From patchwork Thu Jun 10 15:32:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1490575 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CqqO/uoL; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G17JQ30vrz9sRN for ; Fri, 11 Jun 2021 01:32:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 253E260AD3; Thu, 10 Jun 2021 15:32:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxuWPZIb0ONt; Thu, 10 Jun 2021 15:32:17 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 9EC5D60A84; Thu, 10 Jun 2021 15:32:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5EFEFC001C; Thu, 10 Jun 2021 15:32:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 22052C001C for ; Thu, 10 Jun 2021 15:32:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id F1FB283DB6 for ; Thu, 10 Jun 2021 15:32:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geMCNtdRoF_l for ; Thu, 10 Jun 2021 15:32:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0D22883DA8 for ; Thu, 10 Jun 2021 15:32:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623339133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BxAZAWZM6rA1002V8RNojEOhCa0iycoPF+67Nrb/6TY=; b=CqqO/uoLxYeqgLWThOd47fTkmMh6Ey+Sv0fBEr0nVBoSJERXD4tnxcdibW54rVv/F2D1gl hIHwVzh7Sh8DwqyS5SlkDQ6O5SuIODbStyyP27Uw8oMYIastZFZiJajZBTELH6yGKLPDPM YdpHV0etRGQUP8dIUBaNYPiP0L92TJY= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-443-rp24W8XPPXeSB1Al7OYgRQ-1; Thu, 10 Jun 2021 11:32:07 -0400 X-MC-Unique: rp24W8XPPXeSB1Al7OYgRQ-1 Received: by mail-qt1-f197.google.com with SMTP id f17-20020ac87f110000b02901e117339ea7so16144qtk.16 for ; Thu, 10 Jun 2021 08:32:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BxAZAWZM6rA1002V8RNojEOhCa0iycoPF+67Nrb/6TY=; b=GJyTLLpsCvI3mwk69t+cs3UvI9OJuItl370KPgHVdJ75JXZxW8AXXdMnTP6SV42/1P QPmqb67WjSle4cwuNV3cklF00z6cd+lwDbbIkE6c+HMvHL921cqdHS06Nfn6SjigzNKD pv4ayRflDQCZERgVchT5XHmdQl5DL/D3j7IEIlF8FGZKqE80goICNNFZ9dKgGaoNLLsu zEKhJbezaXvv/1j3tALl3MK24fPe5RNM3s6J6t5Tru/2M23t8dj3JjfoIe4qefSXwM5X 3T9PPpgAfJ+XkJvCPXVS/84+Q9EsPDFHy38HJoZRbUPonnknMSFkVjMKCPSsC+p90DF4 zqHQ== X-Gm-Message-State: AOAM532AU0NAG0t8tsbR2VRQnepC03mFFrcqg7DjdLLr9pLpr9NskjDw F2aj8nSsUZgdZtQ/Own9h1KZVIRAqm9THcbzFDzFd2jmPmEciz+lkOPBY7ICNbc8FcQAIYTYqto 8kWbYGeut4+Ui5dx/2gz3cT7loQB8i79TTXcxP4sUWYTWVt/yQ5x46vYIBRAaH8iEn1rA X-Received: by 2002:ad4:4a68:: with SMTP id cn8mr201975qvb.38.1623339126928; Thu, 10 Jun 2021 08:32:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/aEnptNDjhCXRMPW9Y+OLwkkM1YxN9pC3Ua4zOajLqOLvnnKocy2Hzq8eGQ/7Z7DCemx9Mw== X-Received: by 2002:ad4:4a68:: with SMTP id cn8mr201954qvb.38.1623339126694; Thu, 10 Jun 2021 08:32:06 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id d81sm2477736qke.32.2021.06.10.08.32.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jun 2021 08:32:05 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Thu, 10 Jun 2021 11:32:01 -0400 Message-Id: <20210610153201.1846669-3-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210610153201.1846669-1-mark.d.gray@redhat.com> References: <20210610153201.1846669-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 2/2] ovn-trace: correctly handle ct_dnat(IP) action X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" ovn-trace does not set translated ip address for ct_dnat() actions when tracing. This causes the trace to end prematurely. This can be tested with the following or an equivalent for IPv6: ovn-nbctl ls-add sw0 ovn-nbctl lsp-add sw0 sw0-port1 ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" ovn-nbctl ls-add sw1 ovn-nbctl lsp-add sw1 sw1-port1 ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" ovn-nbctl lr-add lr0 ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 ovn-nbctl lsp-add sw0 lrp0-attachment ovn-nbctl lsp-set-type lrp0-attachment router ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 ovn-nbctl lsp-add sw1 lrp1-attachment ovn-nbctl lsp-set-type lrp1-attachment router ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 ovs-vsctl add-port br-int p1 -- \ set Interface p1 external_ids:iface-id=sw0-port1 ovs-vsctl add-port br-int p2 -- \ set Interface p2 external_ids:iface-id=sw1-port1 ovn-trace 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' Signed-off-by: Mark Gray --- v2: fix whitespace and add unit tests tests/ovn-trace.at | 78 +++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-trace.c | 10 ++++++ 2 files changed, 88 insertions(+) diff --git a/tests/ovn-trace.at b/tests/ovn-trace.at index 3e6c63ba9af0..540d6daef275 100644 --- a/tests/ovn-trace.at +++ b/tests/ovn-trace.at @@ -270,3 +270,81 @@ AT_CHECK([ovn-trace --ovs lsw0 'inport == "lp1" && eth.type == 0x1234' | grep "d OVN_CLEANUP([hv1]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv4 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat 42.42.42.42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv6 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 fd68::2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 fd11::2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 fd68::1/64 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 fd11::1/64 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat fd42::42 fd68::2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat fd42::42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) \ No newline at end of file diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c index 3b26b5af1d69..49463c5c2652 100644 --- a/utilities/ovn-trace.c +++ b/utilities/ovn-trace.c @@ -2297,10 +2297,20 @@ execute_ct_nat(const struct ovnact_ct_nat *ct_nat, if (ct_nat->family == AF_INET) { ds_put_format(&s, "(ip4.%s="IP_FMT")", direction, IP_ARGS(ct_nat->ipv4)); + if (is_dst) { + ct_flow.nw_dst = ct_nat->ipv4; + } else { + ct_flow.nw_src = ct_nat->ipv4; + } } else { ds_put_format(&s, "(ip6.%s=", direction); ipv6_format_addr(&ct_nat->ipv6, &s); ds_put_char(&s, ')'); + if (is_dst) { + ct_flow.ipv6_dst = ct_nat->ipv6; + } else { + ct_flow.ipv6_src = ct_nat->ipv6; + } } uint8_t state = is_dst ? CS_DST_NAT : CS_SRC_NAT;