Hi Lorenzo For this case when it can be used for debugging, do you think that default drop (priority 85) could be replaced by debug_drop_action?
Regards, Lucas Em qui., 4 de jun. de 2026 às 07:00, Lorenzo Bianconi < [email protected]> escreveu: > > Hi Lorenzo, > > > > > > Em sex., 29 de mai. de 2026 às 13:29, Lorenzo Bianconi < > > [email protected]> escreveu: > > > > > > Optimize logical flow generation for NAT with distributed gateway > ports > > > by removing duplicate > > > > priority 90/91 flows and consolidating ARP/ND flow creation in > > > build_lrouter_nat_arp_nd_flow(). > > > > Add chassis residency filtering for l3dgw ports so ARP/ND responses > are > > > generated only on the > > > > correct gateway chassis, reducing flow count while preserving > behavior. > > > > > > Hi Lucas, > > > > > > Can you please provide more details about why 90/91 flows are > duplicated? > > > According to my understanding 91 prio flows are used to drop arp/nd > traffic > > > (please note it can even be used for debugging). > > > I guess you should at least document the removed lflows. > > > > > > > > You're right, however, without 90 prio flows, 91 prio flows doesn't make > > sense. > > Packets will be dropped by default rule drop from this table. > > Do you think it's better to add a description about the logical flows in > > the commit message? > > My point is debug_drop_action() can be used even for debugging purposes > providing > statistics, it does not just silently drop the packet. > > Regards, > Lorenzo > > > > > Regards, > > Lucas > > > > Regards, > > > Lorenzo > > > > > > > > > > > Signed-off-by: Lucas Vargas Dias <[email protected]> > > > > --- > > > > northd/northd.c | 119 > ++++++++++++++++++++------------------------ > > > > tests/ovn-northd.at | 66 +++--------------------- > > > > 2 files changed, 61 insertions(+), 124 deletions(-) > > > > > > > > diff --git a/northd/northd.c b/northd/northd.c > > > > index 0ea7c1b95..e70738a16 100644 > > > > --- a/northd/northd.c > > > > +++ b/northd/northd.c > > > > @@ -13900,7 +13900,7 @@ lrouter_nat_add_ext_ip_match(const struct > > > ovn_datapath *od, > > > > static void > > > > build_lrouter_arp_flow(const struct ovn_datapath *od, struct > ovn_port > > > *op, > > > > const char *ip_address, const char *eth_addr, > > > > - struct ds *extra_match, bool drop, uint16_t > > > priority, > > > > + struct ds *extra_match, uint16_t priority, > > > > const struct ovsdb_idl_row *hint, > > > > struct lflow_table *lflows, > > > > struct lflow_ref *lflow_ref) > > > > @@ -13917,22 +13917,19 @@ build_lrouter_arp_flow(const struct > > > ovn_datapath *od, struct ovn_port *op, > > > > if (extra_match && ds_last(extra_match) != EOF) { > > > > ds_put_format(&match, " && %s", ds_cstr(extra_match)); > > > > } > > > > - if (drop) { > > > > - ds_put_cstr(&actions, debug_drop_action()); > > > > - } else { > > > > - ds_put_format(&actions, > > > > - "eth.dst = eth.src; " > > > > - "eth.src = %s; " > > > > - "arp.op = 2; /* ARP reply */ " > > > > - "arp.tha = arp.sha; " > > > > - "arp.sha = %s; " > > > > - "arp.tpa <-> arp.spa; " > > > > - "outport = inport; " > > > > - "flags.loopback = 1; " > > > > - "output;", > > > > - eth_addr, > > > > - eth_addr); > > > > - } > > > > + > > > > + ds_put_format(&actions, > > > > + "eth.dst = eth.src; " > > > > + "eth.src = %s; " > > > > + "arp.op = 2; /* ARP reply */ " > > > > + "arp.tha = arp.sha; " > > > > + "arp.sha = %s; " > > > > + "arp.tpa <-> arp.spa; " > > > > + "outport = inport; " > > > > + "flags.loopback = 1; " > > > > + "output;", > > > > + eth_addr, > > > > + eth_addr); > > > > > > > > ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > > ds_cstr(&match), > > > > ds_cstr(&actions), lflow_ref, WITH_HINT(hint)); > > > > @@ -13951,7 +13948,7 @@ static void > > > > build_lrouter_nd_flow(const struct ovn_datapath *od, struct ovn_port > > > *op, > > > > const char *action, const char *ip_address, > > > > const char *sn_ip_address, const char > *eth_addr, > > > > - struct ds *extra_match, bool drop, uint16_t > > > priority, > > > > + struct ds *extra_match, uint16_t priority, > > > > const struct ovsdb_idl_row *hint, > > > > struct lflow_table *lflows, > > > > const struct shash *meter_groups, > > > > @@ -13975,31 +13972,26 @@ build_lrouter_nd_flow(const struct > > > ovn_datapath *od, struct ovn_port *op, > > > > ds_put_format(&match, " && %s", ds_cstr(extra_match)); > > > > } > > > > > > > > - if (drop) { > > > > - ds_put_cstr(&actions, debug_drop_action()); > > > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > > > - ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > > > - WITH_HINT(hint)); > > > > - } else { > > > > - ds_put_format(&actions, > > > > - "%s { " > > > > - "eth.src = %s; " > > > > - "ip6.src = nd.target; " > > > > - "nd.tll = %s; " > > > > - "outport = inport; " > > > > - "flags.loopback = 1; " > > > > - "output; " > > > > - "};", > > > > - action, > > > > - eth_addr, > > > > - eth_addr); > > > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > > > - ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > > > - WITH_CTRL_METER(copp_meter_get(COPP_ND_NA, > > > > - od->nbr->copp, > > > > - meter_groups)), > > > > - WITH_HINT(hint)); > > > > - } > > > > + > > > > + ds_put_format(&actions, > > > > + "%s { " > > > > + "eth.src = %s; " > > > > + "ip6.src = nd.target; " > > > > + "nd.tll = %s; " > > > > + "outport = inport; " > > > > + "flags.loopback = 1; " > > > > + "output; " > > > > + "};", > > > > + action, > > > > + eth_addr, > > > > + eth_addr); > > > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, priority, > > > > + ds_cstr(&match), ds_cstr(&actions), lflow_ref, > > > > + WITH_CTRL_METER(copp_meter_get(COPP_ND_NA, > > > > + od->nbr->copp, > > > > + meter_groups)), > > > > + WITH_HINT(hint)); > > > > + > > > > > > > > ds_destroy(&match); > > > > ds_destroy(&actions); > > > > @@ -14007,6 +13999,7 @@ build_lrouter_nd_flow(const struct > ovn_datapath > > > *od, struct ovn_port *op, > > > > > > > > static void > > > > build_lrouter_nat_arp_nd_flow(const struct ovn_datapath *od, > > > > + struct ovn_port *op, > > > > struct ovn_nat *nat_entry, > > > > struct lflow_table *lflows, > > > > const struct shash *meter_groups, > > > > @@ -14014,18 +14007,21 @@ build_lrouter_nat_arp_nd_flow(const struct > > > ovn_datapath *od, > > > > { > > > > struct lport_addresses *ext_addrs = &nat_entry->ext_addrs; > > > > const struct nbrec_nat *nat = nat_entry->nb; > > > > + if (op && lrp_is_l3dgw(op) && (!op->peer || > !op->peer->cr_port)) { > > > > + return; > > > > + } > > > > > > > > if (nat_entry_is_v6(nat_entry)) { > > > > build_lrouter_nd_flow(od, NULL, "nd_na", > > > > ext_addrs->ipv6_addrs[0].addr_s, > > > > ext_addrs->ipv6_addrs[0].sn_addr_s, > > > > - REG_INPORT_ETH_ADDR, NULL, false, 90, > > > > + REG_INPORT_ETH_ADDR, NULL, 90, > > > > &nat->header_, lflows, meter_groups, > > > > lflow_ref); > > > > } else { > > > > build_lrouter_arp_flow(od, NULL, > > > > ext_addrs->ipv4_addrs[0].addr_s, > > > > - REG_INPORT_ETH_ADDR, NULL, false, 90, > > > > + REG_INPORT_ETH_ADDR, NULL, 90, > > > > &nat->header_, lflows, > > > > lflow_ref); > > > > } > > > > @@ -14091,24 +14087,13 @@ build_lrouter_port_nat_arp_nd_flow(struct > > > ovn_port *op, > > > > build_lrouter_nd_flow(op->od, op, "nd_na", > > > > ext_addrs->ipv6_addrs[0].addr_s, > > > > ext_addrs->ipv6_addrs[0].sn_addr_s, > > > > - mac_s, &match, false, 92, > > > > - &nat->header_, lflows, meter_groups, > > > > - lflow_ref); > > > > - build_lrouter_nd_flow(op->od, op, "nd_na", > > > > - ext_addrs->ipv6_addrs[0].addr_s, > > > > - ext_addrs->ipv6_addrs[0].sn_addr_s, > > > > - mac_s, NULL, true, 91, > > > > + mac_s, &match, 92, > > > > &nat->header_, lflows, meter_groups, > > > > lflow_ref); > > > > } else { > > > > build_lrouter_arp_flow(op->od, op, > > > > ext_addrs->ipv4_addrs[0].addr_s, > > > > - mac_s, &match, false, 92, > > > > - &nat->header_, lflows, > > > > - lflow_ref); > > > > - build_lrouter_arp_flow(op->od, op, > > > > - ext_addrs->ipv4_addrs[0].addr_s, > > > > - mac_s, NULL, true, 91, > > > > + mac_s, &match, 92, > > > > &nat->header_, lflows, > > > > lflow_ref); > > > > } > > > > @@ -17014,7 +16999,7 @@ build_ipv6_input_flows_for_lrouter_port( > > > > build_lrouter_nd_flow(op->od, op, "nd_na_router", > > > > op->lrp_networks.ipv6_addrs[i].addr_s, > > > > > op->lrp_networks.ipv6_addrs[i].sn_addr_s, > > > > - REG_INPORT_ETH_ADDR, match, false, 