On Tue, Feb 23, 2021 at 6:50 PM Dumitru Ceara <[email protected]> wrote: > > Matching on ct_nw_dst()/ct_ipv6_dst()/ct_tp_dst() creates openflows > that often are not offloadable to hardware. This was used for > detecting load balancer hairpin sessions. > > However, it can be avoided if ovn-northd stores the original > destination tuple in OVS registers. For backwards compatibility, > during upgrade, fall back to matching on the conntrack original tuple. > > Signed-off-by: Dumitru Ceara <[email protected]>
Acked-by: Numan Siddique <[email protected]> It will be great if you can enhance the test to pause northd, clear the lb option and make sure ovn-controller programs the flow in the old way. Thanks Numan > --- > controller/lflow.c | 50 +++++++++++++++++++++++++---- > tests/ovn.at | 90 > ++++++++++++++++++++++++++-------------------------- > 2 files changed, 88 insertions(+), 52 deletions(-) > > diff --git a/controller/lflow.c b/controller/lflow.c > index 104fbeb..e84bf20 100644 > --- a/controller/lflow.c > +++ b/controller/lflow.c > @@ -1340,6 +1340,12 @@ add_lb_vip_hairpin_flows(struct ovn_controller_lb *lb, > ofpbuf_uninit(&ofpacts); > } > > +/* Adds flows to perform SNAT for hairpin sessions. > + * > + * For backwards compatibilty with older ovn-northd versions, uses > + * ct_nw_dst(), ct_ipv6_dst(), ct_tp_dst(), otherwise uses the > + * original destination tuple stored by ovn-northd. > + */ > static void > add_lb_ct_snat_vip_flows(struct ovn_controller_lb *lb, > struct ovn_lb_vip *lb_vip, > @@ -1382,20 +1388,50 @@ add_lb_ct_snat_vip_flows(struct ovn_controller_lb *lb, > ofpact_finish(&ofpacts, &ct->ofpact); > > struct match match = MATCH_CATCHALL_INITIALIZER; > + > + /* Matching on ct_nw_dst()/ct_ipv6_dst()/ct_tp_dst() requires matching > + * on ct_state first. > + */ > + if (!lb->hairpin_orig_tuple) { > + uint32_t ct_state = OVS_CS_F_TRACKED | OVS_CS_F_DST_NAT; > + match_set_ct_state_masked(&match, ct_state, ct_state); > + } > + > if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { > + ovs_be32 vip4 = in6_addr_get_mapped_ipv4(&lb_vip->vip); > + > match_set_dl_type(&match, htons(ETH_TYPE_IP)); > - match_set_ct_nw_dst(&match, in6_addr_get_mapped_ipv4(&lb_vip->vip)); > + > + if (!lb->hairpin_orig_tuple) { > + match_set_ct_nw_dst(&match, vip4); > + } else { > + match_set_reg(&match, MFF_LOG_LB_ORIG_DIP_IPV4 - MFF_LOG_REG0, > + ntohl(vip4)); > + } > } else { > match_set_dl_type(&match, htons(ETH_TYPE_IPV6)); > - match_set_ct_ipv6_dst(&match, &lb_vip->vip); > + > + if (!lb->hairpin_orig_tuple) { > + match_set_ct_ipv6_dst(&match, &lb_vip->vip); > + } else { > + ovs_be128 vip6_value; > + > + memcpy(&vip6_value, &lb_vip->vip, sizeof vip6_value); > + match_set_xxreg(&match, MFF_LOG_LB_ORIG_DIP_IPV6, > + ntoh128(vip6_value)); > + } > } > > match_set_nw_proto(&match, lb_proto); > - match_set_ct_nw_proto(&match, lb_proto); > - match_set_ct_tp_dst(&match, htons(lb_vip->vip_port)); > - > - uint32_t ct_state = OVS_CS_F_TRACKED | OVS_CS_F_DST_NAT; > - match_set_ct_state_masked(&match, ct_state, ct_state); > + if (lb_vip->vip_port) { > + if (!lb->hairpin_orig_tuple) { > + match_set_ct_nw_proto(&match, lb_proto); > + match_set_ct_tp_dst(&match, htons(lb_vip->vip_port)); > + } else { > + match_set_reg_masked(&match, MFF_LOG_LB_ORIG_TP_DPORT - MFF_REG0, > + lb_vip->vip_port, UINT16_MAX); > + } > + } > > for (size_t i = 0; i < lb->slb->n_datapaths; i++) { > match_set_metadata(&match, > diff --git a/tests/ovn.at b/tests/ovn.at > index b061f88..b465784 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -23700,7 +23700,7 @@ NXST_FLOW reply (xid=0x8): > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | grep -v NXST], [1], > [dnl > @@ -23729,8 +23729,8 @@ NXST_FLOW reply (xid=0x8): > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | grep -v NXST], [1], > [dnl > @@ -23760,8 +23760,8 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 > | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > ]) > > check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv4-udp > @@ -23785,9 +23785,9 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 > | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | > grep -v NXST], [0], [dnl > @@ -23801,9 +23801,9 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 > | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > ]) > > check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv6-tcp > @@ -23828,10 +23828,10 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | > grep -v NXST], [0], [dnl > @@ -23846,10 +23846,10 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > ]) > > check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv6-udp > @@ -23875,11 +23875,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | > grep -v NXST], [0], [dnl > @@ -23895,11 +23895,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > ]) > > check ovn-nbctl --wait=hv ls-lb-add sw1 lb-ipv6-udp > @@ -23927,12 +23927,12 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | > grep -v NXST], [0], [dnl > @@ -23948,12 +23948,12 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int > table=69 | grep -v NXST], [1], [dnl > ]) > > AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.90,ct_nw_proto=6,ct_tp_dst=8080,tcp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > ]) > > # Check backwards compatibility with ovn-northd versions that don't store the > @@ -24059,10 +24059,10 @@ NXST_FLOW reply (xid=0x8): > ]) > > AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | > grep -v NXST], [0], [dnl > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=17,ct_tp_dst=4040,udp6,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_ipv6_dst=8800::88,ct_nw_proto=6,ct_tp_dst=8080,tcp6,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > - table=70, > priority=100,ct_state=+trk+dnat,ct_nw_dst=88.88.88.88,ct_nw_proto=17,ct_tp_dst=4040,udp,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x1 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > + table=70, > priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,metadata=0x2 > actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88)) > ]) > > check ovn-nbctl --wait=hv ls-del sw0 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
