date:20240312

Re: [ovs-dev] [Patch ovn v2 1/2] actions: Enable specifying zone for ct_commit.

2024-03-12 Thread Martin Kalcok

Following up on the comments from v1.

@amusil You were right that the struct in actions.h was not necessary then.
However I also noticed that I forgot to modify `format_CT_COMMIT_V1`
function and for that I think the struct is necessary. I need to
distinguish whether the `ct_commit` action was called with dnat, snat, or
without any argument to format it properly. If you still don't like it, I
can try to figure out how to do it without the struct, but I couldn't
figure out an obvious solution, so I left it in there in this version.

Regarding the action formatting unit tests, I have two
assumptions/questions:
1. There's no way to distinguish router/switch datapaths in these tests. I
saw that both `ct_commit_nat(dnat)` and `ct_commit_nat(snat)` [0] expect to
encode into the same zone, although they'd output different zones if they
were used in LR datapath.
2. When action formats into identical string as was its input (e.g.
"ct_commit(snat)" -> "ct_commit(snat)"), the test should not use "format
as" check, otherwise it fails. (This one took me a while to figure out, as
it was not obvious from the testlog why it was failing)

Are these correct?

@numans I though a lot about your suggestions for different action names,
but I think that current "ct_commit(snat/dnat)" fits semantically the most.
Brand new actions would share pretty much all of the code with current
"ct_commit_v1" handling. So to address your comments regarding the backward
compatibility, I added new feature flag, following Ales' approach in [1]. I
believe that this should avoid problems of backward incompatibility in
cases when northd is upgraded but controller is not.

@0-day Robot: I forgot to run checkpatch.py, my bad. However the only
problem is 81 char line in ovn-sb.xml and there are already many lines that
go over this limit. Should I create v3 if this turns out to be the only
modification needed?

[0]
https://github.com/ovn-org/ovn/blob/b92ad9e0b408a202273d69ba573f2538e53c6e48/tests/ovn.at#L1500-L1511
[1]
https://github.com/ovn-org/ovn/commit/43f741c2f029a68a11436e5b14c5bbda6e207dd3#diff-ca917e7415d06776f8ee2baf6102a866c5c31f998e4df93ff8eaa246b65e1da2

On Tue, Mar 12, 2024 at 8:45 PM Martin Kalcok 
wrote:

> Action `ct_commit` currently does not allow specifying zone into
> which connection is committed. For example, in LR datapath, the `ct_commit`
> will always use the DNAT zone.
>
> This change adds option to use `ct_commit(snat)` or `ct_commit(dnat)` to
> explicitly specify the zone into which the connection will be committed.
> It also comes with new feature flag OVN_FEATURE_CT_COMMIT_TO_ZONE to avoid
> incompatibility between northd and controller in case when controller does
> not suport these actions.
>
> Original behavior of `ct_commit` without the arguments remains unchanged.
>
> Signed-off-by: Martin Kalcok 
> ---
>  controller/chassis.c  |  8 
>  include/ovn/actions.h |  9 +
>  include/ovn/features.h|  1 +
>  lib/actions.c | 29 -
>  northd/en-global-config.c | 10 ++
>  northd/en-global-config.h |  1 +
>  ovn-sb.xml| 10 ++
>  tests/ovn.at  |  7 +++
>  8 files changed, 74 insertions(+), 1 deletion(-)
>
> diff --git a/controller/chassis.c b/controller/chassis.c
> index ad75df288..9bb2eba95 100644
> --- a/controller/chassis.c
> +++ b/controller/chassis.c
> @@ -371,6 +371,7 @@ chassis_build_other_config(const struct
> ovs_chassis_cfg *ovs_cfg,
>  smap_replace(config, OVN_FEATURE_FDB_TIMESTAMP, "true");
>  smap_replace(config, OVN_FEATURE_LS_DPG_COLUMN, "true");
>  smap_replace(config, OVN_FEATURE_CT_COMMIT_NAT_V2, "true");
> +smap_replace(config, OVN_FEATURE_CT_COMMIT_TO_ZONE, "true");
>  }
>
>  /*
> @@ -516,6 +517,12 @@ chassis_other_config_changed(const struct
> ovs_chassis_cfg *ovs_cfg,
>  return true;
>  }
>
> +if (!smap_get_bool(_rec->other_config,
> +   OVN_FEATURE_CT_COMMIT_TO_ZONE,
> +   false)) {
> +return true;
> +}
> +
>  return false;
>  }
>
> @@ -648,6 +655,7 @@ update_supported_sset(struct sset *supported)
>  sset_add(supported, OVN_FEATURE_FDB_TIMESTAMP);
>  sset_add(supported, OVN_FEATURE_LS_DPG_COLUMN);
>  sset_add(supported, OVN_FEATURE_CT_COMMIT_NAT_V2);
> +sset_add(supported, OVN_FEATURE_CT_COMMIT_TO_ZONE);
>  }
>
>  static void
> diff --git a/include/ovn/actions.h b/include/ovn/actions.h
> index 49fb96fc6..ce9597cf5 100644
> --- a/include/ovn/actions.h
> +++ b/include/ovn/actions.h
> @@ -259,11 +259,20 @@ struct ovnact_ct_next {
>  uint8_t ltable;/* Logical table ID of next table. */
>  };
>
> +/* Conntrack zone to be used for commiting CT entries by the action.
> + * DEFAULT uses default zone for given datapath. */
> +enum ovnact_ct_zone {
> +OVNACT_CT_ZONE_DEFAULT,
> +OVNACT_CT_ZONE_SNAT,
> +OVNACT_CT_ZONE_DNAT,
> +};
> +
>  /* OVNACT_CT_COMMIT_V1. */
>  struct

Re: [ovs-dev] [Patch ovn v2 1/2] actions: Enable specifying zone for ct_commit.

2024-03-12 Thread 0-day Robot

Bleep bloop.  Greetings Martin Kalcok, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line is 81 characters long (recommended limit is 79)
#223 FILE: ovn-sb.xml:1431:
Datapath. These parameters have no effect in Logical Switch 
Datapath.

Lines checked: 250, Warnings: 1, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 15:12, Ilya Maximets wrote:
> On 3/12/24 13:16, Eelco Chaudron wrote:
>>
>>
>> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
>>
>>> Starting with image version 20240310.1.0, GitHub runners are using
>>> 32-bit entropy for ASLR:
>>>
>>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>>   vm.mmap_rnd_bits = 32
>>>   vm.mmap_rnd_compat_bits = 16
>>>
>>> This breaks all the asan-enabled builds, because older asan gets
>>> confused by memory mappings and crashes with segmentation fault.
>>>
>>> The issue is fixed in newer releases of llvm:
>>>  
>>> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>>  https://reviews.llvm.org/D148280
>>>
>>> But these are not available in Ubuntu 22.04 image.
>>>
>>> This should be fixed by GitHub, but until new images are available
>>> reducing ASLR entropy manually to 28 bits to make builds work.
>>>
>>> Reported-at: https://github.com/actions/runner-images/issues/9491
>>> Signed-off-by: Ilya Maximets 
>>
>> Thanks for finding the solution to this!
>>
>> Acked-by: Eelco Chaudron 
>>
> 
> Thanks, Eelco, Dumitru and Aaron.
> 
> Applied to all branches.
> 

Also applied to the OVN tree to main and all branches down to 22.03.

Regards,
Dumitru

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [Patch ovn v2 2/2] northd: Fix direct access to SNAT network on DR.

2024-03-12 Thread Martin Kalcok

This change fixes bug that breaks ability of machines from external
networks to communicate with machines in SNATed networks (specifically
when using a Distributed router).

Currently when a machine (S1) on an external network tries to talk
over TCP with a machine (A1) in a network that has enabled SNAT, the
connection is established successfully. However after the three-way
handshake, any packets that come from the A1 machine will have their
source address translated by the Distributed router, breaking the
communication.

Existing rule in `build_lrouter_out_snat_flow` that decides which
packets should be SNATed already tries to avoid SNATing packets in
reply direction with `(!ct.trk || !ct.rpl)`. However, previous stages
in the distributed LR egress pipeline do not initiate the CT state.

Additionally we need to commit new connections that originate from
external networks into CT, so that the packets in the reply direction
can be properly identified.

Rationale:

In my original RFC [0], there were questions about the motivation for
fixing this issue. I'll try to summarize why I think this is a bug
that should be fixed.

1. Current implementation for Distributed router already tries to
   avoid SNATing packets in the reply direction, it's just missing
   initialized CT states to make proper decisions.

2. This same scenario works with Gateway Router. I tested with
   following setup:

foo -- R1 -- join - R3 -- alice
  |
bar --R2

R1 is a Distributed router with SNAT for foo. R2 is a Gateway
router with SNAT for bar. R3 is a Gateway router with no SNAT.
Using 'alice1' as a client I was able to talk over TCP with
'bar1' but connection with 'foo1' failed.

3. Regarding security and "leaking" of internal IPs. Reading through
   RFC 4787 [1], 5382 [2] and their update in 7857 [3], the
   specifications do not seem to mandate that SNAT implementations
   must filter incoming traffic destined directly to the internal
   network. Sections like "5. Filtering Behavior" in 4787 and
   "4.3 Externally Initiated Connections" in 5382 describe only
   behavior for traffic destined to external IP/Port associated
   with NAT on the device that performs NAT.

   Besides, with the current implementation, it's already possible
   to scan the internal network with pings and TCP syn scanning.

4. We do have customers/clouds that depend on this functionality.
   This is a scenario that used to work in Openstack with ML2/OVS
   and migrating those clouds to ML2/OVN would break it.

[0]https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411670.html
[1]https://datatracker.ietf.org/doc/html/rfc4787
[2]https://datatracker.ietf.org/doc/html/rfc5382
[3]https://datatracker.ietf.org/doc/html/rfc7857

Signed-off-by: Martin Kalcok 
---
 northd/northd.c | 68 
 northd/ovn-northd.8.xml | 29 +
 tests/ovn-northd.at | 33 
 tests/system-ovn.at | 69 +
 4 files changed, 180 insertions(+), 19 deletions(-)

diff --git a/northd/northd.c b/northd/northd.c
index 2c3560ce2..25af52d5a 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -14438,20 +14438,27 @@ build_lrouter_out_is_dnat_local(struct lflow_table 
*lflows,
 
 static void
 build_lrouter_out_snat_match(struct lflow_table *lflows,
- const struct ovn_datapath *od,
- const struct nbrec_nat *nat, struct ds *match,
- bool distributed_nat, int cidr_bits, bool is_v6,
- struct ovn_port *l3dgw_port,
- struct lflow_ref *lflow_ref)
+ const struct ovn_datapath *od,
+ const struct nbrec_nat *nat,
+ struct ds *match,
+ bool distributed_nat, int cidr_bits,
+ bool is_v6,
+ struct ovn_port *l3dgw_port,
+ struct lflow_ref *lflow_ref,
+ bool is_reverse)
 {
 ds_clear(match);
 
-ds_put_format(match, "ip && ip%c.src == %s", is_v6 ? '6' : '4',
+ds_put_format(match, "ip && ip%c.%s == %s",
+  is_v6 ? '6' : '4',
+  is_reverse ? "dst" : "src",
   nat->logical_ip);
 
 if (!od->is_gw_router) {
 /* Distributed router. */
-ds_put_format(match, " && outport == %s", l3dgw_port->json_key);
+ds_put_format(match, " && %s == %s",
+  is_reverse ? "inport" : "outport",
+  l3dgw_port->json_key);
 if (od->n_l3dgw_ports) {
 ds_put_format(match, " && is_chassis_resident(\"%s\")",
   distributed_nat
@@ -14462,7 +14469,7 @@

[ovs-dev] [Patch ovn v2 1/2] actions: Enable specifying zone for ct_commit.

2024-03-12 Thread Martin Kalcok

Action `ct_commit` currently does not allow specifying zone into
which connection is committed. For example, in LR datapath, the `ct_commit`
will always use the DNAT zone.

This change adds option to use `ct_commit(snat)` or `ct_commit(dnat)` to
explicitly specify the zone into which the connection will be committed.
It also comes with new feature flag OVN_FEATURE_CT_COMMIT_TO_ZONE to avoid
incompatibility between northd and controller in case when controller does
not suport these actions.

Original behavior of `ct_commit` without the arguments remains unchanged.

Signed-off-by: Martin Kalcok 
---
 controller/chassis.c  |  8 
 include/ovn/actions.h |  9 +
 include/ovn/features.h|  1 +
 lib/actions.c | 29 -
 northd/en-global-config.c | 10 ++
 northd/en-global-config.h |  1 +
 ovn-sb.xml| 10 ++
 tests/ovn.at  |  7 +++
 8 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/controller/chassis.c b/controller/chassis.c
index ad75df288..9bb2eba95 100644
--- a/controller/chassis.c
+++ b/controller/chassis.c
@@ -371,6 +371,7 @@ chassis_build_other_config(const struct ovs_chassis_cfg 
*ovs_cfg,
 smap_replace(config, OVN_FEATURE_FDB_TIMESTAMP, "true");
 smap_replace(config, OVN_FEATURE_LS_DPG_COLUMN, "true");
 smap_replace(config, OVN_FEATURE_CT_COMMIT_NAT_V2, "true");
+smap_replace(config, OVN_FEATURE_CT_COMMIT_TO_ZONE, "true");
 }
 
 /*
@@ -516,6 +517,12 @@ chassis_other_config_changed(const struct ovs_chassis_cfg 
*ovs_cfg,
 return true;
 }
 
+if (!smap_get_bool(_rec->other_config,
+   OVN_FEATURE_CT_COMMIT_TO_ZONE,
+   false)) {
+return true;
+}
+
 return false;
 }
 
