OVN中關(guān)閉安全組port流量互通分析

場景描述:

通過附件[1]的腳本分別在兩個節(jié)點(diǎn)上各創(chuàng)建同一子網(wǎng)下的port,分析兩個port之間流量互通十气。

OVN trace流表匹配:

()[root@ovn-ovsdb-sb-0 /]# ovn-trace --no-friendly-names 'inport == "8bb043eb-4ff5-4469-acc3-f3f84ba354a6" && eth.src == fa:16:3e:fd:85:6d && eth.dst == ff:ff:ff:ff:ff:ff && arp.op == 1 && arp.sha == fa:16:3e:fd:85:6d && arp.spa == 192.168.222.215 && arp.tha == ff:ff:ff:ff:ff:ff && arp.tpa == 192.168.222.204'
# arp,reg14=0x2,vlan_tci=0x0000,dl_src=fa:16:3e:fd:85:6d,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=192.168.222.215,arp_tpa=192.168.222.204,arp_op=1,arp_sha=fa:16:3e:fd:85:6d,arp_tha=ff:ff:ff:ff:ff:ff

ingress(dp="c8d7770d-a81c-4b8c-bb19-630c5e003cde", inport="8bb043eb-4ff5-4469-acc3-f3f84ba354a6")
-------------------------------------------------------------------------------------------------
 0. ls_in_port_sec_l2 (ovn-northd.c:4829): inport == "8bb043eb-4ff5-4469-acc3-f3f84ba354a6", priority 50, uuid dc9eefc2
    next;
 3. ls_in_lookup_fdb (ovn-northd.c:4865): inport == "8bb043eb-4ff5-4469-acc3-f3f84ba354a6", priority 100, uuid 07af3a0d
    reg0[11] = lookup_fdb(inport, eth.src);
    /* MAC lookup for ff:ff:ff:ff:ff:ff found in FDB. */
    next;
22. ls_in_l2_lkup (ovn-northd.c:7352): eth.mcast, priority 70, uuid cfb89e88
    outport = "_MC_flood";
    output;

multicast(dp="c8d7770d-a81c-4b8c-bb19-630c5e003cde", mcgroup="_MC_flood")
-------------------------------------------------------------------------

    egress(dp="c8d7770d-a81c-4b8c-bb19-630c5e003cde", inport="8bb043eb-4ff5-4469-acc3-f3f84ba354a6", outport="0510e1de-8812-4810-8220-f05c78ed5505")
    ------------------------------------------------------------------------------------------------------------------------------------------------
         9. ls_out_port_sec_l2 (ovn-northd.c:4947): eth.mcast, priority 100, uuid fd94ca6d
            output;
            /* output to "0510e1de-8812-4810-8220-f05c78ed5505", type "localport" */

    egress(dp="c8d7770d-a81c-4b8c-bb19-630c5e003cde", inport="8bb043eb-4ff5-4469-acc3-f3f84ba354a6", outport="8bb043eb-4ff5-4469-acc3-f3f84ba354a6")
    ------------------------------------------------------------------------------------------------------------------------------------------------
            /* omitting output because inport == outport && !flags.loopback */

    egress(dp="c8d7770d-a81c-4b8c-bb19-630c5e003cde", inport="8bb043eb-4ff5-4469-acc3-f3f84ba354a6", outport="e32c218d-64c2-4073-a157-db17a236da09")
    ------------------------------------------------------------------------------------------------------------------------------------------------
         9. ls_out_port_sec_l2 (ovn-northd.c:4947): eth.mcast, priority 100, uuid fd94ca6d
            output;
            /* output to "e32c218d-64c2-4073-a157-db17a236da09", type "" */

通過上述trace結(jié)果可見其流量所經(jīng)過的lflow的stage分別是port_sec, lookup_fdb, l2_lkup以及multicast

neutron和ovn數(shù)據(jù)庫中port相關(guān)信息見附[2],從NB數(shù)據(jù)庫可見lsp port_security字段為空付材,并且addresses中帶有unknown


