> From: Frode Nordahl <[email protected]> > > While there is a hardware offload friendly approach to fixing > processing of fragmented traffic to load balancers in 8e6f9a8355e2 > ("northd: Fix HW offload problem related to ct_tuple."), the change > is quite invasive, and not compatible with our requirement to make > UDP fragmentation work for switch egress pipeline user space data > path back to OVN 22.03. > > In a subsequent commit a optional workaround to this problem is > provided, which relies on this field being available. > > The documentation for OVN Northbound ACL table already states that > the match column uses the same expression language as the OVN > Southbound Logical_Flow match column.
Hi Erlon and Frode, I think this patch is fine since it was already part of 20a96b9d2c3d, but IIUC (according to commit 8e6f9a8355e2) this feature (if used) will break offload, right? I guess we should a comment clarifying it. What do you think? Regards, Lorenzo > > As we know use of these fields may be considered low level and > problematic, consequently notes are added to mark them as internal > API and discourage their use. > > Related: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2115795 > Related: https://issues.redhat.com/browse/FDP-684 > Signed-off-by: Frode Nordahl <[email protected]> > --- > lib/logical-fields.c | 9 +++++++++ > ovn-nb.xml | 8 ++++++++ > ovn-sb.xml | 10 ++++++++++ > tests/ovn.at | 4 ++++ > 4 files changed, 31 insertions(+) > > diff --git a/lib/logical-fields.c b/lib/logical-fields.c > index fcafeeac2..ac33f7bf1 100644 > --- a/lib/logical-fields.c > +++ b/lib/logical-fields.c > @@ -368,6 +368,15 @@ ovn_init_symtab(struct shash *symtab) > > expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", OVN_ICMP4_FRAG_MTU); > expr_symtab_add_ovn_field(symtab, "icmp6.frag_mtu", OVN_ICMP6_FRAG_MTU); > + > + expr_symtab_add_field(symtab, "ct_proto", MFF_CT_NW_PROTO, > + "ct.trk", false); > + > + expr_symtab_add_predicate(symtab, "ct_udp", "ct_proto == 17"); > + expr_symtab_add_field(symtab, "ct_udp.dst", MFF_CT_TP_DST, > + "ct_udp", false); > + expr_symtab_add_field(symtab, "ct_udp.src", MFF_CT_TP_SRC, > + "ct_udp", false); > } > > const char * > diff --git a/ovn-nb.xml b/ovn-nb.xml > index b7b5b5c40..3f4398afb 100644 > --- a/ovn-nb.xml > +++ b/ovn-nb.xml > @@ -2644,6 +2644,14 @@ or > Note that you can not create an ACL matching on a port with > type=router or type=localnet. > </p> > + > + <p> > + Note that matching directly on connection tracker metadata fields > such > + as <code>ct_proto</code>, <code>ct_udp</code> and their subfields is > + for internal use between ovn-northd and ovn-controller, may be > removed > + at any time and consequently not supported as part of the Northbound > + API. > + </p> > </column> > > <column name="action"> > diff --git a/ovn-sb.xml b/ovn-sb.xml > index 4b563c5f1..e792b87a5 100644 > --- a/ovn-sb.xml > +++ b/ovn-sb.xml > @@ -1147,6 +1147,16 @@ > </li> > </ul> > </li> > + <li> > + <p> > + <code>ct_proto</code> and <code>ct_udp</code> subfields represent > + connection tracker metadata containing L4 information for UDP > + packets. Note: for internal use, may be removed at any time. > + </p> > + <ul> > + <li><code>ct_udp.src</code> <code>ct_udp.dst</code></li> > + </ul> > + </li> > </ul> > > <p> > diff --git a/tests/ovn.at b/tests/ovn.at > index 292ca0dae..e4fba8aaa 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -154,7 +154,11 @@ ct_mark.natted = ct_mark[1] > ct_mark.obs_collector_id = ct_mark[16..23] > ct_mark.obs_stage = ct_mark[4..5] > ct_mark.skip_snat = ct_mark[2] > +ct_proto = NXM_NX_CT_NW_PROTO > ct_state = NXM_NX_CT_STATE > +ct_udp = ct_proto == 17 > +ct_udp.dst = NXM_NX_CT_TP_DST > +ct_udp.src = NXM_NX_CT_TP_SRC > ]]) > AT_CLEANUP > > -- > 2.43.0 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
_______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
