get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/1529570/
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 1529570,
    "url": "http://patchwork.ozlabs.org/api/patches/1529570/",
    "web_url": "http://patchwork.ozlabs.org/project/ovn/patch/20210917215602.10633-1-odivlad@gmail.com/",
    "project": {
        "id": 68,
        "url": "http://patchwork.ozlabs.org/api/projects/68/",
        "name": "Open Virtual Network development",
        "link_name": "ovn",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20210917215602.10633-1-odivlad@gmail.com>",
    "list_archive_url": null,
    "date": "2021-09-17T21:56:02",
    "name": "[ovs-dev] northd: support HW VTEP with stateful datapath",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "006561c0eb62cc74967054ec45b87127e5e69607",
    "submitter": {
        "id": 80943,
        "url": "http://patchwork.ozlabs.org/api/people/80943/",
        "name": "Vladislav Odintsov",
        "email": "odivlad@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ovn/patch/20210917215602.10633-1-odivlad@gmail.com/mbox/",
    "series": [
        {
            "id": 262888,
            "url": "http://patchwork.ozlabs.org/api/series/262888/",
            "web_url": "http://patchwork.ozlabs.org/project/ovn/list/?series=262888",
            "date": "2021-09-17T21:56:02",
            "name": "[ovs-dev] northd: support HW VTEP with stateful datapath",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/262888/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/1529570/comments/",
    "check": "fail",
    "checks": "http://patchwork.ozlabs.org/api/patches/1529570/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20210112 header.b=WKKXQ7c/;\n\tdkim-atps=neutral",
            "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)",
            "smtp2.osuosl.org (amavisd-new);\n dkim=pass (2048-bit key) header.d=gmail.com"
        ],
        "Received": [
            "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 4HB77d6DWHz9sPf\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 18 Sep 2021 07:56:13 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 02ABC425B0;\n\tFri, 17 Sep 2021 21:56:10 +0000 (UTC)",
            "from smtp4.osuosl.org ([127.0.0.1])\n\tby localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id X-0C8oyfV0Qk; Fri, 17 Sep 2021 21:56:09 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp4.osuosl.org (Postfix) with ESMTPS id F38C04255A;\n\tFri, 17 Sep 2021 21:56:08 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id A5ECDC000F;\n\tFri, 17 Sep 2021 21:56:08 +0000 (UTC)",
            "from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 3CF8FC000D\n for <dev@openvswitch.org>; Fri, 17 Sep 2021 21:56:07 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id 38F45407D7\n for <dev@openvswitch.org>; Fri, 17 Sep 2021 21:56:07 +0000 (UTC)",
            "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n with ESMTP id DmWr5omh_SDm for <dev@openvswitch.org>;\n Fri, 17 Sep 2021 21:56:06 +0000 (UTC)",
            "from mail-lf1-x131.google.com (mail-lf1-x131.google.com\n [IPv6:2a00:1450:4864:20::131])\n by smtp2.osuosl.org (Postfix) with ESMTPS id A1F5C40172\n for <dev@openvswitch.org>; Fri, 17 Sep 2021 21:56:05 +0000 (UTC)",
            "by mail-lf1-x131.google.com with SMTP id x27so38564256lfu.5\n for <dev@openvswitch.org>; Fri, 17 Sep 2021 14:56:05 -0700 (PDT)",