根據(jù)各個stage分別分析關(guān)閉port安全組的port的實(shí)現(xiàn):

Neutron和OVN對關(guān)閉安全組的port的數(shù)據(jù)處理

neutron:

neutron的ovn plugin在update_port時會調(diào)用ovnclient的update_port方法怜俐,其中會根據(jù)_get_port_options中獲取的port_info來設(shè)置lsp的addresses和port_security字段。

因?yàn)殛P(guān)閉了port安全組们童,所以在port_info中port_security為空畔况,并且在addresses中會帶有unknown鲸鹦。

    def _get_port_options(self, port):
        ...
        if not port_security and not port_type:
                # Port security is disabled for this port.
                # So this port can send traffic with any mac address.
                # OVN allows any mac address from a port if "unknown"
                # is added to the Logical_Switch_Port.addresses column.
                # So add it.
                addresses.append(ovn_const.UNKNOWN_ADDR)

ovn:

northd中build_ports:

根據(jù)NB的LSP數(shù)據(jù)更新SB的Port_Binding,并且給每個logical port初始化ovn_port的結(jié)構(gòu)體

build_ports
|- join_logical_ports /* 初始化ovn_port結(jié)構(gòu)體 */
|- /* 處理port的tunnel_key跷跪,tag以及SB Port_Binding表的維護(hù)馋嗜,MAC_Binding表舊數(shù)據(jù)清除 */

join_logical_ports中會遍歷lsp的addresses字段,如果其中有unknown吵瞻,則給ovn_port的has_unknow字段置為true

static void
join_logical_ports(struct northd_context *ctx,
                   struct hmap *datapaths, struct hmap *ports,
                   struct hmap *chassis_qdisc_queues,
                   struct hmap *tag_alloc_table, struct ovs_list *sb_only,
                   struct ovs_list *nb_only, struct ovs_list *both)
{
    ...
                for (size_t j = 0; j < nbsp->n_addresses; j++) {
                    if (!strcmp(nbsp->addresses[j], "unknown")) {
                        op->has_unknown = true;
                        continue;
                    }

Multicast_Group部分

build_mcast_groups中會遍歷join_logical_ports中生成的ovn_port和join_datapaths中生成的ovn_datapath數(shù)據(jù)葛菇,并根據(jù)port類型,datapath和port的配置將port降入不同的mcgroup(_MC_flood橡羞,_MC_mrouter_static眯停, _MC_flood_l2 )。

在build_lswitch_ip_unicast_lookup中如果port addresses中帶有unknown則會將port加入_MC_unknown中

/* Ingress table 19: Destination lookup, unicast handling (priority 50), */
static void
build_lswitch_ip_unicast_lookup(struct ovn_port *op,
                                struct hmap *lflows,
                                struct hmap *mcgroups,
                                struct ds *actions,
                                struct ds *match)
{
    ...
            } else if (!strcmp(op->nbsp->addresses[i], "unknown")) {
                if (lsp_is_enabled(op->nbsp)) {
                    ovs_mutex_lock(&mcgroup_mutex);
                    ovn_multicast_add(mcgroups, &mc_unknown, op);
                    ovs_mutex_unlock(&mcgroup_mutex);
                    op->od->has_unknown = true;
                }

port security部分

build_lflows維護(hù)和更新SB的Ligical_Flow和Multicast_Group表卿泽。

build_lswitch_and_lrouter_flows
|- /* 遍歷ovn_datapath */
  |- build_lswitch_and_lrouter_iterate_by_od
|- /* 遍歷ovn_port */
  |- build_lswitch_and_lrouter_iterate_by_op
|- /* 遍歷ovn_northd_lb */
  |- build_lswitch_arp_nd_service_monitor
  |- build_lrouter_flows_for_lb
  |- build_lswitch_flows_for_lb
|- /* 遍歷igmp_group */
  |- build_lswitch_ip_mcast_igmp_mld
|- build_lswitch_flows

