On 06/16/2018 12:53 AM, Ben Pfaff wrote:
On Fri, Jun 15, 2018 at 10:11:41AM -0400, Mark Michelson wrote:
On 06/13/2018 11:29 PM, Han Zhou wrote:
On Wed, Jun 13, 2018 at 3:37 PM, Ben Pfaff <[email protected]> wrote:
To make ovn-controller recompute incrementally, we need accurate
dependencies for each function that reads or writes a table. It's
currently difficult to be sure about these dependencies, and certainly
difficult to maintain them over time, because there's no way to actually
enforce them.
This commit experiments with an approach that allows for fairly
fine-grained access control within ovn-controller to tables and columns.
It's based on generating a new version of the IDL data structures for each
case where we want different access control. All of these data structures
have the same format, but the columns that a given piece of code is not
supposed to touch are renamed to discourage programmers from using them,
e.g. they're given names suffixed with "__accessdenied". (This means
that there is no runtime overhead to the access control since it only
requires a cast to convert between the regular and restricted versions.)
In addition, when a columns is supposed to be read-only, functions for
modifying the column are not supplied.
This commit only tries out this experiment for a single file within
ovn-controller, the BFD implementation (mostly because that's
alphabetically first, no other real reason). It would require a little
more work to apply it everywhere, but it's probably not a huge deal.
Comments?
CC: Han Zhou <[email protected]>
Signed-off-by: Ben Pfaff <[email protected]>
---
ovn/controller/automake.mk | 5 +
ovn/controller/bfd-vswitch-idl.def | 21 ++++
ovn/controller/bfd.c | 20 ++--
ovn/controller/bfd.h | 8 +-
ovn/controller/ovn-controller.c | 13 ++-
ovsdb/ovsdb-idlc.in | 223 ++++++++++++++++++++++++++++++
++++++-
6 files changed, 268 insertions(+), 22 deletions(-)
create mode 100644 ovn/controller/bfd-vswitch-idl.def
I wanted to have a quick test but it didn't pass the compile:
In file included from ovn/controller/bfd.c:17:0:
ovn/controller/bfd.h:19:44: fatal error: ovn/controller/bfd-vswitch-idl.h:
No such file or directory
Here's a different datapoint in the same category.
I got a slightly different error when I tried to compile.
ovn/controller/bfd-vswitch-idl.h was auto-generated and everything worked up
until the very end:
"The following files are in git but not the distribution:
ovn/controller/bfd-vswitch-idl.def"
The make command I ran was `make sandbox SANDBOXFLAGS="--ovn"`
I tried running `make distclean` then reconfiguring, but this didn't help.
For comparison, Han, these are my software versions, in case that might be
why auto-generation worked for me but not you:
gcc version is 7.3.1
make version is 4.2.1
autoconf version is 2.69
I've fixed that locally now. It needed EXTRA_DIST +=
ovn/controller/bfd-vswitch-idl.def.
I can confirm this worked for me too. Thanks!
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
