On 5/20/26 12:35 PM, Dumitru Ceara wrote:
> Hi Naveen,
>
> Thanks for the patch!
>
> On 5/14/26 7:06 PM, Naveen Yerramneni wrote:
>> DHCP client extends its lease by unicasting a DHCPREQUEST to its
>> original DHCP server when the T1 timer fires (typically at 50% of
>> the lease). If that DHCPREQUEST gets no response, the T2 timer
>> fires (typically at 87.5% of the lease) and the client enters the
>> REBINDING state, where it broadcasts a DHCPREQUEST using its
>> currently leased IP as the source address (rather than 0.0.0.0).
>>
>> Today OVN's DHCP relay only matches DHCPREQUEST packets whose source
>> IP is 0.0.0.0, so the broadcast DHCPREQUEST sent by a client in the
>> REBINDING state is not matched by any relay flow and is dropped.
>> The lease cannot be renewed through the relay and the client
>> eventually falls back to a fresh DISCOVER.
>>
>> Extend the relay to also forward DHCPREQUEST packets whose source IP
>> lies in the relay LRP's subnet by widening the source-IP match of
>> the DHCP relay request flows to the set
>> ip4.src == {0.0.0.0, <lrp_cidr>}, where <lrp_cidr> is the CIDR of
>> the relay Logical_Router_Port. The set is applied to:
>>
>> - The priority-100 logical switch flow in ls_in_l2_lkup that
>> forwards client DHCP broadcasts to the relay LRP-attachment
>> port.
>> - The logical router lr_in_ip_input priority-110
>> dhcp_relay_req_chk flow.
>> - The lr_in_dhcp_relay_req priority-100 forward and priority-1
>> drop flows.
>>
>> The behaviour is controlled by a new NB_Global option:
>>
>> options:dhcp_relay_handle_rebind boolean (default 'true')
>>
>> Setting it to 'false' restores the previous behaviour and matches
>> only ip4.src == 0.0.0.0.
>>
>
> If we're changing defaults, why not just make it the only behavior?
> IIUC you're just extending the existing implementation, right?
>
> Also, this patch fails CI:
> https://github.com/ovsrobot/ovn/actions/runs/25747657870/job/75615787412
>
> 1
> Expecting global_config compute count - 2 not to be 0
> test 2 -ne 0
> ./ovn-macros.at:897: "$@"
> Checking engine stats for node northd : recompute - norecompute :
> compute - compute
> Expecting northd recompute count - 1 to be 0
> test 1 -eq 0
> ./ovn-macros.at:897: "$@"
> ./ovn-macros.at:897: exit code was 1, expected 0
> 815. ovn-northd.at:13500: 815. NB_Global and SB_Global incremental
> processing (ovn-northd.at:13500): FAILED ( 1 )
>
My bad, I had looked at the v1 CI run, the v2 run is green.
There is however a warning from ovsrobot:
https://mail.openvswitch.org/pipermail/ovs-build/2026-May/054822.html
In any case, my question about making this the only behavior and
skipping the addition of yet another knob stands.
Regards,
Dumitru
> Regards,
> Dumitru
>
>
>> Signed-off-by: Naveen Yerramneni <[email protected]>
>> Acked-by: Aditya Mehakare <[email protected]>
>> Acked-by: Huzaifa Calcuttawala <[email protected]>
>> ---
>> V2:
>> - consider dhcp_relay_handle_rebind as optional to avoid unwanted
>> northd recompute.
