[ovs-dev,5/6] Generic encap and decap support for NSH

Message ID	CFF8EF42F1132E4CBE2BF0AB6C21C58D6E54EF9F@ESESSMB107.ericsson.se
State	Not Applicable
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Jan Scheurich <jan.scheurich@ericsson.com> To: Yi Yang <yi.y.yang@intel.com>, "dev@openvswitch.org" <dev@openvswitch.org> Thread-Topic: [PATCH 5/6] Generic encap and decap support for NSH Thread-Index: AQHS9UGgsTH3hmJY+UGhILUZNMYdx6JW3udw Date: Sun, 16 Jul 2017 18:56:30 +0000 Message-ID: <CFF8EF42F1132E4CBE2BF0AB6C21C58D6E54EF9F@ESESSMB107.ericsson.se> References: <1499226343-123663-1-git-send-email-yi.y.yang@intel.com> <1499226343-123663-6-git-send-email-yi.y.yang@intel.com> In-Reply-To: <1499226343-123663-6-git-send-email-yi.y.yang@intel.com> Accept-Language: en-US Content-Language: en-US MIME-Version: 1.0 Subject: Re: [ovs-dev] [PATCH 5/6] Generic encap and decap support for NSH Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org

Message ID

CFF8EF42F1132E4CBE2BF0AB6C21C58D6E54EF9F@ESESSMB107.ericsson.se

State

Not Applicable

Headers

From: Jan Scheurich <jan.scheurich@ericsson.com>
To: Yi Yang <yi.y.yang@intel.com>,
	"dev@openvswitch.org" <dev@openvswitch.org>
Thread-Topic: [PATCH 5/6] Generic encap and decap support for NSH
Thread-Index: AQHS9UGgsTH3hmJY+UGhILUZNMYdx6JW3udw
Date: Sun, 16 Jul 2017 18:56:30 +0000
Message-ID: <CFF8EF42F1132E4CBE2BF0AB6C21C58D6E54EF9F@ESESSMB107.ericsson.se>
References: <1499226343-123663-1-git-send-email-yi.y.yang@intel.com>
	<1499226343-123663-6-git-send-email-yi.y.yang@intel.com>
In-Reply-To: <1499226343-123663-6-git-send-email-yi.y.yang@intel.com>
Accept-Language: en-US
Content-Language: en-US
MIME-Version: 1.0
Subject: Re: [ovs-dev] [PATCH 5/6] Generic encap and decap support for NSH
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Commit Message

Jan Scheurich July 16, 2017, 6:56 p.m. UTC

Hi Yi,

The following incremental patch unwildcards the NSH next proto field at translation of a  decap() action for an NSH packet. This ensures that a datapath flow only decaps NSH packets of a known encapsulated packet type, avoiding bad suprises when executing decap_nsh action in the datapath.

This implies updates to the NSH unit tests as the datapath flow now includes the match on nsh_np.

For consistency we also unwildcard field dl_type when translating decap for an Ethernet packet, even though the pop_eth datapath action works for any Ethertype.

BR, Jan

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index f7e68c4..41a2dd1 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -5612,10 +5612,12 @@  xlate_generic_decap_action(struct xlate_ctx *ctx,
              * Delay generating pop_eth to the next commit. */
             flow->packet_type = htonl(PACKET_TYPE(OFPHTN_ETHERTYPE,
                                                   ntohs(flow->dl_type)));
+            ctx->wc->masks.dl_type = OVS_BE16_MAX;
             return false;
         case PT_NSH:
-            /* decap_nsh */
-            /* Delay generating decap_nsh to the next commit. */
+            /* The decap_nsh action is generated at the commit executed as
+             * part of freezing the ctx for recirculation. Here we just set
+             * the new packet type based on the NSH next protocol field. */
             switch (flow->nsh.np) {
             case NSH_P_ETHERNET:
                 flow->packet_type = htonl(PT_ETH);
@@ -5638,6 +5640,8 @@  xlate_generic_decap_action(struct xlate_ctx *ctx,
                 return false;
                 break;
             }
+            ctx->wc->masks.nsh.np = UINT8_MAX;
+            /* Trigger recirculation. */
             return true;
         default:
             xlate_report_debug(ctx, OFT_ACTION,
diff --git a/tests/nsh.at b/tests/nsh.at
index 749e981..bbf3bbb 100644
--- a/tests/nsh.at
+++ b/tests/nsh.at
@@ -122,7 +122,7 @@  bridge("br0")
     decap()

 Final flow: unchanged
-Megaflow: recirc_id=0,eth,in_port=4,dl_type=0x894f,nsh_mdtype=1,nsh_spi=4660,nsh_c1=0x11223344
+Megaflow: recirc_id=0,eth,in_port=4,dl_type=0x894f,nsh_mdtype=1,nsh_np=3,nsh_spi=4660,nsh_c1=0x11223344
 Datapath actions: pop_eth,decap_nsh(),recirc(0x2)
 ])

@@ -456,7 +456,7 @@  AT_CHECK([
 ], [0], [flow-dump from non-dpdk interfaces:
 recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth(dst=aa:55:00:00:00:03),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.3,proto=17,frag=no),udp(dst=4789), packets:1, b
 recirc_id(0),in_port(4),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(dst=192.168.10.30,frag=no), packets:1, bytes:98, used:0.0s, actions:pop_eth,encap_nsh(flags=0,mdty
-tunnel(tun_id=0x0,src=30.0.0.1,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0),in_port(4789),packet_type(ns=1,id=0x894f),nsh(spi=0x00000bb8,si=255), packets:1, bytes:10
+tunnel(tun_id=0x0,src=30.0.0.1,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0),in_port(4789),packet_type(ns=1,id=0x894f),nsh(np=1,spi=0x00000bb8,si=255), packets:1, byt
 tunnel(tun_id=0x0,src=30.0.0.1,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0x1),in_port(4789),packet_type(ns=1,id=0x800),ipv4(frag=no), packets:1, bytes:84, used:0.0s,
 ])

@@ -513,7 +513,7 @@  recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth(dst=aa:55:00:00:00:02),eth_ty
 recirc_id(0),in_port(2),packet_type(ns=0,id=0),eth(dst=aa:55:00:00:00:03),eth_type(0x0800),ipv4(src=20.0.0.2,dst=20.0.0.3,proto=17,frag=no),udp(dst=4789), packets:1, b
 recirc_id(0),in_port(4),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(dst=192.168.10.20/255.255.255.248,frag=no), packets:1, bytes:98, used:0.0s, actions:pop_eth,encap_
 tunnel(tun_id=0x0,src=20.0.0.1,dst=20.0.0.2,flags(-df-csum+key)),recirc_id(0),in_port(4789),packet_type(ns=1,id=0x894f),nsh(spi=0x00000bcc,si=255), packets:1, bytes:10
-tunnel(tun_id=0x0,src=30.0.0.2,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0),in_port(4789),packet_type(ns=1,id=0x894f),nsh(spi=0x00000bcc,si=254), packets:1, bytes:10
+tunnel(tun_id=0x0,src=30.0.0.2,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0),in_port(4789),packet_type(ns=1,id=0x894f),nsh(np=1,spi=0x00000bcc,si=254), packets:1, byt
 tunnel(tun_id=0x0,src=30.0.0.2,dst=30.0.0.3,flags(-df-csum+key)),recirc_id(0x2),in_port(4789),packet_type(ns=1,id=0x800),ipv4(frag=no), packets:1, bytes:84, used:0.0s,
 ])

[ovs-dev,5/6] Generic encap and decap support for NSH

Commit Message

Patch