On 2/6/22 09:22, Roi Dayan wrote:
>
>
> On 2022-02-04 3:33 PM, Eelco Chaudron wrote:
>>
>>
>> On 2 Dec 2021, at 13:38, Roi Dayan via dev wrote:
>>
>>> A datapath flow generated for traffic from vxlan port to another vxlan port
>>> looks like this:
>>>
>>> tunnel(tun_id=0x65,src=10.10.11.3,dst=10.10.11.2,ttl=0/0,tp_dst=4789,flags(+key)),...,in_port(vxlan_sys_4789),...,
>>>
>>> actions:set(tunnel(tun_id=0x66,src=10.10.12.2,dst=10.10.12.3,tp_dst=4789,flags(key))),vxlan_sys_4789
>>>
>>> The generated TC rule with explicit tunnel key unset action added after
>>> tunnel key set action, which is wrong.
>>>
>>> filter protocol ip pref 7 flower chain 0 handle 0x1
>>> dst_mac fa:16:3e:2a:4e:23
>>> eth_type ipv4
>>> ip_tos 0x0/3
>>> enc_dst_ip 10.10.11.2
>>> enc_src_ip 10.10.11.3
>>> enc_key_id 101
>>> enc_dst_port 4789
>>> ip_flags nofrag
>>> not_in_hw
>>> action order 1: tunnel_key set
>>> src_ip 10.10.12.2
>>> dst_ip 10.10.12.3
>>> key_id 102
>>> dst_port 4789
>>> nocsum pipe
>>> index 1 ref 1 bind 1 installed 568 sec used 0 sec
>>> Action statistics:
>>> Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0)
>>> backlog 0b 0p requeues 0
>>>
>>> action order 2: tunnel_key unset pipe
>>> index 2 ref 1 bind 1 installed 568 sec used 0 sec
>>> Action statistics:
>>> Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0)
>>> backlog 0b 0p requeues 0
>>>
>>> action order 3: mirred (Egress Redirect to device vxlan_sys_4789)
>>> stolen
>>> index 1 ref 1 bind 1 installed 568 sec used 0 sec
>>> Action statistics:
>>> Sent 46620 bytes 555 pkt (dropped 0, overlimits 0 requeues 0)
>>> backlog 0b 0p requeues 0
>>> cookie e0c82bfd504b701428b00db6b08db3b2
>>>
>>> Fix it by also adding the the tunnel key unset action before the tunnel
>>> key set action and not only before output port.
>>>
>>> Fixes: 7c53bd7839d8 ("tc: Move tunnel_key unset action before output ports")
>>> Signed-off-by: Roi Dayan <[email protected]>
>>> Reviewed-by: Paul Blakey <[email protected]>
>>> ---
>>
>> The changes look good to me, but I think it’s time we start adding test
>> cases to system-offloads-traffic.at, or maybe even a new TC specific set,
>> what do you think?
>>
>> Acked-by: Eelco Chaudron <[email protected]>
>>
>
> yes time to do that for multiple fixes already done.
> I'll check about adding a test for this case in a new commit later.
>
> thanks for the review.
Thanks, Roi and Eelco! Applied and backported down to 2.13.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev