From patchwork Thu Mar 19 12:26:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1258152 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48jmPQ18VVz9sRY for ; Thu, 19 Mar 2020 23:27:05 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id C863B86ACA; Thu, 19 Mar 2020 12:27:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Na7eQYJwCnYN; Thu, 19 Mar 2020 12:27:03 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id EE86585F51; Thu, 19 Mar 2020 12:27:02 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D8D94C1830; Thu, 19 Mar 2020 12:27:02 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id DC027C07FF for ; Thu, 19 Mar 2020 12:27:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D8C7487E45 for ; Thu, 19 Mar 2020 12:27:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qfmzDyUDFfd1 for ; Thu, 19 Mar 2020 12:26:59 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by whitealder.osuosl.org (Postfix) with ESMTPS id 7530487DF2 for ; Thu, 19 Mar 2020 12:26:59 +0000 (UTC) X-Originating-IP: 116.75.112.14 Received: from nummac.local (unknown [116.75.112.14]) (Authenticated sender: numans@ovn.org) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id E9D5B1BF205; Thu, 19 Mar 2020 12:26:56 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Thu, 19 Mar 2020 17:56:41 +0530 Message-Id: <20200319122641.473776-1-numans@ovn.org> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn] ovn-northd: Don't add arp responder flows for lports with 'unknown' address. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique If a logical port has 'unknown' address, it means it can send and receive packet with any IP and MAC and generally port security is not set for such logical ports. If an lport has addresses set to - ["MAC1 IP1", unknown], right now we add arp responder flows for IP1 and respond MAC1 in the arp response. But it's possible that the VIF of the logical port can use the IP1 with a different MAC. This patch supports this usecase. When another logical port sends ARP request for IP1, the VIF of the logical port will anyway respond. Reported-by: Maciej Józefczyk Signed-off-by: Numan Siddique Acked-by: Han Zhou --- northd/ovn-northd.8.xml | 5 +++-- northd/ovn-northd.c | 13 ++++++++----- tests/ovn.at | 16 ++++++++++++---- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 9b44720d1..7d03cbc83 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -699,8 +699,9 @@ output;

These flows are omitted for logical ports (other than router ports or - localport ports) that are down and for logical ports of - type virtual. + localport ports) that are down, for logical ports of + type virtual and for logical ports with 'unknown' + address set.

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4f94680b5..f648d2ea7 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -1152,7 +1152,7 @@ struct ovn_port { bool derived; /* Indicates whether this is an additional port * derived from nbsp or nbrp. */ - + bool has_unknown; /* If the addresses have 'unknown' defined. */ /* The port's peer: * * - A switch port S of type "router" has a router port R as a peer, @@ -2059,8 +2059,11 @@ join_logical_ports(struct northd_context *ctx, op->lsp_addrs = xmalloc(sizeof *op->lsp_addrs * nbsp->n_addresses); for (size_t j = 0; j < nbsp->n_addresses; j++) { - if (!strcmp(nbsp->addresses[j], "unknown") - || !strcmp(nbsp->addresses[j], "router")) { + if (!strcmp(nbsp->addresses[j], "unknown")) { + op->has_unknown = true; + continue; + } + if (!strcmp(nbsp->addresses[j], "router")) { continue; } if (is_dynamic_lsp_address(nbsp->addresses[j])) { @@ -6127,7 +6130,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } else { /* * Add ARP/ND reply flows if either the - * - port is up or + * - port is up and it doesn't have 'unknown' address defined or * - port type is router or * - port type is localport */ @@ -6136,7 +6139,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, continue; } - if (lsp_is_external(op->nbsp)) { + if (lsp_is_external(op->nbsp) || op->has_unknown) { continue; } diff --git a/tests/ovn.at b/tests/ovn.at index 8cdbad743..1b6073ff0 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1758,11 +1758,13 @@ for is in 1 2 3; do sip=`ip_to_hex 192 168 0 $is$js` tip=`ip_to_hex 192 168 0 $id$jd` tip_unknown=`ip_to_hex 11 11 11 11` + reply_ha=; if test $d != $s; then - reply_ha=f000000000$d - else - reply_ha= + if test $jd != 1; then + reply_ha=f000000000$d + fi fi + test_arp $s f000000000$s $sip $tip $reply_ha #9 test_arp $s f000000000$s $sip $tip_unknown #10 @@ -2199,7 +2201,13 @@ for s in 1 2 3; do sip=192.168.0.$s tip=192.168.0.$d tip_unknown=11.11.11.11 - if test $d != $s; then reply_ha=f0:00:00:00:00:0$d; else reply_ha=; fi + reply_ha=; + if test $d != $s; then + if test $d != 1; then + reply_ha=f0:00:00:00:00:0$d; + fi + fi + test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9 test_arp $s f0:00:00:00:00:0$s $sip $tip_unknown #10