90, > > > > + REG_INPORT_ETH_ADDR, match, 90, > > > > &op->nbrp->header_, lflows, > meter_groups, > > > > lflow_ref); > > > > } > > > > @@ -17130,8 +17115,9 @@ build_lrouter_arp_nd_for_datapath(const > struct > > > ovn_datapath *od, > > > > if (nat_entry->type == SNAT) { > > > > continue; > > > > } > > > > - build_lrouter_nat_arp_nd_flow(od, nat_entry, lflows, > > > meter_groups, > > > > - lflow_ref); > > > > + > > > > + build_lrouter_nat_arp_nd_flow(od, nat_entry->l3dgw_port, > > > nat_entry, > > > > + lflows, meter_groups, > lflow_ref); > > > > } > > > > > > > > /* Now handle SNAT entries too, one per unique SNAT IP. */ > > > > @@ -17146,8 +17132,9 @@ build_lrouter_arp_nd_for_datapath(const > struct > > > ovn_datapath *od, > > > > struct ovn_nat *nat_entry = > > > > CONTAINER_OF(ovs_list_front(&snat_ip->snat_entries), > > > > struct ovn_nat, ext_addr_list_node); > > > > - build_lrouter_nat_arp_nd_flow(od, nat_entry, lflows, > > > meter_groups, > > > > - lflow_ref); > > > > + > > > > + build_lrouter_nat_arp_nd_flow(od, nat_entry->l3dgw_port, > > > nat_entry, > > > > + lflows, meter_groups, > lflow_ref); > > > > } > > > > } > > > > > > > > @@ -17221,7 +17208,7 @@ build_lrouter_ipv4_ip_input(struct ovn_port > *op, > > > > > > > > build_lrouter_arp_flow(op->od, op, > > > > > op->lrp_networks.ipv4_addrs[i].addr_s, > > > > - REG_INPORT_ETH_ADDR, match, false, > 90, > > > > + REG_INPORT_ETH_ADDR, match, 90, > > > > &op->nbrp->header_, lflows, > lflow_ref); > > > > } > > > > > > > > @@ -17324,7 +17311,7 @@ build_lrouter_ipv4_ip_input_for_lbnats( > > > > AF_INET); > > > > build_lrouter_arp_flow(op->od, op, lb_ips_v4_as, > > > > REG_INPORT_ETH_ADDR, > > > > - match, false, 90, NULL, lflows, > > > lflow_ref); > > > > + match, 90, NULL, lflows, lflow_ref); > > > > free(lb_ips_v4_as); > > > > } > > > > > > > > @@ -17340,7 +17327,7 @@ build_lrouter_ipv4_ip_input_for_lbnats( > > > > char *lb_ips_v6_as = > lr_lb_address_set_ref(op->od->tunnel_key, > > > > AF_INET6); > > > > build_lrouter_nd_flow(op->od, op, "nd_na", lb_ips_v6_as, > NULL, > > > > - REG_INPORT_ETH_ADDR, match, false, 90, > > > > + REG_INPORT_ETH_ADDR, match, 90, > > > > NULL, lflows, meter_groups, > lflow_ref); > > > > free(lb_ips_v6_as); > > > > } > > > > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at > > > > index 26a19bd96..c88b865eb 100644 > > > > --- a/tests/ovn-northd.at > > > > +++ b/tests/ovn-northd.at > > > > @@ -2185,18 +2185,6 @@ action=(xreg0[[0..47]] = 00:00:00:00:01:00; > next;) > > > > # Priority 90 flows (per router). > > > > AT_CHECK_UNQUOTED([ovn-sbctl lflow-list | grep -E > > > "lr_in_ip_input.*priority=90" | grep "arp\|nd" | ovn_strip_lflows], > [0], > > > [dnl > > > > table=??(lr_in_ip_input ), priority=90 , dnl > > > > -match=(arp.op == 1 && arp.tpa == 43.43.43.150), dnl > > > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* > ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , dnl > > > > -match=(arp.op == 1 && arp.tpa == 43.43.43.2), dnl > > > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* > ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , dnl > > > > -match=(arp.op == 1 && arp.tpa == 43.43.43.3), dnl > > > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* > ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , dnl > > > > -match=(arp.op == 1 && arp.tpa == 43.43.43.4), dnl > > > > -action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* > ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , dnl > > > > match=(inport == "lrp" && arp.op == 1 && arp.tpa == \$${lb_as_v4}), > dnl > > > > action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* > ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > table=??(lr_in_ip_input ), priority=90 , dnl > > > > @@ -2225,19 +2213,10 @@ match=(inport == "lrp-public" && nd_ns && > > > nd.target == \$${lb_as_v6} && is_chass > > > > action=(nd_na { eth.src = xreg0[[0..47]]; ip6.src = nd.target; > nd.tll = > > > xreg0[[0..47]]; outport = inport; flags.loopback = 1; output; };) > > > > ]) > > > > > > > > -# Priority 91 drop flows (per distributed gw port), if port is not > > > resident. > > > > -AT_CHECK([ovn-sbctl lflow-list | grep -E > "lr_in_ip_input.