From patchwork Mon May 22 11:39:22 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: wang qianyu <wang.qianyu@zte.com.cn>
X-Patchwork-Id: 765375
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3wWcBn3Kr1z9s4q
	for <incoming@patchwork.ozlabs.org>;
	Mon, 22 May 2017 21:39:28 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 951495A7;
	Mon, 22 May 2017 11:39:24 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7E26840F
	for <dev@openvswitch.org>; Mon, 22 May 2017 11:39:23 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from out1.zte.com.cn (out1.zte.com.cn [202.103.147.172])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 6821D178
	for <dev@openvswitch.org>; Mon, 22 May 2017 11:39:20 +0000 (UTC)
X-scanvirus: By SEG_CYREN AntiVirus Engine
X-scanresult: CLEAN
X-MAILFROM: <wang.qianyu@zte.com.cn>
X-RCPTTO: <dev@openvswitch.org>
X-FROMIP: 10.30.3.20
X-SEG-Scaned: 1
X-Received: unknown,10.30.3.20,20170522192610
Received: from unknown (HELO mse01.zte.com.cn) (10.30.3.20)
	by localhost with (AES256-SHA encrypted) SMTP;
	22 May 2017 11:26:10 -0000
Received: from notes_smtp.zte.com.cn ([10.30.1.239])
	by mse01.zte.com.cn with ESMTP id v4MBdAst000435
	for <dev@openvswitch.org>; Mon, 22 May 2017 19:39:10 +0800 (GMT-8)
	(envelope-from wang.qianyu@zte.com.cn)
To: dev@openvswitch.org
MIME-Version: 1.0
X-KeepSent: 2DC22D98:DB2EFFFA-48258128:003FA560;
 type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3 September 15, 2011
Message-ID: 
 <OF2DC22D98.DB2EFFFA-ON48258128.003FA560-48258128.0040036E@zte.com.cn>
From: wang.qianyu@zte.com.cn
Date: Mon, 22 May 2017 19:39:22 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release
	8.5.3FP6|November 21, 2013) at 2017-05-22 19:39:09,
	Serialize complete at 2017-05-22 19:39:09
X-MAIL: mse01.zte.com.cn v4MBdAst000435
X-HQIP: 127.0.0.1
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.12
Cc: zhou.huijing@zte.com.cn, xu.rong@zte.com.cn
Subject: [ovs-dev]  [PATCH] ovn-northd: Fix ping failure of vlan networks.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

There are two computer node, each have one vm. And the two vms in 
indifferent vlan networks. The ping between the vms is not success.

The reason is that, acl of to-localnet port or from-localnet port is
signed to contrack. So the pair of icmp request and reply have different
zone id in one ovs node. This makes the ct state not correct.

This patch do the modification that localnet port do not use ct.

Signed-off-by: wangqianyu <wang.qianyu@zte.com.cn>
---
 ovn/northd/ovn-northd.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

         /* Ingress and Egress Pre-ACL Table (Priority 110).
          *
          * Not to do conntrack on ND packets. */

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 83db753..5d1587e 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
@@ -416,6 +416,7 @@ struct ovn_datapath {
     /* The "derived" OVN port representing the instance of l3dgw_port on
      * the "redirect-chassis". */
     struct ovn_port *l3redirect_port;
+    struct ovn_port *localnet_port;
 };
 
 struct macam_node {
@@ -1351,6 +1352,10 @@ join_logical_ports(struct northd_context *ctx,
                     ovs_list_push_back(nb_only, &op->list);
                 }
 
+                if(!strcmp(nbsp->type, "localnet")) {
+                   od->localnet_port = op;
+                }
+
                 op->lsp_addrs
                     = xmalloc(sizeof *op->lsp_addrs * nbsp->n_addresses);
                 for (size_t j = 0; j < nbsp->n_addresses; j++) {
@@ -2629,6 +2634,21 @@ build_pre_acls(struct ovn_datapath *od, struct hmap 
*lflows)
             ds_destroy(&match_in);
             ds_destroy(&match_out);
         }
+        if(od->localnet_port) {
+            struct ds match_in = DS_EMPTY_INITIALIZER;
+            struct ds match_out = DS_EMPTY_INITIALIZER;
+
+            ds_put_format(&match_in, "ip && inport == %s", 
od->localnet_port->json_key);
+            ds_put_format(&match_out, "ip && outport == %s", 
od->localnet_port->json_key);
+            ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
+                          ds_cstr(&match_in), "next;");
+            ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
+                          ds_cstr(&match_out), "next;");
+
+            ds_destroy(&match_in);
+            ds_destroy(&match_out);
+        }
+