From patchwork Tue Apr 16 05:21:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xie Liu X-Patchwork-Id: 1923990 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.a=rsa-sha256 header.s=s110527 header.b=VrJfqxfr; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VJXTq4wF3z1yYB for ; Tue, 16 Apr 2024 15:22:06 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 93190406A2; Tue, 16 Apr 2024 05:22:04 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id jAcCPYQeqm-6; Tue, 16 Apr 2024 05:22:03 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 3ABFD4065C Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=163.com header.i=@163.com header.a=rsa-sha256 header.s=s110527 header.b=VrJfqxfr Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 3ABFD4065C; Tue, 16 Apr 2024 05:22:03 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1C97EC007C; Tue, 16 Apr 2024 05:22:03 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 118F3C0037 for ; Tue, 16 Apr 2024 05:22:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EBB004065D for ; Tue, 16 Apr 2024 05:22:00 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id p4ROQEIorVot for ; Tue, 16 Apr 2024 05:21:58 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=117.135.210.3; helo=m16.mail.163.com; envelope-from=liuxie_11@163.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 334CE4065C Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=163.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 334CE4065C Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.3]) by smtp4.osuosl.org (Postfix) with ESMTP id 334CE4065C for ; Tue, 16 Apr 2024 05:21:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=Mad78 YaQnAuw7ou7WRonWtXA8YKdfKglVviKxePMRWY=; b=VrJfqxfrLcbxeH5O2jM62 Yt/9tS7imhAicJjEtPJYuJSiD8sduZR6J5lAakzraLKfAyD+410lqmU4iKLLzPtT 5XNF90O4tvniSMVAz8scdYVB4WnxKJ0dX3Hw2k1gQFQbT8r8Cz5LGGOk0UYK9jqD 4ai5qWdER4RCIon24A9Eu0= Received: from localhost.localdomain (unknown [110.185.170.227]) by gzga-smtp-mta-g2-1 (Coremail) with SMTP id _____wC3P63pCh5mW2IlBQ--.54969S2; Tue, 16 Apr 2024 13:21:46 +0800 (CST) From: liuxie_11@163.com To: dev@openvswitch.org Date: Tue, 16 Apr 2024 13:21:03 +0800 Message-ID: <20240416052131.1659-1-liuxie_11@163.com> X-Mailer: git-send-email 2.42.0.windows.2 In-Reply-To: References: MIME-Version: 1.0 X-CM-TRANSID: _____wC3P63pCh5mW2IlBQ--.54969S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxZFyxWF15GF1Uuw4Dtr1fJFb_yoW5XFy7p3 yv9rWUurW8Xryfta1fG347WFWYkrWvgFnIvF47Gry5K3W3Jrnavrn3tFn8WanIvw47XrW3 JFn8CasF9rs3A3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0pRQ18gUUUUU= X-Originating-IP: [110.185.170.227] X-CM-SenderInfo: xolx5xlhbriqqrwthudrp/1tbiNg7CY2XAlA5+SQAAsR Cc: shylou , Xie Liu Subject: [ovs-dev] [PATCH ovn] northd: Allow DHCP request from the lport if enabled DHCPv4 X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: shylou DHCP for VM fails when removing default security group rules using a CMS like Neutron ML2/OVN [1]. This is because DHCP requests from VMs may be dropped by ACLs. To fix this issue, we add a lflow with a priority of 34000 to allow DHCP requests from the logical port if the CMS has enabled native DHCPv4 for this port. [1]https://bugs.launchpad.net/neutron/+bug/1926515 Signed-off-by: Xie Liu --- northd/northd.c | 10 ++++++++++ tests/ovn-northd.at | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/northd/northd.c b/northd/northd.c index 2c3560ce2..ca641a19e 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -8414,6 +8414,16 @@ build_dhcpv4_options_flows(struct ovn_port *op, meter_groups), &op->nbsp->dhcpv4_options->header_, lflow_ref); + /* Add 34000 priority flow to allow DHCP request from the lport + * if the CMS has enabled native DHCPv4 for this lport. + * */ + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ACL_EVAL, 34000, + ds_cstr(&match), + REGBIT_ACL_VERDICT_ALLOW" = 1; next;", + op->key, + &op->nbsp->header_, + lflow_ref); ds_clear(&match); /* If REGBIT_DHCP_OPTS_RESULT is set, it means the diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 6fdd761da..7657aefff 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -4897,6 +4897,11 @@ ovn-nbctl --wait=sb lsp-set-dhcpv4-options sw0-port1 $CIDR_UUID ovn-sbctl dump-flows sw0 > sw0flows AT_CAPTURE_FILE([sw0flows]) +AT_CHECK([grep "_acl_eval" sw0flows | grep sw0-port1 | ovn_strip_lflows], [0], [dnl + table=??(ls_in_acl_eval ), priority=34000, match=(inport == "sw0-port1" && eth.src == 50:54:00:00:00:01 && (ip4.src == {10.0.0.2, 0.0.0.0} && ip4.dst == {10.0.0.1, 255.255.255.255}) && udp.src == 68 && udp.dst == 67), action=(reg8[[16]] = 1; next;) + table=??(ls_out_acl_eval ), priority=34000, match=(outport == "sw0-port1" && eth.src == c0:ff:ee:00:00:01 && ip4.src == 10.0.0.1 && udp && udp.src == 67 && udp.dst == 68), action=(reg8[[16]] = 1; next;) +]) + AT_CHECK([grep -w "ls_in_dhcp_options" sw0flows | ovn_strip_lflows], [0], [dnl table=??(ls_in_dhcp_options ), priority=0 , match=(1), action=(next;) table=??(ls_in_dhcp_options ), priority=100 , match=(inport == "sw0-port1" && eth.src == 50:54:00:00:00:01 && (ip4.src == {10.0.0.2, 0.0.0.0} && ip4.dst == {10.0.0.1, 255.255.255.255}) && udp.src == 68 && udp.dst == 67), action=(reg0[[3]] = put_dhcp_opts(offerip = 10.0.0.2, hostname = "foo", lease_time = 3600, netmask = 255.255.255.0, router = 10.0.0.1, server_id = 10.0.0.1); next;)