在build_lswitch_and_lrouter_iterate_by_op中執(zhí)行build_lswitch_input_port_sec_op時會判斷l(xiāng)sp的port_security字段莺债,為空則跳過。

ARP代答部分

在build_lswitch_and_lrouter_iterate_by_op中執(zhí)行build_lswitch_arp_nd_responder_known_ips時會發(fā)現(xiàn)lsp的has_unknown字段為true所以不會下發(fā)arp代答流表

static void
build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
                                         struct hmap *lflows,
                                         struct hmap *ports,
                                         struct ds *actions,
                                         struct ds *match)
{
    ...
            if (lsp_is_external(op->nbsp) || op->has_unknown) {
                return;
            }

由于沒有arp待答,當(dāng)訪問關(guān)閉安全組的port時齐邦,如果FDB表中沒有該port的mac信息椎侠,則需要發(fā)送arp廣播包來獲取關(guān)閉安全組port的mac地址。

fdb部分

build_flows中會遍歷ovn_port執(zhí)行build_lswitch_learn_fdb_op措拇,其中對于關(guān)閉安全組的port會下發(fā)如下流表

當(dāng)從該lport進(jìn)來的流表如果lookup fdb不到則會執(zhí)行put_fdb操作

static void
build_lswitch_learn_fdb_op(
        struct ovn_port *op, struct hmap *lflows,
        struct ds *actions, struct ds *match)
{
    if (op->nbsp && !op->n_ps_addrs && !strcmp(op->nbsp->type, "") &&
        op->has_unknown) {
        ds_clear(match);
        ds_clear(actions);
        ds_put_format(match, "inport == %s", op->json_key);
        ds_put_format(actions, REGBIT_LKUP_FDB
                      " = lookup_fdb(inport, eth.src); next;");
        ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_LOOKUP_FDB, 100,
                                ds_cstr(match), ds_cstr(actions),
                                &op->nbsp->header_);

        ds_put_cstr(match, " && "REGBIT_LKUP_FDB" == 0");
        ds_clear(actions);
        ds_put_cstr(actions, "put_fdb(inport, eth.src); next;");
        ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PUT_FDB, 100,
                                ds_cstr(match), ds_cstr(actions),
                                &op->nbsp->header_);
    }
}
_uuid               : c390d94b-879b-4fb2-8ae4-3dd473b16e9a
actions             : "put_fdb(inport, eth.src); next;"
external_ids        : {source="ovn-northd.c:4884", stage-hint=aa779f10, stage-name=ls_in_put_fdb}
logical_datapath    : a899c3df-117a-4a65-8e86-d3cb4663f726
logical_dp_group    : []
match               : "inport == \"a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a\" && reg0[11] == 0"
pipeline            : ingress
priority            : 100
table_id            : 4
hash                : 0

_uuid               : f079a50a-a52a-407c-aee5-447f747cc514
actions             : "reg0[11] = lookup_fdb(inport, eth.src); next;"
external_ids        : {source="ovn-northd.c:4877", stage-hint=aa779f10, stage-name=ls_in_lookup_fdb}
logical_datapath    : a899c3df-117a-4a65-8e86-d3cb4663f726
logical_dp_group    : []
match               : "inport == \"a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a\""
pipeline            : ingress
priority            : 100
table_id            : 3
hash                : 0

consider_logical_flow__中會執(zhí)行ovnacts_parse_string來解析邏輯流表中的action字段
add_matches_to_flow_table中ovnacts_encode根據(jù)lflow的action執(zhí)行encode_PUT_FDB和encode_LOOKUP_FDB

encode_PUT_FDB會根據(jù)port和mac信息設(shè)置需要上送的controller的OpenFlow流表數(shù)據(jù)包我纪。后通過ofctrl模塊將OpenFlow流表發(fā)送給ovs vswitchd
encode_LOOKUP_FDB會從OpenFlow數(shù)據(jù)包中解析數(shù)據(jù)

lflow_run中add_fdb_flows會遍歷SB中的FDB表,并根據(jù)FDB表信息下發(fā)FDB相關(guān)的OpenFlow流表

static void
consider_fdb_flows(const struct sbrec_fdb *fdb,
                   const struct hmap *local_datapaths,
                   struct ovn_desired_flow_table *flow_table)
{
    ...
    struct match match = MATCH_CATCHALL_INITIALIZER;
    match_set_metadata(&match, htonll(fdb->dp_key));
    match_set_dl_dst(&match, mac);

    uint64_t stub[1024 / 8];
    struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
    put_load64(fdb->port_key, MFF_LOG_OUTPORT, 0, 32, &ofpacts);
    ofctrl_add_flow(flow_table, OFTABLE_GET_FDB, 100,
                    fdb->header_.uuid.parts[0], &match, &ofpacts,
                    &fdb->header_.uuid);
    ...
    put_load(&value, sizeof value, MFF_LOG_FLAGS,
             MLF_LOOKUP_FDB_BIT, 1, &ofpacts);

    struct match lookup_match = MATCH_CATCHALL_INITIALIZER;
    match_set_metadata(&lookup_match, htonll(fdb->dp_key));
    match_set_dl_src(&lookup_match, mac);
    match_set_reg(&lookup_match, MFF_LOG_INPORT - MFF_REG0, fdb->port_key);
    ofctrl_add_flow(flow_table, OFTABLE_LOOKUP_FDB, 100,
                    fdb->header_.uuid.parts[0], &lookup_match, &ofpacts,
                    &fdb->header_.uuid);

FDB表的維護(hù)

pinctrl在執(zhí)行process_packet_in處理controller過來的數(shù)據(jù)包時根據(jù)action code調(diào)用pinctrl_handle_put_fdb

ovn_fdb_add會將dp_key, port_key, mac等信息插入的到全局變量put_fdbs中

  • dp_key packet in的OpenFlow流表的metadata
  • port_key packet in的OpenFlow流表的reg14
  • mac 上送到controller的packet header中獲取

process_packet_in
|- /* 根據(jù)action code執(zhí)行不同的handler */
  |- pinctrl_handle_put_fdb
    |- ovn_fdb_add

pinctrl模塊在執(zhí)行pinctrl_run時會調(diào)用run_put_fdbs丐吓,遍歷全局變量put_fdbs查找SB中的FDB表浅悉,如果條目查不到則將fdb則將信息插入到SB的FDB表中(表中包含信息:dp_key datapath的tunnel key,port_key port的tunnel_key券犁,mac port的mac地

pinctrl_run
|- run_put_fdbs
  |- /* 遍歷FDB表?xiàng)l目 */
    |- run_put_fdb

廣播泛洪部分

physical_run中會遍歷SB的Port_Binding表仇冯,對每一條記錄執(zhí)行consider_port_binding

consider_port_binding中根據(jù)localvif_to_ofport查找Port_Binding的logical_port數(shù)據(jù)的ofport

如果沒有ofport則該P(yáng)ort_Binding條目對應(yīng)的port在remote chassis

對于port在remote chassis,根據(jù)Port_Binding中的redirect_type判斷如果不是bridged

則執(zhí)行put_remote_port_redirect_overlay來下發(fā)泛洪到remote chassis的OpenFlow流表

static void
consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
                      enum mf_field_id mff_ovn_geneve,
                      const struct simap *ct_zones,
                      const struct sset *active_tunnels,
                      const struct hmap *local_datapaths,
                      const struct sbrec_port_binding *binding,
                      const struct sbrec_chassis *chassis,
                      struct ovn_desired_flow_table *flow_table,
                      struct ofpbuf *ofpacts_p)
{
    ...

        const char *redirect_type = smap_get(&binding->options,
                                             "redirect-type");

        /* Remote port connected by tunnel */

        /* Table 32, priority 100.
         * =======================
         *
         * Handles traffic that needs to be sent to a remote hypervisor.  Each
         * flow matches an output port that includes a logical port on a remote
         * hypervisor, and tunnels the packet to that hypervisor.
         */
        match_init_catchall(&match);
        ofpbuf_clear(ofpacts_p);

        /* Match MFF_LOG_DATAPATH, MFF_LOG_OUTPORT. */
        match_set_metadata(&match, htonll(dp_key));
        match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);

        if (redirect_type && !strcasecmp(redirect_type, "bridged")) {
            put_remote_port_redirect_bridged(binding, local_datapaths,
                                             ld, &match, ofpacts_p,
                                             flow_table);
        } else {
            put_remote_port_redirect_overlay(binding, is_ha_remote,
                                             ha_ch_ordered, mff_ovn_geneve,
                                             tun, port_key, &match, ofpacts_p,
                                             flow_table);
        }

所以arp廣播包只會泛洪到有該子網(wǎng)Port_Binding記錄的chassis上

TODO:

  • pinctrl中維護(hù)FDB部分處理細(xì)化
  • physical_run中consider_mc_group部分細(xì)化

附件:
[1] 創(chuàng)建port腳本

#!/usr/bin/bash

# Create port
# neutron port-create --name lucheng-tap --binding:host_id=node-3.domain.tld share_net
# Close port security group
# neutron port-update --no-security-groups lucheng-tap
# neutron port-update --port_security_enabled=false lucheng-tap

HOST=""
MAC=""

get_port_info() {
    source openrc
    port_id="$1"
    HOST=$(neutron port-show -F binding:host_id -f value "$port_id")
    MAC=$(neutron port-show -F mac_address -f value "$port_id")
    ip_info=$(neutron port-show -F fixed_ips -f value "$port_id")
    echo Port "$port_id" Mac: "$MAC" HOST: "$HOST"
    echo IP Info: "$ip_info"
}

create_ns() {
    port_id="$1"
    iface_name="lc-tap-${port_id:0:8}"
    netns_name="lc-vm-${port_id:0:8}"
    ssh "$HOST" ovs-vsctl add-port br-int "$iface_name" \
      -- set Interface "$iface_name" type=internal \
      -- set Interface "$iface_name" external_ids:iface-id="$port_id" \
      -- set Interface "$iface_name" external_ids:attached-mac="$MAC" \
      -- set Interface "$iface_name" external_ids:iface-status=active

    ssh "$HOST" ip netns add "$netns_name"
    ssh "$HOST" ip l set dev "$iface_name" address "$MAC"
    ssh "$HOST" ip l set "$iface_name" netns "$netns_name"
    ssh "$HOST" ip netns exec "$netns_name" ip l set lo up
    ssh "$HOST" ip netns exec "$netns_name" ip l set "$iface_name" up
}

main() {
    get_port_info "$1"
    create_ns "$1"
}

main $@

[2] neutron和ovn數(shù)據(jù)庫中port相關(guān)信息

()[root@busybox-openstack-77f8c69f47-b5sn8 /]# neutron port-show a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a
+-----------------------+----------------------------------------------------------------------------------------+
| Field                 | Value                                                                                  |
+-----------------------+----------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                   |
| allowed_address_pairs |                                                                                        |
| binding:host_id       | node-9.domain.tld                                                                      |
| binding:profile       | {}                                                                                     |
| binding:vif_details   | {"port_filter": true}                                                                  |
| binding:vif_type      | ovs                                                                                    |
| binding:vnic_type     | normal                                                                                 |
| created_at            | 2021-12-14T02:22:42Z                                                                   |
| description           |                                                                                        |
| device_id             |                                                                                        |
| device_owner          |                                                                                        |
| extra_dhcp_opts       |                                                                                        |
| fixed_ips             | {"subnet_id": "9399a7fd-440f-4981-9fc1-4e5c22f9e6ee", "ip_address": "192.168.111.191"} |
| id                    | a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a                                                   |
| mac_address           | fa:16:3e:84:61:02                                                                      |
| name                  | lucheng-tap-no-sec                                                                     |
| network_id            | 2c4dfab0-7362-4ad8-9a92-27cec0fe6c05                                                   |
| port_security_enabled | False                                                                                  |
| project_id            | e5df2ef9a9b4497aa0db7df639f161c9                                                       |
| qos_network_policy_id |                                                                                        |
| qos_policy_id         |                                                                                        |
| resource_request      |                                                                                        |
| revision_number       | 6                                                                                      |
| security_groups       |                                                                                        |
| status                | ACTIVE                                                                                 |
| tags                  |                                                                                        |
| tenant_id             | e5df2ef9a9b4497aa0db7df639f161c9                                                       |
| updated_at            | 2021-12-14T02:24:54Z                                                                   |
+-----------------------+----------------------------------------------------------------------------------------+
()[root@ovn-tool-0 /]# ovn-nbctl find Logical_Switch_Port name=a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a
_uuid               : aa779f10-250c-4919-8563-2d9462d5aedd
addresses           : ["fa:16:3e:84:61:02 192.168.111.191", unknown]
dhcpv4_options      : 45760679-a0db-453a-936b-fbb1ed6e0e9a
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : true
external_ids        : {"neutron:cidrs"="192.168.111.191/24", "neutron:device_id"="", "neutron:device_owner"="", "neutron:network_name"=neutron-2c4dfab0-7362-4ad8-9a92-27cec0fe6c05, "neutron:port_name"=lucheng-tap-no-sec, "neutron:project_id"=e5df2ef9a9b4497aa0db7df639f161c9, "neutron:revision_number"="6", "neutron:security_group_ids"=""}
