On 17 Jan 2022, at 10:27, Adrian Moreno wrote:
> We are currently requiring in_port to be a valid port number for ipfix
> sampling even if the sampling is done on the output port (egress).
>
> This restriction is not really needed and can affect pipelines that
> intentionally set the in_port to OFPP_NONE during flow processing. For
> instance, OVN does this, see:
>
> cfa547821 Fix ovn-controller generated packets from getting dropped for
> reject ACL action.
>
> This patch skips ipfix sampling only if both (ingress and egress) ports
> are invalid.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2016346
> Signed-off-by: Adrian Moreno <[email protected]>
Adrian, the change looks good to me. Maybe you could add a test case for this
specific configuration, i.e., ingress and egress only?
Cheers,
Eelco
> ---
> ofproto/ofproto-dpif-xlate.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
> index cafcd014a..189276bc1 100644
> --- a/ofproto/ofproto-dpif-xlate.c
> +++ b/ofproto/ofproto-dpif-xlate.c
> @@ -3272,7 +3272,9 @@ compose_ipfix_action(struct xlate_ctx *ctx, odp_port_t
> output_odp_port)
> struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
> odp_port_t tunnel_out_port = ODPP_NONE;
>
> - if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
> + if (!ipfix ||
> + (output_odp_port == ODPP_NONE &&
> + ctx->xin->flow.in_port.ofp_port == OFPP_NONE)) {
> return;
> }
>
> --
> 2.34.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
