From patchwork Thu Jun 10 15:32:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1490574 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GNSkNDRR; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G17JL478kz9sRN for ; Fri, 11 Jun 2021 01:32:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 6F8F540680; Thu, 10 Jun 2021 15:32:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KNy2Ew9Mi5p; Thu, 10 Jun 2021 15:32:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 9929940675; Thu, 10 Jun 2021 15:32:13 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6E394C001C; Thu, 10 Jun 2021 15:32:13 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id BF188C0023 for ; Thu, 10 Jun 2021 15:32:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id A0FF64066E for ; Thu, 10 Jun 2021 15:32:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DrYZX2HAnAe for ; Thu, 10 Jun 2021 15:32:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 3680340664 for ; Thu, 10 Jun 2021 15:32:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623339129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gDQ+SqjK2ADyNvL+zS4DQ49IA+KNCqhotIkmI8m21/Y=; b=GNSkNDRRd6sXH5CRB1CQxXW0bYL0jJO34KSgJQtUTWt+Bbc55nV5rfTtoVmt0o9qonXni7 3rwLHcGFei99A+glA9L2yM62LfqnGBW2yHC8TKCU+2n6ccFEp+og8+6q0jd7U7K/suU4hU GWzpCEVFGFM8adnZqABSPGrLoWLP4kc= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-498-Xb4nRzKOPqSxgFAYxpmiOw-1; Thu, 10 Jun 2021 11:32:07 -0400 X-MC-Unique: Xb4nRzKOPqSxgFAYxpmiOw-1 Received: by mail-qt1-f199.google.com with SMTP id z9-20020a05622a0609b02901f30a4fcf9bso45092qta.4 for ; Thu, 10 Jun 2021 08:32:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gDQ+SqjK2ADyNvL+zS4DQ49IA+KNCqhotIkmI8m21/Y=; b=h3R/kHzbu3/MI5TkpkCjuV2S6vtxBGbHwuDM+f//lTxa8BR5a5uAwyf22Awukl2aOb NNF7PTT4GTP2xom8EJ7ERBJkAt7QlXMdtxgfZnAhZc25iOrViSQ7sLQ+U1/od6usQ9EA myl4k20MFBtj66GEc5Rj6RDo1Ai40Q1+K+1Zx+hAMgF57O4MV1E82xuOEaCGh6rxjjEV 6yqT5ppz2GQthf8IFVl/G8wuPdk+SbvPdyhIv/le5c2DzNLNO6Fz7vizDa1hPea3VHcS U7eu0LKoyxjdFqEiM8jtPcp2N2fjbGoDfZxsh8rzl9sKgUfiub86tkA6f1O8ls6elz7f mnCQ== X-Gm-Message-State: AOAM532bHgZ/7e9S+UIBxgBtvjIl+xrlj2Ax9lq7pjoNofvFrKY1OKuU Fsc9uPfZFkvJLD7KoNm8aXeUtIsbCLBJdK7SA7ir8GZ4oJe8MacZi23jb0vwtuXCQQIS2U1Sfpm qiNH3hbxyfRVHl84kPJ/kEgl57rhUbllYAQ0fpz3QgnKpYn/0SyE/S6DzedxdDAMgZ1v8 X-Received: by 2002:a37:7f82:: with SMTP id a124mr49132qkd.419.1623339125843; Thu, 10 Jun 2021 08:32:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuvahGwqjeuMSrKGzkMozOXQhf+NwKaaJHzSNqduk44nz9eT7ZcM+YOSjCQkcny7rRgI++5A== X-Received: by 2002:a37:7f82:: with SMTP id a124mr49086qkd.419.1623339125375; Thu, 10 Jun 2021 08:32:05 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id d81sm2477736qke.32.2021.06.10.08.32.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jun 2021 08:32:04 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Thu, 10 Jun 2021 11:32:00 -0400 Message-Id: <20210610153201.1846669-2-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210610153201.1846669-1-mark.d.gray@redhat.com> References: <20210610153201.1846669-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 1/2] ovn-trace.at: Move ovn-trace tests to new ovn-trace.at file X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Mark Gray --- v2: Move ovn-trace tests to dedicated file tests/automake.mk | 3 +- tests/ovn-trace.at | 272 +++++++++++++++++++++++++++++++++++++++++++++ tests/testsuite.at | 1 + 3 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 tests/ovn-trace.at diff --git a/tests/automake.mk b/tests/automake.mk index 742e5cff28cc..a9734f6a697c 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -35,7 +35,8 @@ TESTSUITE_AT = \ tests/ovn-ofctrl-seqno.at \ tests/ovn-ipam.at \ tests/ovn-lflow-cache.at \ - tests/ovn-ipsec.at + tests/ovn-ipsec.at \ + tests/ovn-trace.at SYSTEM_KMOD_TESTSUITE_AT = \ tests/system-common-macros.at \ diff --git a/tests/ovn-trace.at b/tests/ovn-trace.at new file mode 100644 index 000000000000..3e6c63ba9af0 --- /dev/null +++ b/tests/ovn-trace.at @@ -0,0 +1,272 @@ +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace 1 LS, 3 LSPs]) +ovn_start + +# Create a logical switch and some logical ports. +# Turn on port security on all lports except ls1. +# Make ls1 a destination for unknown MACs. +# Add some ACLs for Ethertypes 1234, 1235, 1236. +ovn-nbctl ls-add lsw0 +ovn-sbctl chassis-add hv0 geneve 127.0.0.1 +for i in 1 2 3; do + ovn-nbctl lsp-add lsw0 lp$i +done +ovn-nbctl --wait=sb sync +for i in 1 2 3; do + ovn-sbctl lsp-bind lp$i hv0 + if test $i = 1; then + ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:0$i 192.168.0.$i" unknown + else + if test $i = 3; then + ip_addrs="192.168.0.$i fe80::ea2a:eaff:fe28:$i/64 192.169.0.$i" + else + ip_addrs="192.168.0.$i" + fi + ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:0$i $ip_addrs" + ovn-nbctl lsp-set-port-security lp$i f0:00:00:00:00:0$i + fi +done +ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop +ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1235 && inport == "lp1"' drop +ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1236 && outport == "lp3"' drop +ovn-nbctl create Address_Set name=set1 addresses=\"f0:00:00:00:00:01\",\"f0:00:00:00:00:02\" +ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1237 && eth.src == $set1 && outport == "lp3"' drop + +ovn-nbctl --wait=sb sync +ovn-sbctl dump-flows > sbflows +AT_CAPTURE_FILE([sbflows]) +on_exit 'kill `cat ovn-trace.pid`' +ovn-trace --detach --pidfile --no-chdir + +# test_packet INPORT DST SRC [-vlan] [-eth TYPE] OUTPORT... +# +# This shell function causes a packet to be received on INPORT. The packet's +# content has Ethernet destination DST and source SRC (each exactly 12 hex +# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or +# more) list the VIFs on which the packet should be received. INPORT and the +# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11. +test_packet() { + local inport=$1 eth_dst=$2 eth_src=$3; shift; shift; shift + uflow="inport==\"lp$inport\" && eth.dst==$eth_dst && eth.src==$eth_src" + while :; do + case $1 in # ( + -vlan) uflow="$uflow && vlan.vid == 1234"; shift ;; # ( + -eth) uflow="$uflow && eth.type == 0x$2"; shift; shift ;; # ( + *) break ;; + esac + done + for outport; do + echo "output(\"lp$outport\");" + done > expout + + AT_CAPTURE_FILE([trace]) + AT_CHECK([ovs-appctl -t ovn-trace trace --all lsw0 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout]) +} + +# test_arp INPORT SHA SPA TPA [REPLY_HA] +# +# Causes a packet to be received on INPORT. The packet is an ARP +# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then +# it should be the hardware address of the target to expect to receive in an +# ARP reply; otherwise no reply is expected. +# +# INPORT is an logical switch port number, e.g. 11 for vif11. +# SHA and REPLY_HA are each 12 hex digits. +# SPA and TPA are each 8 hex digits. +test_arp() { + local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5 + + local request="inport == \"lp$inport\" + && eth.dst == ff:ff:ff:ff:ff:ff && eth.src == $sha + && arp.op == 1 && arp.sha == $sha && arp.spa == $spa + && arp.tha == ff:ff:ff:ff:ff:ff && arp.tpa == $tpa" + + if test -z "$reply_ha"; then + reply= + local i + for i in 1 2 3; do + if test $i != $inport; then + reply="${reply}output(\"lp$i\"); +" + fi + done + else + reply="\ +eth.dst = $sha; +eth.src = $reply_ha; +arp.op = 2; +arp.tha = $sha; +arp.sha = $reply_ha; +arp.tpa = $spa; +arp.spa = $tpa; +output(\"lp$inport\"); +" + fi + + AT_CAPTURE_FILE([trace]) + AT_CHECK_UNQUOTED([ovs-appctl -t ovn-trace trace --all lsw0 "$request" | tee trace | sed '1,/Minimal trace/d'], [0], [$reply]) +} + +# Send packets between all pairs of source and destination ports: +# +# 1. Unicast packets are delivered to exactly one logical switch port +# (except that packets destined to their input ports are dropped). +# +# 2. Broadcast and multicast are delivered to all logical switch ports +# except the input port. +# +# 3. When port security is turned on, the switch drops packets from the wrong +# MAC address. +# +# 4. The switch drops all packets with a VLAN tag. +# +# 5. The switch drops all packets with a multicast source address. (This only +# affects behavior when port security is turned off, since otherwise port +# security would drop the packet anyway.) +# +# 6. The switch delivers packets with an unknown destination to logical +# switch ports with "unknown" among their MAC addresses (and port +# security disabled). +# +# 7. The switch drops unicast packets that violate an ACL. +# +# 8. The switch drops multicast and broadcast packets that violate an ACL. +# +# 9. OVN generates responses to ARP requests for known IPs, except for +# requests from a port for the port's own IP. +# +# 10. No response to ARP requests for unknown IPs. + +for s in 1 2 3; do + bcast= + unknown= + bacl2= + bacl3= + for d in 1 2 3; do + echo + echo "lp$s -> lp$d" + if test $d != $s; then unicast=$d; else unicast=; fi + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s $unicast #1 + + if test $d != $s && test $s = 1; then + impersonate=$d + else + impersonate= + fi + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 $impersonate #3 + + if test $d != $s && test $s != 1; then acl2=$d; else acl2=; fi + if test $d != $s && test $d != 3; then acl3=$d; else acl3=; fi + if test $d = $s || ( (test $s = 1 || test $s = 2) && test $d = 3); then + # Source of 1 or 2 and dest of 3 should be dropped + # due to the 4th ACL that uses address_set(set1). + acl4= + else + acl4=$d + fi + + #7, acl1 to acl4: + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1234 + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1235 $acl2 + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1236 $acl3 + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1237 $acl4 + + test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 -vlan #4 + test_packet $s f0:00:00:00:00:0$d 01:00:00:00:00:0$s #5 + + if test $d != $s && test $d = 1; then + unknown="$unknown $d" + fi + bcast="$bcast $unicast" + bacl2="$bacl2 $acl2" + bacl3="$bacl3 $acl3" + + sip=192.168.0.$s + tip=192.168.0.$d + tip_unknown=11.11.11.11 + reply_ha=; + if test $d != $s; then + if test $d != 1; then + reply_ha=f0:00:00:00:00:0$d; + fi + fi + + test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9 + test_arp $s f0:00:00:00:00:0$s $sip $tip_unknown #10 + + if test $d = 3; then + # lp3 has an additional ip 192.169.0.[123]3. + tip=192.169.0.$d + test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9 + fi + done + + # Broadcast and multicast. + test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s $bcast #2 + test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s $bcast #2 + if test $s = 1; then + bcast_impersonate=$bcast + else + bcast_impersonate= + fi + test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:44 $bcast_impersonate #3 + + test_packet $s f0:00:00:00:ff:ff f0:00:00:00:00:0$s $unknown #6 + + #8, acl1 to acl3: + test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1234 + test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1235 $bacl2 + test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1236 $bacl3 + + #8, acl1 to acl3: + test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1234 + test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1235 $bacl2 + test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1236 $bacl3 +done + +# send packets for unknown datapath +AT_CAPTURE_FILE([trace]) +AT_CHECK_UNQUOTED([ovs-appctl -t ovn-trace trace --all lsw100 "inport == p100 && ip4.dst == 10.96.57.175"], [0], [dnl +unknown datapath "lsw100" +]) + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace when flow cookie updated]) +AT_KEYWORDS([cookie]) +ovn_start + +net_add n1 +sim_add hv1 +as hv1 +ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 +ovs-vsctl add-port br-int vif1 -- \ + set interface vif1 external-ids:iface-id=lp1 ofport-request=1 + +ovn-nbctl ls-add lsw0 +ovn-nbctl lsp-add lsw0 lp1 +ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:01 10.0.0.1" +ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop + +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +# Trace with --ovs should see ovs flow related to the ACL +AT_CHECK([ovn-trace --ovs lsw0 'inport == "lp1" && eth.type == 0x1234' | grep "dl_type=0x1234" | grep "cookie"], [0], [ignore]) + +# Replace the ACL with same match but different action. +ovn-nbctl acl-del lsw0 -- \ + acl-add lsw0 from-lport 1000 'eth.type == 0x1234' allow + +check ovn-nbctl --wait=hv sync + +# Trace with --ovs should still see the ovs flow related to the ACL, which +# means the OVS flow is updated with new cookie corresponding to the new lflow. +AT_CHECK([ovn-trace --ovs lsw0 'inport == "lp1" && eth.type == 0x1234' | grep "dl_type=0x1234 actions="], [0], [ignore]) + +OVN_CLEANUP([hv1]) +AT_CLEANUP +]) diff --git a/tests/testsuite.at b/tests/testsuite.at index ddc3f11d6850..dd29c89a2f07 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -37,3 +37,4 @@ m4_include([tests/ovn-controller-vtep.at]) m4_include([tests/ovn-ic.at]) m4_include([tests/checkpatch.at]) m4_include([tests/ovn-ipsec.at]) +m4_include([tests/ovn-trace.at]) From patchwork Thu Jun 10 15:32:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1490575 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CqqO/uoL; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G17JQ30vrz9sRN for ; Fri, 11 Jun 2021 01:32:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 253E260AD3; Thu, 10 Jun 2021 15:32:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxuWPZIb0ONt; Thu, 10 Jun 2021 15:32:17 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 9EC5D60A84; Thu, 10 Jun 2021 15:32:16 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5EFEFC001C; Thu, 10 Jun 2021 15:32:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 22052C001C for ; Thu, 10 Jun 2021 15:32:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id F1FB283DB6 for ; Thu, 10 Jun 2021 15:32:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geMCNtdRoF_l for ; Thu, 10 Jun 2021 15:32:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0D22883DA8 for ; Thu, 10 Jun 2021 15:32:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623339133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BxAZAWZM6rA1002V8RNojEOhCa0iycoPF+67Nrb/6TY=; b=CqqO/uoLxYeqgLWThOd47fTkmMh6Ey+Sv0fBEr0nVBoSJERXD4tnxcdibW54rVv/F2D1gl hIHwVzh7Sh8DwqyS5SlkDQ6O5SuIODbStyyP27Uw8oMYIastZFZiJajZBTELH6yGKLPDPM YdpHV0etRGQUP8dIUBaNYPiP0L92TJY= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-443-rp24W8XPPXeSB1Al7OYgRQ-1; Thu, 10 Jun 2021 11:32:07 -0400 X-MC-Unique: rp24W8XPPXeSB1Al7OYgRQ-1 Received: by mail-qt1-f197.google.com with SMTP id f17-20020ac87f110000b02901e117339ea7so16144qtk.16 for ; Thu, 10 Jun 2021 08:32:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BxAZAWZM6rA1002V8RNojEOhCa0iycoPF+67Nrb/6TY=; b=GJyTLLpsCvI3mwk69t+cs3UvI9OJuItl370KPgHVdJ75JXZxW8AXXdMnTP6SV42/1P QPmqb67WjSle4cwuNV3cklF00z6cd+lwDbbIkE6c+HMvHL921cqdHS06Nfn6SjigzNKD pv4ayRflDQCZERgVchT5XHmdQl5DL/D3j7IEIlF8FGZKqE80goICNNFZ9dKgGaoNLLsu zEKhJbezaXvv/1j3tALl3MK24fPe5RNM3s6J6t5Tru/2M23t8dj3JjfoIe4qefSXwM5X 3T9PPpgAfJ+XkJvCPXVS/84+Q9EsPDFHy38HJoZRbUPonnknMSFkVjMKCPSsC+p90DF4 zqHQ== X-Gm-Message-State: AOAM532AU0NAG0t8tsbR2VRQnepC03mFFrcqg7DjdLLr9pLpr9NskjDw F2aj8nSsUZgdZtQ/Own9h1KZVIRAqm9THcbzFDzFd2jmPmEciz+lkOPBY7ICNbc8FcQAIYTYqto 8kWbYGeut4+Ui5dx/2gz3cT7loQB8i79TTXcxP4sUWYTWVt/yQ5x46vYIBRAaH8iEn1rA X-Received: by 2002:ad4:4a68:: with SMTP id cn8mr201975qvb.38.1623339126928; Thu, 10 Jun 2021 08:32:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/aEnptNDjhCXRMPW9Y+OLwkkM1YxN9pC3Ua4zOajLqOLvnnKocy2Hzq8eGQ/7Z7DCemx9Mw== X-Received: by 2002:ad4:4a68:: with SMTP id cn8mr201954qvb.38.1623339126694; Thu, 10 Jun 2021 08:32:06 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id d81sm2477736qke.32.2021.06.10.08.32.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jun 2021 08:32:05 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Thu, 10 Jun 2021 11:32:01 -0400 Message-Id: <20210610153201.1846669-3-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210610153201.1846669-1-mark.d.gray@redhat.com> References: <20210610153201.1846669-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 2/2] ovn-trace: correctly handle ct_dnat(IP) action X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" ovn-trace does not set translated ip address for ct_dnat() actions when tracing. This causes the trace to end prematurely. This can be tested with the following or an equivalent for IPv6: ovn-nbctl ls-add sw0 ovn-nbctl lsp-add sw0 sw0-port1 ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" ovn-nbctl ls-add sw1 ovn-nbctl lsp-add sw1 sw1-port1 ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" ovn-nbctl lr-add lr0 ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 ovn-nbctl lsp-add sw0 lrp0-attachment ovn-nbctl lsp-set-type lrp0-attachment router ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 ovn-nbctl lsp-add sw1 lrp1-attachment ovn-nbctl lsp-set-type lrp1-attachment router ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 ovs-vsctl add-port br-int p1 -- \ set Interface p1 external_ids:iface-id=sw0-port1 ovs-vsctl add-port br-int p2 -- \ set Interface p2 external_ids:iface-id=sw1-port1 ovn-trace 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' Signed-off-by: Mark Gray --- v2: fix whitespace and add unit tests tests/ovn-trace.at | 78 +++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-trace.c | 10 ++++++ 2 files changed, 88 insertions(+) diff --git a/tests/ovn-trace.at b/tests/ovn-trace.at index 3e6c63ba9af0..540d6daef275 100644 --- a/tests/ovn-trace.at +++ b/tests/ovn-trace.at @@ -270,3 +270,81 @@ AT_CHECK([ovn-trace --ovs lsw0 'inport == "lp1" && eth.type == 0x1234' | grep "d OVN_CLEANUP([hv1]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv4 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat 42.42.42.42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv6 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 fd68::2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 fd11::2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 fd68::1/64 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 fd11::1/64 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat fd42::42 fd68::2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat fd42::42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) \ No newline at end of file diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c index 3b26b5af1d69..49463c5c2652 100644 --- a/utilities/ovn-trace.c +++ b/utilities/ovn-trace.c @@ -2297,10 +2297,20 @@ execute_ct_nat(const struct ovnact_ct_nat *ct_nat, if (ct_nat->family == AF_INET) { ds_put_format(&s, "(ip4.%s="IP_FMT")", direction, IP_ARGS(ct_nat->ipv4)); + if (is_dst) { + ct_flow.nw_dst = ct_nat->ipv4; + } else { + ct_flow.nw_src = ct_nat->ipv4; + } } else { ds_put_format(&s, "(ip6.%s=", direction); ipv6_format_addr(&ct_nat->ipv6, &s); ds_put_char(&s, ')'); + if (is_dst) { + ct_flow.ipv6_dst = ct_nat->ipv6; + } else { + ct_flow.ipv6_src = ct_nat->ipv6; + } } uint8_t state = is_dst ? CS_DST_NAT : CS_SRC_NAT;