            "from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru.\n [109.252.131.59])\n by smtp.gmail.com with ESMTPSA id j20sm618863lfu.165.2021.09.17.14.56.02\n (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);\n Fri, 17 Sep 2021 14:56:02 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "whitelisted by SQLgrey-1.8.0",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;\n h=from:to:cc:subject:date:message-id:mime-version\n :content-transfer-encoding;\n bh=N2+pYucvOMZLZTd5Ag7nPNXdcaes6YBwgyzCX3JaHXU=;\n b=WKKXQ7c/+4I6ez7qXoANt1EvXNmHyvJvcj1g15pSpPcVVQoHGBSEv3czyfrFMpvllI\n XFHxyJO8pmtbeZcLG3cE10wSdviCfdX+dp/Yzz2gwbpd+xpf0D2Q3LMLsuztya7/t2o6\n OlrkPs56x6gkh7h2IFE22PxkhkP7lmoeah3qYn+yELuS+bMQPC5jo3xbuQrQqy40PGiY\n LtQdhkdhv6XoOsVEdNMmRgGFg697LZxSllb5LiOzbzgjsYo1Of4ht4mb0TcP30NwbBgk\n 4g5RrrlNCV1DzlMO4sLt798hgAp4n4QVETnr1b1hqiVJ7yV9PoMohYJuq+bois90BubD\n Wj0w==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20210112;\n h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version\n :content-transfer-encoding;\n bh=N2+pYucvOMZLZTd5Ag7nPNXdcaes6YBwgyzCX3JaHXU=;\n b=DCLXAkeCbWUnI86p52iIui4BhBinRJCnurJMyf6RcbkUBpC79u0xiTeXda8XTb7lYm\n tJ8fhjembpYXnVH8krqen+o3Ofc8FesWt8UOk+/Dedt/dBVsjYUj2tYXm12LT/5O723t\n ZIVg9QIgZPg9KiKnlYXIgNeaKBO2hvIij2Ja45E1f8EMMR47kR8XTKfJrKOsZovi9k9t\n 26CDeAfBBI4UjRCb9+0kB3ZwPgIZ1cWwmRnYp5rPwmGbW4uvBAnR3vLKuOwKT/Q/Znwh\n cmwsyW6Bv0T1V3X/I6Qezk6f4RU/pqBCPI77vzfq3FR8QC8P9dOtlslBsqWGQ7h3/Qo5\n 6hZg==",
        "X-Gm-Message-State": "AOAM5334cMB6fzQ1or5aw7WAqp2T5OEhLIroMzznmC1m4UTQSOx/irs2\n Y28Mf2kqkjx3+OFUvF8ugQoMMWxN2hU=",
        "X-Google-Smtp-Source": "\n ABdhPJy3aBMUcu8CINff8dWzwX3xh/8x7MFyQwfbrHEEiEj6sSHcL9PiW+A3AgSn5zMho/qhzYDbyw==",
        "X-Received": "by 2002:ac2:4f8f:: with SMTP id z15mr9541912lfs.361.1631915763381;\n Fri, 17 Sep 2021 14:56:03 -0700 (PDT)",
        "From": "Vladislav Odintsov <odivlad@gmail.com>",
        "To": "dev@openvswitch.org",
        "Date": "Sat, 18 Sep 2021 00:56:02 +0300",
        "Message-Id": "<20210917215602.10633-1-odivlad@gmail.com>",
        "X-Mailer": "git-send-email 2.30.0",
        "MIME-Version": "1.0",
        "Cc": "Vladislav Odintsov <odivlad@gmail.com>",
        "Subject": "[ovs-dev] [PATCH ovn] northd: support HW VTEP with stateful datapath",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "A packet going from HW VTEP device to VIF port when arrives to\nhypervisor chassis should go through LS ingress pipeline to l2_lkp\nstage without any match. In l2_lkp stage an output port is\ndetermined and then packet passed to LS egress pipeline for futher\nprocessing and to VIF port delivery.\n\nPrior to this commit a packet, which was received from HW VTEP\ndevice was dropped in an LS ingress datapath, where stateful services\nwere defined (ACLs, LBs).\n\nTo fix this issue we add a special flag-bit which can be used in LS\npipelines, to check whether the packet came from HW VTEP devices.\nIn ls_in_pre_acl and ls_in_pre_lb we add new flow with priority 110\nto skip such packets.\n\nSigned-off-by: Vladislav Odintsov <odivlad@gmail.com>\n---\n northd/northd.c         | 14 ++++++++++++++\n northd/ovn-northd.8.xml | 29 +++++++++++++++++++++++++++++\n northd/ovn_northd.dl    | 33 +++++++++++++++++++++++++++++++--\n tests/ovn-northd.at     |  2 ++\n 4 files changed, 76 insertions(+), 2 deletions(-)",
    "diff": "diff --git a/northd/northd.c b/northd/northd.c\nindex 688a6e4ef..1b84874a7 100644\n--- a/northd/northd.c\n+++ b/northd/northd.c\n@@ -196,6 +196,7 @@ enum ovn_stage {\n #define REGBIT_LKUP_FDB           \"reg0[11]\"\n #define REGBIT_HAIRPIN_REPLY      \"reg0[12]\"\n #define REGBIT_ACL_LABEL          \"reg0[13]\"\n+#define REGBIT_FROM_RAMP          \"reg0[14]\"\n \n #define REG_ORIG_DIP_IPV4         \"reg1\"\n #define REG_ORIG_DIP_IPV6         \"xxreg1\"\n@@ -5112,6 +5113,11 @@ build_lswitch_input_port_sec_op(\n     if (queue_id) {\n         ds_put_format(actions, \"set_queue(%s); \", queue_id);\n     }\n+\n+    if (!strcmp(op->nbsp->type, \"vtep\")) {\n+        ds_put_format(actions, REGBIT_FROM_RAMP\" = 1; \");\n+    }\n+\n     ds_put_cstr(actions, \"next;\");\n     ovn_lflow_add_with_lport_and_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2,\n                                       50, ds_cstr(match), ds_cstr(actions),\n@@ -5359,6 +5365,10 @@ build_pre_acls(struct ovn_datapath *od, struct hmap *port_groups,\n                       \"nd || nd_rs || nd_ra || mldv1 || mldv2 || \"\n                       \"(udp && udp.src == 546 && udp.dst == 547)\", \"next;\");\n \n+        /* Do not send coming from RAMP switch packets to conntrack. */\n+        ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,\n+                      REGBIT_FROM_RAMP\" == 1\", \"next;\");\n+\n         /* Ingress and Egress Pre-ACL Table (Priority 100).