> On 2/17/26 11:00 AM, Ilya Maximets wrote:
> > On 2/17/26 9:48 AM, Lorenzo Bianconi wrote:
> >> On Feb 17, Ilya Maximets wrote:
> >>> On 2/13/26 6:03 PM, Lorenzo Bianconi wrote:
> >>>> Do not forward non-{ip,arp} L2 multicast packets to routers ports in
> >>>> order to not exceed OVS recirculation limit if the logical switch is
> >>>> connected to multiple OVN routers since these packets will be discarded
> >>>> in the router pipeline.
> >>>>
> >>>> Reported-at: https://issues.redhat.com/browse/FDP-1908
> >>>> Signed-off-by: Lorenzo Bianconi <[email protected]>
> >>>> ---
> >>>> Changes in v3:
> >>>> - Convert system-test in unit-test
> >>>> - Use 71 priority for new added flow
> >>>> ---
>
> Hi Lorenzo, Ilya,
>
> Thanks for the patch and review!
ack, thx Ilya and Dumitru for the reviews.
Regards,
Lorenzo
>
> >>>> northd/northd.c | 26 +++++++++++-----
> >>>> northd/ovn-northd.8.xml | 8 ++++-
> >>>> tests/ovn-northd.at | 68 ++++++++++++++++++++++++++++++-----------
> >>>> tests/ovn.at | 49 +++++++++++++++++++++++++++++
> >>>> 4 files changed, 125 insertions(+), 26 deletions(-)
> >>>>
> >>>> diff --git a/northd/northd.c b/northd/northd.c
> >>>> index 4ecdd9c2d..10b328527 100644
> >>>> --- a/northd/northd.c
> >>>> +++ b/northd/northd.c
> >>>> @@ -10767,16 +10767,26 @@ build_lswitch_destination_lookup_bmcast(struct
> >>>> ovn_datapath *od,
> >>>> lflow_ref);
> >>>> }
> >>>>
> >>>> - if (!smap_get_bool(&od->nbs->other_config,
> >>>> - "broadcast-arps-to-all-routers", true)) {
> >>>> - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> >>>> - "eth.mcast && (arp.op == 1 || nd_ns)",
> >>>> - "outport = \""MC_FLOOD_L2"\"; output;",
> >>>> - lflow_ref);
> >>>> - }
> >>>> + ds_clear(actions);
> >>>> + bool broadcast_arps_to_all_routers = smap_get_bool(
> >>>> + &od->nbs->other_config,
> >>>> + "broadcast-arps-to-all-routers",
> >>>> + true);
> >>>> + ds_put_format(actions, "outport = \"%s\"; output;",
> >>>> + broadcast_arps_to_all_routers ? MC_FLOOD :
> >>>> MC_FLOOD_L2);
> >>>> + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> >>>> + "eth.mcast && (arp.op == 1 || nd_ns)",
> >>>> + ds_cstr(actions), lflow_ref);
> >>>
> >>> This code looks correct to me, though I'd still keep the original
> >>> prio 72 flow block and make the new prio 71 flow wider to catch
> >>> any arp, not only the replies. But it's just a style preference
> >>> at this point. Should be fine either way.
> >>
> >> maybe I am missing something here, but are we going to break
> >> "broadcast-arps-to-all-routers" option if we add a prio 71 flow that match
> >> even
> >> arp requests and set outport to MC_FLOOD?
> >
> > For the broadcast-arps-to-all-routers=false with the current v3 we have:
> >
> > priority=70 , match=(eth.mcast), action=(outport = "_MC_flood_l2";
> > output;)
> > priority=71 , match=(eth.mcast && (arp.op == 2 || ip)), action=(outport
> > = "_MC_flood"; output;)
> > priority=72 , match=(eth.mcast && (arp.op == 1 || nd_ns)),
> > action=(outport = "_MC_flood_l2"; output;)
> >
> > Here all the ARP requests and NS traffic is only flooded to switch ports
> > and ARP replies and the rest of ND, together with IP traffic goes to all
> > ports including routers.
> >
> > For the broadcast-arps-to-all-routers=true:
> >
> > priority=70 , match=(eth.mcast), action=(outport = "_MC_flood_l2";
> > output;)
> > priority=71 , match=(eth.mcast && (arp.op == 2 || ip)), action=(outport
> > = "_MC_flood"; output;)
> > priority=72 , match=(eth.mcast && (arp.op == 1 || nd_ns)),
> > action=(outport = "_MC_flood"; output;)
> >
> > Here all the ARP requests and NS are flooded to all ports including routers,
> > as all the IP traffic and ARP/ND replies as well.
> >
> > --
> >
> > What I suggested for broadcast-arps-to-all-routers=false:
> >
> > priority=70 , match=(eth.mcast), action=(outport = "_MC_flood_l2";
> > output;)
> > priority=71 , match=(eth.mcast && (arp || ip)), action=(outport =
> > "_MC_flood"; output;)
> > priority=72 , match=(eth.mcast && (arp.op == 1 || nd_ns)),
> > action=(outport = "_MC_flood_l2"; output;)
> >
> > Here all the ARP requests and NS traffic is only flooded to switch ports
> > and ARP replies and the rest of ND, together with IP traffic goes to all
> > ports including routers. It doesn't matter that we do not match on the
> > specific 'op' number, as the flow is lower priority. 'arp' is a superset
> > of 'arp.op == 1', the same as 'ip' is a superset of 'nd_ns'. The bahavior
> > is the same between this and the current v3.
> >
> > For broadcast-arps-to-all-routers=true:
> >
> > priority=70 , match=(eth.mcast), action=(outport = "_MC_flood_l2";
> > output;)
> > priority=71 , match=(eth.mcast && (arp || ip)), action=(outport =
> > "_MC_flood"; output;)
> >
> > Here all the ARP and NS are flooded to all ports including routers, as all
> > the
> > IP traffic as well. The same behavior as in this v3, but with one less
> > flow.
> > We can do that because the prio 71 flow is less specific.
> >
> > WDYT?
>
> I agree with Ilya, this seems easier to read.
>
> >
> > I'm not sure if we need a v4 for this tough. As I said, v3 is correct, just
> > a slightly different way to express the same logic. I'll leave it up to you
> > to decide. Or maybe Dumitru has a preference?
> >
>
> I can make the change myself, no need for a v4. This is the required
> incremental change:
>
> diff --git a/northd/northd.c b/northd/northd.c
> index e138502f4f..7fe36b8500 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -10767,22 +10767,19 @@ build_lswitch_destination_lookup_bmcast(struct
> ovn_datapath *od,
> lflow_ref);
> }
>
> - ds_clear(actions);
> - bool broadcast_arps_to_all_routers = smap_get_bool(
> - &od->nbs->other_config,
> - "broadcast-arps-to-all-routers",
> - true);
> - ds_put_format(actions, "outport = \"%s\"; output;",
> - broadcast_arps_to_all_routers ? MC_FLOOD : MC_FLOOD_L2);
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> - "eth.mcast && (arp.op == 1 || nd_ns)",
> - ds_cstr(actions), lflow_ref);
> + if (!smap_get_bool(&od->nbs->other_config,
> + "broadcast-arps-to-all-routers", true)) {
> + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> + "eth.mcast && (arp.op == 1 || nd_ns)",
> + "outport = \""MC_FLOOD_L2"\"; output;",
> + lflow_ref);
> + }
>
> ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 71,
> - "eth.mcast && (arp.op == 2 || ip)",
> + "eth.mcast && (arp || ip)",
> "outport = \""MC_FLOOD"\"; output;", lflow_ref);
>
> - /* non-{arp,ip} L2 multicast traffic should not be sent to router
> + /* Non-{arp,ip} L2 multicast traffic should not be sent to router
> * ports since these packets will be discarded in the router pipeline.
> */
> ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast",
>
> >>
> >>>
> >>> There is a couple small nits for the test below. With these
> >>> addressed (can probbaly be addressed on commit) and with or without
> >>> the flow format change:
> >>
> >> I am fine to send a v4, just let me know.
> >>
> >> Regards,
> >> Lorenzo
> >>
> >>>
> >>> Acked-by: Ilya Maximets <[email protected]>
> >>>
> >>> Would be great if we can also have this backported as OVS logs are
> >>> filled with dropped packets on resubmit limit on many real world
> >>> setups, and these messages often distract from real issues that
> >>> people are dealing with.
> >>>
> >>>>
> >>>> - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast",
> >>>> + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 71,
> >>>> + "eth.mcast && (arp.op == 2 || ip)",
> >>>> "outport = \""MC_FLOOD"\"; output;", lflow_ref);
> >>>> +
> >>>> + /* non-{arp,ip} L2 multicast traffic should not be sent to router
> >>>> + * ports since these packets will be discarded in the router
> >>>> pipeline.
> >>>> + */
> >>>> + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast",
> >>>> + "outport = \""MC_FLOOD_L2"\"; output;", lflow_ref);
> >>>> }
> >>>>
> >>>> /* Ingress table 30: destination lookup, multicast handling (priority
> >>>> 80). */
> >>>> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> >>>> index a17bc5f22..8ba68a4d0 100644
> >>>> --- a/northd/ovn-northd.8.xml
> >>>> +++ b/northd/ovn-northd.8.xml
> >>>> @@ -2420,9 +2420,15 @@ output;
> >>>> <code>other_config:broadcast-arps-to-all-routers=true</code>.
> >>>> </li>
> >>>>
> >>>> + <li>
> >>>> + A priority-71 flow that outputs all ARP replies or IP packets
> >>>> with an
> >>>> + Ethernet broadcast or multicast <code>eth.dst</code> to the
> >>>> <code>
> >>>> + MC_FLOOD</code> multicast group.
> >>>> + </li>
> >>>> +
> >>>> <li>
> >>>> A priority-70 flow that outputs all packets with an Ethernet
> >>>> broadcast
> >>>> - or multicast <code>eth.dst</code> to the <code>MC_FLOOD</code>
> >>>> + or multicast <code>eth.dst</code> to the
> >>>> <code>MC_FLOOD_L2</code>
> >>>> multicast group.
> >>>> </li>
> >>>>
> >>>> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> >>>> index 36b3db6f6..8a37561a5 100644
> >>>> --- a/tests/ovn-northd.at
> >>>> +++ b/tests/ovn-northd.at
> >>>> @@ -5743,7 +5743,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 192.168.1.1), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && nd_ns && nd.target == fe80::200:ff:fe00:101), action=(clone {outport
> >>>> = "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5756,7 +5758,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport =
> >>>> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && nd_ns && nd.target == fe80::200:ff:fe00:201), action=(clone {outport
> >>>> = "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5777,7 +5781,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5792,7 +5798,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport =
> >>>> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 20.0.0.100), action=(clone {outport =
> >>>> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5815,7 +5823,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5832,7 +5842,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport =
> >>>> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 20.0.0.100), action=(clone {outport =
> >>>> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5854,7 +5866,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5875,7 +5889,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -5903,7 +5919,9 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01 && is_chassis_resident("cr-ro1-ls1")), action=(outport
> >>>> = "ls1-ro1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> >>>> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport =
> >>>> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -9537,7 +9555,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=0 , match=(1),
> >>>> action=(outport = get_fdb(eth.dst); next;)
> >>>> table=??(ls_in_l2_lkup ), priority=100 , match=(reg8[[23]] ==
> >>>> 1), action=(output;)
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> @@ -9572,7 +9592,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:00:02), action=(outport = "sw0p2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> @@ -9606,7 +9628,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:00:02), action=(outport = "sw0p2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> @@ -9641,7 +9665,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:00:02), action=(outport = "sw0p2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(drop;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "sw0p1"), action=(drop;)
> >>>> @@ -9676,7 +9702,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:00:02), action=(outport = "sw0p2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(drop;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "sw0p1"), action=(drop;)
> >>>> @@ -9715,7 +9743,9 @@ ovn_strip_lflows ], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:00:02), action=(outport = "sw0p2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_unknown ), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> table=??(ls_in_l2_unknown ), priority=50 , match=(outport ==
> >>>> "none"), action=(drop;)
> >>>> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> >>>> action=(output;)
> >>>> @@ -14054,7 +14084,9 @@ AT_CHECK([grep "ls_in_l2_lkup" publicflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> >>>> $svc_monitor_mac && (tcp || icmp || icmp6)),
> >>>> action=(handle_svc_check(inport);)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:ff:02 && is_chassis_resident("cr-lr0-public")),
> >>>> action=(outport = "public-lr0"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 30:54:00:00:00:03 && is_chassis_resident("sw0-port1")), action=(outport
> >>>> = "public-lr0"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:ff:02, 30:54:00:00:00:03} && eth.dst == ff:ff:ff:ff:ff:ff
> >>>> && (arp.op == 1 || rarp.op == 3 || nd_ns)), action=(outport =
> >>>> "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 172.168.0.10), action=(clone {outport =
> >>>> "public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 172.168.0.100), action=(clone {outport =
> >>>> "public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> @@ -14231,7 +14263,9 @@ AT_CHECK([grep "ls_in_l2_lkup" publicflows |
> >>>> ovn_strip_lflows], [0], [dnl
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:ff:02 && !is_chassis_resident("cr-public-lr0")),
> >>>> action=(outport = "cr-public-lr0"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 00:00:00:00:ff:02 && is_chassis_resident("cr-public-lr0")),
> >>>> action=(outport = "public-lr0"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> >>>> 30:54:00:00:00:03 && is_chassis_resident("sw0-port1")), action=(outport
> >>>> = "public-lr0"; output;)
> >>>> - table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> >>>> action=(outport = "_MC_flood_l2"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast &&
> >>>> (arp.op == 2 || ip)), action=(outport = "_MC_flood"; output;)
> >>>> + table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast &&
> >>>> (arp.op == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> >>>> {00:00:00:00:ff:02, 30:54:00:00:00:03} && eth.dst == ff:ff:ff:ff:ff:ff
> >>>> && (arp.op == 1 || rarp.op == 3 || nd_ns)), action=(outport =
> >>>> "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 172.168.0.10 &&
> >>>> !is_chassis_resident("cr-public-lr0")), action=(clone {outport =
> >>>> "cr-public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0
> >>>> && arp.op == 1 && arp.tpa == 172.168.0.10 &&
> >>>> is_chassis_resident("cr-public-lr0")), action=(clone {outport =
> >>>> "public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> >>>> diff --git a/tests/ovn.at b/tests/ovn.at
> >>>> index c6abd7b8b..2139c9fb1 100644
> >>>> --- a/tests/ovn.at
> >>>> +++ b/tests/ovn.at
> >>>> @@ -45652,3 +45652,52 @@ check_zone_flush ovn-controller-2.log 3
> >>>> OVN_CLEANUP([hv1])
> >>>> AT_CLEANUP
> >>>> ])
> >>>> +
> >>>> +OVN_FOR_EACH_NORTHD([
> >>>> +AT_SETUP([Drop unknown eth type on router ports])
> >>>> +AT_SKIP_IF([test $HAVE_SCAPY = no])
> >>>> +AT_SKIP_IF([test $HAVE_TCPDUMP = no])
> >>>
> >>> nit: This test doesn't use tcpdump, AFAICT.
> >>>
> >>>> +ovn_start
> >>>> +
> >>>> +net_add n1
> >>>> +
> >>>> +sim_add hv1
> >>>> +as hv1
> >>>> +check ovs-vsctl add-br br-phys
> >>>> +ovn_attach n1 br-phys 192.168.0.1
> >>>> +check ovs-vsctl -- add-port br-int hv1-vif1 -- \
> >>>> + set interface hv1-vif1 external-ids:iface-id=sw0-p1 \
> >>>> + options:tx_pcap=hv1/vif1-tx.pcap \
> >>>> + options:rxq_pcap=hv1/vif1-rx.pcap
> >>>> +ovs-vsctl -- add-port br-int hv1-vif2 -- \
> >>>
> >>> nit: Missing check.
> >>>
> >>>> + set interface hv1-vif2 external-ids:iface-id=sw0-p2 \
> >>>> + options:tx_pcap=hv1/vif2-tx.pcap \
> >>>> + options:rxq_pcap=hv1/vif2-rx.pcap
> >>>> +
> >>>> +check ovn-nbctl ls-add sw0
> >>>> +check ovn-nbctl lsp-add sw0 sw0-p1
> >>>> +check ovn-nbctl lsp-set-addresses sw0-p1 "50:54:10:00:00:01 10.0.0.1"
> >>>> +check ovn-nbctl lsp-add sw0 sw0-p2
> >>>> +check ovn-nbctl lsp-set-addresses sw0-p2 "50:54:20:00:00:01 10.0.0.2"
> >>>> +
> >>>> +check ovn-nbctl lr-add lr0
> >>>> +check ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.254/24
> >>>> +check ovn-nbctl lsp-add-router-port sw0 sw0-lr0 lr0-sw0
> >>>> +
> >>>> +# create an ACL to log traffic on the router port.
> >>>
> >>> nit: Capital letter.
> >>>
> >>>> +check ovn-nbctl --log --name='eth-unknown' acl-add sw0 to-lport 1000
> >>>> 'outport == "sw0-lr0" && eth.type == 0x5ff' allow
> >>>> +
> >>>> +OVN_POPULATE_ARP
> >>>> +wait_for_ports_up
> >>>> +check ovn-nbctl --wait=hv sync
> >>>> +
> >>>> +packet=$(fmt_pkt "Ether(dst='ff:ff:ff:ff:ff:ff',
> >>>> src='50:54:10:00:00:01', type=0x5ff)")
> >>>> +echo $packet > expected
> >>>> +check as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
> >>>> +OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
> >>>> +
> >>>> +AT_CHECK([grep -q 'name="eth-unknown"' hv1/ovn-controller.log],[1])
> >>>
> >>> nit: Space after the comma.
> >>>
> >>> Note: Not sure if this would give false-negatives sometimes, i.e. if the
> >>> log
> >>> is not written yet while we're checking, but actually will be at some
> >>> point.
> >>> But I suppose the chances are very low as there are many other operations
> >>> between sending and the checking, and we also can't really wait for the
> >>> event
> >>> that doesn't happen. So, it's probbaly fine.
> >>>
> >>> Best regards, Ilya Maximets.
> >>>
> >
>
> I took care of the other small nits Ilya had above and applied the patch
> to main and backported it to all stable branches down to 24.03. The full
> incremental change I squashed in can be found below.
>
> Regards,
> Dumitru
>
> ---
> diff --git a/northd/northd.c b/northd/northd.c
> index e138502f4f..7fe36b8500 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -10767,22 +10767,19 @@ build_lswitch_destination_lookup_bmcast(struct
> ovn_datapath *od,
> lflow_ref);
> }
>
> - ds_clear(actions);
> - bool broadcast_arps_to_all_routers = smap_get_bool(
> - &od->nbs->other_config,
> - "broadcast-arps-to-all-routers",
> - true);
> - ds_put_format(actions, "outport = \"%s\"; output;",
> - broadcast_arps_to_all_routers ? MC_FLOOD : MC_FLOOD_L2);
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> - "eth.mcast && (arp.op == 1 || nd_ns)",
> - ds_cstr(actions), lflow_ref);
> + if (!smap_get_bool(&od->nbs->other_config,
> + "broadcast-arps-to-all-routers", true)) {
> + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 72,
> + "eth.mcast && (arp.op == 1 || nd_ns)",
> + "outport = \""MC_FLOOD_L2"\"; output;",
> + lflow_ref);
> + }
>
> ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 71,
> - "eth.mcast && (arp.op == 2 || ip)",
> + "eth.mcast && (arp || ip)",
> "outport = \""MC_FLOOD"\"; output;", lflow_ref);
>
> - /* non-{arp,ip} L2 multicast traffic should not be sent to router
> + /* Non-{arp,ip} L2 multicast traffic should not be sent to router
> * ports since these packets will be discarded in the router pipeline.
> */
> ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 70, "eth.mcast",
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index 8ba68a4d0d..9f2d118dd4 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -2421,9 +2421,9 @@ output;
> </li>
>
> <li>
> - A priority-71 flow that outputs all ARP replies or IP packets with an
> - Ethernet broadcast or multicast <code>eth.dst</code> to the <code>
> - MC_FLOOD</code> multicast group.
> + A priority-71 flow that outputs all ARP or IP packets with an
> Ethernet
> + broadcast or multicast <code>eth.dst</code> to the
> + <code>MC_FLOOD</code> multicast group.
> </li>
>
> <li>
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index 8a37561a5d..605d2ec4f2 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -5744,8 +5744,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 192.168.1.1), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> nd_ns && nd.target == fe80::200:ff:fe00:101), action=(clone {outport =
> "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;)
> @@ -5759,8 +5758,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport = "ls2-ro2";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> nd_ns && nd.target == fe80::200:ff:fe00:201), action=(clone {outport =
> "ls2-ro2"; output; }; outport = "_MC_flood_l2"; output;)
> @@ -5782,8 +5780,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5799,8 +5796,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport = "ls2-ro2";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 20.0.0.100), action=(clone {outport = "ls2-ro2";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5824,8 +5820,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5843,8 +5838,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls2_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:01), action=(outport = "ls2-ro2"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "vm2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:02:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 192.168.2.1), action=(clone {outport = "ls2-ro2";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 20.0.0.100), action=(clone {outport = "ls2-ro2";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5867,8 +5861,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5890,8 +5883,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -5920,8 +5912,7 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01 && is_chassis_resident("cr-ro1-ls1")), action=(outport =
> "ls1-ro1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:02), action=(outport = "vm1"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:01:01} && eth.dst == ff:ff:ff:ff:ff:ff && (arp.op == 1 ||
> rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.100), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 10.0.0.200), action=(clone {outport = "ls1-ro1";
> output; }; outport = "_MC_flood_l2"; output;)
> @@ -9556,8 +9547,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=100 , match=(reg8[[23]] == 1),
> action=(output;)
> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> $svc_monitor_mac && (tcp || icmp || icmp6)),
> action=(handle_svc_check(inport);)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> action=(output;)
> @@ -9593,8 +9583,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> action=(output;)
> @@ -9629,8 +9618,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> action=(output;)
> @@ -9666,8 +9654,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(drop;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "sw0p1"),
> action=(drop;)
> @@ -9703,8 +9690,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(drop;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "sw0p1"),
> action=(drop;)
> @@ -9744,8 +9730,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:01:01), action=(outport = "sw0p1"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:02:02), action=(outport = "sw0p2"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)
> table=??(ls_in_l2_unknown ), priority=50 , match=(outport == "none"),
> action=(drop;)
> table=??(ls_out_apply_port_sec), priority=0 , match=(1),
> action=(output;)
> @@ -14085,8 +14070,7 @@ AT_CHECK([grep "ls_in_l2_lkup" publicflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:ff:02 && is_chassis_resident("cr-lr0-public")), action=(outport =
> "public-lr0"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 30:54:00:00:00:03 && is_chassis_resident("sw0-port1")), action=(outport =
> "public-lr0"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:ff:02, 30:54:00:00:00:03} && eth.dst == ff:ff:ff:ff:ff:ff &&
> (arp.op == 1 || rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2";
> output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 172.168.0.10), action=(clone {outport =
> "public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 172.168.0.100), action=(clone {outport =
> "public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> @@ -14264,8 +14248,7 @@ AT_CHECK([grep "ls_in_l2_lkup" publicflows |
> ovn_strip_lflows], [0], [dnl
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 00:00:00:00:ff:02 && is_chassis_resident("cr-public-lr0")), action=(outport =
> "public-lr0"; output;)
> table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst ==
> 30:54:00:00:00:03 && is_chassis_resident("sw0-port1")), action=(outport =
> "public-lr0"; output;)
> table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast),
> action=(outport = "_MC_flood_l2"; output;)
> - table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp.op
> == 2 || ip)), action=(outport = "_MC_flood"; output;)
> - table=??(ls_in_l2_lkup ), priority=72 , match=(eth.mcast && (arp.op
> == 1 || nd_ns)), action=(outport = "_MC_flood"; output;)
> + table=??(ls_in_l2_lkup ), priority=71 , match=(eth.mcast && (arp ||
> ip)), action=(outport = "_MC_flood"; output;)
> table=??(ls_in_l2_lkup ), priority=75 , match=(eth.src ==
> {00:00:00:00:ff:02, 30:54:00:00:00:03} && eth.dst == ff:ff:ff:ff:ff:ff &&
> (arp.op == 1 || rarp.op == 3 || nd_ns)), action=(outport = "_MC_flood_l2";
> output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 172.168.0.10 &&
> !is_chassis_resident("cr-public-lr0")), action=(clone {outport =
> "cr-public-lr0"; output; }; outport = "_MC_flood_l2"; output;)
> table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 &&
> arp.op == 1 && arp.tpa == 172.168.0.10 &&
> is_chassis_resident("cr-public-lr0")), action=(clone {outport = "public-lr0";
> output; }; outport = "_MC_flood_l2"; output;)
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 2139c9fb19..3a3b05ab7f 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -45656,7 +45656,6 @@ AT_CLEANUP
> OVN_FOR_EACH_NORTHD([
> AT_SETUP([Drop unknown eth type on router ports])
> AT_SKIP_IF([test $HAVE_SCAPY = no])
> -AT_SKIP_IF([test $HAVE_TCPDUMP = no])
> ovn_start
>
> net_add n1
> @@ -45669,7 +45668,7 @@ check ovs-vsctl -- add-port br-int hv1-vif1 -- \
> set interface hv1-vif1 external-ids:iface-id=sw0-p1 \
> options:tx_pcap=hv1/vif1-tx.pcap \
> options:rxq_pcap=hv1/vif1-rx.pcap
> -ovs-vsctl -- add-port br-int hv1-vif2 -- \
> +check ovs-vsctl -- add-port br-int hv1-vif2 -- \
> set interface hv1-vif2 external-ids:iface-id=sw0-p2 \
> options:tx_pcap=hv1/vif2-tx.pcap \
> options:rxq_pcap=hv1/vif2-rx.pcap
> @@ -45684,7 +45683,7 @@ check ovn-nbctl lr-add lr0
> check ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.254/24
> check ovn-nbctl lsp-add-router-port sw0 sw0-lr0 lr0-sw0
>
> -# create an ACL to log traffic on the router port.
> +# Create an ACL to log traffic on the router port.
> check ovn-nbctl --log --name='eth-unknown' acl-add sw0 to-lport 1000
> 'outport == "sw0-lr0" && eth.type == 0x5ff' allow
>
> OVN_POPULATE_ARP
> @@ -45696,7 +45695,7 @@ echo $packet > expected
> check as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
> OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
>
> -AT_CHECK([grep -q 'name="eth-unknown"' hv1/ovn-controller.log],[1])
> +AT_CHECK([grep -q 'name="eth-unknown"' hv1/ovn-controller.log], [1])
>
> OVN_CLEANUP([hv1])
> AT_CLEANUP
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