>> ---
>> Documentation/ref/ovn-logical-flows.7.rst | 32 ++++++++------
>> NEWS | 5 +++
>> northd/en-global-config.c | 5 +++
>> northd/northd.c | 51 +++++++++++++++++++----
>> ovn-nb.xml | 18 ++++++++
>> tests/ovn-northd.at | 48 ++++++++++++++++++---
>> tests/ovn.at | 9 +++-
>> 7 files changed, 140 insertions(+), 28 deletions(-)
>>
>> diff --git a/Documentation/ref/ovn-logical-flows.7.rst
>> b/Documentation/ref/ovn-logical-flows.7.rst
>> index 0b69d7bb0..0d46301b3 100644
>> --- a/Documentation/ref/ovn-logical-flows.7.rst
>> +++ b/Documentation/ref/ovn-logical-flows.7.rst
>> @@ -1392,7 +1392,9 @@ This table implements switching behavior. It contains
>> these logical flows:
>>
>> - A priority-100 flow that forwards all DHCP broadcast packets coming from
>> VIFs
>> to the logical router port's MAC when DHCP relay is enabled on the logical
>> - switch.
>> + switch. By default the ``ip4.src`` match is the set ``{0.0.0.0,
>> lrp_cidr}``.
>> + If ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column
>> is set
>> + to ``false`` the match is ``ip4.src == 0.0.0.0`` only.
>>
>> - A priority-100 flow that matches ``reg8[23] == 1`` and does ``output``
>> action.
>> This ensures that packets that got injected back into this table from
>> egress
>> @@ -2199,9 +2201,11 @@ contains the following flows to implement very basic
>> IP host functionality.
>> - For each logical router port configured with DHCP relay the following
>> priority-110 flows are added to manage the DHCP relay traffic:
>>
>> - - if ``inport`` is lrp and ``ip4.src == 0.0.0.0`` and ``ip4.dst ==
>> - 255.255.255.255`` and ``ip4.frag == 0`` and ``udp.src == 68`` and
>> ``udp.dst
>> - == 67``, the ``dhcp_relay_req_chk`` action is executed. ::
>> + - if ``inport`` is lrp and ``ip4.src == {0.0.0.0, lrp_cidr}`` and
>> ``ip4.dst
>> + == 255.255.255.255`` and ``ip4.frag == 0`` and ``udp.src == 68`` and
>> + ``udp.dst == 67``, the ``dhcp_relay_req_chk`` action is executed.
>> Setting
>> + ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column to
>> + ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only. ::
>>
>> reg9[7] = dhcp_relay_req_chk(lrp_ip, dhcp_server_ip);next
>>
>> @@ -2499,10 +2503,12 @@ This stage process the DHCP request packets on which
>> ``dhcp_relay_req_chk``
>> action is applied in the IP input stage.
>>
>> - A priority-100 logical flow is added for each logical router port
>> configured
>> - with DHCP relay that matches ``inport`` is lrp and ``ip4.src == 0.0.0.0``
>> and
>> - ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and ``udp.dst ==
>> 67`` and
>> - ``reg9[7] == 1`` and applies following actions. If ``reg9[7]`` is set to 1
>> - then, ``dhcp_relay_req_chk`` action was successful. ::
>> + with DHCP relay that matches ``inport`` is lrp and ``ip4.src == {0.0.0.0,
>> + lrp_cidr}`` and ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and
>> + ``udp.dst == 67`` and ``reg9[7] == 1`` and applies following actions. If
>> + ``reg9[7]`` is set to 1 then, ``dhcp_relay_req_chk`` action was
>> successful.
>> + Setting ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options``
>> column
>> + to ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only. ::
>>
>> ip4.src=lrp ip;
>> ip4.dst=dhcp server ip;
>> @@ -2510,10 +2516,12 @@ action is applied in the IP input stage.
>> next;
>>
>> - A priority-1 logical flow is added for each logical router port configured
>> - with DHCP relay that matches ``inport`` is lrp and ``ip4.src == 0.0.0.0``
>> and
>> - ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and ``udp.dst ==
>> 67`` and
>> - ``reg9[7] == 0`` and drops the packet. If ``reg9[7]`` is set to 0 then,
>> - ``dhcp_relay_req_chk`` action was unsuccessful.
>> + with DHCP relay that matches ``inport`` is lrp and ``ip4.src == {0.0.0.0,
>> + lrp_cidr}`` and ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and
>> + ``udp.dst == 67`` and ``reg9[7] == 0`` and drops the packet. If
>> ``reg9[7]``
>> + is set to 0 then, ``dhcp_relay_req_chk`` action was unsuccessful. Setting
>> + ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column to
>> + ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only.
>>
>> - A priority-0 flow that matches all packets to advance to the next table.
>>
>> diff --git a/NEWS b/NEWS
>> index 9839d19b9..4e8df14ae 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -12,6 +12,11 @@ Post v26.03.0
>> * Add ECMP/multi-homing support for EVPN FDB entries. FDB entries
>> backed by a kernel nexthop group are load-balanced via OpenFlow
>> select groups with weighted buckets.
>> + - The DHCP relay now also forwards DHCPREQUEST packets whose
>> + source IP lies in the relay LRP's subnet, in addition to
>> + ip4.src == 0.0.0.0. Controlled by the new NB_Global option
>> + dhcp_relay_handle_rebind (default true); set it to false to
>> + match only ip4.src == 0.0.0.0.
>>
>> OVN v26.03.0 - xxx xx xxxx
>> --------------------------
>> diff --git a/northd/en-global-config.c b/northd/en-global-config.c
>> index d49ddb94a..7fb16b9d7 100644
>> --- a/northd/en-global-config.c
>> +++ b/northd/en-global-config.c
>> @@ -724,6 +724,11 @@ check_nb_options_out_of_sync(
>> return true;
>> }
>>
>> + if (config_out_of_sync(&nb->options, &config_data->nb_options,
>> + "dhcp_relay_handle_rebind", false)) {
>> + return true;
>> + }
>> +
>> return false;
>> }
>>
>> diff --git a/northd/northd.c b/northd/northd.c
>> index 8305e0428..16c5916a9 100644
>> --- a/northd/northd.c
>> +++ b/northd/northd.c
>> @@ -105,6 +105,11 @@ static bool default_acl_drop;
>> * and ports tunnel key allocation (12 bits for each instead of default
>> 16). */
>> static bool vxlan_mode;
>>
>> +/* If 'true' (default), DHCP relay flows match both ip4.src == 0.0.0.0
>> + * and ip4.src within the relay LRP's CIDR. If 'false', only
>> + * ip4.src == 0.0.0.0 is matched. */
>> +static bool dhcp_relay_handle_rebind = true;
>> +
>> #define MAX_OVN_TAGS 4096
>> �
>> #define MAX_OVN_NF_GROUP_IDS 256
>> @@ -10072,14 +10077,25 @@ build_lswitch_dhcp_relay_flows(struct ovn_port *op,
>> ds_clear(match);
>> ds_clear(actions);
>>
>> + /* Match 0.0.0.0 and the LRP's CIDR when 'dhcp_relay_handle_rebind'
>> + * is enabled (default); match only 0.0.0.0 when disabled. */
>> + struct ds src_ip_match = DS_EMPTY_INITIALIZER;
>> + if (dhcp_relay_handle_rebind && rp->lrp_networks.n_ipv4_addrs > 0) {
>> + ds_put_format(&src_ip_match, "ip4.src == {0.0.0.0, %s/%u}",
>> + rp->lrp_networks.ipv4_addrs[0].network_s,
>> + rp->lrp_networks.ipv4_addrs[0].plen);
>> + } else {
>> + ds_put_cstr(&src_ip_match, "ip4.src == 0.0.0.0");
>> + }
>> +
>> ds_put_format(
>> match, "inport == %s && eth.src == %s && "
>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && "
>> + "%s && ip4.dst == 255.255.255.255 && "
>> "udp.src == 68 && udp.dst == 67",
>> - op->json_key, op->lsp_addrs[0].ea_s);
>> + op->json_key, op->lsp_addrs[0].ea_s, ds_cstr(&src_ip_match));
>> ds_put_format(actions,
>> "eth.dst = %s; outport = %s; next; /* DHCP_RELAY_REQ */",
>> - rp->lrp_networks.ea_s,sp->json_key);
>> + rp->lrp_networks.ea_s, sp->json_key);
>> ovn_lflow_add(lflows, op->od,
>> S_SWITCH_IN_L2_LKUP, 100,
>> ds_cstr(match),
>> @@ -10089,6 +10105,8 @@ build_lswitch_dhcp_relay_flows(struct ovn_port *op,
>> WITH_HINT(&op->nbsp->header_));
>> ds_clear(match);
>> ds_clear(actions);
>> + ds_destroy(&src_ip_match);
>> +
>> free(server_ip_str);
>> }
>>
>> @@ -16734,11 +16752,22 @@ build_dhcp_relay_flows_for_lrouter_port(struct
>> ovn_port *op,
>> ds_clear(match);
>> ds_clear(actions);
>>
>> + /* Match 0.0.0.0 and the LRP's CIDR when 'dhcp_relay_handle_rebind'
>> + * is enabled (default); match only 0.0.0.0 when disabled. */
>> + struct ds src_ip_match = DS_EMPTY_INITIALIZER;
>> + if (dhcp_relay_handle_rebind) {
>> + ds_put_format(&src_ip_match, "ip4.src == {0.0.0.0, %s/%u}",
>> + op->lrp_networks.ipv4_addrs[0].network_s,
>> + op->lrp_networks.ipv4_addrs[0].plen);
>> + } else {
>> + ds_put_cstr(&src_ip_match, "ip4.src == 0.0.0.0");
>> + }
>> +
>> ds_put_format(
>> match, "inport == %s && "
>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && "
>> + "%s && ip4.dst == 255.255.255.255 && "
>> "ip.frag == 0 && udp.src == 68 && udp.dst == 67",
>> - op->json_key);
>> + op->json_key, ds_cstr(&src_ip_match));
>> ds_put_format(actions,
>> REGBIT_DHCP_RELAY_REQ_CHK
>> " = dhcp_relay_req_chk(%s, %s);"
>> @@ -16757,10 +16786,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct
>> ovn_port *op,
>>
>> ds_put_format(
>> match, "inport == %s && "
>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && "
>> + "%s && ip4.dst == 255.255.255.255 && "
>> "udp.src == 68 && udp.dst == 67 && "
>> REGBIT_DHCP_RELAY_REQ_CHK,
>> - op->json_key);
>> + op->json_key, ds_cstr(&src_ip_match));
>> ds_put_format(actions,
>> "ip4.src = %s; ip4.dst = %s; udp.src = 67; next; "
>> "/* DHCP_RELAY_REQ */",
>> @@ -16775,10 +16804,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct
>> ovn_port *op,
>>
>> ds_put_format(
>> match, "inport == %s && "
>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && "
>> + "%s && ip4.dst == 255.255.255.255 && "
>> "udp.src == 68 && udp.dst == 67 && "
>> REGBIT_DHCP_RELAY_REQ_CHK" == 0",
>> - op->json_key);
>> + op->json_key, ds_cstr(&src_ip_match));
>> ds_put_format(actions, "drop; /* DHCP_RELAY_REQ */");
>>
>> ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1,
>> @@ -16787,6 +16816,7 @@ build_dhcp_relay_flows_for_lrouter_port(struct
>> ovn_port *op,
>>
>> ds_clear(match);
>> ds_clear(actions);
>> + ds_destroy(&src_ip_match);
>>
>> ds_put_format(
>> match, "ip4.src == %s && ip4.dst == %s && "
>> @@ -21249,6 +21279,9 @@ ovnnb_db_run(struct northd_input *input_data,
>> false);
>> use_common_zone = smap_get_bool(input_data->nb_options,
>> "use_common_zone",
>> false);
>> + dhcp_relay_handle_rebind = smap_get_bool(input_data->nb_options,
>> + "dhcp_relay_handle_rebind",
>> + true);
>>
>> vxlan_mode = input_data->vxlan_mode;
>>
>> diff --git a/ovn-nb.xml b/ovn-nb.xml
>> index 2e8a6a6f1..f5fb775b5 100644
>> --- a/ovn-nb.xml
>> +++ b/ovn-nb.xml
>> @@ -464,6 +464,24 @@
>> </p>
>> </column>
>>
>> + <column name="options" key="dhcp_relay_handle_rebind"
>> + type='{"type": "boolean"}'>
>> + <p>
>> + Default is <code>true</code>. The DHCP relay forwards both
>> + broadcast DHCPREQUEST packets sent with no source IP
>> + assigned and those sent with the client's currently leased
>> + IP as the source address. The latter are typically sent by
>> + clients in the REBINDING state (T2 timer expiry) when they
>> + cannot reach their original DHCP server.
