/* Delete zones that do not exist in above sset. */
SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
if (!sset_contains(&all_users, ct_zone->name)) {
VLOG_DBG("removing ct zone %"PRId32" for '%s'",
ct_zone->data, ct_zone->name);
struct ct_zone_pending_entry *pending = xmalloc(sizeof *pending);
pending->state = CT_ZONE_DB_QUEUED; /* Skip flushing zone. */
pending->zone = ct_zone->data;
pending->add = false;
shash_add(pending_ct_zones, ct_zone->name, pending);
bitmap_set0(ct_zone_bitmap, ct_zone->data);
simap_delete(ct_zones, ct_zone);
}
}
static void
update_ct_zones(struct sset *lports, struct simap *ct_zones,
unsigned long *ct_zone_bitmap)
{
struct simap_node *ct_zone, *ct_zone_next;
const char *iface_id;
int scan_start = 1;
/* xxx This is wasteful to assign a zone to each port--even if no
* xxx security policy is applied. */
/* Delete any zones that are associated with removed ports. */
SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
if (!sset_contains(lports, ct_zone->name)) {
bitmap_set0(ct_zone_bitmap, ct_zone->data);
simap_delete(ct_zones, ct_zone);
}
}
/* Assign a unique zone id for each logical port. */
SSET_FOR_EACH(iface_id, lports) {
size_t zone;
if (simap_contains(ct_zones, iface_id)) {
continue;
}
/* We assume that there are 64K zones and that we own them all. */
zone = bitmap_scan(ct_zone_bitmap, 0, scan_start, MAX_CT_ZONES + 1);
if (zone == MAX_CT_ZONES + 1) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
VLOG_WARN_RL(&rl, "exhausted all ct zones");
return;
}
scan_start = zone + 1;
bitmap_set1(ct_zone_bitmap, zone);
simap_put(ct_zones, iface_id, zone);
/* xxx We should erase any old entries for this
* xxx zone, but we need a generic interface to the conntrack
* xxx table. */
}
/* Delete zones that do not exist in above sset. */
SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
if (!sset_contains(&all_users, ct_zone->name)) {
bitmap_set0(ct_zone_bitmap, ct_zone->data);
simap_delete(ct_zones, ct_zone);
}
}
