From patchwork Fri Jun 11 09:52:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1490852 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZdoweI8G; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1bjl1Mmyz9sXL for ; Fri, 11 Jun 2021 19:52:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 070F160ABB; Fri, 11 Jun 2021 09:52:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IxY7okmKrQX1; Fri, 11 Jun 2021 09:52:21 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id D49DD60661; Fri, 11 Jun 2021 09:52:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9C578C000E; Fri, 11 Jun 2021 09:52:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id ADEE8C000B for ; Fri, 11 Jun 2021 09:52:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 8418740459 for ; Fri, 11 Jun 2021 09:52:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-28UVlX62Ae for ; Fri, 11 Jun 2021 09:52:16 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id A8225403E8 for ; Fri, 11 Jun 2021 09:52:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623405135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qs44+Kc6fjhJpZudf/WTGiNBo8VZcQazvtqal6y8WdM=; b=ZdoweI8GFyOjFMhFn4EXyV+b8PH7JttgmeRW137NLh1rLeS1kbMFtUS+PL3wXytAOpU/Ko tlElIYKT6ySVqpy9k7QRCF29AAc21+kka+hnL+qJCuqyeWAzVRnkDcNH62W3IjbaFeI+Vc DAQ6nBsZXjcx2k3PJne6GJmPqswhUxA= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-546-wLjHKmUtNO-kg6gx50w1fA-1; Fri, 11 Jun 2021 05:52:10 -0400 X-MC-Unique: wLjHKmUtNO-kg6gx50w1fA-1 Received: by mail-qt1-f198.google.com with SMTP id a12-20020ac8108c0000b029023c90fba3dcso1613028qtj.7 for ; Fri, 11 Jun 2021 02:52:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=qs44+Kc6fjhJpZudf/WTGiNBo8VZcQazvtqal6y8WdM=; b=Me53zTTAbomKtaK+lRDA451mYbND1qyw812UskH5aJ+UdDf+O9ArxqYyahysSi7BEa +UzrHe96nGPFMG63DHXQVYTf4+/j3UytXcNYjz2zGykEmOhd06I+8MJncuQuWgqKJnQ5 YWOqPOcHPXZ4dL4iHn3PMKsLza3p4TjL4pBxapqVu8Xd2DkE9kuSZazDiBa6qbp5XHXH 4lLt9Uh8X5iLRrodRIF9FwMAuXzLuiYY4hbwE/bA+yzulNllnmn+LFR0Mqk0DyKejRQp +8cUMpAfXME+LLFEuDqu0FCBBEDTimHLWACoE+IhRuSCLSdL0H9G7/31zMGKrlc6LZwJ 3aGw== X-Gm-Message-State: AOAM5317xcU8JZ1nHmZ/2EUuJ2cVAsRmxvmqmPCu8J8PaS1ePsWXm7a/ qneEdEab1F9RUc3DFoqUdAukGbDLBUz1v/F4ly4n+YfRHubZIuk4iAh0UcwVI9CeQYwzYFXj0wu HzVRsalCSdJ5BUN8o7OdEJot8MuxNbC/5h4r0Bp7x7LuZbYwE2BzNkl8BuGyi4mJwRG5q X-Received: by 2002:a05:620a:9d7:: with SMTP id y23mr2893980qky.227.1623405129617; Fri, 11 Jun 2021 02:52:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxs7Ux8HMR2DqiJmb8RlCg8gFgMJ8FQTo/bJIF1ZoKv5b7RPKTqJiB2lTARgOs1xc/ar3Z1UA== X-Received: by 2002:a05:620a:9d7:: with SMTP id y23mr2893962qky.227.1623405129329; Fri, 11 Jun 2021 02:52:09 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id d10sm3881602qtd.82.2021.06.11.02.52.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jun 2021 02:52:08 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Fri, 11 Jun 2021 05:52:07 -0400 Message-Id: <20210611095207.2169397-1-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn v3] ovn-trace: correctly handle ct_dnat(IP) action X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" ovn-trace does not set translated ip address for ct_dnat() actions when tracing. This causes the trace to end prematurely. This can be tested with the following or an equivalent for IPv6: ovn-nbctl ls-add sw0 ovn-nbctl lsp-add sw0 sw0-port1 ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" ovn-nbctl ls-add sw1 ovn-nbctl lsp-add sw1 sw1-port1 ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" ovn-nbctl lr-add lr0 ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 ovn-nbctl lsp-add sw0 lrp0-attachment ovn-nbctl lsp-set-type lrp0-attachment router ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 ovn-nbctl lsp-add sw1 lrp1-attachment ovn-nbctl lsp-set-type lrp1-attachment router ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 ovs-vsctl add-port br-int p1 -- \ set Interface p1 external_ids:iface-id=sw0-port1 ovs-vsctl add-port br-int p2 -- \ set Interface p2 external_ids:iface-id=sw1-port1 ovn-trace 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' Signed-off-by: Mark Gray Acked-by: Dumitru Ceara --- tests/ovn-northd.at | 80 ++++++++++++++++++++++++++++++++++++++++++- utilities/ovn-trace.c | 10 ++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 4692775ad720..e3df3ee65000 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -483,7 +483,7 @@ check ovn-nbctl --wait=sb lsp-set-options sw0-lr1 router-port=lr1-sw0 # connected to lr0 exp_ref_ch_list="$comp1_ch_uuid $comp2_ch_uuid" -wait_column "$exp_ref_ch_list" HA_Chassis_Group ref_chassis +wait_column "$exp_ref_ch_list" HA_Chassis_Group ref_chassis # Unind sw1-p1. comp2 should not be in the ref_chassis. ovn-sbctl lsp-unbind sw1-p1 @@ -3644,3 +3644,81 @@ check ovn-nbctl --wait=sb sync OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv4 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat 42.42.42.42 192.168.0.2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat 42.42.42.42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip4.dst == 42.42.42.42 && ip4.src == 11.0.0.2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- trace with IPv6 dnat]) +AT_KEYWORDS([dnat]) +ovn_start + +ovn-nbctl ls-add sw0 +ovn-nbctl lsp-add sw0 sw0-port1 +ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 fd68::2" + +ovn-nbctl ls-add sw1 +ovn-nbctl lsp-add sw1 sw1-port1 +ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 fd11::2" + +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 fd68::1/64 +ovn-nbctl lsp-add sw0 lrp0-attachment +ovn-nbctl lsp-set-type lrp0-attachment router +ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01 +ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0 +ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 fd11::1/64 -- lrp-set-gateway-chassis lrp1 chassis-1 +ovn-nbctl lsp-add sw1 lrp1-attachment +ovn-nbctl lsp-set-type lrp1-attachment router +ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02 +ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 + +ovn-nbctl lr-nat-add lr0 dnat fd42::42 fd68::2 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [0], [ignore]) + +dnl If we remove the DNAT entry we will be unable to trace to the DNAT address +ovn-nbctl lr-nat-del lr0 dnat fd42::42 +check ovn-nbctl --wait=sb sync + +AT_CHECK([ovn-trace --minimal 'inport == "sw1-port1" && eth.src == 50:54:00:00:00:03 && eth.dst == 00:00:00:00:ff:02 && ip6.dst == fd42::42 && ip6.src == fd11::2 && ip.ttl == 64' | grep "output(\"sw0-port1\")"], [1], [ignore]) + +AT_CLEANUP +]) \ No newline at end of file diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c index 3b26b5af1d69..49463c5c2652 100644 --- a/utilities/ovn-trace.c +++ b/utilities/ovn-trace.c @@ -2297,10 +2297,20 @@ execute_ct_nat(const struct ovnact_ct_nat *ct_nat, if (ct_nat->family == AF_INET) { ds_put_format(&s, "(ip4.%s="IP_FMT")", direction, IP_ARGS(ct_nat->ipv4)); + if (is_dst) { + ct_flow.nw_dst = ct_nat->ipv4; + } else { + ct_flow.nw_src = ct_nat->ipv4; + } } else { ds_put_format(&s, "(ip6.%s=", direction); ipv6_format_addr(&ct_nat->ipv6, &s); ds_put_char(&s, ')'); + if (is_dst) { + ct_flow.ipv6_dst = ct_nat->ipv6; + } else { + ct_flow.ipv6_src = ct_nat->ipv6; + } } uint8_t state = is_dst ? CS_DST_NAT : CS_SRC_NAT;