Hi Lorenzo,
Em sex., 29 de mai. de 2026 às 13:29, Lorenzo Bianconi < [email protected]> escreveu: > > Optimize logical flow generation for NAT with distributed gateway ports > by removing duplicate > > priority 90/91 flows and consolidating ARP/ND flow creation in > build_lrouter_nat_arp_nd_flow(). > > Add chassis residency filtering for l3dgw ports so ARP/ND responses are > generated only on the > > correct gateway chassis, reducing flow count while preserving behavior. > > Hi Lucas, > > Can you please provide more details about why 90/91 flows are duplicated? > According to my understanding 91 prio flows are used to drop arp/nd traffic > (please note it can even be used for debugging). > I guess you should at least document the removed lflows. > > You're right, however, without 90 prio flows, 91 prio flows doesn't make sense. Packets will be dropped by default rule drop from this table. Do you think it's better to add a description about the logical flows in the commit message? Regards, Lucas Regards, > Lorenzo > > > > > Signed-off-by: Lucas Vargas Dias <[email protected]> > > --- > > northd/northd.c | 119 ++++++++++++++++++++------------------------ > > tests/ovn-northd.at | 66 +++--------------------- > > 2 files changed, 61 insertions(+), 124 deletions(-) > > > > diff --git a/northd/northd.c b/northd/northd.c > > index 0ea7c1b95..e70738a16 100644 > > --- a/northd/northd.c > > +++ b/northd/northd.c > > @@ -13900,7 +13900,7 @@ lrouter_nat_add_ext_ip_match(const struct > ovn_datapath *od, > > static void > > build_lrouter_arp_flow(const struct ovn_datapath *od, struct ovn_port > *op, > > const char *ip_address, const char *eth_addr, > > - struct ds *extra_match, bool drop, uint16_t > priority, > > + struct ds *extra_match, uint16_t priority, > > const struct ovsdb_idl_row *hint, > > struct lflow_table *lflows, > > struct lflow_ref *lflow_ref) > > @@ -13917,22 +13917,19 @@ build_lrouter_arp_flow(const struct > ovn_datapath *od, struct ovn_port *op, > > if (extra_match && ds_last(extra_match) != EOF) { > > ds_put_format(&match, " && %s", ds_cstr(extra_match)); > > } > > - if (drop) { > > - ds_put_cstr(&actions, debug_drop_action()); > > - } else { > > - ds_put_format(&actions, > > - "eth.dst = eth.src; " > > - "eth.src = %s; " > > - "arp.op = 2; /* ARP reply */ " > > - "arp.tha = arp.sha; " > > - "arp.sha = %s; " > > - "arp.tpa <-> arp.spa; " > > - "outport = inport; " > > - "flags.loopback = 1; " > > - "output;", > > - eth_addr, > > - eth_addr); > > - } > > + > > + ds_put_format(&actions, > > + "eth.dst = eth.src; " > > + "eth.src = %s; " > > + "arp.op = 2; /* ARP reply */ " > > + "arp.tha = arp.sha; " > > + "arp.sha = %s; " > > + "arp.tpa <-> arp.spa; " > > + "outport = inport; " > > + "flags.loopback = 1; " > > + "output;", > > + eth_addr, > > + eth_addr); > > > > ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > ds_cstr(&match), > > ds_cstr(&actions), lflow_ref, WITH_HINT(hint)); > > @@ -13951,7 +13948,7 @@ static void > > build_lrouter_nd_flow(const struct ovn_datapath *od, struct ovn_port > *op, > > const char *action, const char *ip_address, > > const char *sn_ip_address, const char *eth_addr, > > - struct ds *extra_match, bool drop, uint16_t > priority, > > + struct ds *extra_match, uint16_t priority, > > const struct ovsdb_idl_row *hint, > > struct lflow_table *lflows, > > const struct shash *meter_groups, > > @@ -13975,31 +13972,26 @@ build_lrouter_nd_flow(const struct > ovn_datapath *od, struct ovn_port *op, > > ds_put_format(&match, " && %s", ds_cstr(extra_match)); > > } > > > > - if (drop) { > > - ds_put_cstr(&actions, debug_drop_action()); > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > - ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > - WITH_HINT(hint)); > > - } else { > > - ds_put_format(&actions, > > - "%s { " > > - "eth.src = %s; " > > - "ip6.src = nd.target; " > > - "nd.tll = %s; " > > - "outport = inport; " > > - "flags.loopback = 1; " > > - "output; " > > - "};", > > - action, > > - eth_addr, > > - eth_addr); > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > - ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > - WITH_CTRL_METER(copp_meter_get(COPP_ND_NA, > > - od->nbr->copp, > > - meter_groups)), > > - WITH_HINT(hint)); > > - } > > + > > + ds_put_format(&actions, > > + "%s { " > > + "eth.src = %s; " > > + "ip6.src = nd.target; " > > + "nd.tll = %s; " > > + "outport = inport; " > > + "flags.loopback = 1; " > > + "output; " > > + "};", > > + action, > > + eth_addr, > > + eth_addr); > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > + ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > + WITH_CTRL_METER(copp_meter_get(COPP_ND_NA, > > + od->nbr->copp, > > + meter_groups)), > > + WITH_HINT(hint)); > > + > > > > ds_destroy(&match); > > ds_destroy(&actions); > > @@ -14007,6 +13999,7 @@ build_lrouter_nd_flow(const struct ovn_datapath > *od, struct ovn_port *op, > > > > static void > > build_lrouter_nat_arp_nd_flow(const struct ovn_datapath *od, > > + struct ovn_port *op, > > struct ovn_nat *nat_entry, > > struct lflow_table *lflows, > > const struct shash *meter_groups, > > @@ -14014,18 +14007,21 @@ build_lrouter_nat_arp_nd_flow(const struct > ovn_datapath *od, > > { > > struct lport_addresses *ext_addrs = &nat_entry->ext_addrs; > > const struct nbrec_nat *nat = nat_entry->nb; > > + if (op && lrp_is_l3dgw(op) && (!op->peer || !op->peer->cr_port)) { > > + return; > > + } > > > > if (nat_entry_is_v6(nat_entry)) { > > build_lrouter_nd_flow(od, NULL, "nd_na", > > ext_addrs->ipv6_addrs[0].addr_s, > > ext_addrs->ipv6_addrs[0].sn_addr_s, > > - REG_INPORT_ETH_ADDR, NULL, false, 90, > > + REG_INPORT_ETH_ADDR, NULL, 90, > > &nat->header_, lflows, meter_groups, > > lflow_ref); > > } else { > > build_lrouter_arp_flow(od, NULL, > > ext_addrs->ipv4_addrs[0].addr_s, > > - REG_INPORT_ETH_ADDR, NULL, false, 90, > > + REG_INPORT_ETH_ADDR, NULL, 90, > > &nat->header_, lflows, > > lflow_ref); > > } > > @@ -14091,24 +14087,13 @@ build_lrouter_port_nat_arp_nd_flow(struct > ovn_port *op, > > build_lrouter_nd_flow(op->od, op, "nd_na", > > ext_addrs->ipv6_addrs[0].addr_s, > > ext_addrs->ipv6_addrs[0].sn_addr_s, > > - mac_s, &match, false, 92, > > - &nat->header_, lflows, meter_groups, > > - lflow_ref); > > - build_lrouter_nd_flow(op->od, op, "nd_na", > > - ext_addrs->ipv6_addrs[0].addr_s, > > - ext_addrs->ipv6_addrs[0].sn_addr_s, > > - mac_s, NULL, true, 91, > > + mac_s, &match, 92, > > &nat->header_, lflows, meter_groups, > > lflow_ref); > > } else { > > build_lrouter_arp_flow(op->od, op, > > ext_addrs->ipv4_addrs[0].addr_s, > > - mac_s, &match, false, 92, > > - &nat->header_, lflows, > > - lflow_ref); > > - build_lrouter_arp_flow(op->od, op, > > - ext_addrs->ipv4_addrs[0].addr_s, > > - mac_s, NULL, true, 91, > > + mac_s, &match, 92, > > &nat->header_, lflows, > > lflow_ref); > > } > > @@ -17014,7 +16999,7 @@ build_ipv6_input_flows_for_lrouter_port( > > build_lrouter_nd_flow(op->od, op, "nd_na_router", > > op->lrp_networks.ipv6_addrs[i].addr_s, > > op->lrp_networks.ipv6_addrs[i].sn_addr_s, > > - REG_INPORT_ETH_ADDR, match, false, 90, > > + REG_INPORT_ETH_ADDR, match, 90, > > &op->nbrp->header_, lflows, meter_groups, > > lflow_ref); > > } > > @@ -17130,8 +17115,9 @@ build_lrouter_arp_nd_for_datapath(const struct > ovn_datapath *od, > > if (nat_entry->type == SNAT) { > > continue; > > } > > - build_lrouter_nat_arp_nd_flow(od, nat_entry, lflows, > meter_groups, > > - lflow_ref); > > + > > + build_lrouter_nat_arp_nd_flow(od, nat_entry->l3dgw_port, > nat_entry, > > + lflows, meter_groups, lflow_ref); > > } > > > > /* Now handle SNAT entries too, one per unique SNAT IP. */ > > @@ -17146,8 +17132,9 @@ build_lrouter_arp_nd_for_datapath(const struct > ovn_datapath *od, > > struct ovn_nat *nat_entry = > > CONTAINER_OF(ovs_list_front(&snat_ip->snat_entries), > > struct ovn_nat, ext_addr_list_node); > > - build_lrouter_nat_arp_nd_flow(od, nat_entry, lflows, > meter_groups, > > - lflow_ref); > > + > > + build_lrouter_nat_arp_nd_flow(od, nat_entry->l3dgw_port, > nat_entry, > > + lflows, meter_groups, lflow_ref); > > } > > } > > > > @@ -17221,7 +17208,7 @@ build_lrouter_ipv4_ip_input(struct ovn_port *op, > > > > build_lrouter_arp_flow(op->od, op, > > op->lrp_networks.ipv4_addrs[i].addr_s, > > - REG_INPORT_ETH_ADDR, match, false, 90, > > + REG_INPORT_ETH_ADDR, match, 90, > > &op->nbrp->header_, lflows, lflow_ref); > > } > > > > @@ -17324,7 +17311,7 @@ build_lrouter_ipv4_ip_input_for_lbnats( > > AF_INET); > > build_lrouter_arp_flow(op->od, op, lb_ips_v4_as, > > REG_INPORT_ETH_ADDR, > > - match, false, 90, NULL, lflows, > lflow_ref); > > + match, 90, NULL, lflows, lflow_ref); > > free(lb_ips_v4_as); > > } > > > > @@ -17340,7 +17327,7 @@ build_lrouter_ipv4_ip_input_for_lbnats( > > char *lb_ips_v6_as = lr_lb_address_set_ref(op->od->tunnel_key, > > AF_INET6); > > build_lrouter_nd_flow(op->od, op, "nd_na", lb_ips_v6_as, NULL, > > - REG_INPORT_ETH_ADDR, match, false, 90, > > + REG_INPORT_ETH_ADDR, match, 90, > > NULL, lflows, meter_groups, lflow_ref); > > free(lb_ips_v6_as); > > } > > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at > > index 26a19bd96..c88b865eb 100644 > > --- a/tests/ovn-northd.at > > +++ b/tests/ovn-northd.at > > @@ -2185,18 +2185,6 @@ action=(xreg0[[0..47]] = 00:00:00:00:01:00; next;) > > # Priority 90 flows (per router). > > AT_CHECK_UNQUOTED([ovn-sbctl lflow-list | grep -E > "lr_in_ip_input.*priority=90" | grep "arp\|nd" | ovn_strip_lflows], [0], > [dnl > > table=??(lr_in_ip_input ), priority=90 , dnl > > -match=(arp.op == 1 && arp.tpa == 43.43.43.150), dnl > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , dnl > > -match=(arp.op == 1 && arp.tpa == 43.43.43.2), dnl > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , dnl > > -match=(arp.op == 1 && arp.tpa == 43.43.43.3), dnl > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , dnl > > -match=(arp.op == 1 && arp.tpa == 43.43.43.4), dnl > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , dnl > > match=(inport == "lrp" && arp.op == 1 && arp.tpa == \$${lb_as_v4}), dnl > > action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > table=??(lr_in_ip_input ), priority=90 , dnl > > @@ -2225,19 +2213,10 @@ match=(inport == "lrp-public" && nd_ns && > nd.target == \$${lb_as_v6} && is_chass > > action=(nd_na { eth.src = xreg0[[0..47]]; ip6.src = nd.target; nd.tll = > xreg0[[0..47]]; outport = inport; flags.loopback = 1; output; };) > > ]) > > > > -# Priority 91 drop flows (per distributed gw port), if port is not > resident. > > -AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_ip_input.*priority=91" > | grep "arp\|nd" | ovn_strip_lflows], [0], [dnl > > - table=??(lr_in_ip_input ), priority=91 , dnl > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == > 43.43.43.150), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , dnl > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == 43.43.43.2), > dnl > > -action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , dnl > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == 43.43.43.3), > dnl > > -action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , dnl > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == 43.43.43.4), > dnl > > -action=(drop;) > > +# Priority 85 drop using the default drop from table lr_in_ip_input. > > +AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_ip_input.*priority=85" > | grep "arp\|nd" | ovn_strip_lflows], [0], [dnl > > + table=??(lr_in_ip_input ), priority=85 , dnl > > +match=(arp || nd), action=(drop;) > > ]) > > > > # Priority 92 ARP/NS responders (per distributed gw port), if port is > resident. > > @@ -8803,13 +8782,8 @@ check ovn-nbctl --wait=sb sync > > ovn-sbctl dump-flows DR > lrflows > > AT_CAPTURE_FILE([lrflows]) > > > > -AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e 172.16.1.10 > -e 10.0.0.10 -e 192.168.0.10 | ovn_strip_lflows], [0], [dnl > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 192.168.0.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10), action=(drop;) > > +AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e 172.16.1.10 > -e 10.0.0.10 -e 192.168.0.10 -e drop| ovn_strip_lflows], [0], [dnl > > + table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10 && > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > @@ -8851,12 +8825,8 @@ check ovn-nbctl --wait=sb sync > > ovn-sbctl dump-flows DR > lrflows > > AT_CAPTURE_FILE([lrflows]) > > > > -AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e 172.16.1.10 > -e 10.0.0.10 | ovn_strip_lflows], [0], [dnl > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > +AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e 172.16.1.10 > -e 10.0.0.10 -e drop| ovn_strip_lflows], [0], [dnl > > + table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 172.16.1.10 && > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > @@ -8890,12 +8860,6 @@ ovn-sbctl dump-flows DR > lrflows > > AT_CAPTURE_FILE([lrflows]) > > > > AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e 172.16.1.10 > -e 10.0.0.10 -e 192.168.0.10 | ovn_strip_lflows], [0], [dnl > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 192.168.0.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10), action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10 && > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > @@ -14408,9 +14372,6 @@ AT_CHECK([grep "lr_in_ip_input" lr0flows | > ovn_strip_lflows], [0], [dnl > > table=??(lr_in_ip_input ), priority=83 , > match=(ip6.mcast_rsvd), action=(drop;) > > table=??(lr_in_ip_input ), priority=84 , match=(nd_rs || > nd_ra), action=(next;) > > table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > action=(drop;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.100), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.10 && arp.spa == > 172.168.0.0/24 && is_chassis_resident("cr-lr0-public")), action=(eth.dst > = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = > arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; > flags.loopback = 1; output;) > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > "lr0-public" && ip6.dst == {fe80::200:ff:fe00:ff02, ff02::1:ff00:ff02} && > nd_ns && nd.target == fe80::200:ff:fe00:ff02 && > is_chassis_resident("cr-lr0-public")), action=(nd_na_router { eth.src = > xreg0[[0..47]]; ip6.src = nd.target; nd.tll = xreg0[[0..47]]; outport = > inport; flags.loopback = 1; output; };) > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > "lr0-sw0" && arp.op == 1 && arp.tpa == 10.0.0.1 && arp.spa == 10.0.0.0/24), > action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; > outport = inport; flags.loopback = 1; output;) > > @@ -14423,9 +14384,6 @@ AT_CHECK([grep "lr_in_ip_input" lr0flows | > ovn_strip_lflows], [0], [dnl > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > fe80::200:ff:fe00:ff01 && icmp6.type == 128 && icmp6.code == 0), > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; flags.loopback > = 1; next; ) > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > fe80::200:ff:fe00:ff02 && icmp6.type == 128 && icmp6.code == 0), > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; flags.loopback > = 1; next; ) > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > fe80::200:ff:fe00:ff03 && icmp6.type == 128 && icmp6.code == 0), > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; flags.loopback > = 1; next; ) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.100), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.100 && > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; flags.loopback = > 1; output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > @@ -14524,10 +14482,6 @@ AT_CHECK([grep -Fe "172.168.0.110" -e > "172.168.0.120" -e "10.0.0.3" -e "20.0.0.3 > > table=??(lr_in_dnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.110 && inport == "lr0-public"), action=(ct_dnat(10.0.0.3);) > > table=??(lr_in_dnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.120 && inport == "lr0-public" && > is_chassis_resident("cr-lr0-public")), action=(ct_dnat(20.0.0.3);) > > table=??(lr_in_gw_redirect ), priority=100 , match=(ip4.src == > 10.0.0.3 && outport == "lr0-public" && is_chassis_resident("sw0-port1")), > action=(eth.src = 30:54:00:00:00:03; reg5 = 172.168.0.110; next;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; flags.loopback = > 1; output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_unsnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.110 && inport == "lr0-public"), action=(ct_snat;) > > @@ -14778,10 +14732,6 @@ AT_CHECK([grep -Fe "172.168.0.110" -e > "172.168.0.120" -e "10.0.0.3" -e "20.0.0.3 > > table=??(lr_in_dnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.110 && inport == "lr0-public"), action=(ct_dnat(10.0.0.3);) > > table=??(lr_in_dnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.120 && inport == "lr0-public" && > is_chassis_resident("cr-lr0-public")), action=(ct_dnat(20.0.0.3);) > > table=??(lr_in_gw_redirect ), priority=100 , match=(ip4.src == > 10.0.0.3 && outport == "lr0-public" && is_chassis_resident("sw0-port1")), > action=(eth.src = 30:54:00:00:00:03; reg5 = 172.168.0.110; next;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 && > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), action=(drop;) > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), action=(drop;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; flags.loopback = > 1; output;) > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; > output;) > > table=??(lr_in_unsnat ), priority=100 , match=(ip && ip4.dst > == 172.168.0.110 && inport == "lr0-public"), action=(ct_snat;) > > -- > > 2.43.0 > > > > > > -- > > > > > > > > > > _'Esta mensagem é direcionada apenas para os endereços constantes no > > cabeçalho inicial. Se você não está listado nos endereços constantes no > > cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa > > mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas > estão > > imediatamente anuladas e proibidas'._ > > > > > > * **'Apesar do Magazine Luiza tomar > > todas as precauções razoáveis para assegurar que nenhum vírus esteja > > presente nesse e-mail, a empresa não poderá aceitar a responsabilidade > por > > quaisquer perdas ou danos causados por esse e-mail ou por seus anexos'.* > > > > > > > > _______________________________________________ > > dev mailing list > > [email protected] > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > -- _‘Esta mensagem é direcionada apenas para os endereços constantes no cabeçalho inicial. Se você não está listado nos endereços constantes no cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão imediatamente anuladas e proibidas’._ * **‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.* _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
