From patchwork Fri May 7 17:49:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flaviof X-Patchwork-Id: 1475632 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FcHyt6Zqxz9sXS for ; Sat, 8 May 2021 03:49:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 17DC384459; Fri, 7 May 2021 17:49:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38kL75m6Jqez; Fri, 7 May 2021 17:49:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTP id 5B3ED8439D; Fri, 7 May 2021 17:49:55 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2FEE4C000D; Fri, 7 May 2021 17:49:55 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id B2E28C0001 for ; Fri, 7 May 2021 17:49:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8E68B60730 for ; Fri, 7 May 2021 17:49:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azVVZbME1pKK for ; Fri, 7 May 2021 17:49:52 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-qt1-f181.google.com (mail-qt1-f181.google.com [209.85.160.181]) by smtp3.osuosl.org (Postfix) with ESMTPS id 9AFDA60695 for ; Fri, 7 May 2021 17:49:52 +0000 (UTC) Received: by mail-qt1-f181.google.com with SMTP id p6so7187551qtk.13 for ; Fri, 07 May 2021 10:49:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rc5PnO0ygQsLa26np7wy6Td5KmEkWevTHfWl160/a70=; b=KicOXSiTnXzWq+TBx7u1XKwYxgX7Tr45PxjpLMmDiRai/rBFLfSQMTsHZQMetsr5XU 19lPsbhSj3XNG6si/RldXu8QKaqn/3iKmXVA+5uJTdhQaNdZlFC4bv/SAO9f0xHwd/80 iZrvmhGyiRxKW55+NG87u2Q4wtzcw23s+AI+XQz488m4wD+LOxsJsB6X5tdELfzxrnY+ QKgAjmvIoavNuDl42JqiSkCApXMsUe5bFQCvHUgVisi899uIBOHP9sVBWcA3ny9kA5nd XmXj9KXMa/fRpFGnT89A7IkJt0EVWkrodNnoDBLPGQUPKx2aZIhEnlZGaoY3p8IN4lJA FjtQ== X-Gm-Message-State: AOAM530OAtoDF2rov4GS23tuQD3DLVlbJ8muLB6IZlk4VRwic/TOuVUV 2gVGlPjksoJujYAUrFHPSaPvupZHpotlbA== X-Google-Smtp-Source: ABdhPJz8ibbRl+9FtdBg9WYJHVRtZJm40YPMrvPelHsqy/xEuUcK9naMXS2qiyCFzkAEtnBLxjz/vA== X-Received: by 2002:ac8:744b:: with SMTP id h11mr10793323qtr.199.1620409791154; Fri, 07 May 2021 10:49:51 -0700 (PDT) Received: from localhost.localdomain (pool-173-76-170-96.bstnma.fios.verizon.net. [173.76.170.96]) by smtp.gmail.com with ESMTPSA id 129sm5301340qkn.44.2021.05.07.10.49.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 May 2021 10:49:50 -0700 (PDT) From: Flavio Fernandes To: dev@openvswitch.org Date: Fri, 7 May 2021 13:49:47 -0400 Message-Id: <20210507174947.1879798-1-flavio@flaviof.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v2 1/1] ovn-controller: Ensure br-int is using secure fail-mode X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" By default, OVS bridges use standalone fail-mode, which means it is configured with a single row with the NORMAL action as its OpenFlow table. Upon system reboot, an integration bridge with many ports and such a table could create broadcast storms and duplicate packets. That is why ovn-controller creates the integration bridge with secure fail-mode. Under that mode, the OpenFlow table remains empty until the controller populates it, which could happen many seconds after the bridge is operational. Unfortunately, the fail-mode setting was not being done if the bridge was already created by the time ovn-controller starts. This change fixes that and logs a warning should the fail-mode ever needed to be corrected. Reported-at: https://bugzilla.redhat.com/1957025 Signed-off-by: Flavio Fernandes Reviewed-by: Frode Nordahl --- v1->v2: Changes from code review. Thanks, Frode! controller/ovn-controller.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 6106a9661..d925522e1 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -413,6 +413,10 @@ process_br_int(struct ovsdb_idl_txn *ovs_idl_txn, if (datapath_type && strcmp(br_int->datapath_type, datapath_type)) { ovsrec_bridge_set_datapath_type(br_int, datapath_type); } + if (!br_int->fail_mode || strcmp(br_int->fail_mode, "secure")) { + ovsrec_bridge_set_fail_mode(br_int, "secure"); + VLOG_WARN("Integration bridge fail-mode changed to 'secure'."); + } } return br_int; }