*priority=91" > > > | grep "arp\|nd" | ovn_strip_lflows], [0], [dnl > > > > - table=??(lr_in_ip_input ), priority=91 , dnl > > > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == > > > 43.43.43.150), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , dnl > > > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == > 43.43.43.2), > > > dnl > > > > -action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , dnl > > > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == > 43.43.43.3), > > > dnl > > > > -action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , dnl > > > > -match=(inport == "lrp-public" && arp.op == 1 && arp.tpa == > 43.43.43.4), > > > dnl > > > > -action=(drop;) > > > > +# Priority 85 drop using the default drop from table lr_in_ip_input. > > > > +AT_CHECK([ovn-sbctl lflow-list | grep -E > "lr_in_ip_input.*priority=85" > > > | grep "arp\|nd" | ovn_strip_lflows], [0], [dnl > > > > + table=??(lr_in_ip_input ), priority=85 , dnl > > > > +match=(arp || nd), action=(drop;) > > > > ]) > > > > > > > > # Priority 92 ARP/NS responders (per distributed gw port), if port > is > > > resident. > > > > @@ -8803,13 +8782,8 @@ check ovn-nbctl --wait=sb sync > > > > ovn-sbctl dump-flows DR > lrflows > > > > AT_CAPTURE_FILE([lrflows]) > > > > > > > > -AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e > 172.16.1.10 > > > -e 10.0.0.10 -e 192.168.0.10 | ovn_strip_lflows], [0], [dnl > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; > > > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; > > > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 192.168.0.10), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10), action=(drop;) > > > > +AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e > 172.16.1.10 > > > -e 10.0.0.10 -e 192.168.0.10 -e drop| ovn_strip_lflows], [0], [dnl > > > > + table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > > > action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > > > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > > > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10 && > > > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > @@ -8851,12 +8825,8 @@ check ovn-nbctl --wait=sb sync > > > > ovn-sbctl dump-flows DR > lrflows > > > > AT_CAPTURE_FILE([lrflows]) > > > > > > > > -AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e > 172.16.1.10 > > > -e 10.0.0.10 | ovn_strip_lflows], [0], [dnl > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; > > > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; > > > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > > > +AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e > 172.16.1.10 > > > -e 10.0.0.10 -e drop| ovn_strip_lflows], [0], [dnl > > > > + table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > > > action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > > > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > > > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 172.16.1.10 && > > > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > @@ -8890,12 +8860,6 @@ ovn-sbctl dump-flows DR > lrflows > > > > AT_CAPTURE_FILE([lrflows]) > > > > > > > > AT_CHECK([grep lr_in_ip_input lrflows | grep arp | grep -e > 172.16.1.10 > > > -e 10.0.0.10 -e 192.168.0.10 | ovn_strip_lflows], [0], [dnl > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 10.0.0.10), action=(eth.dst = eth.src; eth.src = > xreg0[[0..47]]; > > > arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = > xreg0[[0..47]]; > > > arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.16.1.10), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 192.168.0.10), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10), action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10), action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S1" && arp.op == 1 && arp.tpa == 172.16.1.10 && > > > is_chassis_resident("cr-DR-S1")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S2" && arp.op == 1 && arp.tpa == 10.0.0.10 && > > > is_chassis_resident("cr-DR-S2")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "DR-S3" && arp.op == 1 && arp.tpa == 192.168.0.10 && > > > is_chassis_resident("cr-DR-S3")), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > @@ -14408,9 +14372,6 @@ AT_CHECK([grep "lr_in_ip_input" lr0flows | > > > ovn_strip_lflows], [0], [dnl > > > > table=??