From patchwork Thu May 27 22:26:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1484908 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=g9nPsgky; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Frj9J2TdKz9s24 for ; Fri, 28 May 2021 08:27:00 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 9A86040150; Thu, 27 May 2021 22:26:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfYosikQDQyD; Thu, 27 May 2021 22:26:57 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTP id CB55E404B6; Thu, 27 May 2021 22:26:56 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A108BC000E; Thu, 27 May 2021 22:26:56 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 227C0C0001 for ; Thu, 27 May 2021 22:26:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 5925760D4F for ; Thu, 27 May 2021 22:26:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NEr2rw3mDgA5 for ; Thu, 27 May 2021 22:26:54 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5C7A360D4E for ; Thu, 27 May 2021 22:26:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1622154413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ad8oYmbpfhMd6JfQpIkW4A96TkfLG8HhWgoTVUlHAJ4=; b=g9nPsgkyzZdhjMP5CmXIsIkwcePiYOVSIqxCL7KuEwQVfdYA6dto6Mb1ytt8nBJH98+uSz uwCKByVV93Fde3fxpHPJO3ywT11LirjdkRmyH2TRb0KDL0/zhy7fUWaSydfw/v8335ioc3 7za/T59cZ+nn0+Em8B5XjJCGuVcvGdU= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-227-qfsfEXwJPg-PEwJrlsEIRg-1; Thu, 27 May 2021 18:26:51 -0400 X-MC-Unique: qfsfEXwJPg-PEwJrlsEIRg-1 Received: by mail-ed1-f71.google.com with SMTP id cy15-20020a0564021c8fb029038d26976787so1064924edb.0 for ; Thu, 27 May 2021 15:26:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ad8oYmbpfhMd6JfQpIkW4A96TkfLG8HhWgoTVUlHAJ4=; b=s/6qmpBb9ng/JZvGGMEyWLRbPJI/E6CqTpD9Hz4KP+oH9g2FWNpBQpC615Baonen5/ f0zgdOSf/LTUgT2PoqFbphgC8mo7/d0uiaaHCpctNrt0BD0sTZhDWa5jS+QpqDVKsrFi 3HMe1rwCWkx8r5d230UEzWFTvO2YzNpniT0AzrwHO8r9n3/ZxbvJYl1S3f5kX83LbgIC XGW2w5ocqYXdQA4alBL2gL+ZC2thh3CJNol9sw/rwAhL8BCyMWuBLw2X48kJxW0L2Apq 544DwqVbs+mgTwPvAxzh6XRN/WduOCkJlAWekmVGad3OBUo2QbcsXrjU+b1hR/1jhCjq avKg== X-Gm-Message-State: AOAM530MPacoKqKzZmb7dxJXf/+85urqrRhN1TJWVeNp28LQuQiRlgu2 tZw2IDCM9qUMfls9svrvhZnU/GP4AmkJDgr5rshgdiZt+cQgQfsoJvrPFppBJsttgKXnuYU6ujL gQ8229RTdygj1EhPLh7P7Y5Ziith4NsTUDWmEjmAfcEX6JWE9iqTcmR/jCuHwlvPUvE0ttpq4XQ bBH2n6 X-Received: by 2002:aa7:d893:: with SMTP id u19mr6765961edq.258.1622154410190; Thu, 27 May 2021 15:26:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBvrN6MQYiiOISJVCPhX41LQH1Ns2K63JZyb0RuwklAklUdms4Yo/LYAKFqUA9N6kGgGyniQ== X-Received: by 2002:aa7:d893:: with SMTP id u19mr6765948edq.258.1622154409899; Thu, 27 May 2021 15:26:49 -0700 (PDT) Received: from lore-desk.redhat.com (net-2-44-34-39.cust.vodafonedsl.it. [2.44.34.39]) by smtp.gmail.com with ESMTPSA id yh21sm1669428ejb.124.2021.05.27.15.26.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 May 2021 15:26:49 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Fri, 28 May 2021 00:26:25 +0200 Message-Id: <715f0b4e909d621183ffa56f764600d626608404.1622154070.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v2 ovn 1/3] northd: introduce build_check_pkt_len_flows_for_lrp routine X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce build_check_pkt_len_flows_for_lrp routine to configure check_pkt_larger logical flow for a given logical port. This is a preliminary patch to enable check_pkt_larger support for gw router use case. Signed-off-by: Lorenzo Bianconi Acked-by: Mark Michelson --- northd/ovn-northd.c | 181 +++++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 86 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index c39d451ec..d849e6abc 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10413,6 +10413,99 @@ build_arp_resolve_flows_for_lrouter_port( } +static void +build_check_pkt_len_flows_for_lrp(struct ovn_port *op, + struct hmap *lflows, struct hmap *ports, + struct ds *match, struct ds *actions) +{ + int gw_mtu = 0; + + if (op->nbrp) { + gw_mtu = smap_get_int(&op->nbrp->options, "gateway_mtu", 0); + } + /* Add the flows only if gateway_mtu is configured. */ + if (gw_mtu <= 0) { + return; + } + + ds_clear(match); + ds_put_format(match, "outport == %s", op->json_key); + + ds_clear(actions); + ds_put_format(actions, + REGBIT_PKT_LARGER" = check_pkt_larger(%d);" + " next;", gw_mtu + VLAN_ETH_HEADER_LEN); + ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_CHK_PKT_LEN, 50, + ds_cstr(match), ds_cstr(actions), + &op->nbrp->header_); + + for (size_t i = 0; i < op->od->nbr->n_ports; i++) { + struct ovn_port *rp = ovn_port_find(ports, + op->od->nbr->ports[i]->name); + if (!rp || rp == op) { + continue; + } + + if (rp->lrp_networks.ipv4_addrs) { + ds_clear(match); + ds_put_format(match, "inport == %s && outport == %s" + " && ip4 && "REGBIT_PKT_LARGER, + rp->json_key, op->json_key); + + ds_clear(actions); + /* Set icmp4.frag_mtu to gw_mtu */ + ds_put_format(actions, + "icmp4_error {" + REGBIT_EGRESS_LOOPBACK" = 1; " + "eth.dst = %s; " + "ip4.dst = ip4.src; " + "ip4.src = %s; " + "ip.ttl = 255; " + "icmp4.type = 3; /* Destination Unreachable. */ " + "icmp4.code = 4; /* Frag Needed and DF was Set. */ " + "icmp4.frag_mtu = %d; " + "next(pipeline=ingress, table=%d); };", + rp->lrp_networks.ea_s, + rp->lrp_networks.ipv4_addrs[0].addr_s, + gw_mtu, + ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); + ovn_lflow_add_with_hint(lflows, op->od, + S_ROUTER_IN_LARGER_PKTS, 50, + ds_cstr(match), ds_cstr(actions), + &rp->nbrp->header_); + } + + if (rp->lrp_networks.ipv6_addrs) { + ds_clear(match); + ds_put_format(match, "inport == %s && outport == %s" + " && ip6 && "REGBIT_PKT_LARGER, + rp->json_key, op->json_key); + + ds_clear(actions); + /* Set icmp6.frag_mtu to gw_mtu */ + ds_put_format(actions, + "icmp6_error {" + REGBIT_EGRESS_LOOPBACK" = 1; " + "eth.dst = %s; " + "ip6.dst = ip6.src; " + "ip6.src = %s; " + "ip.ttl = 255; " + "icmp6.type = 2; /* Packet Too Big. */ " + "icmp6.code = 0; " + "icmp6.frag_mtu = %d; " + "next(pipeline=ingress, table=%d); };", + rp->lrp_networks.ea_s, + rp->lrp_networks.ipv6_addrs[0].addr_s, + gw_mtu, + ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); + ovn_lflow_add_with_hint(lflows, op->od, + S_ROUTER_IN_LARGER_PKTS, 50, + ds_cstr(match), ds_cstr(actions), + &rp->nbrp->header_); + } + } +} + /* Local router ingress table CHK_PKT_LEN: Check packet length. * * Any IPv4 packet with outport set to the distributed gateway @@ -10441,92 +10534,8 @@ build_check_pkt_len_flows_for_lrouter( "next;"); if (od->l3dgw_port && od->l3redirect_port) { - int gw_mtu = 0; - if (od->l3dgw_port->nbrp) { - gw_mtu = smap_get_int(&od->l3dgw_port->nbrp->options, - "gateway_mtu", 0); - } - /* Add the flows only if gateway_mtu is configured. */ - if (gw_mtu <= 0) { - return; - } - - ds_clear(match); - ds_put_format(match, "outport == %s", od->l3dgw_port->json_key); - - ds_clear(actions); - ds_put_format(actions, - REGBIT_PKT_LARGER" = check_pkt_larger(%d);" - " next;", gw_mtu + VLAN_ETH_HEADER_LEN); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 50, - ds_cstr(match), ds_cstr(actions), - &od->l3dgw_port->nbrp->header_); - - for (size_t i = 0; i < od->nbr->n_ports; i++) { - struct ovn_port *rp = ovn_port_find(ports, - od->nbr->ports[i]->name); - if (!rp || rp == od->l3dgw_port) { - continue; - } - - if (rp->lrp_networks.ipv4_addrs) { - ds_clear(match); - ds_put_format(match, "inport == %s && outport == %s" - " && ip4 && "REGBIT_PKT_LARGER, - rp->json_key, od->l3dgw_port->json_key); - - ds_clear(actions); - /* Set icmp4.frag_mtu to gw_mtu */ - ds_put_format(actions, - "icmp4_error {" - REGBIT_EGRESS_LOOPBACK" = 1; " - "eth.dst = %s; " - "ip4.dst = ip4.src; " - "ip4.src = %s; " - "ip.ttl = 255; " - "icmp4.type = 3; /* Destination Unreachable. */ " - "icmp4.code = 4; /* Frag Needed and DF was Set. */ " - "icmp4.frag_mtu = %d; " - "next(pipeline=ingress, table=%d); };", - rp->lrp_networks.ea_s, - rp->lrp_networks.ipv4_addrs[0].addr_s, - gw_mtu, - ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); - ovn_lflow_add_with_hint(lflows, od, - S_ROUTER_IN_LARGER_PKTS, 50, - ds_cstr(match), ds_cstr(actions), - &rp->nbrp->header_); - } - - if (rp->lrp_networks.ipv6_addrs) { - ds_clear(match); - ds_put_format(match, "inport == %s && outport == %s" - " && ip6 && "REGBIT_PKT_LARGER, - rp->json_key, od->l3dgw_port->json_key); - - ds_clear(actions); - /* Set icmp6.frag_mtu to gw_mtu */ - ds_put_format(actions, - "icmp6_error {" - REGBIT_EGRESS_LOOPBACK" = 1; " - "eth.dst = %s; " - "ip6.dst = ip6.src; " - "ip6.src = %s; " - "ip.ttl = 255; " - "icmp6.type = 2; /* Packet Too Big. */ " - "icmp6.code = 0; " - "icmp6.frag_mtu = %d; " - "next(pipeline=ingress, table=%d); };", - rp->lrp_networks.ea_s, - rp->lrp_networks.ipv6_addrs[0].addr_s, - gw_mtu, - ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); - ovn_lflow_add_with_hint(lflows, od, - S_ROUTER_IN_LARGER_PKTS, 50, - ds_cstr(match), ds_cstr(actions), - &rp->nbrp->header_); - } - } + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, + ports, match, actions); } } } From patchwork Thu May 27 22:26:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1484910 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=EgS7KHph; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Frj9W1SfDz9s24 for ; Fri, 28 May 2021 08:27:11 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id ABB9460D70; Thu, 27 May 2021 22:27:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffFG2ns8g8lr; Thu, 27 May 2021 22:27:08 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTP id 4565760D69; Thu, 27 May 2021 22:27:07 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 147A6C0019; Thu, 27 May 2021 22:27:07 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 23BD5C001C for ; Thu, 27 May 2021 22:27:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id D04D860D51 for ; Thu, 27 May 2021 22:27:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tdy1-Sv810kj for ; Thu, 27 May 2021 22:27:01 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 98D8D60D56 for ; Thu, 27 May 2021 22:27:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1622154420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6OL+akid+zv0t/Ngu04dxOyx0Gh6keajBVXPuF4+klg=; b=EgS7KHphfFVG6G1Goex+UULmEbEx1glqf8HUOzKfe5y/2yJXmOmBY3TtdtmajDwzSi0ezk A5erJId7H8/WrMAbIhQuvTnPaNQzWuBgn8JTwRVrn2hYU97ci6Pva7DTN4x9Ad8OKHRZnq s5Q2qfkKwcduXrqzkvQalIh/Ia2krwU= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-336-VYX59_Y_PGuzgRKvXos1ZQ-1; Thu, 27 May 2021 18:26:53 -0400 X-MC-Unique: VYX59_Y_PGuzgRKvXos1ZQ-1 Received: by mail-ed1-f72.google.com with SMTP id n6-20020a0564020606b029038cdc241890so1015012edv.20 for ; Thu, 27 May 2021 15:26:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6OL+akid+zv0t/Ngu04dxOyx0Gh6keajBVXPuF4+klg=; b=AesVDtxJqsO1JULAwUnbhkw/AvB1oXu1fLbE852Xi+HLS/06Ngyxc+U7V5slYSIkRL gK7uHUIjEuysAgDzko9ZZoETZhQctrSautSYqqC7MgcYzOG3WqKAtSkw7TQx9CsIW3cV 0zzh7ryGo8SlSAQEgbKLFGTHdxsolIfoAWCViSnji1K2zi6vWdMqzJ+28UD1m3VwZQi0 oX54KOlWpcQ7zGRrXN0jKXz1U6OAFDSz92BcoiLE9xVxREFwQlIF8KKwc9166rBNT/eC 6zHrTG28I7LEAPAH/IUaHy8YKUK4q7cKrR2yTlEybBay3Vcbwby9GYeVX6vIBxnrajwZ ijrQ== X-Gm-Message-State: AOAM533UpT5/GnYgvPegMTba2ZfskgW55wQ/3neKol37ELoLmc/BNA2B b+0HPRaXOhyAIDC+fHWeBsfcXbUHOXU3iCNOn6KmcDTy1bTF75PX7VOPKpkA8V462uqKAh3cxHU qJBRGKcLVBGzyHG7gSvOITSkXUyxRAnTUBA/bvdYVqKa51uBrU7wMzWSV9wE5dmVXb3pgK0+/wr 9V0SUZ X-Received: by 2002:a05:6402:184e:: with SMTP id v14mr4493264edy.43.1622154411612; Thu, 27 May 2021 15:26:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw2FrUEJxm+Nv6sIfKhvDaPEv5QiLWRyzadGKswl3njtAy6mBZJiVz4TGcyT+uAmU74+rVNCw== X-Received: by 2002:a05:6402:184e:: with SMTP id v14mr4493248edy.43.1622154411298; Thu, 27 May 2021 15:26:51 -0700 (PDT) Received: from lore-desk.redhat.com (net-2-44-34-39.cust.vodafonedsl.it. [2.44.34.39]) by smtp.gmail.com with ESMTPSA id yh21sm1669428ejb.124.2021.05.27.15.26.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 May 2021 15:26:50 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Fri, 28 May 2021 00:26:26 +0200 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v2 ovn 2/3] northd: enable check_pkt_larger for gw router X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" As it is already done for distributed gw router scenario, introduce check_pkt_larger logical flows for gw router use case. Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 31 ++++-- tests/ovn.at | 238 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 260 insertions(+), 9 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index d849e6abc..2269f0185 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10525,17 +10525,30 @@ build_check_pkt_len_flows_for_lrouter( struct hmap *ports, struct ds *match, struct ds *actions) { - if (od->nbr) { + if (!od->nbr) { + return; + } - /* Packets are allowed by default. */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", - "next;"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", - "next;"); + /* Packets are allowed by default. */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", + "next;"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", + "next;"); - if (od->l3dgw_port && od->l3redirect_port) { - build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, - ports, match, actions); + if (od->l3dgw_port && od->l3redirect_port) { + /* gw router port */ + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, + ports, match, actions); + } else if (smap_get(&od->nbr->options, "chassis")) { + for (size_t i = 0; i < od->nbr->n_ports; i++) { + /* gw router */ + struct ovn_port *rp = ovn_port_find(ports, + od->nbr->ports[i]->name); + if (!rp) { + continue; + } + build_check_pkt_len_flows_for_lrp(rp, lflows, ports, match, + actions); } } } diff --git a/tests/ovn.at b/tests/ovn.at index 71d2bab4d..7ad0dcb54 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -16412,6 +16412,244 @@ OVN_CLEANUP([hv1]) AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- gw router - check packet length - icmp defrag]) +AT_KEYWORDS([gwr-check_packet_length]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 10.0.0.3 1000::3" + +ovn-nbctl create Logical_Router name=lr0 options:chassis="hv1" +ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24 1000::1/64 +ovn-nbctl lsp-add sw0 sw0-lr0 +ovn-nbctl lsp-set-type sw0-lr0 router +ovn-nbctl lsp-set-addresses sw0-lr0 router +ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0 + +ovn-nbctl ls-add public +ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24 2000::1/64 +ovn-nbctl lsp-add public public-lr0 +ovn-nbctl lsp-set-type public-lr0 router +ovn-nbctl lsp-set-addresses public-lr0 router +ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public + +# localnet port +ovn-nbctl lsp-add public ln-public +ovn-nbctl lsp-set-type ln-public localnet +ovn-nbctl lsp-set-addresses ln-public unknown +ovn-nbctl lsp-set-options ln-public network_name=phys + +ovn-nbctl lr-nat-add lr0 snat 172.168.0.100 10.0.0.0/24 +ovn-nbctl lr-nat-add lr0 snat 2000::1 1000::/64 + +net_add n1 + +sim_add hv1 +as hv1 +ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 +ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +ovs-vsctl -- add-port br-int hv1-vif1 -- \ + set interface hv1-vif1 external-ids:iface-id=sw0-port1 \ + options:tx_pcap=hv1/vif1-tx.pcap \ + options:rxq_pcap=hv1/vif1-rx.pcap \ + ofport-request=1 + +reset_pcap_file() { + local iface=$1 + local pcap_file=$2 + ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \ + options:rxq_pcap=dummy-rx.pcap + rm -f ${pcap_file}*.pcap + ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \ + options:rxq_pcap=${pcap_file}-rx.pcap +} + +test_ip_packet_larger() { + local mtu=$1 + + # Send ip packet from sw0-port1 to outside + src_mac="505400000001" # sw-port1 mac + dst_mac="00000000ff01" # sw0-lr0 mac (internal router leg) + src_ip=`ip_to_hex 10 0 0 3` + dst_ip=`ip_to_hex 172 168 0 3` + # Set the packet length to 118. + pkt_len=0076 + packet=${dst_mac}${src_mac}08004500${pkt_len}000000004001c3d9 + orig_packet_l3=${src_ip}${dst_ip}0304000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + + packet=${packet}${orig_packet_l3} + + gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064 + + packet_bytes=$(expr ${#packet} / 2) + mtu_needed=$(expr ${packet_bytes} - 18) + + # If icmp_pmtu_reply_expected is 0, it means the packet is lesser than + # the gateway mtu and should be delivered to the provider bridge via the + # localnet port. + # If icmp_pmtu_reply_expected is 1, it means the packet is larger than + # the gateway mtu and ovn-controller should drop the packet and instead + # generate ICMPv4 Destination Unreachable message with pmtu set to 100. + if test $mtu -ge $mtu_needed; then + # Packet to expect at br-phys. + src_mac="000020201213" + dst_mac="00000012af11" + src_ip=`ip_to_hex 10 0 0 3` + dst_ip=`ip_to_hex 172 168 0 3` + expected=${dst_mac}${src_mac}08004500${pkt_len}000000003f01c4d9 + expected=${expected}${src_ip}${dst_ip}0304000000000000 + expected=${expected}000000000000000000000000000000000000 + expected=${expected}000000000000000000000000000000000000 + expected=${expected}000000000000000000000000000000000000 + expected=${expected}000000000000000000000000000000000000 + expected=${expected}000000000000000000000000000000000000 + echo $expected > br_phys_n1.expected + echo $gw_ip_garp >> br_phys_n1.expected + else + src_ip=`ip_to_hex 10 0 0 1` + dst_ip=`ip_to_hex 10 0 0 3` + # pkt len should be 146 (28 (icmp packet) + 118 (orig ip + payload)) + reply_pkt_len=0092 + ip_csum=f993 + icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe016867 + icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf "%04x" $mtu) + icmp_reply=${icmp_reply}4500${pkt_len}000000003f01c4d9 + icmp_reply=${icmp_reply}${orig_packet_l3} + echo $icmp_reply > hv1-vif1.expected + fi + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + # Send packet from sw0-port1 to outside + check as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet + + if test $mtu -ge $mtu_needed; then + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br_phys_n1.expected]) + $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > pkts + # hv1/vif1-tx.pcap can receive the GARP packet generated by ovn-controller + # for the gateway router port. So ignore this packet. + cat pkts | grep -v $gw_ip_garp > packets + AT_CHECK([cat packets], [0], []) + else + OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [hv1-vif1.expected]) + $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap > \ + pkts + # hv1/br-phys_n1-tx.pcap can receive the GARP packet generated by ovn-controller + # for the gateway router port. So ignore this packet. + cat pkts | grep -v $gw_ip_garp > packets + AT_CHECK([cat packets], [0], []) + fi +} + +test_ip6_packet_larger() { + local mtu=$1 + + local eth_src=505400000001 + local eth_dst=00000000ff01 + + local ipv6_src=10000000000000000000000000000003 + local ipv6_dst=20000000000000000000000000000002 + local ipv6_rt=10000000000000000000000000000001 + + local payload=0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + + local ip6_hdr=6000000000583aff${ipv6_src}${ipv6_dst} + local packet=${eth_dst}${eth_src}86dd${ip6_hdr}8000ec7662f00001${payload} + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + # Send packet from sw0-port1 to outside + tcpdump_hex ">> sending packet:" $packet + check as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet + AT_CHECK([as hv1 ovs-appctl ofproto/trace br-int in_port=hv1-vif1 $packet > trace-$mtu], + [0], [ignore]) + AT_CAPTURE_FILE([trace-$mtu]) + + packet_bytes=$(expr ${#packet} / 2) + mtu_needed=$(expr ${packet_bytes} - 18) + if test $mtu -lt $mtu_needed; then + # First construct the inner IPv6 packet. + inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst} + inner_icmp6=8000000062f00001 + inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload} ${inner_ip6}) + inner_packet=${inner_ip6}${inner_icmp6_and_payload} + + # Then the outer. + outer_ip6=6000000000883afe${ipv6_rt}${ipv6_src} + outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf "%04x" $mtu)${inner_packet} $outer_ip6) + outer_packet=${outer_ip6}${outer_icmp6_and_payload} + + icmp6_reply=${eth_src}${eth_dst}86dd${outer_packet} + + echo + tcpdump_hex ">> expecting reply packet" $icmp6_reply + + # The "trace" above sends a second packets as a side effect. + (echo $icmp6_reply; echo $icmp6_reply) > hv1-vif1.expected + + OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [hv1-vif1.expected]) + fi +} + +wait_for_ports_up +ovn-nbctl --wait=hv sync + +ovn-nbctl show > nbdump +AT_CAPTURE_FILE([nbdump]) + +ovn-sbctl show > sbdump +AT_CAPTURE_FILE([sbdump]) + +ovn-sbctl dump-flows > sbflows +AT_CAPTURE_FILE([sbflows]) + +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int \ +| grep "check_pkt_larger" | wc -l], [0], [[0 +]]) +dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \ +awk '{print $3}') +ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \ +logical_port=lr0-public mac="00\:00\:00\:12\:af\:11" + +# Try different gateway mtus and send a 142-byte packet (corresponding +# to a 124-byte MTU). If the MTU is less than 124, ovn-controller +# should send icmp host not reachable with pmtu set to $mtu. +for mtu in 100 500 118; do + AS_BOX([testing mtu $mtu]) + check ovn-nbctl --wait=hv set logical_router_port lr0-public options:gateway_mtu=$mtu + ovn-sbctl dump-flows > sbflows-$mtu + AT_CAPTURE_FILE([sbflows-$mtu]) + + OVS_WAIT_FOR_OUTPUT([ + as hv1 ovs-ofctl dump-flows br-int > br-int-flows-$mtu + AT_CAPTURE_FILE([br-int-flows-$mtu]) + grep "check_pkt_larger($(expr $mtu + 18))" br-int-flows-$mtu | wc -l], [0], [1 +]) + + AS_BOX([testing mtu $mtu - IPv4]) + test_ip_packet_larger $mtu + + AS_BOX([testing mtu $mtu - IPv6]) + test_ip6_packet_larger $mtu +done + +OVN_CLEANUP([hv1]) +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn -- IP packet buffering]) AT_KEYWORDS([ip-buffering]) From patchwork Thu May 27 22:26:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1484909 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=H+87Ng63; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Frj9R1lxXz9s24 for ; Fri, 28 May 2021 08:27:07 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 6238B60D65; Thu, 27 May 2021 22:27:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdm1hls7p_wL; Thu, 27 May 2021 22:27:03 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTP id F380660D56; Thu, 27 May 2021 22:27:02 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id CDFA7C000E; Thu, 27 May 2021 22:27:02 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0F49AC000E for ; Thu, 27 May 2021 22:27:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 13C7E40E6E for ; Thu, 27 May 2021 22:27:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SB_ncvvyG7cC for ; Thu, 27 May 2021 22:26:58 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0313040E77 for ; Thu, 27 May 2021 22:26:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1622154416; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nea04v6XVH9losv5PgBSejSIE983qS7G+uioVx+h/1o=; b=H+87Ng63C5hFNjs7FWzBYQ//1s/Ui5yVBg69YRGvWM4YRt7w3iS/7K7GBFW2ccbFOLV3ye C22catmMRFy06g+ebISNF3TKX64nfezjvRirEOvQk+1oJxgTYCFEwf4wC7lrVyUlSjzu+r 1IqTwVLYbRdNno0PQIX0iyOos5+JPS8= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-593-eb2mZdGPMsCAAaHhtsKdaA-1; Thu, 27 May 2021 18:26:55 -0400 X-MC-Unique: eb2mZdGPMsCAAaHhtsKdaA-1 Received: by mail-ed1-f71.google.com with SMTP id da10-20020a056402176ab029038f0fea1f51so1031289edb.13 for ; Thu, 27 May 2021 15:26:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Nea04v6XVH9losv5PgBSejSIE983qS7G+uioVx+h/1o=; b=h9aRxcgF31yE4lPoJh5br3xoLzEriMK/wzxlODP+zuIrQlO5JMULEQlR4Txc8KExFz 87nKNkbLTau41V3yXkC+5ysNjOam5tuY/oUFgX3ayAlSygYrF/82CHiKOCkyl78HhIyY IVjs8lUq81mDkv1CRffSaFhTC3YU8gUulz2O5Mwe8oP3PSil+GacVZfGjpM0ZN04SfqY Zy1KTINXw/ulMIIxaCFtsRqEef5cHdcv5NLyLYyt8E+B/FWOZqA/3foBsHP7o/RuJQPk bIz8EtM+Hr2+PPD44N85p5l9uDbgDiqLRbYHo7E/t/iFltc4DZB5zrvGYnBgFyyqu3u2 24sg== X-Gm-Message-State: AOAM531mFI2N2BlSGxSMqn0bOTEWRXYF04ZLftRYCs6yAb6nF8VMIuIw A3c4BEf9gjcr/EMirEnSMwIMZ+wsw78BcB9SmgIyHYsdzsxTk501u5wJQGYZHLuNK4u8u3+J0g2 DgOTHTLjBW4v7OA5vvIdPzImUnkiVCRkh2eMUDyn3/uIuGcIIUGr44YX9vAJDQe9I75wzE6hCrM 5hIf20 X-Received: by 2002:a17:906:840c:: with SMTP id n12mr6132696ejx.431.1622154413497; Thu, 27 May 2021 15:26:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQlcvs8JD7hTeJc7BhdaSYbEAUQYW2nSEAwM2hxVyCAPVvxxoiURxtyoYeQfCZ4/krQ5znBw== X-Received: by 2002:a17:906:840c:: with SMTP id n12mr6132675ejx.431.1622154413090; Thu, 27 May 2021 15:26:53 -0700 (PDT) Received: from lore-desk.redhat.com (net-2-44-34-39.cust.vodafonedsl.it. [2.44.34.39]) by smtp.gmail.com with ESMTPSA id yh21sm1669428ejb.124.2021.05.27.15.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 May 2021 15:26:52 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Fri, 28 May 2021 00:26:27 +0200 Message-Id: <78e9f7299f47f2add61b6d083aa5bc1adc907fb6.1622154070.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v2 ovn 3/3] northd: add check_pkt_larger lflows for ingress traffic X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce check_pkt_larger action for ingress traffic entering the cluster from a distributed gw router port or from a gw router. This patch enables pMTU discovery for ingress traffic. Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 166 ++++++++++++++++++------------- tests/ovn.at | 234 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 326 insertions(+), 74 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 2269f0185..77b482081 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -9492,6 +9492,10 @@ build_adm_ctrl_flows_for_lrouter( } } +static void +build_check_pkt_len_action_string(struct ovn_port *op, int *pmtu, + struct ds **actions); + /* Logical router ingress Table 0: L2 Admission Control * This table drops packets that the router shouldn’t see at all based * on their Ethernet headers. @@ -9519,6 +9523,9 @@ build_adm_ctrl_flows_for_lrouter_port( * the pipeline. */ ds_clear(actions); + + int gw_mtu; + build_check_pkt_len_action_string(op, &gw_mtu, &actions); ds_put_format(actions, REG_INPORT_ETH_ADDR " = %s; next;", op->lrp_networks.ea_s); @@ -10413,32 +10420,108 @@ build_arp_resolve_flows_for_lrouter_port( } +static void +build_icmperr_pkt_big_flows(struct ovn_port *op, int mtu, struct hmap *lflows, + struct ds *match, struct ds *actions, + enum ovn_stage stage) +{ + if (op->lrp_networks.ipv4_addrs) { + ds_clear(match); + ds_put_format(match, + "inport == %s && ip4 && "REGBIT_PKT_LARGER + " && !"REGBIT_EGRESS_LOOPBACK, op->json_key); + + ds_clear(actions); + /* Set icmp4.frag_mtu to gw_mtu */ + ds_put_format(actions, + "icmp4_error {" + REGBIT_EGRESS_LOOPBACK" = 1; " + REGBIT_PKT_LARGER" = 0; " + "eth.dst = %s; " + "ip4.dst = ip4.src; " + "ip4.src = %s; " + "ip.ttl = 255; " + "icmp4.type = 3; /* Destination Unreachable. */ " + "icmp4.code = 4; /* Frag Needed and DF was Set. */ " + "icmp4.frag_mtu = %d; " + "next(pipeline=ingress, table=%d); };", + op->lrp_networks.ea_s, + op->lrp_networks.ipv4_addrs[0].addr_s, + mtu, ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); + ovn_lflow_add_with_hint(lflows, op->od, stage, 150, + ds_cstr(match), ds_cstr(actions), + &op->nbrp->header_); + } + + if (op->lrp_networks.ipv6_addrs) { + ds_clear(match); + ds_put_format(match, "inport == %s&& ip6 && "REGBIT_PKT_LARGER + " && !"REGBIT_EGRESS_LOOPBACK, op->json_key); + + ds_clear(actions); + /* Set icmp6.frag_mtu to gw_mtu */ + ds_put_format(actions, + "icmp6_error {" + REGBIT_EGRESS_LOOPBACK" = 1; " + REGBIT_PKT_LARGER" = 0; " + "eth.dst = %s; " + "ip6.dst = ip6.src; " + "ip6.src = %s; " + "ip.ttl = 255; " + "icmp6.type = 2; /* Packet Too Big. */ " + "icmp6.code = 0; " + "icmp6.frag_mtu = %d; " + "next(pipeline=ingress, table=%d); };", + op->lrp_networks.ea_s, + op->lrp_networks.ipv6_addrs[0].addr_s, + mtu, ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); + ovn_lflow_add_with_hint(lflows, op->od, stage, 150, + ds_cstr(match), ds_cstr(actions), + &op->nbrp->header_); + } +} + +static void +build_check_pkt_len_action_string(struct ovn_port *op, int *pmtu, + struct ds **actions) +{ + int gw_mtu = smap_get_int(&op->nbrp->options, "gateway_mtu", 0); + + if (gw_mtu > 0) { + /* Add the flows only if gateway_mtu is configured. */ + ds_put_format(*actions, + REGBIT_PKT_LARGER" = check_pkt_larger(%d); ", + gw_mtu + VLAN_ETH_HEADER_LEN); + } + *pmtu = gw_mtu; +} + static void build_check_pkt_len_flows_for_lrp(struct ovn_port *op, struct hmap *lflows, struct hmap *ports, struct ds *match, struct ds *actions) { - int gw_mtu = 0; + int gw_mtu; - if (op->nbrp) { - gw_mtu = smap_get_int(&op->nbrp->options, "gateway_mtu", 0); - } - /* Add the flows only if gateway_mtu is configured. */ + ds_clear(actions); + build_check_pkt_len_action_string(op, &gw_mtu, &actions); if (gw_mtu <= 0) { return; } + ds_put_format(actions, "next;"); + ds_clear(match); ds_put_format(match, "outport == %s", op->json_key); - ds_clear(actions); - ds_put_format(actions, - REGBIT_PKT_LARGER" = check_pkt_larger(%d);" - " next;", gw_mtu + VLAN_ETH_HEADER_LEN); ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_CHK_PKT_LEN, 50, ds_cstr(match), ds_cstr(actions), &op->nbrp->header_); + /* ingress traffic */ + build_icmperr_pkt_big_flows(op, gw_mtu, lflows, match, actions, + S_ROUTER_IN_IP_INPUT); + for (size_t i = 0; i < op->od->nbr->n_ports; i++) { struct ovn_port *rp = ovn_port_find(ports, op->od->nbr->ports[i]->name); @@ -10446,63 +10529,9 @@ build_check_pkt_len_flows_for_lrp(struct ovn_port *op, continue; } - if (rp->lrp_networks.ipv4_addrs) { - ds_clear(match); - ds_put_format(match, "inport == %s && outport == %s" - " && ip4 && "REGBIT_PKT_LARGER, - rp->json_key, op->json_key); - - ds_clear(actions); - /* Set icmp4.frag_mtu to gw_mtu */ - ds_put_format(actions, - "icmp4_error {" - REGBIT_EGRESS_LOOPBACK" = 1; " - "eth.dst = %s; " - "ip4.dst = ip4.src; " - "ip4.src = %s; " - "ip.ttl = 255; " - "icmp4.type = 3; /* Destination Unreachable. */ " - "icmp4.code = 4; /* Frag Needed and DF was Set. */ " - "icmp4.frag_mtu = %d; " - "next(pipeline=ingress, table=%d); };", - rp->lrp_networks.ea_s, - rp->lrp_networks.ipv4_addrs[0].addr_s, - gw_mtu, - ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_LARGER_PKTS, 50, - ds_cstr(match), ds_cstr(actions), - &rp->nbrp->header_); - } - - if (rp->lrp_networks.ipv6_addrs) { - ds_clear(match); - ds_put_format(match, "inport == %s && outport == %s" - " && ip6 && "REGBIT_PKT_LARGER, - rp->json_key, op->json_key); - - ds_clear(actions); - /* Set icmp6.frag_mtu to gw_mtu */ - ds_put_format(actions, - "icmp6_error {" - REGBIT_EGRESS_LOOPBACK" = 1; " - "eth.dst = %s; " - "ip6.dst = ip6.src; " - "ip6.src = %s; " - "ip.ttl = 255; " - "icmp6.type = 2; /* Packet Too Big. */ " - "icmp6.code = 0; " - "icmp6.frag_mtu = %d; " - "next(pipeline=ingress, table=%d); };", - rp->lrp_networks.ea_s, - rp->lrp_networks.ipv6_addrs[0].addr_s, - gw_mtu, - ovn_stage_get_table(S_ROUTER_IN_ADMISSION)); - ovn_lflow_add_with_hint(lflows, op->od, - S_ROUTER_IN_LARGER_PKTS, 50, - ds_cstr(match), ds_cstr(actions), - &rp->nbrp->header_); - } + /* egress traffic */ + build_icmperr_pkt_big_flows(rp, gw_mtu, lflows, match, actions, + S_ROUTER_IN_LARGER_PKTS); } } @@ -11570,8 +11599,11 @@ build_lrouter_ingress_flow(struct hmap *lflows, struct ovn_datapath *od, * down in the pipeline. */ ds_clear(actions); + + int gw_mtu; + build_check_pkt_len_action_string(od->l3dgw_port, &gw_mtu, &actions); ds_put_format(actions, REG_INPORT_ETH_ADDR " = %s; next;", - od->l3dgw_port->lrp_networks.ea_s); + od->l3dgw_port->lrp_networks.ea_s); ds_clear(match); ds_put_format(match, diff --git a/tests/ovn.at b/tests/ovn.at index 7ad0dcb54..39189219c 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -16312,6 +16312,52 @@ test_ip_packet_larger() { fi } +test_ip_packet_larger_ext() { + local mtu=$1 + + # Send ip packet from sw0-port1 to outside + src_mac="00000012af11" # external mac + dst_mac="000020201213" # lr0-public mac + src_ip=`ip_to_hex 172 168 0 4` + dst_ip=`ip_to_hex 172 168 0 100` + # Set the packet length to 118. + pkt_len=0076 + packet=${dst_mac}${src_mac}08004500${pkt_len}00000000400120cf + orig_packet_l3=${src_ip}${dst_ip}0900000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + packet=${packet}${orig_packet_l3} + + gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064 + ext_ip_garp=ffffffffffff00000012af110806000108000604000100000012af11aca80004000000000000aca80004 + + src_ip=`ip_to_hex 172 168 0 100` + dst_ip=`ip_to_hex 172 168 0 4` + # pkt len should be 146 (28 (icmp packet) + 118 (orig ip + payload)) + reply_pkt_len=0092 + ip_csum=f397 + icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe0122b2 + icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf "%04x" $mtu) + icmp_reply=${icmp_reply}4500${pkt_len}00000000400120cf + icmp_reply=${icmp_reply}${orig_packet_l3} + echo $icmp_reply > br-phys_n1.expected + + echo $gw_ip_garp >> br-phys_n1.expected + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $ext_ip_garp + sleep 1 + # Send packet from sw0-port1 to outside + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet + + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected]) +} + test_ip6_packet_larger() { local mtu=$1 @@ -16327,7 +16373,7 @@ test_ip6_packet_larger() { local payload=${payload}0000000000000000000000000000000000000000 local payload=${payload}0000000000000000000000000000000000000000 - local ip6_hdr=6000000000583aff${ipv6_src}${ipv6_dst} + local ip6_hdr=6000000000583afe${ipv6_src}${ipv6_dst} local packet=${eth_dst}${eth_src}86dd${ip6_hdr}8000ec7662f00001${payload} as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 @@ -16344,11 +16390,11 @@ test_ip6_packet_larger() { mtu_needed=$(expr ${packet_bytes} - 18) if test $mtu -lt $mtu_needed; then # First construct the inner IPv6 packet. - inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst} + inner_ip6=6000000000583afd${ipv6_src}${ipv6_dst} inner_icmp6=8000000062f00001 inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload} ${inner_ip6}) inner_packet=${inner_ip6}${inner_icmp6_and_payload} - + # Then the outer. outer_ip6=6000000000883afe${ipv6_rt}${ipv6_src} outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf "%04x" $mtu)${inner_packet} $outer_ip6) @@ -16366,6 +16412,53 @@ test_ip6_packet_larger() { fi } +test_ip6_packet_larger_ext() { + local mtu=$1 + + local eth_src=00000012af11 + local eth_dst=000020201213 + + local ipv6_src=20000000000000000000000000000004 + local ipv6_dst=20000000000000000000000000000001 + + local payload=0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + + local ip6_hdr=6000000000583afe${ipv6_src}${ipv6_dst} + local packet=${eth_dst}${eth_src}86dd${ip6_hdr}9000cc7662f00001${payload} + + local ns=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064 + echo $ns > br-phys_n1.expected + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + local na_ip6_hdr=6000000000203aff${ipv6_src}${ipv6_dst} + local na=${eth_dst}${eth_src}86dd${na_ip6_hdr}8800d78440000000${ipv6_src}0201${eth_src} + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $na + sleep 1 + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet + AT_CAPTURE_FILE([trace-$mtu]) + + # First construct the inner IPv6 packet. + inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst} + inner_icmp6=9000000062f00001 + inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload} ${inner_ip6}) + inner_packet=${inner_ip6}${inner_icmp6_and_payload} + + # Then the outer. + outer_ip6=6000000000883afe${ipv6_dst}${ipv6_src} + outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf "%04x" $mtu)${inner_packet} $outer_ip6) + outer_packet=${outer_ip6}${outer_icmp6_and_payload} + + icmp6_reply=${eth_src}${eth_dst}86dd${outer_packet} + echo $icmp6_reply >> br-phys_n1.expected + + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected]) +} + wait_for_ports_up ovn-nbctl --wait=hv sync @@ -16398,7 +16491,7 @@ for mtu in 100 500 118; do OVS_WAIT_FOR_OUTPUT([ as hv1 ovs-ofctl dump-flows br-int > br-int-flows-$mtu AT_CAPTURE_FILE([br-int-flows-$mtu]) - grep "check_pkt_larger($(expr $mtu + 18))" br-int-flows-$mtu | wc -l], [0], [1 + grep "check_pkt_larger($(expr $mtu + 18))" br-int-flows-$mtu | wc -l], [0], [3 ]) AS_BOX([testing mtu $mtu - IPv4]) @@ -16408,6 +16501,23 @@ for mtu in 100 500 118; do test_ip6_packet_larger $mtu done +AS_BOX([testing mtu $mtu]) +check ovn-nbctl --wait=hv set logical_router_port lr0-public options:gateway_mtu=100 +ovn-sbctl dump-flows > ext-sbflows-100 +AT_CAPTURE_FILE([ext-sbflows-$mtu]) + +OVS_WAIT_FOR_OUTPUT([ + as hv1 ovs-ofctl dump-flows br-int > ext-br-int-flows-100 + AT_CAPTURE_FILE([ext-br-int-flows-100]) + grep "check_pkt_larger(118)" ext-br-int-flows-100 | wc -l], [0], [3 +]) + +AS_BOX([testing ext mtu 100 - IPv4]) +test_ip_packet_larger_ext 100 + +AS_BOX([testing mtu 100 - IPv6]) +test_ip6_packet_larger_ext 100 + OVN_CLEANUP([hv1]) AT_CLEANUP ]) @@ -16550,6 +16660,52 @@ test_ip_packet_larger() { fi } +test_ip_packet_larger_ext() { + local mtu=$1 + + # Send ip packet from sw0-port1 to outside + src_mac="00000012af11" # external mac + dst_mac="000020201213" # lr0-public mac + src_ip=`ip_to_hex 172 168 0 4` + dst_ip=`ip_to_hex 172 168 0 100` + # Set the packet length to 118. + pkt_len=0076 + packet=${dst_mac}${src_mac}08004500${pkt_len}00000000400120cf + orig_packet_l3=${src_ip}${dst_ip}0900000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000 + packet=${packet}${orig_packet_l3} + + gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064 + ext_ip_garp=ffffffffffff00000012af110806000108000604000100000012af11aca80004000000000000aca80004 + + src_ip=`ip_to_hex 172 168 0 100` + dst_ip=`ip_to_hex 172 168 0 4` + # pkt len should be 146 (28 (icmp packet) + 118 (orig ip + payload)) + reply_pkt_len=0092 + ip_csum=f397 + icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe0122b2 + icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf "%04x" $mtu) + icmp_reply=${icmp_reply}4500${pkt_len}00000000400120cf + icmp_reply=${icmp_reply}${orig_packet_l3} + echo $icmp_reply > br-phys_n1.expected + + echo $gw_ip_garp >> br-phys_n1.expected + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $ext_ip_garp + sleep 1 + # Send packet from sw0-port1 to outside + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet + + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected]) +} + test_ip6_packet_larger() { local mtu=$1 @@ -16565,7 +16721,7 @@ test_ip6_packet_larger() { local payload=${payload}0000000000000000000000000000000000000000 local payload=${payload}0000000000000000000000000000000000000000 - local ip6_hdr=6000000000583aff${ipv6_src}${ipv6_dst} + local ip6_hdr=6000000000583afe${ipv6_src}${ipv6_dst} local packet=${eth_dst}${eth_src}86dd${ip6_hdr}8000ec7662f00001${payload} as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 @@ -16582,7 +16738,7 @@ test_ip6_packet_larger() { mtu_needed=$(expr ${packet_bytes} - 18) if test $mtu -lt $mtu_needed; then # First construct the inner IPv6 packet. - inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst} + inner_ip6=6000000000583afd${ipv6_src}${ipv6_dst} inner_icmp6=8000000062f00001 inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload} ${inner_ip6}) inner_packet=${inner_ip6}${inner_icmp6_and_payload} @@ -16604,6 +16760,53 @@ test_ip6_packet_larger() { fi } +test_ip6_packet_larger_ext() { + local mtu=$1 + + local eth_src=00000012af11 + local eth_dst=000020201213 + + local ipv6_src=20000000000000000000000000000004 + local ipv6_dst=20000000000000000000000000000001 + + local payload=0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + local payload=${payload}0000000000000000000000000000000000000000 + + local ip6_hdr=6000000000583afe${ipv6_src}${ipv6_dst} + local packet=${eth_dst}${eth_src}86dd${ip6_hdr}9000cc7662f00001${payload} + + local ns=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064 + echo $ns > br-phys_n1.expected + + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1 + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + + local na_ip6_hdr=6000000000203aff${ipv6_src}${ipv6_dst} + local na=${eth_dst}${eth_src}86dd${na_ip6_hdr}8800d78440000000${ipv6_src}0201${eth_src} + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $na + sleep 1 + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet + AT_CAPTURE_FILE([trace-$mtu]) + + # First construct the inner IPv6 packet. + inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst} + inner_icmp6=9000000062f00001 + inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload} ${inner_ip6}) + inner_packet=${inner_ip6}${inner_icmp6_and_payload} + + # Then the outer. + outer_ip6=6000000000883afe${ipv6_dst}${ipv6_src} + outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf "%04x" $mtu)${inner_packet} $outer_ip6) + outer_packet=${outer_ip6}${outer_icmp6_and_payload} + + icmp6_reply=${eth_src}${eth_dst}86dd${outer_packet} + echo $icmp6_reply >> br-phys_n1.expected + + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected]) +} + wait_for_ports_up ovn-nbctl --wait=hv sync @@ -16636,7 +16839,7 @@ for mtu in 100 500 118; do OVS_WAIT_FOR_OUTPUT([ as hv1 ovs-ofctl dump-flows br-int > br-int-flows-$mtu AT_CAPTURE_FILE([br-int-flows-$mtu]) - grep "check_pkt_larger($(expr $mtu + 18))" br-int-flows-$mtu | wc -l], [0], [1 + grep "check_pkt_larger($(expr $mtu + 18))" br-int-flows-$mtu | wc -l], [0], [3 ]) AS_BOX([testing mtu $mtu - IPv4]) @@ -16646,6 +16849,23 @@ for mtu in 100 500 118; do test_ip6_packet_larger $mtu done +AS_BOX([testing mtu $mtu]) +check ovn-nbctl --wait=hv set logical_router_port lr0-public options:gateway_mtu=100 +ovn-sbctl dump-flows > ext-sbflows-100 +AT_CAPTURE_FILE([ext-sbflows-$mtu]) + +OVS_WAIT_FOR_OUTPUT([ + as hv1 ovs-ofctl dump-flows br-int > ext-br-int-flows-100 + AT_CAPTURE_FILE([ext-br-int-flows-100]) + grep "check_pkt_larger(118)" ext-br-int-flows-100 | wc -l], [0], [3 +]) + +AS_BOX([testing ext mtu 100 - IPv4]) +test_ip_packet_larger_ext 100 + +AS_BOX([testing mtu 100 - IPv6]) +test_ip6_packet_larger_ext 100 + OVN_CLEANUP([hv1]) AT_CLEANUP ])