On 15 Jan 2026, at 0:42, Ilya Maximets wrote:
> On 1/9/26 9:03 PM, Dima Chumak via dev wrote:
>> This patch series introduces infrastructure and user-facing improvements
>> for multi-table routing in OVS. The main motivation is to enable more
>> advanced routing scenarios, such as policy-based routing with source
>> address selectors. For example, this can be used to support
>> OVN-Kubernetes multi-VTEP topology where nodes may have multiple SR-IOV
>> network adapters and to facilitate selection of which VTEP to use to
>> send/receive the packets to/from the wire.
>>
>> The core of this series adds support for multiple routing tables within
>> OVS. This is a prerequisite for importing non-default routing tables
>> from the kernel and enables advanced routing lookups that consider
>> parameters beyond just the destination address (e.g., source address).
>>
>> Additional routing tables are now created by reading the Routing Policy
>> Database (RPDB) from the kernel. Only tables referenced by RPDB rules
>> with a table lookup action are imported, and rule priorities and table
>> IDs are preserved. The current implementation supports RPDB rules with a
>> source address selector (`[not] from IP`).
>>
>> User interface improvements:
>>
>> - The `ovs-appctl ovs/route/show` command now accepts an optional
>> `table=ID` or `table=all` parameter, allowing users to display routes
>> from specific or all tables.
>>
>> - The `ovs-appctl ovs/route/add` and `ovs/route/del` commands accept a
>> `table=ID` parameter for adding or deleting user routes in non-default
>> tables.
>>
>> - A new `ovs-appctl ovs/route/rule/show` command is introduced to
>> display the internal routing rules database, sorted by priority.
>>
>> - New `ovs-appctl ovs/route/rule/{add,del}` commands are introduced to
>> add and delete user-configured routing rules in OVS.
>>
>> - The `ovs-appctl ovs/route/lookup` command now supports an optional
>> `src=IP` parameter for lookups that match on source IP address.
>>
>> Example usage:
>>
>> - Show all routes, including those from non-default tables:
>>
>> ovs-appctl ovs/route/show table=all
>>
>> - Add a route to a specific table:
>>
>> ovs-appctl ovs/route/add 10.7.7.0/24 br-phy0 table=10
>>
>> - Add user routing rules:
>>
>> ovs-appctl ovs/route/rule/add from=all table=10
>> ovs-appctl ovs/route/rule/add -6 from=all table=11
>>
>> - Show routing rules:
>>
>> ovs-appctl ovs/route/rule/show [-6]
>>
>> - Lookup a route with a source IP:
>>
>> ovs-appctl ovs/route/lookup 10.0.0.5 src=10.0.0.2
>>
>> v4 -> v5: Changes based on Ilya's feedback:
>>
>> * Fixed issue with incorrect inverted rule match for a mismatched
>> address family.
>> * Standard IPv6 rules are imported by default.
>> * ovs-appctl ovs/route/rule/show displays only IPv4 rules by default
>> and IPv6 rules are shown with -6 flag only.
>> * Extended 'route/rule lookup' unit-test to cover inverted rules.
>>
>> v3 -> v4: Changes based on Ilya's feedback:
>>
>> * Added flag to identify user-added routes instead of relying on
>> priority and table ID.
>> * Improved locking for non-standard routing table creation.
>> * Added flag to distinguish IPv6 and IPv4 routing rules.
>> * Corrected route matching for mixed IPv6 and IPv4 routes in the
>> same routing table.
>>
>> v2 -> v3: Changes based on Ilya's feedback:
>>
>> * Use cmap instead of hashmap for classifiers.
>> * Don't treat standard tables in a special way.
>> * Don't treat standard routing rules in a special way.
>> * For src_ip validation in route lookup use local table only.
>> * Add system test for un-supported routing rules.
>>
>> v1 -> v2: Changes based on Ilya's feedback:
>>
>> * Split default classifier into three: local, main and default.
>> * Rules based routing is the only way now.
>> * The three default rules are always present, on non-Linux systems
>> too.
>> * Rules list is implemented with pvector instead of rculist.
>> * Added more unit tests for rules, including tunnel-push-pop test.
>> * Rules related appctl commands are grouped under ovs/route/rule/*
>> prefix.
>> * Implemented new appctl commands for adding and deleting
>> user-configured rules.
>> * Updated manpage and tunneling documentation with the new commands
>> and parameters.
>>
>> Dima Chumak (11):
>> ovs-router: Add infrastructure for multi-table routing.
>> route-table: Introduce multi-table route lookup.
>> doc: Fix font formatting in ofproto-tnl-unixctl.man.
>> ovs-router: Add 'table=id' parameter in ovs/route/show.
>> ovs-router: Drop 'local' and add 'user' flag to ovs_router_entry.
>> ovs-router: Introduce ovs/route/rule/show command.
>> ovs-router: Add system test for tables and rules.
>> ovs-router: Add 'table=id' parameter in ovs/route/{add,del}.
>> ovs-router: Add 'src=src_ip' parameter in ovs/route/lookup.
>> ovs-router: Introduce ovs/route/rule/{add,del} commands.
>> ovs-router: Add test for lookup with rules.
>>
>> Documentation/howto/userspace-tunneling.rst | 20 +-
>> NEWS | 10 +
>> lib/netdev-dummy.c | 12 +-
>> lib/ovs-router.c | 876 +++++++++++++++++---
>> lib/ovs-router.h | 28 +-
>> lib/packets.c | 20 +
>> lib/packets.h | 7 +
>> lib/route-table.c | 262 +++++-
>> lib/route-table.h | 22 +-
>> ofproto/ofproto-tnl-unixctl.man | 62 +-
>> tests/nsh.at | 9 +-
>> tests/ofproto-dpif.at | 11 +-
>> tests/ovs-router.at | 282 ++++++-
>> tests/packet-type-aware.at | 19 +-
>> tests/system-route.at | 187 +++++
>> tests/test-lib-route-table.c | 5 +-
>> tests/tunnel-push-pop-ipv6.at | 32 +-
>> tests/tunnel-push-pop.at | 177 +++-
>> tests/tunnel.at | 10 +-
>> 19 files changed, 1828 insertions(+), 223 deletions(-)
>>
>
> Hi. To save some iteration time as we're about to branch for 3.7 release,
> I fixed a few minor style issues throughout the set and made the following
> small change to the 'rule/show' command:
>
> diff --git a/lib/ovs-router.c b/lib/ovs-router.c
> --- a/lib/ovs-router.c
> +++ b/lib/ovs-router.c
> @@ -907,17 +908,9 @@ ovs_router_rules_show_text(struct ds *ds, bool ipv6)
> continue;
> }
> if (rule->user) {
> - if (rule->ipv4) {
> - ds_put_format(ds, "User: ");
> - } else {
> - ds_put_format(ds, "User6: ");
> - }
> + ds_put_format(ds, "User: ");
> } else {
> - if (rule->ipv4) {
> - ds_put_format(ds, "Cached: ");
> - } else {
> - ds_put_format(ds, "Cached6: ");
> - }
> + ds_put_format(ds, "Cached: ");
> }
> ds_put_format(ds, "%"PRIu32": ", rule->prio);
> if (rule->invert) {
> ---
>
> (There is no need to print the extra '6', as we're only printing rules for
> one family that was explicitly requested.)
>
> With that, applied the series to main.
>
> It's a nice feature to have. Thanks!
>
> Best regards, Ilya Maximets.
Looks like this series introduced some Coverity issues :(
Dima, can you take a look and send a patch?
I haven’t looked at them myself at this time.
Cheers,
Eelco
Hi,
Please find the latest report on new defect(s) introduced to *openvswitch*
found with Coverity Scan.
- *New Defects Found:* 2
- *Defects Shown:* Showing 2 of 2 defect(s)
Defect Details
** CID 556928: Resource leaks (RESOURCE_LEAK)
/lib/ovs-router.c: 861 in ovs_router_rules_show_json()
_____________________________________________________________________________________________
*** CID 556928: Resource leaks (RESOURCE_LEAK)
/lib/ovs-router.c: 861 in ovs_router_rules_show_json()
855 struct ds ds;
856
857 PVECTOR_FOR_EACH (rule, &rules) {
858 struct json *entry = json_object_create();
859
860 if (rule->ipv4 == ipv6) {
CID 556928: Resource leaks (RESOURCE_LEAK)
Variable "entry" going out of scope leaks the storage it points to.
861 continue;
862 }
863
864 json_object_put(entry, "priority",
json_integer_create(rule->prio));
865 json_object_put(entry, "user", json_integer_create(rule->user));
866 json_object_put(entry, "invert",
json_boolean_create(rule->invert));
** CID 556927: Integer handling issues (INTEGER_OVERFLOW)
/lib/ovs-router.c: 1034 in ovs_router_rule_add_cmd()
_____________________________________________________________________________________________
*** CID 556927: Integer handling issues (INTEGER_OVERFLOW)
/lib/ovs-router.c: 1034 in ovs_router_rule_add_cmd()
1028 struct router_rule *rule;
1029 uint32_t prev_prio = 0;
1030
1031 PVECTOR_FOR_EACH (rule, &rules) {
1032 if ((!prio && rule->prio) ||
1033 (rule->prio - prev_prio > 1)) {
CID 556927: Integer handling issues (INTEGER_OVERFLOW)
Expression "rule->prio - 1U", where "rule->prio" is known to be equal to 0,
underflows the type of "rule->prio - 1U", which is type "unsigned int".
1034 prio = rule->prio - 1;
1035 }
1036 prev_prio = rule->prio;
1037 }
1038 }
1039 ovs_router_rule_add(prio, invert, true, src_len, &from,
table, ipv4);
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
