On Thu, Dec 2, 2021 at 7:37 AM Roi Dayan via dev <ovs-dev@openvswitch.org> wrote: > > A datapath flow generated for traffic from vxlan port to another vxlan port > looks like this: > > tunnel(tun_id=0x65,src=10.10.11.3,dst=10.10.11.2,ttl=0/0,tp_dst=4789,flags(+key)),...,in_port(vxlan_sys_4789),..., > > actions:set(tunnel(tun_id=0x66,src=10.10.12.2,dst=10.10.12.3,tp_dst=4789,flags(key))),vxlan_sys_4789 > > The generated TC rule with explicit tunnel key unset action added after > tunnel key set action, which is wrong. > > filter protocol ip pref 7 flower chain 0 handle 0x1 > dst_mac fa:16:3e:2a:4e:23 > eth_type ipv4 > ip_tos 0x0/3 > enc_dst_ip 10.10.11.2 > enc_src_ip 10.10.11.3 > enc_key_id 101 > enc_dst_port 4789 > ip_flags nofrag > not_in_hw > action order 1: tunnel_key set > src_ip 10.10.12.2 > dst_ip 10.10.12.3 > key_id 102 > dst_port 4789 > nocsum pipe > index 1 ref 1 bind 1 installed 568 sec used 0 sec > Action statistics: > Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0) > backlog 0b 0p requeues 0 > > action order 2: tunnel_key unset pipe > index 2 ref 1 bind 1 installed 568 sec used 0 sec > Action statistics: > Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0) > backlog 0b 0p requeues 0 > > action order 3: mirred (Egress Redirect to device vxlan_sys_4789) > stolen > index 1 ref 1 bind 1 installed 568 sec used 0 sec > Action statistics: > Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0) > backlog 0b 0p requeues 0 > cookie e0c82bfd504b701428b00db6b08db3b2 > > Fix it by also adding the the tunnel key unset action before the tunnel > key set action and not only before output port. > > Fixes: 7c53bd7839d8 ("tc: Move tunnel_key unset action before output ports") > Signed-off-by: Roi Dayan <r...@nvidia.com> > Reviewed-by: Paul Blakey <pa...@mellanox.com>
Hello Roi, Looks good to me, but is there a test for this? Cheers, Mike > --- > lib/tc.c | 21 +++++++++++++++++---- > 1 file changed, 17 insertions(+), 4 deletions(-) > > diff --git a/lib/tc.c b/lib/tc.c > index 38a1dfc0ebc8..adb2d3182ad4 100644 > --- a/lib/tc.c > +++ b/lib/tc.c > @@ -2545,6 +2545,17 @@ nl_msg_put_flower_rewrite_pedits(struct ofpbuf > *request, > return 0; > } > > +static void > +nl_msg_put_flower_acts_release(struct ofpbuf *request, uint16_t act_index) > +{ > + size_t act_offset; > + > + act_offset = nl_msg_start_nested(request, act_index); > + nl_msg_put_act_tunnel_key_release(request); > + nl_msg_put_act_flags(request); > + nl_msg_end_nested(request, act_offset); > +} > + > static int > nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower) > { > @@ -2579,6 +2590,11 @@ nl_msg_put_flower_acts(struct ofpbuf *request, struct > tc_flower *flower) > } > break; > case TC_ACT_ENCAP: { > + if (!released && flower->tunnel) { > + nl_msg_put_flower_acts_release(request, act_index++); > + released = true; > + } > + > act_offset = nl_msg_start_nested(request, act_index++); > nl_msg_put_act_tunnel_key_set(request, > action->encap.id_present, > action->encap.id, > @@ -2636,10 +2652,7 @@ nl_msg_put_flower_acts(struct ofpbuf *request, struct > tc_flower *flower) > break; > case TC_ACT_OUTPUT: { > if (!released && flower->tunnel) { > - act_offset = nl_msg_start_nested(request, act_index++); > - nl_msg_put_act_tunnel_key_release(request); > - nl_msg_put_act_flags(request); > - nl_msg_end_nested(request, act_offset); > + nl_msg_put_flower_acts_release(request, act_index++); > released = true; > } > > -- > 2.8.0 > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev