openflow: Add extension to flush CT by generic match.

Add extension that allows to flush connections from CT by specifying fields that the connections should be matched against. This allows to match only some fields of the connection e.g. source address for orig direction. Reported-at: https://bugzilla.redhat.com/2120546 Signed-off-by: Ales Musil <amusil@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
author: Ales Musil <amusil@redhat.com> 2023-01-16 12:45:08 +0100
committer: Ilya Maximets <i.maximets@ovn.org> 2023-01-16 19:58:08 +0100
commit: 08146bf7d9b4ad635312901ae017370b0108c62f (patch)
tree: cf7f599ca0a549128e553d95b28fed0dd59c77af /include
parent: a9ae73b916bad528dcac2b8bb302fee6935fc163 (diff)
download: openvswitch-08146bf7d9b4ad635312901ae017370b0108c62f.tar.gz
3 files changed, 49 insertions, 0 deletions
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index b68804991..768775898 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -1064,4 +1064,41 @@ struct nx_zone_id {
 };
 OFP_ASSERT(sizeof(struct nx_zone_id) == 8);
 
+/* CT flush available TLVs. */
+enum nx_ct_flush_tlv_type {
+    /* Outer types. */
+    NXT_CT_ORIG_TUPLE = 0,     /* Outer type for original tuple TLV.
+                                * Nested TLVs are specified
+                                * by 'enum nx_ct_flush_tuple_tlv_type'. */
+    NXT_CT_REPLY_TUPLE = 1,    /* Outer type for reply tuple TLV. *
+                                * Nested TLVs are specified
+                                * by 'enum nx_ct_flush_tuple_tlv_type'*/
+    /* Primitive types. */
+    NXT_CT_ZONE_ID = 2,        /* be16 zone id. */
+};
+
+/* CT flush nested TLVs. */
+enum nx_ct_flush_tuple_tlv_type {
+    NXT_CT_TUPLE_SRC = 0,            /* IPv6 or mapped IPv4 address. */
+    NXT_CT_TUPLE_DST = 1,            /* IPv6 or mapped IPv4 address. */
+    NXT_CT_TUPLE_SRC_PORT = 2,       /* be16 source port. */
+    NXT_CT_TUPLE_DST_PORT = 3,       /* be16 destination port. */
+    NXT_CT_TUPLE_ICMP_ID = 4,        /* be16 ICMP id. */
+    NXT_CT_TUPLE_ICMP_TYPE = 5,      /* u8 ICMP type. */
+    NXT_CT_TUPLE_ICMP_CODE = 6,      /* u8 ICMP code. */
+};
+
+/* NXT_CT_FLUSH.
+ *
+ * Flushes the connection tracking entries specified by 5-tuple.
+ * The struct should be followed by TLVs specifying the matching parameters.
+ * Currently there is a limitation for ICMP, in order to partially match on
+ * ICMP parameters the tuple should include at least SRC/DST. */
+struct nx_ct_flush {
+    uint8_t ip_proto;          /* IP protocol. */
+    uint8_t pad[7];            /* Align to 64 bits (must be zero). */
+    /* Followed by optional TLVs of type 'enum nx_ct_flush_tlv_type'. */
+};
+OFP_ASSERT(sizeof(struct nx_ct_flush) == 8);
+
 #endif /* openflow/nicira-ext.h */
diff --git a/include/openvswitch/ofp-ct.h b/include/openvswitch/ofp-ct.h
index 3d919ddf9..c8023c309 100644
--- a/include/openvswitch/ofp-ct.h
+++ b/include/openvswitch/ofp-ct.h
@@ -22,6 +22,8 @@
 #include <sys/types.h>
 #include <netinet/in.h>
 
+#include "openflow/nicira-ext.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -59,6 +61,12 @@ void ofp_ct_match_format(struct ds *, const struct ofp_ct_match *);
 bool ofp_ct_tuple_parse(struct ofp_ct_tuple *, const char *,
                         struct ds *, uint8_t *ip_proto, uint16_t *l3_type);
 
+enum ofperr ofp_ct_match_decode(struct ofp_ct_match *, bool *with_zone,
+                                uint16_t *zone_id, const struct ofp_header *);
+struct ofpbuf *ofp_ct_match_encode(const struct ofp_ct_match *,
+                                   uint16_t *zone_id,
+                                   enum ofp_version version);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/openvswitch/ofp-msgs.h b/include/openvswitch/ofp-msgs.h
index 921a937e5..708427fc0 100644
--- a/include/openvswitch/ofp-msgs.h
+++ b/include/openvswitch/ofp-msgs.h
@@ -515,6 +515,9 @@ enum ofpraw {
     /* NXT 1.0+ (29): struct nx_zone_id. */
     OFPRAW_NXT_CT_FLUSH_ZONE,
 
+    /* NXT 1.0+ (32): struct nx_ct_flush, uint8_t[8][]. */
+    OFPRAW_NXT_CT_FLUSH,
+
     /* NXST 1.0+ (3): void. */
     OFPRAW_NXST_IPFIX_BRIDGE_REQUEST,
 
@@ -772,6 +775,7 @@ enum ofptype {
     OFPTYPE_IPFIX_FLOW_STATS_REQUEST, /* OFPRAW_NXST_IPFIX_FLOW_REQUEST */
     OFPTYPE_IPFIX_FLOW_STATS_REPLY,   /* OFPRAW_NXST_IPFIX_FLOW_REPLY */
     OFPTYPE_CT_FLUSH_ZONE,            /* OFPRAW_NXT_CT_FLUSH_ZONE. */
+    OFPTYPE_CT_FLUSH,                 /* OFPRAW_NXT_CT_FLUSH. */
 
     /* Flow monitor extension. */
     OFPTYPE_FLOW_MONITOR_CANCEL,  /* OFPRAW_NXT_FLOW_MONITOR_CANCEL.
author	Ales Musil <amusil@redhat.com>	2023-01-16 12:45:08 +0100
committer	Ilya Maximets <i.maximets@ovn.org>	2023-01-16 19:58:08 +0100
commit	08146bf7d9b4ad635312901ae017370b0108c62f (patch)
tree	cf7f599ca0a549128e553d95b28fed0dd59c77af /include
parent	a9ae73b916bad528dcac2b8bb302fee6935fc163 (diff)
download	openvswitch-08146bf7d9b4ad635312901ae017370b0108c62f.tar.gz