ha_chassis_group    : []
name                : "a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a"
options             : {mcast_flood_reports="true", requested-chassis=node-9.domain.tld}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : true
()[root@ovn-tool-0 /]# ovn-sbctl find Port_Binding logical_port=a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a
_uuid               : 384550d8-91ed-495e-920e-06054c07723b
chassis             : 79934578-e048-4e4e-9807-705ccfd3d760
datapath            : a899c3df-117a-4a65-8e86-d3cb4663f726
encap               : []
external_ids        : {name=lucheng-tap-no-sec, "neutron:cidrs"="192.168.111.191/24", "neutron:device_id"="", "neutron:device_owner"="", "neutron:network_name"=neutron-2c4dfab0-7362-4ad8-9a92-27cec0fe6c05, "neutron:port_name"=lucheng-tap-no-sec, "neutron:project_id"=e5df2ef9a9b4497aa0db7df639f161c9, "neutron:revision_number"="6", "neutron:security_group_ids"=""}
gateway_chassis     : []
ha_chassis_group    : []
logical_port        : "a7b8fccd-eb2c-422c-83a7-3bb98e24ff4a"
mac                 : ["fa:16:3e:84:61:02 192.168.111.191", unknown]
nat_addresses       : []
options             : {mcast_flood_reports="true", requested-chassis=node-9.domain.tld}
other_config        : {}
parent_port         : []
tag                 : []
tunnel_key          : 451
type                : ""
up                  : true
virtual_parent      : []
()[root@ovn-tool-0 /]# ovn-sbctl list Multicast_Group | grep -C 3 384550d8-91ed-495e-920e-06054c07723b --color | grep -E 'name|tunnel_key|datapath'
datapath            : a899c3df-117a-4a65-8e86-d3cb4663f726
name                : _MC_unknown
tunnel_key          : 32769
datapath            : a899c3df-117a-4a65-8e86-d3cb4663f726
name                : _MC_flood
tunnel_key          : 32768
datapath            : a899c3df-117a-4a65-8e86-d3cb4663f726
name                : _MC_mrouter_static
tunnel_key          : 32771
datapath            : a899c3df-117a-4a65-8e86-d3cb4663f726
name                : _MC_flood_l2
tunnel_key          : 32773
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末族操,一起剝皮案震驚了整個濱河市苛坚,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌色难,老刑警劉巖泼舱,帶你破解...
    沈念sama閱讀 217,734評論 6 505
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件,死亡現(xiàn)場離奇詭異枷莉,居然都是意外死亡娇昙,警方通過查閱死者的電腦和手機(jī),發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 92,931評論 3 394
  • 文/潘曉璐 我一進(jìn)店門笤妙,熙熙樓的掌柜王于貴愁眉苦臉地迎上來冒掌,“玉大人,你說我怎么就攤上這事蹲盘」珊粒” “怎么了?”我有些...
    開封第一講書人閱讀 164,133評論 0 354
  • 文/不壞的土叔 我叫張陵召衔,是天一觀的道長铃诬。 經(jīng)常有香客問我,道長苍凛,這世上最難降的妖魔是什么趣席? 我笑而不...
    開封第一講書人閱讀 58,532評論 1 293
  • 正文 為了忘掉前任,我火速辦了婚禮醇蝴,結(jié)果婚禮上宣肚,老公的妹妹穿的比我還像新娘。我一直安慰自己悠栓,他們只是感情好霉涨,可當(dāng)我...
    茶點(diǎn)故事閱讀 67,585評論 6 392
  • 文/花漫 我一把揭開白布弧呐。 她就那樣靜靜地躺著,像睡著了一般嵌纲。 火紅的嫁衣襯著肌膚如雪俘枫。 梳的紋絲不亂的頭發(fā)上,一...
    開封第一講書人閱讀 51,462評論 1 302
  • 那天逮走,我揣著相機(jī)與錄音鸠蚪,去河邊找鬼。 笑死师溅,一個胖子當(dāng)著我的面吹牛茅信,可吹牛的內(nèi)容都是我干的。 我是一名探鬼主播墓臭,決...
    沈念sama閱讀 40,262評論 3 418
  • 文/蒼蘭香墨 我猛地睜開眼蘸鲸,長吁一口氣:“原來是場噩夢啊……” “哼!你這毒婦竟也來了窿锉?” 一聲冷哼從身側(cè)響起酌摇,我...
    開封第一講書人閱讀 39,153評論 0 276
  • 序言:老撾萬榮一對情侶失蹤,失蹤者是張志新(化名)和其女友劉穎嗡载,沒想到半個月后窑多,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體,經(jīng)...
    沈念sama閱讀 45,587評論 1 314
  • 正文 獨(dú)居荒郊野嶺守林人離奇死亡洼滚,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 37,792評論 3 336
  • 正文 我和宋清朗相戀三年埂息,在試婚紗的時候發(fā)現(xiàn)自己被綠了。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片遥巴。...
    茶點(diǎn)故事閱讀 39,919評論 1 348
  • 序言:一個原本活蹦亂跳的男人離奇死亡千康,死狀恐怖,靈堂內(nèi)的尸體忽然破棺而出铲掐,到底是詐尸還是另有隱情拾弃,我是刑警寧澤,帶...
    沈念sama閱讀 35,635評論 5 345
  • 正文 年R本政府宣布迹炼,位于F島的核電站砸彬,受9級特大地震影響,放射性物質(zhì)發(fā)生泄漏斯入。R本人自食惡果不足惜,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 41,237評論 3 329
  • 文/蒙蒙 一蛀蜜、第九天 我趴在偏房一處隱蔽的房頂上張望刻两。 院中可真熱鬧,春花似錦滴某、人聲如沸磅摹。這莊子的主人今日做“春日...
    開封第一講書人閱讀 31,855評論 0 22
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽户誓。三九已至饼灿,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間帝美,已是汗流浹背碍彭。 一陣腳步聲響...
    開封第一講書人閱讀 32,983評論 1 269
  • 我被黑心中介騙來泰國打工, 沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留悼潭,地道東北人庇忌。 一個月前我還...
    沈念sama閱讀 48,048評論 3 370
  • 正文 我出身青樓,卻偏偏與公主長得像舰褪,于是被迫代替她去往敵國和親皆疹。 傳聞我的和親對象是個殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 44,864評論 2 354

推薦閱讀更多精彩內(nèi)容