/* Delete zones that do not exist in above sset. */ SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) { if (!sset_contains(&all_users, ct_zone->name)) { VLOG_DBG("removing ct zone %"PRId32" for '%s'", ct_zone->data, ct_zone->name); struct ct_zone_pending_entry *pending = xmalloc(sizeof *pending); pending->state = CT_ZONE_DB_QUEUED; /* Skip flushing zone. */ pending->zone = ct_zone->data; pending->add = false; shash_add(pending_ct_zones, ct_zone->name, pending); bitmap_set0(ct_zone_bitmap, ct_zone->data); simap_delete(ct_zones, ct_zone); } }
static void update_ct_zones(struct sset *lports, struct simap *ct_zones, unsigned long *ct_zone_bitmap) { struct simap_node *ct_zone, *ct_zone_next; const char *iface_id; int scan_start = 1; /* xxx This is wasteful to assign a zone to each port--even if no * xxx security policy is applied. */ /* Delete any zones that are associated with removed ports. */ SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) { if (!sset_contains(lports, ct_zone->name)) { bitmap_set0(ct_zone_bitmap, ct_zone->data); simap_delete(ct_zones, ct_zone); } } /* Assign a unique zone id for each logical port. */ SSET_FOR_EACH(iface_id, lports) { size_t zone; if (simap_contains(ct_zones, iface_id)) { continue; } /* We assume that there are 64K zones and that we own them all. */ zone = bitmap_scan(ct_zone_bitmap, 0, scan_start, MAX_CT_ZONES + 1); if (zone == MAX_CT_ZONES + 1) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); VLOG_WARN_RL(&rl, "exhausted all ct zones"); return; } scan_start = zone + 1; bitmap_set1(ct_zone_bitmap, zone); simap_put(ct_zones, iface_id, zone); /* xxx We should erase any old entries for this * xxx zone, but we need a generic interface to the conntrack * xxx table. */ }
/* Delete zones that do not exist in above sset. */ SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) { if (!sset_contains(&all_users, ct_zone->name)) { bitmap_set0(ct_zone_bitmap, ct_zone->data); simap_delete(ct_zones, ct_zone); } }