On Mon, Mar 20, 2023 at 11:57 PM Lorenzo Bianconi <
[email protected]> wrote:
> Fix non-tcp haripin use-case if the load-balancer is configured without
> ports.
>
> Fixes: 022ea339c8e2 ("lflow: Use learn() action to generate LB hairpin
> reply flows.")
> Tested-by: Ying Xu <[email protected]>
> Reviewed-by: Simon Horman <[email protected]>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2157846
> Signed-off-by: Lorenzo Bianconi <[email protected]>
> ---
> Change since v1:
> - pass has_vip_port istead of lb_vip pointer in
> add_lb_ct_snat_hairpin_for_dp()
> routine
> ---
> controller/lflow.c | 25 +++++++---
> tests/ovn.at | 115 +++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 133 insertions(+), 7 deletions(-)
>
> diff --git a/controller/lflow.c b/controller/lflow.c
> index 003195ae4..0b071138d 100644
> --- a/controller/lflow.c
> +++ b/controller/lflow.c
> @@ -1729,6 +1729,7 @@ add_lb_vip_hairpin_flows(const struct
> ovn_controller_lb *lb,
>
> static void
> add_lb_ct_snat_hairpin_for_dp(const struct ovn_controller_lb *lb,
> + bool has_vip_port,
> const struct sbrec_datapath_binding
> *datapath,
> const struct hmap *local_datapaths,
> struct match *dp_match,
> @@ -1742,12 +1743,20 @@ add_lb_ct_snat_hairpin_for_dp(const struct
> ovn_controller_lb *lb,
> match_set_metadata(dp_match, htonll(datapath->tunnel_key));
> }
>
> + uint16_t priority = datapath ? 200 : 100;
> + if (!has_vip_port) {
> + /* If L4 ports are not specified for the current LB, we will
> decrease
> + * the flow priority in order to not collide with other LBs with
> more
> + * fine-grained configuration.
> + */
> + priority -= 10;
> + }
> /* A flow added for the "hairpin_snat_ip" case will have an extra
> * datapath match, but it will also match on the less restrictive
> * general case. Therefore, we set the priority in the
> * "hairpin_snat_ip" case to be higher than the general case. */
> ofctrl_add_flow(flow_table, OFTABLE_CT_SNAT_HAIRPIN,
> - datapath ? 200 : 100, lb->slb->header_.uuid.parts[0],
> + priority, lb->slb->header_.uuid.parts[0],
> dp_match, dp_acts, &lb->slb->header_.uuid);
> }
>
> @@ -1834,8 +1843,8 @@ add_lb_ct_snat_hairpin_vip_flow(const struct
> ovn_controller_lb *lb,
> }
> }
>
> - match_set_nw_proto(&match, lb->proto);
> if (lb_vip->vip_port) {
> + match_set_nw_proto(&match, lb->proto);
> if (!lb->hairpin_orig_tuple) {
> match_set_ct_nw_proto(&match, lb->proto);
> match_set_ct_tp_dst(&match, htons(lb_vip->vip_port));
> @@ -1852,18 +1861,20 @@ add_lb_ct_snat_hairpin_vip_flow(const struct
> ovn_controller_lb *lb,
> }
>
> if (!use_hairpin_snat_ip) {
> - add_lb_ct_snat_hairpin_for_dp(lb, NULL, NULL,
> + add_lb_ct_snat_hairpin_for_dp(lb, !!lb_vip->vip_port, NULL, NULL,
> &match, &ofpacts, flow_table);
> } else {
> for (size_t i = 0; i < lb->slb->n_datapaths; i++) {
> - add_lb_ct_snat_hairpin_for_dp(lb, lb->slb->datapaths[i],
> - local_datapaths,
> - &match, &ofpacts, flow_table);
> + add_lb_ct_snat_hairpin_for_dp(lb, !!lb_vip->vip_port,
> + lb->slb->datapaths[i],
> + local_datapaths, &match,
> + &ofpacts, flow_table);
> }
> if (lb->slb->datapath_group) {
> for (size_t i = 0; i < lb->slb->datapath_group->n_datapaths;
> i++) {
> add_lb_ct_snat_hairpin_for_dp(
> - lb, lb->slb->datapath_group->datapaths[i],
> + lb, !!lb_vip->vip_port,
> + lb->slb->datapath_group->datapaths[i],
> local_datapaths, &match, &ofpacts, flow_table);
> }
> }
> diff --git a/tests/ovn.at b/tests/ovn.at
> index c2883ffca..207c16295 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -29500,7 +29500,9 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up
> sw1-p1) = xup])
>
> check ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.88:8080 42.42.42.1:4041 tcp
> check ovn-nbctl lb-add lb-ipv4-udp 88.88.88.88:4040 42.42.42.1:2021 udp
> +check ovn-nbctl lb-add lb-ipv4 88.88.88.89 42.42.42.2
> check ovn-nbctl lb-add lb-ipv6-tcp [[8800::0088]]:8080 [[4200::1]]:4041
> tcp
> +check ovn-nbctl lb-add lb-ipv6 8800::0089 4200::2
> check ovn-nbctl --wait=hv lb-add lb-ipv6-udp [[8800::0088]]:4040
> [[4200::1]]:2021 udp
>
> AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | grep -v NXST],
> [1], [dnl
> @@ -29791,6 +29793,119 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int
> table=70 | ofctl_strip_all | grep -
> table=70,
> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> ])
>
> +check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv4
> +OVS_WAIT_UNTIL(
> + [test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v
> NXST) -eq 7]
> +)
> +
> +OVS_WAIT_UNTIL(
> + [test $(as hv2 ovs-ofctl dump-flows br-int table=68 | grep -c -v
> NXST) -eq 7]
> +)
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=68,
> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
> [1], [dnl
> +])
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
> + table=70,
> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70,
> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=90,ip,reg1=0x58585859
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=68,
> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
> [1], [dnl
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
> + table=70,
> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70,
> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=90,ip,reg1=0x58585859
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
> +])
> +
> +check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv6
> +OVS_WAIT_UNTIL(
> + [test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v
> NXST) -eq 8]
> +)
> +
> +OVS_WAIT_UNTIL(
> + [test $(as hv2 ovs-ofctl dump-flows br-int table=68 | grep -c -v
> NXST) -eq 8]
> +)
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=68,
> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89,ipv6_src=4200::2,ipv6_dst=4200::2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
> [1], [dnl
> +])
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
> + table=70,
> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70,
> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=90,ip,reg1=0x58585859
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
> + table=70, priority=90,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::89))
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=68,
> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89,ipv6_src=4200::2,ipv6_dst=4200::2
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> + table=68,
> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
> [1], [dnl
> +])
> +
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
> grep -v NXST], [0], [dnl
> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
> + table=70,
> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
> + table=70,
> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
> + table=70, priority=90,ip,reg1=0x58585859
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
> + table=70, priority=90,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89
> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::89))
> +])
> +
> +check ovn-nbctl --wait=hv ls-lb-del sw0 lb-ipv4
> +check ovn-nbctl --wait=hv ls-lb-del sw0 lb-ipv6
> +
> # Check backwards compatibility with ovn-northd versions that don't store
> the
> # original destination tuple.
> #
> --
> 2.39.2
>
>
Looks good to me, thanks.
Acked-by: Ales Musil <[email protected]>
--
Ales Musil
Senior Software Engineer - OVN Core
Red Hat EMEA <https://www.redhat.com>
[email protected] IM: amusil
<https://red.ht/sig>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
