On Wed, Jan 11, 2023 at 11:46 PM Lorenzo Bianconi < [email protected]> wrote:
> Rely on IP protocol from the incoming packet for learn action > in table 68 if it has not specified in the related load-balancer. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2157846 > Signed-off-by: Lorenzo Bianconi <[email protected]> > --- > controller/lflow.c | 24 ++++++++++++++---------- > tests/system-ovn.at | 16 ++++++++++++---- > 2 files changed, 26 insertions(+), 14 deletions(-) > > diff --git a/controller/lflow.c b/controller/lflow.c > index bb47bb0c7..4b1cfe318 100644 > --- a/controller/lflow.c > +++ b/controller/lflow.c > @@ -1567,9 +1567,6 @@ add_lb_vip_hairpin_reply_action(struct in6_addr > *vip6, ovs_be32 vip, > /* Hairpin replies have the same nw_proto as packets that created the > * session. > */ > - union mf_value imm_proto = { > - .u8 = lb_proto, > - }; > ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec); > ol_spec->dst.field = mf_from_id(MFF_IP_PROTO); > ol_spec->src.field = mf_from_id(MFF_IP_PROTO); > @@ -1577,16 +1574,21 @@ add_lb_vip_hairpin_reply_action(struct in6_addr > *vip6, ovs_be32 vip, > ol_spec->dst.n_bits = ol_spec->dst.field->n_bits; > ol_spec->n_bits = ol_spec->dst.n_bits; > ol_spec->dst_type = NX_LEARN_DST_MATCH; > - ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE; > - mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match); > - > - /* Push value last, as this may reallocate 'ol_spec' */ > - imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8); > - src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes)); > - memcpy(src_imm, &imm_proto, imm_bytes); > > /* Hairpin replies have source port == <backend-port>. */ > if (has_l4_port) { > + union mf_value imm_proto = { > + .u8 = lb_proto, > + }; > + > + ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE; > + mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match); > + > + /* Push value last, as this may reallocate 'ol_spec' */ > + imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8); > + src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes)); > + memcpy(src_imm, &imm_proto, imm_bytes); > + > ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec); > switch (lb_proto) { > case IPPROTO_TCP: > @@ -1610,6 +1612,8 @@ add_lb_vip_hairpin_reply_action(struct in6_addr > *vip6, ovs_be32 vip, > ol_spec->n_bits = ol_spec->dst.n_bits; > ol_spec->dst_type = NX_LEARN_DST_MATCH; > ol_spec->src_type = NX_LEARN_SRC_FIELD; > + } else { > + ol_spec->src_type = NX_LEARN_SRC_FIELD; > } > > /* Set MLF_LOOKUP_LB_HAIRPIN_BIT for hairpin replies. */ > diff --git a/tests/system-ovn.at b/tests/system-ovn.at > index 710cf22a2..a34aeb0fa 100644 > --- a/tests/system-ovn.at > +++ b/tests/system-ovn.at > @@ -4649,10 +4649,12 @@ ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.88:8080 > 42.42.42.1:4041 tcp > ovn-nbctl lb-add lb-ipv4-tcp-dup 88.88.88.89:8080 42.42.42.1:4041 tcp > ovn-nbctl lb-add lb-ipv4-udp 88.88.88.88:4040 42.42.42.1:2021 udp > ovn-nbctl lb-add lb-ipv4-udp-dup 88.88.88.89:4040 42.42.42.1:2021 udp > +ovn-nbctl lb-add lb-ipv4 88.88.88.90 42.42.42.1 > ovn-nbctl ls-lb-add sw lb-ipv4-tcp > ovn-nbctl ls-lb-add sw lb-ipv4-tcp-dup > ovn-nbctl ls-lb-add sw lb-ipv4-udp > ovn-nbctl ls-lb-add sw lb-ipv4-udp-dup > +ovn-nbctl ls-lb-add sw lb-ipv4 > > ovn-nbctl