
9219d1 |
"and \"reroute\"", action);
|
|
|
9219d1 |
+ return;
|
|
|
9219d1 |
}
|
|
|
9219d1 |
if (!strcmp(action, "reroute")) {
|
|
|
9219d1 |
if (ctx->argc < 6) {
|
|
|
9219d1 |
ctl_error(ctx, "Nexthop is required when action is reroute.");
|
|
|
9219d1 |
}
|
|
|
9219d1 |
+ reroute = true;
|
|
|
9219d1 |
}
|
|
|
9219d1 |
|
|
|
9219d1 |
/* Check if same routing policy already exists.
|
|
|
9219d1 |
@@ -3629,12 +3633,14 @@ nbctl_lr_policy_add(struct ctl_context *ctx)
|
|
|
9219d1 |
!strcmp(policy->match, ctx->argv[3])) {
|
|
|
9219d1 |
ctl_error(ctx, "Same routing policy already existed on the "
|
|
|
9219d1 |
"logical router %s.", ctx->argv[1]);
|
|
|
9219d1 |
+ return;
|
|
|
9219d1 |
}
|
|
|
9219d1 |
}
|
|
|
9219d1 |
- if (ctx->argc == 6) {
|
|
|
9219d1 |
+ if (reroute) {
|
|
|
9219d1 |
next_hop = normalize_prefix_str(ctx->argv[5]);
|
|
|
9219d1 |
if (!next_hop) {
|
|
|
9219d1 |
ctl_error(ctx, "bad next hop argument: %s", ctx->argv[5]);
|
|
|
9219d1 |
+ return;
|
|
|
9219d1 |
}
|
|
|
9219d1 |
}
|
|
|
9219d1 |
|
|
|
9219d1 |
@@ -3643,9 +3649,28 @@ nbctl_lr_policy_add(struct ctl_context *ctx)
|
|
|
9219d1 |
nbrec_logical_router_policy_set_priority(policy, priority);
|
|
|
9219d1 |
nbrec_logical_router_policy_set_match(policy, ctx->argv[3]);
|
|
|
9219d1 |
nbrec_logical_router_policy_set_action(policy, action);
|
|
|
9219d1 |
- if (ctx->argc == 6) {
|
|
|
9219d1 |
+ if (reroute) {
|
|
|
9219d1 |
nbrec_logical_router_policy_set_nexthop(policy, next_hop);
|
|
|
9219d1 |
}
|
|
|
9219d1 |
+
|
|
|
9219d1 |
+ /* Parse the options. */
|
|
|
9219d1 |
+ struct smap options = SMAP_INITIALIZER(&options);
|
|
|
9219d1 |
+ for (size_t i = reroute ? 6 : 5; i < ctx->argc; i++) {
|
|
|
9219d1 |
+ char *key, *value;
|
|
|
9219d1 |
+ value = xstrdup(ctx->argv[i]);
|
|
|
9219d1 |
+ key = strsep(&value, "=");
|
|
|
9219d1 |
+ if (value && value[0]) {
|
|
|
9219d1 |
+ smap_add(&options, key, value);
|
|
|
9219d1 |
+ } else {
|
|
|
9219d1 |
+ ctl_error(ctx, "No value specified for the option : %s", key);
|
|
|
9219d1 |
+ free(key);
|
|
|
9219d1 |
+ return;
|
|
|
9219d1 |
+ }
|
|
|
9219d1 |
+ free(key);
|
|
|
9219d1 |
+ }
|
|
|
9219d1 |
+ nbrec_logical_router_policy_set_options(policy, &options);
|
|
|
9219d1 |
+ smap_destroy(&options);
|
|
|
9219d1 |
+
|
|
|
9219d1 |
nbrec_logical_router_verify_policies(lr);
|
|
|
9219d1 |
struct nbrec_logical_router_policy **new_policies
|
|
|
9219d1 |
= xmalloc(sizeof *new_policies * (lr->n_policies + 1));
|
|
|
9219d1 |
@@ -3773,6 +3798,16 @@ print_routing_policy(const struct nbrec_logical_router_policy *policy,
|
|
|
9219d1 |
ds_put_format(s, "%10"PRId64" %50s %15s", policy->priority,
|
|
|
9219d1 |
policy->match, policy->action);
|
|
|
9219d1 |
}
|
|
|
9219d1 |
+
|
|
|
9219d1 |
+ if (!smap_is_empty(&policy->options)) {
|
|
|
9219d1 |
+ ds_put_format(s, "%15s", "");
|
|
|
9219d1 |
+ struct smap_node *node;
|
|
|
9219d1 |
+ SMAP_FOR_EACH (node, &policy->options) {
|
|
|
9219d1 |
+ ds_put_format(s, "%s=%s,", node->key, node->value);
|
|
|
9219d1 |
+ }
|
|
|
9219d1 |
+ ds_chomp(s, ',');
|
|
|
9219d1 |
+ }
|
|
|
9219d1 |
+
|
|
|
9219d1 |
ds_put_char(s, '\n');
|
|
|
9219d1 |
}
|
|
|
9219d1 |
|
|
|
9219d1 |
@@ -3788,7 +3823,7 @@ nbctl_lr_policy_list(struct ctl_context *ctx)
|
|
|
9219d1 |
return;
|
|
|
9219d1 |
}
|
|
|
9219d1 |
policies = xmalloc(sizeof *policies * lr->n_policies);
|
|
|
9219d1 |
- for (int i = 0; i < lr->n_policies; i++) {
|
|
|
9219d1 |
+ for (int i = 0; i < lr->n_policies; i++) {
|
|
|
9219d1 |
const struct nbrec_logical_router_policy *policy
|
|
|
9219d1 |
= lr->policies[i];
|
|
|
9219d1 |
policies[n_policies].priority = policy->priority;
|
|
|
9219d1 |
@@ -6362,8 +6397,9 @@ static const struct ctl_command_syntax nbctl_commands[] = {
|
|
|
9219d1 |
"", RO },
|
|
|
9219d1 |
|
|
|
9219d1 |
/* Policy commands */
|
|
|
9219d1 |
- { "lr-policy-add", 4, 5, "ROUTER PRIORITY MATCH ACTION [NEXTHOP]", NULL,
|
|
|
9219d1 |
- nbctl_lr_policy_add, NULL, "", RW },
|
|
|
9219d1 |
+ { "lr-policy-add", 4, INT_MAX,
|
|
|
9219d1 |
+ "ROUTER PRIORITY MATCH ACTION [NEXTHOP] [OPTIONS - KEY=VALUE ...]",
|
|
|
9219d1 |
+ NULL, nbctl_lr_policy_add, NULL, "", RW },
|
|
|
9219d1 |
{ "lr-policy-del", 1, 3, "ROUTER [{PRIORITY | UUID} [MATCH]]", NULL,
|
|
|
9219d1 |
nbctl_lr_policy_del, NULL, "", RW },
|
|
|
9219d1 |
{ "lr-policy-list", 1, 1, "ROUTER", NULL, nbctl_lr_policy_list, NULL,
|
|
|
9219d1 |
--
|
|
|
9219d1 |
2.26.2
|
|
|
9219d1 |
|