From 8976a2cf9e5687ed21f4e1542bfc28d9d57fec58 Mon Sep 17 00:00:00 2001 From: Omer Anson Date: Sun, 10 Feb 2019 12:12:35 +0200 Subject: [PATCH] Add exitpoint for legacy classifier app Classifier app currently sends the packet directly to portsec app. This is Bad. As described in the bug, metadata stored in registers can be lost. This change adds a classifier exitpoint table, and classifier app sends the packets there. The datapath wiring then sends the packet to the portsec app (if so configured). This is important, since sometimes the datapath code allocates different registers to the same metadata accross different applications, and registers are moved. Skipping this behaviour causes errors. Closes-Bug: #1815416 Change-Id: I38f14e8faa45e4ef3740bdbee78bd493f6d602ab --- dragonflow/controller/apps/classifier.py | 2 +- dragonflow/controller/common/constants.py | 1 + etc/dragonflow_datapath_layout.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dragonflow/controller/apps/classifier.py b/dragonflow/controller/apps/classifier.py index 5bf0d2bfa..e8ab9b619 100644 --- a/dragonflow/controller/apps/classifier.py +++ b/dragonflow/controller/apps/classifier.py @@ -35,7 +35,7 @@ class ClassifierApp(df_base_app.DFlowApp): self.add_flow_go_to_table( table=const.INGRESS_CLASSIFICATION_DISPATCH_TABLE, priority=const.PRIORITY_DEFAULT, - goto_table_id=self.dfdp.apps['portsec'].entrypoints.default, + goto_table_id=const.INGRESS_CLASSIFICATION_EXITPOINT_TABLE, ) @df_base_app.register_event( diff --git a/dragonflow/controller/common/constants.py b/dragonflow/controller/common/constants.py index c470212ef..fda29fae4 100644 --- a/dragonflow/controller/common/constants.py +++ b/dragonflow/controller/common/constants.py @@ -26,6 +26,7 @@ # translated to network id and the packet is forwarded to # INGRESS_DESTINATION_PORT_LOOKUP_TABLE. INGRESS_CLASSIFICATION_DISPATCH_TABLE = 0 +INGRESS_CLASSIFICATION_EXITPOINT_TABLE = 1 # Detect reg6 (provider network and dNAT) EXTERNAL_INGRESS_DETECT_SOURCE_TABLE = 2 # Next 2 tables are related to connection tracking and packet filtering. diff --git a/etc/dragonflow_datapath_layout.yaml b/etc/dragonflow_datapath_layout.yaml index 0716dc765..5999723c9 100644 --- a/etc/dragonflow_datapath_layout.yaml +++ b/etc/dragonflow_datapath_layout.yaml @@ -3,6 +3,6 @@ vertices: type: portsec edges: - dragonflow-legacy.out.5: portsec.in.default + dragonflow-legacy.out.1: portsec.in.default portsec.out.default: dragonflow-legacy.in.10 portsec.out.services: dragonflow-legacy.in.20