\n          *\n          * Regardless of whether the ACL is \"from-lport\" or \"to-lport\",\n@@ -5463,6 +5473,10 @@ build_pre_lb(struct ovn_datapath *od, struct hmap *lflows,\n     ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110,\n                   \"eth.src == $svc_monitor_mac\", \"next;\");\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110,\n+                  REGBIT_FROM_RAMP\" == 1\", \"next;\");\n+\n     /* Allow all packets to go to next tables by default. */\n     ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, \"1\", \"next;\");\n     ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, \"1\", \"next;\");\ndiff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml\nindex eebf0d717..7bb39d2ab 100644\n--- a/northd/ovn-northd.8.xml\n+++ b/northd/ovn-northd.8.xml\n@@ -262,6 +262,18 @@\n         logical ports on which port security is not enabled, these advance all\n         packets that match the <code>inport</code>.\n       </li>\n+      <li>\n+        Logical flows for RAMP (controller-vtep) devices are created for each\n+        physical switch. Packets came from such devices hit these flows and set\n+        the 14'th bit of OVS register 0 (REG0[14]) to 1. This regbit indicates\n+        that packet came from RAMP (controller-vtep) device. Later in logical\n+        switch ingress pipeline this register is checked in ls_in_acl_pre and\n+        ls_in_lb_pre stages whether to skip sending packet to conntrack in\n+        ingress pipeline or not. Packets from RAMP devices should go though\n+        ingress pipeline without any flow match till ls_in_l2_lkup stage to\n+        determine output port. Stateful ACLs for coming from RAMP device\n+        packets are checked within logical switch egress pipeline.\n+      </li>\n     </ul>\n \n     <p>\n@@ -453,6 +465,14 @@\n       processing.\n     </p>\n \n+    <p>\n+      This table has a priority-110 flow with the match\n+      <code>reg0[14] == 1</code> for all logical switch datapaths to resubmit\n+      traffic to the next table. <code>reg0[14]</code> is the register bit,\n+      which indicates that packet was received from RAMP device. Packets from\n+      RAMP device are handled by ACLs only in Logical Switch egress pipeline.\n+    </p>\n+\n     <p>\n       This table also has a priority-110 flow with the match\n       <code>eth.dst == <var>E</var></code> for all logical switch\n@@ -512,6 +532,15 @@\n       configured. We can now add a lflow to drop ct.inv packets.\n     </p>\n \n+    <p>\n+      This table has a priority-110 flow with the match\n+      <code>reg0[14] == 1</code> for all logical switch datapaths to resubmit\n+      traffic to the next table. <code>reg0[14]</code> is the register bit,\n+      which indicates that packet was received from RAMP device. Packets from\n+      RAMP device could be handled by load balancing flows only in Logical\n+      Switch egress pipeline.