Hi,
If you are careful, you will find that NSH is no problem without using a
proxy. Just go through the physical interface without going through the table.
Why is this? Because the ovs code has a checksum, for the NSH check, if
encap and decap are used together, there will be problems, this is the need to
change the code. The ovs actions have a series of actions, and these actions
are checked and executed first. Decap checks whether it is an NSH message, but
there is encap, so the check fails, so why is there no problem with MPLS?
Because MPLS push_mpls is set. The mpls field causes the pop_mpls check to
succeed, but push_nsh does not have this setting.
Recompile the source code and replace openvswitch.ko
If you have any questions, you can always restore your mail.
code:
vim datapath/flow_netlink.c
__ovs_nla_copy_actions
case OVS_ACTION_ATTR_PUSH_ETH:
/* Disallow pushing an Ethernet header if one
* is already present */
if (mac_proto != MAC_PROTO_NONE)
return -EINVAL;
//mac_proto = MAC_PROTO_NONE;
mac_proto = MAC_PROTO_ETHERNET;
break;
case OVS_ACTION_ATTR_POP_ETH:
if (mac_proto != MAC_PROTO_ETHERNET)
return -EINVAL;
if (vlan_tci & htons(VLAN_TAG_PRESENT))
return -EINVAL;
//mac_proto = MAC_PROTO_ETHERNET;
mac_proto = MAC_PROTO_NONE;
break;
case OVS_ACTION_ATTR_POP_NSH: {
//__be16 inner_proto;
//if (eth_type != htons(ETH_P_NSH))
// return -EINVAL;
//inner_proto = tun_p_to_eth_p(key->nsh.base.np);
//if (!inner_proto)
// return -EINVAL;
if (key->nsh.base.np == TUN_P_ETHERNET)
mac_proto = MAC_PROTO_ETHERNET;
else
mac_proto = MAC_PROTO_NONE;
break;
validate_set
if (key_type > OVS_KEY_ATTR_MAX ||
!check_attr_len(key_len, ovs_key_lens[key_type].len))
return -EINVAL;
/************************************************************/
if (key_len == 28) {
return 0;
} else if (key_type == OVS_KEY_ATTR_ETHERNET) {
mac_proto = MAC_PROTO_ETHERNET;
}
/************************************************************/
if (masked && !validate_masked(nla_data(ovs_key), key_len))
return -EINVAL;
<https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=wangjq_china&uid=wangjq_china%40outlook.com&iconUrl=http%3A%2F%2Fmail-online.nosdn.127.net%2Fsmbbd5217c6c1185a0336c405480773143.jpg&items=%5B%22wangjq_china%40outlook.com%22%5D>
[http://mail-online.nosdn.127.net/smbbd5217c6c1185a0336c405480773143.jpg]
wangjq_china
wangjq_ch...@outlook.com
签名由 网易邮箱大师<https://mail.163.com/dashi/dlpro.html?from=mail81> 定制
On 1/14/2019 09:53,Hoàng Công
Phước<hoangphuocbk2...@gmail.com><mailto:hoangphuocbk2...@gmail.com> wrote:
Hi Wang,
Could you upload your patch to ovs? I would appreciate your help about that
case ^^. Thank you.
Vào CN, 13 thg 1, 2019 vào lúc 04:36 wang junqiang
<wangjq_ch...@outlook.com<mailto:wangjq_ch...@outlook.com>> đã viết:
Hi,
I also encountered this problem, need to change the source code to solve.
获取 Outlook for iOS<https://aka.ms/o0ukef>
________________________________
发件人:
ovs-discuss-boun...@openvswitch.org<mailto:ovs-discuss-boun...@openvswitch.org>
代表 Hoàng Công Phước
<hoangphuocbk2...@gmail.com<mailto:hoangphuocbk2...@gmail.com>>
发送时间: 星期六, 一月 12, 2019 11:11
收件人: Ben Pfaff
抄送: b...@openvswitch.org<mailto:b...@openvswitch.org>
主题: Re: [ovs-discuss] [SFC NSH] Update "eth_dst" for original packet after
decap nsh encapsulation packet.
here are the document I am following:
https://github.com/openvswitch/ovs/blob/master/tests/nsh.at#L65-L68
My ovs version is 2.9.0 and when I check ovs, in version 2.9.0, NSH is
supported.
Vào Th 7, 12 thg 1, 2019 vào lúc 01:52 Ben Pfaff
<b...@ovn.org<mailto:b...@ovn.org>> đã viết:
I don't think OVS supports this kind of encapsulation.
On Fri, Jan 11, 2019 at 10:42:10AM +0900, Hoàng Công Phước wrote:
> Hi Ben, thank for your
>
> I am sorry because I didn't show the encapsulation command. In this case,
> original packet is encapsulated 2 times, with nsh and ethernet headers.
> Here is the flow:
>
> table=0, n_packets=0, n_bytes=0,
> priority=30,tcp,in_port="tap09d8de0e-20",nw_src=10.10.0.111,nw_dst=
> 10.10.0.0/24,tp_dst=80<http://10.10.0.0/24,tp_dst=80>
> actions=encap(nsh),set_field:0x33->nsh_spi,set_field:255->nsh_si,encap(ethernet),set_field:fa:16:3e:05:3a:12->eth_dst,resubmit(,5)
>
> As I known, after using decap() 2 times, I can get the original packet. So,
> I can update eth_dst to it.
>
>
>
>
>
> Vào Th 6, 11 thg 1, 2019 vào lúc 04:32 Ben Pfaff
> <b...@ovn.org<mailto:b...@ovn.org>> đã viết:
>
> > On Fri, Jan 11, 2019 at 04:26:03AM +0900, Hoàng Công Phước wrote:
> > > Hi experts,
> > >
> > > I am trying to update "eth_dst" for original packet after decap nsh
> > > encapsulation packet. Here is my command about it:
> > >
> > > $ sudo ovs-ofctl add-flow br-int "table=10, priority=1, dl_vlan=4,
> > > dl_dst=fa:16:3e:05:3a:12, dl_type=0x894f, nsh_mdtype=1, nsh_spi=0x33,
> > > nsh_si=254, actions=strip_vlan,
> > > move:NXM_OF_ETH_DST->OXM_OF_PKT_REG0[0..47], decap(), decap(),
> > > move:OXM_OF_PKT_REG0[0..47]->NXM_OF_ETH_DST, output:tap62c2fc56-14"
> > >
> > > However, I got an error, that is:
> > > "2019-01-10T19:11:27Z|00001|meta_flow|WARN|destination field eth_dst
> > lacks
> > > correct prerequisites
> > > ovs-ofctl: actions are invalid with specified match
> > > (OFPBAC_MATCH_INCONSISTENT)"
> > >
> > > If I remove "move:NXM_OF_ETH_DST->OXM_OF_PKT_REG0[0..47]" and
> > > "move:OXM_OF_PKT_REG0[0..47]->NXM_OF_ETH_DST", it worked. So there is an
> > > error with copy eth_dst value from outer to inner packet. I am beginner
> > > with Open vSwitch, so it's very helpful if someone can help me to figure
> > > the problem out.
> >
> > It looks to me that the first decap removes the NSH header and the
> > second decap removes the Ethernet header. At that point, there's no
> > Ethernet destination field to set, so the error seems reasonable.
> >
>
>
> --
> Hoàng Công Phước
--
Hoàng Công Phước
--
Hoàng Công Phước
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
