I just did a second round
One correction for first round 73 should have been 79
First round:
Kernel: 53, 58, 69, 70
Userspace: 57, 58, 63, 69, 70, 71, 72, 79
Second Round:
Kernel: 53, 58, 69, 70
Userspace: 58, 63, 69, 70, 71, 72, 79
Without patch, no failures on both.
-----Original Message-----
From: Darrell Ball <db...@vmware.com>
Date: Tuesday, August 8, 2017 at 5:51 PM
To: Justin Pettit <jpettit....@gmail.com>
Cc: Justin Pettit <jpet...@ovn.org>, "d...@openvswitch.org"
<d...@openvswitch.org>
Subject: Re: [ovs-dev] [PATCH] ofproto-dpif: Mark packets as "untracked" after
call to ct().
I just rebased about 15 minutes ago:
Kernel: 53, 58, 69, 70
Userspace: 57, 58, 63, 69, 70, 71, 72, 73
-----Original Message-----
From: Justin Pettit <jpettit....@gmail.com>
Date: Tuesday, August 8, 2017 at 5:48 PM
To: Darrell Ball <db...@vmware.com>
Cc: Justin Pettit <jpet...@ovn.org>, "d...@openvswitch.org"
<d...@openvswitch.org>
Subject: Re: [ovs-dev] [PATCH] ofproto-dpif: Mark packets as "untracked"
after call to ct().
Can you share them? I don't see them on my system or our internal
system tester that runs the kernel and user space tests.
--Justin
> On Aug 8, 2017, at 5:46 PM, Darrell Ball <db...@vmware.com> wrote:
>
> With this patch applied:
>
> I get 4 failures in kernel system tests and 8 failures in userspace
system tests.
>
>
>
>
> -----Original Message-----
> From: <ovs-dev-boun...@openvswitch.org> on behalf of Justin Pettit
<jpet...@ovn.org>
> Date: Tuesday, August 8, 2017 at 4:12 PM
> To: "d...@openvswitch.org" <d...@openvswitch.org>
> Subject: [ovs-dev] [PATCH] ofproto-dpif: Mark packets as "untracked"
after call to ct().
>
> Packet and Connection state is only available to the processing
path
> that follows the "recirc_table" argument of the ct() action. The
> previous behavior made these states available until the end of the
> pipeline. This commit changes the behavior so that the Packet and
> Connection state are cleared for the current processing path
whenever
> ct() is called (in addition to reaching the end of the pipeline.)
>
> A future commit will remove the behavior that a "send to
controller"
> action causes all packets for that flow to be handled via the
slow-path.
> The current behavior of connection tracking state makes that
difficult
> due to datapath actions containing multiple OpenFlow rules that may
> contain different connection tracking states. This change will
make
> that future commit possible.
>
> Signed-off-by: Justin Pettit <jpet...@ovn.org>
> ---
> lib/ofp-actions.c | 27 +++++++++++++--------------
> ofproto/ofproto-dpif-xlate.c | 24 +++++++-----------------
> tests/ofproto-dpif.at | 10 +++++-----
> utilities/ovs-ofctl.8.in | 10 ++++++----
> 4 files changed, 31 insertions(+), 40 deletions(-)
>
> diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
> index bfc8a805ffd5..71eb70c3c239 100644
> --- a/lib/ofp-actions.c
> +++ b/lib/ofp-actions.c
> @@ -5858,20 +5858,19 @@ format_DEBUG_RECIRC(const struct
ofpact_null *a OVS_UNUSED,
> *
> * - Packet State:
> *
> - * Untracked packets have not yet passed through the
connection tracker,
> - * and the connection state for such packets is unknown. In
most cases,
> - * packets entering the OpenFlow pipeline will initially be
in the
> - * untracked state. Untracked packets may become tracked by
executing
> - * NXAST_CT with a "recirc_table" specified. This makes
various aspects
> - * about the connection available, in particular the
connection state.
> - *
> - * Tracked packets have previously passed through the
connection tracker.
> - * These packets will remain tracked through until the end
of the OpenFlow
> - * pipeline. Tracked packets which have NXAST_CT executed
with a
> - * "recirc_table" specified will return to the tracked state.
> - *
> - * The packet state is only significant for the duration of
packet
> - * processing within the OpenFlow pipeline.
> + * Untracked packets have an unknown connection state. In
most
> + * cases, packets entering the OpenFlow pipeline will
initially be
> + * in the untracked state. Untracked packets may become
tracked by
> + * executing NXAST_CT with a "recirc_table" specified. This
makes
> + * various aspects about the connection available, in
particular
> + * the connection state.
> + *
> + * An NXAST_CT action always puts the packet into an
untracked
> + * state for the current processing path. If "recirc_table"
is
> + * set, execution is forked and the packet passes through the
> + * connection tracker. The specified table's processing
path is
> + * able to match on Connection state until the end of the
OpenFlow
> + * pipeline or NXAST_CT is called again.
> *
> * - Connection State:
> *
> diff --git a/ofproto/ofproto-dpif-xlate.c
b/ofproto/ofproto-dpif-xlate.c
> index 973e760547fa..333b1b595e81 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -5721,10 +5721,6 @@ put_ct_nat(struct xlate_ctx *ctx)
> static void
> compose_conntrack_action(struct xlate_ctx *ctx, struct
ofpact_conntrack *ofc)
> {
> - ovs_u128 old_ct_label = ctx->xin->flow.ct_label;
> - ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;
> - uint32_t old_ct_mark = ctx->xin->flow.ct_mark;
> - uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;
> size_t ct_offset;
> uint16_t zone;
>
> @@ -5761,23 +5757,17 @@ compose_conntrack_action(struct xlate_ctx
*ctx, struct ofpact_conntrack *ofc)
> ctx->ct_nat_action = NULL;
> nl_msg_end_nested(ctx->odp_actions, ct_offset);
>
> - /* Restore the original ct fields in the key. These should
only be exposed
> - * after recirculation to another table. */
> - ctx->xin->flow.ct_mark = old_ct_mark;
> - ctx->wc->masks.ct_mark = old_ct_mark_mask;
> - ctx->xin->flow.ct_label = old_ct_label;
> - ctx->wc->masks.ct_label = old_ct_label_mask;
> -
> - if (ofc->recirc_table == NX_CT_RECIRC_NONE) {
> - /* If we do not recirculate as part of this action, hide
the results of
> - * connection tracking from subsequent recirculations. */
> - ctx->conntracked = false;
> - } else {
> + if (ofc->recirc_table != NX_CT_RECIRC_NONE) {
> /* Use ct_* fields from datapath during recirculation
upcall. */
> ctx->conntracked = true;
> compose_recirculate_and_fork(ctx, ofc->recirc_table);
> - ctx->conntracked = false;
> }
> +
> + /* The ct_* fields are only available in the scope of the
> + * 'recirc_table' call chain. */
> + flow_clear_conntrack(&ctx->xin->flow);
> + flow_clear_conntrack(&ctx->wc->masks);
> + ctx->conntracked = false;
> }
>
> static void
> diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
> index 284a65ec6524..28a7e827cac2 100644
> --- a/tests/ofproto-dpif.at
> +++ b/tests/ofproto-dpif.at
> @@ -8949,7 +8949,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl
exit])
>
> dnl Check this output. We only see the latter two packets, not
the first.
> AT_CHECK([cat ofctl_monitor.log], [0], [dnl
> -NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
ct_state=new|trk,ct_zone=1,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1
(via action) data_len=42 (unbuffered)
> +NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action)
data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2
udp_csum:e9d6
> dnl
> NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
ct_state=est|rpl|trk,ct_zone=1,ct_mark=0x1,ct_label=0x4d2000000000000000000000000,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x2,reg4=0x1,in_port=2
(via action) data_len=42 (unbuffered)
> @@ -8970,7 +8970,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl
exit])
>
> dnl Check this output. We should see both packets
> AT_CHECK([cat ofctl_monitor.log], [0], [dnl
> -NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
ct_state=new|trk,ct_zone=1,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1
(via action) data_len=42 (unbuffered)
> +NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action)
data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=3,tp_dst=2
udp_csum:e9d4
> dnl
> NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42
ct_state=est|rpl|trk,ct_zone=1,ct_mark=0x1,ct_label=0x4d2000000000000000000000000,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x2,reg4=0x1,in_port=2
(via action) data_len=42 (unbuffered)
> @@ -9025,7 +9025,7 @@ AT_CHECK([cat ofctl_monitor.log], [0], [dnl
> NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 in_port=1 (via
action) data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2
udp_csum:e9d6
> dnl
> -NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=2
(via action) data_len=42 (unbuffered)
> +NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
in_port=2 (via action) data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=2,tp_dst=1
udp_csum:e9d6
> ])
>
> @@ -9047,7 +9047,7 @@ AT_CHECK([cat ofctl_monitor.log], [0], [dnl
> NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 in_port=1 (via
action) data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=3,tp_dst=4
udp_csum:e9d2
> dnl
> -NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=4,in_port=2
(via action) data_len=42 (unbuffered)
> +NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
in_port=2 (via action) data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4,tp_dst=3
udp_csum:e9d2
> ])
>
> @@ -9362,7 +9362,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl
exit])
>
> dnl Check this output. We only see the latter two packets, not
the first.
> AT_CHECK([cat ofctl_monitor.log], [0], [dnl
> -NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
ct_state=new|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=1
(via action) data_len=42 (unbuffered)
> +NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
in_port=1 (via action) data_len=42 (unbuffered)
>
udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2
udp_csum:e9d6
> dnl
> NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42
ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=2
(via action) data_len=42 (unbuffered)
> diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
> index f6bd90374a18..c65de97f5e2e 100644
> --- a/utilities/ovs-ofctl.8.in
> +++ b/utilities/ovs-ofctl.8.in
> @@ -1031,11 +1031,13 @@ Restores the queue to the value it was
before any \fBset_queue\fR
> actions were applied.
> .
> .IP \fBct\fR
> -.IQ \fBct\fB(\fR[\fIargument\fR][\fB,\fIargument\fR...]\fB)
> +.IQ \fBct(\fR[\fIargument\fR][\fB,\fIargument\fR...]\fB)
> Send the packet through the connection tracker. Refer to the
\fBct_state\fR
> -documentation above for possible packet and connection states.
The following
> -arguments are supported:
> -
> +documentation above for possible packet and connection states. A
\fBct\fR
> +action always sets the packet to an untracked state and clears
out the
> +\fBct_state\fR fields for the current processing path. Those
fields are
> +only available for the processing path pointed to by the
\fBtable\fR
> +argument. The following arguments are supported:
> .RS
> .IP \fBcommit\fR
> .RS
> --
> 2.7.4
>
> _______________________________________________
> dev mailing list
> d...@openvswitch.org
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=0zUUtGTqA0rQPJshxslL-2FLBopCJJ8Fp6o61txtq4U&s=jTQyR94DiGGkyGn7myT8AHsq2kgY_XWC-w4nvIDGdTk&e=
>
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
