From patchwork Fri Jun 11 10:10:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1490883 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Sx4iuTls; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1c751RwXz9sRf for ; Fri, 11 Jun 2021 20:10:57 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 1B256414C8; Fri, 11 Jun 2021 10:10:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sV8ar5Al6U8i; Fri, 11 Jun 2021 10:10:53 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0FFC64047D; Fri, 11 Jun 2021 10:10:52 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id CB523C000D; Fri, 11 Jun 2021 10:10:51 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A2801C000B for ; Fri, 11 Jun 2021 10:10:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 890C9414BF for ; Fri, 11 Jun 2021 10:10:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xfnB-wqyagH for ; Fri, 11 Jun 2021 10:10:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id BC9994047D for ; Fri, 11 Jun 2021 10:10:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623406248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cdIv3r5It1J/Z40UwWZYpf1I9FCxIwhXrExDt6tkVZE=; b=Sx4iuTls0CsMAyboIFYGUjRtoBzJx8OKIa/09ZPUEdMjQEa08Cpi+OycoyZ2yjSbslqJP1 NCgFLOmmyxUdlxZ5AfWjO7iNPNkXCp1TbiAtfI82JHS9+uCQMWYpRJ8J4tHFK9NITLy2P4 r98BoY8PbxYwTpayw1GGn3dUZCnNEts= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-482-3Wi4mto1Nu6zcMlmZBLXSA-1; Fri, 11 Jun 2021 06:10:47 -0400 X-MC-Unique: 3Wi4mto1Nu6zcMlmZBLXSA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1848A101F7BB; Fri, 11 Jun 2021 10:10:45 +0000 (UTC) Received: from dceara.remote.csb (ovpn-114-153.ams2.redhat.com [10.36.114.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id C930B60C05; Fri, 11 Jun 2021 10:10:42 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 11 Jun 2021 12:10:39 +0200 Message-Id: <20210611101037.16527.78264.stgit@dceara.remote.csb> In-Reply-To: <20210611101021.16527.62193.stgit@dceara.remote.csb> References: <20210611101021.16527.62193.stgit@dceara.remote.csb> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dceara@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH ovn v3 1/5] ovs: Include ovs-vswitchd segfault fixes. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Bump the OVS submodule to include the following patches: dd0f59783e39 ("ofproto: Fix potential NULL dereference in ofproto_get_datapath_cap().") a4b04276ab59 ("ofproto: Fix potential NULL dereference in ofproto_ct_*_zone_timeout_policy().") The two commits above fix crashes in ovs-vswitchd when OVS datapath types are configured with unsupported values and OVSDB Datapath tables exist for those datapath types. OVN self tests actually test with invalid datapath types and an upcoming commit will update the ovn-controller code to always create OVSDB Datapath tables. Without the two OVS fixes, ovs-vswitchd would crash, causing the OVN tests to fail. Acked-by: Mark D. Gray Signed-off-by: Dumitru Ceara --- ovs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ovs b/ovs index b5bb044fb..a4b04276a 160000 --- a/ovs +++ b/ovs @@ -1 +1 @@ -Subproject commit b5bb044fbe4c1395dcde5cc7d5081ef0099bb8b3 +Subproject commit a4b04276ab5934d087669ff2d191a23931335c87 From patchwork Fri Jun 11 10:10:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1490885 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HgWXIsJf; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1c7M1Sw6z9sXL for ; Fri, 11 Jun 2021 20:11:10 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id DD2BD83D0F; Fri, 11 Jun 2021 10:11:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wg-IWDBeqSCN; Fri, 11 Jun 2021 10:11:07 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id 22E3583CA1; Fri, 11 Jun 2021 10:11:06 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E6A5AC000D; Fri, 11 Jun 2021 10:11:05 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 19FB8C000D for ; Fri, 11 Jun 2021 10:11:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 1DECF41586 for ; Fri, 11 Jun 2021 10:11:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gbOGa6m0eA5 for ; Fri, 11 Jun 2021 10:11:01 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id F01E7414BF for ; Fri, 11 Jun 2021 10:11:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623406259; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vA2dhkOdBnmY5mGsnid/ZZAki1bhU/GGMBLrK7v6diU=; b=HgWXIsJfwgMLa7gJ5QMzCNIaFacg1zUs4eTstAXXVWrvc1AvDcq/jEQ+GQxOOSAp/tZY2g 4RxGHwFiCX1WqRK/xOuHaG6TIlNIbZJiTl3HJLbhRmQvq3taD/uFYuwJ25qpP8uVOcV63W mWCK7+NZxbimDyIgUQGINXalP6/lpRE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-269-n83KTtK4NM2HYo1zXooP0g-1; Fri, 11 Jun 2021 06:10:58 -0400 X-MC-Unique: n83KTtK4NM2HYo1zXooP0g-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4689CCC624; Fri, 11 Jun 2021 10:10:57 +0000 (UTC) Received: from dceara.remote.csb (ovpn-114-153.ams2.redhat.com [10.36.114.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8837919814; Fri, 11 Jun 2021 10:10:55 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 11 Jun 2021 12:10:52 +0200 Message-Id: <20210611101050.16527.21569.stgit@dceara.remote.csb> In-Reply-To: <20210611101021.16527.62193.stgit@dceara.remote.csb> References: <20210611101021.16527.62193.stgit@dceara.remote.csb> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dceara@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH ovn v3 2/5] system-ovn.at: Use ADD_BR macro instead of bare ovs-vsctl. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" br-int and br-ex are patched together by ovn-controller. They must have the same datapath type. I.e., it won't work if br-int uses the netdev (userspace) datapath and br-ext uses the system (kernel) datapath; system is the default. This ensures the datapath type is properly set for the br-ext bridge. a8362ff85dee ("northd: Fix the missing force_snat_for_lb flows when router_ip is configured.") Acked-by: Mark D. Gray Signed-off-by: Dumitru Ceara --- tests/system-ovn.at | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 8bc0c2257..0bebd9fb6 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -2312,8 +2312,7 @@ CHECK_CONNTRACK_NAT() ovn_start OVS_TRAFFIC_VSWITCHD_START() ADD_BR([br-int]) -check ovs-vsctl add-br br-ext - +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone]) # Set external-ids in br-int needed for ovn-controller ovs-vsctl \ From patchwork Fri Jun 11 10:11:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1490887 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=iIUDLuFb; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1c8H4mTDz9sSn for ; Fri, 11 Jun 2021 20:11:59 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 42B6F404CD; Fri, 11 Jun 2021 10:11:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghRSURc7h5PS; Fri, 11 Jun 2021 10:11:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 61B38404C8; Fri, 11 Jun 2021 10:11:55 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D946BC0024; Fri, 11 Jun 2021 10:11:54 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 350A4C0024 for ; Fri, 11 Jun 2021 10:11:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EB87B41591 for ; Fri, 11 Jun 2021 10:11:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6LG0kcMQk9M for ; Fri, 11 Jun 2021 10:11:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id C68D5415B6 for ; Fri, 11 Jun 2021 10:11:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623406273; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZeSFrLdMOwPB6NAFrQKfc15gvnaS4LXMrmy+CndOaZU=; b=iIUDLuFb7ymT3j2Sj0WS0m2kt9XFeuPHpPN39G3Gvx6RjjvpVoffTZ4NupoSxriIu9LBec qLcYaGIpw46BoWeilJUDK1BT7wxdbsBEmmRsQmvGpSoXZXB0AxT+TwImGqZQ6EjfkmRXHs DSxIeW02FrM5yPb935bOqkY4+sVVnts= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-469-LNKfXN_JP6O-Bbn5_zJp1Q-1; Fri, 11 Jun 2021 06:11:10 -0400 X-MC-Unique: LNKfXN_JP6O-Bbn5_zJp1Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 75839800D62; Fri, 11 Jun 2021 10:11:09 +0000 (UTC) Received: from dceara.remote.csb (ovpn-114-153.ams2.redhat.com [10.36.114.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5F98018AA1; Fri, 11 Jun 2021 10:11:07 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 11 Jun 2021 12:11:04 +0200 Message-Id: <20210611101102.16527.65995.stgit@dceara.remote.csb> In-Reply-To: <20210611101021.16527.62193.stgit@dceara.remote.csb> References: <20210611101021.16527.62193.stgit@dceara.remote.csb> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dceara@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH ovn v3 3/5] github: Use nmap-ncat instead of netcat-openbsd. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" There are some bugs in the netcat-openbsd version shipped with Ubuntu 20.04. Switch to nmap-ncat to avoid system tests that will be added by upcoming commits fail in CI. One example: 1. Start a TCP connection from IP1:port-x to IP2:port-y. 2. Start a TCP connection from IP1:port-x to IP3:port-z. netcat-openbsd fails with: nc: bind failed: Address already in use Acked-by: Mark D. Gray Signed-off-by: Dumitru Ceara --- .github/workflows/test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d7bb7eecf..071e54fa0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: dependencies: | automake libtool gcc bc libjemalloc2 libjemalloc-dev \ libssl-dev llvm-dev libelf-dev libnuma-dev libpcap-dev \ - selinux-policy-dev + selinux-policy-dev ncat m32_dependecies: gcc-multilib CC: ${{ matrix.compiler }} LIBS: ${{ matrix.libs }} @@ -76,6 +76,9 @@ jobs: - name: update APT cache run: sudo apt update + - name: remove netcat-openbsd + run: sudo apt remove -y netcat-openbsd + - name: install required dependencies run: sudo apt install -y ${{ env.dependencies }} From patchwork Fri Jun 11 10:11:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1490886 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=PsmfAhU0; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1c8F36tgz9sXM for ; Fri, 11 Jun 2021 20:11:57 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AB67441594; Fri, 11 Jun 2021 10:11:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1HyUT9LCqen; Fri, 11 Jun 2021 10:11:53 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id E7D5E41584; Fri, 11 Jun 2021 10:11:52 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C0182C000D; Fri, 11 Jun 2021 10:11:52 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 96D02C000B for ; Fri, 11 Jun 2021 10:11:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id CA6CD83CC8 for ; Fri, 11 Jun 2021 10:11:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8liUv27TU-A for ; Fri, 11 Jun 2021 10:11:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 2318483C71 for ; Fri, 11 Jun 2021 10:11:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623406299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=alrzxcFAFOw8J14ASYJakccmklfMFF23F8rAGr+jKz8=; b=PsmfAhU0sJUuxKWQkpn/Z6ElNQvH3WEtdA45hzY61/kWj26gAI4Ip7268DcKduhGAlQLto 0USPNS1zgRY5OeFXXh0CFATH9SqCuMqTLYEuVwJQkoFtWtapq2uqx1g6/knIjqYZwHKGBX RefCeF3hgmNGs/NPW3/YiqfKlIq/gEU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-243-pAhsO8aoM7e2s7of9auTKw-1; Fri, 11 Jun 2021 06:11:23 -0400 X-MC-Unique: pAhsO8aoM7e2s7of9auTKw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2F8C31084F43; Fri, 11 Jun 2021 10:11:22 +0000 (UTC) Received: from dceara.remote.csb (ovpn-114-153.ams2.redhat.com [10.36.114.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id F3A945D9CC; Fri, 11 Jun 2021 10:11:19 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 11 Jun 2021 12:11:17 +0200 Message-Id: <20210611101114.16527.57126.stgit@dceara.remote.csb> In-Reply-To: <20210611101021.16527.62193.stgit@dceara.remote.csb> References: <20210611101021.16527.62193.stgit@dceara.remote.csb> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dceara@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH ovn v3 4/5] ovn-controller: Detect OVS datapath capabilities. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Automatically create an OVS Datapath record if none exists for the current br-int datapath type. Add a 'features' module to track which OVS features are available in the datapath currently being used. For now, only ct_zero_snat is tracked, all other features are assumed to be on-par between all datapaths. A future commit will make use of the 'features' module to conditionally program openflows based on available datapath features. Acked-by: Mark D. Gray Signed-off-by: Dumitru Ceara --- controller/ovn-controller.c | 115 +++++++++++++++++++++++++++++++++---------- include/ovn/features.h | 18 +++++++ lib/automake.mk | 1 lib/features.c | 84 +++++++++++++++++++++++++++++++ lib/test-ovn-features.c | 56 +++++++++++++++++++++ tests/automake.mk | 3 + tests/ovn-controller.at | 11 ++-- tests/ovn-features.at | 8 +++ tests/testsuite.at | 1 9 files changed, 264 insertions(+), 33 deletions(-) create mode 100644 lib/features.c create mode 100644 lib/test-ovn-features.c create mode 100644 tests/ovn-features.at diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 07c6fcfd1..3dfb04ef6 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -46,6 +46,7 @@ #include "openvswitch/vconn.h" #include "openvswitch/vlog.h" #include "ovn/actions.h" +#include "ovn/features.h" #include "lib/chassis-index.h" #include "lib/extend-table.h" #include "lib/ip-mcast-index.h" @@ -88,6 +89,7 @@ static unixctl_cb_func lflow_cache_show_stats_cmd; static unixctl_cb_func debug_delay_nb_cfg_report; #define DEFAULT_BRIDGE_NAME "br-int" +#define DEFAULT_DATAPATH "system" #define DEFAULT_PROBE_INTERVAL_MSEC 5000 #define OFCTRL_DEFAULT_PROBE_INTERVAL_SEC 0 @@ -319,10 +321,6 @@ static const struct ovsrec_bridge * create_br_int(struct ovsdb_idl_txn *ovs_idl_txn, const struct ovsrec_open_vswitch_table *ovs_table) { - if (!ovs_idl_txn) { - return NULL; - } - const struct ovsrec_open_vswitch *cfg; cfg = ovsrec_open_vswitch_table_first(ovs_table); if (!cfg) { @@ -386,6 +384,21 @@ create_br_int(struct ovsdb_idl_txn *ovs_idl_txn, return bridge; } +static const struct ovsrec_datapath * +create_br_datapath(struct ovsdb_idl_txn *ovs_idl_txn, + const struct ovsrec_open_vswitch *cfg, + const char *datapath_type) +{ + ovsdb_idl_txn_add_comment(ovs_idl_txn, + "ovn-controller: creating bridge datapath '%s'", + datapath_type); + + struct ovsrec_datapath *dp = ovsrec_datapath_insert(ovs_idl_txn); + ovsrec_open_vswitch_verify_datapaths(cfg); + ovsrec_open_vswitch_update_datapaths_setkey(cfg, datapath_type, dp); + return dp; +} + static const struct ovsrec_bridge * get_br_int(const struct ovsrec_bridge_table *bridge_table, const struct ovsrec_open_vswitch_table *ovs_table) @@ -399,33 +412,69 @@ get_br_int(const struct ovsrec_bridge_table *bridge_table, return get_bridge(bridge_table, br_int_name(cfg)); } -static const struct ovsrec_bridge * +static const struct ovsrec_datapath * +get_br_datapath(const struct ovsrec_open_vswitch *cfg, + const char *datapath_type) +{ + for (size_t i = 0; i < cfg->n_datapaths; i++) { + if (!strcmp(cfg->key_datapaths[i], datapath_type)) { + return cfg->value_datapaths[i]; + } + } + return NULL; +} + +static void process_br_int(struct ovsdb_idl_txn *ovs_idl_txn, const struct ovsrec_bridge_table *bridge_table, - const struct ovsrec_open_vswitch_table *ovs_table) + const struct ovsrec_open_vswitch_table *ovs_table, + const struct ovsrec_bridge **br_int_, + const struct ovsrec_datapath **br_int_dp_) { - const struct ovsrec_bridge *br_int = get_br_int(bridge_table, - ovs_table); - if (!br_int) { - br_int = create_br_int(ovs_idl_txn, ovs_table); - } - if (br_int && ovs_idl_txn) { - const struct ovsrec_open_vswitch *cfg; - cfg = ovsrec_open_vswitch_table_first(ovs_table); - ovs_assert(cfg); - const char *datapath_type = smap_get(&cfg->external_ids, - "ovn-bridge-datapath-type"); - /* Check for the datapath_type and set it only if it is defined in - * cfg. */ - if (datapath_type && strcmp(br_int->datapath_type, datapath_type)) { - ovsrec_bridge_set_datapath_type(br_int, datapath_type); + const struct ovsrec_bridge *br_int = get_br_int(bridge_table, ovs_table); + const struct ovsrec_datapath *br_int_dp = NULL; + + ovs_assert(br_int_ && br_int_dp_); + if (ovs_idl_txn) { + if (!br_int) { + br_int = create_br_int(ovs_idl_txn, ovs_table); } - if (!br_int->fail_mode || strcmp(br_int->fail_mode, "secure")) { - ovsrec_bridge_set_fail_mode(br_int, "secure"); - VLOG_WARN("Integration bridge fail-mode changed to 'secure'."); + + if (br_int) { + const struct ovsrec_open_vswitch *cfg = + ovsrec_open_vswitch_table_first(ovs_table); + ovs_assert(cfg); + + /* Propagate "ovn-bridge-datapath-type" from OVS table, if any. + * Otherwise use the datapath-type set in br-int, if any. + * Finally, assume "system" datapath if none configured. + */ + const char *datapath_type = + smap_get(&cfg->external_ids, "ovn-bridge-datapath-type"); + + if (!datapath_type) { + if (br_int->datapath_type[0]) { + datapath_type = br_int->datapath_type; + } else { + datapath_type = DEFAULT_DATAPATH; + } + } + if (strcmp(br_int->datapath_type, datapath_type)) { + ovsrec_bridge_set_datapath_type(br_int, datapath_type); + } + if (!br_int->fail_mode || strcmp(br_int->fail_mode, "secure")) { + ovsrec_bridge_set_fail_mode(br_int, "secure"); + VLOG_WARN("Integration bridge fail-mode changed to 'secure'."); + } + br_int_dp = get_br_datapath(cfg, datapath_type); + if (!br_int_dp) { + br_int_dp = create_br_datapath(ovs_idl_txn, cfg, + datapath_type); + } } } - return br_int; + *br_int_ = br_int; + *br_int_dp_ = br_int_dp; } static const char * @@ -848,6 +897,7 @@ ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl) ovsdb_idl_add_table(ovs_idl, &ovsrec_table_open_vswitch); ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_external_ids); ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_bridges); + ovsdb_idl_add_column(ovs_idl, &ovsrec_open_vswitch_col_datapaths); ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd); @@ -870,6 +920,8 @@ ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl) ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_ca_cert); ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_certificate); ovsdb_idl_add_column(ovs_idl, &ovsrec_ssl_col_private_key); + ovsdb_idl_add_table(ovs_idl, &ovsrec_table_datapath); + ovsdb_idl_add_column(ovs_idl, &ovsrec_datapath_col_capabilities); chassis_register_ovs_idl(ovs_idl); encaps_register_ovs_idl(ovs_idl); binding_register_ovs_idl(ovs_idl); @@ -2981,8 +3033,10 @@ main(int argc, char *argv[]) ovsrec_bridge_table_get(ovs_idl_loop.idl); const struct ovsrec_open_vswitch_table *ovs_table = ovsrec_open_vswitch_table_get(ovs_idl_loop.idl); - const struct ovsrec_bridge *br_int = - process_br_int(ovs_idl_txn, bridge_table, ovs_table); + const struct ovsrec_bridge *br_int = NULL; + const struct ovsrec_datapath *br_int_dp = NULL; + process_br_int(ovs_idl_txn, bridge_table, ovs_table, + &br_int, &br_int_dp); if (ovsdb_idl_has_ever_connected(ovnsb_idl_loop.idl) && northd_version_match) { @@ -3013,6 +3067,13 @@ main(int argc, char *argv[]) &chassis_private); } + /* If any OVS feature support changed, force a full recompute. */ + if (br_int_dp + && ovs_feature_support_update(&br_int_dp->capabilities)) { + VLOG_INFO("OVS feature set changed, force recompute."); + engine_set_force_recompute(true); + } + if (br_int) { ct_zones_data = engine_get_data(&en_ct_zones); if (ct_zones_data) { diff --git a/include/ovn/features.h b/include/ovn/features.h index 10ee46fcd..c35d59b14 100644 --- a/include/ovn/features.h +++ b/include/ovn/features.h @@ -16,7 +16,25 @@ #ifndef OVN_FEATURES_H #define OVN_FEATURES_H 1 +#include + +#include "smap.h" + /* ovn-controller supported feature names. */ #define OVN_FEATURE_PORT_UP_NOTIF "port-up-notif" +/* OVS datapath supported features. Based on availability OVN might generate + * different types of openflows. + */ +enum ovs_feature_support_bits { + OVS_CT_ZERO_SNAT_SUPPORT_BIT, +}; + +enum ovs_feature_value { + OVS_CT_ZERO_SNAT_SUPPORT = (1 << OVS_CT_ZERO_SNAT_SUPPORT_BIT), +}; + +bool ovs_feature_is_supported(enum ovs_feature_value feature); +bool ovs_feature_support_update(const struct smap *ovs_capabilities); + #endif diff --git a/lib/automake.mk b/lib/automake.mk index 781be2109..917b28e1e 100644 --- a/lib/automake.mk +++ b/lib/automake.mk @@ -13,6 +13,7 @@ lib_libovn_la_SOURCES = \ lib/expr.c \ lib/extend-table.h \ lib/extend-table.c \ + lib/features.c \ lib/ovn-parallel-hmap.h \ lib/ovn-parallel-hmap.c \ lib/ip-mcast-index.c \ diff --git a/lib/features.c b/lib/features.c new file mode 100644 index 000000000..87d04ee3f --- /dev/null +++ b/lib/features.c @@ -0,0 +1,84 @@ +/* Copyright (c) 2021, Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "lib/util.h" +#include "openvswitch/vlog.h" +#include "ovn/features.h" + +VLOG_DEFINE_THIS_MODULE(features); + +struct ovs_feature { + enum ovs_feature_value value; + const char *name; +}; + +static struct ovs_feature all_ovs_features[] = { + { + .value = OVS_CT_ZERO_SNAT_SUPPORT, + .name = "ct_zero_snat" + }, +}; + +/* A bitmap of OVS features that have been detected as 'supported'. */ +static uint32_t supported_ovs_features; + +static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 5); + +static bool +ovs_feature_is_valid(enum ovs_feature_value feature) +{ + switch (feature) { + case OVS_CT_ZERO_SNAT_SUPPORT: + return true; + default: + return false; + } +} + +bool +ovs_feature_is_supported(enum ovs_feature_value feature) +{ + ovs_assert(ovs_feature_is_valid(feature)); + return supported_ovs_features & feature; +} + +/* Returns 'true' if the set of tracked OVS features has been updated. */ +bool +ovs_feature_support_update(const struct smap *ovs_capabilities) +{ + bool updated = false; + + for (size_t i = 0; i < ARRAY_SIZE(all_ovs_features); i++) { + enum ovs_feature_value value = all_ovs_features[i].value; + const char *name = all_ovs_features[i].name; + bool old_state = supported_ovs_features & value; + bool new_state = smap_get_bool(ovs_capabilities, name, false); + if (new_state != old_state) { + updated = true; + if (new_state) { + supported_ovs_features |= value; + } else { + supported_ovs_features &= ~value; + } + VLOG_INFO_RL(&rl, "OVS Feature: %s, state: %s", name, + new_state ? "supported" : "not supported"); + } + } + return updated; +} diff --git a/lib/test-ovn-features.c b/lib/test-ovn-features.c new file mode 100644 index 000000000..deb97581e --- /dev/null +++ b/lib/test-ovn-features.c @@ -0,0 +1,56 @@ +/* Copyright (c) 2021, Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "ovn/features.h" +#include "tests/ovstest.h" + +static void +test_ovn_features(struct ovs_cmdl_context *ctx OVS_UNUSED) +{ + ovs_assert(!ovs_feature_is_supported(OVS_CT_ZERO_SNAT_SUPPORT)); + + struct smap features = SMAP_INITIALIZER(&features); + + smap_add(&features, "ct_zero_snat", "false"); + ovs_assert(!ovs_feature_support_update(&features)); + ovs_assert(!ovs_feature_is_supported(OVS_CT_ZERO_SNAT_SUPPORT)); + + smap_replace(&features, "ct_zero_snat", "true"); + ovs_assert(ovs_feature_support_update(&features)); + ovs_assert(ovs_feature_is_supported(OVS_CT_ZERO_SNAT_SUPPORT)); + + smap_add(&features, "unknown_feature", "true"); + ovs_assert(!ovs_feature_support_update(&features)); + + smap_destroy(&features); +} + +static void +test_ovn_features_main(int argc, char *argv[]) +{ + set_program_name(argv[0]); + static const struct ovs_cmdl_command commands[] = { + {"run", NULL, 0, 0, test_ovn_features, OVS_RO}, + {NULL, NULL, 0, 0, NULL, OVS_RO}, + }; + struct ovs_cmdl_context ctx; + ctx.argc = argc - 1; + ctx.argv = argv + 1; + ovs_cmdl_run_command(&ctx, commands); +} + +OVSTEST_REGISTER("test-ovn-features", test_ovn_features_main); diff --git a/tests/automake.mk b/tests/automake.mk index 742e5cff2..a8ec64212 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -34,6 +34,7 @@ TESTSUITE_AT = \ tests/ovn-performance.at \ tests/ovn-ofctrl-seqno.at \ tests/ovn-ipam.at \ + tests/ovn-features.at \ tests/ovn-lflow-cache.at \ tests/ovn-ipsec.at @@ -207,6 +208,7 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac noinst_PROGRAMS += tests/ovstest tests_ovstest_SOURCES = \ + include/ovn/features.h \ tests/ovstest.c \ tests/ovstest.h \ tests/test-utils.c \ @@ -218,6 +220,7 @@ tests_ovstest_SOURCES = \ controller/lflow-cache.h \ controller/ofctrl-seqno.c \ controller/ofctrl-seqno.h \ + lib/test-ovn-features.c \ northd/test-ipam.c \ northd/ipam.c \ northd/ipam.h diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 72c07b3fa..9c25193e8 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -151,23 +151,24 @@ sysid=$(ovs-vsctl get Open_vSwitch . external_ids:system-id) check_datapath_type () { datapath_type=$1 chassis_datapath_type=$(ovn-sbctl get Chassis ${sysid} other_config:datapath-type | sed -e 's/"//g') #" - test "${datapath_type}" = "${chassis_datapath_type}" + ovs_datapath_type=$(ovs-vsctl get Bridge br-int datapath-type) + test "${datapath_type}" = "${chassis_datapath_type}" && test "${datapath_type}" = "${ovs_datapath_type}" } -OVS_WAIT_UNTIL([check_datapath_type ""]) +OVS_WAIT_UNTIL([check_datapath_type system]) ovs-vsctl set Bridge br-int datapath-type=foo OVS_WAIT_UNTIL([check_datapath_type foo]) # Change "ovn-bridge-mappings" value. It should not change the "datapath-type". ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-mappings=foo-mapping -check_datapath_type foo +AT_CHECK([check_datapath_type foo]) ovs-vsctl set Bridge br-int datapath-type=bar OVS_WAIT_UNTIL([check_datapath_type bar]) ovs-vsctl set Bridge br-int datapath-type=\"\" -OVS_WAIT_UNTIL([check_datapath_type ""]) +OVS_WAIT_UNTIL([check_datapath_type system]) # Set the datapath_type in external_ids:ovn-bridge-datapath-type. ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-datapath-type=foo @@ -176,11 +177,9 @@ OVS_WAIT_UNTIL([check_datapath_type foo]) # Change the br-int's datapath type to bar. # It should be reset to foo since ovn-bridge-datapath-type is configured. ovs-vsctl set Bridge br-int datapath-type=bar -OVS_WAIT_UNTIL([test foo = `ovs-vsctl get Bridge br-int datapath-type`]) OVS_WAIT_UNTIL([check_datapath_type foo]) ovs-vsctl set Open_vSwitch . external_ids:ovn-bridge-datapath-type=foobar -OVS_WAIT_UNTIL([test foobar = `ovs-vsctl get Bridge br-int datapath-type`]) OVS_WAIT_UNTIL([check_datapath_type foobar]) expected_iface_types=$(ovs-vsctl get Open_vSwitch . iface_types | tr -d '[[]] ""') diff --git a/tests/ovn-features.at b/tests/ovn-features.at new file mode 100644 index 000000000..36bd83055 --- /dev/null +++ b/tests/ovn-features.at @@ -0,0 +1,8 @@ +# +# Unit tests for the lib/features.c module. +# +AT_BANNER([OVN unit tests - features]) + +AT_SETUP([ovn -- unit test -- OVS feature detection tests]) +AT_CHECK([ovstest test-ovn-features run], [0], []) +AT_CLEANUP diff --git a/tests/testsuite.at b/tests/testsuite.at index ddc3f11d6..b716a1ad9 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -27,6 +27,7 @@ m4_include([tests/ovn.at]) m4_include([tests/ovn-performance.at]) m4_include([tests/ovn-northd.at]) m4_include([tests/ovn-nbctl.at]) +m4_include([tests/ovn-features.at]) m4_include([tests/ovn-lflow-cache.at]) m4_include([tests/ovn-ofctrl-seqno.at]) m4_include([tests/ovn-sbctl.at]) From patchwork Fri Jun 11 10:11:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1490888 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YWI3cUz1; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G1c8f2mhwz9sRf for ; Fri, 11 Jun 2021 20:12:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EE4E8415AD; Fri, 11 Jun 2021 10:12:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnqRBkLjR07h; Fri, 11 Jun 2021 10:12:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 3CC7B4158A; Fri, 11 Jun 2021 10:12:13 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 221EAC000D; Fri, 11 Jun 2021 10:12:13 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 057A3C000B for ; Fri, 11 Jun 2021 10:12:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C50AA4158A for ; Fri, 11 Jun 2021 10:11:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Rz-fvgd6Ymw for ; Fri, 11 Jun 2021 10:11:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id D7BB4414BF for ; Fri, 11 Jun 2021 10:11:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623406310; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KuPM8hRvMFWr8Jjny+n6rxkibY4fRbj/w0AHlOhF1P4=; b=YWI3cUz1tTLN/CujgXW1KfNAr/QusKunNYHvTcalSbZS7ckUKoVqd5SKy6MCfFG/Q6WN48 VPcc8pYOFVZjg9E+Z2WeWA17J31BXPwFbzddlLKTltbtPS/6ZncHDP4CifctWMBLNj++mK Qw7xpM/UMgE/K4BhMJ4h+G32eYD5Nh8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-288-rFOtiszPM0ux1nnGyAy5Uw-1; Fri, 11 Jun 2021 06:11:45 -0400 X-MC-Unique: rFOtiszPM0ux1nnGyAy5Uw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C135F800D62; Fri, 11 Jun 2021 10:11:44 +0000 (UTC) Received: from dceara.remote.csb (ovpn-114-153.ams2.redhat.com [10.36.114.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8A26F5C1CF; Fri, 11 Jun 2021 10:11:33 +0000 (UTC) From: Dumitru Ceara To: ovs-dev@openvswitch.org Date: Fri, 11 Jun 2021 12:11:31 +0200 Message-Id: <20210611101127.16527.92163.stgit@dceara.remote.csb> In-Reply-To: <20210611101021.16527.62193.stgit@dceara.remote.csb> References: <20210611101021.16527.62193.stgit@dceara.remote.csb> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dceara@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH ovn v3 5/5] ovn-controller: Handle DNAT/no-NAT conntrack tuple collisions. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Assuming a load balancer, LB1, with: - VIP: 42.42.42.42:4242 - backend: 42.42.42.1:2121 A client might connect to the backend either directly or through the VIP. If the first connection is via the VIP and the second connection is direct but happens to use the same source L4 port, OVN should make sure that the second connection is SNATed (source port translation) in order to avoid a tuple collision at commit time. For example: 1. Session via the VIP: - original packet: src=42.42.42.2:2000, dst=42.42.42.42:4242 - after DNAT: src=42.42.42.2:2000, dst=42.42.42.1:2121 2. Session directly connected to the backend: - original packet: src=42.42.42.2:2000, dst=42.42.42.1:2121 - in acl stage committing this connection would fail. In order to avoid this we now use the all-zero-ip NAT OVS feature when committing conneections in the ACL stage. This translates to a no-op SNAT when there's no tuple collision, and performs source port translation when a tuple collision would happen. We program flows to perform all-zero-ip NAT conditionally, only if the datapath being used supports it. Reported-at: https://bugzilla.redhat.com/1939676 Signed-off-by: Dumitru Ceara Acked-by: Mark D. Gray --- include/ovn/actions.h | 1 lib/actions.c | 31 +++++++ tests/ovn.at | 2 tests/system-common-macros.at | 4 + tests/system-ovn.at | 190 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 227 insertions(+), 1 deletion(-) diff --git a/include/ovn/actions.h b/include/ovn/actions.h index 040213177..f5eb01eb7 100644 --- a/include/ovn/actions.h +++ b/include/ovn/actions.h @@ -25,6 +25,7 @@ #include "openvswitch/hmap.h" #include "openvswitch/uuid.h" #include "util.h" +#include "ovn/features.h" struct expr; struct lexer; diff --git a/lib/actions.c b/lib/actions.c index b3433f49e..7010fab2b 100644 --- a/lib/actions.c +++ b/lib/actions.c @@ -742,6 +742,22 @@ encode_CT_COMMIT_V1(const struct ovnact_ct_commit_v1 *cc, ct->zone_src.ofs = 0; ct->zone_src.n_bits = 16; + /* If the datapath supports all-zero SNAT then use it to avoid tuple + * collisions at commit time between NATed and firewalled-only sessions. + */ + + if (ovs_feature_is_supported(OVS_CT_ZERO_SNAT_SUPPORT)) { + size_t nat_offset = ofpacts->size; + ofpbuf_pull(ofpacts, nat_offset); + + struct ofpact_nat *nat = ofpact_put_NAT(ofpacts); + nat->flags = 0; + nat->range_af = AF_UNSPEC; + nat->flags |= NX_NAT_F_SRC; + ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset); + ct = ofpacts->header; + } + size_t set_field_offset = ofpacts->size; ofpbuf_pull(ofpacts, set_field_offset); @@ -792,6 +808,21 @@ encode_CT_COMMIT_V2(const struct ovnact_nest *on, ct->zone_src.ofs = 0; ct->zone_src.n_bits = 16; + /* If the datapath supports all-zero SNAT then use it to avoid tuple + * collisions at commit time between NATed and firewalled-only sessions. + */ + if (ovs_feature_is_supported(OVS_CT_ZERO_SNAT_SUPPORT)) { + size_t nat_offset = ofpacts->size; + ofpbuf_pull(ofpacts, nat_offset); + + struct ofpact_nat *nat = ofpact_put_NAT(ofpacts); + nat->flags = 0; + nat->range_af = AF_UNSPEC; + nat->flags |= NX_NAT_F_SRC; + ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset); + ct = ofpacts->header; + } + size_t set_field_offset = ofpacts->size; ofpbuf_pull(ofpacts, set_field_offset); diff --git a/tests/ovn.at b/tests/ovn.at index 11a85c457..580dea825 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -23109,7 +23109,7 @@ AT_CHECK([ for hv in 1 2; do grep table=15 hv${hv}flows | \ grep "priority=100" | \ - grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" + grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" grep table=22 hv${hv}flows | \ grep "priority=200" | \ diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index c8fa6f03f..b742a2cb9 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -330,3 +330,7 @@ m4_define([OVS_CHECK_IPROUTE_ENCAP], # OVS_CHECK_CT_CLEAR() m4_define([OVS_CHECK_CT_CLEAR], [AT_SKIP_IF([! grep -q "Datapath supports ct_clear action" ovs-vswitchd.log])]) + +# OVS_CHECK_CT_ZERO_SNAT() +m4_define([OVS_CHECK_CT_ZERO_SNAT], + [AT_SKIP_IF([! grep -q "Datapath supports ct_zero_snat" ovs-vswitchd.log])])) diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 0bebd9fb6..1b8bb3803 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -5296,6 +5296,196 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- load-balancer and firewall tuple conflict IPv4]) +AT_SKIP_IF([test $HAVE_NC = no]) +AT_KEYWORDS([ovnlb]) + +CHECK_CONNTRACK() +CHECK_CONNTRACK_NAT() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +OVS_CHECK_CT_ZERO_SNAT() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# 1 logical switch connetected to one logical router. +# 2 VMs, one used as backend for a load balancer. + +check ovn-nbctl \ + -- lr-add rtr \ + -- lrp-add rtr rtr-ls 00:00:00:00:01:00 42.42.42.1/24 \ + -- ls-add ls \ + -- lsp-add ls ls-rtr \ + -- lsp-set-addresses ls-rtr 00:00:00:00:01:00 \ + -- lsp-set-type ls-rtr router \ + -- lsp-set-options ls-rtr router-port=rtr-ls \ + -- lsp-add ls vm1 -- lsp-set-addresses vm1 00:00:00:00:00:01 \ + -- lsp-add ls vm2 -- lsp-set-addresses vm2 00:00:00:00:00:02 \ + -- lb-add lb-test 66.66.66.66:666 42.42.42.2:4242 tcp \ + -- ls-lb-add ls lb-test + +ADD_NAMESPACES(vm1) +ADD_VETH(vm1, vm1, br-int, "42.42.42.2/24", "00:00:00:00:00:01", "42.42.42.1") + +ADD_NAMESPACES(vm2) +ADD_VETH(vm2, vm2, br-int, "42.42.42.3/24", "00:00:00:00:00:02", "42.42.42.1") + +# Wait for ovn-controller to catch up. +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +# Start IPv4 TCP server on vm1. +NETNS_DAEMONIZE([vm1], [nc -k -l 42.42.42.2 4242], [nc-vm1.pid]) + +# Make sure connecting to the VIP works. +NS_CHECK_EXEC([vm2], [nc 66.66.66.66 666 -p 2000 -z]) + +# Start IPv4 TCP connection to VIP from vm2. +NS_CHECK_EXEC([vm2], [nc 66.66.66.66 666 -p 2001 -z]) + +# Check conntrack. We expect two entries: +# - one in vm1's zone (firewall) +# - one in vm2's zone (dnat) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 2001 | \ +grep "orig=.src=42\.42\.42\.3" | \ +sed -e 's/port=2001/port=/g' \ + -e 's/sport=4242,dport=[[0-9]]\+/sport=4242,dport=/g' \ + -e 's/state=[[0-9_A-Z]]*/state=/g' \ + -e 's/zone=[[0-9]]*/zone=/' | sort], [0], [dnl +tcp,orig=(src=42.42.42.3,dst=42.42.42.2,sport=,dport=4242),reply=(src=42.42.42.2,dst=42.42.42.3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=42.42.42.3,dst=66.66.66.66,sport=,dport=666),reply=(src=42.42.42.2,dst=42.42.42.3,sport=4242,dport=),zone=,labels=0x2,protoinfo=(state=) +]) + +# Start IPv4 TCP connection to backend IP from vm2 which would require +# additional source port translation to avoid a tuple conflict. +NS_CHECK_EXEC([vm2], [nc 42.42.42.2 4242 -p 2001 -z]) + +# Check conntrack. We expect three entries: +# - one in vm1's zone (firewall) - reused from the previous connection. +# - one in vm2's zone (dnat) - still in TIME_WAIT after the previous connection. +# - one in vm2's zone (firewall + additional all-zero SNAT) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 2001 | \ +grep "orig=.src=42\.42\.42\.3" | \ +sed -e 's/port=2001/port=/g' \ + -e 's/sport=4242,dport=[[0-9]]\+/sport=4242,dport=/g' \ + -e 's/state=[[0-9_A-Z]]*/state=/g' \ + -e 's/zone=[[0-9]]*/zone=/' | sort], [0], [dnl +tcp,orig=(src=42.42.42.3,dst=42.42.42.2,sport=,dport=4242),reply=(src=42.42.42.2,dst=42.42.42.3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=42.42.42.3,dst=42.42.42.2,sport=,dport=4242),reply=(src=42.42.42.2,dst=42.42.42.3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=42.42.42.3,dst=66.66.66.66,sport=,dport=666),reply=(src=42.42.42.2,dst=42.42.42.3,sport=4242,dport=),zone=,labels=0x2,protoinfo=(state=) +]) + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- load-balancer and firewall tuple conflict IPv6]) +AT_SKIP_IF([test $HAVE_NC = no]) +AT_KEYWORDS([ovnlb]) + +CHECK_CONNTRACK() +CHECK_CONNTRACK_NAT() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +OVS_CHECK_CT_ZERO_SNAT() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# 1 logical switch connetected to one logical router. +# 2 VMs, one used as backend for a load balancer. + +check ovn-nbctl \ + -- lr-add rtr \ + -- lrp-add rtr rtr-ls 00:00:00:00:01:00 4242::1/64 \ + -- ls-add ls \ + -- lsp-add ls ls-rtr \ + -- lsp-set-addresses ls-rtr 00:00:00:00:01:00 \ + -- lsp-set-type ls-rtr router \ + -- lsp-set-options ls-rtr router-port=rtr-ls \ + -- lsp-add ls vm1 -- lsp-set-addresses vm1 00:00:00:00:00:01 \ + -- lsp-add ls vm2 -- lsp-set-addresses vm2 00:00:00:00:00:02 \ + -- lb-add lb-test [[6666::1]]:666 [[4242::2]]:4242 tcp \ + -- ls-lb-add ls lb-test + +ADD_NAMESPACES(vm1) +ADD_VETH(vm1, vm1, br-int, "4242::2/64", "00:00:00:00:00:01", "4242::1") +OVS_WAIT_UNTIL([test "$(ip netns exec vm1 ip a | grep 4242::2 | grep tentative)" = ""]) + +ADD_NAMESPACES(vm2) +ADD_VETH(vm2, vm2, br-int, "4242::3/64", "00:00:00:00:00:02", "4242::1") +OVS_WAIT_UNTIL([test "$(ip netns exec vm2 ip a | grep 4242::3 | grep tentative)" = ""]) + +# Wait for ovn-controller to catch up. +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +# Start IPv6 TCP server on vm1. +NETNS_DAEMONIZE([vm1], [nc -k -l 4242::2 4242], [nc-vm1.pid]) + +# Make sure connecting to the VIP works. +NS_CHECK_EXEC([vm2], [nc 6666::1 666 -p 2000 -z]) + +# Start IPv6 TCP connection to VIP from vm2. +NS_CHECK_EXEC([vm2], [nc 6666::1 666 -p 2001 -z]) + +# Check conntrack. We expect two entries: +# - one in vm1's zone (firewall) +# - one in vm2's zone (dnat) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 2001 | \ +grep "orig=.src=4242::3" | \ +sed -e 's/port=2001/port=/g' \ + -e 's/sport=4242,dport=[[0-9]]\+/sport=4242,dport=/g' \ + -e 's/state=[[0-9_A-Z]]*/state=/g' \ + -e 's/zone=[[0-9]]*/zone=/' | sort], [0], [dnl +tcp,orig=(src=4242::3,dst=4242::2,sport=,dport=4242),reply=(src=4242::2,dst=4242::3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=4242::3,dst=6666::1,sport=,dport=666),reply=(src=4242::2,dst=4242::3,sport=4242,dport=),zone=,labels=0x2,protoinfo=(state=) +]) + +# Start IPv6 TCP connection to backend IP from vm2 which would require +# additional source port translation to avoid a tuple conflict. +NS_CHECK_EXEC([vm2], [nc 4242::2 4242 -p 2001 -z]) + +# Check conntrack. We expect three entries: +# - one in vm1's zone (firewall) - reused from the previous connection. +# - one in vm2's zone (dnat) - still in TIME_WAIT after the previous connection. +# - one in vm2's zone (firewall + additional all-zero SNAT) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 2001 | \ +grep "orig=.src=4242::3" | \ +sed -e 's/port=2001/port=/g' \ + -e 's/sport=4242,dport=[[0-9]]\+/sport=4242,dport=/g' \ + -e 's/state=[[0-9_A-Z]]*/state=/g' \ + -e 's/zone=[[0-9]]*/zone=/' | sort], [0], [dnl +tcp,orig=(src=4242::3,dst=4242::2,sport=,dport=4242),reply=(src=4242::2,dst=4242::3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=4242::3,dst=4242::2,sport=,dport=4242),reply=(src=4242::2,dst=4242::3,sport=4242,dport=),zone=,protoinfo=(state=) +tcp,orig=(src=4242::3,dst=6666::1,sport=,dport=666),reply=(src=4242::2,dst=4242::3,sport=4242,dport=),zone=,labels=0x2,protoinfo=(state=) +]) + +AT_CLEANUP +]) + # When a lport is released on a chassis, ovn-controller was # not clearing some of the flowss in the table 33 leading # to packet drops if ct() is hit.