\n+    </p>\n+\n     <p>\n       This table also has a priority-110 flow with the match\n       <code>eth.dst == <var>E</var></code> for all logical switch\ndiff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl\nindex 669728497..0202af5dc 100644\n--- a/northd/ovn_northd.dl\n+++ b/northd/ovn_northd.dl\n@@ -1631,6 +1631,7 @@ function rEGBIT_ACL_HINT_BLOCK()   : istring = i\"reg0[10]\"\n function rEGBIT_LKUP_FDB()         : istring = i\"reg0[11]\"\n function rEGBIT_HAIRPIN_REPLY()    : istring = i\"reg0[12]\"\n function rEGBIT_ACL_LABEL()        : istring = i\"reg0[13]\"\n+function rEGBIT_FROM_RAMP()        : istring = i\"reg0[14]\"\n \n function rEG_ORIG_DIP_IPV4()       : istring = i\"reg1\"\n function rEG_ORIG_DIP_IPV6()       : istring = i\"xxreg1\"\n@@ -2070,6 +2071,16 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) {\n          .io_port          = None,\n          .controller_meter = None);\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    Flow(.logical_datapath = ls_uuid,\n+         .stage            = s_SWITCH_IN_PRE_ACL(),\n+         .priority         = 110,\n+         .__match          = i\"${rEGBIT_FROM_RAMP()} == 1\",\n+         .actions          = i\"next;\",\n+         .stage_hint       = 0,\n+         .io_port          = None,\n+         .controller_meter = None);\n+\n     /* Ingress and Egress Pre-ACL Table (Priority 100).\n      *\n      * Regardless of whether the ACL is \"from-lport\" or \"to-lport\",\n@@ -2136,6 +2147,16 @@ for (&Switch(._uuid = ls_uuid)) {\n          .io_port          = None,\n          .controller_meter = None);\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    Flow(.logical_datapath = ls_uuid,\n+         .stage            = s_SWITCH_IN_PRE_LB(),\n+         .priority         = 110,\n+         .__match          = i\"${rEGBIT_FROM_RAMP()} == 1\",\n+         .actions          = i\"next;\",\n+         .stage_hint       = 0,\n+         .io_port          = None,\n+         .controller_meter = None);\n+\n     /* Allow all packets to go to next tables by default. */\n     Flow(.logical_datapath = ls_uuid,\n          .stage            = s_SWITCH_IN_PRE_LB(),\n@@ -3361,10 +3382,18 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses\n             } else {\n                 i\"inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\\\" \\\")}}\"\n             } in\n-        var actions = match (pbinding.options.get(i\"qdisc_queue_id\")) {\n+        var actions = {\n+            var ramp = if (lsp.__type == i\"vtep\") {\n+                i\"${rEGBIT_FROM_RAMP()} = 1; \"\n+            } else {\n+                i\"\"\n+            };\n+            var queue = match (pbinding.options.get(i\"qdisc_queue_id\")) {\n                 None -> i\"next;\",\n                 Some{id} -> i\"set_queue(${id}); next;\"\n-            } in\n+            };\n+            i\"${ramp}${queue}\"\n+        } in\n         Flow(.logical_datapath = sw._uuid,\n              .stage            = s_SWITCH_IN_PORT_SEC_L2(),\n              .priority         = 50,\ndiff --git a/tests/ovn-northd.at b/tests/ovn-northd.at\nindex 2af3f2096..5de554455 100644\n--- a/tests/ovn-northd.at\n+++ b/tests/ovn-northd.at\n@@ -3597,6 +3597,7 @@ check_stateful_flows() {\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(eth.dst == $svc_monitor_mac), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(ip && inport == \"sw0-lr0\"), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(nd || nd_rs || nd_ra || mldv1 || mldv2), action=(next;)\n+  table=6 (ls_in_pre_lb       ), priority=110  , match=(reg0[[14]] == 1), action=(next;)\n ])\n \n     AT_CHECK([grep \"ls_in_pre_stateful\" sw0flows | sort], [0], [dnl\n@@ -3660,6 +3661,7 @@ AT_CHECK([grep \"ls_in_pre_lb\" sw0flows | sort], [0], [dnl\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(eth.dst == $svc_monitor_mac), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(ip && inport == \"sw0-lr0\"), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(nd || nd_rs || nd_ra || mldv1 || mldv2), action=(next;)\n+  table=6 (ls_in_pre_lb       ), priority=110  , match=(reg0[[14]] == 1), action=(next;)\n ])\n \n AT_CHECK([grep \"ls_in_pre_stateful\" sw0flows | sort], [0], [dnl\n",
    "prefixes": [
        "ovs-dev"
    ]
}