(lr_in_ip_input ), priority=83 , > > > match=(ip6.mcast_rsvd), action=(drop;) > > > > table=??(lr_in_ip_input ), priority=84 , match=(nd_rs || > > > nd_ra), action=(next;) > > > > table=??(lr_in_ip_input ), priority=85 , match=(arp || nd), > > > action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.100), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.10 && arp.spa == > > > 172.168.0.0/24 && is_chassis_resident("cr-lr0-public")), > action=(eth.dst > > > = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP reply */ > arp.tha = > > > arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = > inport; > > > flags.loopback = 1; output;) > > > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > > > "lr0-public" && ip6.dst == {fe80::200:ff:fe00:ff02, ff02::1:ff00:ff02} > && > > > nd_ns && nd.target == fe80::200:ff:fe00:ff02 && > > > is_chassis_resident("cr-lr0-public")), action=(nd_na_router { eth.src = > > > xreg0[[0..47]]; ip6.src = nd.target; nd.tll = xreg0[[0..47]]; outport = > > > inport; flags.loopback = 1; output; };) > > > > table=??(lr_in_ip_input ), priority=90 , match=(inport == > > > "lr0-sw0" && arp.op == 1 && arp.tpa == 10.0.0.1 && arp.spa == > 10.0.0.0/24), > > > action=(eth.dst = eth.src; eth.src = xreg0[[0..47]]; arp.op = 2; /* ARP > > > reply */ arp.tha = arp.sha; arp.sha = xreg0[[0..47]]; arp.tpa <-> > arp.spa; > > > outport = inport; flags.loopback = 1; output;) > > > > @@ -14423,9 +14384,6 @@ AT_CHECK([grep "lr_in_ip_input" lr0flows | > > > ovn_strip_lflows], [0], [dnl > > > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > > > fe80::200:ff:fe00:ff01 && icmp6.type == 128 && icmp6.code == 0), > > > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; > flags.loopback > > > = 1; next; ) > > > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > > > fe80::200:ff:fe00:ff02 && icmp6.type == 128 && icmp6.code == 0), > > > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; > flags.loopback > > > = 1; next; ) > > > > table=??(lr_in_ip_input ), priority=90 , match=(ip6.dst == > > > fe80::200:ff:fe00:ff03 && icmp6.type == 128 && icmp6.code == 0), > > > action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; > flags.loopback > > > = 1; next; ) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.100), > action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), > action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), > action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.100 && > > > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; > eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > > > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > > > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; > arp.sha = > > > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; > flags.loopback = > > > 1; output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > > > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; > eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > @@ -14524,10 +14482,6 @@ AT_CHECK([grep -Fe "172.168.0.110" -e > > > "172.168.0.120" -e "10.0.0.3" -e "20.0.0.3 > > > > table=??(lr_in_dnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.110 && inport == "lr0-public"), > action=(ct_dnat(10.0.0.3);) > > > > table=??(lr_in_dnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.120 && inport == "lr0-public" && > > > is_chassis_resident("cr-lr0-public")), action=(ct_dnat(20.0.0.3);) > > > > table=??(lr_in_gw_redirect ), priority=100 , match=(ip4.src == > > > 10.0.0.3 && outport == "lr0-public" && > is_chassis_resident("sw0-port1")), > > > action=(eth.src = 30:54:00:00:00:03; reg5 = 172.168.0.110; next;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), > action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), > action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > > > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > > > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; > arp.sha = > > > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; > flags.loopback = > > > 1; output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > > > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; > eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_unsnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.110 && inport == "lr0-public"), action=(ct_snat;) > > > > @@ -14778,10 +14732,6 @@ AT_CHECK([grep -Fe "172.168.0.110" -e > > > "172.168.0.120" -e "10.0.0.3" -e "20.0.0.3 > > > > table=??(lr_in_dnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.110 && inport == "lr0-public"), > action=(ct_dnat(10.0.0.3);) > > > > table=??(lr_in_dnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.120 && inport == "lr0-public" && > > > is_chassis_resident("cr-lr0-public")), action=(ct_dnat(20.0.0.3);) > > > > table=??(lr_in_gw_redirect ), priority=100 , match=(ip4.src == > > > 10.0.0.3 && outport == "lr0-public" && > is_chassis_resident("sw0-port1")), > > > action=(eth.src = 30:54:00:00:00:03; reg5 = 172.168.0.110; next;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.110), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=90 , match=(arp.op == 1 > && > > > arp.tpa == 172.168.0.120), action=(eth.dst = eth.src; eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110), > action=(drop;) > > > > - table=??(lr_in_ip_input ), priority=91 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120), > action=(drop;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.110 && > > > is_chassis_resident("sw0-port1")), action=(eth.dst = eth.src; eth.src = > > > 30:54:00:00:00:03; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; > arp.sha = > > > 30:54:00:00:00:03; arp.tpa <-> arp.spa; outport = inport; > flags.loopback = > > > 1; output;) > > > > table=??(lr_in_ip_input ), priority=92 , match=(inport == > > > "lr0-public" && arp.op == 1 && arp.tpa == 172.168.0.120 && > > > is_chassis_resident("cr-lr0-public")), action=(eth.dst = eth.src; > eth.src = > > > xreg0[[0..47]]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha > = > > > xreg0[[0..47]]; arp.tpa <-> arp.spa; outport = inport; flags.loopback > = 1; > > > output;) > > > > table=??(lr_in_unsnat ), priority=100 , match=(ip && > ip4.dst > > > == 172.168.0.110 && inport == "lr0-public"), action=(ct_snat;) > > > > -- > > > > 2.43.0 > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > > > _'Esta mensagem é direcionada apenas para os endereços constantes no > > > > cabeçalho inicial. Se você não está listado nos endereços constantes > no > > > > cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo > dessa > > > > mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas > > > estão > > > > imediatamente anuladas e proibidas'._ > > > > > > > > > > > > * **'Apesar do Magazine Luiza tomar > > > > todas as precauções razoáveis para assegurar que nenhum vírus esteja > > > > presente nesse e-mail, a empresa não poderá aceitar a > responsabilidade > > > por > > > > quaisquer perdas ou danos causados por esse e-mail ou por seus > anexos'.* > > > > > > > > > > > > > > > > _______________________________________________ > > > > dev mailing list > > > > [email protected] > > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > > > > > > > -- > > > > > > > > > > _‘Esta mensagem é direcionada apenas para os endereços constantes no > > cabeçalho inicial. Se você não está listado nos endereços constantes no > > cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa > > mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas > estão > > imediatamente anuladas e proibidas’._ > > > > > > * **‘Apesar do Magazine Luiza tomar > > todas as precauções razoáveis para assegurar que nenhum vírus esteja > > presente nesse e-mail, a empresa não poderá aceitar a responsabilidade > por > > quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.* > > > > > > > -- _‘Esta mensagem é direcionada apenas para os endereços constantes no cabeçalho inicial. Se você não está listado nos endereços constantes no cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão imediatamente anuladas e proibidas’._ * **‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.* _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
