From patchwork Fri May 7 01:22:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flaviof X-Patchwork-Id: 1475297 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fbt3h5FbXz9sW7 for ; Fri, 7 May 2021 11:22:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C396A404D8; Fri, 7 May 2021 01:22:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjHCX5OC4cU2; Fri, 7 May 2021 01:22:36 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTP id B112E404C0; Fri, 7 May 2021 01:22:35 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 864BEC000D; Fri, 7 May 2021 01:22:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id D1F73C0001 for ; Fri, 7 May 2021 01:22:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id BB5BE404D0 for ; Fri, 7 May 2021 01:22:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QeApe13x9_HI for ; Fri, 7 May 2021 01:22:32 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) by smtp4.osuosl.org (Postfix) with ESMTPS id BD2F5404C0 for ; Fri, 7 May 2021 01:22:32 +0000 (UTC) Received: by mail-qk1-f179.google.com with SMTP id i17so7004889qki.3 for ; Thu, 06 May 2021 18:22:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GpQK6wMW4smc2uQdCQ8Dzm5d04VzzEXUrOcbflFPdZk=; b=qwuUXXHECRe0x6f/Ib01a0gJml/lknOaNrnQ3F3Cd2uBMil8Cin23HAFTVoSBy2OYE 68+bAC4LMYm1Rx5ZZKk7KcBrijSU77UHXBThqViLARP9sURRrLXNrOcvj7OKVOJQiJPi 7twzDoId9QLWYY9DX9Jlt9hD3tEutr0fDwU7X/oltahqJKaAVdoA/hU4rJuxDmiiB+Wd 34tuepqWEyiSvl68lvUYxhYnYHMudlTLlZSs2vcxVdTZ58s4ipXCWB3RHe6ylVSpArBe kK+v4OJe25w+pqysX0NfJ0CtAEQGljQgY6AR63jgGtgOjZhcrgs0z1Ts9TtvZMXBWRAP 88Kw== X-Gm-Message-State: AOAM532xaHcuzNF/h1wngWfgg3EDRBZhK810qzGfWkwyfN3HGYVE7kwO J2vcI3Ffw1VVjebfXfOZN/fmKIf3rXYCfA== X-Google-Smtp-Source: ABdhPJzctPv1kPlOrqoQY+Y2serFEdAfuzHjEGzAsXi9B/y8LXc6+ySKMJO8A7bDUf8TSYgf8YTFUQ== X-Received: by 2002:a37:b847:: with SMTP id i68mr7084023qkf.212.1620350551253; Thu, 06 May 2021 18:22:31 -0700 (PDT) Received: from localhost.localdomain (pool-173-76-170-96.bstnma.fios.verizon.net. [173.76.170.96]) by smtp.gmail.com with ESMTPSA id m4sm4080194qtg.21.2021.05.06.18.22.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 18:22:30 -0700 (PDT) From: Flavio Fernandes To: dev@openvswitch.org Date: Thu, 6 May 2021 21:22:26 -0400 Message-Id: <20210507012226.1504699-1-flavio@flaviof.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v1 1/1] ovn-controller: Ensure br-int is using secure fail-mode X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" By default, OVS bridges use standalone fail-mode, which means it is configured with a single row with the NORMAL action as its OpenFlow table. Upon system reboot, an integration bridge with many ports and such a table could create broadcast storms and duplicate packets. That is why ovn-controller creates the integration bridge with secure fail-mode. Under that mode, the OpenFlow table remains empty until the controller populates it, which could happen many seconds after the bridge is operational. Unfortunately, the fail-mode setting was not being done if the bridge was already created by the time ovn-controller starts. This change fixes that and logs a warning should the fail-mode ever needed to be corrected. Reported-at: https://bugzilla.redhat.com/1957025 Signed-off-by: Flavio Fernandes --- controller/ovn-controller.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 6106a9661..e4cbf3583 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -401,6 +401,12 @@ process_br_int(struct ovsdb_idl_txn *ovs_idl_txn, ovs_table); if (!br_int) { br_int = create_br_int(ovs_idl_txn, ovs_table); + } else if (ovs_idl_txn) { + const char *fail_mode = br_int->fail_mode; + if (!fail_mode || strcmp(fail_mode, "secure")) { + ovsrec_bridge_set_fail_mode(br_int, "secure"); + VLOG_WARN("Integration bridge fail-mode set to secure."); + } } if (br_int && ovs_idl_txn) { const struct ovsrec_open_vswitch *cfg;