From patchwork Tue Aug 13 16:34:04 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Li,Rongqing via dev" <ovs-dev@openvswitch.org>
X-Patchwork-Id: 1146496
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=openvswitch.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=sysclose.org header.i=@sysclose.org
	header.b="Rl33jMrr";
	dkim=fail reason="signature verification failed" (2048-bit key)
	header.d=sysclose.org header.i=@sysclose.org
	header.b="v+eAh83D"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 467JFv3Cs0z9sDQ
	for <incoming@patchwork.ozlabs.org>;
	Wed, 14 Aug 2019 02:34:26 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 84337D9C;
	Tue, 13 Aug 2019 16:34:23 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id C59D5AF7
	for <dev@openvswitch.org>; Tue, 13 Aug 2019 16:34:21 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from sysclose.org (smtp.sysclose.org [69.164.214.230])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1009F8D
	for <dev@openvswitch.org>; Tue, 13 Aug 2019 16:34:21 +0000 (UTC)
Received: by sysclose.org (Postfix, from userid 5001)
	id C60C86506; Tue, 13 Aug 2019 16:34:20 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 sysclose.org C60C86506
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sysclose.org;
	s=201903; t=1565714060;
	bh=hq74wIfuh0pMYaXZ1keyH5LBIUY/NPG56u+6LqJqGeM=;
	h=From:To:Cc:Subject:Date:From;
	b=Rl33jMrryElX+45jUTZyzGkPeSiNhXudv+Vgm836E5JJ7c2gUzZtdhoaxOeGrctnE
	5npoCqtOv4z8Xrv8+mdPFMjVgoq8QNutRBcUEDdzFsKhuP5mOm93+zPexL6Ci5h/q7
	Kq26gco9suWp+Bm1u8oD4e6J5h9493QKnODAHHVXsomYKhEBG2hNScY7bIJLkFbn4u
	jpseapmkH6GHUvmeaahK4SXDvQkmGg9/d7EoqFvCSJI+5fUzb8P7NGD5w8OjsJFd5s
	tBO33zkSDcIHfLCtHmoaUJRnVVP2KEx4aNd4TeAO3jd0U3Rj/BtZQ+4aIgGZdufmdP
	Q3/AqOuCX0pCg==
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.1
Received: from localhost (unknown [177.183.215.235])
	by sysclose.org (Postfix) with ESMTPSA id 9ABEC64F9;
	Tue, 13 Aug 2019 16:34:19 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 sysclose.org 9ABEC64F9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sysclose.org;
	s=201903; t=1565714059;
	bh=hq74wIfuh0pMYaXZ1keyH5LBIUY/NPG56u+6LqJqGeM=;
	h=From:To:Cc:Subject:Date:From;
	b=v+eAh83DNZIqVWAzAmd9pSbV+WGr7fF5IQ5uL9rxe2g6DVqp0z2iViCT7VI8EMPvL
	y01b3iVu1D/gdh98aBjZ56VQgh58IYi8Uib2Vsf4PEgFWQSxGLjAh0usuQP7P2lumS
	9DgOdWOPA/uLk3stzczUhTzVOHrlwIki14wwAicoxdWEB5T7fLmMj7UieUB/Pzp4wm
	DQrn9YSoKA0862eev3XKLUrIOpUNxTQ4oD8uUQ4224tF3fd5xQPVNwrCLhTEv/bn5+
	DEdpHXSdj7ra8O0TkKb8wRU9vRfPoUYqV6YlG4MOFOqW8rv+DuZjvri8SX+I/ztrT3
	h0kFPt28NP5ew==
To: dev@openvswitch.org
Date: Tue, 13 Aug 2019 13:34:04 -0300
Message-Id: <20190813163404.19126-1-fbl@sysclose.org>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Cc: Flavio Leitner <fbl@sysclose.org>
Subject: [ovs-dev] [PATCH] tnl-neigh: Use outgoing ofproto version.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
X-Patchwork-Original-From: Flavio Leitner via dev <ovs-dev@openvswitch.org>
From: "Li,Rongqing via dev" <ovs-dev@openvswitch.org>
Reply-To: Flavio Leitner <fbl@sysclose.org>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

When a packet needs to be encapsulated in userspace, the endpoint
address needs to be resolved to fill in the headers. If it is not,
then currently OvS sends either a Neighbor Solicitation (IPv6)
or an ARP Query (IPv4) to resolve it.

The problem is that the NS/ARP packet will go through the flow
rules in the new bridge, but inheriting the ofproto table version
from the original packet to be encapsulated. When those versions
don't match, the result is unexpected because no flow rules might
be visible, which would cause the default table rule to be used
to drop the packet. Or only part of the flow rules would be visible
and so on.

Since the NS/ARP packet is created by OvS and will be injected in
the outgoing bridge, use the corresponding ofproto version instead.

Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Acked-By: Vasu Dasari <vdasari@gmail.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
---
 ofproto/ofproto-dpif-xlate.c |  4 +--
 tests/tunnel.at              | 62 ++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 28a7fdd84..5a8a46370 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -3414,6 +3414,7 @@ compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
                     struct dp_packet *packet)
 {
     struct xbridge *xbridge = out_dev->xbridge;
+    ovs_version_t version = ofproto_dpif_get_tables_version(xbridge->ofproto);
     struct ofpact_output output;
     struct flow flow;
 
@@ -3423,8 +3424,7 @@ compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
     output.port = OFPP_TABLE;
     output.max_len = 0;
 
-    return ofproto_dpif_execute_actions__(xbridge->ofproto,
-                                          ctx->xin->tables_version, &flow,
+    return ofproto_dpif_execute_actions__(xbridge->ofproto, version, &flow,
                                           NULL, &output.ofpact, sizeof output,
                                           ctx->depth, ctx->resubmits, packet);
 }
diff --git a/tests/tunnel.at b/tests/tunnel.at
index fc6f87936..faffb4149 100644
--- a/tests/tunnel.at
+++ b/tests/tunnel.at
@@ -394,6 +394,68 @@ AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl
 OVS_VSWITCHD_STOP
 AT_CLEANUP
 
+AT_SETUP([tunnel - table version])
+dnl check if changes in the egress bridge flow table affects
+dnl discovering the link layer address of tunnel endpoints.
+OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00])
+AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy], [0])
+AT_CHECK([ovs-vsctl add-port int-br v1 -- set Interface v1 type=vxlan \
+                       options:remote_ip=172.31.1.2 options:key=123 \
+                       ofport_request=2 \
+                 -- add-port int-br v2 -- set Interface v2 type=internal \
+                       ofport_request=3 \
+                       ], [0])
+
+AT_CHECK([ovs-appctl dpif/show], [0], [dnl
+dummy@ovs-dummy: hit:0 missed:0
+  br0:
+    br0 65534/100: (dummy-internal)
+    p0 1/1: (dummy)
+  int-br:
+    int-br 65534/2: (dummy-internal)
+    v1 2/4789: (vxlan: key=123, remote_ip=172.31.1.2)
+    v2 3/3: (dummy-internal)
+])
+
+dnl First setup dummy interface IP address, then add the route
+dnl so that tnl-port table can get valid IP address for the device.
+AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 172.31.1.1/24], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 172.31.1.0/24 br0], [0], [OK
+])
+
+dnl change the flow table to bump the internal table version
+AT_CHECK([ovs-ofctl add-flow int-br action=normal])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+AT_CHECK([ovs-ofctl del-flows br0])
+AT_CHECK([ovs-ofctl add-flow br0 action=normal])
+
+dnl Check Neighbour discovery.
+AT_CHECK([ovs-vsctl -- set Interface p0 options:pcap=p0.pcap])
+
+AT_CHECK([ovs-appctl netdev-dummy/receive int-br 'in_port(2),eth(src=aa:55:aa:55:00:00,dst=f8:bc:12:ff:ff:ff),eth_type(0x0800),ipv4(src=1.1.3.92,dst=1.1.3.88,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)'])
+AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1])
+
+dnl When the wrong version is used, the flow is not visible and the
+dnl packet is dropped.
+AT_CHECK([cat p0.pcap.txt | grep ffffffffffffaa55aa55000008060001080006040001aa55aa550000ac1f0101000000000000ac1f0102 | uniq], [0], [dnl
+ffffffffffffaa55aa55000008060001080006040001aa55aa550000ac1f0101000000000000ac1f0102
+])
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+
 AT_SETUP([tunnel - LISP])
 OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=lisp \
                     options:remote_ip=1.1.1.1 ofport_request=1])