>> + </p>
>> +
>> + <p>
>> + Set to <code>false</code> to forward only DHCPREQUEST
>> + packets sent with no source IP assigned. Refer to
>> + <code>ovn-northd</code>(8) for the exact logical-flow match.
>> + </p>
>> + </column>
>> +
>> <group title="Options for services health check confguration">
>> <p>
>> These options are used when health configuration is enabled for
>> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
>> index 074b1526b..52b4f78a0 100644
>> --- a/tests/ovn-northd.at
>> +++ b/tests/ovn-northd.at
>> @@ -13394,23 +13394,43 @@ check ovn-nbctl --wait=sb sync
>> ovn-sbctl lflow-list > lflows
>> AT_CAPTURE_FILE([lflows])
>>
>> +# Default: match the set {0.0.0.0, lrp_cidr}.
>> AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0],
>> [dnl
>> - table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" &&
>> ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && ip.frag == 0 && udp.src
>> == 68 && udp.dst == 67), action=(reg9[[7]] = dhcp_relay_req_chk(192.168.1.1,
>> 172.16.1.1);next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" &&
>> ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] =
>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */)
>> table=??(lr_in_ip_input ), priority=110 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 &&
>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */)
>> - table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1"
>> && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 &&
>> udp.dst == 67 && reg9[[7]]), action=(ip4.src = 192.168.1.1; ip4.dst =
>> 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */)
>> - table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1"
>> && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 &&
>> udp.dst == 67 && reg9[[7]] == 0), action=(drop; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = 192.168.1.1;
>> ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /*
>> DHCP_RELAY_REQ */)
>> table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67),
>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1,
>> 172.16.1.1); next; /* DHCP_RELAY_RESP */)
>> table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1";
>> output; /* DHCP_RELAY_RESP */)
>> table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */)
>> - table=??(ls_in_l2_lkup ), priority=100 , match=(inport ==
>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == 0.0.0.0 && ip4.dst
>> == 255.255.255.255 && udp.src == 68 && udp.dst == 67), action=(eth.dst =
>> 02:00:00:00:00:01; outport = "lrp1-attachment"; next; /* DHCP_RELAY_REQ */)
>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport ==
>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == {0.0.0.0,
>> 192.168.1.0/24} && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
>> 67), action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; next;
>> /* DHCP_RELAY_REQ */)
>> ])
>>
>> -# Set invalid dhcp_relay_port in ls0
>> +# Invalid dhcp_relay_port: the ls_in_l2_lkup flow is suppressed; the
>> +# logical router flows keep the default match.
>> check ovn-nbctl --wait=sb set Logical_Switch ls0
>> other_config:dhcp_relay_port=foo
>>
>> ovn-sbctl lflow-list > lflows
>> AT_CAPTURE_FILE([lflows])
>>
>> +AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0],
>> [dnl
>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" &&
>> ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] =
>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_ip_input ), priority=110 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 &&
>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = 192.168.1.1;
>> ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /*
>> DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67),
>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1,
>> 172.16.1.1); next; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1";
>> output; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */)
>> +])
>> +
>> +# Restore the relay port and disable dhcp_relay_handle_rebind: the
>> +# relay flows now match only ip4.src == 0.0.0.0.
