From patchwork Wed May 3 20:13:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776643 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=De6xXcZn; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSnx1JYvz20fg for ; Thu, 4 May 2023 06:13:57 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3363A41DF8; Wed, 3 May 2023 20:13:54 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 3363A41DF8 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=De6xXcZn X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwuPFEwyyX5c; Wed, 3 May 2023 20:13:52 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 94D8A40884; Wed, 3 May 2023 20:13:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 94D8A40884 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 66EEFC008C; Wed, 3 May 2023 20:13:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3280EC0037 for ; Wed, 3 May 2023 20:13:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 07E9F81493 for ; Wed, 3 May 2023 20:13:47 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 07E9F81493 Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=De6xXcZn X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlZ_FPrYNDN7 for ; Wed, 3 May 2023 20:13:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org A4AEC81404 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id A4AEC81404 for ; Wed, 3 May 2023 20:13:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144824; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WLiOMdwOewzw1CB8OlG1pk2Ewtva/5pI9bU4kZPZUYc=; b=De6xXcZnnXS09NEMaRP7UyJz5VcniVJ1nL9lDq7hZcXGZy88BvVfsUeUVK40G1I7vsbFch x0E/kOoQZCcnB0wjrEoEV0QlAK4dKy5yy63lL5egIOVeLgoc+stqrZTZmGHBiyHWFvUnkM z4iiYI/QaTdUWvSsi5GS7JDmGcgrsss= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-477-7oGAzpWNOd6L4N4VzbW8cg-1; Wed, 03 May 2023 16:13:43 -0400 X-MC-Unique: 7oGAzpWNOd6L4N4VzbW8cg-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-61b5bcb4c09so23695206d6.2 for ; Wed, 03 May 2023 13:13:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144823; x=1685736823; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WLiOMdwOewzw1CB8OlG1pk2Ewtva/5pI9bU4kZPZUYc=; b=PmAEsy1cCdXGrh5X0WVgWepfejT5sU1W9y66lKJeI0wUb+NpnHCU7/DPP/5pEGXci1 UEvxzZev4XTL9aMgFaSeKScUOXxQJIYrEy+dueYhz0qY6LFKOEHAfGZpjCyhD2Vr1DBj zpae/ydDZWaM9iG0ZoJ25AvKLVObe2hDOFTufYUg5TQErQXXsrI26jb+bxOBgjkf2izO 8rxEr+aM52WYmQPrsz/JxQxDB5Bfh4Ts8DQv4f2sUKBFtp6JVTdUjp0bq+lmlC+Q8+gd ML2skfTdTPYUybp/8USwrd5lwiCqxMzcxwrUo401aejkgXOtegB8LLGNVnYtQEpIxrv8 GZ1w== X-Gm-Message-State: AC+VfDyrQDrWJkaVPAK6sBGzJjfXWb38I0EYJm0ZiNb8xRFmq9dGKx6e z+ISZI+Z3py8qfLbwMtOjU06TO92FcoyIJ6cjYZI4v+3LN/tRLdS2VrVXPOOyMSNSLOmJVbES4B qFObiu4H4bkXliTSBuylc/kFv05CnM36g+oYPIZs4wUHynZ3NAwIfA8ZvSR4QGZ81TP8KNNP3 X-Received: by 2002:ad4:5f4a:0:b0:61a:197b:605 with SMTP id p10-20020ad45f4a000000b0061a197b0605mr12119255qvg.1.1683144822813; Wed, 03 May 2023 13:13:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7NWK1RjzI/j1gDqZJIBTXQ3JNfj4TeC4TbWRN0fypBrm09jdbsRVM0b4THh/QHEneVArP6pg== X-Received: by 2002:ad4:5f4a:0:b0:61a:197b:605 with SMTP id p10-20020ad45f4a000000b0061a197b0605mr12119226qvg.1.1683144822447; Wed, 03 May 2023 13:13:42 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:41 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:32 +0000 Message-Id: <20230503201337.46104-2-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 1/6] Track ip version of tunnel in chassis_tunnel struct X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This will be used in a later patch to calculate tunneling overhead for effective path MTU. Signed-off-by: Ihar Hrachyshka Acked-by: Dumitru Ceara --- controller/local_data.c | 2 ++ controller/local_data.h | 1 + 2 files changed, 3 insertions(+) diff --git a/controller/local_data.c b/controller/local_data.c index acaf1de6d..cf0b21bb1 100644 --- a/controller/local_data.c +++ b/controller/local_data.c @@ -22,6 +22,7 @@ #include "lib/util.h" #include "lib/vswitch-idl.h" #include "openvswitch/vlog.h" +#include "socket-util.h" /* OVN includes. */ #include "encaps.h" @@ -447,6 +448,7 @@ local_nonvif_data_run(const struct ovsrec_bridge *br_int, tun->chassis_id = xstrdup(tunnel_id); tun->ofport = u16_to_ofp(ofport); tun->type = tunnel_type; + tun->is_ipv6 = ip ? addr_is_ipv6(ip) : false; free(hash_id); free(ip); diff --git a/controller/local_data.h b/controller/local_data.h index 748f009aa..ad0fa7f94 100644 --- a/controller/local_data.h +++ b/controller/local_data.h @@ -133,6 +133,7 @@ struct chassis_tunnel { char *chassis_id; ofp_port_t ofport; enum chassis_tunnel_type type; + bool is_ipv6; }; void local_nonvif_data_run(const struct ovsrec_bridge *br_int, From patchwork Wed May 3 20:13:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776644 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GbAEtUEI; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSp03r4tz20fg for ; Thu, 4 May 2023 06:14:00 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id F1BBE41D5B; Wed, 3 May 2023 20:13:55 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org F1BBE41D5B Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GbAEtUEI X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4c_PG1gcrdTS; Wed, 3 May 2023 20:13:54 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id F35B341D3D; Wed, 3 May 2023 20:13:52 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org F35B341D3D Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id EC8D7C0092; Wed, 3 May 2023 20:13:50 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8B3FBC002A for ; Wed, 3 May 2023 20:13:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 58A5740236 for ; Wed, 3 May 2023 20:13:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 58A5740236 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t_wIfUU9Ez8k for ; Wed, 3 May 2023 20:13:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 062044011D Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 062044011D for ; Wed, 3 May 2023 20:13:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LGayuCxOA/GkjfYBFDWAadCxWtLriihllgrlJodw5VQ=; b=GbAEtUEIpWF2MepKLhAggUWecTqDeQxvyYDg/xI8Ql8Gn/1MMbpOy+4BKctpsOh0m+TrUu 9pLvSoK3WO+k+ITZI3aBlx7bgezoZZ1Yz1gQCDGIHLd0L7QYung4CLxS7g88fOJAjsHXk/ MnDEhBxcRj1X3osKzMhVYaS2qK9Mj8g= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-209-4fBTpkGoMg6Ougwx6Np-Ig-1; Wed, 03 May 2023 16:13:45 -0400 X-MC-Unique: 4fBTpkGoMg6Ougwx6Np-Ig-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-61b7884e391so10442226d6.3 for ; Wed, 03 May 2023 13:13:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144824; x=1685736824; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LGayuCxOA/GkjfYBFDWAadCxWtLriihllgrlJodw5VQ=; b=DbrSTy+K1DMxiHxoImInipfr5GnnRW0Oc+QkOEzzaWvIqiyip5C3oCqdbylB6TCOsW o8N0hRQhDYg/d5JR9+7KBwfHRHvWM9LZ5uhCItkQg8aFs0/5mWq7gsJCZu0vGGmmU/9o mK8HkxehPCET4ySnSFJ6Cs6sxRydqD2l/mpBzlQdA+wMPmbdlWKpVp5S4v9wRAtEV20X CDGIHUuZflLfOgY9iUugUM+4zY/E795pJnHIMsGHaTExktCWategImsc/Qbh4jEZZNn6 iLe0k3Y8Ta+AWjX/Gbd36XA+HUpl2jGYZhP/VUfsH7DzInKg6kUzKrw3EU+i9C6l1bDx VEIw== X-Gm-Message-State: AC+VfDxu+gdQT3UWjhR42gtxxaf87eBCm8tRBjGBQBlGKONIdtqtLj0h jCfm+5VzH98l/lkAWDwdJSKcPiBZpC2nqzeFf01GE2+LtBNmfWBHuhiW39OCshIQab3ak9/oJoi XGN44+SQbNd+X0cemyy4qm65kaWB7Ovmm6EHRnuSuCXCnAYBajJYd9ThLcnT32djYwkSdeZMC X-Received: by 2002:a05:6214:4008:b0:5f1:62d9:3368 with SMTP id kd8-20020a056214400800b005f162d93368mr12718385qvb.30.1683144824172; Wed, 03 May 2023 13:13:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4fuwP4l3B/xgB6L4ziXohu+n9TY4BwrG/fhkEajTohAUrSagQwcC7XJkenDYEUg1hG94SLKA== X-Received: by 2002:a05:6214:4008:b0:5f1:62d9:3368 with SMTP id kd8-20020a056214400800b005f162d93368mr12718350qvb.30.1683144823814; Wed, 03 May 2023 13:13:43 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:43 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:33 +0000 Message-Id: <20230503201337.46104-3-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 2/6] Track interface MTU in if-status-mgr X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This will be used in a later patch to calculate the effective interface MTU after considering tunneling overhead. Signed-off-by: Ihar Hrachyshka --- controller/binding.c | 4 ++-- controller/if-status.c | 31 +++++++++++++++++++++++++++---- controller/if-status.h | 3 +++ 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/controller/binding.c b/controller/binding.c index 5df62baef..561b857fa 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -1228,7 +1228,7 @@ claim_lport(const struct sbrec_port_binding *pb, } set_pb_chassis_in_sbrec(pb, chassis_rec, true); } else { - if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, + if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, iface_rec, sb_readonly); } register_claim_timestamp(pb->logical_port, now); @@ -1241,7 +1241,7 @@ claim_lport(const struct sbrec_port_binding *pb, } else { if (pb->n_up && !pb->up[0]) { if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, - sb_readonly); + iface_rec, sb_readonly); } } } diff --git a/controller/if-status.c b/controller/if-status.c index d1c14ac30..f2ea21635 100644 --- a/controller/if-status.c +++ b/controller/if-status.c @@ -24,6 +24,7 @@ #include "lib/util.h" #include "timeval.h" #include "openvswitch/vlog.h" +#include "lib/vswitch-idl.h" #include "lib/ovn-sb-idl.h" VLOG_DEFINE_THIS_MODULE(if_status); @@ -146,6 +147,7 @@ struct ovs_iface { * be fully programmed in OVS. Only used in state * OIF_INSTALL_FLOWS. */ + uint16_t mtu; /* Extracted from OVS interface.mtu field. */ }; static uint64_t ifaces_usage; @@ -167,9 +169,10 @@ struct if_status_mgr { uint32_t iface_seqno; }; -static struct ovs_iface *ovs_iface_create(struct if_status_mgr *, - const char *iface_id, - enum if_state ); +static struct ovs_iface * +ovs_iface_create(struct if_status_mgr *, const char *iface_id, + const struct ovsrec_interface *iface_rec, + enum if_state); static void ovs_iface_destroy(struct if_status_mgr *, struct ovs_iface *); static void ovs_iface_set_state(struct if_status_mgr *, struct ovs_iface *, enum if_state); @@ -222,13 +225,14 @@ void if_status_mgr_claim_iface(struct if_status_mgr *mgr, const struct sbrec_port_binding *pb, const struct sbrec_chassis *chassis_rec, + const struct ovsrec_interface *iface_rec, bool sb_readonly) { const char *iface_id = pb->logical_port; struct ovs_iface *iface = shash_find_data(&mgr->ifaces, iface_id); if (!iface) { - iface = ovs_iface_create(mgr, iface_id, OIF_CLAIMED); + iface = ovs_iface_create(mgr, iface_id, iface_rec, OIF_CLAIMED); } if (!sb_readonly) { @@ -492,14 +496,33 @@ ovs_iface_account_mem(const char *iface_id, bool erase) } } +static uint16_t +get_iface_mtu(const struct ovsrec_interface *iface) +{ + if (!iface || !iface->n_mtu || iface->mtu[0] <= 0) { + return 0; + } + return (uint16_t) iface->mtu[0]; +} + +uint16_t +if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, + const char *iface_id) +{ + const struct ovs_iface *iface = shash_find_data(&mgr->ifaces, iface_id); + return iface ? iface->mtu : 0; +} + static struct ovs_iface * ovs_iface_create(struct if_status_mgr *mgr, const char *iface_id, + const struct ovsrec_interface *iface_rec, enum if_state state) { struct ovs_iface *iface = xzalloc(sizeof *iface); VLOG_DBG("Interface %s create.", iface_id); iface->id = xstrdup(iface_id); + iface->mtu = get_iface_mtu(iface_rec); shash_add_nocopy(&mgr->ifaces, iface->id, iface); ovs_iface_set_state(mgr, iface, state); ovs_iface_account_mem(iface_id, false); diff --git a/controller/if-status.h b/controller/if-status.h index 5bd187a25..ab1625b18 100644 --- a/controller/if-status.h +++ b/controller/if-status.h @@ -29,6 +29,7 @@ void if_status_mgr_destroy(struct if_status_mgr *); void if_status_mgr_claim_iface(struct if_status_mgr *, const struct sbrec_port_binding *pb, const struct sbrec_chassis *chassis_rec, + const struct ovsrec_interface *iface_rec, bool sb_readonly); void if_status_mgr_release_iface(struct if_status_mgr *, const char *iface_id); void if_status_mgr_delete_iface(struct if_status_mgr *, const char *iface_id); @@ -48,5 +49,7 @@ bool if_status_handle_claims(struct if_status_mgr *mgr, const struct sbrec_chassis *chassis_rec, struct hmap *tracked_datapath, bool sb_readonly); +uint16_t if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, + const char *iface_id); # endif /* controller/if-status.h */ From patchwork Wed May 3 20:13:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776645 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=e3QsSCVP; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSp34ySJz20fg for ; Thu, 4 May 2023 06:14:03 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 1E2C441DD4; Wed, 3 May 2023 20:14:00 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 1E2C441DD4 Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=e3QsSCVP X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYFikQVf8emS; Wed, 3 May 2023 20:13:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id A738241D62; Wed, 3 May 2023 20:13:54 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org A738241D62 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0DB0AC009A; Wed, 3 May 2023 20:13:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5847FC0092 for ; Wed, 3 May 2023 20:13:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 1E5A081774 for ; Wed, 3 May 2023 20:13:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1E5A081774 Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=e3QsSCVP X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8etja7DcZ931 for ; Wed, 3 May 2023 20:13:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1650981404 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 1650981404 for ; Wed, 3 May 2023 20:13:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144827; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VfTOmXfb5bjV1hbWS4MqrvA30gDi8QmLLWkQqJ3DbQ0=; b=e3QsSCVPW/6KXlQalMEj5Er/fVorxGtmRg68CZIO5z9RiuG5a/IfYUI2c/+Xsct1GWcusL E8+GOuG4Y/jcnhmrAOSB/gSc1x43agPcYS4yyNSDkc2HYOuRxItrn+BPzsxoeaAvCq+QXJ Ggu+1wG7T4k4N2b0G5EC/OM4Uhqa5Fc= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-78-aeR1PS07NiCkx_z_Kg6tGw-1; Wed, 03 May 2023 16:13:46 -0400 X-MC-Unique: aeR1PS07NiCkx_z_Kg6tGw-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-61af548a8feso27183586d6.0 for ; Wed, 03 May 2023 13:13:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144826; x=1685736826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VfTOmXfb5bjV1hbWS4MqrvA30gDi8QmLLWkQqJ3DbQ0=; b=LXGqsTD5vsuB2xCtOu3PD+VeooLK9SW67JC8BG2OiT9QRIEluFxoHIfoZHOsQpO4RO ZAGYqdibToVizLKoOdlwoxZof7sqKLpoBfXBdkzi4elleRKL8GQm0WkFkA3Ndz3y/akU LC7yNkPf2tg/R4YTA7rveK/dWtGSamOvRQRe/7pW1Y069SR5I+q4LoeMUdk/tEQwypUo x3GNRwDG4D0zmPUIMhqddPyhfK6ryjGUKvkGqBvfFYKpbAIGEKOr0eLcQTNZXf4hWJnp ydiNjOl/Jt/3ScJ2evuakfmySMK0Y9UDykwztxnCY/gRHhz2hrl/HWXb108J+22q0zn4 CnNA== X-Gm-Message-State: AC+VfDx1BxTJDQ9bG+N2SEOhtCn7HEM77ZAaH+5zJ20tj44qFVcTDI53 Wfznhl8M9z5hYWmWiGW3sOWKbmwIC7EyT39A9V3SBLsYxx6B3nUD9p7vfCMyjGsa5l3bSyXMgU+ j7nAk3+Y+B6TNPZBbM6+MgFsTVuqKlR8xgdicZXidCWwMBjlpMZmo9uI6jPwBgw5G20c7soiP X-Received: by 2002:a05:6214:e46:b0:61b:5faf:9a71 with SMTP id o6-20020a0562140e4600b0061b5faf9a71mr10897727qvc.20.1683144825879; Wed, 03 May 2023 13:13:45 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ48pVyhbDO/vWhzIZtcO/u/VCMeM0OOoi3oyk1mixFzKSUN3aL82z6Q0CfvAQD+3Fs3CgeFmQ== X-Received: by 2002:a05:6214:e46:b0:61b:5faf:9a71 with SMTP id o6-20020a0562140e4600b0061b5faf9a71mr10897700qvc.20.1683144825554; Wed, 03 May 2023 13:13:45 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:44 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:34 +0000 Message-Id: <20230503201337.46104-4-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 3/6] if-status: track interfaces for additional chassis X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This will allow all chassis hosting a port to extract interface MTU from if-status-mgr. This will be used in a later patch to calculate the effective path MTU for each port. In addition, it's the right thing to do to claim and mark an interface on all chassis as ovn-installed, even if the chassis is "additional". Fixes: fa8c591fa2a7 ("Support LSP:options:requested-chassis as a list") Signed-off-by: Ihar Hrachyshka Acked-by: Dumitru Ceara --- controller/binding.c | 46 ++++++++++++++++++++++++++---------------- controller/binding.h | 4 ++++ controller/if-status.c | 8 ++++++-- controller/if-status.h | 5 ++++- tests/ovn.at | 10 +++++---- 5 files changed, 49 insertions(+), 24 deletions(-) diff --git a/controller/binding.c b/controller/binding.c index 561b857fa..d75bde3eb 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -57,6 +57,10 @@ struct claimed_port { static struct shash _claimed_ports = SHASH_INITIALIZER(&_claimed_ports); static struct sset _postponed_ports = SSET_INITIALIZER(&_postponed_ports); +static void +remove_additional_chassis(const struct sbrec_port_binding *pb, + const struct sbrec_chassis *chassis_rec); + struct sset * get_postponed_ports(void) { @@ -1028,6 +1032,26 @@ set_pb_chassis_in_sbrec(const struct sbrec_port_binding *pb, } } +void +set_pb_additional_chassis_in_sbrec(const struct sbrec_port_binding *pb, + const struct sbrec_chassis *chassis_rec, + bool is_set) +{ + if (!is_additional_chassis(pb, chassis_rec)) { + VLOG_INFO("Claiming lport %s for this additional chassis.", + pb->logical_port); + for (size_t i = 0; i < pb->n_mac; i++) { + VLOG_INFO("%s: Claiming %s", pb->logical_port, pb->mac[i]); + } + sbrec_port_binding_update_additional_chassis_addvalue(pb, chassis_rec); + if (pb->chassis == chassis_rec) { + sbrec_port_binding_set_chassis(pb, NULL); + } + } else if (!is_set) { + remove_additional_chassis(pb, chassis_rec); + } +} + bool local_bindings_pb_chassis_is_set(struct shash *local_bindings, const char *pb_name, @@ -1229,7 +1253,7 @@ claim_lport(const struct sbrec_port_binding *pb, set_pb_chassis_in_sbrec(pb, chassis_rec, true); } else { if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, iface_rec, - sb_readonly); + sb_readonly, can_bind); } register_claim_timestamp(pb->logical_port, now); sset_find_and_delete(postponed_ports, pb->logical_port); @@ -1241,27 +1265,15 @@ claim_lport(const struct sbrec_port_binding *pb, } else { if (pb->n_up && !pb->up[0]) { if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, - iface_rec, sb_readonly); + iface_rec, sb_readonly, + can_bind); } } } } else if (can_bind == CAN_BIND_AS_ADDITIONAL) { if (!is_additional_chassis(pb, chassis_rec)) { - if (sb_readonly) { - return false; - } - - VLOG_INFO("Claiming lport %s for this additional chassis.", - pb->logical_port); - for (size_t i = 0; i < pb->n_mac; i++) { - VLOG_INFO("%s: Claiming %s", pb->logical_port, pb->mac[i]); - } - - sbrec_port_binding_update_additional_chassis_addvalue(pb, - chassis_rec); - if (pb->chassis == chassis_rec) { - sbrec_port_binding_set_chassis(pb, NULL); - } + if_status_mgr_claim_iface(if_mgr, pb, chassis_rec, iface_rec, + sb_readonly, can_bind); update_tracked = true; } } diff --git a/controller/binding.h b/controller/binding.h index 6c3a98b02..27a954efe 100644 --- a/controller/binding.h +++ b/controller/binding.h @@ -194,6 +194,10 @@ bool is_additional_chassis(const struct sbrec_port_binding *pb, void set_pb_chassis_in_sbrec(const struct sbrec_port_binding *pb, const struct sbrec_chassis *chassis_rec, bool is_set); +void +set_pb_additional_chassis_in_sbrec(const struct sbrec_port_binding *pb, + const struct sbrec_chassis *chassis_rec, + bool is_set); /* Corresponds to each Port_Binding.type. */ enum en_lport_type { diff --git a/controller/if-status.c b/controller/if-status.c index f2ea21635..e60156c4a 100644 --- a/controller/if-status.c +++ b/controller/if-status.c @@ -226,7 +226,7 @@ if_status_mgr_claim_iface(struct if_status_mgr *mgr, const struct sbrec_port_binding *pb, const struct sbrec_chassis *chassis_rec, const struct ovsrec_interface *iface_rec, - bool sb_readonly) + bool sb_readonly, enum can_bind bind_type) { const char *iface_id = pb->logical_port; struct ovs_iface *iface = shash_find_data(&mgr->ifaces, iface_id); @@ -236,7 +236,11 @@ if_status_mgr_claim_iface(struct if_status_mgr *mgr, } if (!sb_readonly) { - set_pb_chassis_in_sbrec(pb, chassis_rec, true); + if (bind_type == CAN_BIND_AS_MAIN) { + set_pb_chassis_in_sbrec(pb, chassis_rec, true); + } else if (bind_type == CAN_BIND_AS_ADDITIONAL) { + set_pb_additional_chassis_in_sbrec(pb, chassis_rec, true); + } } switch (iface->state) { diff --git a/controller/if-status.h b/controller/if-status.h index ab1625b18..8186bdf08 100644 --- a/controller/if-status.h +++ b/controller/if-status.h @@ -19,6 +19,7 @@ #include "openvswitch/shash.h" #include "binding.h" +#include "lport.h" struct if_status_mgr; struct simap; @@ -30,7 +31,7 @@ void if_status_mgr_claim_iface(struct if_status_mgr *, const struct sbrec_port_binding *pb, const struct sbrec_chassis *chassis_rec, const struct ovsrec_interface *iface_rec, - bool sb_readonly); + bool sb_readonly, enum can_bind bind_type); void if_status_mgr_release_iface(struct if_status_mgr *, const char *iface_id); void if_status_mgr_delete_iface(struct if_status_mgr *, const char *iface_id); @@ -44,6 +45,8 @@ void if_status_mgr_get_memory_usage(struct if_status_mgr *mgr, struct simap *usage); bool if_status_mgr_iface_is_present(struct if_status_mgr *mgr, const char *iface_id); +uint16_t if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, + const char *iface_id); bool if_status_handle_claims(struct if_status_mgr *mgr, struct local_binding_data *binding_data, const struct sbrec_chassis *chassis_rec, diff --git a/tests/ovn.at b/tests/ovn.at index 213ad18fa..616036156 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -14283,10 +14283,12 @@ wait_column "$hv1_uuid" Port_Binding requested_chassis logical_port=lsp0 wait_column "$hv2_uuid" Port_Binding additional_chassis logical_port=lsp0 wait_column "$hv2_uuid" Port_Binding requested_additional_chassis logical_port=lsp0 -# Check ovn-installed updated for main chassis +# Check ovn-installed updated for both chassis wait_for_ports_up -OVS_WAIT_UNTIL([test `as hv1 ovs-vsctl get Interface lsp0 external_ids:ovn-installed` = '"true"']) -OVS_WAIT_UNTIL([test x`as hv2 ovs-vsctl get Interface lsp0 external_ids:ovn-installed` = x]) + +for hv in hv1 hv2; do + OVS_WAIT_UNTIL([test `as $hv ovs-vsctl get Interface lsp0 external_ids:ovn-installed` = '"true"']) +done # Check that setting iface:encap-ip populates Port_Binding:additional_encap wait_row_count Encap 2 chassis_name=hv1 @@ -14313,7 +14315,7 @@ wait_column "$hv2_uuid" Port_Binding requested_chassis logical_port=lsp0 wait_column "" Port_Binding additional_chassis logical_port=lsp0 wait_column "" Port_Binding requested_additional_chassis logical_port=lsp0 -# Check ovn-installed updated for main chassis and not for other chassis +# Check ovn-installed updated for main chassis and removed from additional chassis wait_for_ports_up OVS_WAIT_UNTIL([test `as hv2 ovs-vsctl get Interface lsp0 external_ids:ovn-installed` = '"true"']) OVS_WAIT_UNTIL([test x`as hv1 ovs-vsctl get Interface lsp0 external_ids:ovn-installed` = x]) From patchwork Wed May 3 20:13:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776648 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Z1m6iX6Y; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSph74m3z20fg for ; Thu, 4 May 2023 06:14:36 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id D1CB783CCA; Wed, 3 May 2023 20:14:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org D1CB783CCA Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Z1m6iX6Y X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UL85APqGXM56; Wed, 3 May 2023 20:14:24 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id C403583EC6; Wed, 3 May 2023 20:14:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C403583EC6 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 99733C0037; Wed, 3 May 2023 20:14:14 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 269BAC007A for ; Wed, 3 May 2023 20:14:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id B46B841E61 for ; Wed, 3 May 2023 20:14:03 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B46B841E61 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Z1m6iX6Y X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9VB8F_19o-g for ; Wed, 3 May 2023 20:13:54 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 41E2541E01 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 41E2541E01 for ; Wed, 3 May 2023 20:13:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144833; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QFYXvcuQgNyVATS7C0eYZk+0lIcHegK1sFcFbPJdXp4=; b=Z1m6iX6Yz1VXhUaRwC+I7ylR56U1ZJsUkm81Eo9fHYPP7OihobSCTkqVlX6aw4Wok5Hd3m JlXe9VDb3LSoYQDXYXKvh5I1q+XdHjTJpftOB8gi1+UOLTcj+WbiaMsHzycEKB9VW9YMGZ iHpjj24E3l+f5MqgywgN3cx4aMgGCzg= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-82-D2PR--vcNFCzl8_EpA2hFw-1; Wed, 03 May 2023 16:13:51 -0400 X-MC-Unique: D2PR--vcNFCzl8_EpA2hFw-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-61a5789551eso24191986d6.2 for ; Wed, 03 May 2023 13:13:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144831; x=1685736831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QFYXvcuQgNyVATS7C0eYZk+0lIcHegK1sFcFbPJdXp4=; b=Z78ofjzp5xT3Q1C2fv/qf6FcWhUClPJUEtbPcoFz7zcRZKUbkEi2tiTYq055aVCHDI dAsgmyZSUzZ6Y9DabEAq2WZ9tPN6vgfXqpltcI0qgW+EraV4p0aXPDLs9FAtYp8ZQRUu T1sXxoh3gqmvl9biJBDhlaH3PDTFkjMr+fJoPH6JdO9OHH/v9DZGc4u3qcnJGVP+waCx 7hla107aI8PCxQaJ6wcSm9PQMPghOGC7dCs5k/TTW2+FxG67J12Tpxe4rZ1yxNhdGFz8 1r7NLr17u9IgJwBy9b99y3oj+XYnr+0Wc4DhvZIBuZARgtdRodSocms8WVyGgQIE/x8/ iAAA== X-Gm-Message-State: AC+VfDxyp7huseFJNmeGMm0BWLYVlIQNjdNlVIMZT7GiAySG6pWZDeMg ZF5k7HNAZLhWufUWs6NZjYWPQwo/BEc/efCmK96s1fHp34IBah1I+MdXBaedr0+bPIv2j+9fd5P +tc26M1syBDflNIGIUvSmrV1BudUftkeQ/HjKiyCnmi7Smn3mMYTxLXgVMDAVSE4nJvYIdSvv X-Received: by 2002:ad4:4ea6:0:b0:5fd:7701:88c5 with SMTP id ed6-20020ad44ea6000000b005fd770188c5mr13588143qvb.6.1683144828919; Wed, 03 May 2023 13:13:48 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7klX+KlZqjXeE4xDEhoX7PyESb4TV1sMkZeWyTZCneZV382LgElJEdituMJJDtXSGELdfwng== X-Received: by 2002:ad4:4ea6:0:b0:5fd:7701:88c5 with SMTP id ed6-20020ad44ea6000000b005fd770188c5mr13587950qvb.6.1683144826895; Wed, 03 May 2023 13:13:46 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:46 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:35 +0000 Message-Id: <20230503201337.46104-5-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 4/6] Add new egress tables to accommodate for too-big packets handling X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The new tables will be used in a later patch as follows: table=37, OFTABLE_OUTPUT_INIT: becomes an initial entry point into the egress pipeline that serves a semantic goal. (Not doing any actual processing at the moment.) table=38, OFTABLE_OUTPUT_LARGE_PKT_DETECT: detect "too-big" IP packets and mark them for later processing in table=39. table=39, OFTABLE_OUTPUT_LARGE_PKT_PROCESS: process "too-big" IP packets detected in table=38 by sending ICMPv4 Fragmentation Needed / ICMPv6 Too Big errors back to the originating port. All previous table indices shifted by 3 (old table=37 becomes table=40). Otherwise, no changes to existing tables and flows introduced. Signed-off-by: Ihar Hrachyshka Acked-by: Dumitru Ceara --- controller/lflow.c | 4 +- controller/lflow.h | 49 ++++--- controller/physical.c | 77 +++++++---- controller/pinctrl.c | 8 +- ovn-architecture.7.xml | 76 ++++++----- tests/ovn-controller.at | 174 ++++++++++++------------ tests/ovn.at | 280 +++++++++++++++++++-------------------- tests/system-ovn-kmod.at | 2 +- tests/system-ovn.at | 8 +- 9 files changed, 356 insertions(+), 322 deletions(-) diff --git a/controller/lflow.c b/controller/lflow.c index 0b071138d..22faaf013 100644 --- a/controller/lflow.c +++ b/controller/lflow.c @@ -397,7 +397,7 @@ consider_lflow_for_added_as_ips__( : OFTABLE_LOG_EGRESS_PIPELINE); uint8_t ptable = first_ptable + lflow->table_id; uint8_t output_ptable = (ingress - ? OFTABLE_REMOTE_OUTPUT + ? OFTABLE_OUTPUT_INIT : OFTABLE_SAVE_INPORT); uint64_t ovnacts_stub[1024 / 8]; @@ -1067,7 +1067,7 @@ consider_logical_flow__(const struct sbrec_logical_flow *lflow, : OFTABLE_LOG_EGRESS_PIPELINE); uint8_t ptable = first_ptable + lflow->table_id; uint8_t output_ptable = (ingress - ? OFTABLE_REMOTE_OUTPUT + ? OFTABLE_OUTPUT_INIT : OFTABLE_SAVE_INPORT); /* Parse OVN logical actions. diff --git a/controller/lflow.h b/controller/lflow.h index dd742257b..b804e61e5 100644 --- a/controller/lflow.h +++ b/controller/lflow.h @@ -63,27 +63,34 @@ struct uuid; * * These are heavily documented in ovn-architecture(7), please update it if * you make any changes. */ -#define OFTABLE_PHY_TO_LOG 0 -#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN tables. */ -#define OFTABLE_REMOTE_OUTPUT 37 -#define OFTABLE_LOCAL_OUTPUT 38 -#define OFTABLE_CHECK_LOOPBACK 39 -#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN tables. */ -#define OFTABLE_SAVE_INPORT 64 -#define OFTABLE_LOG_TO_PHY 65 -#define OFTABLE_MAC_BINDING 66 -#define OFTABLE_MAC_LOOKUP 67 -#define OFTABLE_CHK_LB_HAIRPIN 68 -#define OFTABLE_CHK_LB_HAIRPIN_REPLY 69 -#define OFTABLE_CT_SNAT_HAIRPIN 70 -#define OFTABLE_GET_FDB 71 -#define OFTABLE_LOOKUP_FDB 72 -#define OFTABLE_CHK_IN_PORT_SEC 73 -#define OFTABLE_CHK_IN_PORT_SEC_ND 74 -#define OFTABLE_CHK_OUT_PORT_SEC 75 -#define OFTABLE_ECMP_NH_MAC 76 -#define OFTABLE_ECMP_NH 77 -#define OFTABLE_CHK_LB_AFFINITY 78 +#define OFTABLE_PHY_TO_LOG 0 + +/* Start of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_INGRESS_PIPELINE 8 +#define OFTABLE_OUTPUT_INIT 37 +#define OFTABLE_OUTPUT_LARGE_PKT_DETECT 38 +#define OFTABLE_OUTPUT_LARGE_PKT_PROCESS 39 +#define OFTABLE_REMOTE_OUTPUT 40 +#define OFTABLE_LOCAL_OUTPUT 41 +#define OFTABLE_CHECK_LOOPBACK 42 + +/* Start of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_EGRESS_PIPELINE 43 +#define OFTABLE_SAVE_INPORT 64 +#define OFTABLE_LOG_TO_PHY 65 +#define OFTABLE_MAC_BINDING 66 +#define OFTABLE_MAC_LOOKUP 67 +#define OFTABLE_CHK_LB_HAIRPIN 68 +#define OFTABLE_CHK_LB_HAIRPIN_REPLY 69 +#define OFTABLE_CT_SNAT_HAIRPIN 70 +#define OFTABLE_GET_FDB 71 +#define OFTABLE_LOOKUP_FDB 72 +#define OFTABLE_CHK_IN_PORT_SEC 73 +#define OFTABLE_CHK_IN_PORT_SEC_ND 74 +#define OFTABLE_CHK_OUT_PORT_SEC 75 +#define OFTABLE_ECMP_NH_MAC 76 +#define OFTABLE_ECMP_NH 77 +#define OFTABLE_CHK_LB_AFFINITY 78 struct lflow_ctx_in { struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath; diff --git a/controller/physical.c b/controller/physical.c index ec861f49c..1b0482e3b 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -876,12 +876,12 @@ put_local_common_flows(uint32_t dp_key, uint32_t port_key = pb->tunnel_key; - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements output to local hypervisor. Each flow matches a * logical output port on the local hypervisor, and resubmits to - * table 39. + * table 42. */ ofpbuf_clear(ofpacts_p); @@ -891,13 +891,13 @@ put_local_common_flows(uint32_t dp_key, put_zones_ofpacts(zone_ids, ofpacts_p); - /* Resubmit to table 39. */ + /* Resubmit to table 42. */ put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p); ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, pb->header_.uuid.parts[0], &match, ofpacts_p, &pb->header_.uuid); - /* Table 39, Priority 100. + /* Table 42, Priority 100. * ======================= * * Drop packets whose logical inport and outport are the same @@ -1233,12 +1233,12 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, || ha_chassis_group_is_active(binding->ha_chassis_group, active_tunnels, chassis))) { - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements output to local hypervisor. Each flow matches a * logical output port on the local hypervisor, and resubmits to - * table 39. For ports of type "chassisredirect", the logical + * table 42. For ports of type "chassisredirect", the logical * output port is changed from the "chassisredirect" port to the * underlying distributed port. */ @@ -1275,7 +1275,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, ct_zones); put_zones_ofpacts(&zone_ids, ofpacts_p); - /* Resubmit to table 39. */ + /* Resubmit to table 42. */ put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p); } @@ -1491,7 +1491,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, ofport, flow_table); } - /* Table 39, priority 160. + /* Table 42, priority 160. * ======================= * * Do not forward local traffic from a localport to a localnet port. @@ -1561,13 +1561,13 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } - /* Table 37, priority 150. + /* Table 40, priority 150. * ======================= * * Handles packets received from ports of type "localport". These * ports are present on every hypervisor. Traffic that originates at * one should never go over a tunnel to a remote hypervisor, - * so resubmit them to table 38 for local delivery. */ + * so resubmit them to table 41 for local delivery. */ if (!strcmp(binding->type, "localport")) { ofpbuf_clear(ofpacts_p); put_resubmit(OFTABLE_LOCAL_OUTPUT, ofpacts_p); @@ -1581,7 +1581,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } else if (access_type == PORT_LOCALNET) { /* Remote port connected by localnet port */ - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements switching to localnet port. Each flow matches a @@ -1596,7 +1596,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, put_load(localnet_port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, ofpacts_p); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ put_resubmit(OFTABLE_LOCAL_OUTPUT, ofpacts_p); ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, binding->header_.uuid.parts[0], @@ -1613,7 +1613,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, const char *redirect_type = smap_get(&binding->options, "redirect-type"); - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Handles traffic that needs to be sent to a remote hypervisor. Each @@ -1841,7 +1841,7 @@ consider_mc_group(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Handle output to the local logical ports in the multicast group, if @@ -1857,7 +1857,7 @@ consider_mc_group(struct ovsdb_idl_index *sbrec_port_binding_by_name, &match, &ofpacts, &mc->header_.uuid); } - /* Table 37, priority 100. + /* Table 40, priority 100. * ======================= * * Handle output to the remote chassis in the multicast group, if @@ -2035,7 +2035,7 @@ physical_run(struct physical_ctx *p_ctx, flow_table, &ofpacts); } - /* Handle output to multicast groups, in tables 37 and 38. */ + /* Handle output to multicast groups, in tables 40 and 41. */ const struct sbrec_multicast_group *mc; SBREC_MULTICAST_GROUP_TABLE_FOR_EACH (mc, p_ctx->mc_group_table) { consider_mc_group(p_ctx->sbrec_port_binding_by_name, @@ -2056,7 +2056,7 @@ physical_run(struct physical_ctx *p_ctx, * encapsulations have metadata about the ingress and egress logical ports. * VXLAN encapsulations have metadata about the egress logical port only. * We set MFF_LOG_DATAPATH, MFF_LOG_INPORT, and MFF_LOG_OUTPORT from the - * tunnel key data where possible, then resubmit to table 38 to handle + * tunnel key data where possible, then resubmit to table 41 to handle * packets to the local hypervisor. */ struct chassis_tunnel *tun; HMAP_FOR_EACH (tun, hmap_node, p_ctx->chassis_tunnels) { @@ -2158,27 +2158,50 @@ physical_run(struct physical_ctx *p_ctx, */ add_default_drop_flow(p_ctx, OFTABLE_PHY_TO_LOG, flow_table); - /* Table 37, priority 150. + /* Table 34-36, priority 0. + * ======================== + * + * Default resubmit actions for OFTABLE_OUTPUT_LARGE_PKT_* tables. + */ + struct match match; + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_OUTPUT_LARGE_PKT_DETECT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_INIT, 0, 0, &match, + &ofpacts, hc_uuid); + + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_REMOTE_OUTPUT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_DETECT, 0, 0, &match, + &ofpacts, hc_uuid); + + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_REMOTE_OUTPUT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_PROCESS, 0, 0, &match, + &ofpacts, hc_uuid); + + /* Table 40, priority 150. * ======================= * * Handles packets received from a VXLAN tunnel which get resubmitted to * OFTABLE_LOG_INGRESS_PIPELINE due to lack of needed metadata in VXLAN, - * explicitly skip sending back out any tunnels and resubmit to table 38 + * explicitly skip sending back out any tunnels and resubmit to table 41 * for local delivery, except packets which have MLF_ALLOW_LOOPBACK bit * set. */ - struct match match; match_init_catchall(&match); match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0, MLF_RCV_FROM_RAMP, MLF_RCV_FROM_RAMP | MLF_ALLOW_LOOPBACK); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ ofpbuf_clear(&ofpacts); put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts); ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match, &ofpacts, hc_uuid); - /* Table 37, priority 150. + /* Table 40, priority 150. * ======================= * * Packets that should not be sent to other hypervisors. @@ -2186,13 +2209,13 @@ physical_run(struct physical_ctx *p_ctx, match_init_catchall(&match); match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0, MLF_LOCAL_ONLY, MLF_LOCAL_ONLY); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ ofpbuf_clear(&ofpacts); put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts); ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match, &ofpacts, hc_uuid); - /* Table 37, Priority 0. + /* Table 40, Priority 0. * ======================= * * Resubmit packets that are not directed at tunnels or part of a @@ -2203,18 +2226,18 @@ physical_run(struct physical_ctx *p_ctx, ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 0, 0, &match, &ofpacts, hc_uuid); - /* Table 38, priority 0. + /* Table 41, priority 0. * ====================== * * Drop packets that do not match previous flows. */ add_default_drop_flow(p_ctx, OFTABLE_LOCAL_OUTPUT, flow_table); - /* Table 39, Priority 0. + /* Table 42, Priority 0. * ======================= * * Resubmit packets that don't output to the ingress port (already checked - * in table 38) to the logical egress pipeline, clearing the logical + * in table 41) to the logical egress pipeline, clearing the logical * registers (for consistent behavior with packets that get tunneled). */ match_init_catchall(&match); ofpbuf_clear(&ofpacts); diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 97a5e392f..456388cf0 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -627,7 +627,7 @@ set_actions_and_enqueue_msg(struct rconn *swconn, } /* Forwards a packet to 'out_port_key' even if that's on a remote - * hypervisor, i.e., the packet is re-injected in table OFTABLE_REMOTE_OUTPUT. + * hypervisor, i.e., the packet is re-injected in table OFTABLE_OUTPUT_INIT. */ static void pinctrl_forward_pkt(struct rconn *swconn, int64_t dp_key, @@ -644,7 +644,7 @@ pinctrl_forward_pkt(struct rconn *swconn, int64_t dp_key, struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; struct ofputil_packet_out po = { .packet = dp_packet_data(pkt), @@ -870,7 +870,7 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, 0, 32, &ofpacts); struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; struct ofputil_packet_out po = { .packet = dp_packet_data(&packet), @@ -1499,7 +1499,7 @@ buffered_push_packet(struct buffered_packets *bp, struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&bi->ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; bi->p = packet; diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml index cb1064f71..306821d69 100644 --- a/ovn-architecture.7.xml +++ b/ovn-architecture.7.xml @@ -1233,8 +1233,8 @@ output port field, and since they do not carry a logical output port field in the tunnel key, when a packet is received from ramp switch VXLAN tunnel by an OVN hypervisor, the packet is resubmitted to table 8 - to determine the output port(s); when the packet reaches table 37, - these packets are resubmitted to table 38 for local delivery by + to determine the output port(s); when the packet reaches table 40, + these packets are resubmitted to table 41 for local delivery by checking a MLF_RCV_FROM_RAMP flag, which is set when the packet arrives from a ramp tunnel.

@@ -1439,38 +1439,42 @@

  • - OpenFlow tables 37 through 39 implement the output action - in the logical ingress pipeline. Specifically, table 37 handles - packets to remote hypervisors, table 38 handles packets to the local - hypervisor, and table 39 checks whether packets whose logical ingress - and egress port are the same should be discarded. + OpenFlow tables 37 through 42 implement the output action + in the logical ingress pipeline. Specifically, table 37 serves as an + entry point to egress pipeline. Table 38 detects IP packets that are + too big for a corresponding interface. Table 39 produces ICMPv4 + Fragmentation Needed (or ICMPv6 Too Big) errors and deliver them back + to the offending port. table 40 handles packets to remote hypervisors, + table 41 handles packets to the local hypervisor, and table 42 checks + whether packets whose logical ingress and egress port are the same + should be discarded.

    Logical patch ports are a special case. Logical patch ports do not have a physical location and effectively reside on every hypervisor. - Thus, flow table 38, for output to ports on the local hypervisor, + Thus, flow table 41, for output to ports on the local hypervisor, naturally implements output to unicast logical patch ports too. However, applying the same logic to a logical patch port that is part of a logical multicast group yields packet duplication, because each hypervisor that contains a logical port in the multicast group will also output the packet to the logical patch port. Thus, multicast - groups implement output to logical patch ports in table 37. + groups implement output to logical patch ports in table 40.

    - Each flow in table 37 matches on a logical output port for unicast or + Each flow in table 40 matches on a logical output port for unicast or multicast logical ports that include a logical port on a remote hypervisor. Each flow's actions implement sending a packet to the port it matches. For unicast logical output ports on remote hypervisors, the actions set the tunnel key to the correct value, then send the packet on the tunnel port to the correct hypervisor. (When the remote hypervisor receives the packet, table 0 there will recognize it as a - tunneled packet and pass it along to table 38.) For multicast logical + tunneled packet and pass it along to table 41.) For multicast logical output ports, the actions send one copy of the packet to each remote hypervisor, in the same way as for unicast destinations. If a multicast group includes a logical port or ports on the local - hypervisor, then its actions also resubmit to table 38. Table 37 also + hypervisor, then its actions also resubmit to table 41. Table 40 also includes:

    @@ -1478,7 +1482,7 @@
  • A higher-priority rule to match packets received from ramp switch tunnels, based on flag MLF_RCV_FROM_RAMP, and resubmit these packets - to table 38 for local delivery. Packets received from ramp switch + to table 41 for local delivery. Packets received from ramp switch tunnels reach here because of a lack of logical output port field in the tunnel key and thus these packets needed to be submitted to table 8 to determine the output port. @@ -1486,7 +1490,7 @@
  • A higher-priority rule to match packets received from ports of type localport, based on the logical input port, and resubmit - these packets to table 38 for local delivery. Ports of type + these packets to table 41 for local delivery. Ports of type localport exist on every hypervisor and by definition their traffic should never go out through a tunnel.
    • @@ -1501,41 +1505,41 @@ packets, the packets only need to be delivered to local ports.
  • - A fallback flow that resubmits to table 38 if there is no other + A fallback flow that resubmits to table 41 if there is no other match.

    • - Flows in table 38 resemble those in table 37 but for logical ports that + Flows in table 41 resemble those in table 40 but for logical ports that reside locally rather than remotely. For unicast logical output ports - on the local hypervisor, the actions just resubmit to table 39. For + on the local hypervisor, the actions just resubmit to table 42. For multicast output ports that include one or more logical ports on the local hypervisor, for each such logical port P, the actions change the logical output port to P, then resubmit to table - 39. + 42.

    A special case is that when a localnet port exists on the datapath, remote port is connected by switching to the localnet port. In this - case, instead of adding a flow in table 37 to reach the remote port, a - flow is added in table 38 to switch the logical outport to the localnet - port, and resubmit to table 38 as if it were unicasted to a logical + case, instead of adding a flow in table 40 to reach the remote port, a + flow is added in table 41 to switch the logical outport to the localnet + port, and resubmit to table 41 as if it were unicasted to a logical port on the local hypervisor.

    - Table 39 matches and drops packets for which the logical input and + Table 42 matches and drops packets for which the logical input and output ports are the same and the MLF_ALLOW_LOOPBACK flag is not set. It also drops MLF_LOCAL_ONLY packets directed to a localnet port. - It resubmits other packets to table 40. + It resubmits other packets to table 43.

  • - OpenFlow tables 40 through 63 execute the logical egress pipeline from + OpenFlow tables 43 through 63 execute the logical egress pipeline from the Logical_Flow table in the OVN Southbound database. The egress pipeline can perform a final stage of validation before packet delivery. Eventually, it may execute an output @@ -1554,7 +1558,7 @@

  • Table 64 bypasses OpenFlow loopback when MLF_ALLOW_LOOPBACK is set. - Logical loopback was handled in table 39, but OpenFlow by default also + Logical loopback was handled in table 42, but OpenFlow by default also prevents loopback to the OpenFlow ingress port. Thus, when MLF_ALLOW_LOOPBACK is set, OpenFlow table 64 saves the OpenFlow ingress port, sets it to zero, resubmits to table 65 for logical-to-physical @@ -1592,8 +1596,8 @@ traverse tables 0 to 65 as described in the previous section Architectural Physical Life Cycle of a Packet, using the logical datapath representing the logical switch that the sender is - attached to. At table 37, the packet will use the fallback flow that - resubmits locally to table 38 on the same hypervisor. In this case, + attached to. At table 40, the packet will use the fallback flow that + resubmits locally to table 41 on the same hypervisor. In this case, all of the processing from table 0 to table 65 occurs on the hypervisor where the sender resides.

    @@ -1624,7 +1628,7 @@

    The packet traverses tables 8 to 65 a third and final time. If the destination VM or container resides on a remote hypervisor, then table - 37 will send the packet on a tunnel port from the sender's hypervisor + 40 will send the packet on a tunnel port from the sender's hypervisor to the remote hypervisor. Finally table 65 will output the packet directly to the destination VM or container.

    @@ -1651,9 +1655,9 @@ When a hypervisor processes a packet on a logical datapath representing a logical switch, and the logical egress port is a l3gateway port representing connectivity to a gateway - router, the packet will match a flow in table 37 that sends the + router, the packet will match a flow in table 40 that sends the packet on a tunnel port to the chassis where the gateway router - resides. This processing in table 37 is done in the same manner as + resides. This processing in table 40 is done in the same manner as for VIFs.

    @@ -1746,21 +1750,21 @@ chassis, one additional mechanism is required. When a packet leaves the ingress pipeline and the logical egress port is the distributed gateway port, one of two different sets of actions is - required at table 37: + required at table 40:

    • If the packet can be handled locally on the sender's hypervisor (e.g. one-to-one NAT traffic), then the packet should just be - resubmitted locally to table 38, in the normal manner for + resubmitted locally to table 41, in the normal manner for distributed logical patch ports.
    • However, if the packet needs to be handled on the chassis associated with the distributed gateway port (e.g. one-to-many - SNAT traffic or non-NAT traffic), then table 37 must send the + SNAT traffic or non-NAT traffic), then table 40 must send the packet on a tunnel port to that chassis.
    @@ -1772,11 +1776,11 @@ egress port to the type chassisredirect logical port is simply a way to indicate that although the packet is destined for the distributed gateway port, it needs to be redirected to a - different chassis. At table 37, packets with this logical egress - port are sent to a specific chassis, in the same way that table 37 + different chassis. At table 40, packets with this logical egress + port are sent to a specific chassis, in the same way that table 40 directs packets whose logical egress port is a VIF or a type l3gateway port to different chassis. Once the packet - arrives at that chassis, table 38 resets the logical egress port to + arrives at that chassis, table 41 resets the logical egress port to the value representing the distributed gateway port. For each distributed gateway port, there is one type chassisredirect port, in addition to the distributed diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 137724723..a1d16a86b 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -873,7 +873,7 @@ meta=$(ovn-sbctl get datapath ls1 tunnel_key) port=$(ovn-sbctl get port_binding ls1-rp tunnel_key) check ovn-nbctl lrp-add lr0 rp-ls1 00:00:01:01:02:03 192.168.1.254/24 -OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep table=38 | grep -q "reg15=0x${port},metadata=0x${meta}"]) +OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep table=41 | grep -q "reg15=0x${port},metadata=0x${meta}"]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -917,14 +917,14 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -939,15 +939,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 actions=drop ]) fi if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - $i)) ]) fi done @@ -965,7 +965,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop @@ -975,7 +975,7 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=dr priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 2)) ]) done @@ -992,11 +992,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1008,9 +1008,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1023,9 +1023,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1037,12 +1037,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1090,7 +1090,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222 actions=drop @@ -1098,12 +1098,12 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=33 ]) else # (1 conj_id flow + 3 tp_dst flows) = 4 extra flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i + 4)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1129,17 +1129,17 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((14 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((14 - $i)) ]) fi done @@ -1155,7 +1155,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1171,7 +1171,7 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjun priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) ]) done @@ -1187,11 +1187,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1203,9 +1203,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1218,9 +1218,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1232,12 +1232,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1287,18 +1287,18 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1326,15 +1326,15 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1355,14 +1355,14 @@ for i in $(seq 2 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -1381,16 +1381,16 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7 actions=drop ]) elif test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else # 2 dst + (10 - i) src + 1 conj_id - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - $i + 3)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - $i + 3)) ]) fi done @@ -1444,18 +1444,18 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1482,9 +1482,9 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((20 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((20 - $i*2)) ]) fi done @@ -1540,21 +1540,21 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=drop ]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 + $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 + $i)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1581,12 +1581,12 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((15 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((15 - $i)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) ]) fi done @@ -1638,18 +1638,18 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1675,15 +1675,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1699,7 +1699,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1718,7 +1718,7 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=co priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) ]) done @@ -1739,7 +1739,7 @@ check ovn-nbctl --wait=hv sync reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.4,10.0.0.5 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1763,7 +1763,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Delete 2 IPs reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl --wait=hv remove address_set as1 addresses 10.0.0.4,10.0.0.5 -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1821,7 +1821,7 @@ check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as2 && tcp && tcp.dst == {201, 202}' drop check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1846,7 +1846,7 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ add address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1877,7 +1877,7 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ remove address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1942,14 +1942,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01 actions=drop priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02 actions=drop priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -1963,17 +1963,17 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync - ovs-ofctl dump-flows br-int table=44 | grep "priority=1100" + ovs-ofctl dump-flows br-int table=47 | grep "priority=1100" if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05 actions=drop ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done @@ -2023,14 +2023,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1 actions=drop priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2 actions=drop priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -2045,15 +2045,15 @@ for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5 actions=drop ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done diff --git a/tests/ovn.at b/tests/ovn.at index 616036156..dccd5e131 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1004,10 +1004,10 @@ next(pipeline=ingress, table=11); next(pipeline=egress); formats as next(pipeline=egress, table=11); - encodes as resubmit(,51) + encodes as resubmit(,54) next(pipeline=egress, table=5); - encodes as resubmit(,45) + encodes as resubmit(,48) next(table=10); formats as next(10); @@ -11226,7 +11226,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ov hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") ]) test_ip_packet() @@ -11336,7 +11336,7 @@ AT_CHECK( ]) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") ]) test_ip_packet gw2 gw1 0 @@ -11514,7 +11514,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ov hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") ]) test_ip_packet() @@ -11594,7 +11594,7 @@ AT_CHECK([ovn-nbctl --wait=hv \ ]) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") ]) test_ip_packet gw2 gw1 @@ -11760,12 +11760,12 @@ AT_CAPTURE_FILE([hv2flows]) AT_CHECK( [# Check that redirect mapping is programmed only on hv2 - grep table=38 hv1flows | grep =0x3,metadata=0x1 | wc -l - grep table=38 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l + grep table=41 hv1flows | grep =0x3,metadata=0x1 | wc -l + grep table=41 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l # Check that hv1 sends chassisredirect port traffic to hv2 - grep table=37 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l - grep table=37 hv2flows | grep =0x3,metadata=0x1 | wc -l + grep table=40 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l + grep table=40 hv2flows | grep =0x3,metadata=0x1 | wc -l # Check that arp reply on distributed gateway port is only programmed on hv2 grep arp hv1flows | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l @@ -12293,8 +12293,8 @@ as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet as hv1 ovs-appctl ofproto/trace br-int in_port=hv1-vif1 $packet sleep 2 -AS_BOX([On hv1, table 37 check that no packet goes via the tunnel port]) -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 \ +AS_BOX([On hv1, table 40 check that no packet goes via the tunnel port]) +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 \ | grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0 ]]) @@ -13269,20 +13269,20 @@ echo $hv2_gw1_ofport echo $hv2_gw2_ofport echo "--- hv1 ---" -as hv1 ovs-ofctl dump-flows br-int table=37 +as hv1 ovs-ofctl dump-flows br-int table=40 echo "--- hv2 ---" -as hv2 ovs-ofctl dump-flows br-int table=37 +as hv2 ovs-ofctl dump-flows br-int table=40 gw1_chassis=$(fetch_column Chassis _uuid name=gw1) gw2_chassis=$(fetch_column Chassis _uuid name=gw2) -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \ | wc -l], [0], [1 ]) -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \ | wc -l], [0], [1 ]) @@ -13320,12 +13320,12 @@ wait_for_ports_up check ovn-nbctl --wait=hv sync # we make sure that the hypervisors noticed, and inverted the slave ports -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv1_gw2_ofport,$hv1_gw1_ofport \ | wc -l], [0], [1 ]) -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv2_gw2_ofport,$hv2_gw1_ofport \ | wc -l], [0], [1 ]) @@ -13476,12 +13476,12 @@ ovn-nbctl set Logical_Router_Port outside ha_chassis_group=$hagrp1_uuid wait_row_count HA_Chassis_Group 1 wait_row_count HA_Chassis 2 -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \ | wc -l], [0], [0 ]) -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \ | wc -l], [0], [0 ]) @@ -13499,12 +13499,12 @@ done # Re-add gw2 as gw2 ovn_attach n1 br-phys 192.168.0.1 -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \ | wc -l], [0], [1 ]) -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \ | wc -l], [0], [1 ]) @@ -13532,12 +13532,12 @@ wait_column "$exp_ref_ch_list" HA_Chassis_Group ref_chassis # Increase the priority of gw2 ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 gw2 40 -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv1_gw2_ofport,$hv1_gw1_ofport \ | wc -l], [0], [1 ]) -OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=37 | \ +OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=40 | \ grep active_backup | grep members:$hv2_gw2_ofport,$hv2_gw1_ofport \ | wc -l], [0], [1 ]) @@ -16401,25 +16401,25 @@ sleep 2 # Get total number of ipv4 packets that received on ovs # sender side -flow=$(as hv1 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ip,metadata=0x1) +flow=$(as hv1 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ip,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # receiver side -flow=$(as hv2 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ip,metadata=0x1) +flow=$(as hv2 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ip,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # Get total number of ipv6 packets that received on ovs # sender side -flow=$(as hv1 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ipv6,metadata=0x1) +flow=$(as hv1 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ipv6,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # receiver side -flow=$(as hv2 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ipv6,metadata=0x1) +flow=$(as hv2 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ipv6,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 @@ -17979,17 +17979,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18024,17 +18024,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1 || ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the second less restrictive allow ACL should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Remove the less restrictive allow ACL. @@ -18042,17 +18042,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the 10.0.0.1 conjunction should have been reinstalled. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18082,17 +18082,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Add another ACL that overlaps with the existing less restrictive ones. @@ -18103,20 +18103,20 @@ check ovn-nbctl --wait=hv sync # with an additional conjunction action. # # New non-conjunctive flows should be added to match on 'udp'. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() - table=44, priority=1003,udp,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,udp6,metadata=0x1 actions=resubmit(,45) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,udp,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,udp6,metadata=0x1 actions=resubmit(,48) ]) OVN_CLEANUP([hv1]) @@ -18171,17 +18171,17 @@ check ovn-nbctl acl-add pg1 to-lport 100 'outport == @pg1 && ip4.src == $as2' al wait_for_ports_up check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=44 -AT_CHECK([test `ovs-ofctl dump-flows br-int table=44 | grep -c conj_id` = 2]) +ovs-ofctl dump-flows br-int table=47 +AT_CHECK([test `ovs-ofctl dump-flows br-int table=47 | grep -c conj_id` = 2]) echo ------- # Add another address in as1, so that the 1st ACL will now generate 2 conjunctions. ovn-nbctl set address_set as1 addresses="10.0.0.1,10.0.0.2" check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=44 +ovs-ofctl dump-flows br-int table=47 # There should be 3 conjunctions in total (2 from 1st ACL + 1 from 2nd ACL) -AT_CHECK([test `ovs-ofctl dump-flows br-int table=44 | grep -c conj_id` = 3]) +AT_CHECK([test `ovs-ofctl dump-flows br-int table=47 | grep -c conj_id` = 3]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -21144,8 +21144,8 @@ check_virtual_offlows_present() { lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key external_ids:name=lr0)) lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key logical_port=lr0-public)) - AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl - table=44, priority=2000,ip,metadata=0x$sw0_dp_key actions=resubmit(,45) + AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=47,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl + table=47, priority=2000,ip,metadata=0x$sw0_dp_key actions=resubmit(,48) ]) AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ @@ -21156,7 +21156,7 @@ check_virtual_offlows_present() { check_virtual_offlows_not_present() { hv=$1 - AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl + AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=47,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl ]) AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ @@ -28067,22 +28067,22 @@ AT_CHECK([test ! -z $p1_zoneid]) p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p2 | sed 's/"//g') AT_CHECK([test ! -z $p2_zoneid]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw1_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw1_dpkey},\ reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw1_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw1_dpkey},\ reg15=0x${p2_dpkey} | grep "load:0x${p2_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) ovs-vsctl set interface hv1-vif1 external_ids:iface-id=foo OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xdown]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') @@ -28094,16 +28094,16 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') AT_CHECK([test ! -z $p1_zoneid]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) ovs-vsctl del-port hv1-vif2 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xdown]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 0]) p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p2 | sed 's/"//g') @@ -28111,7 +28111,7 @@ AT_CHECK([test -z $p2_zoneid]) ovn-nbctl lsp-del sw0-p1 -OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') @@ -30566,46 +30566,46 @@ AT_CHECK([kill -0 $(cat hv1/ovn-controller.pid)]) check ovn-nbctl --wait=hv sync # Check OVS flows are installed properly. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=2002" | grep conjunction | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/reg15=0x[[1-9]]/reg15=0xN/g' | sort], [0], [dnl - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() ]) OVN_CLEANUP([hv1]) @@ -31780,7 +31780,7 @@ ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=l ovs-vsctl add-port br-int lsp0-1 -- set interface lsp0-1 external_ids:iface-id=lsp0-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 22]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 22]) # Save the current lflow_run counter lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) @@ -31790,7 +31790,7 @@ lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) # 1. Remove half of the ports from pg1. The excepted conjunction flows should be: # 2 + 10 = 12 check ovn-nbctl --wait=hv pg-set-ports pg1 $(for i in 0 1 2 3 4; do for j in 0 1; do echo lsp${i}-${j}; done; done) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 2. Unbind lsp0-0. The there shouldn't be any conjunction flows because the # port group const set should have only one member (lsp0-1). And the total @@ -31798,25 +31798,25 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l # 10. ovs-vsctl del-port br-int lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 0]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep 192.168 | wc -l) == 10]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 0]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep 192.168 | wc -l) == 10]) # 3. Rebind lsp0-0. The expected conjunction flows are back to 12. ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 4. Bind a lsp (lsp9-0) that doesn't belong to pg1, should not see any change. ovs-vsctl add-port br-int lsp9-0 -- set interface lsp9-0 external_ids:iface-id=lsp9-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 5. Bind another 2 lsps (lsp1-0 lsp1-1) that belong to pg1 and on a different # LS (ls1), should see conjunction flows doubled (12 x 2 = 24) ovs-vsctl add-port br-int lsp1-0 -- set interface lsp1-0 external_ids:iface-id=lsp1-0 ovs-vsctl add-port br-int lsp1-1 -- set interface lsp1-1 external_ids:iface-id=lsp1-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 24]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 24]) # 6. Simulate a SB port-group "del and add" notification to ovn-controller in the # same IDL iteration. ovn-controller should still program the same flows. In @@ -31841,7 +31841,7 @@ for i in $(seq 1 10); do check ovn-nbctl --wait=hv sync # Finally check flow count is the same as before. - AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 24]) + AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 24]) done # Make sure all the above was performed with I-P (no recompute) @@ -32247,8 +32247,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip4.src == 10.0. # The first ACL should be programmed, but the second one shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.111], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.111], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [1], [ignore]) # Now create the lport lp2. check ovn-nbctl lsp-add lsw0 lp2 \ @@ -32256,12 +32256,12 @@ check ovn-nbctl lsp-add lsw0 lp2 \ check ovn-nbctl --wait=hv sync # Now the second ACL should be programmed. -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [0], [ignore]) # Remove the lport lp2 again, the OVS flow for the second ACL should be # removed. check ovn-nbctl --wait=hv lsp-del lp2 -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [1], [ignore]) # Test similar scenario but when the referenced lport is not bound locally. @@ -32275,8 +32275,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'inport == "lp4" && ip4.dst == 10.0.0 # The ACL for lp3 should be programmed, but the one for lp4 shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.133], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.144], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.133], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.144], [1], [ignore]) # Now create the lport lp4. check ovn-nbctl lsp-add lsw0 lp4 \ @@ -32284,7 +32284,7 @@ check ovn-nbctl lsp-add lsw0 lp4 \ # Now the ACL for lp4 should be programmed. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.144], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.144], [0], [ignore]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -33718,7 +33718,7 @@ check ovn-nbctl --wait=hv sync # Use constants so that if tables or registers change, this test can # be updated easily. DNAT_TABLE=15 -SNAT_TABLE=43 +SNAT_TABLE=46 DNAT_ZONE_REG="NXM_NX_REG11[[0..15]]" SNAT_ZONE_REG="NXM_NX_REG12[[0..15]]" diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at index 7db2258e4..ca434602b 100644 --- a/tests/system-ovn-kmod.at +++ b/tests/system-ovn-kmod.at @@ -176,7 +176,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:12345,192 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=43 | grep 'nat(src=20.0.0.2)']) +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=46 | grep 'nat(src=20.0.0.2)']) dnl Test load-balancing that includes L4 ports in NAT. for i in `seq 1 20`; do diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 3ede60f0a..e9ed845f0 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -2246,7 +2246,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=43 | \ +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=46 | \ grep 'nat(src=20.0.0.2)']) check ovs-appctl dpctl/flush-conntrack @@ -2285,7 +2285,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=43 | \ +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=46 | \ grep 'nat(src=20.0.0.2)']) rm -f wget*.log @@ -5084,7 +5084,7 @@ OVS_WAIT_UNTIL([ ]) OVS_WAIT_UNTIL([ - n_pkt=$(ovs-ofctl dump-flows br-int table=44 | grep -v n_packets=0 | \ + n_pkt=$(ovs-ofctl dump-flows br-int table=47 | grep -v n_packets=0 | \ grep controller | grep tp_dst=84 -c) test $n_pkt -eq 1 ]) @@ -5334,7 +5334,7 @@ OVS_WAIT_UNTIL([ ]) OVS_WAIT_UNTIL([ - n_pkt=$(ovs-ofctl dump-flows br-int table=44 | grep -v n_packets=0 | \ + n_pkt=$(ovs-ofctl dump-flows br-int table=47 | grep -v n_packets=0 | \ grep controller | grep tp_dst=84 -c) test $n_pkt -eq 1 ]) From patchwork Wed May 3 20:13:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776647 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MXpzd7IV; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSp80y1Zz20fg for ; Thu, 4 May 2023 06:14:07 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C7B9083D13; Wed, 3 May 2023 20:14:05 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C7B9083D13 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MXpzd7IV X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKC26Hy4nY05; Wed, 3 May 2023 20:14:00 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id 2F3C683CC2; Wed, 3 May 2023 20:13:59 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 2F3C683CC2 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 99A3AC0092; Wed, 3 May 2023 20:13:58 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 14046C008B for ; Wed, 3 May 2023 20:13:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 1153041DB7 for ; Wed, 3 May 2023 20:13:56 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 1153041DB7 Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MXpzd7IV X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzPsO8v-XwTZ for ; Wed, 3 May 2023 20:13:51 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org AC03040236 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id AC03040236 for ; Wed, 3 May 2023 20:13:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144830; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m/G9G+TWovyVOWAdEWq0zCusVp+HjiWXTRwNnpsLEs0=; b=MXpzd7IVMAf8fcs03hcqiZlYZdPgUAH1LD2n/jnZfrN18JNsBNKVlggF68nIeJf1OX8ARo 9nSV/J0Ou3Cab0OIk11Zdzvhsfum0R+tmbKereDFZ0VUurOBBv00z4y/8dXX3HaaSzU1Y5 vsONDwRpXVTRk8NR4JB0f8bpxofQNLQ= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-144-Y5ntkhZ1OMiYnCSd3OBL0A-1; Wed, 03 May 2023 16:13:49 -0400 X-MC-Unique: Y5ntkhZ1OMiYnCSd3OBL0A-1 Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-5ee8e5e93d7so30411376d6.1 for ; Wed, 03 May 2023 13:13:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144829; x=1685736829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m/G9G+TWovyVOWAdEWq0zCusVp+HjiWXTRwNnpsLEs0=; b=f5PP/uwBjtqI6UX69+WdNRzTUIauDZ1wImiFuoChylrS5oiobchiWm1WtSe1W1KwRx N3oy4L2o1QnnTkYUhX8RzoVPbLhTODuidVhHNRAHKwccH5Qy4hvc1o9Awv6a0rXtZ6uW rDjihToDV9emjV6OirDHRWX22umYYDNOGyNhU/HFJQZboLl1YcRuv0MAJN8t+zy17NKb Okcj+soNn9wBg7nrOvvWqLu7y+Bqj76RZolPdL+yBvxFfHiNh12WQXsCS9oP35lBPgnA Htl/dl9NR1SaQFu59TIGcZ+REgNZluVQ5dgCOcG9YTTW0P6E4ZvXuSIT7gxD7k7df71X kgpg== X-Gm-Message-State: AC+VfDyorlg8zxdoumbh9tEPWKWebvbnG0EvgR+oxwoMZvUcfaTOOY6o mGfaqi3TlcN8ee0W0HJTLiZQ00AA8UG3dMfwIWOF4okvP4NhEZv0T2mTC/bJ7BQeQ7CD/AFzzS7 r/qOc7Tf9j3fg8h42hTyIRID2Z+9esd2IuQ5McNUXMRUuIdslL210p4jWa2x5v7t5002LWxG3 X-Received: by 2002:a05:6214:d4e:b0:60b:b575:8e86 with SMTP id 14-20020a0562140d4e00b0060bb5758e86mr12396836qvr.44.1683144828371; Wed, 03 May 2023 13:13:48 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7tVbqwfOgPHrJ9c6rgfePcgFlmQNciOB9wpcG/MPAV62ky+jRN+l4UaIUch61tuths84nlOQ== X-Received: by 2002:a05:6214:d4e:b0:60b:b575:8e86 with SMTP id 14-20020a0562140d4e00b0060bb5758e86mr12396780qvr.44.1683144827753; Wed, 03 May 2023 13:13:47 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:47 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:36 +0000 Message-Id: <20230503201337.46104-6-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 5/6] Implement MTU Path Discovery for multichassis ports X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When a multichassis port belongs to a switch with a localnet port, packets originating or directed to the multichassis port are NOT sent thorugh the localnet port. Instead, tunneling is enforced in-cluster to guarantee delivery of all packets to all chassis of the port. This behavior has an unfortunate side effect, where - because of additional tunnel header added to each packet - the effective MTU of the path for multichassis ports changes from what's set as mtu_request. This effectively makes OVN to black hole all packets for the port that use full capacity of the interface MTU. This breaks usual TCP / UDP services, among other things (SSH, iperf sessions etc.) This patch adds flows so that - (in table 38) detect too-big packets (table 38), and then - (in table 39) icmp fragmentation needed / too big errors are sent back to offending port. Once the error is received, the sender is expected to adjust the route MTU accordingly, sending the next packets with the new path MTU. After a multichassis port is re-assigned to a single chassis, the effective path MTU is restored to "usual". Peers will eventually see their "learned" path MTU cache expire, which will make them switch back to the "usual" MTU. Among other scenarios, this patch helps to maintain existing services working during live migration of a VM, if multichassis ports are used. (E.g. in OpenStack Nueutron.) Fixes: 7084cf437421 ("Always funnel multichassis port traffic through tunnels") Signed-off-by: Ihar Hrachyshka --- NEWS | 6 + controller/ovn-controller.c | 3 + controller/physical.c | 293 +++++++++++++++++++++++++++++++++++- controller/physical.h | 1 + lib/ovn-util.h | 11 ++ tests/ovn.at | 263 ++++++++++++++++++++++++++++++++ 6 files changed, 572 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 60467581a..9d5eef268 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,12 @@ Post v23.03.0 existing behaviour of flooding these arp requests to all attached Ports. - Always allow IPv6 Router Discovery, Neighbor Discovery, and Multicast Listener Discovery protocols, regardless of ACLs defined. + - Send ICMP Fragmentation Needed packets back to offending ports when + communicating with multichassis ports using frames that don't fit through a + tunnel. This is done only for logical switches that are attached to a + physical network via a localnet port, in which case multichassis ports may + have an effective MTU different from regular ports and hence may need this + mechanism to maintain connectivity with other peers in the network. OVN v23.03.0 - 03 Mar 2023 -------------------------- diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index c094cb74d..9359925fa 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -4083,6 +4083,9 @@ static void init_physical_ctx(struct engine_node *node, p_ctx->patch_ofports = &non_vif_data->patch_ofports; p_ctx->chassis_tunnels = &non_vif_data->chassis_tunnels; + struct controller_engine_ctx *ctrl_ctx = engine_get_context()->client_ctx; + p_ctx->if_mgr = ctrl_ctx->if_mgr; + pflow_output_get_debug(node, &p_ctx->debug); } diff --git a/controller/physical.c b/controller/physical.c index 1b0482e3b..a2a25d067 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -41,6 +41,7 @@ #include "lib/ovn-sb-idl.h" #include "lib/ovn-util.h" #include "ovn/actions.h" +#include "if-status.h" #include "physical.h" #include "pinctrl.h" #include "openvswitch/shash.h" @@ -91,6 +92,7 @@ physical_register_ovs_idl(struct ovsdb_idl *ovs_idl) ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name); + ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_mtu); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_ofport); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_external_ids); } @@ -1104,6 +1106,273 @@ setup_activation_strategy(const struct sbrec_port_binding *binding, } } +static size_t +encode_start_controller_op(enum action_opcode opcode, bool pause, + uint32_t meter_id, struct ofpbuf *ofpacts) +{ + size_t ofs = ofpacts->size; + + struct ofpact_controller *oc = ofpact_put_CONTROLLER(ofpacts); + oc->max_len = UINT16_MAX; + oc->reason = OFPR_ACTION; + oc->pause = pause; + if (!ovs_feature_is_supported(OVS_DP_METER_SUPPORT)) { + meter_id = NX_CTLR_NO_METER; + } + oc->meter_id = meter_id; + + struct action_header ah = { .opcode = htonl(opcode) }; + ofpbuf_put(ofpacts, &ah, sizeof ah); + + return ofs; +} + +static void +encode_finish_controller_op(size_t ofs, struct ofpbuf *ofpacts) +{ + struct ofpact_controller *oc = ofpbuf_at_assert(ofpacts, ofs, sizeof *oc); + ofpacts->header = oc; + oc->userdata_len = ofpacts->size - (ofs + sizeof *oc); + ofpact_finish_CONTROLLER(ofpacts, &oc); +} + +/* + * Insert a flow to determine if an IP packet is too big for the corresponding + * egress interface. + */ +static void +determine_if_pkt_too_big(struct ovn_desired_flow_table *flow_table, + const struct sbrec_port_binding *binding, + const struct sbrec_port_binding *mcp, + uint16_t mtu, bool is_ipv6, int direction) +{ + struct ofpbuf ofpacts; + ofpbuf_init(&ofpacts, 0); + + /* Store packet too large flag in reg9[1]. */ + struct match match; + match_init_catchall(&match); + match_set_dl_type(&match, htons(is_ipv6 ? ETH_TYPE_IPV6 : ETH_TYPE_IP)); + match_set_metadata(&match, htonll(binding->datapath->tunnel_key)); + match_set_reg(&match, direction - MFF_REG0, mcp->tunnel_key); + + /* reg9[1] is REGBIT_PKT_LARGER as defined by northd */ + struct ofpact_check_pkt_larger *pkt_larger = + ofpact_put_CHECK_PKT_LARGER(&ofpacts); + pkt_larger->pkt_len = mtu; + pkt_larger->dst.field = mf_from_id(MFF_REG9); + pkt_larger->dst.ofs = 1; + + put_resubmit(OFTABLE_OUTPUT_LARGE_PKT_PROCESS, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_DETECT, 100, + binding->header_.uuid.parts[0], &match, &ofpacts, + &binding->header_.uuid); + ofpbuf_uninit(&ofpacts); +} + +/* + * Insert a flow to reply with ICMP error for IP packets that are too big for + * the corresponding egress interface. + */ +/* + * NOTE(ihrachys) This reimplements icmp_error as found in + * build_icmperr_pkt_big_flows. We may look into reusing the existing OVN + * action for this flow in the future. + */ +static void +reply_imcp_error_if_pkt_too_big(struct ovn_desired_flow_table *flow_table, + const struct sbrec_port_binding *binding, + const struct sbrec_port_binding *mcp, + uint16_t mtu, bool is_ipv6, int direction) +{ + struct match match; + match_init_catchall(&match); + match_set_dl_type(&match, htons(is_ipv6 ? ETH_TYPE_IPV6 : ETH_TYPE_IP)); + match_set_metadata(&match, htonll(binding->datapath->tunnel_key)); + match_set_reg(&match, direction - MFF_REG0, mcp->tunnel_key); + match_set_reg_masked(&match, MFF_REG9 - MFF_REG0, 1 << 1, 1 << 1); + + /* Return ICMP error with a part of the original IP packet included. */ + struct ofpbuf ofpacts; + ofpbuf_init(&ofpacts, 0); + size_t oc_offset = encode_start_controller_op( + ACTION_OPCODE_ICMP, true, NX_CTLR_NO_METER, &ofpacts); + + struct ofpbuf inner_ofpacts; + ofpbuf_init(&inner_ofpacts, 0); + + /* The error packet is no longer too large, set REGBIT_PKT_LARGER = 0 */ + /* reg9[1] is REGBIT_PKT_LARGER as defined by northd */ + ovs_be32 value = htonl(0); + ovs_be32 mask = htonl(1 << 1); + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_REG9), &value, &mask); + + /* The new error packet is delivered locally */ + /* REGBIT_EGRESS_LOOPBACK = 1 */ + value = htonl(1 << MLF_ALLOW_LOOPBACK_BIT); + mask = htonl(1 << MLF_ALLOW_LOOPBACK_BIT); + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_LOG_FLAGS), &value, &mask); + + /* eth.src <-> eth.dst */ + put_stack(MFF_ETH_DST, ofpact_put_STACK_PUSH(&inner_ofpacts)); + put_stack(MFF_ETH_SRC, ofpact_put_STACK_PUSH(&inner_ofpacts)); + put_stack(MFF_ETH_DST, ofpact_put_STACK_POP(&inner_ofpacts)); + put_stack(MFF_ETH_SRC, ofpact_put_STACK_POP(&inner_ofpacts)); + + /* ip.src <-> ip.dst */ + put_stack(is_ipv6 ? MFF_IPV6_DST : MFF_IPV4_DST, + ofpact_put_STACK_PUSH(&inner_ofpacts)); + put_stack(is_ipv6 ? MFF_IPV6_SRC : MFF_IPV4_SRC, + ofpact_put_STACK_PUSH(&inner_ofpacts)); + put_stack(is_ipv6 ? MFF_IPV6_DST : MFF_IPV4_DST, + ofpact_put_STACK_POP(&inner_ofpacts)); + put_stack(is_ipv6 ? MFF_IPV6_SRC : MFF_IPV4_SRC, + ofpact_put_STACK_POP(&inner_ofpacts)); + + /* ip.ttl = 255 */ + struct ofpact_ip_ttl *ip_ttl = ofpact_put_SET_IP_TTL(&inner_ofpacts); + ip_ttl->ttl = 255; + + uint16_t frag_mtu = mtu - ETHERNET_OVERHEAD; + size_t frag_mtu_oc_offset; + if (is_ipv6) { + /* icmp6.type = 2 (Packet Too Big) */ + /* icmp6.code = 0 */ + uint8_t icmp_type = 2; + uint8_t icmp_code = 0; + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_ICMPV6_TYPE), &icmp_type, NULL); + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_ICMPV6_CODE), &icmp_code, NULL); + + /* icmp6.frag_mtu */ + frag_mtu_oc_offset = encode_start_controller_op( + ACTION_OPCODE_PUT_ICMP6_FRAG_MTU, true, NX_CTLR_NO_METER, + &inner_ofpacts); + ovs_be32 frag_mtu_ovs = htonl(frag_mtu); + ofpbuf_put(&inner_ofpacts, &frag_mtu_ovs, sizeof(frag_mtu_ovs)); + } else { + /* icmp4.type = 3 (Destination Unreachable) */ + /* icmp4.code = 4 (Fragmentation Needed) */ + uint8_t icmp_type = 3; + uint8_t icmp_code = 4; + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_ICMPV4_TYPE), &icmp_type, NULL); + ofpact_put_set_field( + &inner_ofpacts, mf_from_id(MFF_ICMPV4_CODE), &icmp_code, NULL); + + /* icmp4.frag_mtu = */ + frag_mtu_oc_offset = encode_start_controller_op( + ACTION_OPCODE_PUT_ICMP4_FRAG_MTU, true, NX_CTLR_NO_METER, + &inner_ofpacts); + ovs_be16 frag_mtu_ovs = htons(frag_mtu); + ofpbuf_put(&inner_ofpacts, &frag_mtu_ovs, sizeof(frag_mtu_ovs)); + } + encode_finish_controller_op(frag_mtu_oc_offset, &inner_ofpacts); + + /* Finally, submit the ICMP error back to the ingress pipeline */ + put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &inner_ofpacts); + + /* Attach nested actions to ICMP error controller handler */ + ofpacts_put_openflow_actions(inner_ofpacts.data, inner_ofpacts.size, + &ofpacts, OFP15_VERSION); + + /* Finalize the ICMP error controller handler */ + encode_finish_controller_op(oc_offset, &ofpacts); + + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_PROCESS, 100, + binding->header_.uuid.parts[0], &match, &ofpacts, + &binding->header_.uuid); + + ofpbuf_uninit(&inner_ofpacts); + ofpbuf_uninit(&ofpacts); +} + +static uint16_t +get_tunnel_overhead(struct chassis_tunnel const *tun) +{ + uint16_t overhead = 0; + enum chassis_tunnel_type type = tun->type; + if (type == GENEVE) { + overhead += GENEVE_TUNNEL_OVERHEAD; + } else if (type == STT) { + overhead += STT_TUNNEL_OVERHEAD; + } else if (type == VXLAN) { + overhead += VXLAN_TUNNEL_OVERHEAD; + } else { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + VLOG_WARN_RL(&rl, "Unknown tunnel type %d, can't determine overhead " + "size for Path MTU Discovery", type); + return 0; + } + overhead += tun->is_ipv6? IPV6_HEADER_LEN : IPV4_HEADER_LEN; + return overhead; +} + +static uint16_t +get_effective_mtu(const struct sbrec_port_binding *mcp, + struct ovs_list *remote_tunnels, + const struct if_status_mgr *if_mgr) +{ + /* Use interface MTU as a base for calculation */ + uint16_t iface_mtu = if_status_mgr_iface_get_mtu(if_mgr, + mcp->logical_port); + if (!iface_mtu) { + return 0; + } + + /* Iterate over all peer tunnels and find the biggest tunnel overhead */ + uint16_t overhead = 0; + struct tunnel *tun; + LIST_FOR_EACH (tun, list_node, remote_tunnels) { + uint16_t tunnel_overhead = get_tunnel_overhead(tun->tun); + if (tunnel_overhead > overhead) { + overhead = tunnel_overhead; + } + } + if (!overhead) { + return 0; + } + + return iface_mtu - overhead; +} + +static void +handle_pkt_too_big_for_ip_version(struct ovn_desired_flow_table *flow_table, + const struct sbrec_port_binding *binding, + const struct sbrec_port_binding *mcp, + uint16_t mtu, bool is_ipv6) +{ + /* ingress */ + determine_if_pkt_too_big(flow_table, binding, mcp, mtu, is_ipv6, + MFF_LOG_INPORT); + reply_imcp_error_if_pkt_too_big(flow_table, binding, mcp, mtu, is_ipv6, + MFF_LOG_INPORT); + + /* egress */ + determine_if_pkt_too_big(flow_table, binding, mcp, mtu, is_ipv6, + MFF_LOG_OUTPORT); + reply_imcp_error_if_pkt_too_big(flow_table, binding, mcp, mtu, is_ipv6, + MFF_LOG_OUTPORT); +} + +static void +handle_pkt_too_big(struct ovn_desired_flow_table *flow_table, + struct ovs_list *remote_tunnels, + const struct sbrec_port_binding *binding, + const struct sbrec_port_binding *mcp, + const struct if_status_mgr *if_mgr) +{ + uint16_t mtu = get_effective_mtu(mcp, remote_tunnels, if_mgr); + if (!mtu) { + return; + } + handle_pkt_too_big_for_ip_version(flow_table, binding, mcp, mtu, false); + handle_pkt_too_big_for_ip_version(flow_table, binding, mcp, mtu, true); +} + static void enforce_tunneling_for_multichassis_ports( struct local_datapath *ld, @@ -1111,7 +1380,8 @@ enforce_tunneling_for_multichassis_ports( const struct sbrec_chassis *chassis, const struct hmap *chassis_tunnels, enum mf_field_id mff_ovn_geneve, - struct ovn_desired_flow_table *flow_table) + struct ovn_desired_flow_table *flow_table, + const struct if_status_mgr *if_mgr) { if (shash_is_empty(&ld->multichassis_ports)) { return; @@ -1156,6 +1426,8 @@ enforce_tunneling_for_multichassis_ports( binding->header_.uuid.parts[0], &match, &ofpacts, &binding->header_.uuid); ofpbuf_uninit(&ofpacts); + + handle_pkt_too_big(flow_table, tuns, binding, mcp, if_mgr); } struct tunnel *tun_elem; @@ -1177,6 +1449,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, const struct sbrec_port_binding *binding, const struct sbrec_chassis *chassis, const struct physical_debug *debug, + const struct if_status_mgr *if_mgr, struct ovn_desired_flow_table *flow_table, struct ofpbuf *ofpacts_p) { @@ -1602,8 +1875,10 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, binding->header_.uuid.parts[0], &match, ofpacts_p, &binding->header_.uuid); - enforce_tunneling_for_multichassis_ports( - ld, binding, chassis, chassis_tunnels, mff_ovn_geneve, flow_table); + enforce_tunneling_for_multichassis_ports(ld, binding, chassis, + chassis_tunnels, + mff_ovn_geneve, flow_table, + if_mgr); /* No more tunneling to set up. */ goto out; @@ -1908,7 +2183,7 @@ physical_eval_port_binding(struct physical_ctx *p_ctx, p_ctx->patch_ofports, p_ctx->chassis_tunnels, pb, p_ctx->chassis, &p_ctx->debug, - flow_table, &ofpacts); + p_ctx->if_mgr, flow_table, &ofpacts); ofpbuf_uninit(&ofpacts); } @@ -2032,7 +2307,7 @@ physical_run(struct physical_ctx *p_ctx, p_ctx->patch_ofports, p_ctx->chassis_tunnels, binding, p_ctx->chassis, &p_ctx->debug, - flow_table, &ofpacts); + p_ctx->if_mgr, flow_table, &ofpacts); } /* Handle output to multicast groups, in tables 40 and 41. */ @@ -2176,6 +2451,14 @@ physical_run(struct physical_ctx *p_ctx, ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_DETECT, 0, 0, &match, &ofpacts, hc_uuid); + match_init_catchall(&match); + match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0, + MLF_ALLOW_LOOPBACK, MLF_ALLOW_LOOPBACK); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_PROCESS, 10, 0, + &match, &ofpacts, hc_uuid); + match_init_catchall(&match); ofpbuf_clear(&ofpacts); put_resubmit(OFTABLE_REMOTE_OUTPUT, &ofpacts); diff --git a/controller/physical.h b/controller/physical.h index f450dca94..396bcb138 100644 --- a/controller/physical.h +++ b/controller/physical.h @@ -57,6 +57,7 @@ struct physical_ctx { const struct sbrec_chassis_table *chassis_table; const struct sbrec_chassis *chassis; const struct sset *active_tunnels; + const struct if_status_mgr *if_mgr; struct hmap *local_datapaths; struct sset *local_lports; const struct simap *ct_zones; diff --git a/lib/ovn-util.h b/lib/ovn-util.h index 7cf861dbc..7ec2bca48 100644 --- a/lib/ovn-util.h +++ b/lib/ovn-util.h @@ -29,6 +29,17 @@ #define ROUTE_ORIGIN_CONNECTED "connected" #define ROUTE_ORIGIN_STATIC "static" +#define ETH_HEADER_LENGTH 14 +#define ETH_CRC_LENGTH 4 +#define ETHERNET_OVERHEAD (ETH_HEADER_LENGTH + ETH_CRC_LENGTH) + +#define IPV4_HEADER_LEN 20 +#define IPV6_HEADER_LEN 40 + +#define GENEVE_TUNNEL_OVERHEAD 38 +#define STT_TUNNEL_OVERHEAD 18 +#define VXLAN_TUNNEL_OVERHEAD 30 + struct eth_addr; struct nbrec_logical_router_port; struct ovsrec_flow_sample_collector_set_table; diff --git a/tests/ovn.at b/tests/ovn.at index dccd5e131..56588a20c 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -15194,6 +15194,269 @@ OVN_CLEANUP([hv1],[hv2],[hv3]) AT_CLEANUP ]) +m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], + [OVN_FOR_EACH_NORTHD([ + AT_SETUP([localnet connectivity with multiple requested-chassis, path mtu discovery (ip=$1, tunnel=$2, mtu=$3)]) + AT_KEYWORDS([multi-chassis]) + AT_SKIP_IF([test $HAVE_SCAPY = no]) + + ovn_start + + net_add n1 + for i in 1 2; do + sim_add hv$i + as hv$i + check ovs-vsctl add-br br-phys + if test "x$1" = "xipv6"; then + ovn_attach n1 br-phys fd00::$i 64 $2 + else + ovn_attach n1 br-phys 192.168.0.$i 24 $2 + fi + check ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys + done + + first_mac=00:00:00:00:00:01 + second_mac=00:00:00:00:00:02 + multi1_mac=00:00:00:00:00:f0 + multi2_mac=00:00:00:00:00:f1 + first_ip=10.0.0.1 + second_ip=10.0.0.2 + multi1_ip=10.0.0.10 + multi2_ip=10.0.0.20 + first_ip6=abcd::1 + second_ip6=abcd::2 + multi1_ip6=abcd::f0 + multi2_ip6=abcd::f1 + + check ovn-nbctl ls-add ls0 + check ovn-nbctl lsp-add ls0 first + check ovn-nbctl lsp-add ls0 second + check ovn-nbctl lsp-add ls0 multi1 + check ovn-nbctl lsp-add ls0 multi2 + check ovn-nbctl lsp-set-addresses first "${first_mac} ${first_ip} ${first_ip6}" + check ovn-nbctl lsp-set-addresses second "${second_mac} ${second_ip} ${second_ip6}" + check ovn-nbctl lsp-set-addresses multi1 "${multi1_mac} ${multi1_ip} ${multi1_ip6}" + check ovn-nbctl lsp-set-addresses multi2 "${multi2_mac} ${multi2_ip} ${multi2_ip6}" + + check ovn-nbctl lsp-add ls0 public + check ovn-nbctl lsp-set-type public localnet + check ovn-nbctl lsp-set-addresses public unknown + check ovn-nbctl lsp-set-options public network_name=phys + + check ovn-nbctl lsp-set-options first requested-chassis=hv1 + check ovn-nbctl lsp-set-options second requested-chassis=hv2 + check ovn-nbctl lsp-set-options multi1 requested-chassis=hv1,hv2 + check ovn-nbctl lsp-set-options multi2 requested-chassis=hv1,hv2 + + as hv1 check ovs-vsctl -- add-port br-int first -- \ + set Interface first external-ids:iface-id=first \ + options:tx_pcap=hv1/first-tx.pcap \ + options:rxq_pcap=hv1/first-rx.pcap \ + ofport-request=1 + as hv2 check ovs-vsctl -- add-port br-int second -- \ + set Interface second external-ids:iface-id=second \ + options:tx_pcap=hv2/second-tx.pcap \ + options:rxq_pcap=hv2/second-rx.pcap \ + ofport-request=2 + + # Create interfaces for multichassis ports on both hv1 and hv2 + for hv in hv1 hv2; do + for i in 1 2; do + as $hv check ovs-vsctl -- add-port br-int multi${i} -- \ + set Interface multi${i} external-ids:iface-id=multi${i} \ + options:tx_pcap=$hv/multi${i}-tx.pcap \ + options:rxq_pcap=$hv/multi${i}-rx.pcap \ + ofport-request=${i}00 + done + done + + send_ip_packet() { + local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv4_src=${5} ipv4_dst=${6} data=${7} fail=${8} + packet=$(fmt_pkt " + Ether(dst='${eth_dst}', src='${eth_src}') / + IP(src='${ipv4_src}', dst='${ipv4_dst}') / + ICMP(type=8) / bytes.fromhex('${data}') + ") + as hv${hv} ovs-appctl netdev-dummy/receive ${inport} ${packet} + if [[ x"${fail}" != x0 ]]; then + original_ip_frame=$(fmt_pkt " + IP(src='${ipv4_src}', dst='${ipv4_dst}') / + ICMP(type=8) / bytes.fromhex('${data}') + ") + # IP(flags=2) means DF (Don't Fragment) = 1 + # ICMP(type=3, code=4) means Destination Unreachable, Fragmentation Needed + packet=$(fmt_pkt " + Ether(dst='${eth_src}', src='${eth_dst}') / + IP(src='${ipv4_dst}', dst='${ipv4_src}', ttl=255, flags=2, id=0) / + ICMP(type=3, code=4, nexthopmtu=$3) / + bytes.fromhex('${original_ip_frame:0:$((534 * 2))}') + ") + fi + echo ${packet} + } + + send_ip6_packet() { + local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv6_src=${5} ipv6_dst=${6} data=${7} fail=${8} + packet=$(fmt_pkt " + Ether(dst='${eth_dst}', src='${eth_src}') / + IPv6(src='${ipv6_src}', dst='${ipv6_dst}') / + ICMPv6EchoRequest() / bytes.fromhex('${data}') + ") + as hv${hv} ovs-appctl netdev-dummy/receive ${inport} ${packet} + if [[ x"${fail}" != x0 ]]; then + original_ip_frame=$(fmt_pkt " + IPv6(src='${ipv6_src}', dst='${ipv6_dst}') / + ICMPv6EchoRequest() / bytes.fromhex('${data}') + ") + packet=$(fmt_pkt " + Ether(dst='${eth_src}', src='${eth_dst}') / + IPv6(src='${ipv6_dst}', dst='${ipv6_src}', hlim=255) / + ICMPv6PacketTooBig(mtu=$3) / + bytes.fromhex('${original_ip_frame:0:$((1218 * 2))}') + ") + fi + echo ${packet} + } + + reset_env() { + for port in first multi1 multi2; do + as hv1 reset_pcap_file $port hv1/$port + done + for port in second multi1 multi2; do + as hv2 reset_pcap_file $port hv2/$port + done + for port in hv1/multi1 hv2/multi1 hv1/multi2 hv2/multi2 hv1/first hv2/second; do + : > $port.expected + done + } + + check_pkts() { + for port in hv1/multi1 hv2/multi1 hv1/multi2 hv2/multi2 hv1/first hv2/second; do + OVN_CHECK_PACKETS_REMOVE_BROADCAST([${port}-tx.pcap], [${port}.expected]) + done + } + + payload() { + echo $(cat /dev/urandom | tr -cd 'a-f0-9' | head -c ${1}) + } + + wait_for_ports_up + OVN_POPULATE_ARP + + reset_env + + AS_BOX([Packets of proper size are delivered from multichassis to regular ports]) + + len=1000 + packet=$(send_ip_packet multi1 1 $multi1_mac $first_mac $multi1_ip $first_ip $(payload $len) 0) + echo $packet >> hv1/first.expected + + packet=$(send_ip_packet multi1 1 $multi1_mac $second_mac $multi1_ip $second_ip $(payload $len) 0) + echo $packet >> hv2/second.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $first_mac $multi1_ip6 $first_ip6 $(payload $len) 0) + echo $packet >> hv1/first.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $second_mac $multi1_ip6 $second_ip6 $(payload $len) 0) + echo $packet >> hv2/second.expected + + check_pkts + reset_env + + AS_BOX([Oversized packets are not delivered from multichassis to regular ports]) + + len=3000 + packet=$(send_ip_packet multi1 1 $multi1_mac $first_mac $multi1_ip $first_ip $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip_packet multi1 1 $multi1_mac $second_mac $multi1_ip $second_ip $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $first_mac $multi1_ip6 $first_ip6 $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $second_mac $multi1_ip6 $second_ip6 $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + check_pkts + reset_env + + AS_BOX([Packets of proper size are delivered from regular to multichassis ports]) + + len=1000 + packet=$(send_ip_packet first 1 $first_mac $multi1_mac $first_ip $multi1_ip $(payload $len) 0) + echo $packet >> hv1/multi1.expected + echo $packet >> hv2/multi1.expected + + packet=$(send_ip_packet second 2 $second_mac $multi1_mac $second_ip $multi1_ip $(payload $len) 0) + echo $packet >> hv1/multi1.expected + echo $packet >> hv2/multi1.expected + + packet=$(send_ip6_packet first 1 $first_mac $multi1_mac $first_ip6 $multi1_ip6 $(payload $len) 0) + echo $packet >> hv1/multi1.expected + echo $packet >> hv2/multi1.expected + + packet=$(send_ip6_packet second 2 $second_mac $multi1_mac $second_ip6 $multi1_ip6 $(payload $len) 0) + echo $packet >> hv1/multi1.expected + echo $packet >> hv2/multi1.expected + + check_pkts + reset_env + + AS_BOX([Oversized packets are not delivered from regular to multichassis ports]) + + len=3000 + packet=$(send_ip_packet first 1 $first_mac $multi1_mac $first_ip $multi1_ip $(payload $len) 1) + echo $packet >> hv1/first.expected + + packet=$(send_ip_packet second 2 $second_mac $multi1_mac $second_ip $multi1_ip $(payload $len) 1) + echo $packet >> hv2/second.expected + + packet=$(send_ip6_packet first 1 $first_mac $multi1_mac $first_ip6 $multi1_ip6 $(payload $len) 1) + echo $packet >> hv1/first.expected + + packet=$(send_ip6_packet second 2 $second_mac $multi1_mac $second_ip6 $multi1_ip6 $(payload $len) 1) + echo $packet >> hv2/second.expected + + check_pkts + reset_env + + AS_BOX([Packets of proper size are delivered from multichassis to multichassis ports]) + + len=1000 + packet=$(send_ip_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip $multi2_ip $(payload $len) 0) + echo $packet >> hv1/multi2.expected + echo $packet >> hv2/multi2.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip6 $multi2_ip6 $(payload $len) 0) + echo $packet >> hv1/multi2.expected + echo $packet >> hv2/multi2.expected + + check_pkts + reset_env + + AS_BOX([Oversized packets are not delivered from multichassis to multichassis ports]) + + len=3000 + packet=$(send_ip_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip $multi2_ip $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip6 $multi2_ip6 $(payload $len) 1) + echo $packet >> hv1/multi1.expected + + check_pkts + + OVN_CLEANUP([hv1],[hv2]) + + AT_CLEANUP + ])]) + +# NOTE(ihar) no STT variants because it's not supported by upstream kernels +MULTICHASSIS_PATH_MTU_DISCOVERY_TEST([ipv4], [geneve], [1424]) +MULTICHASSIS_PATH_MTU_DISCOVERY_TEST([ipv6], [geneve], [1404]) +MULTICHASSIS_PATH_MTU_DISCOVERY_TEST([ipv4], [vxlan], [1432]) +MULTICHASSIS_PATH_MTU_DISCOVERY_TEST([ipv6], [vxlan], [1412]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([options:activation-strategy for logical port]) AT_KEYWORDS([multi-chassis]) From patchwork Wed May 3 20:13:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776646 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Q/LFwSLI; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QBSp66Dqbz20fg for ; Thu, 4 May 2023 06:14:06 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 366AD41E6E; Wed, 3 May 2023 20:14:02 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 366AD41E6E Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Q/LFwSLI X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Msa9fkk2IMv3; Wed, 3 May 2023 20:13:58 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id BBBC541E36; Wed, 3 May 2023 20:13:56 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org BBBC541E36 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9645AC007A; Wed, 3 May 2023 20:13:56 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id AF22DC0037 for ; Wed, 3 May 2023 20:13:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 6876441D2C for ; Wed, 3 May 2023 20:13:55 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6876441D2C Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Q/LFwSLI X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPayjWxXkBke for ; Wed, 3 May 2023 20:13:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6CD1341D35 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 6CD1341D35 for ; Wed, 3 May 2023 20:13:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683144831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7DAiFoULw2qoSo1cDwD/yAHKk0flrZcUCDC7u29r45g=; b=Q/LFwSLITAtnERXecZXEDLWaaQnHw3pzmBAsaTc9zhytQJaOXmZ7cM/0ya8t1OfRWuOcCB MPQfFLc77J1dv4iXZ7V2zHDchembTwonQfsxTAr/qe3p8NmXcxlrj+4CBozkuxCKZkHdih 1r6tqvc0CbtIBsuigT5cuhkMderCMdg= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-mwZVVgkWNyGVIYXB48xuZA-1; Wed, 03 May 2023 16:13:50 -0400 X-MC-Unique: mwZVVgkWNyGVIYXB48xuZA-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-61af548a8feso27183986d6.0 for ; Wed, 03 May 2023 13:13:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683144829; x=1685736829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7DAiFoULw2qoSo1cDwD/yAHKk0flrZcUCDC7u29r45g=; b=K0rKXvHoEdpeeqZkxspaeEv/KnyWjeU2OGo/EnlNDyp7j1ZCKeb15lY8uNB9WG5PJ/ lTUI8dYM5bqvXPBdP36QNro8blpN2sqarLz14P3KtrGa8XhLYjvMEwOR5mWBM3x3Z5C+ IWtwLyHduH5p74CkuNey5lW7TbYDEmFusqmqvfCCAfKkWf5ASLB5vPcmoefJI39iafI8 W/oJoRj8ZftJ++0SLnDJXDHh4XnJn1D+syi7oa1eL/W/4Q0U4vYbKaXl/Sci51hISDn+ x9DpWmNsYxSsgPq5cTHizB4R+63g48UZS0KzZNN4g5uGm/+hwuF0ssFMiWwfnRyjYEXk YbPA== X-Gm-Message-State: AC+VfDwnW/mdx8EuC0xKa/fjQIUgkuSDewAYWIwqkIQ1DbzbfugCjWKI yL26+43VglDowvwNIDvHDa5vIbsirPQa8XMNRNGHqP54QrleALhGeIVrPs7uxknSUDFvcG5gMy5 q7yyI8MVFvhb5vqz3E7kM0/LKUiMtwPbUS5BEst5mK2DaMHS0pVwIu7TE5xRZW3Qq2HqPUgEh X-Received: by 2002:a05:6214:2689:b0:61a:36d6:41a4 with SMTP id gm9-20020a056214268900b0061a36d641a4mr11678304qvb.32.1683144829152; Wed, 03 May 2023 13:13:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ52dO2r7xeV7VuXEDLVLgGWVPihTZvw4KwA+QDWKCQMfKfy97ubF4A0Vr1pIbT8A40z1rAkmg== X-Received: by 2002:a05:6214:2689:b0:61a:36d6:41a4 with SMTP id gm9-20020a056214268900b0061a36d641a4mr11678268qvb.32.1683144828707; Wed, 03 May 2023 13:13:48 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id z13-20020a0cda8d000000b005ef442226bbsm2476138qvj.8.2023.05.03.13.13.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 13:13:48 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 20:13:37 +0000 Message-Id: <20230503201337.46104-7-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503201337.46104-1-ihrachys@redhat.com> References: <20230503201337.46104-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 6/6] Update multichassis physical flows on interface MTU update X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Make ICMP Path MTU Discovery flows in table=38 react to underlying interface MTU update. NOTE: ideally, OVN would support Logical_Port MTU, in which case we wouldn't have to track OVSDB for interfaces, and we would also be able to react to MTU changes regardless of interface location. This patch is best effort and doesn't handle all scenarios. (E.g. a scenario where MTUs are not changed consistently for all switch interfaces across all chassis.) Signed-off-by: Ihar Hrachyshka --- controller/if-status.c | 23 +++++++----- controller/if-status.h | 3 ++ controller/ovn-controller.c | 73 +++++++++++++++++++++++++++++++++++++ controller/ovsport.c | 9 +++++ controller/ovsport.h | 2 + controller/physical.c | 1 - controller/physical.h | 1 + tests/ovn.at | 66 +++++++++++++++++++++++++++++++-- 8 files changed, 164 insertions(+), 14 deletions(-) diff --git a/controller/if-status.c b/controller/if-status.c index e60156c4a..1cdd893ab 100644 --- a/controller/if-status.c +++ b/controller/if-status.c @@ -18,6 +18,7 @@ #include "binding.h" #include "if-status.h" #include "ofctrl-seqno.h" +#include "ovsport.h" #include "simap.h" #include "lib/hmapx.h" @@ -500,15 +501,6 @@ ovs_iface_account_mem(const char *iface_id, bool erase) } } -static uint16_t -get_iface_mtu(const struct ovsrec_interface *iface) -{ - if (!iface || !iface->n_mtu || iface->mtu[0] <= 0) { - return 0; - } - return (uint16_t) iface->mtu[0]; -} - uint16_t if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, const char *iface_id) @@ -517,6 +509,19 @@ if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, return iface ? iface->mtu : 0; } +bool +if_status_mgr_iface_set_mtu(const struct if_status_mgr *mgr, + const char *iface_id, + uint16_t mtu) +{ + struct ovs_iface *iface = shash_find_data(&mgr->ifaces, iface_id); + if (iface && iface->mtu != mtu) { + iface->mtu = mtu; + return true; + } + return false; +} + static struct ovs_iface * ovs_iface_create(struct if_status_mgr *mgr, const char *iface_id, const struct ovsrec_interface *iface_rec, diff --git a/controller/if-status.h b/controller/if-status.h index 8186bdf08..b11d4cd61 100644 --- a/controller/if-status.h +++ b/controller/if-status.h @@ -47,6 +47,9 @@ bool if_status_mgr_iface_is_present(struct if_status_mgr *mgr, const char *iface_id); uint16_t if_status_mgr_iface_get_mtu(const struct if_status_mgr *mgr, const char *iface_id); +bool if_status_mgr_iface_set_mtu(const struct if_status_mgr *mgr, + const char *iface_id, + uint16_t mtu); bool if_status_handle_claims(struct if_status_mgr *mgr, struct local_binding_data *binding_data, const struct sbrec_chassis *chassis_rec, diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 9359925fa..fb6091fae 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -60,6 +60,7 @@ #include "lib/ovn-dirs.h" #include "lib/ovn-sb-idl.h" #include "lib/ovn-util.h" +#include "ovsport.h" #include "patch.h" #include "vif-plug.h" #include "vif-plug-provider.h" @@ -1056,6 +1057,7 @@ ctrl_register_ovs_idl(struct ovsdb_idl *ovs_idl) ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_bfd_status); + ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_mtu); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_type); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_options); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_ofport); @@ -4046,6 +4048,9 @@ static void init_physical_ctx(struct engine_node *node, const struct ed_type_mff_ovn_geneve *ed_mff_ovn_geneve = engine_get_input_data("mff_ovn_geneve", node); + const struct ovsrec_interface_table *ovs_interface_table = + EN_OVSDB_GET(engine_get_input("OVS_interface", node)); + const struct ovsrec_open_vswitch_table *ovs_table = EN_OVSDB_GET(engine_get_input("OVS_open_vswitch", node)); const struct ovsrec_bridge_table *bridge_table = @@ -4070,6 +4075,7 @@ static void init_physical_ctx(struct engine_node *node, p_ctx->sbrec_port_binding_by_name = sbrec_port_binding_by_name; p_ctx->sbrec_port_binding_by_datapath = sbrec_port_binding_by_datapath; p_ctx->port_binding_table = port_binding_table; + p_ctx->ovs_interface_table = ovs_interface_table; p_ctx->mc_group_table = multicast_group_table; p_ctx->br_int = br_int; p_ctx->chassis_table = chassis_table; @@ -4129,6 +4135,71 @@ en_pflow_output_run(struct engine_node *node, void *data) engine_set_node_state(node, EN_UPDATED); } +static bool +pflow_output_ovs_interface_handler(struct engine_node *node, + void *data) +{ + enum engine_node_state state = EN_UNCHANGED; + + struct ed_type_pflow_output *pfo = data; + struct ed_type_runtime_data *rt_data = + engine_get_input_data("runtime_data", node); + struct ed_type_non_vif_data *non_vif_data = + engine_get_input_data("non_vif_data", node); + + struct physical_ctx p_ctx; + init_physical_ctx(node, rt_data, non_vif_data, &p_ctx); + + const struct ovsrec_interface *iface; + const struct ovsrec_interface_table *ovs_interface_table = + p_ctx.ovs_interface_table; + OVSREC_INTERFACE_TABLE_FOR_EACH_TRACKED (iface, ovs_interface_table) { + const char *iface_id = smap_get(&iface->external_ids, "iface-id"); + if (!iface_id) { + continue; + } + + uint16_t mtu = get_iface_mtu(iface); + if (!if_status_mgr_iface_set_mtu(p_ctx.if_mgr, iface_id, mtu)) { + continue; + } + const struct sbrec_port_binding *pb = lport_lookup_by_name( + p_ctx.sbrec_port_binding_by_name, iface_id); + if (!pb) { + continue; + } + if (pb->n_additional_chassis) { + /* Update flows for all ports in datapath. */ + struct sbrec_port_binding *target = + sbrec_port_binding_index_init_row( + p_ctx.sbrec_port_binding_by_datapath); + sbrec_port_binding_index_set_datapath(target, pb->datapath); + + const struct sbrec_port_binding *binding; + SBREC_PORT_BINDING_FOR_EACH_EQUAL ( + binding, target, p_ctx.sbrec_port_binding_by_datapath) { + bool removed = sbrec_port_binding_is_deleted(binding); + if (!physical_handle_flows_for_lport(binding, removed, &p_ctx, + &pfo->flow_table)) { + return false; + } + state = EN_UPDATED; + } + sbrec_port_binding_index_destroy_row(target); + } else { + /* If any multichassis ports, update flows for the port. */ + bool removed = sbrec_port_binding_is_deleted(pb); + if (!physical_handle_flows_for_lport(pb, removed, &p_ctx, + &pfo->flow_table)) { + return false; + } + state = EN_UPDATED; + } + } + engine_set_node_state(node, state); + return true; +} + static bool pflow_output_sb_port_binding_handler(struct engine_node *node, void *data) @@ -4661,6 +4732,8 @@ main(int argc, char *argv[]) engine_add_input(&en_pflow_output, &en_sb_chassis, pflow_lflow_output_sb_chassis_handler); + engine_add_input(&en_pflow_output, &en_ovs_interface, + pflow_output_ovs_interface_handler); engine_add_input(&en_pflow_output, &en_sb_port_binding, pflow_output_sb_port_binding_handler); engine_add_input(&en_pflow_output, &en_sb_multicast_group, diff --git a/controller/ovsport.c b/controller/ovsport.c index ec38c3fca..ebcb9cb6d 100644 --- a/controller/ovsport.c +++ b/controller/ovsport.c @@ -264,3 +264,12 @@ maintain_interface_smap_column( } } } + +uint16_t +get_iface_mtu(const struct ovsrec_interface *iface) +{ + if (!iface || !iface->n_mtu || iface->mtu[0] <= 0) { + return 0; + } + return (uint16_t) iface->mtu[0]; +} diff --git a/controller/ovsport.h b/controller/ovsport.h index e355ff7ff..c40c1855a 100644 --- a/controller/ovsport.h +++ b/controller/ovsport.h @@ -57,4 +57,6 @@ const struct ovsrec_port * ovsport_lookup_by_interfaces( const struct ovsrec_port * ovsport_lookup_by_interface( struct ovsdb_idl_index *, struct ovsrec_interface *); +uint16_t get_iface_mtu(const struct ovsrec_interface *); + #endif /* lib/ovsport.h */ diff --git a/controller/physical.c b/controller/physical.c index a2a25d067..e0e36c89b 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -92,7 +92,6 @@ physical_register_ovs_idl(struct ovsdb_idl *ovs_idl) ovsdb_idl_add_table(ovs_idl, &ovsrec_table_interface); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_name); - ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_mtu); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_ofport); ovsdb_idl_track_add_column(ovs_idl, &ovsrec_interface_col_external_ids); } diff --git a/controller/physical.h b/controller/physical.h index 396bcb138..1f1ed55ef 100644 --- a/controller/physical.h +++ b/controller/physical.h @@ -52,6 +52,7 @@ struct physical_ctx { struct ovsdb_idl_index *sbrec_port_binding_by_name; struct ovsdb_idl_index *sbrec_port_binding_by_datapath; const struct sbrec_port_binding_table *port_binding_table; + const struct ovsrec_interface_table *ovs_interface_table; const struct sbrec_multicast_group_table *mc_group_table; const struct ovsrec_bridge *br_int; const struct sbrec_chassis_table *chassis_table; diff --git a/tests/ovn.at b/tests/ovn.at index 56588a20c..f4f80e60a 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -15271,7 +15271,7 @@ m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], done send_ip_packet() { - local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv4_src=${5} ipv4_dst=${6} data=${7} fail=${8} + local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv4_src=${5} ipv4_dst=${6} data=${7} fail=${8} mtu=${9:-$3} packet=$(fmt_pkt " Ether(dst='${eth_dst}', src='${eth_src}') / IP(src='${ipv4_src}', dst='${ipv4_dst}') / @@ -15288,7 +15288,7 @@ m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], packet=$(fmt_pkt " Ether(dst='${eth_src}', src='${eth_dst}') / IP(src='${ipv4_dst}', dst='${ipv4_src}', ttl=255, flags=2, id=0) / - ICMP(type=3, code=4, nexthopmtu=$3) / + ICMP(type=3, code=4, nexthopmtu=${mtu}) / bytes.fromhex('${original_ip_frame:0:$((534 * 2))}') ") fi @@ -15296,7 +15296,7 @@ m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], } send_ip6_packet() { - local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv6_src=${5} ipv6_dst=${6} data=${7} fail=${8} + local inport=${1} hv=${2} eth_src=${3} eth_dst=${4} ipv6_src=${5} ipv6_dst=${6} data=${7} fail=${8} mtu=${9:-$3} packet=$(fmt_pkt " Ether(dst='${eth_dst}', src='${eth_src}') / IPv6(src='${ipv6_src}', dst='${ipv6_dst}') / @@ -15311,7 +15311,7 @@ m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], packet=$(fmt_pkt " Ether(dst='${eth_src}', src='${eth_dst}') / IPv6(src='${ipv6_dst}', dst='${ipv6_src}', hlim=255) / - ICMPv6PacketTooBig(mtu=$3) / + ICMPv6PacketTooBig(mtu=${mtu}) / bytes.fromhex('${original_ip_frame:0:$((1218 * 2))}') ") fi @@ -15444,6 +15444,64 @@ m4_define([MULTICHASSIS_PATH_MTU_DISCOVERY_TEST], packet=$(send_ip6_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip6 $multi2_ip6 $(payload $len) 1) echo $packet >> hv1/multi1.expected + check_pkts + reset_env + + AS_BOX([MTU updates are honored in ICMP Path MTU calculation]) + + set_mtu() { + local hv=${1} iface=${2} new_mtu=${3} + + iface_uuid=$(as ${hv} ovs-vsctl --bare --columns _uuid find Interface name=${iface}) + check as ${hv} ovs-vsctl set interface ${iface_uuid} mtu_request=${new_mtu} + } + + set_mtu_for_all_ports() { + for port in multi1 multi2 first; do + set_mtu hv1 ${port} ${1} + done + for port in multi1 multi2 second; do + set_mtu hv2 ${port} ${1} + done + } + + initial_mtu=1500 # all interfaces are 1500 by default + new_mtu=1400 + set_mtu_for_all_ports ${new_mtu} + mtu_diff=$((${initial_mtu} - ${new_mtu})) + + len=3000 + expected_ip_mtu=$(($3 - ${mtu_diff})) + packet=$(send_ip_packet first 1 $first_mac $multi1_mac $first_ip $multi1_ip $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/first.expected + + packet=$(send_ip_packet second 2 $second_mac $multi1_mac $second_ip $multi1_ip $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv2/second.expected + + packet=$(send_ip6_packet first 1 $first_mac $multi1_mac $first_ip6 $multi1_ip6 $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/first.expected + + packet=$(send_ip6_packet second 2 $second_mac $multi1_mac $second_ip6 $multi1_ip6 $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv2/second.expected + + packet=$(send_ip_packet multi1 1 $multi1_mac $first_mac $multi1_ip $first_ip $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip_packet multi1 1 $multi1_mac $second_mac $multi1_ip $second_ip $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $first_mac $multi1_ip6 $first_ip6 $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $second_mac $multi1_ip6 $second_ip6 $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip $multi2_ip $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + + packet=$(send_ip6_packet multi1 1 $multi1_mac $multi2_mac $multi1_ip6 $multi2_ip6 $(payload $len) 1 ${expected_ip_mtu}) + echo $packet >> hv1/multi1.expected + check_pkts OVN_CLEANUP([hv1],[hv2])