Rework traffic-rules #55
Open
+1,071
−688
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gthvn1
reviewed
Oct 7, 2025
|
|
||
|
|
||
| def update_args_from_ovs(args): | ||
| # get parent bridge to apply ruels to |
gthvn1
reviewed
Oct 7, 2025
gthvn1
approved these changes
Oct 7, 2025
last-genius
approved these changes
Oct 7, 2025
psafont
approved these changes
Oct 7, 2025
Previous implementation did not take how VLANs are configured into account, this lead to a pretty hefty change. VLANs use a fake bridge, which is then included in a parent bridge. While packets remain within this bridge, they are not tagged, so the vlanid cannot be used to match packets in the OVS datapath. The only workaround is to create rules for each port. However, this means that rules for untagged traffic, as previously implemented, will also apply to VLAN ports. Therefore, we must apply rules to each matching port in all cases, and create a rule on the uplink ports that matches accordingly. Changes summary: - Refactored to improve clarity and error handling - Added update_args_from_ovs() to dynamically gather bridge, VLAN, and port info from OVS. - Changed ip_range to ipRange that XO plugin is using - Replaced single rule building with per-port rule, as well as matching on VLAN for uplink ports - Updated tests to match the refactor - Added tests for update_args_from_ovs() - Mocked OVS command calls in tests for more accurate validation. Signed-off-by: David Morel <[email protected]>
bleader
force-pushed
the
dml-traffic-rules-fixing
branch
from
ba5d447 to
24ad916
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previous implementation did not take how VLANs are configured into account, this lead to a pretty hefty change.
VLANs use a fake bridge, which is then included in a parent bridge. While packets remain within this bridge, they are not tagged, so the vlanid cannot be used to match packets in the OVS datapath. The only workaround is to create rules for each port. However, this means that rules for untagged traffic, as previously implemented, will also apply to VLAN ports. Therefore, we must apply rules to each matching port in all cases, and create a rule on the uplink ports that matches accordingly.
Changes summary: