From patchwork Thu Oct 7 12:35:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1537673 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Edp0fGul; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HQ9lh1CHMz9sPB for ; Thu, 7 Oct 2021 23:35:44 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id B80594082E; Thu, 7 Oct 2021 12:35:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FDTIPKDqPhn; Thu, 7 Oct 2021 12:35:40 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 9F2CB40801; Thu, 7 Oct 2021 12:35:39 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 77E47C0011; Thu, 7 Oct 2021 12:35:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 26383C000D for ; Thu, 7 Oct 2021 12:35:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id DDA0F40245 for ; Thu, 7 Oct 2021 12:35:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ejQBEO6i8oXG for ; Thu, 7 Oct 2021 12:35:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id CD2AD40563 for ; Thu, 7 Oct 2021 12:35:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633610131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ky5WLaadE2Xtli4FD/lhK1LPDcfl8OZFxLKKWrc2zmA=; b=Edp0fGul3JVTxRzXCDhqkfaRgN0y8118fuGExdvI1Nj/7Y/JY/4OjG1UKxtTQZlMeFY8l2 gsKZqS30UptSD0aFyYwbMdDklH+nyMF8uhdM38NHeviw0GbO6mEm+i3lcyEL+GSrQje0vH xdQ7CX+ofi1oNg7MYEweGoTs8doSTaA= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-95-OibIJ6TQPuSryyoXjGN8Xg-1; Thu, 07 Oct 2021 08:35:30 -0400 X-MC-Unique: OibIJ6TQPuSryyoXjGN8Xg-1 Received: by mail-wr1-f69.google.com with SMTP id d13-20020adf9b8d000000b00160a94c235aso4579235wrc.2 for ; Thu, 07 Oct 2021 05:35:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:from:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=ky5WLaadE2Xtli4FD/lhK1LPDcfl8OZFxLKKWrc2zmA=; b=bg2WlIcBVyv9YEQZ9OmazAQ1KGBlmCH43qW5MK57hIecG3VcuUtHlNI6Iqi8FKVC3H plUma/MSXhTjlBsNkFWvpYpTEVGhOctT5E3xnQZQs7mNY+vQ8Ettk2jti7m8/RnZ1bj9 c3hN1XRNebzzxWfaUZHUxr2bhxvyaH2I40DonniYYYHolGXRWiHyQvXcUh9h+XdA95w6 T3fQHUkEoQzT24Ea4mRZ6DFgW4TRMlm9D0l1ZVOmcwOpgSIj/NdlPkabeMkhh91arbsh qgKMXUebgfwbcY0IIyQXAGHtiPZ11Cjlt9vCWMkWf9S5m9B9FJGrOKhYw14fGXoVRaFq tfXQ== X-Gm-Message-State: AOAM533CCTYjwvoOJfOFqaA6VKLBGhJqnz6SP83fWdSYxo9C2pwNEltP pH0UIBeNcD87Lv781tMITelr7cqzczrC3W1S6LYzs9D2+WWyuNqBL8LbgzhX1Dz68I/9Z287QXl 2sXFy4q+UkLsdmC7VgjHuUVGUFxb1M/eOM3+AKZyuzCMg4zgpgwvuWCv3Z1MDp1YH X-Received: by 2002:a5d:6390:: with SMTP id p16mr5215337wru.54.1633610129483; Thu, 07 Oct 2021 05:35:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/x1C0ZJf5DXh+BsjBQp0ov8k2lqzuq4j0wY9C93XCDWycgBOhyBuWK9/QoQLXURLle1YHZg== X-Received: by 2002:a5d:6390:: with SMTP id p16mr5215314wru.54.1633610129229; Thu, 07 Oct 2021 05:35:29 -0700 (PDT) Received: from localhost (net-31-156-149-94.cust.vodafonedsl.it. [31.156.149.94]) by smtp.gmail.com with ESMTPSA id r8sm1490844wrv.61.2021.10.07.05.35.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Oct 2021 05:35:28 -0700 (PDT) From: Paolo Valerio To: dev@openvswitch.org Date: Thu, 07 Oct 2021 14:35:28 +0200 Message-ID: <163361012812.2049658.7617456030065856447.stgit@fed.void> In-Reply-To: <163361010601.2049658.11988551193043156960.stgit@fed.void> References: <163361010601.2049658.11988551193043156960.stgit@fed.void> User-Agent: StGit/0.23 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pvalerio@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: fbl@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH RFC 3/5] Tunnel: Snoop ingress packets and update neigh cache if needed. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" In case of native tunnel with bfd enabled, if the MAC address of the remote end's interface changes (e.g. because it got rebooted, and the MAC address is allocated dinamically), the BFD session will never be re-established. This happens because the local tunnel neigh entry doesn't get updated, and the local end keeps sending BFD packets with the old destination MAC address. This was not an issue until b23ddcc57d41 ("tnl-neigh-cache: tighten arp and nd snooping.") because ARP requests were snooped as well avoiding the problem. Fix this by snooping the incoming packets, and updating the neigh cache accordingly. Signed-off-by: Paolo Valerio Fixes: b23ddcc57d41 ("tnl-neigh-cache: tighten arp and nd snooping.") --- lib/tnl-neigh-cache.c | 12 ++++++------ lib/tnl-neigh-cache.h | 3 +++ ofproto/ofproto-dpif-xlate.c | 14 ++++++++++++++ 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/lib/tnl-neigh-cache.c b/lib/tnl-neigh-cache.c index c8a7b60cd..9d3f00ad9 100644 --- a/lib/tnl-neigh-cache.c +++ b/lib/tnl-neigh-cache.c @@ -135,9 +135,9 @@ tnl_neigh_delete(struct tnl_neigh_entry *neigh) ovsrcu_postpone(neigh_entry_free, neigh); } -static void -tnl_neigh_set__(const char name[IFNAMSIZ], const struct in6_addr *dst, - const struct eth_addr mac) +void +tnl_neigh_set(const char name[IFNAMSIZ], const struct in6_addr *dst, + const struct eth_addr mac) { ovs_mutex_lock(&mutex); struct tnl_neigh_entry *neigh = tnl_neigh_lookup__(name, dst); @@ -168,7 +168,7 @@ tnl_arp_set(const char name[IFNAMSIZ], ovs_be32 dst, const struct eth_addr mac) { struct in6_addr dst6 = in6_addr_mapped_ipv4(dst); - tnl_neigh_set__(name, &dst6, mac); + tnl_neigh_set(name, &dst6, mac); } static int @@ -208,7 +208,7 @@ tnl_nd_snoop(const struct flow *flow, struct flow_wildcards *wc, memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst); memset(&wc->masks.nd_target, 0xff, sizeof wc->masks.nd_target); - tnl_neigh_set__(name, &flow->nd_target, flow->arp_tha); + tnl_neigh_set(name, &flow->nd_target, flow->arp_tha); return 0; } @@ -355,7 +355,7 @@ tnl_neigh_cache_add(struct unixctl_conn *conn, int argc OVS_UNUSED, return; } - tnl_neigh_set__(br_name, &ip6, mac); + tnl_neigh_set(br_name, &ip6, mac); unixctl_command_reply(conn, "OK"); } diff --git a/lib/tnl-neigh-cache.h b/lib/tnl-neigh-cache.h index e4b42b059..92fdf5a93 100644 --- a/lib/tnl-neigh-cache.h +++ b/lib/tnl-neigh-cache.h @@ -33,6 +33,9 @@ int tnl_neigh_snoop(const struct flow *flow, struct flow_wildcards *wc, const char dev_name[IFNAMSIZ]); +void +tnl_neigh_set(const char name[IFNAMSIZ], const struct in6_addr *dst, + const struct eth_addr mac); int tnl_neigh_lookup(const char dev_name[IFNAMSIZ], const struct in6_addr *dst, struct eth_addr *mac); void tnl_neigh_cache_init(void); diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 8723cb4e8..4430ac073 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4098,6 +4098,20 @@ terminate_native_tunnel(struct xlate_ctx *ctx, struct flow *flow, flow->nw_proto == IPPROTO_ICMPV6) && is_neighbor_reply_correct(ctx, flow)) { tnl_neigh_snoop(flow, wc, ctx->xbridge->name); + } else if (*tnl_port != ODPP_NONE && + ctx->xin->allow_side_effects && + (flow->dl_type == htons(ETH_TYPE_IP) || + flow->dl_type == htons(ETH_TYPE_IPV6))) { + struct eth_addr mac = flow->dl_src; + struct in6_addr s_ip6; + + if (flow->nw_src) { + in6_addr_set_mapped_ipv4(&s_ip6, flow->nw_src); + } else { + s_ip6 = flow->ipv6_src; + } + + tnl_neigh_set(ctx->xbridge->name, &s_ip6, mac); } }