From: Anton Ivanov <[email protected]> 1. Move the admission control lflows to a helper function 2. Add the helper function to the converged build per-od loop.
Signed-off-by: Anton Ivanov <[email protected]> --- northd/ovn-northd.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4d2caf0c2..cbd18d9aa 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6844,25 +6844,6 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct ds actions = DS_EMPTY_INITIALIZER; struct ovn_datapath *od; - /* Logical switch ingress table 0: Admission control framework (priority - * 100). */ - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbs) { - continue; - } - - /* Logical VLANs not supported. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", - "drop;"); - - /* Broadcast/multicast source address is invalid. */ - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", - "drop;"); - - /* Port security flows have priority 50 (see below) and will continue - * to the next table if packet source is acceptable. */ - } - build_lswitch_input_port_sec(ports, datapaths, lflows); /* Ingress table 13: ARP/ND responder, skip requests coming from localnet @@ -7530,6 +7511,27 @@ static void } } +/* Logical switch ingress table 0: Admission control framework (priority + * 100). */ +static void + build_lswitch_lflows_admission_control( + struct ovn_datapath *od, struct hmap *lflows) +{ + if (od->nbs) { + + /* Logical VLANs not supported. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "vlan.present", + "drop;"); + + /* Broadcast/multicast source address is invalid. */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100, "eth.src[40]", + "drop;"); + + /* Port security flows have priority 50 (see below) and will continue + * to the next table if packet source is acceptable. */ + } +} + /* Returns a string of the IP address of the router port 'op' that * overlaps with 'ip_s". If one is not found, returns NULL. @@ -11378,6 +11380,7 @@ build_lswitch_and_lrouter_iterate_by_od( lsi->meter_groups, lsi->lbs); build_fwd_group_lflows(od, lsi->lflows); + build_lswitch_lflows_admission_control(od, lsi->lflows); /* Build Logical Router Flows. */ build_adm_ctrl_flows_for_lrouter(od, lsi->lflows); -- 2.20.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
