Re: [ovs-dev] [PATCH ovn 2/2] tests: Remove table numbers from test action parsing.

[Ales Musil]

On Tue, Feb 6, 2024 at 6:49 PM Xavier Simonart  wrote:

> Hi Ales
>
> Thanks for the review.
> I'll add NEXT(x, y), with x being ingress or egress, and y being lflow
> table number, and use them where necessary.
> I'll post a v2 when the 26 first patches from the series get merged so
> that ovs robot can run happily.
>
> With this and your 26 patches, we should be able to change (most ?) table
> numbers without impacting tests...
>

Sounds good to me, thanks!


>
> Thanks
> Xavier
>
> On Tue, Feb 6, 2024 at 5:42 PM Ales Musil  wrote:
>
>>
>>
>> On Tue, Feb 6, 2024 at 3:45 PM Xavier Simonart 
>> wrote:
>>
>>> This patch uses the recently introduced macros defining openflow table
>>> numbers.
>>>
>>> Signed-off-by: Xavier Simonart 
>>> ---
>>>
>>
>> Hi Xavier,
>> thank you for the follow up to remove the rest of hardcoded table
>> numbers. There are a few places below where it was missed. I wonder should
>> we also address them?
>>
>>  tests/ovn-macros.at |   4 +
>>>  tests/ovn.at| 230 +++-
>>>  2 files changed, 122 insertions(+), 112 deletions(-)
>>>
>>> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
>>> index 84e50d76f..db107f43a 100644
>>> --- a/tests/ovn-macros.at
>>> +++ b/tests/ovn-macros.at
>>> @@ -995,6 +995,8 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
>>>  m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
>>>  m4_define([OFTABLE_REMOTE_OUTPUT], [39])
>>>  m4_define([OFTABLE_LOCAL_OUTPUT], [40])
>>> +m4_define([OFTABLE_LOG_EGRESS_PIPELINE], [42])
>>> +m4_define([OFTABLE_SAVE_INPORT], [64])
>>>  m4_define([OFTABLE_LOG_TO_PHY], [65])
>>>  m4_define([OFTABLE_MAC_BINDING], [66])
>>>  m4_define([OFTABLE_MAC_LOOKUP], [67])
>>> @@ -1010,3 +1012,5 @@ m4_define([OFTABLE_ECMP_NH_MAC], [76])
>>>  m4_define([OFTABLE_ECMP_NH], [77])
>>>  m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
>>>  m4_define([OFTABLE_MAC_CACHE_USE], [79])
>>> +
>>> +m4_define([OFTABLE_SAVE_INPORT_HEX], [m4_eval(OFTABLE_SAVE_INPORT, 16)])
>>> diff --git a/tests/ovn.at b/tests/ovn.at
>>> index a0361ab49..280f6d1d6 100644
>>> --- a/tests/ovn.at
>>> +++ b/tests/ovn.at
>>> @@ -979,6 +979,12 @@ AT_CLEANUP
>>>  AT_SETUP([action parsing])
>>>  dnl Unindented text is input (a set of OVN logical actions).
>>>  dnl Indented text is expected output.
>>> +
>>> +# lflow table hard-coded to 10 in test-ovn, so next is 11.
>>> +m4_define([lflow_table], [11])
>>> +m4_define([oflow_in_table], [m4_eval(lflow_table +
>>> OFTABLE_LOG_INGRESS_PIPELINE)])
>>> +m4_define([oflow_out_table], [m4_eval(lflow_table +
>>> OFTABLE_LOG_EGRESS_PIPELINE)])
>>> +
>>>  AT_DATA([test-cases.txt], [
>>>  # drop
>>>  drop;
>>> @@ -990,16 +996,16 @@ next; drop;
>>>
>>>  # output
>>>  output;
>>> -encodes as resubmit(,64)
>>> +encodes as resubmit(,OFTABLE_SAVE_INPORT)
>>>
>>>  # next
>>>  next;
>>> -encodes as resubmit(,19)
>>> -next(11);
>>> +encodes as resubmit(,oflow_in_table)
>>> +next(lflow_table);
>>>  formats as next;
>>> -encodes as resubmit(,19)
>>> +encodes as resubmit(,oflow_in_table)
>>>  next(0);
>>> -encodes as resubmit(,8)
>>> +encodes as resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
>>>  next(23);
>>>  encodes as resubmit(,31)
>>>
>>
>> This depends on OFTABLE_LOG_INGRESS_PIPELINE.
>>
>>
>>>
>>> @@ -1010,22 +1016,22 @@ next(10;
>>>  next(24);
>>>  "next" action cannot advance beyond table 23.
>>>
>>> -next(table=11);
>>> +next(table=lflow_table);
>>>  formats as next;
>>> -encodes as resubmit(,19)
>>> +encodes as resubmit(,oflow_in_table)
>>>  next(pipeline=ingress);
>>>  formats as next;
>>> -encodes as resubmit(,19)
>>> -next(table=11, pipeline=ingress);
>>> +encodes as resubmit(,oflow_in_table)
>>> +next(table=lflow_table, pipeline=ingress);
>>>  formats as next;
>>> -encodes as resubmit(,19)
>>> -next(pipeline=ingress, table=11);
>>> +encodes as resubmit(,oflow_in_table)
>>> +next(pipeline=ingress, table=lflow_table);
>>>  formats as next;
>>> -encodes as resubmit(,19)
>>> +encodes as resubmit(,oflow_in_table)
>>>
>>>  next(pipeline=egress);
>>> -formats as next(pipeline=egress, table=11);
>>> -encodes as resubmit(,53)
>>> +formats as next(pipeline=egress, table=lflow_table);
>>> +encodes as resubmit(,oflow_out_table)
>>>
>>>  next(pipeline=egress, table=5);
>>>  encodes as resubmit(,47)
>>>
>>
>> This is dependent on the OFTABLE_LOG_EGRESS_PIPELINE, we should probably
>> account for that. There is also next right under this that depends on
>> OFTABLE_LOG_INGRESS_PIPELINE.
>> Since we have several next actions, what about next for a fixed number,
>> being it 5 or 10 doesn't matter and creating a macro that will extend those
>> for ingress or egress WDYT?
>>
>>
>>> @@ -1054,7 +1060,7 @@ ip.ttl=4;
>>>  has prereqs eth.type == 0x800 || eth.type == 0x86dd
>>>  outport="eth0"; next; outport="LOCAL"; next;
>>>  formats as outport = "eth0"; next; outport = "LOCAL"; next;
>>> -encodes as

Re: [ovs-dev] [PATCH ovn] Documentation: Fix broken links in ovn-sandbox.rst.

[0-day Robot]

Bleep bloop.  Greetings Nobuhiro MIKI, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line is 82 characters long (recommended limit is 79)
#22 FILE: Documentation/tutorials/ovn-sandbox.rst:165:
.. _ovn-architecture: 
http://www.ovn.org/support/dist-docs/ovn-architecture.7.html

WARNING: Line is 81 characters long (recommended limit is 79)
#30 FILE: Documentation/tutorials/ovn-sandbox.rst:170:
.. _ovn-controller(8): 
http://www.ovn.org/support/dist-docs/ovn-controller.8.html

WARNING: Line is 91 characters long (recommended limit is 79)
#31 FILE: Documentation/tutorials/ovn-sandbox.rst:171:
.. _ovn-controller-vtep(8): 
http://www.ovn.org/support/dist-docs/ovn-controller-vtep.8.html

Lines checked: 44, Warnings: 3, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] Documentation: Fix broken links in ovn-sandbox.rst.

[Nobuhiro MIKI]

Signed-off-by: Nobuhiro MIKI 
---
 Documentation/tutorials/ovn-sandbox.rst | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/Documentation/tutorials/ovn-sandbox.rst 
b/Documentation/tutorials/ovn-sandbox.rst
index 2b574c02f153..decc8abb397a 100644
--- a/Documentation/tutorials/ovn-sandbox.rst
+++ b/Documentation/tutorials/ovn-sandbox.rst
@@ -162,16 +162,16 @@ to OpenFlow flows programmed by ``ovn-controller``.  See 
the `ovn-trace(8)`_
 man page for more detail.
 
 
-.. _ovn-architecture: 
http://openvswitch.org/support/dist-docs/ovn-architecture.7.html
-.. _ovn-nb(5): http://openvswitch.org/support/dist-docs/ovn-nb.5.html
-.. _ovn-sb(5): http://openvswitch.org/support/dist-docs/ovn-sb.5.html
+.. _ovn-architecture: 
http://www.ovn.org/support/dist-docs/ovn-architecture.7.html
+.. _ovn-nb(5): http://www.ovn.org/support/dist-docs/ovn-nb.5.html
+.. _ovn-sb(5): http://www.ovn.org/support/dist-docs/ovn-sb.5.html
 .. _vtep(5): http://openvswitch.org/support/dist-docs/vtep.5.html
-.. _ovn-northd(8): http://openvswitch.org/support/dist-docs/ovn-northd.8.html
-.. _ovn-controller(8): 
http://openvswitch.org/support/dist-docs/ovn-controller.8.html
-.. _ovn-controller-vtep(8): 
http://openvswitch.org/support/dist-docs/ovn-controller-vtep.8.html
+.. _ovn-northd(8): http://www.ovn.org/support/dist-docs/ovn-northd.8.html
+.. _ovn-controller(8): 
http://www.ovn.org/support/dist-docs/ovn-controller.8.html
+.. _ovn-controller-vtep(8): 
http://www.ovn.org/support/dist-docs/ovn-controller-vtep.8.html
 .. _vtep-ctl(8): http://openvswitch.org/support/dist-docs/vtep-ctl.8.html
-.. _ovn-nbctl(8): http://openvswitch.org/support/dist-docs/ovn-nbctl.8.html
-.. _ovn-sbctl(8): http://openvswitch.org/support/dist-docs/ovn-sbctl.8.html
-.. _ovn-trace(8): http://openvswitch.org/support/dist-docs/ovn-trace.8.html
+.. _ovn-nbctl(8): http://www.ovn.org/support/dist-docs/ovn-nbctl.8.html
+.. _ovn-sbctl(8): http://www.ovn.org/support/dist-docs/ovn-sbctl.8.html
+.. _ovn-trace(8): http://www.ovn.org/support/dist-docs/ovn-trace.8.html
 .. _ovs-advanced: 
https://github.com/openvswitch/ovs/blob/master/Documentation/tutorials/ovs-advanced.rst
 
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v6 00/13] northd lflow incremental processing

[Numan Siddique]

On Tue, Feb 6, 2024 at 3:52 PM Han Zhou  wrote:
>
> On Mon, Feb 5, 2024 at 7:47 PM Numan Siddique  wrote:
> >
> > On Mon, Feb 5, 2024 at 9:41 PM Han Zhou  wrote:
> > >
> > > On Mon, Feb 5, 2024 at 4:12 PM Numan Siddique  wrote:
> > > >
> > > > On Mon, Feb 5, 2024 at 5:54 PM Han Zhou  wrote:
> > > > >
> > > > > On Mon, Feb 5, 2024 at 10:15 AM Ilya Maximets 
> > > wrote:
> > > > > >
> > > > > > On 2/5/24 15:45, Ilya Maximets wrote:
> > > > > > > On 2/5/24 11:34, Ilya Maximets wrote:
> > > > > > >> On 2/5/24 09:23, Dumitru Ceara wrote:
> > > > > > >>> On 2/5/24 08:13, Han Zhou wrote:
> > > > > >  On Sun, Feb 4, 2024 at 9:26 PM Numan Siddique  >
> > > wrote:
> > > > > > >
> > > > > > > On Sun, Feb 4, 2024 at 9:53 PM Han Zhou 
> wrote:
> > > > > > >>
> > > > > > >> On Sun, Feb 4, 2024 at 5:46 AM Ilya Maximets <
> > > i.maxim...@ovn.org>
> > > > > wrote:
> > > > > > >>>
> > > > > > >>
> > > > > > >>>  35 files changed, 9681 insertions(+), 4645
> deletions(-)
> > > > > > >>
> > > > > > >> I had another look at this series and acked the
> remaining
> > > > > >  patches.  I
> > > > > > >> just had some minor comments that can be easily fixed
> when
> > > > > >  applying
> > > > > > >> the
> > > > > > >> patches to the main branch.
> > > > > > >>
> > > > > > >> Thanks for all the work on this!  It was a very large
> > > change
> > > > > but
> > > > > >  it
> > > > > > >> improves northd performance significantly.  I just
> hope we
> > > > > don't
> > > > > > >> introduce too many bugs.  Hopefully the time we have
> until
> > > > > release
> > > > > > >> will
> > > > > > >> allow us to further test this change on the 24.03
> branch.
> > > > > > >>
> > > > > > >> Regards,
> > > > > > >> Dumitru
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Thanks a lot Dumitru and Han for the reviews and
> patience.
> > > > > > >
> > > > > > > I addressed the comments and applied the patches to
> main and
> > > > > also
> > > > > >  to
> > > > > >  branch-24.03.
> > > > > > >
> > > > > > > @Han - I know you wanted to take another look in to v6.
>  I
> > > > > didn't
> > > > > >  want
> > > > > > >> to
> > > > > >  delay further as branch-24.03 was created.  I'm more than
> > > happy
> > > > > to
> > > > > > >> submit
> > > > > >  follow up patches if you have any comments to address.
> > > Please
> > > > > let
> > > > > >  me
> > > > > > >> know.
> > > > > > >
> > > > > > 
> > > > > >  Hi Numan,
> > > > > > 
> > > > > >  I was writing the reply and saw your email just now.
> Thanks
> > > a lot
> > > > > >  for
> > > > > >  taking a huge effort to achieve the great optimization. I
> > > only
> > > > > left
> > > > > >  one
> > > > > >  comment on the implicit dependency left for the en_lrnat
> ->
> > > > > >  en_lflow.
> > > > > > >> Feel
> > > > > >  free to address it with a followup and no need to block
> the
> > > > > >  branching.
> > > > > > >> And
> > > > > >  take my Ack for the series with that addressed.
> > > > > > 
> > > > > >  Acked-by: Han Zhou 
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Hi, Numan, Dumitru and Han.
> > > > > > >>>
> > > > > > >>> I see a huge negative performance impact, most likely from
> > > this
> > > > > set,
> > > > > >  on
> > > > > > >>> ovn-heater's cluster-density tests.  The memory
> consumption on
> > > > > northd
> > > > > > >>>
> > > > > > >>> Thanks for reporting this, Ilya!
> > > > > > >>>
> > > > > > >>> jumped about 4x and it constantly recomputes due to
> failures
> > > of
> > > > > >  port_group
> > > > > > >>> handler:
> > > > > > >>>
> > > > > > >>> 2024-02-03T11:09:12.441Z|01680|inc_proc_eng|INFO|node:
> lflow,
> > > > > >  recompute
> > > > > > >> (failed handler for input port_group) took 9762ms
> > > > > > >>> 2024-02-03T11:09:12.444Z|01681|timeval|WARN|Unreasonably
> long
> > > > > 9898ms
> > > > > >  poll
> > > > > > >> interval (5969ms user, 1786ms system)
> > > > > > >>> ...
> > > > > > >>> 2024-02-03T11:09:23.770Z|01690|inc_proc_eng|INFO|node:
> lflow,
> > > > > >  recompute
> > > > > > >> (failed handler for input port_group) took 9014ms
> > > > > > >>> 2024-02-03T11:09:23.773Z|01691|timeval|WARN|Unreasonably
> long
> > > > > 9118ms
> > > > > >  poll
> > > > > > >> interval (5376ms user, 1515ms system)
> > > > > > >>> ...
> > > > > > >>> 2024-02-03T11:09:36.692Z|01699|inc_proc_eng|INFO|node:
> lflow,
> > > > > >  recompute
> > > > > > >> (failed handler for input port_group) took 10695ms
> > > > > > >>> 2024-02-03T11:09:36.696Z|01700|timeval|WARN|Unreasonably
> long
> > > 

Re: [ovs-dev] [PATCH ovn v6 00/13] northd lflow incremental processing

[Ilya Maximets]

On 2/6/24 22:22, Ilya Maximets wrote:
>>>
>>> I did some testing with my patch and these are the findings
>>>
>>>                                      | Avg. Poll Intervals | Total
>>> test time |  northd RSS
>>> -- ++---
>>> Last week                     |      1.5 seconds     |  1005 seconds
>>> |    2.5 GB
>>> This week                     |      6  seconds       |  2246 seconds
>>>  |    8.5 GB
>>> Ilya's Patch                   |     2.5 seconds      |  1170 seconds
>>>  |    3.1 GB
>>> Numan's patch (run1)   |     1.6 seconds      |  992 seconds    |    2.43 GB
>>> Numan's patch (run2)   |     1.7 seconds      |  1022 seconds   |    2.43 GB
>>>
>>> Seems like removing dp ref cnt all together is more efficient and very 
>>> close to
>>> last week's results.
>>>
>>> I'll submit the patch tomorrow after some more testing.
>>>
>>> Feel free to provide any review comments or feedback if you've any.
>>>
>>> Thanks
>>> Numan
>>>
>
> Regarding the cluster density 500 node test with Ilya's fix,  I think
> this seems o.k to me since
> the test falls back to recompute a lot and there is some cost now with
> the lflow I-P patches.
> This can be improved by adding port group I-P.   I can start looking
> into the port-group I-P if you
> think it would be worth it.  Let me know.
>

 Adding more I-P would be helpful, but it still doesn't explain the
 observation from Ilya regarding the 66% increase in recompute time and 25%
 increase in memory. My test cases couldn't reproduce such significant
 increases (it is ~10-20% in my test). I think we'd better figure out what
 caused such big increases - is it still related to ref count or is it
 something else. I think the lflow_ref might have contributed to it,
 especially the use of hmap instead of list. It is totally fine if the
 lflow_ref adds some cost, which is required for the I-P to work, but it is
 better to understand where the cost comes from and justify it (or optimize
 it).
>>>
>>> Looks like from my patch results,  dp_ref_cnt is contributing to this 
>>> increase.
>>> Is it possible for you to trigger another test with my patch -
>>> https://github.com/numansiddique/ovn/commit/92f6563d9e7b1e6c8f2b924dea7a220781e10a05
>>>  
>>> 
>>>
>> It is great to see that removing ref count resolved the performance gap. The 
>> test result is actually very interesting. I also had a test with more LBs 
>> (10k instead of the earlier 1k) in the large LBG, trying to make the cost of 
>> bitmap scan more obvious, but still, the difference between your patch and 
>> Ilya's patch is not significant in my test. The latency difference is within 
>> 5%, and the memory <1%. So I wonder why in the ovn-heater test it is so 
>> different. Is it possible that in the ovn-heater test it does create a lot 
>> of duplicated lflows so ref count hmap operations are actually triggered for 
>> a significant amount of times, which might have contributed to the major 
>> cost even with Ilya's patch, and with your patch it means it fall back to 
>> recompute much more often?
> 
> FWIW, in my testing with the cluster-density 500node database there
> are 12 M refcounts allocated.  With 32 bytes each, it's about 370 MB
> of RAM.  We should also add a fair share of allocation overhead since
> we're allocating a huge number of very small objects.
> 
> Numan also gets rid of all the space allocated for hash maps that hold
> all these refcounts, and these were taking ~25% of all allocations.
> 
> Getting rid of these allocations likely saves a lot of CPU cycles as
> well, since they are very heavy.
> 
> P.S.
> Almost all of these 12M refcounts are for:
>   build_lrouter_defrag_flows_for_lb():ovn_lflow_add_with_dp_group()
> All of these have refcount == 3.
> 
> There is one with refcount 502:
>   build_egress_delivery_flows_for_lrouter_port():ovn_lflow_add_default_drop()
> 
> And there are 500-ish with refcount of 2:
>   build_lswitch_rport_arp_req_flow():ovn_lflow_add_with_hint()

On the current main we allocate ~120 M refcounts.

> 
> Best regards, Ilya Maximets.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v6 00/13] northd lflow incremental processing

[Ilya Maximets]

>>
>> I did some testing with my patch and these are the findings
>>
>>                                      | Avg. Poll Intervals | Total
>> test time |  northd RSS
>> -- ++---
>> Last week                     |      1.5 seconds     |  1005 seconds
>> |    2.5 GB
>> This week                     |      6  seconds       |  2246 seconds
>>  |    8.5 GB
>> Ilya's Patch                   |     2.5 seconds      |  1170 seconds
>>  |    3.1 GB
>> Numan's patch (run1)   |     1.6 seconds      |  992 seconds    |    2.43 GB
>> Numan's patch (run2)   |     1.7 seconds      |  1022 seconds   |    2.43 GB
>>
>> Seems like removing dp ref cnt all together is more efficient and very close 
>> to
>> last week's results.
>>
>> I'll submit the patch tomorrow after some more testing.
>>
>> Feel free to provide any review comments or feedback if you've any.
>>
>> Thanks
>> Numan
>>
>> > >
>> > > Regarding the cluster density 500 node test with Ilya's fix,  I think
>> > > this seems o.k to me since
>> > > the test falls back to recompute a lot and there is some cost now with
>> > > the lflow I-P patches.
>> > > This can be improved by adding port group I-P.   I can start looking
>> > > into the port-group I-P if you
>> > > think it would be worth it.  Let me know.
>> > >
>> >
>> > Adding more I-P would be helpful, but it still doesn't explain the
>> > observation from Ilya regarding the 66% increase in recompute time and 25%
>> > increase in memory. My test cases couldn't reproduce such significant
>> > increases (it is ~10-20% in my test). I think we'd better figure out what
>> > caused such big increases - is it still related to ref count or is it
>> > something else. I think the lflow_ref might have contributed to it,
>> > especially the use of hmap instead of list. It is totally fine if the
>> > lflow_ref adds some cost, which is required for the I-P to work, but it is
>> > better to understand where the cost comes from and justify it (or optimize
>> > it).
>>
>> Looks like from my patch results,  dp_ref_cnt is contributing to this 
>> increase.
>> Is it possible for you to trigger another test with my patch -
>> https://github.com/numansiddique/ovn/commit/92f6563d9e7b1e6c8f2b924dea7a220781e10a05
>>  
>> 
>>
> It is great to see that removing ref count resolved the performance gap. The 
> test result is actually very interesting. I also had a test with more LBs 
> (10k instead of the earlier 1k) in the large LBG, trying to make the cost of 
> bitmap scan more obvious, but still, the difference between your patch and 
> Ilya's patch is not significant in my test. The latency difference is within 
> 5%, and the memory <1%. So I wonder why in the ovn-heater test it is so 
> different. Is it possible that in the ovn-heater test it does create a lot of 
> duplicated lflows so ref count hmap operations are actually triggered for a 
> significant amount of times, which might have contributed to the major cost 
> even with Ilya's patch, and with your patch it means it fall back to 
> recompute much more often?

FWIW, in my testing with the cluster-density 500node database there
are 12 M refcounts allocated.  With 32 bytes each, it's about 370 MB
of RAM.  We should also add a fair share of allocation overhead since
we're allocating a huge number of very small objects.

Numan also gets rid of all the space allocated for hash maps that hold
all these refcounts, and these were taking ~25% of all allocations.

Getting rid of these allocations likely saves a lot of CPU cycles as
well, since they are very heavy.

P.S.
Almost all of these 12M refcounts are for:
  build_lrouter_defrag_flows_for_lb():ovn_lflow_add_with_dp_group()
All of these have refcount == 3.

There is one with refcount 502:
  build_egress_delivery_flows_for_lrouter_port():ovn_lflow_add_default_drop()

And there are 500-ish with refcount of 2:
  build_lswitch_rport_arp_req_flow():ovn_lflow_add_with_hint()

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v6 00/13] northd lflow incremental processing

[Han Zhou]

On Mon, Feb 5, 2024 at 7:47 PM Numan Siddique  wrote:
>
> On Mon, Feb 5, 2024 at 9:41 PM Han Zhou  wrote:
> >
> > On Mon, Feb 5, 2024 at 4:12 PM Numan Siddique  wrote:
> > >
> > > On Mon, Feb 5, 2024 at 5:54 PM Han Zhou  wrote:
> > > >
> > > > On Mon, Feb 5, 2024 at 10:15 AM Ilya Maximets 
> > wrote:
> > > > >
> > > > > On 2/5/24 15:45, Ilya Maximets wrote:
> > > > > > On 2/5/24 11:34, Ilya Maximets wrote:
> > > > > >> On 2/5/24 09:23, Dumitru Ceara wrote:
> > > > > >>> On 2/5/24 08:13, Han Zhou wrote:
> > > > >  On Sun, Feb 4, 2024 at 9:26 PM Numan Siddique 
> > wrote:
> > > > > >
> > > > > > On Sun, Feb 4, 2024 at 9:53 PM Han Zhou 
wrote:
> > > > > >>
> > > > > >> On Sun, Feb 4, 2024 at 5:46 AM Ilya Maximets <
> > i.maxim...@ovn.org>
> > > > wrote:
> > > > > >>>
> > > > > >>
> > > > > >>>  35 files changed, 9681 insertions(+), 4645
deletions(-)
> > > > > >>
> > > > > >> I had another look at this series and acked the
remaining
> > > > >  patches.  I
> > > > > >> just had some minor comments that can be easily fixed
when
> > > > >  applying
> > > > > >> the
> > > > > >> patches to the main branch.
> > > > > >>
> > > > > >> Thanks for all the work on this!  It was a very large
> > change
> > > > but
> > > > >  it
> > > > > >> improves northd performance significantly.  I just
hope we
> > > > don't
> > > > > >> introduce too many bugs.  Hopefully the time we have
until
> > > > release
> > > > > >> will
> > > > > >> allow us to further test this change on the 24.03
branch.
> > > > > >>
> > > > > >> Regards,
> > > > > >> Dumitru
> > > > > >
> > > > > >
> > > > > >
> > > > > > Thanks a lot Dumitru and Han for the reviews and
patience.
> > > > > >
> > > > > > I addressed the comments and applied the patches to
main and
> > > > also
> > > > >  to
> > > > >  branch-24.03.
> > > > > >
> > > > > > @Han - I know you wanted to take another look in to v6.
 I
> > > > didn't
> > > > >  want
> > > > > >> to
> > > > >  delay further as branch-24.03 was created.  I'm more than
> > happy
> > > > to
> > > > > >> submit
> > > > >  follow up patches if you have any comments to address.
> > Please
> > > > let
> > > > >  me
> > > > > >> know.
> > > > > >
> > > > > 
> > > > >  Hi Numan,
> > > > > 
> > > > >  I was writing the reply and saw your email just now.
Thanks
> > a lot
> > > > >  for
> > > > >  taking a huge effort to achieve the great optimization. I
> > only
> > > > left
> > > > >  one
> > > > >  comment on the implicit dependency left for the en_lrnat
->
> > > > >  en_lflow.
> > > > > >> Feel
> > > > >  free to address it with a followup and no need to block
the
> > > > >  branching.
> > > > > >> And
> > > > >  take my Ack for the series with that addressed.
> > > > > 
> > > > >  Acked-by: Han Zhou 
> > > > > >>>
> > > > > >>>
> > > > > >>> Hi, Numan, Dumitru and Han.
> > > > > >>>
> > > > > >>> I see a huge negative performance impact, most likely from
> > this
> > > > set,
> > > > >  on
> > > > > >>> ovn-heater's cluster-density tests.  The memory
consumption on
> > > > northd
> > > > > >>>
> > > > > >>> Thanks for reporting this, Ilya!
> > > > > >>>
> > > > > >>> jumped about 4x and it constantly recomputes due to
failures
> > of
> > > > >  port_group
> > > > > >>> handler:
> > > > > >>>
> > > > > >>> 2024-02-03T11:09:12.441Z|01680|inc_proc_eng|INFO|node:
lflow,
> > > > >  recompute
> > > > > >> (failed handler for input port_group) took 9762ms
> > > > > >>> 2024-02-03T11:09:12.444Z|01681|timeval|WARN|Unreasonably
long
> > > > 9898ms
> > > > >  poll
> > > > > >> interval (5969ms user, 1786ms system)
> > > > > >>> ...
> > > > > >>> 2024-02-03T11:09:23.770Z|01690|inc_proc_eng|INFO|node:
lflow,
> > > > >  recompute
> > > > > >> (failed handler for input port_group) took 9014ms
> > > > > >>> 2024-02-03T11:09:23.773Z|01691|timeval|WARN|Unreasonably
long
> > > > 9118ms
> > > > >  poll
> > > > > >> interval (5376ms user, 1515ms system)
> > > > > >>> ...
> > > > > >>> 2024-02-03T11:09:36.692Z|01699|inc_proc_eng|INFO|node:
lflow,
> > > > >  recompute
> > > > > >> (failed handler for input port_group) took 10695ms
> > > > > >>> 2024-02-03T11:09:36.696Z|01700|timeval|WARN|Unreasonably
long
> > > > 10890ms
> > > > > >> poll interval (6085ms user, 2745ms system)
> > > > > >>> ...
> > > > > >>> 2024-02-03T11:09:49.133Z|01708|inc_proc_eng|INFO|node:
lflow,
> > > > >  recompute
> > > > > >> (failed handler for input port_group) took 9985ms
> > > > > >>> 2024-02-03T11:09:49.137Z|01709|timeval|WARN|Unreasonably
long
> > > 

Re: [ovs-dev] [PATCH ovn 2/2] tests: Remove table numbers from test action parsing.

[Xavier Simonart]

Hi Ales

Thanks for the review.
I'll add NEXT(x, y), with x being ingress or egress, and y being lflow
table number, and use them where necessary.
I'll post a v2 when the 26 first patches from the series get merged so that
ovs robot can run happily.

With this and your 26 patches, we should be able to change (most ?) table
numbers without impacting tests...

Thanks
Xavier

On Tue, Feb 6, 2024 at 5:42 PM Ales Musil  wrote:

>
>
> On Tue, Feb 6, 2024 at 3:45 PM Xavier Simonart 
> wrote:
>
>> This patch uses the recently introduced macros defining openflow table
>> numbers.
>>
>> Signed-off-by: Xavier Simonart 
>> ---
>>
>
> Hi Xavier,
> thank you for the follow up to remove the rest of hardcoded table numbers.
> There are a few places below where it was missed. I wonder should we also
> address them?
>
>  tests/ovn-macros.at |   4 +
>>  tests/ovn.at| 230 +++-
>>  2 files changed, 122 insertions(+), 112 deletions(-)
>>
>> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
>> index 84e50d76f..db107f43a 100644
>> --- a/tests/ovn-macros.at
>> +++ b/tests/ovn-macros.at
>> @@ -995,6 +995,8 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
>>  m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
>>  m4_define([OFTABLE_REMOTE_OUTPUT], [39])
>>  m4_define([OFTABLE_LOCAL_OUTPUT], [40])
>> +m4_define([OFTABLE_LOG_EGRESS_PIPELINE], [42])
>> +m4_define([OFTABLE_SAVE_INPORT], [64])
>>  m4_define([OFTABLE_LOG_TO_PHY], [65])
>>  m4_define([OFTABLE_MAC_BINDING], [66])
>>  m4_define([OFTABLE_MAC_LOOKUP], [67])
>> @@ -1010,3 +1012,5 @@ m4_define([OFTABLE_ECMP_NH_MAC], [76])
>>  m4_define([OFTABLE_ECMP_NH], [77])
>>  m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
>>  m4_define([OFTABLE_MAC_CACHE_USE], [79])
>> +
>> +m4_define([OFTABLE_SAVE_INPORT_HEX], [m4_eval(OFTABLE_SAVE_INPORT, 16)])
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index a0361ab49..280f6d1d6 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -979,6 +979,12 @@ AT_CLEANUP
>>  AT_SETUP([action parsing])
>>  dnl Unindented text is input (a set of OVN logical actions).
>>  dnl Indented text is expected output.
>> +
>> +# lflow table hard-coded to 10 in test-ovn, so next is 11.
>> +m4_define([lflow_table], [11])
>> +m4_define([oflow_in_table], [m4_eval(lflow_table +
>> OFTABLE_LOG_INGRESS_PIPELINE)])
>> +m4_define([oflow_out_table], [m4_eval(lflow_table +
>> OFTABLE_LOG_EGRESS_PIPELINE)])
>> +
>>  AT_DATA([test-cases.txt], [
>>  # drop
>>  drop;
>> @@ -990,16 +996,16 @@ next; drop;
>>
>>  # output
>>  output;
>> -encodes as resubmit(,64)
>> +encodes as resubmit(,OFTABLE_SAVE_INPORT)
>>
>>  # next
>>  next;
>> -encodes as resubmit(,19)
>> -next(11);
>> +encodes as resubmit(,oflow_in_table)
>> +next(lflow_table);
>>  formats as next;
>> -encodes as resubmit(,19)
>> +encodes as resubmit(,oflow_in_table)
>>  next(0);
>> -encodes as resubmit(,8)
>> +encodes as resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
>>  next(23);
>>  encodes as resubmit(,31)
>>
>
> This depends on OFTABLE_LOG_INGRESS_PIPELINE.
>
>
>>
>> @@ -1010,22 +1016,22 @@ next(10;
>>  next(24);
>>  "next" action cannot advance beyond table 23.
>>
>> -next(table=11);
>> +next(table=lflow_table);
>>  formats as next;
>> -encodes as resubmit(,19)
>> +encodes as resubmit(,oflow_in_table)
>>  next(pipeline=ingress);
>>  formats as next;
>> -encodes as resubmit(,19)
>> -next(table=11, pipeline=ingress);
>> +encodes as resubmit(,oflow_in_table)
>> +next(table=lflow_table, pipeline=ingress);
>>  formats as next;
>> -encodes as resubmit(,19)
>> -next(pipeline=ingress, table=11);
>> +encodes as resubmit(,oflow_in_table)
>> +next(pipeline=ingress, table=lflow_table);
>>  formats as next;
>> -encodes as resubmit(,19)
>> +encodes as resubmit(,oflow_in_table)
>>
>>  next(pipeline=egress);
>> -formats as next(pipeline=egress, table=11);
>> -encodes as resubmit(,53)
>> +formats as next(pipeline=egress, table=lflow_table);
>> +encodes as resubmit(,oflow_out_table)
>>
>>  next(pipeline=egress, table=5);
>>  encodes as resubmit(,47)
>>
>
> This is dependent on the OFTABLE_LOG_EGRESS_PIPELINE, we should probably
> account for that. There is also next right under this that depends on
> OFTABLE_LOG_INGRESS_PIPELINE.
> Since we have several next actions, what about next for a fixed number,
> being it 5 or 10 doesn't matter and creating a macro that will extend those
> for ingress or egress WDYT?
>
>
>> @@ -1054,7 +1060,7 @@ ip.ttl=4;
>>  has prereqs eth.type == 0x800 || eth.type == 0x86dd
>>  outport="eth0"; next; outport="LOCAL"; next;
>>  formats as outport = "eth0"; next; outport = "LOCAL"; next;
>> -encodes as
>> set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19)
>> +encodes as
>> set_field:0x5->reg15,resubmit(,oflow_in_table),set_field:0xfffe->reg15,resubmit(,oflow_in_table)
>>
>>  inport[[1]] = 1;
>>  Cannot select subfield 

Re: [ovs-dev] [PATCH ovn 2/2] tests: Remove table numbers from test action parsing.

[Ales Musil]

On Tue, Feb 6, 2024 at 3:45 PM Xavier Simonart  wrote:

> This patch uses the recently introduced macros defining openflow table
> numbers.
>
> Signed-off-by: Xavier Simonart 
> ---
>

Hi Xavier,
thank you for the follow up to remove the rest of hardcoded table numbers.
There are a few places below where it was missed. I wonder should we also
address them?

 tests/ovn-macros.at |   4 +
>  tests/ovn.at| 230 +++-
>  2 files changed, 122 insertions(+), 112 deletions(-)
>
> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
> index 84e50d76f..db107f43a 100644
> --- a/tests/ovn-macros.at
> +++ b/tests/ovn-macros.at
> @@ -995,6 +995,8 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
>  m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
>  m4_define([OFTABLE_REMOTE_OUTPUT], [39])
>  m4_define([OFTABLE_LOCAL_OUTPUT], [40])
> +m4_define([OFTABLE_LOG_EGRESS_PIPELINE], [42])
> +m4_define([OFTABLE_SAVE_INPORT], [64])
>  m4_define([OFTABLE_LOG_TO_PHY], [65])
>  m4_define([OFTABLE_MAC_BINDING], [66])
>  m4_define([OFTABLE_MAC_LOOKUP], [67])
> @@ -1010,3 +1012,5 @@ m4_define([OFTABLE_ECMP_NH_MAC], [76])
>  m4_define([OFTABLE_ECMP_NH], [77])
>  m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
>  m4_define([OFTABLE_MAC_CACHE_USE], [79])
> +
> +m4_define([OFTABLE_SAVE_INPORT_HEX], [m4_eval(OFTABLE_SAVE_INPORT, 16)])
> diff --git a/tests/ovn.at b/tests/ovn.at
> index a0361ab49..280f6d1d6 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -979,6 +979,12 @@ AT_CLEANUP
>  AT_SETUP([action parsing])
>  dnl Unindented text is input (a set of OVN logical actions).
>  dnl Indented text is expected output.
> +
> +# lflow table hard-coded to 10 in test-ovn, so next is 11.
> +m4_define([lflow_table], [11])
> +m4_define([oflow_in_table], [m4_eval(lflow_table +
> OFTABLE_LOG_INGRESS_PIPELINE)])
> +m4_define([oflow_out_table], [m4_eval(lflow_table +
> OFTABLE_LOG_EGRESS_PIPELINE)])
> +
>  AT_DATA([test-cases.txt], [
>  # drop
>  drop;
> @@ -990,16 +996,16 @@ next; drop;
>
>  # output
>  output;
> -encodes as resubmit(,64)
> +encodes as resubmit(,OFTABLE_SAVE_INPORT)
>
>  # next
>  next;
> -encodes as resubmit(,19)
> -next(11);
> +encodes as resubmit(,oflow_in_table)
> +next(lflow_table);
>  formats as next;
> -encodes as resubmit(,19)
> +encodes as resubmit(,oflow_in_table)
>  next(0);
> -encodes as resubmit(,8)
> +encodes as resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
>  next(23);
>  encodes as resubmit(,31)
>

This depends on OFTABLE_LOG_INGRESS_PIPELINE.


>
> @@ -1010,22 +1016,22 @@ next(10;
>  next(24);
>  "next" action cannot advance beyond table 23.
>
> -next(table=11);
> +next(table=lflow_table);
>  formats as next;
> -encodes as resubmit(,19)
> +encodes as resubmit(,oflow_in_table)
>  next(pipeline=ingress);
>  formats as next;
> -encodes as resubmit(,19)
> -next(table=11, pipeline=ingress);
> +encodes as resubmit(,oflow_in_table)
> +next(table=lflow_table, pipeline=ingress);
>  formats as next;
> -encodes as resubmit(,19)
> -next(pipeline=ingress, table=11);
> +encodes as resubmit(,oflow_in_table)
> +next(pipeline=ingress, table=lflow_table);
>  formats as next;
> -encodes as resubmit(,19)
> +encodes as resubmit(,oflow_in_table)
>
>  next(pipeline=egress);
> -formats as next(pipeline=egress, table=11);
> -encodes as resubmit(,53)
> +formats as next(pipeline=egress, table=lflow_table);
> +encodes as resubmit(,oflow_out_table)
>
>  next(pipeline=egress, table=5);
>  encodes as resubmit(,47)
>

This is dependent on the OFTABLE_LOG_EGRESS_PIPELINE, we should probably
account for that. There is also next right under this that depends on
OFTABLE_LOG_INGRESS_PIPELINE.
Since we have several next actions, what about next for a fixed number,
being it 5 or 10 doesn't matter and creating a macro that will extend those
for ingress or egress WDYT?


> @@ -1054,7 +1060,7 @@ ip.ttl=4;
>  has prereqs eth.type == 0x800 || eth.type == 0x86dd
>  outport="eth0"; next; outport="LOCAL"; next;
>  formats as outport = "eth0"; next; outport = "LOCAL"; next;
> -encodes as
> set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19)
> +encodes as
> set_field:0x5->reg15,resubmit(,oflow_in_table),set_field:0xfffe->reg15,resubmit(,oflow_in_table)
>
>  inport[[1]] = 1;
>  Cannot select subfield of string field inport.
> @@ -1152,35 +1158,35 @@ pkt.mark = "foo";
>
>  # load balancing.
>  ct_lb;
> -encodes as ct(table=19,zone=NXM_NX_REG13[[0..15]],nat)
> +encodes as ct(table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],nat)
>  has prereqs ip
>  ct_lb();
>  formats as ct_lb;
> -encodes as ct(table=19,zone=NXM_NX_REG13[[0..15]],nat)
> +encodes as ct(table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],nat)
>  has prereqs ip
>  ct_lb(192.168.1.2:80, 192.168.1.3:80);
>  Syntax error at `192.168.1.2' expecting backends.
>  

[ovs-dev] [PATCH v3 1/4] dp-packet: Validate correct offset for L4 inner size.

[Mike Pattrick]

This patch fixes the correctness of dp_packet_inner_l4_size() when
checking for the existence of an inner L4 header. Previously it checked
for the outer L4 header.

This function is currently only used when a packet is already flagged
for tunneling, so an incorrect determination isn't possible as long as
the flags of the packet are correct.

Fixes: 85bcbbed839a ("userspace: Enable tunnel tests with TSO.")
Reviewed-by: David Marchand 
Signed-off-by: Mike Pattrick 
---
v2: Corrected patch subject
---
 lib/dp-packet.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index dceb701e8..802d3f385 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -540,7 +540,7 @@ dp_packet_inner_l4(const struct dp_packet *b)
 static inline size_t
 dp_packet_inner_l4_size(const struct dp_packet *b)
 {
-return OVS_LIKELY(b->l4_ofs != UINT16_MAX)
+return OVS_LIKELY(b->inner_l4_ofs != UINT16_MAX)
? (const char *) dp_packet_tail(b)
- (const char *) dp_packet_inner_l4(b)
- dp_packet_l2_pad_size(b)
-- 
2.39.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v3 2/4] bfd: Set proper offsets and flags in BFD packets.

[Mike Pattrick]

Previously the BFD packet creation code did not appropriately set
offsets or flags. This contributed to issues involving encapsulation and
the TSO code.

The transition to using standard functions also means some other
metadata like packet_type are set appropriately.

Fixes: ccc096898c46 ("bfd: Implement Bidirectional Forwarding Detection.")
Signed-off-by: Mike Pattrick 
---
v2: Corrected formatting, and just calculate checksum up front
v3: Extended patch comment
---
 lib/bfd.c | 23 +++
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/lib/bfd.c b/lib/bfd.c
index 9698576d0..9af258917 100644
--- a/lib/bfd.c
+++ b/lib/bfd.c
@@ -586,7 +586,6 @@ bfd_put_packet(struct bfd *bfd, struct dp_packet *p,
 {
 long long int min_tx, min_rx;
 struct udp_header *udp;
-struct eth_header *eth;
 struct ip_header *ip;
 struct msg *msg;
 
@@ -605,15 +604,13 @@ bfd_put_packet(struct bfd *bfd, struct dp_packet *p,
  * set. */
 ovs_assert(!(bfd->flags & FLAG_POLL) || !(bfd->flags & FLAG_FINAL));
 
-dp_packet_reserve(p, 2); /* Properly align after the ethernet header. */
-eth = dp_packet_put_uninit(p, sizeof *eth);
-eth->eth_src = eth_addr_is_zero(bfd->local_eth_src)
-? eth_src : bfd->local_eth_src;
-eth->eth_dst = eth_addr_is_zero(bfd->local_eth_dst)
-? eth_addr_bfd : bfd->local_eth_dst;
-eth->eth_type = htons(ETH_TYPE_IP);
+ip = eth_compose(p,
+ eth_addr_is_zero(bfd->local_eth_dst)
+ ? eth_addr_bfd : bfd->local_eth_dst,
+ eth_addr_is_zero(bfd->local_eth_src)
+ ? eth_src : bfd->local_eth_src,
+ ETH_TYPE_IP, sizeof *ip + sizeof *udp + sizeof *msg);
 
-ip = dp_packet_put_zeros(p, sizeof *ip);
 ip->ip_ihl_ver = IP_IHL_VER(5, 4);
 ip->ip_tot_len = htons(sizeof *ip + sizeof *udp + sizeof *msg);
 ip->ip_ttl = MAXTTL;
@@ -621,15 +618,17 @@ bfd_put_packet(struct bfd *bfd, struct dp_packet *p,
 ip->ip_proto = IPPROTO_UDP;
 put_16aligned_be32(>ip_src, bfd->ip_src);
 put_16aligned_be32(>ip_dst, bfd->ip_dst);
-/* Checksum has already been zeroed by put_zeros call. */
+/* Checksum has already been zeroed by eth_compose call. */
 ip->ip_csum = csum(ip, sizeof *ip);
+dp_packet_set_l4(p, ip + 1);
 
-udp = dp_packet_put_zeros(p, sizeof *udp);
+udp = dp_packet_l4(p);
 udp->udp_src = htons(bfd->udp_src);
 udp->udp_dst = htons(BFD_DEST_PORT);
 udp->udp_len = htons(sizeof *udp + sizeof *msg);
+/* Checksum already zero from eth_compose. */
 
-msg = dp_packet_put_uninit(p, sizeof *msg);
+msg = (struct msg *)(udp + 1);
 msg->vers_diag = (BFD_VERSION << 5) | bfd->diag;
 msg->flags = (bfd->state & STATE_MASK) | bfd->flags;
 
-- 
2.39.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v3 4/4] ofproto-dpif-monitor: Remove unneeded calls to clear packets.

[Mike Pattrick]

Currently the monitor will call dp_packet_clear() on the dp_packet that
is shared amongst BFD, LLDP, and CFM. However, all of these packets are
created with eth_compose(), which already calls dp_packet_clear().

Reviewed-by: David Marchand 
Signed-off-by: Mike Pattrick 
---
 ofproto/ofproto-dpif-monitor.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ofproto/ofproto-dpif-monitor.c b/ofproto/ofproto-dpif-monitor.c
index bb0e49091..5132f9c95 100644
--- a/ofproto/ofproto-dpif-monitor.c
+++ b/ofproto/ofproto-dpif-monitor.c
@@ -275,19 +275,16 @@ monitor_mport_run(struct mport *mport, struct dp_packet 
*packet)
 long long int lldp_wake_time = LLONG_MAX;
 
 if (mport->cfm && cfm_should_send_ccm(mport->cfm)) {
-dp_packet_clear(packet);
 cfm_compose_ccm(mport->cfm, packet, mport->hw_addr);
 ofproto_dpif_send_packet(mport->ofport, false, packet);
 }
 if (mport->bfd && bfd_should_send_packet(mport->bfd)) {
 bool oam;
 
-dp_packet_clear(packet);
 bfd_put_packet(mport->bfd, packet, mport->hw_addr, );
 ofproto_dpif_send_packet(mport->ofport, oam, packet);
 }
 if (mport->lldp && lldp_should_send_packet(mport->lldp)) {
-dp_packet_clear(packet);
 lldp_put_packet(mport->lldp, packet, mport->hw_addr);
 ofproto_dpif_send_packet(mport->ofport, false, packet);
 }
-- 
2.39.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v3 3/4] dp-packet: Include inner offsets in adjustments and checks.

[Mike Pattrick]

Include inner offsets in functions where l3 and l4 offsets are either
modified or checked.

Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
Signed-off-by: Mike Pattrick 
---
v2:
 - Prints out new offsets in autovalidator
 - Extends resize_l2 change to avx512
v3:
 - Reordered fields in dp_packet_compare_offsets error print message
 - Updated and simplified comments in avx512_dp_packet_resize_l2()
---
 lib/dp-packet.c  | 18 +-
 lib/odp-execute-avx512.c | 31 ---
 2 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/lib/dp-packet.c b/lib/dp-packet.c
index 0e23c766e..305822293 100644
--- a/lib/dp-packet.c
+++ b/lib/dp-packet.c
@@ -507,6 +507,8 @@ dp_packet_resize_l2_5(struct dp_packet *b, int increment)
 /* Adjust layer offsets after l2_5. */
 dp_packet_adjust_layer_offset(>l3_ofs, increment);
 dp_packet_adjust_layer_offset(>l4_ofs, increment);
+dp_packet_adjust_layer_offset(>inner_l3_ofs, increment);
+dp_packet_adjust_layer_offset(>inner_l4_ofs, increment);
 
 return dp_packet_data(b);
 }
@@ -529,17 +531,23 @@ dp_packet_compare_offsets(struct dp_packet *b1, struct 
dp_packet *b2,
 if ((b1->l2_pad_size != b2->l2_pad_size) ||
 (b1->l2_5_ofs != b2->l2_5_ofs) ||
 (b1->l3_ofs != b2->l3_ofs) ||
-(b1->l4_ofs != b2->l4_ofs)) {
+(b1->l4_ofs != b2->l4_ofs) ||
+(b1->inner_l3_ofs != b2->inner_l3_ofs) ||
+(b1->inner_l4_ofs != b2->inner_l4_ofs)) {
 if (err_str) {
 ds_put_format(err_str, "Packet offset comparison failed\n");
 ds_put_format(err_str, "Buffer 1 offsets: l2_pad_size %u,"
-  " l2_5_ofs : %u l3_ofs %u, l4_ofs %u\n",
+  " l2_5_ofs : %u l3_ofs %u, l4_ofs %u,"
+  " inner_l3_ofs %u, inner_l4_ofs %u\n",
   b1->l2_pad_size, b1->l2_5_ofs,
-  b1->l3_ofs, b1->l4_ofs);
+  b1->l3_ofs, b1->l4_ofs,
+  b1->inner_l3_ofs, b1->inner_l4_ofs);
 ds_put_format(err_str, "Buffer 2 offsets: l2_pad_size %u,"
-  " l2_5_ofs : %u l3_ofs %u, l4_ofs %u\n",
+  " l2_5_ofs : %u l3_ofs %u, l4_ofs %u,"
+  " inner_l3_ofs %u, inner_l4_ofs %u\n",
   b2->l2_pad_size, b2->l2_5_ofs,
-  b2->l3_ofs, b2->l4_ofs);
+  b2->l3_ofs, b2->l4_ofs,
+  b2->inner_l3_ofs, b2->inner_l4_ofs);
 }
 return false;
 }
diff --git a/lib/odp-execute-avx512.c b/lib/odp-execute-avx512.c
index 747e04014..4a3396fbd 100644
--- a/lib/odp-execute-avx512.c
+++ b/lib/odp-execute-avx512.c
@@ -35,10 +35,10 @@
 
 VLOG_DEFINE_THIS_MODULE(odp_execute_avx512);
 
-/* The below three build asserts make sure that l2_5_ofs, l3_ofs, and l4_ofs
- * fields remain in the same order and offset to l2_padd_size. This is needed
- * as the avx512_dp_packet_resize_l2() function will manipulate those fields at
- * a fixed memory index based on the l2_padd_size offset. */
+/* The below three build asserts make sure that the below fields remain in the
+ * same order and offset to l2_pad_size. This is needed as the
+ * avx512_dp_packet_resize_l2() function will manipulate those fields at a
+ * fixed memory index based on the l2_pad_size offset. */
 BUILD_ASSERT_DECL(offsetof(struct dp_packet, l2_pad_size) +
   MEMBER_SIZEOF(struct dp_packet, l2_pad_size) ==
   offsetof(struct dp_packet, l2_5_ofs));
@@ -51,6 +51,14 @@ BUILD_ASSERT_DECL(offsetof(struct dp_packet, l3_ofs) +
MEMBER_SIZEOF(struct dp_packet, l3_ofs) ==
offsetof(struct dp_packet, l4_ofs));
 
+BUILD_ASSERT_DECL(offsetof(struct dp_packet, l4_ofs) +
+   MEMBER_SIZEOF(struct dp_packet, l4_ofs) ==
+   offsetof(struct dp_packet, inner_l3_ofs));
+
+BUILD_ASSERT_DECL(offsetof(struct dp_packet, inner_l3_ofs) +
+   MEMBER_SIZEOF(struct dp_packet, inner_l3_ofs) ==
+   offsetof(struct dp_packet, inner_l4_ofs));
+
 /* The below build assert makes sure it's safe to read/write 128-bits starting
  * at the l2_pad_size location. */
 BUILD_ASSERT_DECL(sizeof(struct dp_packet) -
@@ -112,7 +120,7 @@ avx512_dp_packet_resize_l2(struct dp_packet *b, int 
resize_by_bytes)
 dp_packet_pull(b, -resize_by_bytes);
 }
 
-/* The next step is to update the l2_5_ofs, l3_ofs and l4_ofs fields which
+/* The next step is to update the l2_5_ofs to inner_l4_ofs fields which
  * the scalar implementation does with the  dp_packet_adjust_layer_offset()
  * function. */
 
@@ -122,13 +130,14 @@ avx512_dp_packet_resize_l2(struct dp_packet *b, int 
resize_by_bytes)
 /* Set the v_u16_max register to all one's. */
 const __m128i 

Re: [ovs-dev] [PATCH net 1/2] net: openvswitch: limit the number of recursions from action sets

[Aaron Conole]

Eric Dumazet  writes:

> On Tue, Feb 6, 2024 at 3:55 PM Aaron Conole  wrote:
>>
>>
>> Oops - I didn't consider it.
>>
>> Given that, maybe the best approach would not to rely on per-cpu
>> counter. I'll respin in the next series with a depth counter that I pass
>> to the function instead and compare that.  I guess that should address
>> migration and eliminate the need for per-cpu counter.
>>
>> Does it make sense?
>
> Sure, a depth parameter would work much better ;)

Okay - I'll give time for others to comment and resubmit in ~24 hours
unless there's a reason to submit sooner.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v2 26/29] tests: Add macro for OFTABLE_MAC_CACHE_USE table number.

[Ales Musil]

On Tue, Feb 6, 2024 at 3:55 PM Xavier Simonart  wrote:

> Hi Ales
>

Hi Xavier,


>
> Thanks for the series and for making it "review friendly".
> I only had two comments for patches 1 to 26
> - There are a few remaining table numbers in comments which will become
> wrong if table numbers are changing. Some are oflow tables for lflows, so
> should we just remove them / replace them by table=?? in the comments ?
>

I can prepare v3 including the comment changes, if there isn't anything
major I will post the diff for them to ML under corresponding patch.


> - The test "action parsing" still has quite a few table numbers. I sent a
> patch for (trying to) fix it.
>

Thanks for that!


>
> For patches 1-26:
> Acked-by: Xavier Simonart 
>
> Thanks
> Xavier
>
> On Tue, Feb 6, 2024 at 10:44 AM Ales Musil  wrote:
>
>> Add macro for OFTABLE_MAC_CACHE_USE and replace all table=79
>> occurrences in OF with table=OFTABLE_MAC_CACHE_USE.
>>
>> Signed-off-by: Ales Musil 
>> ---
>>  tests/ovn-macros.at |  1 +
>>  tests/ovn.at| 12 ++--
>>  2 files changed, 7 insertions(+), 6 deletions(-)
>>
>> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
>> index 975b70143..84e50d76f 100644
>> --- a/tests/ovn-macros.at
>> +++ b/tests/ovn-macros.at
>> @@ -1009,3 +1009,4 @@ m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
>>  m4_define([OFTABLE_ECMP_NH_MAC], [76])
>>  m4_define([OFTABLE_ECMP_NH], [77])
>>  m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
>> +m4_define([OFTABLE_MAC_CACHE_USE], [79])
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index 2f8aa4840..0bbf3d6da 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -34796,9 +34796,9 @@ wait_row_count mac_binding 1 ip="192.168.10.20"
>>  dp_key=$(printf "0x%x" $(as hv1 fetch_column datapath tunnel_key
>> external_ids:name=gw))
>>  port_key=$(printf "0x%x" $(as hv1 fetch_column port_binding tunnel_key
>> logical_port=gw-public))
>>
>> -AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=79
>> --no-stats | strip_cookie | sort], [0], [dnl
>> - table=79,
>> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
>> actions=drop
>> - table=79,
>> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
>> actions=drop
>> +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int
>> table=OFTABLE_MAC_CACHE_USE --no-stats | strip_cookie | sort], [0], [dnl
>> + table=OFTABLE_MAC_CACHE_USE,
>> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
>> actions=drop
>> + table=OFTABLE_MAC_CACHE_USE,
>> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
>> actions=drop
>>  ])
>>
>>  timestamp=$(fetch_column mac_binding timestamp ip="192.168.10.20")
>> @@ -34806,8 +34806,8 @@ timestamp=$(fetch_column mac_binding timestamp
>> ip="192.168.10.20")
>>  send_udp hv1 ext1 10
>>  send_udp hv2 ext2 20
>>
>> -OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=79 | grep
>> "192.168.10.10" | grep -q "n_packets=1"])
>> -OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=79 | grep
>> "192.168.10.20" | grep -q "n_packets=1"])
>> +OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int
>> table=OFTABLE_MAC_CACHE_USE | grep "192.168.10.10" | grep -q "n_packets=1"])
>> +OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int
>> table=OFTABLE_MAC_CACHE_USE | grep "192.168.10.20" | grep -q "n_packets=1"])
>>
>>  # Set the MAC binding aging threshold
>>  AT_CHECK([ovn-nbctl set logical_router gw
>> options:mac_binding_age_threshold=5])
>> @@ -34835,7 +34835,7 @@ OVS_WAIT_UNTIL([
>>  test "0" = "$(ovn-sbctl list mac_binding | grep -c '192.168.10.20')"
>>  ])
>>
>> -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=79 --no-stats |
>> strip_cookie], [0], [])
>> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE
>> --no-stats | strip_cookie], [0], [])
>>
>>  # Test CIDR-based threshold configuration
>>  check ovn-nbctl set logical_router gw options:mac_binding_age_threshold="
>> 192.168.10.0/255.255.255.0:2;192.168.10.64/26:0;192.168.10.20:0"
>> --
>> 2.43.0
>>
>> ___
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>>
Thanks,
Ales
-- 

Ales Musil

Senior Software Engineer - OVN Core

Red Hat EMEA 

amu...@redhat.com

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn 2/2] tests: Remove table numbers from test action parsing.

[0-day Robot]

Bleep bloop.  Greetings Xavier Simonart, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


git-am:
error: sha1 information is lacking or useless (tests/ovn.at).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 tests: Remove table numbers from test action parsing.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 2/2] dpif-netlink: Fix overriding the number of handler threads.

[Ilya Maximets]

On 2/6/24 15:07, Eelco Chaudron wrote:
> 
> 
> On 6 Feb 2024, at 14:46, Ilya Maximets wrote:
> 
>> On 2/6/24 14:30, Eelco Chaudron wrote:
>>> Previously, the ability to override the system default for the number
>>> of handler threads was broken since to the introduction of the per-CPU
>>> upcall handlers.
>>
>> It wasn't broken, it was intentionally disabled.  I don't think we should
>> introduce ability to configure the number of handlers for per-CPU dispatch
>> mode.  It only allows users to shoot themselves in a foot if they do not
>> understand what they are doing.
> 
> I think the design was not thought through enough, and resulted in a lot of
> corner case issues. From the start, we should still have allowed tuning of
> this option as it was before.

The tuning is much more complicated and has very different consequences
with per-cpu dispatch compared to per-vport.  So, the results of adjusting
this option can be very different.

> 
>> Many integration scripts in a wild are still blindly setting these options
>> without even knowing that the underlying implementation changed completely.
>> And those setups may suffer if we suddenly decide to respect the 
>> configuration
>> that is ignored on modern kernels for all currently supported versions of 
>> OVS.
> 
> I feel like this is not OVS’s problem. If people do not know what they are 
> doing,
> they should not touch it… We have a nice Dutch saying for this "Wie zijn 
> billen
> brandt, moet op de blaren zitten” :)

It is an OVS's problem for the same reason as above.  We changed the logic
under the hood so much that users that expected a certain behavior in the
past may have a very different behavior now.  We can't just change the
meaning of the knob that easily.  See below.

> 
> However, I do feel like we should have an option to configure this, as it 
> makes
> no sense on a 256-core system to create 256 handler threads.

It actually makes perfect sense.  Since the traffic can appear on 256 cores, we
should be able to handle it on each one of them in order to have balanced load.

With per-vport dispatch, on a system with 10 cores and 5 handler threads,
all 5 handler threads will share the load, because each one of them listens
on all the ports, hence each one of them can process packets whenever it
has time to do so.

With per-CPU dispatch, on a same system these 5 threads are mapped to specific
cores, 2 cores per thread.  If all the traffic comes on 4 cores, we may have
2 threads overloaded and 3 other threads do nothing.  In the same scenario with
per-vport dispatch we would have all 5 threads sharing the load.

So, in order for the user to make a decision on the number of threads, they
have to know on which CPUs they most likely to have interrupts and how exactly
OVS will map handlers to CPU numbers.  That is too much for a user to know, IMO.
Some of that is actually impossible to know.  And when the traffic pattern 
changes,
the number of threads may need to be changed to game the mapping to avoid
overload.

Also, multiply that complexity by the CPU affinity of the ovs-vswitchd that
changes the mapping.

AFAIU, The only way to achieve an even load without dynamic reconfiguration is
to have a thread per CPU core.

> Maybe we should
> add a new option, n-forced-handler-threads. This will avoid the above issue 
> with
> existing scripts.

Users can limit the number of threads by setting CPU affinity for ovs-vswitchd.
If these users are knowledgeable enough to predict traffic patterns and CPU
mappings, they can set appropriate CPU affinity masks as well.

For others, changing the meaning of a knob underneath them would be kind
of irresponsible from our side.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Do not create handler threads.

[Eelco Chaudron]

On 6 Feb 2024, at 15:50, David Marchand wrote:

> On Tue, Feb 6, 2024 at 3:47 PM Eelco Chaudron  wrote:
>> On 6 Feb 2024, at 15:17, David Marchand wrote:
>>
>>> On Tue, Feb 6, 2024 at 2:31 PM Eelco Chaudron  wrote:

 Avoid unnecessary thread creation as no upcalls are generated,
 resulting in idle threads waiting for process termination.

 This optimization significantly reduces memory usage, cutting it
 by half on a 128 CPU/thread system during testing, with the number
 of threads reduced from 95 to 0.

 Signed-off-by: Eelco Chaudron 
>>>
>>> I find it weird that the dpif layer reports an information on how the
>>> ofproto-dpif layer behaves.
>>> The handler threads are something ofproto-dpif is responsible for.
>>> The upcall receiving loop is something the ofproto-dpif owns.
>>> Why should the dpif layer tells how many handlers are needed?
>>>
>>>
>>> I would have seen a different change, where the dpif layer exports a
>>> capability, like dpif_can_recv() { return !!dpif->dpif_class->recv; }.
>>> ofproto-dpif would then deduce there is no handler to start at all.
>>
>> That was my first idea also, but then I found there is already an API call 
>> to the dpif layer where it can tell the user (ofproto in this case) how many 
>> threads it needs to function correctly. Here is the API definition:
>>
>> 369  /* Queries 'dpif' to see if a certain number of handlers are 
>> required by
>> 370   * the implementation.
>> 371   *
>> 372   * If a certain number of handlers are required, returns 'true' and 
>> sets
>> 373   * 'n_handlers' to that number of handler threads.
>> 374   *
>> 375   * If not, returns 'false'.
>> 376   */
>> 377  bool (*number_handlers_required)(struct dpif *dpif, uint32_t 
>> *n_handlers);
>>
>> I guess the ‘If a certain number of handlers are required, returns 'true’’ 
>> part fits here, as we need 0.
>
> The fact that it exists does not convince me on its validity :-).
> I must be missing something.

Well, it makes sense that if your dpif requires a specific number of handlers 
other than what ofproto suggests you can override this.
And this is what happens here, ofproto will suggest 90+ threads if we do not 
report that we want 0.

I think this is more clean than doing another check for a missing callback and 
using that to determine if we need to start threads.

//Eelco

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net 1/2] net: openvswitch: limit the number of recursions from action sets

[Eric Dumazet via dev]

On Tue, Feb 6, 2024 at 3:55 PM Aaron Conole  wrote:
>
>
> Oops - I didn't consider it.
>
> Given that, maybe the best approach would not to rely on per-cpu
> counter. I'll respin in the next series with a depth counter that I pass
> to the function instead and compare that.  I guess that should address
> migration and eliminate the need for per-cpu counter.
>
> Does it make sense?

Sure, a depth parameter would work much better ;)
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v2 26/29] tests: Add macro for OFTABLE_MAC_CACHE_USE table number.

[Xavier Simonart]

Hi Ales

Thanks for the series and for making it "review friendly".
I only had two comments for patches 1 to 26
- There are a few remaining table numbers in comments which will become
wrong if table numbers are changing. Some are oflow tables for lflows, so
should we just remove them / replace them by table=?? in the comments ?
- The test "action parsing" still has quite a few table numbers. I sent a
patch for (trying to) fix it.

For patches 1-26:
Acked-by: Xavier Simonart 

Thanks
Xavier

On Tue, Feb 6, 2024 at 10:44 AM Ales Musil  wrote:

> Add macro for OFTABLE_MAC_CACHE_USE and replace all table=79
> occurrences in OF with table=OFTABLE_MAC_CACHE_USE.
>
> Signed-off-by: Ales Musil 
> ---
>  tests/ovn-macros.at |  1 +
>  tests/ovn.at| 12 ++--
>  2 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
> index 975b70143..84e50d76f 100644
> --- a/tests/ovn-macros.at
> +++ b/tests/ovn-macros.at
> @@ -1009,3 +1009,4 @@ m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
>  m4_define([OFTABLE_ECMP_NH_MAC], [76])
>  m4_define([OFTABLE_ECMP_NH], [77])
>  m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
> +m4_define([OFTABLE_MAC_CACHE_USE], [79])
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 2f8aa4840..0bbf3d6da 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -34796,9 +34796,9 @@ wait_row_count mac_binding 1 ip="192.168.10.20"
>  dp_key=$(printf "0x%x" $(as hv1 fetch_column datapath tunnel_key
> external_ids:name=gw))
>  port_key=$(printf "0x%x" $(as hv1 fetch_column port_binding tunnel_key
> logical_port=gw-public))
>
> -AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=79 --no-stats
> | strip_cookie | sort], [0], [dnl
> - table=79,
> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
> actions=drop
> - table=79,
> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
> actions=drop
> +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int
> table=OFTABLE_MAC_CACHE_USE --no-stats | strip_cookie | sort], [0], [dnl
> + table=OFTABLE_MAC_CACHE_USE,
> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
> actions=drop
> + table=OFTABLE_MAC_CACHE_USE,
> priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
> actions=drop
>  ])
>
>  timestamp=$(fetch_column mac_binding timestamp ip="192.168.10.20")
> @@ -34806,8 +34806,8 @@ timestamp=$(fetch_column mac_binding timestamp
> ip="192.168.10.20")
>  send_udp hv1 ext1 10
>  send_udp hv2 ext2 20
>
> -OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=79 | grep
> "192.168.10.10" | grep -q "n_packets=1"])
> -OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=79 | grep
> "192.168.10.20" | grep -q "n_packets=1"])
> +OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int
> table=OFTABLE_MAC_CACHE_USE | grep "192.168.10.10" | grep -q "n_packets=1"])
> +OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int
> table=OFTABLE_MAC_CACHE_USE | grep "192.168.10.20" | grep -q "n_packets=1"])
>
>  # Set the MAC binding aging threshold
>  AT_CHECK([ovn-nbctl set logical_router gw
> options:mac_binding_age_threshold=5])
> @@ -34835,7 +34835,7 @@ OVS_WAIT_UNTIL([
>  test "0" = "$(ovn-sbctl list mac_binding | grep -c '192.168.10.20')"
>  ])
>
> -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=79 --no-stats |
> strip_cookie], [0], [])
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE
> --no-stats | strip_cookie], [0], [])
>
>  # Test CIDR-based threshold configuration
>  check ovn-nbctl set logical_router gw options:mac_binding_age_threshold="
> 192.168.10.0/255.255.255.0:2;192.168.10.64/26:0;192.168.10.20:0"
> --
> 2.43.0
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net 1/2] net: openvswitch: limit the number of recursions from action sets

[Aaron Conole]

Eric Dumazet  writes:

> On Tue, Feb 6, 2024 at 2:11 PM Aaron Conole  wrote:
>>
>> The ovs module allows for some actions to recursively contain an action
>> list for complex scenarios, such as sampling, checking lengths, etc.
>> When these actions are copied into the internal flow table, they are
>> evaluated to validate that such actions make sense, and these calls
>> happen recursively.
>>
>> The ovs-vswitchd userspace won't emit more than 16 recursion levels
>> deep.  However, the module has no such limit and will happily accept
>> limits larger than 16 levels nested.  Prevent this by tracking the
>> number of recursions happening and manually limiting it to 16 levels
>> nested.
>>
>> The initial implementation of the sample action would track this depth
>> and prevent more than 3 levels of recursion, but this was removed to
>> support the clone use case, rather than limited at the current userspace
>> limit.
>>
>> Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use 
>> cases")
>> Signed-off-by: Aaron Conole 
>> ---
>>  net/openvswitch/flow_netlink.c | 33 -
>>  1 file changed, 28 insertions(+), 5 deletions(-)
>>
>> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
>> index 88965e2068ac..ba5cfa67a720 100644
>> --- a/net/openvswitch/flow_netlink.c
>> +++ b/net/openvswitch/flow_netlink.c
>> @@ -48,6 +48,9 @@ struct ovs_len_tbl {
>>
>>  #define OVS_ATTR_NESTED -1
>>  #define OVS_ATTR_VARIABLE -2
>> +#define OVS_COPY_ACTIONS_MAX_DEPTH 16
>> +
>> +static DEFINE_PER_CPU(int, copy_actions_depth);
>>
>>  static bool actions_may_change_flow(const struct nlattr *actions)
>>  {
>> @@ -3148,11 +3151,11 @@ static int copy_action(const struct nlattr *from,
>> return 0;
>>  }
>>
>> -static int __ovs_nla_copy_actions(struct net *net, const struct nlattr 
>> *attr,
>> - const struct sw_flow_key *key,
>> - struct sw_flow_actions **sfa,
>> - __be16 eth_type, __be16 vlan_tci,
>> - u32 mpls_label_count, bool log)
>> +static int ___ovs_nla_copy_actions(struct net *net, const struct nlattr 
>> *attr,
>> +  const struct sw_flow_key *key,
>> +  struct sw_flow_actions **sfa,
>> +  __be16 eth_type, __be16 vlan_tci,
>> +  u32 mpls_label_count, bool log)
>>  {
>> u8 mac_proto = ovs_key_mac_proto(key);
>> const struct nlattr *a;
>> @@ -3478,6 +3481,26 @@ static int __ovs_nla_copy_actions(struct net *net, 
>> const struct nlattr *attr,
>> return 0;
>>  }
>>
>> +static int __ovs_nla_copy_actions(struct net *net, const struct nlattr 
>> *attr,
>> + const struct sw_flow_key *key,
>> + struct sw_flow_actions **sfa,
>> + __be16 eth_type, __be16 vlan_tci,
>> + u32 mpls_label_count, bool log)
>> +{
>> +   int level = this_cpu_read(copy_actions_depth);
>> +   int ret;
>> +
>> +   if (level > OVS_COPY_ACTIONS_MAX_DEPTH)
>> +   return -EOVERFLOW;
>> +
>
> This code seems to run in process context.
>
> Using per cpu limit would not work, unless you disabled migration ?

Oops - I didn't consider it.

Given that, maybe the best approach would not to rely on per-cpu
counter. I'll respin in the next series with a depth counter that I pass
to the function instead and compare that.  I guess that should address
migration and eliminate the need for per-cpu counter.

Does it make sense?

>> +   __this_cpu_inc(copy_actions_depth);
>> +   ret = ___ovs_nla_copy_actions(net, attr, key, sfa, eth_type,
>> + vlan_tci, mpls_label_count, log);
>> +   __this_cpu_dec(copy_actions_depth);
>> +
>> +   return ret;
>> +}
>> +
>>  /* 'key' must be the masked key. */
>>  int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
>>  const struct sw_flow_key *key,
>> --
>> 2.41.0
>>

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Do not create handler threads.

[David Marchand]

On Tue, Feb 6, 2024 at 3:47 PM Eelco Chaudron  wrote:
> On 6 Feb 2024, at 15:17, David Marchand wrote:
>
> > On Tue, Feb 6, 2024 at 2:31 PM Eelco Chaudron  wrote:
> >>
> >> Avoid unnecessary thread creation as no upcalls are generated,
> >> resulting in idle threads waiting for process termination.
> >>
> >> This optimization significantly reduces memory usage, cutting it
> >> by half on a 128 CPU/thread system during testing, with the number
> >> of threads reduced from 95 to 0.
> >>
> >> Signed-off-by: Eelco Chaudron 
> >
> > I find it weird that the dpif layer reports an information on how the
> > ofproto-dpif layer behaves.
> > The handler threads are something ofproto-dpif is responsible for.
> > The upcall receiving loop is something the ofproto-dpif owns.
> > Why should the dpif layer tells how many handlers are needed?
> >
> >
> > I would have seen a different change, where the dpif layer exports a
> > capability, like dpif_can_recv() { return !!dpif->dpif_class->recv; }.
> > ofproto-dpif would then deduce there is no handler to start at all.
>
> That was my first idea also, but then I found there is already an API call to 
> the dpif layer where it can tell the user (ofproto in this case) how many 
> threads it needs to function correctly. Here is the API definition:
>
> 369  /* Queries 'dpif' to see if a certain number of handlers are 
> required by
> 370   * the implementation.
> 371   *
> 372   * If a certain number of handlers are required, returns 'true' and 
> sets
> 373   * 'n_handlers' to that number of handler threads.
> 374   *
> 375   * If not, returns 'false'.
> 376   */
> 377  bool (*number_handlers_required)(struct dpif *dpif, uint32_t 
> *n_handlers);
>
> I guess the ‘If a certain number of handlers are required, returns 'true’’ 
> part fits here, as we need 0.

The fact that it exists does not convince me on its validity :-).
I must be missing something.


-- 
David Marchand

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Do not create handler threads.

[Eelco Chaudron]

On 6 Feb 2024, at 15:17, David Marchand wrote:

> On Tue, Feb 6, 2024 at 2:31 PM Eelco Chaudron  wrote:
>>
>> Avoid unnecessary thread creation as no upcalls are generated,
>> resulting in idle threads waiting for process termination.
>>
>> This optimization significantly reduces memory usage, cutting it
>> by half on a 128 CPU/thread system during testing, with the number
>> of threads reduced from 95 to 0.
>>
>> Signed-off-by: Eelco Chaudron 
>
> I find it weird that the dpif layer reports an information on how the
> ofproto-dpif layer behaves.
> The handler threads are something ofproto-dpif is responsible for.
> The upcall receiving loop is something the ofproto-dpif owns.
> Why should the dpif layer tells how many handlers are needed?
>
>
> I would have seen a different change, where the dpif layer exports a
> capability, like dpif_can_recv() { return !!dpif->dpif_class->recv; }.
> ofproto-dpif would then deduce there is no handler to start at all.

That was my first idea also, but then I found there is already an API call to 
the dpif layer where it can tell the user (ofproto in this case) how many 
threads it needs to function correctly. Here is the API definition:

369  /* Queries 'dpif' to see if a certain number of handlers are required 
by
370   * the implementation.
371   *
372   * If a certain number of handlers are required, returns 'true' and 
sets
373   * 'n_handlers' to that number of handler threads.
374   *
375   * If not, returns 'false'.
376   */
377  bool (*number_handlers_required)(struct dpif *dpif, uint32_t 
*n_handlers);

I guess the ‘If a certain number of handlers are required, returns 'true’’ part 
fits here, as we need 0.

//Eelco

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 1/2] tests: Make test "action parsing" support expansion.

[Xavier Simonart]

There are only two changes:
- The AT_DATA content is not double quoted between square brackets.
- All '[' have been replaced by '[[' and all ']' by ']]'
This patch will be used in subsequent patch to remove hard-code table numbers

Signed-off-by: Xavier Simonart 
---
 tests/ovn.at | 590 +--
 1 file changed, 295 insertions(+), 295 deletions(-)

diff --git a/tests/ovn.at b/tests/ovn.at
index 4da65243b..a0361ab49 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -979,8 +979,8 @@ AT_CLEANUP
 AT_SETUP([action parsing])
 dnl Unindented text is input (a set of OVN logical actions).
 dnl Indented text is expected output.
-AT_DATA([test-cases.txt],
-[[# drop
+AT_DATA([test-cases.txt], [
+# drop
 drop;
 encodes as drop
 drop; next;
@@ -1039,12 +1039,12 @@ tcp.dst=80;
 formats as tcp.dst = 80;
 encodes as set_field:80->tcp_dst
 has prereqs ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
-eth.dst[40] = 1;
+eth.dst[[40]] = 1;
 encodes as set_field:01:00:00:00:00:00/01:00:00:00:00:00->eth_dst
 vlan.pcp = 2;
 encodes as set_field:0x4000/0xe000->vlan_tci
-has prereqs vlan.tci[12]
-vlan.tci[13..15] = 2;
+has prereqs vlan.tci[[12]]
+vlan.tci[[13..15]] = 2;
 encodes as set_field:0x4000/0xe000->vlan_tci
 inport = "";
 encodes as set_field:0->reg14
@@ -1056,11 +1056,11 @@ outport="eth0"; next; outport="LOCAL"; next;
 formats as outport = "eth0"; next; outport = "LOCAL"; next;
 encodes as 
set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19)
 
-inport[1] = 1;
+inport[[1]] = 1;
 Cannot select subfield of string field inport.
-ip.proto[1] = 1;
+ip.proto[[1]] = 1;
 Cannot select subfield of nominal field ip.proto.
-eth.dst[40] == 1;
+eth.dst[[40]] == 1;
 Syntax error at `==' expecting `=' or `<->'.
 ip = 1;
 Predicate symbol ip used where lvalue required.
@@ -1080,50 +1080,50 @@ vlan.present = 0;
 # Moving one field into another.
 reg0=reg1;
 formats as reg0 = reg1;
-encodes as move:NXM_NX_XXREG0[64..95]->NXM_NX_XXREG0[96..127]
-vlan.pcp = reg0[0..2];
-encodes as move:NXM_NX_XXREG0[96..98]->NXM_OF_VLAN_TCI[13..15]
-has prereqs vlan.tci[12]
-reg0[10] = vlan.pcp[1];
-encodes as move:NXM_OF_VLAN_TCI[14]->NXM_NX_XXREG0[106]
-has prereqs vlan.tci[12]
+encodes as move:NXM_NX_XXREG0[[64..95]]->NXM_NX_XXREG0[[96..127]]
+vlan.pcp = reg0[[0..2]];
+encodes as move:NXM_NX_XXREG0[[96..98]]->NXM_OF_VLAN_TCI[[13..15]]
+has prereqs vlan.tci[[12]]
+reg0[[10]] = vlan.pcp[[1]];
+encodes as move:NXM_OF_VLAN_TCI[[14]]->NXM_NX_XXREG0[[106]]
+has prereqs vlan.tci[[12]]
 outport = inport;
-encodes as move:NXM_NX_REG14[]->NXM_NX_REG15[]
+encodes as move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]]
 
-reg0[0] = vlan.present;
+reg0[[0]] = vlan.present;
 Predicate symbol vlan.present used where lvalue required.
-reg0 = reg1[0..10];
+reg0 = reg1[[0..10]];
 Can't assign 11-bit value to 32-bit destination.
 inport = reg0;
 Can't assign integer field (reg0) to string field (inport).
 inport = big_string;
 String fields inport and big_string are incompatible for assignment.
-ip.proto = reg0[0..7];
+ip.proto = reg0[[0..7]];
 Field ip.proto is not modifiable.
 
 # Exchanging fields.
 reg0 <-> reg1;
-encodes as 
push:NXM_NX_XXREG0[64..95],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_XXREG0[64..95],pop:NXM_NX_XXREG0[96..127]
-vlan.pcp <-> reg0[0..2];
-encodes as 
push:NXM_NX_XXREG0[96..98],push:NXM_OF_VLAN_TCI[13..15],pop:NXM_NX_XXREG0[96..98],pop:NXM_OF_VLAN_TCI[13..15]
-has prereqs vlan.tci[12]
-reg0[10] <-> vlan.pcp[1];
-encodes as 
push:NXM_OF_VLAN_TCI[14],push:NXM_NX_XXREG0[106],pop:NXM_OF_VLAN_TCI[14],pop:NXM_NX_XXREG0[106]
-has prereqs vlan.tci[12]
+encodes as 
push:NXM_NX_XXREG0[[64..95]],push:NXM_NX_XXREG0[[96..127]],pop:NXM_NX_XXREG0[[64..95]],pop:NXM_NX_XXREG0[[96..127]]
+vlan.pcp <-> reg0[[0..2]];
+encodes as 
push:NXM_NX_XXREG0[[96..98]],push:NXM_OF_VLAN_TCI[[13..15]],pop:NXM_NX_XXREG0[[96..98]],pop:NXM_OF_VLAN_TCI[[13..15]]
+has prereqs vlan.tci[[12]]
+reg0[[10]] <-> vlan.pcp[[1]];
+encodes as 
push:NXM_OF_VLAN_TCI[[14]],push:NXM_NX_XXREG0[[106]],pop:NXM_OF_VLAN_TCI[[14]],pop:NXM_NX_XXREG0[[106]]
+has prereqs vlan.tci[[12]]
 outport <-> inport;
-encodes as 
push:NXM_NX_REG14[],push:NXM_NX_REG15[],pop:NXM_NX_REG14[],pop:NXM_NX_REG15[]
+encodes as 
push:NXM_NX_REG14[[]],push:NXM_NX_REG15[[]],pop:NXM_NX_REG14[[]],pop:NXM_NX_REG15[[]]
 
-reg0[0] <-> vlan.present;
+reg0[[0]] <-> vlan.present;
 Predicate symbol vlan.present used where lvalue required.
-reg0 <-> reg1[0..10];
+reg0 <-> reg1[[0..10]];
 Can't exchange 32-bit field with 11-bit field.
 inport <-> reg0;
 Can't exchange string field (inport) with integer field (reg0).
 inport <-> big_string;
 String fields inport and big_string are incompatible for exchange.
-ip.proto <-> reg0[0..7];
+ip.proto <-> reg0[[0..7]];
 Field ip.proto is not 

[ovs-dev] [PATCH ovn 2/2] tests: Remove table numbers from test action parsing.

[Xavier Simonart]

This patch uses the recently introduced macros defining openflow table numbers.

Signed-off-by: Xavier Simonart 
---
 tests/ovn-macros.at |   4 +
 tests/ovn.at| 230 +++-
 2 files changed, 122 insertions(+), 112 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 84e50d76f..db107f43a 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -995,6 +995,8 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
 m4_define([OFTABLE_REMOTE_OUTPUT], [39])
 m4_define([OFTABLE_LOCAL_OUTPUT], [40])
+m4_define([OFTABLE_LOG_EGRESS_PIPELINE], [42])
+m4_define([OFTABLE_SAVE_INPORT], [64])
 m4_define([OFTABLE_LOG_TO_PHY], [65])
 m4_define([OFTABLE_MAC_BINDING], [66])
 m4_define([OFTABLE_MAC_LOOKUP], [67])
@@ -1010,3 +1012,5 @@ m4_define([OFTABLE_ECMP_NH_MAC], [76])
 m4_define([OFTABLE_ECMP_NH], [77])
 m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
 m4_define([OFTABLE_MAC_CACHE_USE], [79])
+
+m4_define([OFTABLE_SAVE_INPORT_HEX], [m4_eval(OFTABLE_SAVE_INPORT, 16)])
diff --git a/tests/ovn.at b/tests/ovn.at
index a0361ab49..280f6d1d6 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -979,6 +979,12 @@ AT_CLEANUP
 AT_SETUP([action parsing])
 dnl Unindented text is input (a set of OVN logical actions).
 dnl Indented text is expected output.
+
+# lflow table hard-coded to 10 in test-ovn, so next is 11.
+m4_define([lflow_table], [11])
+m4_define([oflow_in_table], [m4_eval(lflow_table + 
OFTABLE_LOG_INGRESS_PIPELINE)])
+m4_define([oflow_out_table], [m4_eval(lflow_table + 
OFTABLE_LOG_EGRESS_PIPELINE)])
+
 AT_DATA([test-cases.txt], [
 # drop
 drop;
@@ -990,16 +996,16 @@ next; drop;
 
 # output
 output;
-encodes as resubmit(,64)
+encodes as resubmit(,OFTABLE_SAVE_INPORT)
 
 # next
 next;
-encodes as resubmit(,19)
-next(11);
+encodes as resubmit(,oflow_in_table)
+next(lflow_table);
 formats as next;
-encodes as resubmit(,19)
+encodes as resubmit(,oflow_in_table)
 next(0);
-encodes as resubmit(,8)
+encodes as resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
 next(23);
 encodes as resubmit(,31)
 
@@ -1010,22 +1016,22 @@ next(10;
 next(24);
 "next" action cannot advance beyond table 23.
 
-next(table=11);
+next(table=lflow_table);
 formats as next;
-encodes as resubmit(,19)
+encodes as resubmit(,oflow_in_table)
 next(pipeline=ingress);
 formats as next;
-encodes as resubmit(,19)
-next(table=11, pipeline=ingress);
+encodes as resubmit(,oflow_in_table)
+next(table=lflow_table, pipeline=ingress);
 formats as next;
-encodes as resubmit(,19)
-next(pipeline=ingress, table=11);
+encodes as resubmit(,oflow_in_table)
+next(pipeline=ingress, table=lflow_table);
 formats as next;
-encodes as resubmit(,19)
+encodes as resubmit(,oflow_in_table)
 
 next(pipeline=egress);
-formats as next(pipeline=egress, table=11);
-encodes as resubmit(,53)
+formats as next(pipeline=egress, table=lflow_table);
+encodes as resubmit(,oflow_out_table)
 
 next(pipeline=egress, table=5);
 encodes as resubmit(,47)
@@ -1054,7 +1060,7 @@ ip.ttl=4;
 has prereqs eth.type == 0x800 || eth.type == 0x86dd
 outport="eth0"; next; outport="LOCAL"; next;
 formats as outport = "eth0"; next; outport = "LOCAL"; next;
-encodes as 
set_field:0x5->reg15,resubmit(,19),set_field:0xfffe->reg15,resubmit(,19)
+encodes as 
set_field:0x5->reg15,resubmit(,oflow_in_table),set_field:0xfffe->reg15,resubmit(,oflow_in_table)
 
 inport[[1]] = 1;
 Cannot select subfield of string field inport.
@@ -1152,35 +1158,35 @@ pkt.mark = "foo";
 
 # load balancing.
 ct_lb;
-encodes as ct(table=19,zone=NXM_NX_REG13[[0..15]],nat)
+encodes as ct(table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],nat)
 has prereqs ip
 ct_lb();
 formats as ct_lb;
-encodes as ct(table=19,zone=NXM_NX_REG13[[0..15]],nat)
+encodes as ct(table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],nat)
 has prereqs ip
 ct_lb(192.168.1.2:80, 192.168.1.3:80);
 Syntax error at `192.168.1.2' expecting backends.
 ct_lb(backends=192.168.1.2:80,192.168.1.3:80);
 encodes as group:1
-uses group: id(1), 
name(type=select,selection_method=dp_hash,bucket=bucket_id=0,weight:100,actions=ct(nat(dst=192.168.1.2:80),commit,table=19,zone=NXM_NX_REG13[[0..15]],exec(set_field:2/2->ct_label)),bucket=bucket_id=1,weight:100,actions=ct(nat(dst=192.168.1.3:80),commit,table=19,zone=NXM_NX_REG13[[0..15]],exec(set_field:2/2->ct_label)))
+uses group: id(1), 
name(type=select,selection_method=dp_hash,bucket=bucket_id=0,weight:100,actions=ct(nat(dst=192.168.1.2:80),commit,table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],exec(set_field:2/2->ct_label)),bucket=bucket_id=1,weight:100,actions=ct(nat(dst=192.168.1.3:80),commit,table=oflow_in_table,zone=NXM_NX_REG13[[0..15]],exec(set_field:2/2->ct_label)))
 has prereqs ip
 ct_lb(backends=192.168.1.2:80,192.168.1.3:80; skip_snat);
 encodes as group:2
-

[ovs-dev] [PATCH ovn 0/2] Remove table numbers from test action parsing.

[Xavier Simonart]

Xavier Simonart (2):
  tests: Make test "action parsing" support expansion.
  tests: Remove table numbers from test action parsing.

 tests/ovn-macros.at |   4 +
 tests/ovn.at| 662 ++--
 2 files changed, 338 insertions(+), 328 deletions(-)

-- 
2.41.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH net 1/2] net: openvswitch: limit the number of recursions from action sets

[Eric Dumazet via dev]

On Tue, Feb 6, 2024 at 2:11 PM Aaron Conole  wrote:
>
> The ovs module allows for some actions to recursively contain an action
> list for complex scenarios, such as sampling, checking lengths, etc.
> When these actions are copied into the internal flow table, they are
> evaluated to validate that such actions make sense, and these calls
> happen recursively.
>
> The ovs-vswitchd userspace won't emit more than 16 recursion levels
> deep.  However, the module has no such limit and will happily accept
> limits larger than 16 levels nested.  Prevent this by tracking the
> number of recursions happening and manually limiting it to 16 levels
> nested.
>
> The initial implementation of the sample action would track this depth
> and prevent more than 3 levels of recursion, but this was removed to
> support the clone use case, rather than limited at the current userspace
> limit.
>
> Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use 
> cases")
> Signed-off-by: Aaron Conole 
> ---
>  net/openvswitch/flow_netlink.c | 33 -
>  1 file changed, 28 insertions(+), 5 deletions(-)
>
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 88965e2068ac..ba5cfa67a720 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -48,6 +48,9 @@ struct ovs_len_tbl {
>
>  #define OVS_ATTR_NESTED -1
>  #define OVS_ATTR_VARIABLE -2
> +#define OVS_COPY_ACTIONS_MAX_DEPTH 16
> +
> +static DEFINE_PER_CPU(int, copy_actions_depth);
>
>  static bool actions_may_change_flow(const struct nlattr *actions)
>  {
> @@ -3148,11 +3151,11 @@ static int copy_action(const struct nlattr *from,
> return 0;
>  }
>
> -static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
> - const struct sw_flow_key *key,
> - struct sw_flow_actions **sfa,
> - __be16 eth_type, __be16 vlan_tci,
> - u32 mpls_label_count, bool log)
> +static int ___ovs_nla_copy_actions(struct net *net, const struct nlattr 
> *attr,
> +  const struct sw_flow_key *key,
> +  struct sw_flow_actions **sfa,
> +  __be16 eth_type, __be16 vlan_tci,
> +  u32 mpls_label_count, bool log)
>  {
> u8 mac_proto = ovs_key_mac_proto(key);
> const struct nlattr *a;
> @@ -3478,6 +3481,26 @@ static int __ovs_nla_copy_actions(struct net *net, 
> const struct nlattr *attr,
> return 0;
>  }
>
> +static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
> + const struct sw_flow_key *key,
> + struct sw_flow_actions **sfa,
> + __be16 eth_type, __be16 vlan_tci,
> + u32 mpls_label_count, bool log)
> +{
> +   int level = this_cpu_read(copy_actions_depth);
> +   int ret;
> +
> +   if (level > OVS_COPY_ACTIONS_MAX_DEPTH)
> +   return -EOVERFLOW;
> +

This code seems to run in process context.

Using per cpu limit would not work, unless you disabled migration ?

> +   __this_cpu_inc(copy_actions_depth);
> +   ret = ___ovs_nla_copy_actions(net, attr, key, sfa, eth_type,
> + vlan_tci, mpls_label_count, log);
> +   __this_cpu_dec(copy_actions_depth);
> +
> +   return ret;
> +}
> +
>  /* 'key' must be the masked key. */
>  int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
>  const struct sw_flow_key *key,
> --
> 2.41.0
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Do not create handler threads.

[David Marchand]

On Tue, Feb 6, 2024 at 2:31 PM Eelco Chaudron  wrote:
>
> Avoid unnecessary thread creation as no upcalls are generated,
> resulting in idle threads waiting for process termination.
>
> This optimization significantly reduces memory usage, cutting it
> by half on a 128 CPU/thread system during testing, with the number
> of threads reduced from 95 to 0.
>
> Signed-off-by: Eelco Chaudron 

I find it weird that the dpif layer reports an information on how the
ofproto-dpif layer behaves.
The handler threads are something ofproto-dpif is responsible for.
The upcall receiving loop is something the ofproto-dpif owns.
Why should the dpif layer tells how many handlers are needed?


I would have seen a different change, where the dpif layer exports a
capability, like dpif_can_recv() { return !!dpif->dpif_class->recv; }.
ofproto-dpif would then deduce there is no handler to start at all.


-- 
David Marchand

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 2/2] dpif-netlink: Fix overriding the number of handler threads.

[Eelco Chaudron]

On 6 Feb 2024, at 14:46, Ilya Maximets wrote:

> On 2/6/24 14:30, Eelco Chaudron wrote:
>> Previously, the ability to override the system default for the number
>> of handler threads was broken since to the introduction of the per-CPU
>> upcall handlers.
>
> It wasn't broken, it was intentionally disabled.  I don't think we should
> introduce ability to configure the number of handlers for per-CPU dispatch
> mode.  It only allows users to shoot themselves in a foot if they do not
> understand what they are doing.

I think the design was not thought through enough, and resulted in a lot of 
corner case issues. From the start, we should still have allowed tuning of this 
option as it was before.

> Many integration scripts in a wild are still blindly setting these options
> without even knowing that the underlying implementation changed completely.
> And those setups may suffer if we suddenly decide to respect the configuration
> that is ignored on modern kernels for all currently supported versions of OVS.

I feel like this is not OVS’s problem. If people do not know what they are 
doing, they should not touch it… We have a nice Dutch saying for this "Wie zijn 
billen brandt, moet op de blaren zitten” :)

However, I do feel like we should have an option to configure this, as it makes 
no sense on a 256-core system to create 256 handler threads. Maybe we should 
add a new option, n-forced-handler-threads. This will avoid the above issue 
with existing scripts.

Thoughts?

//Eelco

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 2/2] dpif-netlink: Fix overriding the number of handler threads.

[Ilya Maximets]

On 2/6/24 14:30, Eelco Chaudron wrote:
> Previously, the ability to override the system default for the number
> of handler threads was broken since to the introduction of the per-CPU
> upcall handlers.

It wasn't broken, it was intentionally disabled.  I don't think we should
introduce ability to configure the number of handlers for per-CPU dispatch
mode.  It only allows users to shoot themselves in a foot if they do not
understand what they are doing.

Many integration scripts in a wild are still blindly setting these options
without even knowing that the underlying implementation changed completely.
And those setups may suffer if we suddenly decide to respect the configuration
that is ignored on modern kernels for all currently supported versions of OVS.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH master/branch-3.3] faq: Update DPDK releases for older branches.

[Kevin Traynor]

On 06/02/2024 12:28, Ilya Maximets wrote:
> On 2/2/24 13:46, Kevin Traynor wrote:
>> Branches 2.17/3.0/3.1/3.2 are using newer DPDK LTS releases.
>>
>> Update the faq.
>>
>> Signed-off-by: Kevin Traynor 
>> ---
>>  Documentation/faq/releases.rst | 8 
>>  1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
>> index 3a8387f84..49b987b61 100644
>> --- a/Documentation/faq/releases.rst
>> +++ b/Documentation/faq/releases.rst
>> @@ -217,8 +217,8 @@ Q: What DPDK version does each Open vSwitch release work 
>> with?
>>  2.15.x   20.11.6
>>  2.16.x   20.11.6
>> -2.17.x   21.11.5
>> -3.0.x21.11.5
>> -3.1.x22.11.3
>> -3.2.x22.11.3
>> +2.17.x   21.11.6
>> +3.0.x21.11.6
>> +3.1.x22.11.4
>> +3.2.x22.11.4
>>  3.3.x23.11
>>   
> 
> Hi, Kevin.  Thanks for the patches!
> 
> I didn't test them, but LGTM.  For all DPDK update patches:
> 
> Acked-by: Ilya Maximets 
> 
> P.S.: the 'master/branch-3.3' tag is likely confusing for bots,
>   it's better to send separate patches next time, or just
>   not specify the branch at all and add a footnote that
>   it should be applied to branch-3.3 as well.
> 

Noted, thanks. It seems to report for a different patch in the email [0]
? The patches also didn't apply for 3.2 and 3.0 for
intel-ovs-compilation tests, but I can see that is fine in the GHA tests
and locally.

Perhaps chaining patches for different branches caused it some confusion
as well.

[0]
https://mail.openvswitch.org/pipermail/ovs-build/2024-February/036673.html

> Best regards, Ilya Maximets.
> 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 2/2] dpif-netlink: Fix overriding the number of handler threads.

[Eelco Chaudron]

Previously, the ability to override the system default for the number
of handler threads was broken since to the introduction of the per-CPU
upcall handlers.

This patch rectifies this behavior by re-enabling manual configuration
of the handler thread count.

Fixes: b1e517bd2f81 ("dpif-netlink: Introduce per-cpu upcall dispatch.")
Signed-off-by: Eelco Chaudron 
---
 lib/dpif-netlink.c| 8 +++-
 lib/dpif-provider.h   | 4 
 ofproto/ofproto-dpif-upcall.c | 2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index 84e2bd8ea..fd5532014 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -2839,7 +2839,13 @@ dpif_netlink_number_handlers_required(struct dpif 
*dpif_, uint32_t *n_handlers)
 struct dpif_netlink *dpif = dpif_netlink_cast(dpif_);
 
 if (dpif_netlink_upcall_per_cpu(dpif)) {
-*n_handlers = dpif_netlink_calculate_n_handlers();
+uint32_t calc_handlers = dpif_netlink_calculate_n_handlers();
+
+/* When a specific number of handlers is requested, we honor this as
+ * long as they are less than the suggested number. */
+if (!*n_handlers || *n_handlers > calc_handlers) {
+*n_handlers = calc_handlers;
+}
 return true;
 }
 
diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
index 520e21e68..fc3d39803 100644
--- a/lib/dpif-provider.h
+++ b/lib/dpif-provider.h
@@ -369,6 +369,10 @@ struct dpif_class {
 /* Queries 'dpif' to see if a certain number of handlers are required by
  * the implementation.
  *
+ * The 'n_handlers' value can be initialize with a system/user suggestion.
+ * It's up to the implementation if this suggestion fits the requirements
+ * for correct operation.
+ *
  * If a certain number of handlers are required, returns 'true' and sets
  * 'n_handlers' to that number of handler threads.
  *
diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index 9a5c5c29c..f9d8f9cc7 100644
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -660,7 +660,7 @@ udpif_set_threads(struct udpif *udpif, uint32_t n_handlers_,
   uint32_t n_revalidators_)
 {
 ovs_assert(udpif);
-uint32_t n_handlers_requested;
+uint32_t n_handlers_requested = n_handlers_;
 uint32_t n_revalidators_requested;
 bool forced = false;
 
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 1/2] dpif-netdev: Do not create handler threads.

[Eelco Chaudron]

Avoid unnecessary thread creation as no upcalls are generated,
resulting in idle threads waiting for process termination.

This optimization significantly reduces memory usage, cutting it
by half on a 128 CPU/thread system during testing, with the number
of threads reduced from 95 to 0.

Signed-off-by: Eelco Chaudron 
---
 lib/dpif-netdev.c | 10 +-
 ofproto/ofproto-dpif-upcall.c | 25 -
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c1981137f..1a29ab7ac 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5250,6 +5250,14 @@ dpif_netdev_set_config(struct dpif *dpif, const struct 
smap *other_config)
 return 0;
 }
 
+static bool
+dpif_netdev_number_handlers_required(struct dpif *dpif_ OVS_UNUSED,
+ uint32_t *n_handlers)
+{
+*n_handlers = 0;
+return true;
+}
+
 /* Parses affinity list and returns result in 'core_ids'. */
 static int
 parse_affinity_list(const char *affinity_list, unsigned *core_ids, int n_rxq)
@@ -9985,7 +9993,7 @@ const struct dpif_class dpif_netdev_class = {
 dpif_netdev_offload_stats_get,
 NULL,   /* recv_set */
 NULL,   /* handlers_set */
-NULL,   /* number_handlers_required */
+dpif_netdev_number_handlers_required,
 dpif_netdev_set_config,
 dpif_netdev_queue_to_priority,
 NULL,   /* recv */
diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index b5cbeed87..9a5c5c29c 100644
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -584,7 +584,7 @@ static void
 udpif_start_threads(struct udpif *udpif, uint32_t n_handlers_,
 uint32_t n_revalidators_)
 {
-if (udpif && n_handlers_ && n_revalidators_) {
+if (udpif && n_revalidators_) {
 /* Creating a thread can take a significant amount of time on some
  * systems, even hundred of milliseconds, so quiesce around it. */
 ovsrcu_quiesce_start();
@@ -592,14 +592,19 @@ udpif_start_threads(struct udpif *udpif, uint32_t 
n_handlers_,
 udpif->n_handlers = n_handlers_;
 udpif->n_revalidators = n_revalidators_;
 
-udpif->handlers = xzalloc(udpif->n_handlers * sizeof *udpif->handlers);
-for (size_t i = 0; i < udpif->n_handlers; i++) {
-struct handler *handler = >handlers[i];
+if (udpif->n_handlers) {
+udpif->handlers = xzalloc(udpif->n_handlers
+  * sizeof *udpif->handlers);
+for (size_t i = 0; i < udpif->n_handlers; i++) {
+struct handler *handler = >handlers[i];
 
-handler->udpif = udpif;
-handler->handler_id = i;
-handler->thread = ovs_thread_create(
-"handler", udpif_upcall_handler, handler);
+handler->udpif = udpif;
+handler->handler_id = i;
+handler->thread = ovs_thread_create(
+"handler", udpif_upcall_handler, handler);
+}
+} else {
+udpif->handlers = NULL;
 }
 
 atomic_init(>enable_ufid, udpif->backer->rt_support.ufid);
@@ -662,7 +667,9 @@ udpif_set_threads(struct udpif *udpif, uint32_t n_handlers_,
 if (dpif_number_handlers_required(udpif->dpif, _handlers_requested)) {
 forced = true;
 if (!n_revalidators_) {
-n_revalidators_requested = n_handlers_requested / 4 + 1;
+n_revalidators_requested = (n_handlers_requested
+? n_handlers_requested
+: MAX(count_cpu_cores(), 2)) / 4 + 1;
 } else {
 n_revalidators_requested = n_revalidators_;
 }
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovsdb: Don't iterate over rows on empty mutation.

[Ilya Maximets]

On 2/5/24 06:10, Mike Pattrick wrote:
> Previously when an empty mutation was used to count the number of rows
> in a table, OVSDB would iterate over all rows twice. First to perform an
> RBAC check, and then to perform the no-operation.
> 
> This change adds a short circuit to mutate operations with no conditions
> and an empty mutation set, returning immediately. One notable change in
> functionality is not performing the RBAC check in this condition, as no
> mutation actually takes place.
> 
> Reported-by: Terry Wilson 
> Reported-at: https://issues.redhat.com/browse/FDP-359
> Signed-off-by: Mike Pattrick 
> ---
>  ovsdb/execution.c   |  9 -
>  ovsdb/mutation.h|  5 +
>  tests/ovsdb-rbac.at | 19 +++
>  3 files changed, 32 insertions(+), 1 deletion(-)

Hi, Mike.  Thanks for the patch!

See some comments inline.

> 
> diff --git a/ovsdb/execution.c b/ovsdb/execution.c
> index 8c20c3b54..26bc49641 100644
> --- a/ovsdb/execution.c
> +++ b/ovsdb/execution.c
> @@ -609,7 +609,14 @@ ovsdb_execute_mutate(struct ovsdb_execution *x, struct 
> ovsdb_parser *parser,
>  error = ovsdb_condition_from_json(table->schema, where, x->symtab,
>);
>  }
> -if (!error) {
> +if (!error &&
> +ovsdb_condition_empty() &&
> +ovsdb_mutation_set_empty()) {
> +/* Special case with no conditions or mutations, just return the row
> + * count. */
> +json_object_put(result, "count",
> +json_integer_create(hmap_count(>rows)));
> +} else if (!error) {
>  mr.n_matches = 0;
>  mr.txn = x->txn;
>  mr.mutations = 
> diff --git a/ovsdb/mutation.h b/ovsdb/mutation.h
> index 7566ef199..3989c7b8a 100644
> --- a/ovsdb/mutation.h
> +++ b/ovsdb/mutation.h
> @@ -68,5 +68,10 @@ struct json *ovsdb_mutation_set_to_json(const struct 
> ovsdb_mutation_set *);
>  void ovsdb_mutation_set_destroy(struct ovsdb_mutation_set *);
>  struct ovsdb_error *ovsdb_mutation_set_execute(
>  struct ovsdb_row *, const struct ovsdb_mutation_set *) 
> OVS_WARN_UNUSED_RESULT;

An empty line would be nice.

> +static inline bool ovsdb_mutation_set_empty(
> +const struct ovsdb_mutation_set *ms)
> +{
> +return ms->n_mutations == 0;
> +}
>  
>  #endif /* ovsdb/mutation.h */
> diff --git a/tests/ovsdb-rbac.at b/tests/ovsdb-rbac.at
> index 3172e4bf5..741651723 100644
> --- a/tests/ovsdb-rbac.at
> +++ b/tests/ovsdb-rbac.at
> @@ -355,6 +355,25 @@ AT_CHECK([uuidfilt stdout], [0], [[[{"details":"RBAC 
> rules for client \"client-2
>  ], [ignore])
>  
>  # Test 14:
> +# Count the rows in other_colors. This should pass even though the RBAC
> +# authorization would fail because "client-2" does not match the
> +# "creator" column for this row. Because the RBAC check is bypassed when
> +# where and mutations are both empty.

While I understand why you did that ("select" operation doesn't require
RBAC checks and an empty mutation is similar to selection), this introduces
an unclear difference between empty mutations with and without condition.
One performs RBAC check and the other does not.  We should be consistent.


Would be also nice to have a non-RBAC test that checks the number of rows
mid-transaction, i.e. adds a row, runs empty mutation and removes some other
row after that.  Somewhere in tests/ovsdb-execution.at.  I don't think we
have any tests with empty mutations list.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] bfd: Improve state change log message.

[Eelco Chaudron]

On 6 Feb 2024, at 13:58, Ilya Maximets wrote:

> On 2/6/24 13:50, Eelco Chaudron wrote:
>>
>>
>> On 6 Feb 2024, at 13:46, Ilya Maximets wrote:
>>
>>> On 2/4/24 15:40, Timothy Redaelli wrote:
 A log message like this one:

 2024-01-09T06:45:17.201Z|00071|bfd(handler2)|INFO|ovn-0af536-0: BFD state
 change: down->up "Neighbor Signaled Session Down"->"Neighbor Signaled 
 Session
 Down".

 can be hard to read since '->' usually represents a status change, but
 in this case the diagnostic code stays constant. Update the log message to
 avoid such ambiguity. The log message for the above event become:

 2024-01-09T06:45:16.211Z|00026|bfd(handler3)|INFO|ovn-0af536-0: BFD state
 change: up->down, previous failure: "Neighbor Signaled Session Down",
 current failure: "Neighbor Signaled Session Down".
>>>
>>> Hi, Timothy.  Thanks for the patch!
>>>
>>> Though I'm not sure that the new version is fully correct either.
>>> Since this message is BFD-specific, we should use BFD-specific language.
>>> Diagnostic is not a failure in a general case, so logging them as a failure
>>> is not correct, IMO.
>>>
>>> We may also want to specify that it is a local diagnostic and not a remote
>>> one to avoid any further ambiguity.
>>>
>>> However, if the confusion is caused by the fact that it doesn't change, 
>>> while
>>> the arrow suggests that it did, maybe we can just re-structure the message
>>> in a following way:
>>>
>>> BFD state change:
>>>   (bfd.SessionState:   up, bfd.LocalDiag: Neighbor Signaled Session Down) ->
>>>   (bfd.SessionState: down, bfd.LocalDiag: Neighbor Signaled Session Down)
>>>
>>> (no need to split lines, I did that only for ease of reading)
>>>
>>> Since at least one part will change, the arrow should not be confusing 
>>> anymore.
>>>
>>> Spelling out bfd.Xx names as in the RFC is probably not necessary since 
>>> we're
>>> printing out simple words (state, diagnostic) in other places, so can do 
>>> that
>>> here as well.
>>
>> Good idea, I do like the RFC naming of the events. Maybe to save space, we
>> could remove the “bfd.” prefix, but keep the SessionState, etc.
>
> I think, if we use the names from RFC, we should use them with a prefix.
> The prefix is there to avoid confusion between state machine variables
> and BFD packet fields that are very similarly named.

I’m fine with keeping the prefix. If we do not want this for some other reason, 
we could use _ for packet field names with spaces.

>> Maybe a follow-up patch to change this in all BFD-related messages to make 
>> them
>> more uniform?
>>
>>
>>> Thoughts?
>>>
>>> Best regards, Ilya Maximets.
>>

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH net 2/2] selftests: openvswitch: Add validation for the recursion test

[Aaron Conole]

Add a test case into the netlink checks that will show the number of
nested action recursions won't exceed 16.  Going to 17 on a small
clone call isn't enough to exhaust the stack on (most) systems, so
it should be safe to run even on systems that don't have the fix
applied.

Signed-off-by: Aaron Conole 
---
NOTE: This patch may be safely omitted for trees that don't
  include the selftests

 .../selftests/net/openvswitch/openvswitch.sh  | 13 
 .../selftests/net/openvswitch/ovs-dpctl.py| 71 +++
 2 files changed, 69 insertions(+), 15 deletions(-)

diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh 
b/tools/testing/selftests/net/openvswitch/openvswitch.sh
index f8499d4c87f3..30cb9d3b035d 100755
--- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
+++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
@@ -502,7 +502,20 @@ test_netlink_checks () {
wc -l) == 2 ] || \
  return 1
 
+   info "Checking clone depth"
ERR_MSG="Flow actions may not be safe on all matching packets"
+   PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
+   ovs_add_flow "test_netlink_checks" nv0 \
+   'in_port(1),eth(),eth_type(0x800),ipv4()' \
+   
'clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(drop)'
 \
+   &> /dev/null && return 1
+   POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
+
+   if [ "$PRE_TEST" == "$POST_TEST" ]; then
+   info "failed - clone depth too large"
+   return 1
+   fi
+
PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
ovs_add_flow "test_netlink_checks" nv0 \
'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(0),2' \
diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py 
b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
index b97e621face9..5e0e539a323d 100644
--- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
+++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
@@ -299,7 +299,7 @@ class ovsactions(nla):
 ("OVS_ACTION_ATTR_PUSH_NSH", "none"),
 ("OVS_ACTION_ATTR_POP_NSH", "flag"),
 ("OVS_ACTION_ATTR_METER", "none"),
-("OVS_ACTION_ATTR_CLONE", "none"),
+("OVS_ACTION_ATTR_CLONE", "recursive"),
 ("OVS_ACTION_ATTR_CHECK_PKT_LEN", "none"),
 ("OVS_ACTION_ATTR_ADD_MPLS", "none"),
 ("OVS_ACTION_ATTR_DEC_TTL", "none"),
@@ -465,29 +465,42 @@ class ovsactions(nla):
 print_str += "pop_mpls"
 else:
 datum = self.get_attr(field[0])
-print_str += datum.dpstr(more)
+if field[0] == "OVS_ACTION_ATTR_CLONE":
+print_str += "clone("
+print_str += datum.dpstr(more)
+print_str += ")"
+else:
+print_str += datum.dpstr(more)
 
 return print_str
 
 def parse(self, actstr):
+totallen = len(actstr)
 while len(actstr) != 0:
 parsed = False
+parencount = 0
 if actstr.startswith("drop"):
 # If no reason is provided, the implicit drop is used (i.e no
 # action). If some reason is given, an explicit action is used.
-actstr, reason = parse_extract_field(
-actstr,
-"drop(",
-"([0-9]+)",
-lambda x: int(x, 0),
-False,
-None,
-)
+reason = None
+if actstr.startswith("drop("):
+parencount += 1
+
+actstr, reason = parse_extract_field(
+actstr,
+"drop(",
+"([0-9]+)",
+lambda x: int(x, 0),
+False,
+None,
+)
+
 if reason is not None:
 self["attrs"].append(["OVS_ACTION_ATTR_DROP", reason])
 parsed = True
 else:
-return
+actstr = actstr[len("drop"): ]
+return (totallen - len(actstr))
 
 elif parse_starts_block(actstr, "^(\d+)", False, True):
 actstr, output = parse_extract_field(
@@ -504,6 +517,7 @@ class ovsactions(nla):
 False,
 0,
 )
+parencount += 1
 self["attrs"].append(["OVS_ACTION_ATTR_RECIRC", recircid])
 parsed = True
 
@@ -516,12 +530,22 @@ class ovsactions(nla):
 
 for flat_act in parse_flat_map:
 if parse_starts_block(actstr, flat_act[0], False):
-actstr += len(flat_act[0])
+actstr = actstr[len(flat_act[0]):]
 

[ovs-dev] [PATCH net 1/2] net: openvswitch: limit the number of recursions from action sets

[Aaron Conole]

The ovs module allows for some actions to recursively contain an action
list for complex scenarios, such as sampling, checking lengths, etc.
When these actions are copied into the internal flow table, they are
evaluated to validate that such actions make sense, and these calls
happen recursively.

The ovs-vswitchd userspace won't emit more than 16 recursion levels
deep.  However, the module has no such limit and will happily accept
limits larger than 16 levels nested.  Prevent this by tracking the
number of recursions happening and manually limiting it to 16 levels
nested.

The initial implementation of the sample action would track this depth
and prevent more than 3 levels of recursion, but this was removed to
support the clone use case, rather than limited at the current userspace
limit.

Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use 
cases")
Signed-off-by: Aaron Conole 
---
 net/openvswitch/flow_netlink.c | 33 -
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index 88965e2068ac..ba5cfa67a720 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -48,6 +48,9 @@ struct ovs_len_tbl {
 
 #define OVS_ATTR_NESTED -1
 #define OVS_ATTR_VARIABLE -2
+#define OVS_COPY_ACTIONS_MAX_DEPTH 16
+
+static DEFINE_PER_CPU(int, copy_actions_depth);
 
 static bool actions_may_change_flow(const struct nlattr *actions)
 {
@@ -3148,11 +3151,11 @@ static int copy_action(const struct nlattr *from,
return 0;
 }
 
-static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
- const struct sw_flow_key *key,
- struct sw_flow_actions **sfa,
- __be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log)
+static int ___ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+  const struct sw_flow_key *key,
+  struct sw_flow_actions **sfa,
+  __be16 eth_type, __be16 vlan_tci,
+  u32 mpls_label_count, bool log)
 {
u8 mac_proto = ovs_key_mac_proto(key);
const struct nlattr *a;
@@ -3478,6 +3481,26 @@ static int __ovs_nla_copy_actions(struct net *net, const 
struct nlattr *attr,
return 0;
 }
 
+static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+ const struct sw_flow_key *key,
+ struct sw_flow_actions **sfa,
+ __be16 eth_type, __be16 vlan_tci,
+ u32 mpls_label_count, bool log)
+{
+   int level = this_cpu_read(copy_actions_depth);
+   int ret;
+
+   if (level > OVS_COPY_ACTIONS_MAX_DEPTH)
+   return -EOVERFLOW;
+
+   __this_cpu_inc(copy_actions_depth);
+   ret = ___ovs_nla_copy_actions(net, attr, key, sfa, eth_type,
+ vlan_tci, mpls_label_count, log);
+   __this_cpu_dec(copy_actions_depth);
+
+   return ret;
+}
+
 /* 'key' must be the masked key. */
 int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
 const struct sw_flow_key *key,
-- 
2.41.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH net 0/2] net: openvswitch: limit the recursions from action sets

[Aaron Conole]

Open vSwitch module accepts actions as a list from the netlink socket
and then creates a copy which it uses in the action set processing.
During processing of the action list on a packet, the module keeps a
count of the execution depth and exits processing if the action depth
goes too high.

However, during netlink processing the recursion depth isn't checked
anywhere, and the copy trusts that kernel has large enough stack to
accommodate it.  The OVS sample action was the original action which
could perform this kinds of recursion, and it originally checked that
it didn't exceed the sample depth limit.  However, when sample became
optimized to provide the clone() semantics, the recursion limit was
dropped.

This series adds a depth limit during the __ovs_nla_copy_actions() call
that will ensure we don't exceed the max that the OVS userspace could
generate for a clone().

Additionally, this series provides a selftest in 2/2 that can be used to
determine if the OVS module is allowing unbounded access.  It can be
safely omitted where the ovs selftest framework isn't available.

Aaron Conole (2):
  net: openvswitch: limit the number of recursions from action sets
  selftests: openvswitch: Add validation for the recursion test

 net/openvswitch/flow_netlink.c| 33 +++--
 .../selftests/net/openvswitch/openvswitch.sh  | 13 
 .../selftests/net/openvswitch/ovs-dpctl.py| 71 +++
 3 files changed, 97 insertions(+), 20 deletions(-)

-- 
2.41.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] bfd: Improve state change log message.

[Ilya Maximets]

On 2/6/24 13:50, Eelco Chaudron wrote:
> 
> 
> On 6 Feb 2024, at 13:46, Ilya Maximets wrote:
> 
>> On 2/4/24 15:40, Timothy Redaelli wrote:
>>> A log message like this one:
>>>
>>> 2024-01-09T06:45:17.201Z|00071|bfd(handler2)|INFO|ovn-0af536-0: BFD state
>>> change: down->up "Neighbor Signaled Session Down"->"Neighbor Signaled 
>>> Session
>>> Down".
>>>
>>> can be hard to read since '->' usually represents a status change, but
>>> in this case the diagnostic code stays constant. Update the log message to
>>> avoid such ambiguity. The log message for the above event become:
>>>
>>> 2024-01-09T06:45:16.211Z|00026|bfd(handler3)|INFO|ovn-0af536-0: BFD state
>>> change: up->down, previous failure: "Neighbor Signaled Session Down",
>>> current failure: "Neighbor Signaled Session Down".
>>
>> Hi, Timothy.  Thanks for the patch!
>>
>> Though I'm not sure that the new version is fully correct either.
>> Since this message is BFD-specific, we should use BFD-specific language.
>> Diagnostic is not a failure in a general case, so logging them as a failure
>> is not correct, IMO.
>>
>> We may also want to specify that it is a local diagnostic and not a remote
>> one to avoid any further ambiguity.
>>
>> However, if the confusion is caused by the fact that it doesn't change, while
>> the arrow suggests that it did, maybe we can just re-structure the message
>> in a following way:
>>
>> BFD state change:
>>   (bfd.SessionState:   up, bfd.LocalDiag: Neighbor Signaled Session Down) ->
>>   (bfd.SessionState: down, bfd.LocalDiag: Neighbor Signaled Session Down)
>>
>> (no need to split lines, I did that only for ease of reading)
>>
>> Since at least one part will change, the arrow should not be confusing 
>> anymore.
>>
>> Spelling out bfd.Xx names as in the RFC is probably not necessary since we're
>> printing out simple words (state, diagnostic) in other places, so can do that
>> here as well.
> 
> Good idea, I do like the RFC naming of the events. Maybe to save space, we
> could remove the “bfd.” prefix, but keep the SessionState, etc.

I think, if we use the names from RFC, we should use them with a prefix.
The prefix is there to avoid confusion between state machine variables
and BFD packet fields that are very similarly named.

> 
> Maybe a follow-up patch to change this in all BFD-related messages to make 
> them
> more uniform?
> 
> 
>> Thoughts?
>>
>> Best regards, Ilya Maximets.
> 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2 1/4] dp-packet: Validate correct offset for L4 inner size.

[Ilya Maximets]

On 1/30/24 23:14, Mike Pattrick wrote:
> This patch fixes the correctness of dp_packet_inner_l4_size() when
> checking for the existence of an inner L4 header. Previously it checked
> for the outer L4 header.
> 
> This function is currently only used when a packet is already flagged
> for tunneling, so an incorrect determination isn't possible as long as
> the flags of the packet are correct.
> 
> Fixes: 85bcbbed839a ("userspace: Enable tunnel tests with TSO.")
> Signed-off-by: Mike Pattrick 
> ---
> v2: Corrected patch subject
> ---
>  lib/dp-packet.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/dp-packet.h b/lib/dp-packet.h
> index dceb701e8..802d3f385 100644
> --- a/lib/dp-packet.h
> +++ b/lib/dp-packet.h
> @@ -540,7 +540,7 @@ dp_packet_inner_l4(const struct dp_packet *b)
>  static inline size_t
>  dp_packet_inner_l4_size(const struct dp_packet *b)
>  {
> -return OVS_LIKELY(b->l4_ofs != UINT16_MAX)
> +return OVS_LIKELY(b->inner_l4_ofs != UINT16_MAX)
> ? (const char *) dp_packet_tail(b)
> - (const char *) dp_packet_inner_l4(b)
> - dp_packet_l2_pad_size(b)

Hi, Mike.  Thanks for v2!

I don't have any particular comments beside the ones David already made.
Could you, please, address them and post a new version?

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] bfd: Improve state change log message.

[Eelco Chaudron]

On 6 Feb 2024, at 13:46, Ilya Maximets wrote:

> On 2/4/24 15:40, Timothy Redaelli wrote:
>> A log message like this one:
>>
>> 2024-01-09T06:45:17.201Z|00071|bfd(handler2)|INFO|ovn-0af536-0: BFD state
>> change: down->up "Neighbor Signaled Session Down"->"Neighbor Signaled Session
>> Down".
>>
>> can be hard to read since '->' usually represents a status change, but
>> in this case the diagnostic code stays constant. Update the log message to
>> avoid such ambiguity. The log message for the above event become:
>>
>> 2024-01-09T06:45:16.211Z|00026|bfd(handler3)|INFO|ovn-0af536-0: BFD state
>> change: up->down, previous failure: "Neighbor Signaled Session Down",
>> current failure: "Neighbor Signaled Session Down".
>
> Hi, Timothy.  Thanks for the patch!
>
> Though I'm not sure that the new version is fully correct either.
> Since this message is BFD-specific, we should use BFD-specific language.
> Diagnostic is not a failure in a general case, so logging them as a failure
> is not correct, IMO.
>
> We may also want to specify that it is a local diagnostic and not a remote
> one to avoid any further ambiguity.
>
> However, if the confusion is caused by the fact that it doesn't change, while
> the arrow suggests that it did, maybe we can just re-structure the message
> in a following way:
>
> BFD state change:
>   (bfd.SessionState:   up, bfd.LocalDiag: Neighbor Signaled Session Down) ->
>   (bfd.SessionState: down, bfd.LocalDiag: Neighbor Signaled Session Down)
>
> (no need to split lines, I did that only for ease of reading)
>
> Since at least one part will change, the arrow should not be confusing 
> anymore.
>
> Spelling out bfd.Xx names as in the RFC is probably not necessary since we're
> printing out simple words (state, diagnostic) in other places, so can do that
> here as well.

Good idea, I do like the RFC naming of the events. Maybe to save space, we 
could remove the “bfd.” prefix, but keep the SessionState, etc.

Maybe a follow-up patch to change this in all BFD-related messages to make them 
more uniform?


> Thoughts?
>
> Best regards, Ilya Maximets.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH branch-3.0] dpdk: Use DPDK 21.11.6 release for OVS 3.0.

[Eelco Chaudron]

On 6 Feb 2024, at 13:45, Kevin Traynor wrote:

> On 05/02/2024 11:32, Eelco Chaudron wrote:
>>
>>
>> On 2 Feb 2024, at 13:46, Kevin Traynor wrote:
>>
>>> Update the CI and docs to use DPDK 21.11.6.
>>>
>>> Signed-off-by: Kevin Traynor 
>>
>> Thanks for getting all DPDK packages upgraded. The changes look good to me. 
>> Did not run the GitHub actions, but assume they are fine.
>>
>
> Hi Eelco,
>
> yes, for reference, they are here:
> master:  https://github.com/kevintraynor/ovs/actions/runs/7730296983
> branch-3.3:  https://github.com/kevintraynor/ovs/actions/runs/7730275340
> branch-3.2:  https://github.com/kevintraynor/ovs/actions/runs/7730273763
> branch-3.1:  https://github.com/kevintraynor/ovs/actions/runs/7730270878
> branch-3.0:  https://github.com/kevintraynor/ovs/actions/runs/7730269366
> branch-2.17: https://github.com/kevintraynor/ovs/actions/runs/7730266582

Thanks!

>> Acked-by: Eelco Chaudron 
>>
>
> Thanks

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] bfd: Improve state change log message.

[Ilya Maximets]

On 2/4/24 15:40, Timothy Redaelli wrote:
> A log message like this one:
> 
> 2024-01-09T06:45:17.201Z|00071|bfd(handler2)|INFO|ovn-0af536-0: BFD state
> change: down->up "Neighbor Signaled Session Down"->"Neighbor Signaled Session
> Down".
> 
> can be hard to read since '->' usually represents a status change, but
> in this case the diagnostic code stays constant. Update the log message to
> avoid such ambiguity. The log message for the above event become:
> 
> 2024-01-09T06:45:16.211Z|00026|bfd(handler3)|INFO|ovn-0af536-0: BFD state
> change: up->down, previous failure: "Neighbor Signaled Session Down",
> current failure: "Neighbor Signaled Session Down".

Hi, Timothy.  Thanks for the patch!

Though I'm not sure that the new version is fully correct either.
Since this message is BFD-specific, we should use BFD-specific language.
Diagnostic is not a failure in a general case, so logging them as a failure
is not correct, IMO.

We may also want to specify that it is a local diagnostic and not a remote
one to avoid any further ambiguity.

However, if the confusion is caused by the fact that it doesn't change, while
the arrow suggests that it did, maybe we can just re-structure the message
in a following way:

BFD state change:
  (bfd.SessionState:   up, bfd.LocalDiag: Neighbor Signaled Session Down) ->
  (bfd.SessionState: down, bfd.LocalDiag: Neighbor Signaled Session Down)

(no need to split lines, I did that only for ease of reading)

Since at least one part will change, the arrow should not be confusing anymore.

Spelling out bfd.Xx names as in the RFC is probably not necessary since we're
printing out simple words (state, diagnostic) in other places, so can do that
here as well.

Thoughts?

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH branch-3.0] dpdk: Use DPDK 21.11.6 release for OVS 3.0.

[Kevin Traynor]

On 05/02/2024 11:32, Eelco Chaudron wrote:
> 
> 
> On 2 Feb 2024, at 13:46, Kevin Traynor wrote:
> 
>> Update the CI and docs to use DPDK 21.11.6.
>>
>> Signed-off-by: Kevin Traynor 
> 
> Thanks for getting all DPDK packages upgraded. The changes look good to me. 
> Did not run the GitHub actions, but assume they are fine.
> 

Hi Eelco,

yes, for reference, they are here:
master:  https://github.com/kevintraynor/ovs/actions/runs/7730296983
branch-3.3:  https://github.com/kevintraynor/ovs/actions/runs/7730275340
branch-3.2:  https://github.com/kevintraynor/ovs/actions/runs/7730273763
branch-3.1:  https://github.com/kevintraynor/ovs/actions/runs/7730270878
branch-3.0:  https://github.com/kevintraynor/ovs/actions/runs/7730269366
branch-2.17: https://github.com/kevintraynor/ovs/actions/runs/7730266582

> Acked-by: Eelco Chaudron 
> 

Thanks

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH master/branch-3.3] faq: Update DPDK releases for older branches.

[Ilya Maximets]

On 2/2/24 13:46, Kevin Traynor wrote:
> Branches 2.17/3.0/3.1/3.2 are using newer DPDK LTS releases.
> 
> Update the faq.
> 
> Signed-off-by: Kevin Traynor 
> ---
>  Documentation/faq/releases.rst | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
> index 3a8387f84..49b987b61 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -217,8 +217,8 @@ Q: What DPDK version does each Open vSwitch release work 
> with?
>  2.15.x   20.11.6
>  2.16.x   20.11.6
> -2.17.x   21.11.5
> -3.0.x21.11.5
> -3.1.x22.11.3
> -3.2.x22.11.3
> +2.17.x   21.11.6
> +3.0.x21.11.6
> +3.1.x22.11.4
> +3.2.x22.11.4
>  3.3.x23.11
>   

Hi, Kevin.  Thanks for the patches!

I didn't test them, but LGTM.  For all DPDK update patches:

Acked-by: Ilya Maximets 

P.S.: the 'master/branch-3.3' tag is likely confusing for bots,
  it's better to send separate patches next time, or just
  not specify the branch at all and add a footnote that
  it should be applied to branch-3.3 as well.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v2 28/29] utilities: Add ovn-debug binary tool.

[0-day Robot]

Bleep bloop.  Greetings Ales Musil, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line lacks whitespace around operator
#281 FILE: utilities/ovn-debug.c:87:
lflow-stage-to-ltable STAGE_NAME\n\

WARNING: Line lacks whitespace around operator
#283 FILE: utilities/ovn-debug.c:89:
lflow-stage-to-oftable STAGE_NAME\n\

Lines checked: 353, Warnings: 2, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 20/29] tests: Add macro for OFTABLE_CHK_IN_PORT_SEC table number.

[Ales Musil]

Add macro for OFTABLE_CHK_IN_PORT_SEC and replace all table=73
occurrences in OF with table=OFTABLE_CHK_IN_PORT_SEC.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 112 ++--
 2 files changed, 58 insertions(+), 55 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index a32ced8a0..626ec7cac 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1003,3 +1003,4 @@ m4_define([OFTABLE_CHK_LB_HAIRPIN_REPLY], [69])
 m4_define([OFTABLE_CT_SNAT_HAIRPIN], [70])
 m4_define([OFTABLE_GET_FDB], [71])
 m4_define([OFTABLE_LOOKUP_FDB], [72])
+m4_define([OFTABLE_CHK_IN_PORT_SEC], [73])
diff --git a/tests/ovn.at b/tests/ovn.at
index 8915cca0c..3188817fe 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -34271,12 +34271,14 @@ sw0_dp_key=$(printf "%x" $(fetch_column 
Datapath_Binding tunnel_key external_ids
 sw0p1_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key 
logical_port=sw0p1))
 sw0p2_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key 
logical_port=sw0p2))
 
-# There should be no flows in table 73, 74 and 75 in hv1 and hv2
-> hv1_t73_flows.expected
+in_port_sec=OFTABLE_CHK_IN_PORT_SEC
+
+# There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, 74 and 75 in hv1 
and hv2
+> hv1_t${in_port_sec}_flows.expected
 > hv1_t74_flows.expected
 > hv1_t75_flows.expected
 
-> hv2_t73_flows.expected
+> hv2_t${in_port_sec}_flows.expected
 > hv2_t74_flows.expected
 > hv2_t75_flows.expected
 
@@ -34288,22 +34290,22 @@ check_port_sec_offlows() {
 AT_CHECK([diff -u ${hv}_t${t}_flows.actual ${hv}_t${t}_flows.expected])
 }
 
-check_port_sec_offlows hv1 73
+check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv1 74
 check_port_sec_offlows hv1 75
 
-check_port_sec_offlows hv2 73
+check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv2 74
 check_port_sec_offlows hv2 75
 
 # Set port security for sw0p1
 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03"
 
-echo " table=73, priority=80,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=73, 
priority=90,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key,dl_src=00:00:00:00:00:03 
actions=resubmit(,74)
- table=73, priority=95,arp,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=resubmit(,74)" > hv1_t73_flows.expected
+echo " table=OFTABLE_CHK_IN_PORT_SEC, 
priority=80,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=90,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key,dl_src=00:00:00:00:00:03 
actions=resubmit(,74)
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=95,arp,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=resubmit(,74)" > hv1_t${in_port_sec}_flows.expected
 
-check_port_sec_offlows hv1 73
+check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC
 
 echo " table=74, priority=80,arp,reg14=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
  table=74, 
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135 
actions=load:0->NXM_NX_REG10[[12]]
@@ -34321,25 +34323,25 @@ echo " table=75, 
priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->N
 
 check_port_sec_offlows hv1 75
 
-> hv2_t73_flows.expected
+> hv2_t${in_port_sec}_flows.expected
 > hv2_t74_flows.expected
 > hv2_t75_flows.expected
 
-check_port_sec_offlows hv2 73
+check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv2 74
 check_port_sec_offlows hv2 75
 
 # Add IPv4 addresses to sw0p1
 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03 
10.0.0.3" "00:00:00:00:00:13 10.0.0.13"
 
-echo " table=73, priority=80,reg14=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=73, 
priority=90,ip,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,nw_src=10.0.0.3
 actions=load:0->NXM_NX_REG10[[12]]
- table=73, 
priority=90,ip,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:13,nw_src=10.0.0.13
 actions=load:0->NXM_NX_REG10[[12]]
- table=73, 
priority=90,udp,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67
 actions=load:0->NXM_NX_REG10[[12]]
- table=73, 
priority=90,udp,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:13,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67
 actions=load:0->NXM_NX_REG10[[12]]
- table=73, priority=95,arp,reg14=0x$sw0p1_key,metadata=0x1 
actions=resubmit(,74)" > hv1_t73_flows.expected
+echo " table=OFTABLE_CHK_IN_PORT_SEC, 
priority=80,reg14=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=90,ip,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,nw_src=10.0.0.3
 actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=90,ip,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:13,nw_src=10.0.0.13
 actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC, 

[ovs-dev] [PATCH ovn v2 17/29] tests: Add macro for OFTABLE_CT_SNAT_HAIRPIN table number.

[Ales Musil]

Add macro for OFTABLE_CT_SNAT_HAIRPIN and replace all table=70
occurrences in OF with table=OFTABLE_CT_SNAT_HAIRPIN.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 206 ++--
 2 files changed, 104 insertions(+), 103 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 5c79f0cea..392f220cc 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1000,3 +1000,4 @@ m4_define([OFTABLE_MAC_BINDING], [66])
 m4_define([OFTABLE_MAC_LOOKUP], [67])
 m4_define([OFTABLE_CHK_LB_HAIRPIN], [68])
 m4_define([OFTABLE_CHK_LB_HAIRPIN_REPLY], [69])
+m4_define([OFTABLE_CT_SNAT_HAIRPIN], [70])
diff --git a/tests/ovn.at b/tests/ovn.at
index b1ad3ed37..f648fef2d 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -30508,7 +30508,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN | grep
 AT_CHECK([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | grep -v NXST], [1], [dnl
 ])
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
@@ -30517,7 +30517,7 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN | grep
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | grep -v NXST], [1], [dnl
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv4-tcp
@@ -30534,8 +30534,8 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY]
 NXST_FLOW reply (xid=0x8):
 ])
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | grep 
-v NXST], [0], [dnl
- table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CT_SNAT_HAIRPIN, 
priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
@@ -30544,7 +30544,7 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN | grep
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | grep -v NXST], [1], [dnl
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 check ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.90:8080 
42.42.42.42:4041,52.52.52.52:4042 tcp
@@ -30563,9 +30563,9 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY]
 NXST_FLOW reply (xid=0x8):
 ])
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | grep 
-v NXST], [0], [dnl
- table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
- table=70, priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CT_SNAT_HAIRPIN, 
priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
+ table=OFTABLE_CT_SNAT_HAIRPIN, 
priority=100,tcp,reg1=0x5858585a,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.90))
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
@@ -30574,7 +30574,7 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN | grep
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | grep -v NXST], [1], [dnl
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CT_SNAT_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 
@@ -30595,9 +30595,9 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN | ofct
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | grep -v NXST], [1], [dnl
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 | ofctl_strip_all | grep 
-v NXST], [0], [dnl
- table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
- table=70, 

Re: [ovs-dev] [PATCH ovn v6 00/13] northd lflow incremental processing

[Dumitru Ceara]

On 2/5/24 23:53, Han Zhou wrote:
> For Dumitru's proposal:
>>> Maybe it would be an idea to integrate some of Han's performance testing
>>> scripts into the set of tests we already have in the upstream repo,
>>> ovn-performance.at [0], and run those in GitHub actions too.
>>> [0] https://github.com/ovn-org/ovn/blob/main/tests/ovn-performance.at
>>> Han, others, what do you think?
> I've been thinking about this for a long time but it wasn't prioritized. It
> was not easy for the reasons mentioned by Ilya. But I agree it is something
> we need to figure out. For memory increase it should be pretty reliable,
> but for CPU/latency, we might need to think about metrics that take into
> account the performance of the node that executes the test cases. Of course
> hardware resources (CPU and memory of the test node) v.s. the scale we can
> test is another concern, but we may start with a scale that is not too big
> to run in git actions while big enough to provide good performance metrics.
> 

I guess we need to first try it out and see if there's any degree of
reliability (from memory usage perspective) when running something like
this in public GitHub runners.

Han, do you have time to investigate this direction?  Otherwise, if
nobody else volunteers, I will try to add it to my todo list.

Thanks,
Dumitru

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 21/29] tests: Add macro for OFTABLE_CHK_IN_PORT_SEC_ND table number.

[Ales Musil]

Add macro for OFTABLE_CHK_IN_PORT_SEC_ND and replace all table=74
occurrences in OF with table=OFTABLE_CHK_IN_PORT_SEC_ND.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 151 ++--
 2 files changed, 77 insertions(+), 75 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 626ec7cac..d3e027424 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1004,3 +1004,4 @@ m4_define([OFTABLE_CT_SNAT_HAIRPIN], [70])
 m4_define([OFTABLE_GET_FDB], [71])
 m4_define([OFTABLE_LOOKUP_FDB], [72])
 m4_define([OFTABLE_CHK_IN_PORT_SEC], [73])
+m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74])
diff --git a/tests/ovn.at b/tests/ovn.at
index 3188817fe..e05eef808 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -34272,14 +34272,15 @@ sw0p1_key=$(printf "%x" $(fetch_column Port_Binding 
tunnel_key logical_port=sw0p
 sw0p2_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key 
logical_port=sw0p2))
 
 in_port_sec=OFTABLE_CHK_IN_PORT_SEC
+in_port_sec_nd=OFTABLE_CHK_IN_PORT_SEC_ND
 
 # There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, 74 and 75 in hv1 
and hv2
 > hv1_t${in_port_sec}_flows.expected
-> hv1_t74_flows.expected
+> hv1_t${in_port_sec_nd}_flows.expected
 > hv1_t75_flows.expected
 
 > hv2_t${in_port_sec}_flows.expected
-> hv2_t74_flows.expected
+> hv2_t${in_port_sec_nd}_flows.expected
 > hv2_t75_flows.expected
 
 check_port_sec_offlows() {
@@ -34291,32 +34292,32 @@ check_port_sec_offlows() {
 }
 
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC
-check_port_sec_offlows hv1 74
+check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND
 check_port_sec_offlows hv1 75
 
 check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC
-check_port_sec_offlows hv2 74
+check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND
 check_port_sec_offlows hv2 75
 
 # Set port security for sw0p1
 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03"
 
 echo " table=OFTABLE_CHK_IN_PORT_SEC, 
priority=80,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=OFTABLE_CHK_IN_PORT_SEC, 
priority=90,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key,dl_src=00:00:00:00:00:03 
actions=resubmit(,74)
- table=OFTABLE_CHK_IN_PORT_SEC, 
priority=95,arp,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=resubmit(,74)" > hv1_t${in_port_sec}_flows.expected
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=90,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key,dl_src=00:00:00:00:00:03 
actions=resubmit(,OFTABLE_CHK_IN_PORT_SEC_ND)
+ table=OFTABLE_CHK_IN_PORT_SEC, 
priority=95,arp,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key 
actions=resubmit(,OFTABLE_CHK_IN_PORT_SEC_ND)" > 
hv1_t${in_port_sec}_flows.expected
 
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC
 
-echo " table=74, priority=80,arp,reg14=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=74, 
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135 
actions=load:0->NXM_NX_REG10[[12]]
- table=74, 
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=136 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=74, 
priority=90,arp,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,arp_sha=00:00:00:00:00:03
 actions=load:0->NXM_NX_REG10[[12]]
- table=74, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:00
 actions=load:0->NXM_NX_REG10[[12]]
- table=74, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:03
 actions=load:0->NXM_NX_REG10[[12]]
- table=74, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:00
 actions=load:0->NXM_NX_REG10[[12]]
- table=74, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:03
 actions=load:0->NXM_NX_REG10[[12]]" > hv1_t74_flows.expected
+echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=80,arp,reg14=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135 
actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=136 
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=90,arp,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,arp_sha=00:00:00:00:00:03
 actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:00
 actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:03
 actions=load:0->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_IN_PORT_SEC_ND, 

[ovs-dev] [PATCH ovn v2 14/29] tests: Add macro for OFTABLE_MAC_LOOKUP table number.

[Ales Musil]

Add macro for OFTABLE_MAC_LOOKUP and replace all table=67
occurrences in OF with table=OFTABLE_MAC_LOOKUP.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 26 +-
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 6550f0cf4..c3cab516b 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -997,3 +997,4 @@ m4_define([OFTABLE_REMOTE_OUTPUT], [39])
 m4_define([OFTABLE_LOCAL_OUTPUT], [40])
 m4_define([OFTABLE_LOG_TO_PHY], [65])
 m4_define([OFTABLE_MAC_BINDING], [66])
+m4_define([OFTABLE_MAC_LOOKUP], [67])
diff --git a/tests/ovn.at b/tests/ovn.at
index 10fed0281..7f280545b 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -24564,16 +24564,16 @@ grep opcode=PUT_ARP | grep OF_Table_ID=10 | wc -l`])
 AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=10 | grep arp | \
 grep controller | grep -v n_packets=0 | wc -l`])
 
-# Wait for an entry in table=67
+# Wait for an entry in table=OFTABLE_MAC_LOOKUP
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep n_packets=0 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep n_packets=0 \
 | wc -l`]
 )
 
 # Send garp again. This time the packet should not be sent to ovn-controller.
 send_garp 1 1 $eth_src $eth_dst $spa $tpa
-# Wait for an entry in table=67
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
n_packets=1 | wc -l`])
+# Wait for an entry in table=OFTABLE_MAC_LOOKUP
+OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_MAC_LOOKUP | grep n_packets=1 | wc -l`])
 
 # The packet should not be sent to ovn-controller. The packet
 # count should be 1 only.
@@ -24621,7 +24621,7 @@ OVS_WAIT_UNTIL([test 3 = `cat hv1/ovn-controller.log | 
grep NXT_PACKET_IN2 | \
 grep table_id=10 | wc -l`])
 
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=50:54:00:00:00:33 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=50:54:00:00:00:33 \
 | wc -l`]
 )
 
@@ -24635,7 +24635,7 @@ find mac_binding ip=10.0.0.50], [0], [lr0-sw0
 send_garp 1 1 $eth_src $eth_dst $spa $tpa
 
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=50:54:00:00:00:33 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=50:54:00:00:00:33 \
 | grep n_packets=1 | wc -l`]
 )
 
@@ -24660,17 +24660,17 @@ send_arp_reply 1 1 $eth_src $eth_dst $spa $tpa
 OVS_WAIT_UNTIL([test 4 = `cat hv1/ovn-controller.log | grep NXT_PACKET_IN2 | \
 grep table_id=10 | wc -l`])
 
-# Wait for an entry in table=67 for the learnt mac_binding entry.
+# Wait for an entry in table=OFTABLE_MAC_LOOKUP for the learnt mac_binding 
entry.
 
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=50:54:00:00:00:23 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=50:54:00:00:00:23 \
 | wc -l`]
 )
 
 # Send the same garp reply. This time it should not be sent to ovn-controller.
 send_arp_reply 1 1 $eth_src $eth_dst $spa $tpa
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=50:54:00:00:00:23 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=50:54:00:00:00:23 \
 | grep n_packets=1 | wc -l`]
 )
 
@@ -24679,7 +24679,7 @@ grep table_id=10 | wc -l`])
 
 send_arp_reply 1 1 $eth_src $eth_dst $spa $tpa
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=50:54:00:00:00:23 \
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=50:54:00:00:00:23 \
 | grep n_packets=2 | wc -l`]
 )
 
@@ -33399,7 +33399,7 @@ sip=`ip_to_hex 172 16 1 10`
 tip=`ip_to_hex 172 16 1 50`
 test_arp vif-north1 f0f00011 $sip $tip
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=f0:f0:00:00:00:11 | wc -l`]
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=f0:f0:00:00:00:11 | wc -l`]
 )
 
 echo "Send traffic North to South"
@@ -33422,7 +33422,7 @@ sip=`ip_to_hex 10 0 0 10`
 tip=`ip_to_hex 10 0 0 50`
 test_arp vif-north2 f0f00022 $sip $tip
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=f0:f0:00:00:00:22 | wc -l`]
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep dl_src=f0:f0:00:00:00:22 | wc -l`]
 )
 
 echo "Send traffic South to North2"
@@ -33438,7 +33438,7 @@ sip=`ip_to_hex 192 168 0 10`
 tip=`ip_to_hex 192 168 0 50`
 test_arp vif-north3 f0f00033 $sip $tip
 OVS_WAIT_UNTIL(
-[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=67 | grep 
dl_src=f0:f0:00:00:00:33 | wc -l`]
+[test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | 
grep 

Re: [ovs-dev] [PATCH ovn v3] controller: Avoid double controller action for ICMP errors.

[0-day Robot]

Bleep bloop.  Greetings Ales Musil, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Comment with 'xxx' marker
#241 FILE: controller/pinctrl.c:6422:
/* XXX: This handler can be removed in next version (25.03). */

Lines checked: 404, Warnings: 1, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 28/29] utilities: Add ovn-debug binary tool.

[Ales Musil]

Add ovn-debug binary tool that can be extended with commands that
might be useful for tests/debugging of OVN environment. Currently
the tool supports only two commands:

1) "lflow-stage-to-ltable STAGE_NAME" that converts stage name into
   logical flow table id.

2) "lflow-stage-to-oftable STAGE_NAME" that converts stage name into
   OpenFlow table id.

For now it will be used in tests to get rid remaining hardcoded table
numbers.

Signed-off-by: Ales Musil 
---
 NEWS   |   5 ++
 README.rst |   1 +
 debian/ovn-common.install  |   1 +
 debian/ovn-common.manpages |   1 +
 rhel/ovn-fedora.spec.in|   2 +
 utilities/.gitignore   |   2 +
 utilities/automake.mk  |  10 ++-
 utilities/ovn-debug.8.xml  |  28 +++
 utilities/ovn-debug.c  | 155 +
 9 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 utilities/ovn-debug.8.xml
 create mode 100644 utilities/ovn-debug.c

diff --git a/NEWS b/NEWS
index a3953df13..650d625d5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,10 @@
 Post v24.03.0
 -
+  - Add ovn-debug tool containing two commands.
+"lflow-stage-to-ltable STAGE_NAME" that converts stage name into logical
+flow table id.
+"lflow-stage-to-oftable STAGE_NAME" that converts stage name into OpenFlow
+table id.
 
 OVN v24.03.0 - xx xxx 
 --
diff --git a/README.rst b/README.rst
index 6fb717742..428cd8ee8 100644
--- a/README.rst
+++ b/README.rst
@@ -56,6 +56,7 @@ The main components of this distribution are:
 - ovn-sbctl, a tool for interfacing with the southbound database.
 - ovn-trace, a debugging utility that allows for tracing of packets through
   the logical network.
+- ovn-debug, a tool to simplify debugging of OVN setup.
 - Scripts and specs for building RPMs.
 
 What other documentation is available?
diff --git a/debian/ovn-common.install b/debian/ovn-common.install
index 050d1c63a..fc48f07e4 100644
--- a/debian/ovn-common.install
+++ b/debian/ovn-common.install
@@ -5,6 +5,7 @@ usr/bin/ovn-ic-nbctl
 usr/bin/ovn-ic-sbctl
 usr/bin/ovn-trace
 usr/bin/ovn_detrace.py
+usr/bin/ovn-debug
 usr/share/ovn/scripts/ovn-ctl
 usr/share/ovn/scripts/ovndb-servers.ocf
 usr/share/ovn/scripts/ovn-lib
diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages
index 1fa3d9cb3..e864512e3 100644
--- a/debian/ovn-common.manpages
+++ b/debian/ovn-common.manpages
@@ -11,3 +11,4 @@ utilities/ovn-ic-nbctl.8
 utilities/ovn-ic-sbctl.8
 utilities/ovn-trace.8
 utilities/ovn-detrace.1
+utilities/ovn-debug.8
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 03c1f27c5..670f1ca9e 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -495,6 +495,7 @@ fi
 %{_bindir}/ovn-appctl
 %{_bindir}/ovn-ic-nbctl
 %{_bindir}/ovn-ic-sbctl
+%{_bindir}/ovn-debug
 %{_datadir}/ovn/scripts/ovn-ctl
 %{_datadir}/ovn/scripts/ovn-lib
 %{_datadir}/ovn/scripts/ovndb-servers.ocf
@@ -515,6 +516,7 @@ fi
 %{_mandir}/man8/ovn-ic.8*
 %{_mandir}/man5/ovn-ic-nb.5*
 %{_mandir}/man5/ovn-ic-sb.5*
+%{_mandir}/man8/ovn-debug.8*
 %{_prefix}/lib/ocf/resource.d/ovn/ovndb-servers
 %config(noreplace) %{_sysconfdir}/logrotate.d/ovn
 %{_unitdir}/ovn-db@.service
diff --git a/utilities/.gitignore b/utilities/.gitignore
index da237563b..3ae97b00f 100644
--- a/utilities/.gitignore
+++ b/utilities/.gitignore
@@ -13,6 +13,8 @@
 /ovn-trace.8
 /ovn_detrace.py
 /ovn-detrace.1
+/ovn-debug
+/ovn-debug.8
 /ovn-docker-overlay-driver
 /ovn-docker-underlay-driver
 /ovn-lib
diff --git a/utilities/automake.mk b/utilities/automake.mk
index c44563c26..6a2b96e66 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -11,7 +11,8 @@ man_MANS += \
 utilities/ovn-ic-sbctl.8 \
 utilities/ovn-trace.8 \
 utilities/ovn-detrace.1 \
-utilities/ovn-appctl.8
+utilities/ovn-appctl.8 \
+utilities/ovn-debug.8
 
 MAN_ROOTS += \
 utilities/ovn-detrace.1.in
@@ -34,6 +35,7 @@ EXTRA_DIST += \
 utilities/ovn-ic-sbctl.8.xml \
 utilities/ovn-appctl.8.xml \
 utilities/ovn-trace.8.xml \
+utilities/ovn-debug.8.xml \
 utilities/ovn_detrace.py.in \
 utilities/ovndb-servers.ocf \
 utilities/checkpatch.py \
@@ -62,6 +64,7 @@ CLEANFILES += \
 utilities/ovn-ic-nbctl.8 \
 utilities/ovn-ic-sbctl.8 \
 utilities/ovn-trace.8 \
+utilities/ovn-debug.8 \
 utilities/ovn-detrace.1 \
 utilities/ovn-detrace \
 utilities/ovn_detrace.py \
@@ -119,4 +122,9 @@ UNINSTALL_LOCAL += ovn-detrace-uninstall
 ovn-detrace-uninstall:
rm -f $(DESTDIR)$(bindir)/ovn-detrace
 
+# ovn-debug
+bin_PROGRAMS += utilities/ovn-debug
+utilities_ovn_debug_SOURCES = utilities/ovn-debug.c
+utilities_ovn_debug_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la 
$(OVS_LIBDIR)/libopenvswitch.la
+
 include utilities/bugtool/automake.mk
diff --git a/utilities/ovn-debug.8.xml b/utilities/ovn-debug.8.xml
new file mode 100644
index 0..bdd208328
--- /dev/null
+++ 

[ovs-dev] [PATCH ovn v2 26/29] tests: Add macro for OFTABLE_MAC_CACHE_USE table number.

[Ales Musil]

Add macro for OFTABLE_MAC_CACHE_USE and replace all table=79
occurrences in OF with table=OFTABLE_MAC_CACHE_USE.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 12 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 975b70143..84e50d76f 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1009,3 +1009,4 @@ m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
 m4_define([OFTABLE_ECMP_NH_MAC], [76])
 m4_define([OFTABLE_ECMP_NH], [77])
 m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
+m4_define([OFTABLE_MAC_CACHE_USE], [79])
diff --git a/tests/ovn.at b/tests/ovn.at
index 2f8aa4840..0bbf3d6da 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -34796,9 +34796,9 @@ wait_row_count mac_binding 1 ip="192.168.10.20"
 dp_key=$(printf "0x%x" $(as hv1 fetch_column datapath tunnel_key 
external_ids:name=gw))
 port_key=$(printf "0x%x" $(as hv1 fetch_column port_binding tunnel_key 
logical_port=gw-public))
 
-AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=79 --no-stats | 
strip_cookie | sort], [0], [dnl
- table=79, 
priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
 actions=drop
- table=79, 
priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
 actions=drop
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_MAC_CACHE_USE --no-stats | strip_cookie | sort], [0], [dnl
+ table=OFTABLE_MAC_CACHE_USE, 
priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:10,nw_src=192.168.10.10
 actions=drop
+ table=OFTABLE_MAC_CACHE_USE, 
priority=100,ip,reg14=${port_key},metadata=${dp_key},dl_src=00:00:00:00:10:20,nw_src=192.168.10.20
 actions=drop
 ])
 
 timestamp=$(fetch_column mac_binding timestamp ip="192.168.10.20")
@@ -34806,8 +34806,8 @@ timestamp=$(fetch_column mac_binding timestamp 
ip="192.168.10.20")
 send_udp hv1 ext1 10
 send_udp hv2 ext2 20
 
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=79 | grep 
"192.168.10.10" | grep -q "n_packets=1"])
-OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=79 | grep 
"192.168.10.20" | grep -q "n_packets=1"])
+OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE 
| grep "192.168.10.10" | grep -q "n_packets=1"])
+OVS_WAIT_UNTIL([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE 
| grep "192.168.10.20" | grep -q "n_packets=1"])
 
 # Set the MAC binding aging threshold
 AT_CHECK([ovn-nbctl set logical_router gw options:mac_binding_age_threshold=5])
@@ -34835,7 +34835,7 @@ OVS_WAIT_UNTIL([
 test "0" = "$(ovn-sbctl list mac_binding | grep -c '192.168.10.20')"
 ])
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=79 --no-stats | 
strip_cookie], [0], [])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE 
--no-stats | strip_cookie], [0], [])
 
 # Test CIDR-based threshold configuration
 check ovn-nbctl set logical_router gw 
options:mac_binding_age_threshold="192.168.10.0/255.255.255.0:2;192.168.10.64/26:0;192.168.10.20:0"
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 29/29] tests: Use the ovn-debug binary to determine table numbers.

[Ales Musil]

Use the ovn-debug commands to determine OpenFlow table numbers
based on stage name. With this there is no need to hardcode them
and it should be future proof for stage shifts/updates.

Signed-off-by: Ales Musil 
---
 tests/ovn-controller.at  | 342 +++---
 tests/ovn.at | 389 ++-
 tests/system-ovn-kmod.at |  16 +-
 tests/system-ovn.at  |  20 +-
 4 files changed, 438 insertions(+), 329 deletions(-)

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index f77e032d4..66e870876 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -901,6 +901,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
 wait_for_ports_up
 ovn-appctl -t ovn-controller vlog/set file:dbg
 
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
 dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1))
 port_key=$(printf "%x" $(fetch_column port_binding tunnel_key 
logical_port=ls1-lp1))
 
@@ -918,14 +922,14 @@ for i in $(seq 10); do
 check ovn-nbctl add address_set as1 addresses 10.0.0.$i
 check ovn-nbctl --wait=hv sync
 if test "$i" = 3; then
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=$acl_eval,reg15=0x$port_key | \
 grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
 ])
 fi
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c 
"priority=1100"], [0], [$i
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 
"priority=1100"], [0], [$i
 ])
 done
 
@@ -940,15 +944,15 @@ for i in $(seq 10); do
 check ovn-nbctl remove address_set as1 addresses 10.0.0.$i
 check ovn-nbctl --wait=hv sync
 if test "$i" = 9; then
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=$acl_eval,reg15=0x$port_key | \
 grep -v reply | awk '{print $7, $8}'], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
 ])
 fi
 if test "$i" = 10; then
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep 
"priority=1100"], [1], [ignore])
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep 
"priority=1100"], [1], [ignore])
 else
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c 
"priority=1100"], [0], [$((10 - $i))
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep 
-c "priority=1100"], [0], [$((10 - $i))
 ])
 fi
 done
@@ -966,17 +970,17 @@ for i in $(seq 10); do
 check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i
 check ovn-nbctl --wait=hv sync
 if test "$i" = 3; then
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int 
table=$acl_eval,reg15=0x$port_key | \
 grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)

[ovs-dev] [PATCH ovn v2 22/29] tests: Add macro for OFTABLE_CHK_OUT_PORT_SEC table number.

[Ales Musil]

Add macro for OFTABLE_CHK_OUT_PORT_SEC and replace all table=75
occurrences in OF with table=OFTABLE_CHK_OUT_PORT_SEC.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 121 ++--
 2 files changed, 62 insertions(+), 60 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index d3e027424..29195fc50 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1005,3 +1005,4 @@ m4_define([OFTABLE_GET_FDB], [71])
 m4_define([OFTABLE_LOOKUP_FDB], [72])
 m4_define([OFTABLE_CHK_IN_PORT_SEC], [73])
 m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74])
+m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
diff --git a/tests/ovn.at b/tests/ovn.at
index e05eef808..2f8aa4840 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -34273,15 +34273,16 @@ sw0p2_key=$(printf "%x" $(fetch_column Port_Binding 
tunnel_key logical_port=sw0p
 
 in_port_sec=OFTABLE_CHK_IN_PORT_SEC
 in_port_sec_nd=OFTABLE_CHK_IN_PORT_SEC_ND
+out_port_sec=OFTABLE_CHK_OUT_PORT_SEC
 
 # There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, 74 and 75 in hv1 
and hv2
 > hv1_t${in_port_sec}_flows.expected
 > hv1_t${in_port_sec_nd}_flows.expected
-> hv1_t75_flows.expected
+> hv1_t${out_port_sec}_flows.expected
 
 > hv2_t${in_port_sec}_flows.expected
 > hv2_t${in_port_sec_nd}_flows.expected
-> hv2_t75_flows.expected
+> hv2_t${out_port_sec}_flows.expected
 
 check_port_sec_offlows() {
 hv=$1
@@ -34293,11 +34294,11 @@ check_port_sec_offlows() {
 
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND
-check_port_sec_offlows hv1 75
+check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC
 
 check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND
-check_port_sec_offlows hv2 75
+check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC
 
 # Set port security for sw0p1
 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03"
@@ -34319,18 +34320,18 @@ echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=80,arp,reg14=0x$sw0p1_key,meta
 
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND
 
-echo " table=75, priority=80,reg15=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t75_flows.expected
+echo " table=OFTABLE_CHK_OUT_PORT_SEC, 
priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]]
+ table=OFTABLE_CHK_OUT_PORT_SEC, 
priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t${out_port_sec}_flows.expected
 
-check_port_sec_offlows hv1 75
+check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC
 
 > hv2_t${in_port_sec}_flows.expected
 > hv2_t${in_port_sec_nd}_flows.expected
-> hv2_t75_flows.expected
+> hv2_t${out_port_sec}_flows.expected
 
 check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC
 check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND
-check_port_sec_offlows hv2 75
+check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC
 
 # Add IPv4 addresses to sw0p1
 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03 
10.0.0.3" "00:00:00:00:00:13 10.0.0.13"
@@ -34358,25 +34359,25 @@ echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, 
priority=80,arp,reg14=0x$sw0p1_key,meta
 
 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND
 
-echo " table=75, priority=80,reg15=0x$sw0p1_key,metadata=0x1 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 
actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 
actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, 
priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=10.0.0.3
 actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=224.0.0.0/4
 actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=255.255.255.255
 actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=10.0.0.13
 actions=load:0->NXM_NX_REG10[[12]]
- table=75, 
priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=224.0.0.0/4
 actions=load:0->NXM_NX_REG10[[12]]
- table=75, 

[ovs-dev] [PATCH ovn v2 23/29] tests: Add macro for OFTABLE_ECMP_NH_MAC table number.

[Ales Musil]

Add macro for OFTABLE_ECMP_NH_MAC and replace all table=76
occurrences in OF with table=OFTABLE_ECMP_NH_MAC.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at | 1 +
 tests/system-ovn.at | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 29195fc50..e86f6ec81 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1006,3 +1006,4 @@ m4_define([OFTABLE_LOOKUP_FDB], [72])
 m4_define([OFTABLE_CHK_IN_PORT_SEC], [73])
 m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74])
 m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
+m4_define([OFTABLE_ECMP_NH_MAC], [76])
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 8e3acd57e..eba489ebe 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -6156,7 +6156,7 @@ 
tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(sr
 ])
 # Check entries in table 76 and 77 expires w/o traffic
 OVS_WAIT_UNTIL([
-test $(ovs-ofctl dump-flows br-int | grep -c 'table=76, n_packets') -eq 0
+test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH_MAC, 
n_packets') -eq 0
 ])
 OVS_WAIT_UNTIL([
 test $(ovs-ofctl dump-flows br-int | grep -c 'table=77, n_packets') -eq 0
@@ -6349,7 +6349,7 @@ 
tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd
 
 # Check entries in table 76 and 77 expires w/o traffic
 OVS_WAIT_UNTIL([
-test $(ovs-ofctl dump-flows br-int | grep -c 'table=76, n_packets') -eq 0
+test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH_MAC, 
n_packets') -eq 0
 ])
 OVS_WAIT_UNTIL([
 test $(ovs-ofctl dump-flows br-int | grep -c 'table=77, n_packets') -eq 0
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 25/29] tests: Add macro for OFTABLE_CHK_LB_AFFINITY table number.

[Ales Musil]

Add macro for OFTABLE_CHK_LB_AFFINITY and replace all table=78
occurrences in OF with table=OFTABLE_CHK_LB_AFFINITY.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at  |  1 +
 tests/system-ovn-kmod.at | 16 
 tests/system-ovn.at  |  6 +++---
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index a820e91c4..975b70143 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1008,3 +1008,4 @@ m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74])
 m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
 m4_define([OFTABLE_ECMP_NH_MAC], [76])
 m4_define([OFTABLE_ECMP_NH], [77])
+m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at
index 88c72edcd..454dacd73 100644
--- a/tests/system-ovn-kmod.at
+++ b/tests/system-ovn-kmod.at
@@ -146,8 +146,8 @@ 
tcp,orig=(src=172.16.1.2,dst=172.16.1.100,sport=,dport=),reply
 ])
 
 dp_key=$(printf "0x%x" $(fetch_column datapath tunnel_key 
external_ids:name=R2))
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=78 --no-stats | 
strip_cookie | sed -e 's/load:0xc0a80[[0-9]]02/load:0xc0a8002/'], [0], 
[dnl
- table=78, idle_timeout=60, 
tcp,metadata=$dp_key,nw_src=172.16.1.2,nw_dst=172.16.1.100,tp_dst=8080 
actions=load:0x1->NXM_NX_REG10[[14]],load:0xc0a8002->NXM_NX_REG4[[]],load:0x50->NXM_NX_REG8[[0..15]]
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY 
--no-stats | strip_cookie | sed -e 
's/load:0xc0a80[[0-9]]02/load:0xc0a8002/'], [0], [dnl
+ table=OFTABLE_CHK_LB_AFFINITY, idle_timeout=60, 
tcp,metadata=$dp_key,nw_src=172.16.1.2,nw_dst=172.16.1.100,tp_dst=8080 
actions=load:0x1->NXM_NX_REG10[[14]],load:0xc0a8002->NXM_NX_REG4[[]],load:0x50->NXM_NX_REG8[[0..15]]
 ])
 
 check_affinity_flows () {
@@ -178,7 +178,7 @@ ovn-nbctl lr-lb-add R2 lb11-no-aff
 OVS_WAIT_FOR_OUTPUT([
 for i in $(seq 1 5); do
 NS_EXEC([alice1], [nc -z 172.16.1.101 8080])
-ovs-ofctl del-flows br-int table=78
+ovs-ofctl del-flows br-int table=OFTABLE_CHK_LB_AFFINITY
 done
 
 dnl Each server should have at least one connection.
@@ -235,7 +235,7 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 OVS_WAIT_FOR_OUTPUT([
 for i in $(seq 1 5); do
 NS_EXEC([foo1], [nc -z 192.168.2.101 8080])
-ovs-ofctl del-flows br-int table=78
+ovs-ofctl del-flows br-int table=OFTABLE_CHK_LB_AFFINITY
 done
 
 dnl Each server should have at least one connection.
@@ -443,8 +443,8 @@ 
tcp,orig=(src=fd72::2,dst=fd30::1,sport=,dport=),reply=(src=fd
 ])
 
 dp_key=$(printf "0x%x" $(fetch_column datapath tunnel_key 
external_ids:name=R2))
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=78 --no-stats | 
strip_cookie | sed -e 
's/load:0xfd1[[0-9]]/load:0xfd1/'], [0], [dnl
- table=78, idle_timeout=60, 
tcp6,metadata=$dp_key,ipv6_src=fd72::2,ipv6_dst=fd30::1,tp_dst=8080 
actions=load:0x1->NXM_NX_REG10[[14]],load:0x2->NXM_NX_XXREG1[[0..63]],load:0xfd1->NXM_NX_XXREG1[[64..127]],load:0x50->NXM_NX_REG8[[0..15]]
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY 
--no-stats | strip_cookie | sed -e 
's/load:0xfd1[[0-9]]/load:0xfd1/'], [0], [dnl
+ table=OFTABLE_CHK_LB_AFFINITY, idle_timeout=60, 
tcp6,metadata=$dp_key,ipv6_src=fd72::2,ipv6_dst=fd30::1,tp_dst=8080 
actions=load:0x1->NXM_NX_REG10[[14]],load:0x2->NXM_NX_XXREG1[[0..63]],load:0xfd1->NXM_NX_XXREG1[[64..127]],load:0x50->NXM_NX_REG8[[0..15]]
 ])
 
 check_affinity_flows () {
@@ -475,7 +475,7 @@ ovn-nbctl lr-lb-add R2 lb11-no-aff
 OVS_WAIT_FOR_OUTPUT([
 for i in $(seq 1 5); do
 NS_EXEC([alice1], [nc -z fd30::2 8080])
-ovs-ofctl del-flows br-int table=78
+ovs-ofctl del-flows br-int table=OFTABLE_CHK_LB_AFFINITY
 done
 
 dnl Each server should have at least one connection.
@@ -530,7 +530,7 @@ ovn-nbctl ls-lb-add foo lb30-no-aff
 OVS_WAIT_FOR_OUTPUT([
 for i in $(seq 1 5); do
 NS_EXEC([foo1], [nc -z fd12::b 8080])
-ovs-ofctl del-flows br-int table=78
+ovs-ofctl del-flows br-int table=OFTABLE_CHK_LB_AFFINITY
 done
 
 ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd12::b) | grep -v fe80 | \
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index fcede2588..a2548314e 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -12128,10 +12128,10 @@ OVS_WAIT_UNTIL([
 ip netns exec vm1 nc -z 43.43.43.43 80 &> /dev/null
 ])
 
-OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int | grep 'table=78, 
n_packets' -c) -eq 1])
+OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int | grep 
'table=OFTABLE_CHK_LB_AFFINITY, n_packets' -c) -eq 1])
 
 dnl Find the backend that was hit.
-backend=$(ovs-ofctl dump-flows br-int table=78 | \
+backend=$(ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY | \
 grep -oE 'load:0x2a2a2a0[[12]]' | sed -n 's/load:0x2a2a2a0\(.*\)/\1/p')
 
 dnl Remove the backend that was 

[ovs-dev] [PATCH ovn v2 27/29] checkpatch: Add rule to check for hardcoded table numbers.

[Ales Musil]

To avoid issues with hardcoded table numbers in future add rule
into check patch. The rule is only warning because there are still
legitimate use cases and not everything can be abstracted.

Signed-off-by: Ales Musil 
---
 utilities/checkpatch.py | 12 
 1 file changed, 12 insertions(+)

diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py
index 52d3fa845..9f7a48c7c 100755
--- a/utilities/checkpatch.py
+++ b/utilities/checkpatch.py
@@ -202,6 +202,7 @@ __regex_if_macros = re.compile(r'^ +(%s) 
\([\S]([\s\S]+[\S])*\) { +\\' %
__parenthesized_constructs)
 __regex_nonascii_characters = re.compile("[^\u-\u007f]")
 __regex_efgrep = re.compile(r'.*[ef]grep.*$')
+__regex_hardcoded_table = re.compile(r'(table=[0-9]+)|(resubmit\(,[0-9]+\))')
 
 skip_leading_whitespace_check = False
 skip_trailing_whitespace_check = False
@@ -371,6 +372,10 @@ def has_efgrep(line):
 """Returns TRUE if the current line contains 'egrep' or 'fgrep'."""
 return __regex_efgrep.match(line) is not None
 
+def has_hardcoded_table(line):
+"""Return TRUE if the current line contains table= or
+   resubmit(,)"""
+return __regex_hardcoded_table.match(line) is not None
 
 def filter_comments(current_line, keep=False):
 """remove all of the c-style comments in a line"""
@@ -656,6 +661,13 @@ checks = [
  'check': lambda x: has_efgrep(x),
  'print':
  lambda: print_error("grep -E/-F should be used instead of egrep/fgrep")},
+
+{'regex': r'\.at$', 'match_name': None,
+ 'check': lambda x: has_hardcoded_table(x),
+ 'print':
+ lambda: print_warning("Use of hardcoded table= or"
+   " resubmit=(,) is discouraged in tests."
+   " Consider using MACRO instead.")},
 ]
 
 
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 15/29] tests: Add macro for OFTABLE_CHK_LB_HAIRPIN table number.

[Ales Musil]

Add macro for OFTABLE_CHK_LB_HAIRPIN and replace all table=68
occurrences in OF with table=OFTABLE_CHK_LB_HAIRPIN.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 316 ++--
 2 files changed, 159 insertions(+), 158 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index c3cab516b..adf2dc8f3 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -998,3 +998,4 @@ m4_define([OFTABLE_LOCAL_OUTPUT], [40])
 m4_define([OFTABLE_LOG_TO_PHY], [65])
 m4_define([OFTABLE_MAC_BINDING], [66])
 m4_define([OFTABLE_MAC_LOOKUP], [67])
+m4_define([OFTABLE_CHK_LB_HAIRPIN], [68])
diff --git a/tests/ovn.at b/tests/ovn.at
index 7f280545b..4db065902 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -30502,7 +30502,7 @@ check ovn-nbctl lb-add lb-ipv6-tcp [[8800::0088]]:8080 
[[4200::1]]:4041 tcp
 check ovn-nbctl lb-add lb-ipv6 8800::0089 4200::2
 check ovn-nbctl --wait=hv lb-add lb-ipv6-udp [[8800::0088]]:4040 
[[4200::1]]:2021 udp
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=69 | grep -v NXST], [1], 
[dnl
@@ -30511,7 +30511,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=69 | 
grep -v NXST], [1], [dnl
 AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | grep -v NXST], [1], 
[dnl
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST], [1], 
[dnl
@@ -30523,11 +30523,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 
| grep -v NXST], [1], [dnl
 check ovn-nbctl --wait=hv ls-lb-add sw0 lb-ipv4-tcp
 
 OVS_WAIT_UNTIL(
-[test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v NXST) -eq 
1]
+[test $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -c -v NXST) -eq 1]
 )
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | grep 
-v NXST], [0], [dnl
- table=68, 
priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0x,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
 
actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CHK_LB_HAIRPIN, 
priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0x,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
 
actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69], [0], [dnl
@@ -30538,7 +30538,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=70 | 
ofctl_strip_all | grep -
  table=70, priority=100,tcp,reg1=0x58585858,reg2=0x1f90/0x 
actions=ct(commit,zone=NXM_NX_REG12[[0..15]],nat(src=88.88.88.88))
 ])
 
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=68 | grep -v NXST], [1], 
[dnl
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -v NXST], [1], [dnl
 ])
 
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=69 | grep -v NXST], [1], 
[dnl
@@ -30550,13 +30550,13 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=70 
| grep -v NXST], [1], [dnl
 check ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.90:8080 
42.42.42.42:4041,52.52.52.52:4042 tcp
 
 OVS_WAIT_UNTIL(
-[test $(as hv1 ovs-ofctl dump-flows br-int table=68 | grep -c -v NXST) -eq 
3]
+[test $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_HAIRPIN | 
grep -c -v NXST) -eq 3]
 )
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=68 | ofctl_strip_all | grep 
-v NXST], [0], [dnl
- table=68, 
priority=100,ct_mark=0x2/0x2,tcp,reg1=0x58585858,reg2=0x1f90/0x,nw_src=42.42.42.1,nw_dst=42.42.42.1,tp_dst=4041
 
actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.88,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
- table=68, 
priority=100,ct_mark=0x2/0x2,tcp,reg1=0x5858585a,reg2=0x1f90/0x,nw_src=42.42.42.42,nw_dst=42.42.42.42,tp_dst=4041
 
actions=load:0x1->NXM_NX_REG10[[7]],learn(table=69,delete_learned,OXM_OF_METADATA[[]],eth_type=0x800,NXM_OF_IP_SRC[[]],ip_dst=88.88.88.90,nw_proto=6,NXM_OF_TCP_SRC[[]]=NXM_OF_TCP_DST[[]],load:0x1->NXM_NX_REG10[[7]])
- table=68, 

[ovs-dev] [PATCH ovn v2 16/29] tests: Add macro for OFTABLE_CHK_LB_HAIRPIN_REPLY table number.

[Ales Musil]

Add macro for OFTABLE_CHK_LB_HAIRPIN_REPLY and replace all table=69
occurrences in OF with table=OFTABLE_CHK_LB_HAIRPIN_REPLY.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |   1 +
 tests/ovn.at| 404 ++--
 2 files changed, 203 insertions(+), 202 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index adf2dc8f3..5c79f0cea 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -999,3 +999,4 @@ m4_define([OFTABLE_LOG_TO_PHY], [65])
 m4_define([OFTABLE_MAC_BINDING], [66])
 m4_define([OFTABLE_MAC_LOOKUP], [67])
 m4_define([OFTABLE_CHK_LB_HAIRPIN], [68])
+m4_define([OFTABLE_CHK_LB_HAIRPIN_REPLY], [69])
diff --git a/tests/ovn.at b/tests/ovn.at
index 4db065902..b1ad3ed37 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -27662,9 +27662,9 @@ send_ipv4_pkt hv1 hv1-vif1 0001 0100 \
 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
 
 # Check learned hairpin reply flows.
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=69 | 
ofctl_strip_all | grep -v NXST], [0], [dnl
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.88,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.88,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
 ])
 
 # Change LB Hairpin SNAT IP.
@@ -27695,9 +27695,9 @@ send_ipv4_pkt hv1 hv1-vif1 0001 0100 \
 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
 
 # Check learned hairpin reply flows.
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=69 | 
ofctl_strip_all | grep -v NXST], [0], [dnl
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
 ])
 
 AS_BOX([IPv4 UDP Hairpin])
@@ -27725,11 +27725,11 @@ send_ipv4_pkt hv1 hv1-vif1 0001 0100 \
 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
 
 # Check learned hairpin reply flows.
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=69 | 
ofctl_strip_all | grep -v NXST], [0], [dnl
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.88,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_CHK_LB_HAIRPIN_REPLY | ofctl_strip_all | grep -v NXST], [0], [dnl
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.88,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
+ table=OFTABLE_CHK_LB_HAIRPIN_REPLY, 
udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
 ])
 
 # Change LB Hairpin SNAT IP.
@@ -27759,11 +27759,11 @@ send_ipv4_pkt hv1 hv1-vif1 0001 0100 \
 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
 
 # Check learned hairpin reply flows.
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=69 | 
ofctl_strip_all | grep -v NXST], [0], [dnl
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, tcp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=4041 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.87,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
- table=69, udp,metadata=0x1,nw_src=42.42.42.1,nw_dst=88.88.88.89,tp_src=2021 
actions=load:0x1->NXM_NX_REG10[[7]]
+OVS_WAIT_FOR_OUTPUT([as hv1 

[ovs-dev] [PATCH ovn v2 18/29] tests: Add macro for OFTABLE_GET_FDB table number.

[Ales Musil]

Add macro for OFTABLE_GET_FDB and replace all table=71
occurrences in OF with table=OFTABLE_GET_FDB.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 16 
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 392f220cc..ecb46a80b 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1001,3 +1001,4 @@ m4_define([OFTABLE_MAC_LOOKUP], [67])
 m4_define([OFTABLE_CHK_LB_HAIRPIN], [68])
 m4_define([OFTABLE_CHK_LB_HAIRPIN_REPLY], [69])
 m4_define([OFTABLE_CT_SNAT_HAIRPIN], [70])
+m4_define([OFTABLE_GET_FDB], [71])
diff --git a/tests/ovn.at b/tests/ovn.at
index f648fef2d..82e2b0532 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -31625,8 +31625,8 @@ check_column $sw0p1_dpkey fdb port_key
 
 # Make sure that OVS tables 71 and 72 are populated on both hv1 and hv2.
 AS_BOX([Check that ovn-controller programs the flows for FDB])
-as hv1 ovs-ofctl dump-flows br-int table=71 > hv1_offlows_table71.txt
-as hv2 ovs-ofctl dump-flows br-int table=71 > hv2_offlows_table71.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv1_offlows_table71.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv2_offlows_table71.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table71.txt])
 AT_CAPTURE_FILE([hv2_offlows_table71.txt])
@@ -31660,7 +31660,7 @@ wait_for_ports_up sw0-p4
 #as hv3 ovn-appctl -t ovn-controller recompute
 check ovn-nbctl --wait=hv sync
 
-as hv3 ovs-ofctl dump-flows br-int table=71 > hv3_offlows_table71.txt
+as hv3 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv3_offlows_table71.txt
 as hv3 ovs-ofctl dump-flows br-int table=72 > hv3_offlows_table72.txt
 
 
@@ -31692,9 +31692,9 @@ check_column "$sw0_dpkey $sw0_dpkey" fdb dp_key
 check_column "$sw0p1_dpkey $sw0p1_dpkey" fdb port_key
 
 # Make sure that OVS tables 71 and 72 are populated on hv1, hv2 and hv3.
-as hv1 ovs-ofctl dump-flows br-int table=71 > hv1_offlows_table71.txt
-as hv2 ovs-ofctl dump-flows br-int table=71 > hv2_offlows_table71.txt
-as hv3 ovs-ofctl dump-flows br-int table=71 > hv3_offlows_table71.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv1_offlows_table71.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv2_offlows_table71.txt
+as hv3 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv3_offlows_table71.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table71.txt])
 AT_CAPTURE_FILE([hv2_offlows_table71.txt])
@@ -31896,8 +31896,8 @@ OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected])
 OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected])
 
 # Make sure that OVS tables 71 and 72 are empty.
-as hv1 ovs-ofctl dump-flows br-int table=71 > hv1_offlows_table71.txt
-as hv2 ovs-ofctl dump-flows br-int table=71 > hv2_offlows_table71.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv1_offlows_table71.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv2_offlows_table71.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table71.txt])
 AT_CAPTURE_FILE([hv2_offlows_table71.txt])
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 24/29] tests: Add macro for OFTABLE_ECMP_NH table number.

[Ales Musil]

Add macro for OFTABLE_ECMP_NH and replace all table=77
occurrences in OF with table=OFTABLE_ECMP_NH.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at | 1 +
 tests/system-ovn.at | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index e86f6ec81..a820e91c4 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1007,3 +1007,4 @@ m4_define([OFTABLE_CHK_IN_PORT_SEC], [73])
 m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74])
 m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75])
 m4_define([OFTABLE_ECMP_NH_MAC], [76])
+m4_define([OFTABLE_ECMP_NH], [77])
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index eba489ebe..fcede2588 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -6159,7 +6159,7 @@ OVS_WAIT_UNTIL([
 test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH_MAC, 
n_packets') -eq 0
 ])
 OVS_WAIT_UNTIL([
-test $(ovs-ofctl dump-flows br-int | grep -c 'table=77, n_packets') -eq 0
+test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH, 
n_packets') -eq 0
 ])
 
 ovs-ofctl dump-flows br-int
@@ -6352,7 +6352,7 @@ OVS_WAIT_UNTIL([
 test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH_MAC, 
n_packets') -eq 0
 ])
 OVS_WAIT_UNTIL([
-test $(ovs-ofctl dump-flows br-int | grep -c 'table=77, n_packets') -eq 0
+test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH, 
n_packets') -eq 0
 ])
 
 ovs-ofctl dump-flows br-int
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 13/29] tests: Add macro for OFTABLE_MAC_BINDING table number.

[Ales Musil]

Add macro for OFTABLE_MAC_BINDING and replace all table=66
occurrences in OF with table=OFTABLE_MAC_BINDING.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 12 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 8d00c7729..6550f0cf4 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -996,3 +996,4 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
 m4_define([OFTABLE_REMOTE_OUTPUT], [39])
 m4_define([OFTABLE_LOCAL_OUTPUT], [40])
 m4_define([OFTABLE_LOG_TO_PHY], [65])
+m4_define([OFTABLE_MAC_BINDING], [66])
diff --git a/tests/ovn.at b/tests/ovn.at
index 80ad679f3..10fed0281 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -11579,7 +11579,7 @@ test_ip_packet()
 AT_CAPTURE_FILE([offlows])
 OVS_WAIT_UNTIL([
 as $active_gw ovs-ofctl dump-flows br-int > offlows
-test `grep table=66 offlows | grep 
actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
+test `grep table=OFTABLE_MAC_BINDING offlows | grep 
actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
 ])
 
 # Packet to Expect at ext1 chassis, outside1 port
@@ -11842,7 +11842,7 @@ test_ip_packet()
 check as ext1 ovs-appctl netdev-dummy/receive ext1-vif1 $arp_reply
 
 OVS_WAIT_UNTIL([
-test `as $active_gw ovs-ofctl dump-flows br-int | grep table=66 | \
+test `as $active_gw ovs-ofctl dump-flows br-int | grep 
table=OFTABLE_MAC_BINDING | \
 grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
 ])
 
@@ -12554,7 +12554,7 @@ 
packet=${foo_mac}${foo1_mac}080045284006a916${foo1_ip}${dst_ip}00351
 
 AS_BOX([Wait for GARPs announcing gw IP to arrive])
 OVS_WAIT_UNTIL([
-test `as hv2 ovs-ofctl dump-flows br-int | grep table=66 | \
+test `as hv2 ovs-ofctl dump-flows br-int | grep table=OFTABLE_MAC_BINDING 
| \
 grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
 ])
 
@@ -31834,7 +31834,7 @@ ovn-sbctl create mac_binding ip=10.0.0.14 
logical_port=lr0-sw0 \
 mac="50\:54\:00\:00\:00\:14" datapath=$lr0_dp_uuid
 
 # Wait till the mac_binding flows appear in hv1
-OVS_WAIT_UNTIL([test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=66 \
+OVS_WAIT_UNTIL([test 1 = $(as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_MAC_BINDING \
 | grep -c  reg0=0xa0e)])
 
 src_mac=40540004
@@ -34118,7 +34118,7 @@ ovn-nbctl --wait=hv lr-route-add lr0 0.0.0.0/0 
172.16.1.1
 
 test_mac_binding_flows() {
 local priority=$1 mac=$2 count=$3
-OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int | grep table=66 | grep 
priority=${priority} | grep actions=mod_dl_dst:${mac} | wc -l) -eq ${count}])
+OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int | grep 
table=OFTABLE_MAC_BINDING | grep priority=${priority} | grep 
actions=mod_dl_dst:${mac} | wc -l) -eq ${count}])
 }
 # Create SB MAC_Binding entry on external gateway port
 lr0_dp_uuid=$(fetch_column datapath_binding _uuid external_ids:name=lr0)
@@ -34216,7 +34216,7 @@ check ovn-nbctl --wait=sb sync
 
 test_mac_binding_flows() {
 local hv=$1 mac=$2 count=$3
-OVS_WAIT_UNTIL([test $(as $hv ovs-ofctl dump-flows br-int | grep table=66 
| grep priority=100 | grep -c actions=mod_dl_dst:${mac}) -eq ${count}])
+OVS_WAIT_UNTIL([test $(as $hv ovs-ofctl dump-flows br-int | grep 
table=OFTABLE_MAC_BINDING | grep priority=100 | grep -c 
actions=mod_dl_dst:${mac}) -eq ${count}])
 }
 
 # Create SB MAC_Binding entry on external gateway port
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 19/29] tests: Add macro for OFTABLE_LOOKUP_FDB table number.

[Ales Musil]

Add macro for OFTABLE_LOOKUP_FDB and replace all table=72
occurrences in OF with table=OFTABLE_LOOKUP_FDB.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 18 +-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index ecb46a80b..a32ced8a0 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -1002,3 +1002,4 @@ m4_define([OFTABLE_CHK_LB_HAIRPIN], [68])
 m4_define([OFTABLE_CHK_LB_HAIRPIN_REPLY], [69])
 m4_define([OFTABLE_CT_SNAT_HAIRPIN], [70])
 m4_define([OFTABLE_GET_FDB], [71])
+m4_define([OFTABLE_LOOKUP_FDB], [72])
diff --git a/tests/ovn.at b/tests/ovn.at
index 82e2b0532..8915cca0c 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -31638,8 +31638,8 @@ AT_CHECK_UNQUOTED([cat hv2_offlows_table71.txt | grep 
-v NXST | cut -d ' ' -f8-
 priority=100,metadata=0x$dp_key,dl_dst=50:54:00:00:00:13 
actions=load:0x$port_key->NXM_NX_REG15[[]]
 ])
 
-as hv1 ovs-ofctl dump-flows br-int table=72 > hv1_offlows_table72.txt
-as hv2 ovs-ofctl dump-flows br-int table=72 > hv2_offlows_table72.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv1_offlows_table72.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv2_offlows_table72.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table72.txt])
 AT_CAPTURE_FILE([hv2_offlows_table72.txt])
@@ -31661,7 +31661,7 @@ wait_for_ports_up sw0-p4
 check ovn-nbctl --wait=hv sync
 
 as hv3 ovs-ofctl dump-flows br-int table=OFTABLE_GET_FDB > 
hv3_offlows_table71.txt
-as hv3 ovs-ofctl dump-flows br-int table=72 > hv3_offlows_table72.txt
+as hv3 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv3_offlows_table72.txt
 
 
 AT_CAPTURE_FILE([hv3_offlows_table71.txt])
@@ -31714,9 +31714,9 @@ 
priority=100,metadata=0x$dp_key,dl_dst=50:54:00:00:00:13 actions=load:0x$port_ke
 priority=100,metadata=0x$dp_key,dl_dst=50:54:00:00:00:14 
actions=load:0x$port_key->NXM_NX_REG15[[]]
 ])
 
-as hv1 ovs-ofctl dump-flows br-int table=72 > hv1_offlows_table72.txt
-as hv2 ovs-ofctl dump-flows br-int table=72 > hv2_offlows_table72.txt
-as hv3 ovs-ofctl dump-flows br-int table=72 > hv3_offlows_table72.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv1_offlows_table72.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv2_offlows_table72.txt
+as hv3 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv3_offlows_table72.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table72.txt])
 AT_CAPTURE_FILE([hv2_offlows_table72.txt])
@@ -31907,8 +31907,8 @@ AT_CHECK([cat hv1_offlows_table71.txt | grep -v NXST], 
[1], [dnl
 AT_CHECK([cat hv2_offlows_table71.txt | grep -v NXST], [1], [dnl
 ])
 
-as hv1 ovs-ofctl dump-flows br-int table=72 > hv1_offlows_table72.txt
-as hv2 ovs-ofctl dump-flows br-int table=72 > hv2_offlows_table72.txt
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv1_offlows_table72.txt
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_LOOKUP_FDB > 
hv2_offlows_table72.txt
 
 AT_CAPTURE_FILE([hv1_offlows_table72.txt])
 AT_CAPTURE_FILE([hv2_offlows_table72.txt])
@@ -37399,7 +37399,7 @@ check_flow_count() {
 hv=$1
 count=$2
 echo "Checking flow count for $hv is $count"
-OVS_WAIT_UNTIL([test $count = $(as $hv ovs-ofctl dump-flows br-int 
table=72 | grep -v "NXST_FLOW reply" | wc -l)])
+OVS_WAIT_UNTIL([test $count = $(as $hv ovs-ofctl dump-flows br-int 
table=OFTABLE_LOOKUP_FDB | grep -v "NXST_FLOW reply" | wc -l)])
 }
 
 # Sending packet in both direction. Should create FDB entries for vifs
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 12/29] tests: Add macro for OFTABLE_LOG_TO_PHY table number.

[Ales Musil]

Add macro for OFTABLE_LOG_TO_PHY and replace all table=65
occurrences in OF with table=OFTABLE_LOG_TO_PHY.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 28 ++--
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 1070630e9..8d00c7729 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -995,3 +995,4 @@ m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
 m4_define([OFTABLE_REMOTE_OUTPUT], [39])
 m4_define([OFTABLE_LOCAL_OUTPUT], [40])
+m4_define([OFTABLE_LOG_TO_PHY], [65])
diff --git a/tests/ovn.at b/tests/ovn.at
index be1b138fe..80ad679f3 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -13140,7 +13140,7 @@ for i in 1 2; do
 done
 done
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=65/ && 
!/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=OFTABLE_LOG_TO_PHY/ 
&& !/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
 10
 11
 ])
@@ -13149,7 +13149,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk 
'/table=65/ && !/actions=drop/
 as hv1
 check ovs-vsctl del-port vif01
 check ovn-nbctl --wait=hv sync
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=65/ && 
!/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=OFTABLE_LOG_TO_PHY/ 
&& !/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
 11
 ])
 
@@ -13157,7 +13157,7 @@ as hv1
 check ovs-vsctl add-port br-int vif01 \
 -- set Interface vif01 external-ids:iface-id=lp01
 check ovn-nbctl --wait=hv sync
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=65/ && 
!/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int |awk '/table=OFTABLE_LOG_TO_PHY/ 
&& !/actions=drop/{print substr($8, 16, length($8))}' |sort -n], [0], [dnl
 2
 11
 ])
@@ -13996,11 +13996,11 @@ AT_CHECK([grep $garp hv2_br_phys_tx | sort], [0], [])
 check ovn-nbctl set Logical_Switch_Port ln_port tag_request=2014
 
 # wait for earlier changes to take effect
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=65 | \
+OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_LOG_TO_PHY | \
 grep "actions=mod_vlan_vid:2014" | wc -l`
 ])
 
-OVS_WAIT_UNTIL([test 1 = `as hv3 ovs-ofctl dump-flows br-int table=65 | \
+OVS_WAIT_UNTIL([test 1 = `as hv3 ovs-ofctl dump-flows br-int 
table=OFTABLE_LOG_TO_PHY | \
 grep "actions=mod_vlan_vid:2014" | wc -l`
 ])
 
@@ -16206,7 +16206,7 @@ wait_row_count Port_Binding 1 logical_port=lsp0 
'chassis=[[]]'
 
 # (2) Chassis hv2 should not add flows in OFTABLE_PHY_TO_LOG and 
OFTABLE_LOG_TO_PHY tables.
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
in_port=1], [1], [])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=65 | grep output], [1], [])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_LOG_TO_PHY | grep 
output], [1], [])
 
 # (3) Chassis hv1 should bind lsp0 when physical to logical mapping exists on 
hv1.
 echo "verifying that hv1 binds lsp0 when hv1 physical/logical mapping is added"
@@ -16219,7 +16219,7 @@ wait_column "$hv1_uuid" Port_Binding chassis 
logical_port=lsp0
 # (4) Chassis hv1 should add flows in OFTABLE_PHY_TO_LOG and 
OFTABLE_LOG_TO_PHY tables.
 as hv1 ovs-ofctl dump-flows br-int
 AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
in_port=1], [0], [ignore])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep 
actions=output:1], [0], [ignore])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOG_TO_PHY | grep 
actions=output:1], [0], [ignore])
 
 # (5) Chassis hv1 should release lsp0 binding and chassis hv2 should bind lsp0 
when
 # the requested chassis for lsp0 is changed from hv1 to hv2.
@@ -16233,10 +16233,10 @@ wait_column "$hv2_uuid" Port_Binding chassis 
logical_port=lsp0
 
 # (6) Chassis hv2 should add flows and hv1 should not.
 AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
in_port=1], [0], [ignore])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=65 | grep 
actions=output:1], [0], [ignore])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_LOG_TO_PHY | grep 
actions=output:1], [0], [ignore])
 
 AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
in_port=1], [1], [])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep output], [1], [])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOG_TO_PHY | grep 
output], [1], [])
 
 OVN_CLEANUP([hv1],[hv2])
 
@@ -16313,14 +16313,14 @@ echo "hv1_uuid=${hv1_uuid}"
 OVS_WAIT_UNTIL([test 1 = $(grep -c "Claiming lport lsp0" 
hv1/ovn-controller.log)])
 wait_column "$hv1_uuid" Port_Binding chassis logical_port=lsp0
 

[ovs-dev] [PATCH ovn v2 10/29] tests: Add macro for OFTABLE_REMOTE_OUTPUT table number.

[Ales Musil]

Add macro for OFTABLE_REMOTE_OUTPUT and replace all table=39
occurrences in OF with table=OFTABLE_REMOTE_OUTPUT.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 40 
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 38e44b62c..3ee425639 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -993,3 +993,4 @@ m4_define([OFTABLE_PHY_TO_LOG], [0])
 m4_define([OFTABLE_LOG_INGRESS_PIPELINE], [8])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
+m4_define([OFTABLE_REMOTE_OUTPUT], [39])
diff --git a/tests/ovn.at b/tests/ovn.at
index 9646f1887..96984048a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -11544,7 +11544,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns 
ofport find Interface name=ov
 hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface 
name=ovn-gw2-0)
 
 OVS_WAIT_UNTIL([
-test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
"active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
+test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT 
| grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
 ])
 
 test_ip_packet()
@@ -11631,7 +11631,7 @@ AT_CHECK(
 ])
 
 OVS_WAIT_UNTIL([
-test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
"active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
+test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT 
| grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
 ])
 
 test_ip_packet gw2 gw1 0
@@ -11810,7 +11810,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns 
ofport find Interface name=ov
 hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface 
name=ovn-gw2-0)
 
 OVS_WAIT_UNTIL([
-test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
"active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
+test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT 
| grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport")
 ])
 
 test_ip_packet()
@@ -11890,7 +11890,7 @@ AT_CHECK([ovn-nbctl --wait=hv \
 ])
 
 OVS_WAIT_UNTIL([
-test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=39 | grep -c 
"active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
+test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT 
| grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport")
 ])
 
 test_ip_packet gw2 gw1
@@ -12060,8 +12060,8 @@ AT_CHECK(
grep table=40 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l
 
# Check that hv1 sends chassisredirect port traffic to hv2
-   grep table=39 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l
-   grep table=39 hv2flows | grep =0x3,metadata=0x1 | wc -l
+   grep table=OFTABLE_REMOTE_OUTPUT hv1flows | grep =0x3,metadata=0x1 | grep 
output | wc -l
+   grep table=OFTABLE_REMOTE_OUTPUT hv2flows | grep =0x3,metadata=0x1 | wc -l
 
# Check that arp reply on distributed gateway port is only programmed on hv2
grep arp hv1flows | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l
@@ -12578,7 +12578,7 @@ as hv1 ovs-appctl ofproto/trace br-int in_port=hv1-vif1 
$packet
 sleep 2
 
 AS_BOX([On hv1, table 40 check that no packet goes via the tunnel port])
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 \
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_REMOTE_OUTPUT \
 | grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0
 ]])
 
@@ -13542,20 +13542,20 @@ echo $hv2_gw1_ofport
 echo $hv2_gw2_ofport
 
 echo "--- hv1 ---"
-as hv1 ovs-ofctl dump-flows br-int table=39
+as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT
 
 echo "--- hv2 ---"
-as hv2 ovs-ofctl dump-flows br-int table=39
+as hv2 ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_OUTPUT
 
 gw1_chassis=$(fetch_column Chassis _uuid name=gw1)
 gw2_chassis=$(fetch_column Chassis _uuid name=gw2)
 
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_REMOTE_OUTPUT | \
 grep active_backup | grep members:$hv1_gw1_ofport,$hv1_gw2_ofport \
 | wc -l], [0], [1
 ])
 
-OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int table=39 | \
+OVS_WAIT_FOR_OUTPUT([as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_REMOTE_OUTPUT | \
 grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \
 | wc -l], [0], [1
 ])
@@ -13598,12 +13598,12 @@ wait_for_ports_up
 check ovn-nbctl --wait=hv sync
 
 # we make sure that the hypervisors noticed, and inverted the slave ports
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=39 | \
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_REMOTE_OUTPUT | \
 grep active_backup | grep 

[ovs-dev] [PATCH ovn v2 11/29] tests: Add macro for OFTABLE_LOCAL_OUTPUT table number.

[Ales Musil]

Add macro for OFTABLE_LOCAL_OUTPUT and replace all table=40
occurrences in OF with table=OFTABLE_LOCAL_OUTPUT.

Signed-off-by: Ales Musil 
---
 tests/ovn-controller.at |  6 +++---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 24 
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 33c66e21e..f77e032d4 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -874,7 +874,7 @@ meta=$(ovn-sbctl get datapath ls1 tunnel_key)
 port=$(ovn-sbctl get port_binding ls1-rp tunnel_key)
 check ovn-nbctl lrp-add lr0 rp-ls1 00:00:01:01:02:03 192.168.1.254/24
 
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep table=40 | grep -q 
"reg15=0x${port},metadata=0x${meta}"])
+OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep 
table=OFTABLE_LOCAL_OUTPUT | grep -q "reg15=0x${port},metadata=0x${meta}"])
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
@@ -2698,7 +2698,7 @@ done
 wait_for_ports_up
 ovn-nbctl --wait=hv sync
 
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 | grep 
reg15=0x8000,metadata=0x1 | grep -c "controller(userdata=00.00.00.1b"], [0],[dnl
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT | grep reg15=0x8000,metadata=0x1 | grep -c 
"controller(userdata=00.00.00.1b"], [0],[dnl
 3
 ])
 
@@ -2707,7 +2707,7 @@ for i in $(seq 1 280); do
 done
 ovn-nbctl --wait=hv sync
 
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=40 | grep -q controller], 
[1])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_LOCAL_OUTPUT | grep 
-q controller], [1])
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 3ee425639..1070630e9 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -994,3 +994,4 @@ m4_define([OFTABLE_LOG_INGRESS_PIPELINE], [8])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
 m4_define([OFTABLE_REMOTE_OUTPUT], [39])
+m4_define([OFTABLE_LOCAL_OUTPUT], [40])
diff --git a/tests/ovn.at b/tests/ovn.at
index 96984048a..be1b138fe 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -12056,8 +12056,8 @@ AT_CAPTURE_FILE([hv2flows])
 
 AT_CHECK(
   [# Check that redirect mapping is programmed only on hv2
-   grep table=40 hv1flows | grep =0x3,metadata=0x1 | wc -l
-   grep table=40 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l
+   grep table=OFTABLE_LOCAL_OUTPUT hv1flows | grep =0x3,metadata=0x1 | wc -l
+   grep table=OFTABLE_LOCAL_OUTPUT hv2flows | grep =0x3,metadata=0x1 | grep 
load:0x2- | wc -l
 
# Check that hv1 sends chassisredirect port traffic to hv2
grep table=OFTABLE_REMOTE_OUTPUT hv1flows | grep =0x3,metadata=0x1 | grep 
output | wc -l
@@ -28817,22 +28817,22 @@ AT_CHECK([test ! -z $p1_zoneid])
 p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p2 | 
sed 's/"//g')
 AT_CHECK([test ! -z $p2_zoneid])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw0_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw0_dpkey},\
 reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw0_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw0_dpkey},\
 reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) -eq 1])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw1_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw1_dpkey},\
 reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 1])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw1_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw1_dpkey},\
 reg15=0x${p2_dpkey} | grep "load:0x${p2_zoneid}->NXM_NX_REG13" | wc -l) -eq 1])
 
 ovs-vsctl set interface hv1-vif1 external_ids:iface-id=foo
 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xdown])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw0_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw0_dpkey},\
 reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0])
 
 p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | 
sed 's/"//g')
@@ -28844,16 +28844,16 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) 
= xup])
 p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | 
sed 's/"//g')
 AT_CHECK([test ! -z $p1_zoneid])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw0_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 
table=OFTABLE_LOCAL_OUTPUT,metadata=${sw0_dpkey},\
 reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1])
 
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=40,metadata=${sw0_dpkey},\
+AT_CHECK([test $(ovs-ofctl dump-flows br-int 

[ovs-dev] [PATCH ovn v2 08/29] tests: Add macro for OFTABLE_OUTPUT_LARGE_PKT_DETECT table number.

[Ales Musil]

Add macro for OFTABLE_OUTPUT_LARGE_PKT_DETECT and replace all table=37
occurrences in OF with table=OFTABLE_OUTPUT_LARGE_PKT_DETECT.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at |  1 +
 tests/ovn.at| 14 +++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index bf0b68291..7736eeb51 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -991,3 +991,4 @@ m4_define([TAG_UNSTABLE], [
 
 m4_define([OFTABLE_PHY_TO_LOG], [0])
 m4_define([OFTABLE_LOG_INGRESS_PIPELINE], [8])
+m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
diff --git a/tests/ovn.at b/tests/ovn.at
index 2846d7c74..935ef8246 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -9719,18 +9719,18 @@ as hv1
 AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 
external_ids:iface-id=localvif1])
 
 # On hv1, check that there are no flows outputting bcast to tunnel
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
grep output | wc -l` -eq 0])
+OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int 
table=OFTABLE_OUTPUT_LARGE_PKT_DETECT | ofctl_strip | grep output | wc -l` -eq 
0])
 
 # On hv2, check that no flow outputs bcast to tunnel to hv1.
 as hv2
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
grep output | wc -l` -eq 0])
+OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int 
table=OFTABLE_OUTPUT_LARGE_PKT_DETECT | ofctl_strip | grep output | wc -l` -eq 
0])
 
 # Now bind vif2 on hv2.
 AT_CHECK([ovs-vsctl add-port br-int localvif2 -- set Interface localvif2 
external_ids:iface-id=localvif2])
 
 # At this point, the broadcast flow on vif2 should be deleted.
-# because, there is now a localnet vif bound (table=37 programming logic)
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=37 | ofctl_strip | 
grep output | wc -l` -eq 0])
+# because, there is now a localnet vif bound 
(table=OFTABLE_OUTPUT_LARGE_PKT_DETECT programming logic)
+OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int 
table=OFTABLE_OUTPUT_LARGE_PKT_DETECT | ofctl_strip | grep output | wc -l` -eq 
0])
 
 # Verify that the local net patch port exists on hv2.
 OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | 
wc -l` -eq 1])
@@ -21078,7 +21078,7 @@ check ovn-nbctl set logical_router_policy $policy 
options:pkt_mark=100
 check ovn-nbctl --wait=hv sync
 as hv2
 # add a flow in egress pipeline to check pkt marking
-ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
"table=37,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64 actions=resubmit(,38)"
+ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
"table=OFTABLE_OUTPUT_LARGE_PKT_DETECT,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64
 actions=resubmit(,38)"
 
 dst_ip=$(ip_to_hex 172 16 2 10)
 fip_ip=$(ip_to_hex 172 16 1 2)
@@ -21090,7 +21090,7 @@ echo $(get_arp_req f0010204 $fip_ip $gw_router_ip) 
>> expected
 send_arp_reply 2 1 $gw_router_mac f0010204 $gw_router_ip $fip_ip
 echo 
"${gw_router_mac}f00102040800451c4000fe0121b4${fip_ip}${dst_ip}${data}"
 >> expected
 
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=37 | grep 
pkt_mark=0x64 | grep -c n_packets=1`])
+OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int 
table=OFTABLE_OUTPUT_LARGE_PKT_DETECT | grep pkt_mark=0x64 | grep -c 
n_packets=1`])
 
 OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
 
@@ -21851,7 +21851,7 @@ check_virtual_offlows_present() {
 
 AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | 
ofctl_strip_all | \
 grep "priority=92" | grep 172.168.0.50], [0], [dnl
- table=11, 
priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
 
actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x10540010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,37)
+ table=11, 
priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
 
actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x10540010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,OFTABLE_OUTPUT_LARGE_PKT_DETECT)
 ])
 }
 
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 06/29] tests: Add macro for OFTABLE_PHY_TO_LOG table number.

[Ales Musil]

Add macro for OFTABLE_PHY_TO_LOG and replace all table=0
occurrences in OF with table=OFTABLE_PHY_TO_LOG.

Signed-off-by: Ales Musil 
---
 tests/ovn-controller-vtep.at | 10 ++---
 tests/ovn-controller.at  |  6 +--
 tests/ovn-macros.at  |  2 +
 tests/ovn.at | 72 ++--
 4 files changed, 46 insertions(+), 44 deletions(-)

diff --git a/tests/ovn-controller-vtep.at b/tests/ovn-controller-vtep.at
index 50f31b22f..083bbdbc5 100644
--- a/tests/ovn-controller-vtep.at
+++ b/tests/ovn-controller-vtep.at
@@ -593,11 +593,11 @@ OVN_NB_ADD_VTEP_PORT([lsw0], [lsp-vtep], [vtep1], 
[lswitch0])
 wait_row_count Port_Binding 1 logical_port=lsp-vtep chassis='[[]]'
 
 # add vlan binding, ensure port_binding has chassis and OF on hv is installed
-OVS_WAIT_WHILE([ovs-ofctl dump-flows br-int table=0 | grep 'priority=110'])
+OVS_WAIT_WHILE([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110'])
 check as vtep1 vtep-ctl add-ls lswitch0 -- bind-ls vtep1 p0 100 lswitch0
 wait_row_count Port_Binding 1 logical_port=lsp-vtep chassis!='[[]]'
-OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=0 | grep 'priority=110'])
-AT_CHECK([ovs-ofctl dump-flows br-int table=0 | grep 'priority=110' | \
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110'])
+AT_CHECK([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110' | \
   awk '{print $(NF-1), $NF}' | sed -e 
's/in_port=[[0-9]]\+/in_port=<>/g' | \
   sed -e 's/0x[[0-9a-f]]\+/0x<>/g'], [0], [dnl
 priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,8)
@@ -621,8 +621,8 @@ check as vtep1 vtep-ctl add-ls lswitch0 -- bind-ls vtep1 p0 
100 lswitch0
 OVN_NB_ADD_VTEP_PORT([lsw0], [lsp-vtep], [vtep1], [lswitch0])
 wait_row_count Port_Binding 1 logical_port=lsp-vtep chassis!='[[]]'
 
-OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=0 | grep 'priority=110'])
-AT_CHECK([ovs-ofctl dump-flows br-int table=0 | grep 'priority=110' | \
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110'])
+AT_CHECK([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110' | \
   awk '{print $(NF-1), $NF}' | sed -e 
's/in_port=[[0-9]]\+/in_port=<>/g' | \
   sed -e 's/0x[[0-9a-f]]\+/0x<>/g'], [0], [dnl
 priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,8)
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index b3d536471..33c66e21e 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -2649,7 +2649,7 @@ check ovn-nbctl lsp-set-addresses sw0-p1 
"50:54:00:00:00:03 10.0.0.3 1000::3"
 wait_for_ports_up
 ovn-nbctl --wait=hv sync
 
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=0 | grep -c 
in_port=1], [0],[dnl
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_PHY_TO_LOG | grep -c in_port=1], [0],[dnl
 1
 ])
 
@@ -2657,10 +2657,10 @@ OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=0 | grep -c in_por
 check as hv1 ovs-vsctl set Interface hv1-vif1 ofport-request=24
 OVS_WAIT_UNTIL([test x`as hv1 ovs-vsctl get Interface hv1-vif1 ofport` = x24])
 
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=0 | grep -c 
in_port=24], [0],[dnl
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_PHY_TO_LOG | grep -c in_port=24], [0],[dnl
 1
 ])
-OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=0 | grep -c 
in_port=1], [1],[dnl
+OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int 
table=OFTABLE_PHY_TO_LOG | grep -c in_port=1], [1],[dnl
 0
 ])
 
diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 0ca8c24da..1e586c639 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -988,3 +988,5 @@ m4_define([TAG_UNSTABLE], [
 AT_KEYWORDS([unstable])
 AT_SKIP_IF([test X"$SKIP_UNSTABLE" = Xyes])
 ])
+
+m4_define([OFTABLE_PHY_TO_LOG], [0])
diff --git a/tests/ovn.at b/tests/ovn.at
index c3ad513bb..46e711650 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -9557,7 +9557,7 @@ for i in `seq 1 3`; do
 -- lsp-set-addresses bar$i "f0:00:0a:01:02:$i 172.16.1.$ip"
 done
 
-OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=0 | grep REG13 | wc 
-l` -eq 4])
+OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | 
grep REG13 | wc -l` -eq 4])
 
 OVN_CLEANUP([hv1])
 
@@ -16205,7 +16205,7 @@ OVS_WAIT_UNTIL([test 1 = $(grep -c "Not claiming lport 
lsp0" hv2/ovn-controller.
 wait_row_count Port_Binding 1 logical_port=lsp0 'chassis=[[]]'
 
 # (2) Chassis hv2 should not add flows in OFTABLE_PHY_TO_LOG and 
OFTABLE_LOG_TO_PHY tables.
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=0 | grep in_port=1], [1], 
[])
+AT_CHECK([as hv2 

[ovs-dev] [PATCH ovn v2 09/29] tests: Add macro for OFTABLE_OUTPUT_LARGE_PKT_PROCESS table number.

[Ales Musil]

Add macro for OFTABLE_OUTPUT_LARGE_PKT_PROCESS and replace all table=38
occurrences in OF with table=OFTABLE_OUTPUT_LARGE_PKT_PROCESS.

Signed-off-by: Ales Musil 
---
 tests/ovn-macros.at | 1 +
 tests/ovn.at| 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 7736eeb51..38e44b62c 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -992,3 +992,4 @@ m4_define([TAG_UNSTABLE], [
 m4_define([OFTABLE_PHY_TO_LOG], [0])
 m4_define([OFTABLE_LOG_INGRESS_PIPELINE], [8])
 m4_define([OFTABLE_OUTPUT_LARGE_PKT_DETECT], [37])
+m4_define([OFTABLE_OUTPUT_LARGE_PKT_PROCESS], [38])
diff --git a/tests/ovn.at b/tests/ovn.at
index 935ef8246..9646f1887 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -21078,7 +21078,7 @@ check ovn-nbctl set logical_router_policy $policy 
options:pkt_mark=100
 check ovn-nbctl --wait=hv sync
 as hv2
 # add a flow in egress pipeline to check pkt marking
-ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
"table=OFTABLE_OUTPUT_LARGE_PKT_DETECT,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64
 actions=resubmit(,38)"
+ovs-ofctl --protocols=OpenFlow13 add-flow br-int 
"table=OFTABLE_OUTPUT_LARGE_PKT_DETECT,priority=200,ip,nw_src=172.16.1.2,pkt_mark=0x64
 actions=resubmit(,OFTABLE_OUTPUT_LARGE_PKT_PROCESS)"
 
 dst_ip=$(ip_to_hex 172 16 2 10)
 fip_ip=$(ip_to_hex 172 16 1 2)
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 07/29] tests: Add macro for OFTABLE_LOG_INGRESS_PIPELINE table number.

[Ales Musil]

Add macro for OFTABLE_LOG_INGRESS_PIPELINE and replace all table=8
occurrences in OF with table=OFTABLE_LOG_INGRESS_PIPELINE.

Signed-off-by: Ales Musil 
---
 tests/ovn-controller-vtep.at | 4 ++--
 tests/ovn-macros.at  | 1 +
 tests/ovn.at | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/ovn-controller-vtep.at b/tests/ovn-controller-vtep.at
index 083bbdbc5..462e858f1 100644
--- a/tests/ovn-controller-vtep.at
+++ b/tests/ovn-controller-vtep.at
@@ -600,7 +600,7 @@ OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int 
table=OFTABLE_PHY_TO_LOG | grep 'pri
 AT_CHECK([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110' | \
   awk '{print $(NF-1), $NF}' | sed -e 
's/in_port=[[0-9]]\+/in_port=<>/g' | \
   sed -e 's/0x[[0-9a-f]]\+/0x<>/g'], [0], [dnl
-priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,8)
+priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
 ])
 
 # cleanup
@@ -625,7 +625,7 @@ OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int 
table=OFTABLE_PHY_TO_LOG | grep 'pri
 AT_CHECK([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep 
'priority=110' | \
   awk '{print $(NF-1), $NF}' | sed -e 
's/in_port=[[0-9]]\+/in_port=<>/g' | \
   sed -e 's/0x[[0-9a-f]]\+/0x<>/g'], [0], [dnl
-priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,8)
+priority=110,tun_id=0x<>,in_port=<> 
actions=move:NXM_NX_TUN_ID[[0..23]]->OXM_OF_METADATA[[0..23]],load:0x<>->NXM_NX_REG14[[0..14]],load:0x<>->NXM_NX_REG10[[1]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
 ])
 
 OVN_CLEANUP([hv1])
diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
index 1e586c639..bf0b68291 100644
--- a/tests/ovn-macros.at
+++ b/tests/ovn-macros.at
@@ -990,3 +990,4 @@ m4_define([TAG_UNSTABLE], [
 ])
 
 m4_define([OFTABLE_PHY_TO_LOG], [0])
+m4_define([OFTABLE_LOG_INGRESS_PIPELINE], [8])
diff --git a/tests/ovn.at b/tests/ovn.at
index 46e711650..2846d7c74 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -28013,7 +28013,7 @@ ovn_attach n1 br-phys 192.168.0.1
 
 # Chassis hv1 should add flows for the ls1 datapath in table 8 
(ls_in_port_sec_l2).
 dp_key=$(ovn-sbctl --bare --columns tunnel_key list Datapath_Binding ls1)
-OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep -E 
"table=8.*metadata=0x${dp_key}"])
+OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep -E 
"table=OFTABLE_LOG_INGRESS_PIPELINE.*metadata=0x${dp_key}"])
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 04/29] tests: Use ovn_strip_lflows for cases without sort.

[Ales Musil]

Replace all usage of "sed 's/table=./table=?/'" or
"sed 's/table=../table=??/' with ovn_strip_lflows.
Adjust all table=? to table=?? and re-sort the expected flows.

Signed-off-by: Ales Musil 
---
 tests/ovn-northd.at | 201 ++--
 tests/ovn.at|  24 +++---
 2 files changed, 112 insertions(+), 113 deletions(-)

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index a63d02f74..9051c2804 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -6513,7 +6513,7 @@ AT_CHECK([grep -e "lr_in_defrag" lr0flows | 
ovn_strip_lflows], [0], [dnl
 
 dnl The chassis was created with other_config:ct-no-masked-label=false, the 
flows
 dnl should be using ct_label.ecmp_reply_port.
-AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], 
[dnl
   table=??(lr_in_arp_resolve  ), priority=200  , match=(ct.rpl && 
ct_label.ecmp_reply_port == 1), action=(push(xxreg1); xxreg1 = ct_label; 
eth.dst = xxreg1[[32..79]]; pop(xxreg1); next;)
 ])
 
@@ -6523,7 +6523,7 @@ dnl ct-no-masked-label.  ovn-northd should start using 
ct_mark.ecmp_reply_port.
 check ovn-sbctl set chassis ch1 other_config:ct-no-masked-label=true
 check ovn-nbctl --wait=sb sync
 ovn-sbctl dump-flows lr0 > lr0flows
-AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], 
[dnl
   table=??(lr_in_arp_resolve  ), priority=200  , match=(ct.rpl && 
ct_mark.ecmp_reply_port == 1), action=(push(xxreg1); xxreg1 = ct_label; eth.dst 
= xxreg1[[32..79]]; pop(xxreg1); next;)
 ])
 
@@ -6867,7 +6867,7 @@ check ovn-nbctl --wait=sb sync
 ovn-sbctl dump-flows lr0 > lr0flows
 AT_CAPTURE_FILE([lr0flows])
 
-AT_CHECK([grep -e "lr_in_ip_routing_pre.*match=(1)" lr0flows | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_ip_routing_pre.*match=(1)" lr0flows | 
ovn_strip_lflows], [0], [dnl
   table=??(lr_in_ip_routing_pre), priority=0, match=(1), action=(reg7 = 0; 
next;)
 ])
 
@@ -7245,27 +7245,27 @@ ovn-sbctl dump-flows lr > lrflows
 AT_CAPTURE_FILE([lrflows])
 
 dnl Flows to skip TTL == {0, 1} check for IGMP and MLD packets.
-AT_CHECK([grep -e 'lr_in_ip_input' lrflows | grep -e 'igmp' -e 'mld' -e 
'ip.ttl == {0, 1}' | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e 'lr_in_ip_input' lrflows | grep -e 'igmp' -e 'mld' -e 
'ip.ttl == {0, 1}' | ovn_strip_lflows], [0], [dnl
   table=??(lr_in_ip_input ), priority=120  , match=((mldv1 || mldv2) && 
ip.ttl == 1), action=(next;)
   table=??(lr_in_ip_input ), priority=120  , match=(igmp && ip.ttl == 1), 
action=(next;)
-  table=??(lr_in_ip_input ), priority=32   , match=(ip.ttl == {0, 1} && 
!ip.later_frag && (ip4.mcast || ip6.mcast)), action=(drop;)
+  table=??(lr_in_ip_input ), priority=30   , match=(ip.ttl == {0, 1}), 
action=(drop;)
   table=??(lr_in_ip_input ), priority=31   , match=(inport == "lrp1" && 
ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; 
icmp4.type = 11; /* Time exceeded */ icmp4.code = 0; /* TTL exceeded in transit 
*/ ip4.dst = ip4.src; ip4.src = 10.10.10.1 ; ip.ttl = 254; outport = "lrp1"; 
flags.loopback = 1; output; };)
   table=??(lr_in_ip_input ), priority=31   , match=(inport == "lrp1" && 
ip6 && ip6.src == 1010::/64 && ip.ttl == {0, 1} && !ip.later_frag), 
action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src; ip6.src = 1010::1 ; 
ip.ttl = 254; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL 
exceeded in transit */ outport = "lrp1"; flags.loopback = 1; output; };)
   table=??(lr_in_ip_input ), priority=31   , match=(inport == "lrp2" && 
ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; 
icmp4.type = 11; /* Time exceeded */ icmp4.code = 0; /* TTL exceeded in transit 
*/ ip4.dst = ip4.src; ip4.src = 20.20.20.1 ; ip.ttl = 254; outport = "lrp2"; 
flags.loopback = 1; output; };)
   table=??(lr_in_ip_input ), priority=31   , match=(inport == "lrp2" && 
ip6 && ip6.src == 2020::/64 && ip.ttl == {0, 1} && !ip.later_frag), 
action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src; ip6.src = 2020::1 ; 
ip.ttl = 254; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL 
exceeded in transit */ outport = "lrp2"; flags.loopback = 1; output; };)
-  table=??(lr_in_ip_input ), priority=30   , match=(ip.ttl == {0, 1}), 
action=(drop;)
+  table=??(lr_in_ip_input ), priority=32   , match=(ip.ttl == {0, 1} && 
!ip.later_frag && (ip4.mcast || ip6.mcast)), action=(drop;)
 ])
 
 dnl Flows to "route" (statically forward) without decrementing TTL for
 dnl IGMP and MLD packets.  Also, flows to drop potentially looping IGMP/MLD
 dnl packets.
-AT_CHECK([grep -e 'lr_in_ip_routing   ' lrflows | grep -e 'igmp' -e 'mld' | 
sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e 'lr_in_ip_routing   ' lrflows | 

[ovs-dev] [PATCH ovn v2 03/29] tests: Use ovn_strip_lflows for cases with sort before sed.

[Ales Musil]

Replace all usage of "sort | sed 's/table=./table=?/'" or
'sort | sed 's/table=../table=??/' with ovn_strip_lflows.
Adjust all table=? to table=?? and re-sort the expected flows.

Signed-off-by: Ales Musil 
---
 tests/ovn-northd.at | 260 ++--
 tests/ovn.at|   4 +-
 2 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 3639716bd..a63d02f74 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -3169,19 +3169,19 @@ check ovn-nbctl \
 -- ls-lb-add sw0 lb0
 check ovn-nbctl --wait=sb sync
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_pre_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_pre_hairpin  ), priority=100  , match=(ip && ct.trk), 
action=(reg0[[6]] = chk_lb_hairpin(); reg0[[12]] = chk_lb_hairpin_reply(); 
next;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_nat_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_nat_hairpin  ), priority=100  , match=(ip && ct.est && ct.trk 
&& reg0[[6]] == 1), action=(ct_snat;)
   table=??(ls_in_nat_hairpin  ), priority=100  , match=(ip && ct.new && ct.trk 
&& reg0[[6]] == 1), action=(ct_snat_to_vip; next;)
   table=??(ls_in_nat_hairpin  ), priority=90   , match=(ip && reg0[[12]] == 
1), action=(ct_snat;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | sort | sed 
's/table=../table=??/g'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | ovn_strip_lflows], 
[0], [dnl
   table=??(ls_in_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_hairpin  ), priority=1, match=((reg0[[6]] == 1 || 
reg0[[12]] == 1)), action=(eth.dst <-> eth.src; outport = inport; 
flags.loopback = 1; output;)
 ])
@@ -3189,34 +3189,34 @@ AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin 
| sort | sed 's/table=..
 check ovn-nbctl -- ls-lb-del sw0 lb0
 check ovn-nbctl --wait=sb sync
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_pre_hairpin  ), priority=0, match=(1), action=(next;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_nat_hairpin  ), priority=0, match=(1), action=(next;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | sort | sed 
's/table=../table=??/g'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | ovn_strip_lflows], 
[0], [dnl
   table=??(ls_in_hairpin  ), priority=0, match=(1), action=(next;)
 ])
 
 check ovn-nbctl -- add load_balancer_group $lbg load_balancer $lb0
 check ovn-nbctl --wait=sb sync
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_pre_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_pre_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_pre_hairpin  ), priority=100  , match=(ip && ct.trk), 
action=(reg0[[6]] = chk_lb_hairpin(); reg0[[12]] = chk_lb_hairpin_reply(); 
next;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | sort | sed 
's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_nat_hairpin | 
ovn_strip_lflows], [0], [dnl
   table=??(ls_in_nat_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_nat_hairpin  ), priority=100  , match=(ip && ct.est && ct.trk 
&& reg0[[6]] == 1), action=(ct_snat;)
   table=??(ls_in_nat_hairpin  ), priority=100  , match=(ip && ct.new && ct.trk 
&& reg0[[6]] == 1), action=(ct_snat_to_vip; next;)
   table=??(ls_in_nat_hairpin  ), priority=90   , match=(ip && reg0[[12]] == 
1), action=(ct_snat;)
 ])
 
-AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | sort | sed 
's/table=../table=??/g'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw0 | grep ls_in_hairpin | ovn_strip_lflows], 
[0], [dnl
   table=??(ls_in_hairpin  ), priority=0, match=(1), action=(next;)
   table=??(ls_in_hairpin  ), priority=1, match=((reg0[[6]] == 1 || 
reg0[[12]] == 1)), action=(eth.dst <-> eth.src; outport = inport; 
flags.loopback = 1; output;)
 ])
@@ -4446,31 +4446,31 @@ check_stateful_flows() {
 ovn-sbctl dump-flows sw0 > sw0flows
 AT_CAPTURE_FILE([sw0flows])
 
-AT_CHECK([grep "ls_in_pre_lb" sw0flows | sort | sed 's/table=./table=?/'], 

[ovs-dev] [PATCH ovn v2 02/29] tests: Use ovn_strip_lflows instead of single ? for the replace.

[Ales Musil]

Replace all usage of "sed 's/table=./table=?/' | sort"
with ovn_strip_lflows and adjust all table=? to be table=??.

Signed-off-by: Ales Musil 
---
 tests/ovn-northd.at | 564 ++--
 1 file changed, 281 insertions(+), 283 deletions(-)

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 8058b3a54..3639716bd 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -4132,22 +4132,22 @@ AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
   table=7 (lr_in_dnat ), priority=70   , match=(ct.rel && !ct.est && 
!ct.new && ct_mark.skip_snat == 1), action=(flags.skip_snat_for_lb = 1; 
ct_commit_nat;)
 ])
 
-AT_CHECK([grep "lr_out_snat" lr0flows | sed 's/table=./table=?/' | sort], [0], 
[dnl
-  table=? (lr_out_snat), priority=0, match=(1), action=(next;)
-  table=? (lr_out_snat), priority=100  , 
match=(flags.force_snat_for_lb == 1 && ip4), action=(ct_snat(20.0.0.4);)
-  table=? (lr_out_snat), priority=100  , 
match=(flags.force_snat_for_lb == 1 && ip6), action=(ct_snat(aef0::4);)
-  table=? (lr_out_snat), priority=120  , match=(nd_ns), action=(next;)
+AT_CHECK([grep "lr_out_snat" lr0flows | ovn_strip_lflows], [0], [dnl
+  table=??(lr_out_snat), priority=0, match=(1), action=(next;)
+  table=??(lr_out_snat), priority=100  , 
match=(flags.force_snat_for_lb == 1 && ip4), action=(ct_snat(20.0.0.4);)
+  table=??(lr_out_snat), priority=100  , 
match=(flags.force_snat_for_lb == 1 && ip6), action=(ct_snat(aef0::4);)
+  table=??(lr_out_snat), priority=120  , match=(nd_ns), action=(next;)
 ])
 
-AT_CHECK([grep "lr_out_undnat" lr0flows | sed 's/table=./table=?/' | sort], 
[0], [dnl
-  table=? (lr_out_undnat  ), priority=0, match=(1), action=(next;)
-  table=? (lr_out_undnat  ), priority=100  , match=(nd || nd_rs || nd_ra), 
action=(next;)
-  table=? (lr_out_undnat  ), priority=50   , match=(ip), 
action=(flags.loopback = 1; ct_dnat;)
+AT_CHECK([grep "lr_out_undnat" lr0flows | ovn_strip_lflows], [0], [dnl
+  table=??(lr_out_undnat  ), priority=0, match=(1), action=(next;)
+  table=??(lr_out_undnat  ), priority=100  , match=(nd || nd_rs || nd_ra), 
action=(next;)
+  table=??(lr_out_undnat  ), priority=50   , match=(ip), 
action=(flags.loopback = 1; ct_dnat;)
 ])
 
-AT_CHECK([grep "lr_out_post_undnat" lr0flows | sed 's/table=./table=?/' | 
sort], [0], [dnl
-  table=? (lr_out_post_undnat ), priority=0, match=(1), action=(next;)
-  table=? (lr_out_post_undnat ), priority=50   , match=(ip && ct.new), 
action=(ct_commit { } ; next; )
+AT_CHECK([grep "lr_out_post_undnat" lr0flows | ovn_strip_lflows], [0], [dnl
+  table=??(lr_out_post_undnat ), priority=0, match=(1), action=(next;)
+  table=??(lr_out_post_undnat ), priority=50   , match=(ip && ct.new), 
action=(ct_commit { } ; next; )
 ])
 
 check ovn-nbctl --wait=sb set logical_router lr0 
options:lb_force_snat_ip="router_ip"
@@ -4183,23 +4183,23 @@ AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
   table=7 (lr_in_dnat ), priority=70   , match=(ct.rel && !ct.est && 
!ct.new && ct_mark.skip_snat == 1), action=(flags.skip_snat_for_lb = 1; 
ct_commit_nat;)
 ])
 
-AT_CHECK([grep "lr_out_snat" lr0flows | sed 's/table=./table=?/' | sort], [0], 
[dnl
-  table=? (lr_out_snat), priority=0, match=(1), action=(next;)
-  table=? (lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-public"), 
action=(ct_snat(172.168.0.100);)
-  table=? (lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-sw0"), 
action=(ct_snat(10.0.0.1);)
-  table=? (lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-sw1"), 
action=(ct_snat(20.0.0.1);)
-  table=? (lr_out_snat), priority=120  , match=(nd_ns), action=(next;)
+AT_CHECK([grep "lr_out_snat" lr0flows | ovn_strip_lflows], [0], [dnl
+  table=??(lr_out_snat), priority=0, match=(1), action=(next;)
+  table=??(lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-public"), 
action=(ct_snat(172.168.0.100);)
+  table=??(lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-sw0"), 
action=(ct_snat(10.0.0.1);)
+  table=??(lr_out_snat), priority=110  , 
match=(flags.force_snat_for_lb == 1 && ip4 && outport == "lr0-sw1"), 
action=(ct_snat(20.0.0.1);)
+  table=??(lr_out_snat), priority=120  , match=(nd_ns), action=(next;)
 ])
 
-AT_CHECK([grep "lr_out_undnat" lr0flows | sed 's/table=./table=?/' | sort], 
[0], [dnl
-  table=? (lr_out_undnat  ), priority=0, match=(1), action=(next;)
-  table=? (lr_out_undnat  ), priority=100  , match=(nd || nd_rs || nd_ra), 
action=(next;)
-  table=? (lr_out_undnat  ), priority=50   , match=(ip), 
action=(flags.loopback = 1; ct_dnat;)
+AT_CHECK([grep 

[ovs-dev] [PATCH ovn v2 00/29] Remove most of the hardcoded table numbers

[Ales Musil]

A lot of tests were relying on exact table numbers for
flow comparison either logical or OpenFlows.

To solve this problem logical flows will have stripped table
maening that the table= will become table=??. This makes it
future proof for any logical table shifts and there is no need to deal
with number changes when the pipleine shifts for example.

For OpenFlows the solution is to use macros and replace table=
with the macro e.g. table=OFTABLE_PHY_TO_LOG. This means that if there is
table shift we just have to adjust those macros instead of "random" tests.

In order to take care of table references into OpenFlow through logical
flow stage, new binary is added called ovn-debug. The new binary provides
command that will translate stage name into OpenFlow table number.

Simple grep for table= before and after shows the benefit.

Before:
grep -E "table=[0-9]+" tests/*.at | wc -l
1651

After:
grep -E "table=[0-9]+" tests/*.at | wc -l
65

The same applies to resubmits to known tables:

Before:
grep -E "resubmit\(,[0-9]+\)" tests/*.at | wc -l
168

After:
grep -E "resubmit\(,[0-9]+\)" tests/*.at | wc -l
64

Only test that is still hardcoded is "action parsing", because
it compares the direct output from the test binary.
---
v2: Rebase on top of main and adjust tests that have been updated.
Add the new tool to get replace another hardcoded batch.

Ales Musil (29):
  tests: Add macro to strip table numbers from lflows.
  tests: Use ovn_strip_lflows instead of single ? for the replace.
  tests: Use ovn_strip_lflows for cases with sort before sed.
  tests: Use ovn_strip_lflows for cases without sort.
  tests: Use ovn_strip_lflows for the rest of lflows.
  tests: Add macro for OFTABLE_PHY_TO_LOG table number.
  tests: Add macro for OFTABLE_LOG_INGRESS_PIPELINE table number.
  tests: Add macro for OFTABLE_OUTPUT_LARGE_PKT_DETECT table number.
  tests: Add macro for OFTABLE_OUTPUT_LARGE_PKT_PROCESS table number.
  tests: Add macro for OFTABLE_REMOTE_OUTPUT table number.
  tests: Add macro for OFTABLE_LOCAL_OUTPUT table number.
  tests: Add macro for OFTABLE_LOG_TO_PHY table number.
  tests: Add macro for OFTABLE_MAC_BINDING table number.
  tests: Add macro for OFTABLE_MAC_LOOKUP table number.
  tests: Add macro for OFTABLE_CHK_LB_HAIRPIN table number.
  tests: Add macro for OFTABLE_CHK_LB_HAIRPIN_REPLY table number.
  tests: Add macro for OFTABLE_CT_SNAT_HAIRPIN table number.
  tests: Add macro for OFTABLE_GET_FDB table number.
  tests: Add macro for OFTABLE_LOOKUP_FDB table number.
  tests: Add macro for OFTABLE_CHK_IN_PORT_SEC table number.
  tests: Add macro for OFTABLE_CHK_IN_PORT_SEC_ND table number.
  tests: Add macro for OFTABLE_CHK_OUT_PORT_SEC table number.
  tests: Add macro for OFTABLE_ECMP_NH_MAC table number.
  tests: Add macro for OFTABLE_ECMP_NH table number.
  tests: Add macro for OFTABLE_CHK_LB_AFFINITY table number.
  tests: Add macro for OFTABLE_MAC_CACHE_USE table number.
  checkpatch: Add rule to check for hardcoded table numbers.
  utilities: Add ovn-debug binary tool.
  tests: Use the ovn-debug binary to determine table numbers.

 NEWS |5 +
 README.rst   |1 +
 debian/ovn-common.install|1 +
 debian/ovn-common.manpages   |1 +
 rhel/ovn-fedora.spec.in  |2 +
 tests/ovn-controller-vtep.at |   14 +-
 tests/ovn-controller.at  |  354 ++--
 tests/ovn-macros.at  |   26 +
 tests/ovn-northd.at  | 3023 +-
 tests/ovn.at | 1791 ++--
 tests/system-ovn-kmod.at |   32 +-
 tests/system-ovn.at  |   34 +-
 utilities/.gitignore |2 +
 utilities/automake.mk|   10 +-
 utilities/checkpatch.py  |   12 +
 utilities/ovn-debug.8.xml|   28 +
 utilities/ovn-debug.c|  155 ++
 17 files changed, 2921 insertions(+), 2570 deletions(-)
 create mode 100644 utilities/ovn-debug.8.xml
 create mode 100644 utilities/ovn-debug.c

-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v2] controller: Avoid double controller action for ICMP errors

[Ales Musil]

On Mon, Feb 5, 2024 at 11:03 PM Dumitru Ceara  wrote:

> On 12/14/23 16:29, Ales Musil wrote:
> > The fields that are not directly supported by OvS were encoded
> > via additional controller action that changed the required value.
> > This was most notably needed for ICMP need frag messages.
> >
> > Encode the field value loads as note action instead. This allows
> > us to find the note and act accordingly in the first controller
> > action without the need to send it to pinctrl again, parse and
> > change the packet. This way we can also encode any future fields
> > that might be needed as this method should be flexible enough.
> >
> > This change is completely transparent to the user and shouldn't
> > cause any disruptions.
> >
> > Signed-off-by: Ales Musil 
> > ---
> > v2: Fix the wrong checksum for the ICMP packet.
> > ---
>
> Hi Ales,
>
> Thanks for the patch, I have a few comments though.
>


Hi Dumitru,

thank you for the review.


> >  controller/physical.c |  14 ++--
> >  controller/pinctrl.c  | 183 +-
> >  include/ovn/actions.h |  16 
> >  lib/actions.c |  44 +++---
> >  tests/ovn.at  |  10 +--
> >  5 files changed, 154 insertions(+), 113 deletions(-)
> >
> > diff --git a/controller/physical.c b/controller/physical.c
> > index ce3b88d16..161b4f073 100644
> > --- a/controller/physical.c
> > +++ b/controller/physical.c
> > @@ -1222,7 +1222,7 @@ reply_imcp_error_if_pkt_too_big(struct
> ovn_desired_flow_table *flow_table,
> >  ip_ttl->ttl = 255;
> >
> >  uint16_t frag_mtu = mtu - ETHERNET_OVERHEAD;
> > -size_t frag_mtu_oc_offset;
> > +size_t note_offset;
> >  if (is_ipv6) {
> >  /* icmp6.type = 2 (Packet Too Big) */
> >  /* icmp6.code = 0 */
> > @@ -1234,9 +1234,8 @@ reply_imcp_error_if_pkt_too_big(struct
> ovn_desired_flow_table *flow_table,
> >  _ofpacts, mf_from_id(MFF_ICMPV6_CODE), _code,
> NULL);
> >
> >  /* icmp6.frag_mtu */
> > -frag_mtu_oc_offset = encode_start_controller_op(
> > -ACTION_OPCODE_PUT_ICMP6_FRAG_MTU, true, NX_CTLR_NO_METER,
> > -_ofpacts);
> > +note_offset = encode_start_ovn_field_note(OVN_ICMP6_FRAG_MTU,
> > +  _ofpacts);
> >  ovs_be32 frag_mtu_ovs = htonl(frag_mtu);
> >  ofpbuf_put(_ofpacts, _mtu_ovs, sizeof(frag_mtu_ovs));
> >  } else {
> > @@ -1250,13 +1249,12 @@ reply_imcp_error_if_pkt_too_big(struct
> ovn_desired_flow_table *flow_table,
> >  _ofpacts, mf_from_id(MFF_ICMPV4_CODE), _code,
> NULL);
> >
> >  /* icmp4.frag_mtu = */
> > -frag_mtu_oc_offset = encode_start_controller_op(
> > -ACTION_OPCODE_PUT_ICMP4_FRAG_MTU, true, NX_CTLR_NO_METER,
> > -_ofpacts);
> > +note_offset = encode_start_ovn_field_note(OVN_ICMP4_FRAG_MTU,
> > +  _ofpacts);
> >  ovs_be16 frag_mtu_ovs = htons(frag_mtu);
> >  ofpbuf_put(_ofpacts, _mtu_ovs, sizeof(frag_mtu_ovs));
> >  }
> > -encode_finish_controller_op(frag_mtu_oc_offset, _ofpacts);
> > +encode_finish_ovn_field_note(note_offset, _ofpacts);
> >
> >  /* Finally, submit the ICMP error back to the ingress pipeline */
> >  put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, _ofpacts);
> > diff --git a/controller/pinctrl.c b/controller/pinctrl.c
> > index 5a35d56f6..7925f4c92 100644
> > --- a/controller/pinctrl.c
> > +++ b/controller/pinctrl.c
> > @@ -259,12 +259,7 @@ static void pinctrl_handle_nd_ns(struct rconn
> *swconn,
> >   struct dp_packet *pkt_in,
> >   const struct match *md,
> >   struct ofpbuf *userdata);
> > -static void pinctrl_handle_put_icmp_frag_mtu(struct rconn *swconn,
> > - const struct flow *in_flow,
> > - struct dp_packet *pkt_in,
> > - struct ofputil_packet_in
> *pin,
> > - struct ofpbuf *userdata,
> > - struct ofpbuf
> *continuation);
> > +
> >  static void
> >  pinctrl_handle_event(struct ofpbuf *userdata)
> >  OVS_REQUIRES(pinctrl_mutex);
> > @@ -606,6 +601,23 @@ set_switch_config(struct rconn *swconn,
> >  queue_msg(swconn, request);
> >  }
> >
> > +static void
> > +enqueue_packet(struct rconn *swconn, enum ofp_version version,
> > +   const struct dp_packet *packet, const struct ofpbuf
> *ofpacts)
> > +{
> > +struct ofputil_packet_out po = {
>
> Nit: (struct ofputil_packet_out) {
>
> > +.packet = dp_packet_data(packet),
> > +.packet_len = dp_packet_size(packet),
> > +.buffer_id = UINT32_MAX,
> > +.ofpacts = ofpacts->data,
> > +.ofpacts_len = ofpacts->size,
>
> Nit: 4 

[ovs-dev] [PATCH ovn v3] controller: Avoid double controller action for ICMP errors.

[Ales Musil]

The fields that are not directly supported by OvS were encoded
via additional controller action that changed the required value.
This was most notably needed for ICMP need frag messages.

Encode the field value loads as note action instead. This allows
us to find the note and act accordingly in the first controller
action without the need to send it to pinctrl again, parse and
change the packet. This way we can also encode any future fields
that might be needed as this method should be flexible enough.

This change is completely transparent to the user and shouldn't
cause any disruptions.

Signed-off-by: Ales Musil 
---
v3: Rebase on top of current main.
Fix some cosmetic stuff pointed out by Dumitru.
Add back the handler for old way to keep the ICMP
error working during upgrade.
v2: Fix the wrong checksum for the ICMP packet.
---
 controller/physical.c |  14 +++---
 controller/pinctrl.c  | 104 +-
 include/ovn/actions.h |  17 +++
 lib/actions.c |  42 +
 tests/ovn.at  |  10 ++--
 5 files changed, 153 insertions(+), 34 deletions(-)

diff --git a/controller/physical.c b/controller/physical.c
index c32642d2c..1891629ae 100644
--- a/controller/physical.c
+++ b/controller/physical.c
@@ -1273,7 +1273,7 @@ reply_imcp_error_if_pkt_too_big(struct 
ovn_desired_flow_table *flow_table,
 ip_ttl->ttl = 255;
 
 uint16_t frag_mtu = mtu - ETHERNET_OVERHEAD;
-size_t frag_mtu_oc_offset;
+size_t note_offset;
 if (is_ipv6) {
 /* icmp6.type = 2 (Packet Too Big) */
 /* icmp6.code = 0 */
@@ -1285,9 +1285,8 @@ reply_imcp_error_if_pkt_too_big(struct 
ovn_desired_flow_table *flow_table,
 _ofpacts, mf_from_id(MFF_ICMPV6_CODE), _code, NULL);
 
 /* icmp6.frag_mtu */
-frag_mtu_oc_offset = encode_start_controller_op(
-ACTION_OPCODE_PUT_ICMP6_FRAG_MTU, true, NX_CTLR_NO_METER,
-_ofpacts);
+note_offset = encode_start_ovn_field_note(OVN_ICMP6_FRAG_MTU,
+  _ofpacts);
 ovs_be32 frag_mtu_ovs = htonl(frag_mtu);
 ofpbuf_put(_ofpacts, _mtu_ovs, sizeof(frag_mtu_ovs));
 } else {
@@ -1301,13 +1300,12 @@ reply_imcp_error_if_pkt_too_big(struct 
ovn_desired_flow_table *flow_table,
 _ofpacts, mf_from_id(MFF_ICMPV4_CODE), _code, NULL);
 
 /* icmp4.frag_mtu = */
-frag_mtu_oc_offset = encode_start_controller_op(
-ACTION_OPCODE_PUT_ICMP4_FRAG_MTU, true, NX_CTLR_NO_METER,
-_ofpacts);
+note_offset = encode_start_ovn_field_note(OVN_ICMP4_FRAG_MTU,
+  _ofpacts);
 ovs_be16 frag_mtu_ovs = htons(frag_mtu);
 ofpbuf_put(_ofpacts, _mtu_ovs, sizeof(frag_mtu_ovs));
 }
-encode_finish_controller_op(frag_mtu_oc_offset, _ofpacts);
+encode_finish_ovn_field_note(note_offset, _ofpacts);
 
 /* Finally, submit the ICMP error back to the ingress pipeline */
 put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, _ofpacts);
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index faa3f9226..62f2bcaa5 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -607,6 +607,23 @@ set_switch_config(struct rconn *swconn,
 queue_msg(swconn, request);
 }
 
+static void
+enqueue_packet(struct rconn *swconn, enum ofp_version version,
+   const struct dp_packet *packet, const struct ofpbuf *ofpacts)
+{
+struct ofputil_packet_out po = (struct ofputil_packet_out) {
+.packet = dp_packet_data(packet),
+.packet_len = dp_packet_size(packet),
+.buffer_id = UINT32_MAX,
+.ofpacts = ofpacts->data,
+.ofpacts_len = ofpacts->size,
+};
+
+match_set_in_port(_metadata, OFPP_CONTROLLER);
+enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
+queue_msg(swconn, ofputil_encode_packet_out(, proto));
+}
+
 static void
 set_actions_and_enqueue_msg(struct rconn *swconn,
 const struct dp_packet *packet,
@@ -632,19 +649,59 @@ set_actions_and_enqueue_msg(struct rconn *swconn,
 return;
 }
 
-struct ofputil_packet_out po = {
-.packet = dp_packet_data(packet),
-.packet_len = dp_packet_size(packet),
-.buffer_id = UINT32_MAX,
-.ofpacts = ofpacts.data,
-.ofpacts_len = ofpacts.size,
-};
-match_set_in_port(_metadata, OFPP_CONTROLLER);
-enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version);
-queue_msg(swconn, ofputil_encode_packet_out(, proto));
+enqueue_packet(swconn, version, packet, );
 ofpbuf_uninit();
 }
 
+static bool
+ofpacts_decode_and_reload_metadata(enum ofp_version version,
+   const struct match *md,
+   struct ofpbuf *userdata,
+   struct ofpbuf *ofpacts)
+{
+/* Copy metadata from 'md' into the packet-out via