On 27 June 2018 at 18:49, Darrell Ball <dlu...@gmail.com> wrote: > Non-distributed and distributed gateway load balancing is broken. > Recent changes for port unreachable handling broke the associated > unsnat functionality. > > Fixes: 86558ac2e476 ("OVN: add UDP port unreachable support to OVN > logical router.") > Fixes: 159932c9e4ea ("OVN: add TCP port unreachable support to OVN > logical router.") > Fixes: 0e858e05f76b ("OVN: add protocol unreachable support to OVN router > ports.") > CC: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> > Signed-off-by: Darrell Ball <dlu...@gmail.com> >
I applied the fix to master. > --- > ovn/northd/ovn-northd.c | 106 ++++++++++++++++++++++++------ > ------------------ > 1 file changed, 54 insertions(+), 52 deletions(-) > > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c > index 72fe4e7..7648bce 100644 > --- a/ovn/northd/ovn-northd.c > +++ b/ovn/northd/ovn-northd.c > @@ -5141,48 +5141,49 @@ build_lrouter_flows(struct hmap *datapaths, struct > hmap *ports, > ds_cstr(&match), ds_cstr(&actions)); > } > > - /* UDP/TCP port unreachable */ > - for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { > - const char *action; > - > - ds_clear(&match); > - ds_put_format(&match, > - "ip4 && ip4.dst == %s && !ip.later_frag && udp", > - op->lrp_networks.ipv4_addrs[i].addr_s); > - action = "icmp4 {" > - "eth.dst <-> eth.src; " > - "ip4.dst <-> ip4.src; " > - "ip.ttl = 255; " > - "icmp4.type = 3; " > - "icmp4.code = 3; " > - "next; };"; > - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > - ds_cstr(&match), action); > + if (!smap_get(&op->od->nbr->options, "chassis") > + && !op->od->l3dgw_port) { > + /* UDP/TCP port unreachable. */ > + for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { > + ds_clear(&match); > + ds_put_format(&match, > + "ip4 && ip4.dst == %s && !ip.later_frag && > udp", > + op->lrp_networks.ipv4_addrs[i].addr_s); > + const char *action = "icmp4 {" > + "eth.dst <-> eth.src; " > + "ip4.dst <-> ip4.src; " > + "ip.ttl = 255; " > + "icmp4.type = 3; " > + "icmp4.code = 3; " > + "next; };"; > + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > + ds_cstr(&match), action); > > - ds_clear(&match); > - ds_put_format(&match, > - "ip4 && ip4.dst == %s && !ip.later_frag && tcp", > - op->lrp_networks.ipv4_addrs[i].addr_s); > - action = "tcp_reset {" > - "eth.dst <-> eth.src; " > - "ip4.dst <-> ip4.src; " > - "next; };"; > - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > - ds_cstr(&match), action); > + ds_clear(&match); > + ds_put_format(&match, > + "ip4 && ip4.dst == %s && !ip.later_frag && > tcp", > + op->lrp_networks.ipv4_addrs[i].addr_s); > + action = "tcp_reset {" > + "eth.dst <-> eth.src; " > + "ip4.dst <-> ip4.src; " > + "next; };"; > + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > + ds_cstr(&match), action); > > - ds_clear(&match); > - ds_put_format(&match, > - "ip4 && ip4.dst == %s && !ip.later_frag", > - op->lrp_networks.ipv4_addrs[i].addr_s); > - action = "icmp4 {" > - "eth.dst <-> eth.src; " > - "ip4.dst <-> ip4.src; " > - "ip.ttl = 255; " > - "icmp4.type = 3; " > - "icmp4.code = 2; " > - "next; };"; > - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70, > - ds_cstr(&match), action); > + ds_clear(&match); > + ds_put_format(&match, > + "ip4 && ip4.dst == %s && !ip.later_frag", > + op->lrp_networks.ipv4_addrs[i].addr_s); > + action = "icmp4 {" > + "eth.dst <-> eth.src; " > + "ip4.dst <-> ip4.src; " > + "ip.ttl = 255; " > + "icmp4.type = 3; " > + "icmp4.code = 2; " > + "next; };"; > + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70, > + ds_cstr(&match), action); > + } > } > > ds_clear(&match); > @@ -5306,19 +5307,20 @@ build_lrouter_flows(struct hmap *datapaths, struct > hmap *ports, > } > > /* TCP port unreachable */ > - for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { > - const char *action; > - > - ds_clear(&match); > - ds_put_format(&match, > - "ip6 && ip6.dst == %s && !ip.later_frag && tcp", > - op->lrp_networks.ipv6_addrs[i].addr_s); > - action = "tcp_reset {" > - "eth.dst <-> eth.src; " > - "ip6.dst <-> ip6.src; " > - "next; };"; > - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > + if (!smap_get(&op->od->nbr->options, "chassis") > + && !op->od->l3dgw_port) { > + for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { > + ds_clear(&match); > + ds_put_format(&match, > + "ip6 && ip6.dst == %s && !ip.later_frag && > tcp", > + op->lrp_networks.ipv6_addrs[i].addr_s); > + const char *action = "tcp_reset {" > + "eth.dst <-> eth.src; " > + "ip6.dst <-> ip6.src; " > + "next; };"; > + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, > ds_cstr(&match), action); > + } > } > } > > -- > 1.9.1 > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev