get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/1529667/
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 1529667,
    "url": "http://patchwork.ozlabs.org/api/patches/1529667/",
    "web_url": "http://patchwork.ozlabs.org/project/ovn/patch/20210918125121.8257-1-odivlad@gmail.com/",
    "project": {
        "id": 68,
        "url": "http://patchwork.ozlabs.org/api/projects/68/",
        "name": "Open Virtual Network development",
        "link_name": "ovn",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20210918125121.8257-1-odivlad@gmail.com>",
    "list_archive_url": null,
    "date": "2021-09-18T12:51:21",
    "name": "[ovs-dev,branch-21.06] northd: support HW VTEP with stateful datapath",
    "commit_ref": null,
    "pull_url": null,
    "state": "changes-requested",
    "archived": false,
    "hash": "a8a7cf3c9cb5948f5ecb8e9364665cc6e4a0b7fd",
    "submitter": {
        "id": 80943,
        "url": "http://patchwork.ozlabs.org/api/people/80943/",
        "name": "Vladislav Odintsov",
        "email": "odivlad@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ovn/patch/20210918125121.8257-1-odivlad@gmail.com/mbox/",
    "series": [
        {
            "id": 262936,
            "url": "http://patchwork.ozlabs.org/api/series/262936/",
            "web_url": "http://patchwork.ozlabs.org/project/ovn/list/?series=262936",
            "date": "2021-09-18T12:51:21",
            "name": "[ovs-dev,branch-21.06] northd: support HW VTEP with stateful datapath",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/262936/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/1529667/comments/",
    "check": "fail",
    "checks": "http://patchwork.ozlabs.org/api/patches/1529667/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20210112 header.b=Iu3fdrcG;\n\tdkim-atps=neutral",
            "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=140.211.166.133; helo=smtp2.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)"
        ],
        "Received": [
            "from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 4HBW0j3d7Gz9sRN\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 18 Sep 2021 22:51:33 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp2.osuosl.org (Postfix) with ESMTP id 449D840281;\n\tSat, 18 Sep 2021 12:51:31 +0000 (UTC)",
            "from smtp2.osuosl.org ([127.0.0.1])\n\tby localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id IexLjK8KXh8t; Sat, 18 Sep 2021 12:51:30 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp2.osuosl.org (Postfix) with ESMTPS id F13C6400FC;\n\tSat, 18 Sep 2021 12:51:28 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id D193CC000F;\n\tSat, 18 Sep 2021 12:51:28 +0000 (UTC)",
            "from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 6F69EC000D\n for <dev@openvswitch.org>; Sat, 18 Sep 2021 12:51:27 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id 505AD4024B\n for <dev@openvswitch.org>; Sat, 18 Sep 2021 12:51:27 +0000 (UTC)",
            "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n with ESMTP id Am9EJXpDnXLH for <dev@openvswitch.org>;\n Sat, 18 Sep 2021 12:51:26 +0000 (UTC)",
            "from mail-lf1-x135.google.com (mail-lf1-x135.google.com\n [IPv6:2a00:1450:4864:20::135])\n by smtp2.osuosl.org (Postfix) with ESMTPS id B526E400FC\n for <dev@openvswitch.org>; Sat, 18 Sep 2021 12:51:25 +0000 (UTC)",
            "by mail-lf1-x135.google.com with SMTP id g41so11634709lfv.1\n for <dev@openvswitch.org>; Sat, 18 Sep 2021 05:51:25 -0700 (PDT)",
            "from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru.\n [109.252.131.59])\n by smtp.gmail.com with ESMTPSA id y13sm750561lfs.17.2021.09.18.05.51.22\n (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);\n Sat, 18 Sep 2021 05:51:22 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "whitelisted by SQLgrey-1.8.0",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;\n h=from:to:cc:subject:date:message-id:mime-version\n :content-transfer-encoding;\n bh=pUj47uzUjZZfB+is2lNWaRNupgfZZ94qoO6QwFbZz6M=;\n b=Iu3fdrcGcdwtexzHZnQU1q2/jh8SRzfRcnHNHSFwF0BaomTb/OckMyTKnzwHn3mSs7\n tsLKp5o1IW0YP18Bk0+h8QiCh3PrTQqHzQ8US/+LZ+dgX9N0g24GIn4MlDxa72gTEWRx\n A5imTVKE2ZcA9TeRkuL6zsSMBLHC1pUmmijL4xToi/Hefq8PHX3iTDnQWnOVByFDXPdR\n xfO8eYIumY8vFBiV3Li7DZBY6h1P92At6va6L6rN8BnwpbM54WO0a87eK+THEG/qtu0t\n 0NBEmTGicqUxwg9p6RQzZl5/JxuMiBbSxKgi+JnN3dk9KzzaB9w9PCleAwGR/UDWmgqp\n zpxA==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20210112;\n h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version\n :content-transfer-encoding;\n bh=pUj47uzUjZZfB+is2lNWaRNupgfZZ94qoO6QwFbZz6M=;\n b=wgJSgSwl2JQZTxOCxtRZsUUCpDa+FThenKe2ndM8691bi9ZY4swr9UUp13V7WC9EHm\n OqrUQRMsBPFX8jhfodwrX/qZKf1bKMXmtPqhTa62M1ZXjD+pS5DktvwvdRrfDRlaHXmm\n 5RSsjS1VDnkERN3WMaILHMGM2JGL6iNinHS5q3O8Rw3G1zX2jfoAPlSXQcHnuA3OODNr\n 1gTqL2Y1XMHMmTn1gkbUqBvS0j8xvHhUAykQfH1/H7A50iqOJ4Qw5+HziJJA8CaF3rmL\n 3Fgwy3oIxuQMlB/FUdglOEALNs96MM0mcvsFdKtR8wgzOWMZQ0YPuV8AGFTRgqpKaf/h\n rlZA==",
        "X-Gm-Message-State": "AOAM533p3DIwADPkoOBpubRvOejpzHE4TRZgxV+X+YmmI5367+RPydry\n kaNEkNJv+utUYuiQVcSNK4Xx7teMNhczJA==",
        "X-Google-Smtp-Source": "\n ABdhPJw2CJsF6afKSYdd/Dj8nZgRpRBgZ/OHNUydkFxN7yZ2op1l+6D9Zt7rttJV6Dcrwwogm4vdJA==",
        "X-Received": "by 2002:a05:6512:3f03:: with SMTP id\n y3mr11980669lfa.5.1631969483199;\n Sat, 18 Sep 2021 05:51:23 -0700 (PDT)",
        "From": "Vladislav Odintsov <odivlad@gmail.com>",
        "To": "dev@openvswitch.org",
        "Date": "Sat, 18 Sep 2021 15:51:21 +0300",
        "Message-Id": "<20210918125121.8257-1-odivlad@gmail.com>",
        "X-Mailer": "git-send-email 2.30.0",
        "MIME-Version": "1.0",
        "Cc": "Vladislav Odintsov <odivlad@gmail.com>",
        "Subject": "[ovs-dev] [PATCH ovn branch-21.06] northd: support HW VTEP with\n\tstateful datapath",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "A packet going from HW VTEP device to VIF port when arrives to\nhypervisor chassis should go through LS ingress pipeline to l2_lkp\nstage without any match. In l2_lkp stage an output port is\ndetermined and then packet passed to LS egress pipeline for futher\nprocessing and to VIF port delivery.\n\nPrior to this commit a packet, which was received from HW VTEP\ndevice was dropped in an LS ingress datapath, where stateful services\nwere defined (ACLs, LBs).\n\nTo fix this issue we add a special flag-bit which can be used in LS\npipelines, to check whether the packet came from HW VTEP devices.\nIn ls_in_pre_acl and ls_in_pre_lb we add new flow with priority 110\nto skip such packets.\n\nSigned-off-by: Vladislav Odintsov <odivlad@gmail.com>\nSigned-off-by: Numan Siddique <numans@ovn.org>\n(cherry picked from commit 62ca8b9620cc1168ace6905575b7d36438363aed)\n---\n northd/ovn-northd.8.xml | 28 ++++++++++++++++++++++++++++\n northd/ovn-northd.c     | 14 ++++++++++++++\n northd/ovn_northd.dl    | 33 +++++++++++++++++++++++++++++++--\n ovs                     |  2 +-\n tests/ovn-northd.at     |  2 ++\n 5 files changed, 76 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml\nindex 890775797..29eaf1864 100644\n--- a/northd/ovn-northd.8.xml\n+++ b/northd/ovn-northd.8.xml\n@@ -262,6 +262,16 @@\n         logical ports on which port security is not enabled, these advance all\n         packets that match the <code>inport</code>.\n       </li>\n+      <li>\n+        For logical ports of type <code>vtep</code>, the above logical flow\n+        will also apply the action <code>REGBIT_FROM_RAMP = 1;</code> to\n+        indicate that the packet is coming from a RAMP (controller-vtep)\n+        device.  Later pipelines will use this information to skip\n+        sending the packet to the conntrack.  Packets from <code>vtep</code>\n+        logical ports should go though ingress pipeline only to determine\n+        the output port and they should not be subjected to any ACL checks.\n+        Egress pipeline will do the ACL checks.\n+      </li>\n     </ul>\n \n     <p>\n@@ -453,6 +463,15 @@\n       processing.\n     </p>\n \n+    <p>\n+      This table has a priority-110 flow with the match\n+      <code>REGBIT_FROM_RAMP == 1</code> for all logical switch datapaths to\n+      resubmit traffic to the next table. <code>REGBIT_FROM_RAMP</code>\n+      indicates that packet was received from <code>vtep</code> logical ports\n+      and it can be skipped from the stateful ACL processing in the ingress\n+      pipeline.\n+    </p>\n+\n     <p>\n       This table also has a priority-110 flow with the match\n       <code>eth.dst == <var>E</var></code> for all logical switch\n@@ -512,6 +531,15 @@\n       configured. We can now add a lflow to drop ct.inv packets.\n     </p>\n \n+    <p>\n+      This table has a priority-110 flow with the match\n+      <code>REGBIT_FROM_RAMP == 1</code> for all logical switch datapaths to\n+      resubmit traffic to the next table. <code>REGBIT_FROM_RAMP</code>\n+      indicates that packet was received from <code>vtep</code> logical ports\n+      and it can be skipped from the load balancer processing in the ingress\n+      pipeline.\n+    </p>\n+\n     <p>\n       This table also has a priority-110 flow with the match\n       <code>eth.dst == <var>E</var></code> for all logical switch\ndiff --git a/northd/ovn-northd.c b/northd/ovn-northd.c\nindex a7f6fdf6b..c2cc9b930 100644\n--- a/northd/ovn-northd.c\n+++ b/northd/ovn-northd.c\n@@ -236,6 +236,7 @@ enum ovn_stage {\n #define REGBIT_ACL_HINT_BLOCK     \"reg0[10]\"\n #define REGBIT_LKUP_FDB           \"reg0[11]\"\n #define REGBIT_HAIRPIN_REPLY      \"reg0[12]\"\n+#define REGBIT_FROM_RAMP          \"reg0[14]\"\n \n #define REG_ORIG_DIP_IPV4         \"reg1\"\n #define REG_ORIG_DIP_IPV6         \"xxreg1\"\n@@ -4823,10 +4824,15 @@ build_lswitch_input_port_sec_op(\n     build_port_security_l2(\"eth.src\", op->ps_addrs, op->n_ps_addrs,\n                            match);\n \n+    if (!strcmp(op->nbsp->type, \"vtep\")) {\n+        ds_put_format(actions, REGBIT_FROM_RAMP\" = 1; \");\n+    }\n+\n     const char *queue_id = smap_get(&op->sb->options, \"qdisc_queue_id\");\n     if (queue_id) {\n         ds_put_format(actions, \"set_queue(%s); \", queue_id);\n     }\n+\n     ds_put_cstr(actions, \"next;\");\n     ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_PORT_SEC_L2, 50,\n                             ds_cstr(match), ds_cstr(actions),\n@@ -5070,6 +5076,10 @@ build_pre_acls(struct ovn_datapath *od, struct hmap *port_groups,\n                       \"nd || nd_rs || nd_ra || mldv1 || mldv2 || \"\n                       \"(udp && udp.src == 546 && udp.dst == 547)\", \"next;\");\n \n+        /* Do not send coming from RAMP switch packets to conntrack. */\n+        ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,\n+                      REGBIT_FROM_RAMP\" == 1\", \"next;\");\n+\n         /* Ingress and Egress Pre-ACL Table (Priority 100).\n          *\n          * Regardless of whether the ACL is \"from-lport\" or \"to-lport\",\n@@ -5180,6 +5190,10 @@ build_pre_lb(struct ovn_datapath *od, struct hmap *lflows,\n     ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110,\n                   \"eth.src == $svc_monitor_mac\", \"next;\");\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110,\n+                  REGBIT_FROM_RAMP\" == 1\", \"next;\");\n+\n     /* Allow all packets to go to next tables by default. */\n     ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, \"1\", \"next;\");\n     ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, \"1\", \"next;\");\ndiff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl\nindex 46da9a3a4..cca1c11be 100644\n--- a/northd/ovn_northd.dl\n+++ b/northd/ovn_northd.dl\n@@ -1561,6 +1561,7 @@ function rEGBIT_ACL_HINT_DROP()    : string = \"reg0[9]\"\n function rEGBIT_ACL_HINT_BLOCK()   : string = \"reg0[10]\"\n function rEGBIT_LKUP_FDB()         : string = \"reg0[11]\"\n function rEGBIT_HAIRPIN_REPLY()    : string = \"reg0[12]\"\n+function rEGBIT_FROM_RAMP()        : string = \"reg0[14]\"\n \n function rEG_ORIG_DIP_IPV4()       : string = \"reg1\"\n function rEG_ORIG_DIP_IPV6()       : string = \"xxreg1\"\n@@ -1934,6 +1935,16 @@ for (&Switch(._uuid = ls_uuid, .has_stateful_acl = true)) {\n          .actions          = \"next;\",\n          .external_ids     = map_empty());\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    Flow(.logical_datapath = ls_uuid,\n+         .stage            = s_SWITCH_IN_PRE_ACL(),\n+         .priority         = 110,\n+         .