On Fri, Jun 15, 2018 at 7:11 AM, Mark Michelson <[email protected]> wrote:
> On 06/13/2018 11:29 PM, Han Zhou wrote: > >> On Wed, Jun 13, 2018 at 3:37 PM, Ben Pfaff <[email protected]> wrote: >> >>> >>> To make ovn-controller recompute incrementally, we need accurate >>> dependencies for each function that reads or writes a table. It's >>> currently difficult to be sure about these dependencies, and certainly >>> difficult to maintain them over time, because there's no way to actually >>> enforce them. >>> >>> This commit experiments with an approach that allows for fairly >>> fine-grained access control within ovn-controller to tables and columns. >>> It's based on generating a new version of the IDL data structures for >>> each >>> case where we want different access control. All of these data >>> structures >>> have the same format, but the columns that a given piece of code is not >>> supposed to touch are renamed to discourage programmers from using them, >>> e.g. they're given names suffixed with "__accessdenied". (This means >>> that there is no runtime overhead to the access control since it only >>> requires a cast to convert between the regular and restricted versions.) >>> In addition, when a columns is supposed to be read-only, functions for >>> modifying the column are not supplied. >>> >>> This commit only tries out this experiment for a single file within >>> ovn-controller, the BFD implementation (mostly because that's >>> alphabetically first, no other real reason). It would require a little >>> more work to apply it everywhere, but it's probably not a huge deal. >>> >>> Comments? >>> >>> CC: Han Zhou <[email protected]> >>> Signed-off-by: Ben Pfaff <[email protected]> >>> --- >>> ovn/controller/automake.mk | 5 + >>> ovn/controller/bfd-vswitch-idl.def | 21 ++++ >>> ovn/controller/bfd.c | 20 ++-- >>> ovn/controller/bfd.h | 8 +- >>> ovn/controller/ovn-controller.c | 13 ++- >>> ovsdb/ovsdb-idlc.in | 223 >>> ++++++++++++++++++++++++++++++ >>> >> ++++++- >> >>> 6 files changed, 268 insertions(+), 22 deletions(-) >>> create mode 100644 ovn/controller/bfd-vswitch-idl.def >>> >>> >> I wanted to have a quick test but it didn't pass the compile: >> In file included from ovn/controller/bfd.c:17:0: >> ovn/controller/bfd.h:19:44: fatal error: ovn/controller/bfd-vswitch-idl >> .h: >> No such file or directory >> > > Here's a different datapoint in the same category. > > I got a slightly different error when I tried to compile. > ovn/controller/bfd-vswitch-idl.h was auto-generated and everything worked > up until the very end: > > "The following files are in git but not the distribution: > ovn/controller/bfd-vswitch-idl.def" > > The make command I ran was `make sandbox SANDBOXFLAGS="--ovn"` > > I tried running `make distclean` then reconfiguring, but this didn't help. > > For comparison, Han, these are my software versions, in case that might be > why auto-generation worked for me but not you: > gcc version is 7.3.1 > make version is 4.2.1 > autoconf version is 2.69 > > Hey Mark, thanks for sharing. I figured out that my error was due to the space v.s. tab in the receipt line in makefile (tab should be used): + +$(ovn_controller_ovn_controller_SOURCES:.c=.$(OBJEXT)): \ + ovn/controller/bfd-vswitch-idl.h +ovn/controller/bfd-vswitch-idl.h: lib/vswitch-idl.ovsidl ovn/controller/bfd-vswitch-idl.def ovsdb/ovsdb-idlc.in + $(AM_V_GEN)$(OVSDB_IDLC) c-idl-subset lib/vswitch-idl.ovsidl $(srcdir)/ovn/controller/bfd-vswitch-idl.def > [email protected] && mv [email protected] $@ The original patch was using tab. I should not copy/paste from browser :( Now I can compile without any issues, and I didn't encounter the problem you mentioned. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