lr-add rtr > ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 42.42.42.254/24 > @@ -4673,21 +4675,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l > 42.42.42.1 4041 &], [0]) > # Check that IPv4 TCP hairpin connection succeeds on both VIPs. > NS_CHECK_EXEC([lsp], [nc 88.88.88.88 8080 -z], [0], [ignore], [ignore]) > NS_CHECK_EXEC([lsp], [nc 88.88.88.89 8080 -z], [0], [ignore], [ignore]) > +NS_CHECK_EXEC([lsp], [nc 88.88.88.90 4041 -z], [0], [ignore], [ignore]) > > # Capture IPv4 UDP hairpinned packets. > filter="dst 42.42.42.1 and dst port 2021 and udp" > -NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp ${filter} > lsp.pcap &]) > +NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp ${filter} > lsp.pcap &]) > > sleep 1 > > # Generate IPv4 UDP hairpin traffic. > NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.88 4040 &], [0]) > NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.89 4040 &], [0]) > +NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.90 2021 &], [0]) > > # Check hairpin traffic. > OVS_WAIT_UNTIL([ > total_pkts=$(cat lsp.pcap | wc -l) > - test "${total_pkts}" = "2" > + test "${total_pkts}" = "3" > ]) > > OVS_APP_EXIT_AND_WAIT([ovn-controller]) > @@ -4736,10 +4740,12 @@ ovn-nbctl lb-add lb-ipv6-tcp > [[8800::0088]]:8080 [[4200::1]]:4041 tcp > ovn-nbctl lb-add lb-ipv6-tcp-dup [[8800::0089]]:8080 [[4200::1]]:4041 tcp > ovn-nbctl lb-add lb-ipv6-udp [[8800::0088]]:4040 [[4200::1]]:2021 udp > ovn-nbctl lb-add lb-ipv6-udp-dup [[8800::0089]]:4040 [[4200::1]]:2021 udp > +ovn-nbctl lb-add lb-ipv6 8800::0090 4200::1 > ovn-nbctl ls-lb-add sw lb-ipv6-tcp > ovn-nbctl ls-lb-add sw lb-ipv6-tcp-dup > ovn-nbctl ls-lb-add sw lb-ipv6-udp > ovn-nbctl ls-lb-add sw lb-ipv6-udp-dup > +ovn-nbctl ls-lb-add sw lb-ipv6 > > ovn-nbctl lr-add rtr > ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 4200::00ff/64 > @@ -4759,21 +4765,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l 4200::1 > 4041 &], [0]) > # Check that IPv6 TCP hairpin connection succeeds on both VIPs. > NS_CHECK_EXEC([lsp], [nc 8800::0088 8080 -z], [0], [ignore], [ignore]) > NS_CHECK_EXEC([lsp], [nc 8800::0089 8080 -z], [0], [ignore], [ignore]) > +NS_CHECK_EXEC([lsp], [nc 8800::0090 4041 -z], [0], [ignore], [ignore]) > > # Capture IPv6 UDP hairpinned packets. > filter="dst 4200::1 and dst port 2021 and udp" > -NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp $filter > lsp.pcap &]) > +NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp $filter > lsp.pcap &]) > > sleep 1 > > # Generate IPv6 UDP hairpin traffic. > NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0088 4040 &], [0]) > NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0089 4040 &], [0]) > +NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0090 2021 &], [0]) > > # Check hairpin traffic. > OVS_WAIT_UNTIL([ > total_pkts=$(cat lsp.pcap | wc -l) > - test "${total_pkts}" = "2" > + test "${total_pkts}" = "3" > ]) > > OVS_APP_EXIT_AND_WAIT([ovn-controller]) > -- > 2.39.0 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Looks good to me, thanks. Acked-by: Ales Musil <[email protected]> -- Ales Musil Senior Software Engineer - OVN Core Red Hat EMEA <https://www.redhat.com> [email protected] IM: amusil <https://red.ht/sig> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