__match          = \"${rEGBIT_FROM_RAMP()} == 1\",\n+         .actions          = \"next;\",\n+         .stage_hint       = 0,\n+         .io_port          = None,\n+         .controller_meter = None);\n+\n     /* Ingress and Egress Pre-ACL Table (Priority 100).\n      *\n      * Regardless of whether the ACL is \"from-lport\" or \"to-lport\",\n@@ -1988,6 +1999,16 @@ for (&Switch(._uuid = ls_uuid)) {\n          .actions          = \"next;\",\n          .external_ids     = map_empty());\n \n+    /* Do not send coming from RAMP switch packets to conntrack. */\n+    Flow(.logical_datapath = ls_uuid,\n+         .stage            = s_SWITCH_IN_PRE_LB(),\n+         .priority         = 110,\n+         .__match          = \"${rEGBIT_FROM_RAMP()} == 1\",\n+         .actions          = \"next;\",\n+         .stage_hint       = 0,\n+         .io_port          = None,\n+         .controller_meter = None);\n+\n     /* Allow all packets to go to next tables by default. */\n     Flow(.logical_datapath = ls_uuid,\n          .stage            = s_SWITCH_IN_PRE_LB(),\n@@ -3061,10 +3082,18 @@ for (&SwitchPort(.lsp = lsp, .sw = sw, .json_name = json_name, .ps_eth_addresses\n             } else {\n                 \"inport == ${json_name} && eth.src == {${ps_eth_addresses.join(\\\" \\\")}}\"\n             } in\n-        var actions = match (pbinding.options.get(\"qdisc_queue_id\")) {\n+        var actions = {\n+            var ramp = if (lsp.__type == \"vtep\") {\n+                \"${rEGBIT_FROM_RAMP()} = 1; \"\n+            } else {\n+                \"\"\n+            };\n+            var queue = match (pbinding.options.get(\"qdisc_queue_id\")) {\n                 None -> \"next;\",\n                 Some{id} -> \"set_queue(${id}); next;\"\n-            } in\n+            };\n+            \"${ramp}${queue}\"\n+        } in\n         Flow(.logical_datapath = sw._uuid,\n              .stage            = s_SWITCH_IN_PORT_SEC_L2(),\n              .priority         = 50,\ndiff --git a/ovs b/ovs\nindex a4b04276a..daf627f45 160000\n--- a/ovs\n+++ b/ovs\n@@ -1 +1 @@\n-Subproject commit a4b04276ab5934d087669ff2d191a23931335c87\n+Subproject commit daf627f459ffbc7171d42a2c01f80754bfd54edc\ndiff --git a/tests/ovn-northd.at b/tests/ovn-northd.at\nindex 55cf0ffd4..9523de377 100644\n--- a/tests/ovn-northd.at\n+++ b/tests/ovn-northd.at\n@@ -3429,6 +3429,7 @@ check_stateful_flows() {\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(eth.dst == $svc_monitor_mac), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(ip && inport == \"sw0-lr0\"), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(nd || nd_rs || nd_ra || mldv1 || mldv2), action=(next;)\n+  table=6 (ls_in_pre_lb       ), priority=110  , match=(reg0[[14]] == 1), action=(next;)\n ])\n \n     AT_CHECK([grep \"ls_in_pre_stateful\" sw0flows | sort], [0], [dnl\n@@ -3490,6 +3491,7 @@ AT_CHECK([grep \"ls_in_pre_lb\" sw0flows | sort], [0], [dnl\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(eth.dst == $svc_monitor_mac), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(ip && inport == \"sw0-lr0\"), action=(next;)\n   table=6 (ls_in_pre_lb       ), priority=110  , match=(nd || nd_rs || nd_ra || mldv1 || mldv2), action=(next;)\n+  table=6 (ls_in_pre_lb       ), priority=110  , match=(reg0[[14]] == 1), action=(next;)\n ])\n \n AT_CHECK([grep \"ls_in_pre_stateful\" sw0flows | sort], [0], [dnl\n",
    "prefixes": [
        "ovs-dev",
        "branch-21.06"
    ]
}