From patchwork Thu Feb 27 09:15:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1245677 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YKuCpJN3; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48Sn8v1kNMz9sRQ for ; Thu, 27 Feb 2020 20:16:15 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 75C7122170; Thu, 27 Feb 2020 09:16:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjVn0HAxCqWQ; Thu, 27 Feb 2020 09:16:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 330432011A; Thu, 27 Feb 2020 09:16:11 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1677CC1D80; Thu, 27 Feb 2020 09:16:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0B194C0177 for ; Thu, 27 Feb 2020 09:16:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E3FDE87E97 for ; Thu, 27 Feb 2020 09:16:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FQhmMyznagP for ; Thu, 27 Feb 2020 09:16:09 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by hemlock.osuosl.org (Postfix) with ESMTPS id 1923787E94 for ; Thu, 27 Feb 2020 09:16:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582794967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EV/OUvHdlFomEnDpmwdgiypuFAcitUoQMBsElxsh4pU=; b=YKuCpJN3CV18S81LQZYrS/jSwfO/wEu8ArQDBNW7ZKRFDcXS1qWW92mU7kTphtauBnkkQx bb6KWZepb4l5fdU5E06hfP7OYMMbnHUR4ImMmM4xuiLy2/DArBeqMtPJQ3Kb9smzI0N1Fw SI00Ou9N5Op+gSG5Y/lIv7t87xAaaQQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-489-OZ63yg_YO6KfOkSVzzH0iQ-1; Thu, 27 Feb 2020 04:16:06 -0500 X-MC-Unique: OZ63yg_YO6KfOkSVzzH0iQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 45FD3801A02 for ; Thu, 27 Feb 2020 09:16:05 +0000 (UTC) Received: from dceara.remote.csb (ovpn-117-149.ams2.redhat.com [10.36.117.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id A27471001925 for ; Thu, 27 Feb 2020 09:16:04 +0000 (UTC) From: Dumitru Ceara To: dev@openvswitch.org Date: Thu, 27 Feb 2020 10:15:59 +0100 Message-Id: <1582794959-365-1-git-send-email-dceara@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH branch-2.12] ovn-northd: Fix IP local multicast flooding. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Skip IGMP entries learned for local multicast groups when generating logical flows. We still allow ovn-controller to learn them as it might be useful information for administrators to see that hosts register for the groups even though they are not expected to send JOIN messages for this range. Note: The upstream OVN master patch doesn't apply cleanly because OVN 2.12 doesn't support MLD. The conflict is however easy to solve and involves removing the IPv6 specific code. Fixes: ddc64665b678 ("OVN: Add ovn-northd IGMP support") Reported-by: Lucas Alvares Gomes Reported-at: https://bugzilla.redhat.com/1803008 Signed-off-by: Dumitru Ceara Acked-by: Mark Michelson (cherry picked from OVN commit 755ffada2a66416173d5f1e09672909d40f87fd1) Conflicts: ovn/northd/ovn-northd.c tests/ovn.at --- ovn/northd/ovn-northd.c | 9 +++++++++ tests/ovn.at | 48 +++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 48 insertions(+), 9 deletions(-) diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 1c91649..a079ca3 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -5329,6 +5329,15 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct mcast_info *mcast_info = &igmp_group->datapath->mcast_info; + /* RFC 4541, section 2.1.2, item 2: Skip groups in the 224.0.0.X + * range. + */ + ovs_be32 group_address = + in6_addr_get_mapped_ipv4(&igmp_group->address); + if (ip_is_local_multicast(group_address)) { + continue; + } + if (mcast_info->active_flows >= mcast_info->table_size) { continue; } diff --git a/tests/ovn.at b/tests/ovn.at index 4792e28..1307db0 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -14975,7 +14975,7 @@ ovn-nbctl set Logical_Switch sw1 other_config:mcast_querier="false" ovn-nbctl set Logical_Switch sw1 other_config:mcast_snoop="true" # No IGMP query should be generated by sw1 (mcast_querier="false"). -truncate -s 0 expected +> expected OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected]) OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected]) OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected]) @@ -14995,14 +14995,14 @@ send_igmp_v3_report hv2-vif1 hv2 000000000002 $(ip_to_hex 10 0 0 2) f9f9 \ # Check that the IGMP Group is learned on both hv. OVS_WAIT_UNTIL([ - total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l` + total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" -c` test "${total_entries}" = "2" ]) # Send traffic and make sure it gets forwarded only on the two ports that # joined. -truncate -s 0 expected -truncate -s 0 expected_empty +> expected +> expected_empty send_ip_multicast_pkt hv1-vif2 hv1 \ 000000000001 01005e000144 \ $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e ca70 11 \ @@ -15024,7 +15024,7 @@ send_igmp_v3_report hv1-vif1 hv1 \ # Check IGMP_Group table on both HV. OVS_WAIT_UNTIL([ - total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l` + total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" -c` test "${total_entries}" = "1" ]) @@ -15032,8 +15032,8 @@ OVS_WAIT_UNTIL([ # joined. as hv1 reset_pcap_file hv1-vif1 hv1/vif1 as hv2 reset_pcap_file hv2-vif1 hv2/vif1 -truncate -s 0 expected -truncate -s 0 expected_empty +> expected +> expected_empty send_ip_multicast_pkt hv1-vif2 hv1 \ 000000000001 01005e000144 \ $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e ca70 11 \ @@ -15051,10 +15051,40 @@ OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected_empty]) ovn-sbctl ip-multicast-flush sw1 ovn-nbctl --wait=hv -t 3 sync OVS_WAIT_UNTIL([ - total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l` + total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" -c` test "${total_entries}" = "0" ]) +# Check that traffic for 224.0.0.X is flooded even if some hosts register for +# it. +# Inject IGMP Join for 224.0.0.42 on sw1-p11. +send_igmp_v3_report hv1-vif1 hv1 \ + 000000000001 $(ip_to_hex 10 0 0 1) f9f8 \ + $(ip_to_hex 224 0 0 42) 04 f9d3 \ + /dev/null + +# Check that the IGMP Group is learned. +OVS_WAIT_UNTIL([ + total_entries=`ovn-sbctl find IGMP_Group | grep "224.0.0.42" -c` + test "${total_entries}" = "1" +]) + +# Send traffic and make sure it gets flooded to all ports. +as hv1 reset_pcap_file hv1-vif1 hv1/vif1 +as hv1 reset_pcap_file hv1-vif2 hv1/vif2 +as hv2 reset_pcap_file hv2-vif1 hv2/vif1 +as hv2 reset_pcap_file hv2-vif2 hv2/vif2 +> expected +send_ip_multicast_pkt hv1-vif2 hv1 \ + 000000000001 01005e000144 \ + $(ip_to_hex 10 0 0 42) $(ip_to_hex 224 0 0 42) 1e f989 11 \ + e518e518000a4b540000 \ + expected + +OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected]) +OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected]) +OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected]) + # Enable IGMP snooping and querier on sw2 and set query interval to minimum. ovn-nbctl set Logical_Switch sw2 \ other_config:mcast_snoop="true" \ @@ -15064,7 +15094,7 @@ ovn-nbctl set Logical_Switch sw2 \ other_config:mcast_ip4_src="20.0.0.254" # Wait for 1 query interval (1 sec) and check that two queries are generated. -truncate -s 0 expected +> expected store_igmp_v3_query 0000000002fe $(ip_to_hex 20 0 0 254) 84dd expected store_igmp_v3_query 0000000002fe $(ip_to_hex 20 0 0 254) 84dd expected