On 3/24/23 09:49, Ales Musil wrote:
> On Mon, Mar 20, 2023 at 11:57 PM Lorenzo Bianconi <
> lorenzo.bianc...@redhat.com> wrote:
>
>> Fix non-tcp haripin use-case if the load-balancer is configured without
>> ports.
>>
>> Fixes: 022ea339c8e2 ("lflow: Use learn() action to generate LB hairpin
>> reply flows.")
>> Tested-by: Ying Xu <yi...@redhat.com>
>> Reviewed-by: Simon Horman <simon.hor...@corigine.com>
>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2157846
>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
>> ---
>> Change since v1:
>> - pass has_vip_port istead of lb_vip pointer in
>> add_lb_ct_snat_hairpin_for_dp()
>> routine
>> ---
>> controller/lflow.c | 25 +++++++---
>> tests/ovn.at | 115 +++++++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 133 insertions(+), 7 deletions(-)
>>
>> diff --git a/controller/lflow.c b/controller/lflow.c
>> index 003195ae4..0b071138d 100644
>> --- a/controller/lflow.c
>> +++ b/controller/lflow.c
>> @@ -1729,6 +1729,7 @@ add_lb_vip_hairpin_flows(const struct
>> ovn_controller_lb *lb,
>>
>> static void
>> add_lb_ct_snat_hairpin_for_dp(const struct ovn_controller_lb *lb,
>> + bool has_vip_port,
>> const struct sbrec_datapath_binding
>> *datapath,
>> const struct hmap *local_datapaths,
>> struct match *dp_match,
>> @@ -1742,12 +1743,20 @@ add_lb_ct_snat_hairpin_for_dp(const struct
>> ovn_controller_lb *lb,
>> match_set_metadata(dp_match, htonll(datapath->tunnel_key));
>> }
>>
>> + uint16_t priority = datapath ? 200 : 100;
>> + if (!has_vip_port) {
>> + /* If L4 ports are not specified for the current LB, we will
>> decrease
>> + * the flow priority in order to not collide with other LBs with
>> more
>> + * fine-grained configuration.
>> + */
>> + priority -= 10;
>> + }
>> /* A flow added for the "hairpin_snat_ip" case will have an extra
>> * datapath match, but it will also match on the less restrictive
>> * general case. Therefore, we set the priority in the
>> * "hairpin_snat_ip" case to be higher than the general case. */
>> ofctrl_add_flow(flow_table, OFTABLE_CT_SNAT_HAIRPIN,
>> - datapath ? 200 : 100, lb->slb->header_.uuid.parts[0],
>> + priority, lb->slb->header_.uuid.parts[0],
>> dp_match, dp_acts, &lb->slb->header_.uuid);
>> }
>>
>> @@ -1834,8 +1843,8 @@ add_lb_ct_snat_hairpin_vip_flow(const struct
>> ovn_controller_lb *lb,
>> }
>> }
>>
>> - match_set_nw_proto(&match, lb->proto);
>> if (lb_vip->vip_port) {
>> + match_set_nw_proto(&match, lb->proto);
>> if (!lb->hairpin_orig_tuple) {
>> match_set_ct_nw_proto(&match, lb->proto);
>> match_set_ct_tp_dst(&match, htons(lb_vip->vip_port));
>> @@ -1852,18 +1861,20 @@ add_lb_ct_snat_hairpin_vip_flow(const struct
>> ovn_controller_lb *lb,
>> }
>>
>> if (!use_hairpin_snat_ip) {
>> - add_lb_ct_snat_hairpin_for_dp(lb, NULL, NULL,
>> + add_lb_ct_snat_hairpin_for_dp(lb, !!lb_vip->vip_port, NULL, NULL,
>> &match, &ofpacts, flow_table);
>> } else {
>> for (size_t i = 0; i < lb->slb->n_datapaths; i++) {
>> - add_lb_ct_snat_hairpin_for_dp(lb, lb->slb->datapaths[i],
>> - local_datapaths,
>> - &match, &ofpacts, flow_table);
>> + add_lb_ct_snat_hairpin_for_dp(lb, !!lb_vip->vip_port,
>> + lb->slb->datapaths[i],
>> + local_datapaths, &match,
>> + &ofpacts, flow_table);
>> }
>> if (lb->slb->datapath_group) {
>> for (size_t i = 0; i < lb->slb->datapath_group->n_datapaths;
>> i++) {
>> add_lb_ct_snat_hairpin_for_dp(
>> - lb, lb->slb->datapath_group->datapaths[i],
>> + lb, !!lb_vip->vip_port,
>> + lb->slb->datapath_group->datapaths[i],
>> local_datapaths, &match, &ofpacts, flow_table);
>> }
>> }
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index c2883ffca..207c16295 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -29500,7 +29500,9 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up
>> sw1-p1) = xup])
>>
>> check ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.88:8080 42.42.42.1:4041 tcp
>> check ovn-nbctl lb-add lb-ipv4-udp 88.88.88.88:4040 42.42.42.1:2021 udp
>> +check ovn-nbctl lb-add lb-ipv4 88.88.88.89 42.42.42.2
>> check ovn-nbctl lb-add lb-ipv6-tcp [[8800::0088]]:8080 [[4200::1]]:4041
>> tcp
>> +check ovn-nbctl lb-add lb-ipv6 8800::0089 4200::2
>> check ovn-nbctl --wait=hv lb-add lb-ipv6-udp [[8800::0088]]:4040
>> [[4200::1]]:2021 udp
>>
>> AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | grep -v NXST],
>> [1], [dnl
>> @@ -29791,6 +29793,119 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int
>> table=70 | ofctl_strip_all | grep -
>> table=70,
>> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> ])
>>
>> +check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv4
>> +OVS_WAIT_UNTIL(
>> + [test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v
>> NXST) -eq 7]
>> +)
>> +
>> +OVS_WAIT_UNTIL(
>> + [test $(as hv2 ovs-ofctl dump-flows br-int table=68 | grep -c -v
>> NXST) -eq 7]
>> +)
>> +
>> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
>> [1], [dnl
>> +])
>> +
>> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
>> + table=70,
>> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70,
>> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=90,ip,reg1=0x58585859
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
>> [1], [dnl
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
>> + table=70,
>> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70,
>> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=90,ip,reg1=0x58585859
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
>> +])
>> +
>> +check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv6
>> +OVS_WAIT_UNTIL(
>> + [test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v
>> NXST) -eq 8]
>> +)
>> +
>> +OVS_WAIT_UNTIL(
>> + [test $(as hv2 ovs-ofctl dump-flows br-int table=68 | grep -c -v
>> NXST) -eq 8]
>> +)
>> +
>> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89,ipv6_src=4200::2,ipv6_dst=4200::2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
>> [1], [dnl
>> +])
>> +
>> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
>> + table=70,
>> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70,
>> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=90,ip,reg1=0x58585859
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
>> + table=70, priority=90,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::89))
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ip,reg1=0x58585859,nw_src=42.42.42.2,nw_dst=42.42.42.2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89,ipv6_src=4200::2,ipv6_dst=4200::2
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::89,NXM_OF_IP_PROTO[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff,nw_src=52.52.52.52,nw_dst=52.52.52.52,tp_dst=4042
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=4041
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp,reg1=0x58585858,reg2=0xfc8/0xffff,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> + table=68,
>> priority=100,ct_mark=0x2/0x2,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88,ipv6_src=4200::1,ipv6_dst=4200::1,tp_dst=2021
>> actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x86dd,NXM_NX_IPV6_SRC[[]],ipv6_dst=8800::88,nw_proto=17,NXM_OF_UDP_SRC[[]]=NXM_OF_UDP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST],
>> [1], [dnl
>> +])
>> +
>> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all |
>> grep -v NXST], [0], [dnl
>> + table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
>> + table=70,
>> priority=100,tcp6,reg2=0x1f90/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=100,udp,reg1=0x58585858,reg2=0xfc8/0xffff
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
>> + table=70,
>> priority=100,udp6,reg2=0xfc8/0xffff,reg4=0x88000000,reg5=0,reg6=0,reg7=0x88
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::88))
>> + table=70, priority=90,ip,reg1=0x58585859
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.89))
>> + table=70, priority=90,ipv6,reg4=0x88000000,reg5=0,reg6=0,reg7=0x89
>> actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=8800::89))
>> +])
>> +
>> +check ovn-nbctl --wait=hv ls-lb-del sw0 lb-ipv4
>> +check ovn-nbctl --wait=hv ls-lb-del sw0 lb-ipv6
>> +
>> # Check backwards compatibility with ovn-northd versions that don't store
>> the
>> # original destination tuple.
>> #
>> --
>> 2.39.2
>>
>>
> Looks good to me, thanks.
>
> Acked-by: Ales Musil <amu...@redhat.com>
>
Thanks, Lorenzo, Ales and Simon!
I applied this to the main branch and backported it to 23.03. Do we
need it on older branches too? If so, please send a backport patch as
this one doesn't apply cleanly.
Regards,
Dumitru
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
