Add exitpoint for legacy classifier app
Classifier app currently sends the packet directly to portsec app. This is Bad. As described in the bug, metadata stored in registers can be lost. This change adds a classifier exitpoint table, and classifier app sends the packets there. The datapath wiring then sends the packet to the portsec app (if so configured). This is important, since sometimes the datapath code allocates different registers to the same metadata accross different applications, and registers are moved. Skipping this behaviour causes errors. Closes-Bug: #1815416 Change-Id: I38f14e8faa45e4ef3740bdbee78bd493f6d602ab
This commit is contained in:
parent
8f0e67da2e
commit
8976a2cf9e
|
@ -35,7 +35,7 @@ class ClassifierApp(df_base_app.DFlowApp):
|
|||
self.add_flow_go_to_table(
|
||||
table=const.INGRESS_CLASSIFICATION_DISPATCH_TABLE,
|
||||
priority=const.PRIORITY_DEFAULT,
|
||||
goto_table_id=self.dfdp.apps['portsec'].entrypoints.default,
|
||||
goto_table_id=const.INGRESS_CLASSIFICATION_EXITPOINT_TABLE,
|
||||
)
|
||||
|
||||
@df_base_app.register_event(
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
# translated to network id and the packet is forwarded to
|
||||
# INGRESS_DESTINATION_PORT_LOOKUP_TABLE.
|
||||
INGRESS_CLASSIFICATION_DISPATCH_TABLE = 0
|
||||
INGRESS_CLASSIFICATION_EXITPOINT_TABLE = 1
|
||||
# Detect reg6 (provider network and dNAT)
|
||||
EXTERNAL_INGRESS_DETECT_SOURCE_TABLE = 2
|
||||
# Next 2 tables are related to connection tracking and packet filtering.
|
||||
|
|
|
@ -3,6 +3,6 @@ vertices:
|
|||
type: portsec
|
||||
|
||||
edges:
|
||||
dragonflow-legacy.out.5: portsec.in.default
|
||||
dragonflow-legacy.out.1: portsec.in.default
|
||||
portsec.out.default: dragonflow-legacy.in.10
|
||||
portsec.out.services: dragonflow-legacy.in.20
|
||||
|
|
Loading…
Reference in New Issue