>> +check ovn-nbctl set Logical_Switch ls0
>> other_config:dhcp_relay_port=lrp1-attachment
>> +check ovn-nbctl --wait=sb set NB_Global .
>> options:dhcp_relay_handle_rebind=false
>> +
>> +ovn-sbctl lflow-list > lflows
>> +AT_CAPTURE_FILE([lflows])
>> +
>> AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0],
>> [dnl
>> table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" &&
>> ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && ip.frag == 0 && udp.src
>> == 68 && udp.dst == 67), action=(reg9[[7]] = dhcp_relay_req_chk(192.168.1.1,
>> 172.16.1.1);next; /* DHCP_RELAY_REQ */)
>> table=??(lr_in_ip_input ), priority=110 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 &&
>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */)
>> @@ -13419,6 +13439,24 @@ AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed
>> 's/table=../table=??/'], [0], [dnl
>> table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67),
>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1,
>> 172.16.1.1); next; /* DHCP_RELAY_RESP */)
>> table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1";
>> output; /* DHCP_RELAY_RESP */)
>> table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */)
>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport ==
>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == 0.0.0.0 && ip4.dst
>> == 255.255.255.255 && udp.src == 68 && udp.dst == 67), action=(eth.dst =
>> 02:00:00:00:00:01; outport = "lrp1-attachment"; next; /* DHCP_RELAY_REQ */)
>> +])
>> +
>> +# Remove the option: flows revert to the default match.
>> +check ovn-nbctl --wait=sb remove NB_Global . options
>> dhcp_relay_handle_rebind
>> +
>> +ovn-sbctl lflow-list > lflows
>> +AT_CAPTURE_FILE([lflows])
>> +
>> +AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0],
>> [dnl
>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" &&
>> ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] =
>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_ip_input ), priority=110 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 &&
>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = 192.168.1.1;
>> ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1"
>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 &&
>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /*
>> DHCP_RELAY_REQ */)
>> + table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67),
>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1,
>> 172.16.1.1); next; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1";
>> output; /* DHCP_RELAY_RESP */)
>> + table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src ==
>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 &&
>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */)
>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport ==
>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == {0.0.0.0,
>> 192.168.1.0/24} && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst ==
>> 67), action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; next;
>> /* DHCP_RELAY_REQ */)
>> ])
>>
>> # Clear the dhcp_relay from lrp1
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index fbaa63d99..0e2299b81 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -41221,8 +41221,12 @@ sid=$src_ip
>> # send packet
>> send_dhcp_packet $src_mac $src_ip $dst_mac $dst_ip 01 01 $yiaddr $giaddr
>> $sid vif0
>>
>> +# The default set match ip4.src == {0.0.0.0, lrp_cidr} compiles to
>> +# two OF flows; only the 0.0.0.0 one sees the DISCOVER packet.
>> +# Sort for stable ordering.
>> OVS_WAIT_FOR_OUTPUT([ovs-ofctl dump-flows br-int
>> table=$dhcp_relay_req_table | grep -v NXST | grep 255.255.255.255 | grep
>> resubmit |
>> -cut -d ' ' -f5-5 | sed "s/,//"], [0], [dnl
>> +cut -d ' ' -f5-5 | sed "s/,//" | sort], [0], [dnl
>> +n_packets=0
>> n_packets=1
>> ])
>>
>> @@ -41233,7 +41237,8 @@ giaddr=`ip_to_hex 192.168.1.1`
>> send_dhcp_packet $src_mac $src_ip $dst_mac $dst_ip 01 01 $yiaddr $giaddr
>> $sid vif0
>>
>> OVS_WAIT_FOR_OUTPUT([ovs-ofctl dump-flows br-int
>> table=$dhcp_relay_req_table | grep -v NXST | grep 255.255.255.255 | grep
>> drop |
>> -cut -d ' ' -f5-5 | sed "s/,//"], [0], [dnl
>> +cut -d ' ' -f5-5 | sed "s/,//" | sort], [0], [dnl
>> +n_packets=0
>> n_packets=1
>> ])
>>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
