This series fixes a bug/unintended behavior where the --disable-system-route flag did not fully prevent non-standard system routing rules from being cached at startup.
At init time, route_table_reset() queries all kernel routing rules via RTM_GETRULE and invokes ovs_router_rule_add() for each one. The use_system_routing_table flag was only checked in ovs_router_insert() and ovs_router_lookup_fallback(), leaving ovs_router_rule_add() unguarded. As a result, non-standard system rules (e.g. VRF or policy routing rules present on the host) would leak into the routing cache regardless of the flag, causing incorrect route lookups in unit tests and in production environments that use --disable-system-route. Patch 1 is the main fix: ovs_router_rule_add() is split into an internal ovs_router_rule_add__() used by OVS-internal callers (init_standard_rules, ovs_router_rule_add_cmd) that must always succeed, and a public ovs_router_rule_add() wrapper that gates insertion on use_system_routing_table. External callers such as rule_handle_msg() in route-table.c go through the public wrapper and are, therefore, correctly filtered. While working on patch 1, a second bug was found: ovs_router_rules_flush(false) removes all non-user rules, including the standard local/main/default rules that were added, unconditionally, at init time. Patch 2 fixes this by re-adding the standard rules immediately after a non-full flush via init_standard_rules(). Patch 3 fixes an independent locking issue also uncovered during this work: ovs_router_rule_add() carried an OVS_REQUIRES(mutex) annotation, yet its external caller rule_handle_msg() in route-table.c does not hold the mutex, creating a potential data race. Together, patches 1 and 2 fix unit tests 834, 847, 848 and 850 which were failing because non-standard system routing rules were incorrectly appearing in the rule cache even when --disable-system-route was in effect. Matteo Perin (3): ovs-router: Fix --disable-system-route rules filter. ovs-router: Restore standard rules in non-full flush. ovs-router: Fix locking in ovs_router_rule_add(). lib/ovs-router.c | 53 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 16 deletions(-) -- 2.43.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
