In some circumstances a flow may get its ct_state set without
conscious intervention by the OVS user space code.
Commit 355fef6f2ccbc optimizes out uneccessary ct_clear actions
based on an internal struct xlate_ctx->conntracked state flag.
Before this commit the xlate_ctx->conntracked state flag would
be initialized to 'false' and only set during thawing for
recirculation.
This patch checks the flow ct_state for the non-recirc case and
sets the internal conntracked state appropriately. A system
traffic test is also added to avoid regression.
Fixes: 355fef6f2ccbc ("ofproto-dpif-xlate: Avoid successive ct_clear datapath
actions.")
Signed-off-by: Frode Nordahl <[email protected]>
---
ofproto/ofproto-dpif-xlate.c | 6 +++++
tests/system-traffic.at | 46 ++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 9ea21edc4..7716c22f4 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -7828,6 +7828,12 @@ xlate_actions(struct xlate_in *xin, struct xlate_out
*xout)
goto exit;
}
+ if (!xin->frozen_state
+ && xin->flow.ct_state
+ && xin->flow.ct_state & CS_TRACKED) {
+ ctx.conntracked = true;
+ }
+
/* Tunnel metadata in udpif format must be normalized before translation.
*/
if (flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
const struct tun_table *tun_tab = ofproto_get_tun_tab(
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 239105e89..64174613a 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -6807,6 +6807,52 @@ AT_CHECK([ovs-ofctl dump-flows br0 | grep table=2, |
OFPROTO_CLEAR_DURATION_IDLE
OVS_TRAFFIC_VSWITCHD_STOP
AT_CLEANUP
+AT_SETUP([conntrack - can match and clear ct_state from outside OVS])
+CHECK_CONNTRACK_LOCAL_STACK()
+OVS_CHECK_TUNNEL_TSO()
+OVS_CHECK_GENEVE()
+
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-underlay], [set bridge br-underlay
other-config:hwaddr=\"f0:00:00:01:01:02\"])
+
+AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"])
+AT_CHECK([ovs-ofctl add-flow br-underlay
"priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"])
+AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"])
+
+ADD_NAMESPACES(at_ns0)
+
+dnl Set up underlay link from host into the namespace using veth pair.
+ADD_VETH(p0, at_ns0, br-underlay, "172.31.1.1/24", "f0:00:00:01:01:01")
+AT_CHECK([ip addr add dev br-underlay "172.31.1.100/24"])
+AT_CHECK([ip link set dev br-underlay up])
+
+dnl Set up tunnel endpoints on OVS outside the namespace and with a native
+dnl linux device inside the namespace.
+ADD_OVS_TUNNEL([geneve], [br0], [at_gnv0], [172.31.1.1], [10.1.1.100/24])
+ADD_NATIVE_TUNNEL([geneve], [ns_gnv0], [at_ns0], [172.31.1.100], [10.1.1.1/24],
+ [vni 0])
+
+dnl First, check the underlay
+NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 172.31.1.100 | FORMAT_PING],
[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+dnl Okay, now check the overlay
+NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING],
[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+dnl Confirm that the ct_state and ct_clear action found its way to the dp
+AT_CHECK([ovs-appctl dpctl/dump-flows --names | grep ct_clear | sort | dnl
+ strip_stats | strip_used | dnl
+ sed 's/,packet_type(ns=[[0-9]]*,id=[[0-9]]*),/,/'],
+ [0], [dnl
+recirc_id(0),in_port(br-underlay),ct_state(+trk),eth(src=f0:00:00:01:01:02,dst=f0:00:00:01:01:01),eth_type(0x0800),ipv4(frag=no),
packets:0, bytes:0, used:0.0s, actions:ct_clear,ovs-p0
+])
+
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
AT_BANNER([IGMP])
AT_SETUP([IGMP - flood under normal action])
--
2.36.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