@@ -648,6 +655,7 @@ update_supported_sset(struct sset *supported)
 sset_add(supported, OVN_FEATURE_FDB_TIMESTAMP);
 sset_add(supported, OVN_FEATURE_LS_DPG_COLUMN);
 sset_add(supported, OVN_FEATURE_CT_COMMIT_NAT_V2);
+sset_add(supported, OVN_FEATURE_CT_COMMIT_TO_ZONE);
 }
 
 static void
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 49fb96fc6..ce9597cf5 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -259,11 +259,20 @@ struct ovnact_ct_next {
 uint8_t ltable;/* Logical table ID of next table. */
 };
 
+/* Conntrack zone to be used for commiting CT entries by the action.
+ * DEFAULT uses default zone for given datapath. */
+enum ovnact_ct_zone {
+OVNACT_CT_ZONE_DEFAULT,
+OVNACT_CT_ZONE_SNAT,
+OVNACT_CT_ZONE_DNAT,
+};
+
 /* OVNACT_CT_COMMIT_V1. */
 struct ovnact_ct_commit_v1 {
 struct ovnact ovnact;
 uint32_t ct_mark, ct_mark_mask;
 ovs_be128 ct_label, ct_label_mask;
+enum ovnact_ct_zone zone;
 };
 
 /* Type of NAT used for the particular action.
diff --git a/include/ovn/features.h b/include/ovn/features.h
index 08f1d8288..35a5d8ba0 100644
--- a/include/ovn/features.h
+++ b/include/ovn/features.h
@@ -28,6 +28,7 @@
 #define OVN_FEATURE_FDB_TIMESTAMP "fdb-timestamp"
 #define OVN_FEATURE_LS_DPG_COLUMN "ls-dpg-column"
 #define OVN_FEATURE_CT_COMMIT_NAT_V2 "ct-commit-nat-v2"
+#define OVN_FEATURE_CT_COMMIT_TO_ZONE "ct-commit-to-zone"
 
 /* OVS datapath supported features.  Based on availability OVN might generate
  * different types of openflows.
diff --git a/lib/actions.c b/lib/actions.c
index a45874dfb..9e27a68a5 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -707,6 +707,7 @@ static void
 parse_ct_commit_v1_arg(struct action_context *ctx,
struct ovnact_ct_commit_v1 *cc)
 {
+cc->zone = OVNACT_CT_ZONE_DEFAULT;
 if (lexer_match_id(ctx->lexer, "ct_mark")) {
 if (!lexer_force_match(ctx->lexer, LEX_T_EQUALS)) {
 return;
@@ -737,6 +738,10 @@ parse_ct_commit_v1_arg(struct action_context *ctx,
 return;
 }
 lexer_get(ctx->lexer);
+} else if (lexer_match_id(ctx->lexer, "snat")) {
+cc->zone = OVNACT_CT_ZONE_SNAT;
+} else if (lexer_match_id(ctx->lexer, "dnat")) {
+cc->zone = OVNACT_CT_ZONE_DNAT;
 } else {
 lexer_syntax_error(ctx->lexer, NULL);
 }
@@ -800,6 +805,18 @@ format_CT_COMMIT_V1(const struct ovnact_ct_commit_v1 *cc, 
struct ds *s)
 ds_put_hex(s, >ct_label_mask, sizeof cc->ct_label_mask);
 }
 }
+if (cc->zone != OVNACT_CT_ZONE_DEFAULT) {
+if (ds_last(s) != '(') {
+ds_put_cstr(s, ", ");
+}
+
+if (cc->zone == OVNACT_CT_ZONE_SNAT) {
+ds_put_cstr(s, "snat");
+} else if (cc->zone == OVNACT_CT_ZONE_DNAT) {
+ds_put_cstr(s, "dnat");
+}
+}
+
 if (!ds_chomp(s, '(')) {
 ds_put_char(s, ')');
 }
@@ -814,7 +831,17 @@ encode_CT_COMMIT_V1(const struct ovnact_ct_commit_v1 *cc,
 struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
 ct->flags = NX_CT_F_COMMIT;
 ct->recirc_table = NX_CT_RECIRC_NONE;
-

[ovs-dev] [PATCH] ofproto-dpif-upcall: Don't mirror packets that aren't modified.

2024-03-12 Thread Mike Pattrick

Previously OVS reset the mirror contents when a packet is modified in
such a way that the packets contents changes. However, this change
incorrectly reset that mirror context when only metadata changes as
well.

Now we check for all metadata fields, instead of just tunnel metadata,
before resetting the mirror context.

Fixes: feed7f677505 ("ofproto-dpif-upcall: Mirror packets that are modified.")
Reported-by: Zhangweiwei 
Signed-off-by: Mike Pattrick 
---
 include/openvswitch/meta-flow.h |   1 +
 lib/meta-flow.c | 109 
 ofproto/ofproto-dpif-xlate.c|   2 +-
 tests/ofproto-dpif.at   |   5 +-
 4 files changed, 114 insertions(+), 3 deletions(-)

diff --git a/include/openvswitch/meta-flow.h b/include/openvswitch/meta-flow.h
index 3b0220aaa..96aad3933 100644
--- a/include/openvswitch/meta-flow.h
+++ b/include/openvswitch/meta-flow.h
@@ -2305,6 +2305,7 @@ void mf_set_flow_value_masked(const struct mf_field *,
   const union mf_value *mask,
   struct flow *);
 bool mf_is_tun_metadata(const struct mf_field *);
+bool mf_is_metadata(const struct mf_field *);
 bool mf_is_frozen_metadata(const struct mf_field *);
 bool mf_is_pipeline_field(const struct mf_field *);
 bool mf_is_set(const struct mf_field *, const struct flow *);
diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index aa7cf1fcb..7ecec334e 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -1788,6 +1788,115 @@ mf_is_tun_metadata(const struct mf_field *mf)
mf->id < MFF_TUN_METADATA0 + TUN_METADATA_NUM_OPTS;
 }
 
+bool
+mf_is_metadata(const struct mf_field *mf)
+{
+switch (mf->id) {
+CASE_MFF_TUN_METADATA:
+case MFF_METADATA:
+case MFF_IN_PORT:
+case MFF_IN_PORT_OXM:
+CASE_MFF_REGS:
+CASE_MFF_XREGS:
+CASE_MFF_XXREGS:
+case MFF_PACKET_TYPE:
+case MFF_DP_HASH:
+case MFF_RECIRC_ID:
+case MFF_CONJ_ID:
+case MFF_ACTSET_OUTPUT:
+case MFF_SKB_PRIORITY:
+case MFF_PKT_MARK:
+case MFF_CT_STATE:
+case MFF_CT_ZONE:
+case MFF_CT_MARK:
+case MFF_CT_LABEL:
+case MFF_CT_NW_PROTO:
+case MFF_CT_NW_SRC:
+case MFF_CT_NW_DST:
+case MFF_CT_IPV6_SRC:
+case MFF_CT_IPV6_DST:
+case MFF_CT_TP_SRC:
+case MFF_CT_TP_DST:
+case MFF_N_IDS:
+return true;
+
+case MFF_TUN_ID:
+case MFF_TUN_SRC:
+case MFF_TUN_DST:
+case MFF_TUN_IPV6_SRC:
+case MFF_TUN_IPV6_DST:
+case MFF_TUN_FLAGS:
+case MFF_TUN_GBP_ID:
+case MFF_TUN_GBP_FLAGS:
+case MFF_TUN_ERSPAN_VER:
+case MFF_TUN_ERSPAN_IDX:
+case MFF_TUN_ERSPAN_DIR:
+case MFF_TUN_ERSPAN_HWID:
+case MFF_TUN_GTPU_FLAGS:
+case MFF_TUN_GTPU_MSGTYPE:
+case MFF_TUN_TTL:
+case MFF_TUN_TOS:
+case MFF_ETH_SRC:
+case MFF_ETH_DST:
+case MFF_ETH_TYPE:
+case MFF_VLAN_TCI:
+case MFF_DL_VLAN:
+case MFF_VLAN_VID:
+case MFF_DL_VLAN_PCP:
+case MFF_VLAN_PCP:
+case MFF_MPLS_LABEL:
+case MFF_MPLS_TC:
+case MFF_MPLS_BOS:
+case MFF_MPLS_TTL:
+case MFF_IPV4_SRC:
+case MFF_IPV4_DST:
+case MFF_IPV6_SRC:
+case MFF_IPV6_DST:
+case MFF_IPV6_LABEL:
+case MFF_IP_PROTO:
+case MFF_IP_DSCP:
+case MFF_IP_DSCP_SHIFTED:
+case MFF_IP_ECN:
+case MFF_IP_TTL:
+case MFF_IP_FRAG:
+case MFF_ARP_OP:
+case MFF_ARP_SPA:
+case MFF_ARP_TPA:
+case MFF_ARP_SHA:
+case MFF_ARP_THA:
+case MFF_TCP_SRC:
+case MFF_TCP_DST:
+case MFF_TCP_FLAGS:
+case MFF_UDP_SRC:
+case MFF_UDP_DST:
+case MFF_SCTP_SRC:
+case MFF_SCTP_DST:
+case MFF_ICMPV4_TYPE:
+case MFF_ICMPV4_CODE:
+case MFF_ICMPV6_TYPE:
+case MFF_ICMPV6_CODE:
+case MFF_ND_TARGET:
+case MFF_ND_SLL:
+case MFF_ND_TLL:
+case MFF_ND_RESERVED:
+case MFF_ND_OPTIONS_TYPE:
+case MFF_NSH_FLAGS:
+case MFF_NSH_TTL:
+case MFF_NSH_MDTYPE:
+case MFF_NSH_NP:
+case MFF_NSH_SPI:
+case MFF_NSH_SI:
+case MFF_NSH_C1:
+case MFF_NSH_C2:
+case MFF_NSH_C3:
+case MFF_NSH_C4:
+return false;
+
+default:
+OVS_NOT_REACHED();
+}
+}
+
 bool
 mf_is_frozen_metadata(const struct mf_field *mf)
 {
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 89f183182..faa364ec8 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -7141,7 +7141,7 @@ reset_mirror_ctx(struct xlate_ctx *ctx, const struct flow 
*flow,
 
 set_field = ofpact_get_SET_FIELD(a);
 mf = set_field->field;
-if (mf_are_prereqs_ok(mf, flow, NULL) && !mf_is_tun_metadata(mf)) {
+if (mf_are_prereqs_ok(mf, flow, NULL) && !mf_is_metadata(mf)) {
 ctx->mirrors = 0;
 }
 return;
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index a1393f7f8..245e209c3 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -5443,7 +5443,8 @@ AT_CLEANUP
 # This test verifies that mirror state

[ovs-dev] [PATCH ovn v2 1/3] northd: Introduce ECMP_Nexthop table in SB db.

2024-03-12 Thread Lorenzo Bianconi

Introduce ECMP_Nexthop table in the SB db in order to track active
ecmp-symmetric-reply connections and flush stale ones.

Signed-off-by: Lorenzo Bianconi 
---
 northd/en-northd.c   |  4 +++
 northd/inc-proc-northd.c |  8 +++--
 northd/northd.c  | 73 
 northd/northd.h  |  3 ++
 ovn-sb.ovsschema | 18 --
 ovn-sb.xml   | 26 ++
 tests/ovn-northd.at  |  4 +++
 7 files changed, 132 insertions(+), 4 deletions(-)

diff --git a/northd/en-northd.c b/northd/en-northd.c
index 4479b4aff..2f8408fbc 100644
--- a/northd/en-northd.c
+++ b/northd/en-northd.c
@@ -76,6 +76,8 @@ northd_get_input_data(struct engine_node *node,
 EN_OVSDB_GET(engine_get_input("NB_chassis_template_var", node));
 input_data->nbrec_mirror_table =
 EN_OVSDB_GET(engine_get_input("NB_mirror", node));
+input_data->nbrec_static_route_table =
+EN_OVSDB_GET(engine_get_input("NB_logical_router_static_route", node));
 
 input_data->sbrec_datapath_binding_table =
 EN_OVSDB_GET(engine_get_input("SB_datapath_binding", node));
@@ -101,6 +103,8 @@ northd_get_input_data(struct engine_node *node,
 EN_OVSDB_GET(engine_get_input("SB_chassis_template_var", node));
 input_data->sbrec_mirror_table =
 EN_OVSDB_GET(engine_get_input("SB_mirror", node));
+input_data->sbrec_ecmp_nh_table =
+EN_OVSDB_GET(engine_get_input("SB_ecmp_nexthop", node));
 
 struct ed_type_lb_data *lb_data =
 engine_get_input_data("lb_data", node);
diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
index e1073812c..1c58da0bf 100644
--- a/northd/inc-proc-northd.c
+++ b/northd/inc-proc-northd.c
@@ -61,7 +61,8 @@ static unixctl_cb_func chassis_features_list;
 NB_NODE(meter, "meter") \
 NB_NODE(bfd, "bfd") \
 NB_NODE(static_mac_binding, "static_mac_binding") \
-NB_NODE(chassis_template_var, "chassis_template_var")
+NB_NODE(chassis_template_var, "chassis_template_var") \
+NB_NODE(logical_router_static_route, "logical_router_static_route")
 
 enum nb_engine_node {
 #define NB_NODE(NAME, NAME_STR) NB_##NAME,
@@ -101,7 +102,8 @@ static unixctl_cb_func chassis_features_list;
 SB_NODE(fdb, "fdb") \
 SB_NODE(static_mac_binding, "static_mac_binding") \
 SB_NODE(chassis_template_var, "chassis_template_var") \
-SB_NODE(logical_dp_group, "logical_dp_group")
+SB_NODE(logical_dp_group, "logical_dp_group") \
+SB_NODE(ecmp_nexthop, "ecmp_nexthop")
 
 enum sb_engine_node {
 #define SB_NODE(NAME, NAME_STR) SB_##NAME,
@@ -180,6 +182,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
 engine_add_input(_northd, _nb_mirror, NULL);
 engine_add_input(_northd, _nb_static_mac_binding, NULL);
 engine_add_input(_northd, _nb_chassis_template_var, NULL);
+engine_add_input(_northd, _nb_logical_router_static_route, NULL);
 
 engine_add_input(_northd, _sb_chassis, NULL);
 engine_add_input(_northd, _sb_mirror, NULL);
@@ -192,6 +195,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
 engine_add_input(_northd, _sb_fdb, NULL);
 engine_add_input(_northd, _sb_static_mac_binding, NULL);
 engine_add_input(_northd, _sb_chassis_template_var, NULL);
+engine_add_input(_northd, _sb_ecmp_nexthop, NULL);
 engine_add_input(_northd, _global_config,
  northd_global_config_handler);
 
diff --git a/northd/northd.c b/northd/northd.c
index 1839b7d8b..7b8f442e1 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -16655,6 +16655,76 @@ sync_mirrors(struct ovsdb_idl_txn *ovnsb_txn,
 shash_destroy(_mirrors);
 }
 
+struct sb_ecmp_nexthop_entry {
+struct hmap_node hmap_node;
+const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop;
+};
+
+static struct sb_ecmp_nexthop_entry *
+sb_ecmp_nexthop_lookup(const struct hmap *map, const char *nexthop)
+{
+uint32_t hash = hash_string(nexthop, 0);
+struct sb_ecmp_nexthop_entry *enh_e;
+
+HMAP_FOR_EACH_WITH_HASH (enh_e, hmap_node, hash, map) {
+if (!strcmp(enh_e->sb_ecmp_nexthop->nexthop, nexthop)) {
+return enh_e;
+}
+}
+return NULL;
+}
+
+#define NEXTHOP_IDS_LEN65535
+static void
+sync_ecmp_symmetric_reply_nexthop(struct ovsdb_idl_txn *ovnsb_txn,
+const struct nbrec_logical_router_static_route_table *nbrec_sr_table,
+const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nh_table)
+{
+unsigned long *nexthop_ids = bitmap_allocate(NEXTHOP_IDS_LEN);
+struct hmap sb_only = HMAP_INITIALIZER(_only);
+const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop;
+struct sb_ecmp_nexthop_entry *enh_e;
+
+SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sb_ecmp_nexthop, sbrec_ecmp_nh_table) {
+uint32_t hash = hash_string(sb_ecmp_nexthop->nexthop, 0);
+enh_e = xmalloc(sizeof *enh_e);
+enh_e->sb_ecmp_nexthop = sb_ecmp_nexthop;
+bitmap_set1(nexthop_ids, sb_ecmp_nexthop->id);
+hmap_insert(_only,

[ovs-dev] [PATCH ovn v2 2/3] northd: Add nexhop id in ct_label.label.

2024-03-12 Thread Lorenzo Bianconi

Introduce the nexthop identifier in the ct_label.label field for
ecmp-symmetric replies connections. This field will be used by
ovn-controller to track ct entries and to flush them if requested by the
CMS (e.g. removing the related static routes).

Signed-off-by: Lorenzo Bianconi 
---
 northd/en-lflow.c|  2 ++
 northd/inc-proc-northd.c |  1 +
 northd/northd.c  | 63 +++-
 northd/northd.h  |  1 +
 tests/ovn.at |  4 +--
 tests/system-ovn.at  | 58 +---
 6 files changed, 83 insertions(+), 46 deletions(-)

diff --git a/northd/en-lflow.c b/northd/en-lflow.c
index c4b927fb8..9cb616da8 100644
--- a/northd/en-lflow.c
+++ b/northd/en-lflow.c
@@ -62,6 +62,8 @@ lflow_get_input_data(struct engine_node *node,
 EN_OVSDB_GET(engine_get_input("SB_igmp_group", node));
 lflow_input->sbrec_logical_dp_group_table =
 EN_OVSDB_GET(engine_get_input("SB_logical_dp_group", node));
+lflow_input->sbrec_ecmp_nh_table =
+EN_OVSDB_GET(engine_get_input("SB_ecmp_nexthop", node));
 
 lflow_input->sbrec_mcast_group_by_name_dp =
engine_ovsdb_node_get_index(
diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
index 1c58da0bf..9a3b9a5e7 100644
--- a/northd/inc-proc-northd.c
+++ b/northd/inc-proc-northd.c
@@ -259,6 +259,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
 engine_add_input(_lflow, _port_group, lflow_port_group_handler);
 engine_add_input(_lflow, _lr_stateful, lflow_lr_stateful_handler);
 engine_add_input(_lflow, _ls_stateful, lflow_ls_stateful_handler);
+engine_add_input(_lflow, _sb_ecmp_nexthop, NULL);
 
 engine_add_input(_sync_to_sb_addr_set, _northd, NULL);
 engine_add_input(_sync_to_sb_addr_set, _lr_stateful, NULL);
diff --git a/northd/northd.c b/northd/northd.c
index 7b8f442e1..f897ffda0 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -10558,14 +10558,16 @@ find_static_route_outport(struct ovn_datapath *od, 
const struct hmap *lr_ports,
 }
 
 static void
-add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
-   struct ovn_datapath *od,
-   bool ct_masked_mark,
-   const char *port_ip,
-   struct ovn_port *out_port,
-   const struct parsed_route *route,
-   struct ds *route_match,
-   struct lflow_ref *lflow_ref)
+add_ecmp_symmetric_reply_flows(
+struct lflow_table *lflows,
+struct ovn_datapath *od,
+bool ct_masked_mark,
+const char *port_ip,
+struct ovn_port *out_port,
+const struct parsed_route *route,
+struct ds *route_match,
+struct lflow_ref *lflow_ref,
+const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nh_table)
 {
 const struct nbrec_logical_router_static_route *st_route = route->route;
 struct ds match = DS_EMPTY_INITIALIZER;
@@ -10601,15 +10603,28 @@ add_ecmp_symmetric_reply_flows(struct lflow_table 
*lflows,
  * ds_put_cstr() call. The previous contents are needed.
  */
 ds_put_cstr(, " && !ct.rpl && (ct.new || ct.est)");
+struct ds nexthop_label = DS_EMPTY_INITIALIZER;
+
+const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop;
+SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sb_ecmp_nexthop, sbrec_ecmp_nh_table) {
+if (!strcmp(st_route->nexthop, sb_ecmp_nexthop->nexthop)) {
+int id = sb_ecmp_nexthop->id;
+ds_put_format(_label, "ct_label.label = %d;", id);
+break;
+}
+}
+
 ds_put_format(,
 "ct_commit { ct_label.ecmp_reply_eth = eth.src; "
-" %s = %" PRId64 ";}; "
+" %s = %" PRId64 "; %s }; "
 "next;",
-ct_ecmp_reply_port_match, out_port->sb->tunnel_key);
+ct_ecmp_reply_port_match, out_port->sb->tunnel_key,
+ds_cstr(_label));
 ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100,
 ds_cstr(), ds_cstr(),
 _route->header_,
 lflow_ref);
+ds_destroy(_label);
 
 /* Bypass ECMP selection if we already have ct_label information
  * for where to route the packet.
@@ -10660,10 +10675,12 @@ add_ecmp_symmetric_reply_flows(struct lflow_table 
*lflows,
 }
 
 static void
-build_ecmp_route_flow(struct lflow_table *lflows, struct ovn_datapath *od,
-  bool ct_masked_mark, const struct hmap *lr_ports,
-  struct ecmp_groups_node *eg,
-  struct lflow_ref *lflow_ref)
+build_ecmp_route_flow(
+struct lflow_table *lflows, struct ovn_datapath *od,
+bool ct_masked_mark, const struct hmap *lr_ports,
+struct ecmp_groups_node *eg,
+struct lflow_ref *lflow_ref,
+const struct sbrec_ecmp_nexthop_table

[ovs-dev] [PATCH ovn v2 3/3] ofctrl: Introduce ecmp_nexthop_monitor.

2024-03-12 Thread Lorenzo Bianconi

Introduce ecmp_nexthop_monitor in ovn-controller in order to track and
flush ecmp-symmetric reply ct entires when requested by the CMS (e.g
removing the related static routes).

Signed-off-by: Lorenzo Bianconi 
---
 controller/ofctrl.c | 101 ++
 controller/ofctrl.h |   2 +
 controller/ovn-controller.c |   2 +
 tests/system-ovn-kmod.at| 266 
 tests/system-ovn.at |   4 +
 5 files changed, 375 insertions(+)

diff --git a/controller/ofctrl.c b/controller/ofctrl.c
index f14cd79a8..a10b0f567 100644
--- a/controller/ofctrl.c
+++ b/controller/ofctrl.c
@@ -388,9 +388,24 @@ struct meter_band_entry {
 
 static struct shash meter_bands;
 
+static struct hmap ecmp_nexthop_map;
+struct ecmp_nexthop_entry {
+struct hmap_node node;
+bool erase;
+
+char *nexthop;
+int id;
+};
+
 static void ofctrl_meter_bands_destroy(void);
 static void ofctrl_meter_bands_clear(void);
 
+static void ecmp_nexthop_monitor_destroy(void);
+static void ecmp_nexthop_monitor_run(
+const struct sbrec_ecmp_nexthop_table *enh_table,
+struct ovs_list *msgs);
+
+
 /* MFF_* field ID for our Geneve option.  In S_TLV_TABLE_MOD_SENT, this is
  * the option we requested (we don't know whether we obtained it yet).  In
  * S_CLEAR_FLOWS or S_UPDATE_FLOWS, this is really the option we have. */
@@ -429,6 +444,7 @@ ofctrl_init(struct ovn_extend_table *group_table,
 groups = group_table;
 meters = meter_table;
 shash_init(_bands);
+hmap_init(_nexthop_map);
 }
 
 /* S_NEW, for a new connection.
@@ -883,6 +899,7 @@ ofctrl_destroy(void)
 expr_symtab_destroy();
 shash_destroy();
 ofctrl_meter_bands_destroy();
+ecmp_nexthop_monitor_destroy();
 }
 
 uint64_t
@@ -2306,6 +2323,87 @@ add_meter(struct ovn_extend_table_info *m_desired,
 ofctrl_meter_bands_alloc(sb_meter, m_desired, msgs);
 }
 
+static void
+ecmp_nexthop_monitor_free_entry(struct ecmp_nexthop_entry *e,
+struct ovs_list *msgs)
+{
+if (msgs) {
+ovs_u128 mask = {
+/* ct_labels.label BITS[96-127] */
+.u64.hi = 0x,
+};
+uint64_t id = e->id;
+ovs_u128 nexthop = {
+.u64.hi = id << 32,
+};
+struct ofp_ct_match match = {
+.labels = nexthop,
+.labels_mask = mask,
+};
+struct ofpbuf *msg = ofp_ct_match_encode(, NULL,
+ rconn_get_version(swconn));
+ovs_list_push_back(msgs, >list_node);
+}
+free(e->nexthop);
+free(e);
+}
+
+static void
+ecmp_nexthop_monitor_destroy(void)
+{
+struct ecmp_nexthop_entry *e;
+HMAP_FOR_EACH_POP (e, node, _nexthop_map) {
+ecmp_nexthop_monitor_free_entry(e, NULL);
+}
+hmap_destroy(_nexthop_map);
+}
+
+static struct ecmp_nexthop_entry *
+ecmp_nexthop_monitor_lookup(char *nexthop)
+{
+uint32_t hash = hash_string(nexthop, 0);
+struct ecmp_nexthop_entry *e;
+
+HMAP_FOR_EACH_WITH_HASH (e, node, hash, _nexthop_map) {
+if (!strcmp(e->nexthop, nexthop)) {
+return e;
+}
+}
+return NULL;
+}
+
+static void
+ecmp_nexthop_monitor_run(const struct sbrec_ecmp_nexthop_table *enh_table,
+ struct ovs_list *msgs)
+{
+struct ecmp_nexthop_entry *e;
+HMAP_FOR_EACH (e, node, _nexthop_map) {
+e->erase = true;
+}
+
+const struct sbrec_ecmp_nexthop *sbrec_ecmp_nexthop;
+SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sbrec_ecmp_nexthop, enh_table) {
+e = ecmp_nexthop_monitor_lookup(sbrec_ecmp_nexthop->nexthop);
+if (!e) {
+e = xzalloc(sizeof *e);
+e->nexthop = xstrdup(sbrec_ecmp_nexthop->nexthop);
+e->id = sbrec_ecmp_nexthop->id;
+uint32_t hash = hash_string(e->nexthop, 0);
+hmap_insert(_nexthop_map, >node, hash);
+} else {
+e->erase = false;
+}
+}
+
+HMAP_FOR_EACH_SAFE (e, node, _nexthop_map) {
+if (e->erase) {
+hmap_remove(_nexthop_map, >node);
+ecmp_nexthop_monitor_free_entry(e, msgs);
+}
+}
+
+}
+
 static void
 installed_flow_add(struct ovn_flow *d,
struct ofputil_bundle_ctrl_msg *bc,
@@ -2664,6 +2762,7 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table,
struct shash *pending_ct_zones,
struct hmap *pending_lb_tuples,
struct ovsdb_idl_index *sbrec_meter_by_name,
+   const struct sbrec_ecmp_nexthop_table *enh_table,
uint64_t req_cfg,
bool lflows_changed,
bool pflows_changed)
@@ -2704,6 +2803,8 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table,
 /* OpenFlow messages to send to the switch to bring it up-to-date. */
 struct ovs_list msgs = OVS_LIST_INITIALIZER();
 
+ecmp_nexthop_monitor_run(enh_table, );
+
 /* Iterate through ct zones that need to

[ovs-dev] [PATCH ovn v2 0/3] Introduce ECMP_nexthop monitor in ovn-controller

2024-03-12 Thread Lorenzo Bianconi

Reported-at: https://issues.redhat.com/browse/FDP-56

Changes since v1:
- add ID column in ECMP_Nexthop table in SB db
- remove nexthop-id in logical_router_static_route option column

Lorenzo Bianconi (3):
  northd: Introduce ECMP_Nexthop table in SB db.
  northd: Add nexhop id in ct_label.label.
  ofctrl: Introduce ecmp_nexthop_monitor.

 controller/ofctrl.c | 101 ++
 controller/ofctrl.h |   2 +
 controller/ovn-controller.c |   2 +
 northd/en-lflow.c   |   2 +
 northd/en-northd.c  |   4 +
 northd/inc-proc-northd.c|   9 +-
 northd/northd.c | 136 +++---
 northd/northd.h |   4 +
 ovn-sb.ovsschema|  18 ++-
 ovn-sb.xml  |  26 
 tests/ovn-northd.at |   4 +
 tests/ovn.at|   4 +-
 tests/system-ovn-kmod.at| 266 
 tests/system-ovn.at |  62 +
 14 files changed, 590 insertions(+), 50 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn 2/3] northd: Add nexhop id in ct_label.label.

2024-03-12 Thread Lorenzo Bianconi

> Hi Lorenzo,
> 
> Just a couple of small comments below.
> 
> On 3/7/24 08:19, Lorenzo Bianconi wrote:
> > Introduce the nexthop identifier in the ct_label.label field for
> > ecmp-symmetric replies connections. This field will be used by
> > ovn-controller to track ct entries and to flush them if requested by the
> > CMS (e.g. removing the related static routes).
> > 
> > Signed-off-by: Lorenzo Bianconi 
> > ---
> >   northd/northd.c | 11 +--
> >   tests/ovn.at|  4 ++--
> >   tests/system-ovn.at | 48 -
> >   3 files changed, 37 insertions(+), 26 deletions(-)
> > 
> > diff --git a/northd/northd.c b/northd/northd.c
> > index 3770f9f94..e85339704 100644
> > --- a/northd/northd.c
> > +++ b/northd/northd.c
> > @@ -10600,15 +10600,22 @@ add_ecmp_symmetric_reply_flows(struct lflow_table 
> > *lflows,
> >* ds_put_cstr() call. The previous contents are needed.
> >*/
> >   ds_put_cstr(, " && !ct.rpl && (ct.new || ct.est)");
> > +struct ds nexthop_label = DS_EMPTY_INITIALIZER;
> > +int id = smap_get_int(_route->options, "nexthop-id", -1);
> > +if (id > 0) {
> > +ds_put_format(_label, "ct_label.label = %d;", id);
> > +}
> 
> As mentioned in my review of patch 1, this should use the SB ECMP_nexthop
> nexthop-id instead of the NB static route nexthop-id.

ack, I will fix it in v2.

> 
> >   ds_put_format(,
> >   "ct_commit { ct_label.ecmp_reply_eth = eth.src; "
> > -" %s = %" PRId64 ";}; "
> > +" %s = %" PRId64 "; %s }; "
> >   "next;",
> > -ct_ecmp_reply_port_match, out_port->sb->tunnel_key);
> > +ct_ecmp_reply_port_match, out_port->sb->tunnel_key,
> > +ds_cstr(_label));
> >   ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100,
> >   ds_cstr(), ds_cstr(),
> >   _route->header_,
> >   lflow_ref);
> > +ds_destroy(_label);
> >   /* Bypass ECMP selection if we already have ct_label information
> >* for where to route the packet.
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index d26c95054..d5ee7a1f3 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -29181,7 +29181,7 @@ AT_CHECK([
> >   for hv in 1 2; do
> >   grep table=17 hv${hv}flows | \
> >   grep "priority=100" | \
> > -grep -c 
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
> > +grep -c 
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))"
> >   grep table=25 hv${hv}flows | \
> >   grep "priority=200" | \
> > @@ -29306,7 +29306,7 @@ AT_CHECK([
> >   for hv in 1 2; do
> >   grep table=17 hv${hv}flows | \
> >   grep "priority=100" | \
> > -grep -c 
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
> > +grep -c 
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))"
> >   grep table=25 hv${hv}flows | \
> >   grep "priority=200" | \
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index 2411b0267..146bf70e2 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -6121,19 +6121,20 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 
> > 10.0.0.2 | FORMAT_PING], \
> >   # and just ensure that the known ethernet address is present.
> >   AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1) | \
> >   sed -e 's/zone=[[0-9]]*/zone=/' |
> > -sed -e 's/mark=[[0-9]]*/mark=/'], [0], [dnl
> > -icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x4010204
> > -tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x4010204,protoinfo=(state=)
> > +sed -e 's/mark=[[0-9]]*/mark=/' |
> > +sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl
> > +icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x?04010204
> > +tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x?04010204,protoinfo=(state=)
> >   ])
> >   # Ensure datapaths show conntrack states as expected
> >   # Like with conntrack entries, we shouldn't try to predict
> >   # port binding tunnel keys. So

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Ilya Maximets

On 3/12/24 13:16, Eelco Chaudron wrote:
> 
> 
> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
> 
>> Starting with image version 20240310.1.0, GitHub runners are using
>> 32-bit entropy for ASLR:
>>
>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>   vm.mmap_rnd_bits = 32
>>   vm.mmap_rnd_compat_bits = 16
>>
>> This breaks all the asan-enabled builds, because older asan gets
>> confused by memory mappings and crashes with segmentation fault.
>>
>> The issue is fixed in newer releases of llvm:
>>  
>> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>  https://reviews.llvm.org/D148280
>>
>> But these are not available in Ubuntu 22.04 image.
>>
>> This should be fixed by GitHub, but until new images are available
>> reducing ASLR entropy manually to 28 bits to make builds work.
>>
>> Reported-at: https://github.com/actions/runner-images/issues/9491
>> Signed-off-by: Ilya Maximets 
> 
> Thanks for finding the solution to this!
> 
> Acked-by: Eelco Chaudron 
> 

Thanks, Eelco, Dumitru and Aaron.

Applied to all branches.

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] controller: Set check_tnl_key for BFD on tunnel ifaces.

2024-03-12 Thread 0-day Robot

Bleep bloop.  Greetings Dumitru Ceara, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
ERROR: Committer Mark Michelson  needs to sign off.
WARNING: Unexpected sign-offs from developers who are not authors or co-authors 
or committers: Dumitru Ceara 
Lines checked: 70, Warnings: 1, Errors: 1


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] ofproto-dpif: Fix vxlan with different name del/add failed.

2024-03-12 Thread Tao Liu

Reproduce:
  ovs-vsctl add-port br-int p0 \
-- set interface p0 type=vxlan options:remote_ip=10.10.10.1

  sleep 2

  ovs-vsctl --if-exists del-port p0 \
-- add-port br-int p1 \
-- set interface p1 type=vxlan options:remote_ip=10.10.10.1
  ovs-vsctl: Error detected while setting up 'p1': could not add
  network device p1 to ofproto (File exists).

vswitchd log:
  bridge|INFO|bridge br-int: added interface p0 on port 1106
  bridge|INFO|bridge br-int: deleted interface p0 on port 1106
  tunnel|WARN|p1: attempting to add tunnel port with same config as port 'p0' 
(::->10.10.10.1, key=0, legacy_l2, dp port=122)
  ofproto|WARN|br-int: could not add port p1 (File exists)
  bridge|WARN|could not add network device p1 to ofproto (File exists)

CallTrace:
  bridge_reconfigure
bridge_del_ports
  port_destroy
iface_destroy__
  netdev_remove <-- netdev p0 removed
bridge_delete_or_reconfigure_ports
  OFPROTO_PORT_FOR_EACH
ofproto_port_dump_next
  port_dump_next
  port_query_by_name<-- netdev_shash do not contain p0
ofproto_port_del<-- p0 do not del in ofproto
bridge_add_ports
  bridge_add_ports__
iface_create
  iface_do_create
ofproto_port_add<-- p1 add failed

Fixes: fe83f81df977 ("netdev: Remove netdev from global shash when the user is 
changing interface configuration.")
Signed-off-by: Tao Liu 
---
 ofproto/ofproto-dpif.c | 13 +
 tests/tunnel.at| 12 
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index f59d69c4d..0cac3050d 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -3905,14 +3905,19 @@ port_query_by_name(const struct ofproto *ofproto_, 
const char *devname,
 
 if (sset_contains(>ghost_ports, devname)) {
 const char *type = netdev_get_type_from_name(devname);
+const struct ofport *ofport =
+shash_find_data(>up.port_by_name, devname);
+if (!type && ofport && ofport->netdev) {
+type = netdev_get_type(ofport->netdev);
+}
 
 /* We may be called before ofproto->up.port_by_name is populated with
  * the appropriate ofport.  For this reason, we must get the name and
- * type from the netdev layer directly. */
+ * type from the netdev layer directly.
+ * When a port deleted, the corresponding netdev is also removed from
+ * netdev_shash. netdev_get_type_from_name returns NULL in such case.
+ * We should try to get type from ofport->netdev. */
 if (type) {
-const struct ofport *ofport;
-
-ofport = shash_find_data(>up.port_by_name, devname);
 ofproto_port->ofp_port = ofport ? ofport->ofp_port : OFPP_NONE;
 ofproto_port->name = xstrdup(devname);
 ofproto_port->type = xstrdup(type);
diff --git a/tests/tunnel.at b/tests/tunnel.at
index 71e7c2df4..9d539ee6f 100644
--- a/tests/tunnel.at
+++ b/tests/tunnel.at
@@ -1269,6 +1269,18 @@ OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
 OVS_APP_EXIT_AND_WAIT([ovsdb-server])]
 AT_CLEANUP
 
+AT_SETUP([tunnel - re-create port with different name])
+OVS_VSWITCHD_START(
+  [add-port br0 p0 -- set int p0 type=vxlan options:remote_ip=10.10.10.1])
+
+AT_CHECK([ovs-vsctl --if-exists del-port p0 -- \
+  add-port br0 p1 -- \
+  set int p1 type=vxlan options:remote_ip=10.10.10.1])
+
+OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])]
+AT_CLEANUP
+
 AT_SETUP([tunnel - SRV6 basic])
 OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=dummy \
 ofport_request=1 \
-- 
2.31.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [RFC] bridge: Retry tunnel port addition for conflict.

2024-03-12 Thread Tao Liu

On 03/11  , Ilya Maximets wrote:
> On 3/11/24 06:17, Han Zhou wrote:
> > 
> > 
> > On Fri, Mar 8, 2024 at 12:17 AM Tao Liu  > > wrote:
> >>
> >>
> >> On 3/7/24 5:39 AM, Ilya Maximets wrote:
> >> > On 2/27/24 20:14, Han Zhou wrote:
> >> >> For kernel datapath, when a new tunnel port is created in the same
> >> >> transaction in which an old tunnel port with the same tunnel
> >> >> configuration is deleted, the new tunnel port creation will fail and
> >> >> left in an error state. This can be easily reproduced in OVN by
> >> >> triggering a chassis deletion and addition with the same encap in the
> >> >> same SB DB transaction, such as:
> >> >>
> >> >> ovn-sbctl chassis-add aa geneve 1.2.3.4
> >> >> ovn-sbctl chassis-del aa -- chassis-add bb 1.2.3.4
> >> >>
> >> >> ovs-vsctl show | grep error
> >> >> error: "could not add network device ovn-bb-0 to ofproto (File 
> >> >> exists)"
> >> >>
> >> >> Related logs in OVS:
> >> >> —
> >> >> 2024-02-23T05:41:49.978Z|405933|bridge|INFO|bridge br-int: deleted 
> >> >> interface ovn-aa-0 on port 113
> >> >> 2024-02-23T05:41:49.989Z|405935|tunnel|WARN|ovn-bb-0: attempting to 
> >> >> add tunnel port with same config as port 'ovn-aa-0' (::->1.2.3.4, 
> >> >> key=flow, legacy_l2, dp port=9)
> >> >> 2024-02-23T05:41:49.989Z|405936|ofproto|WARN|br-int: could not add port 
> >> >> ovn-bb-0 (File exists)
> >> >> 2024-02-23T05:41:49.989Z|405937|bridge|WARN|could not add network 
> >> >> device ovn-bb-0 to ofproto (File exists)
> >> >> —
> >> >
> >> > Hi, Han.  Thanks for the patch!
> >> >
> >> >>
> >> >> Depending on when there are other OVSDB changes, it may take a long time
> >> >> for the device to be added successfully, triggered by the next OVS
> >> >> iteration.
> >> >>
> >> >> (note: native tunnel ports do not have this problem)
> >> >
> >> > I don't think this is correct.  The code path is common for both system
> >> > and native tunnels.  I can reproduce the issues in a sandbox with:
> >> >
> >> > $ make -j8 sandbox SANDBOXFLAGS="\-\-dummy='system'"
> >> > [tutorial]$ ovs-vsctl add-port br0 tunnel_port \
> >> >                  -- set Interface tunnel_port \
> >> >                         type=geneve options:remote_ip=flow 
> >> > options:key=123
> >> > [tutorial]$ ovs-vsctl del-port tunnel_port \
> >> >                  -- add-port br0 tunnel_port2 \
> >> >                  -- set Interface tunnel_port2 \
> >> >                         type=geneve options:remote_ip=flow 
> >> > options:key=123
> >> > ovs-vsctl: Error detected while setting up 'tunnel_port2':
> >> > could not add network device tunnel_port2 to ofproto (File exists).
> >> > See ovs-vswitchd log for details.
> >> >
> >> > The same should work in a testsuite as well, i.e. we should be able to
> >> > create a test for this scenario.
> >> >
> >> > Note: The --dummy=system prevents OVS from replacing tunnel ports with
> >> >        dummy ones.
> >> >
> > 
> > Thanks Ilya for the correction! --dummy=system is very helpful.
> > 
> >> >>
> >> >> The problem is how the tunnel port deletion and creation are handled. In
> >> >> bridge_reconfigure(), port deletion is handled before creation, to avoid
> >> >> such resource conflict. However, for kernel tunnel ports, the real clean
> >> >> up is performed at the end of the bridge_reconfigure() in the:
> >> >> bridge_run__()->ofproto_run()->...->ofproto_dpif:port_destruct()
> >> >>
> >> >> We cannot call bridge_run__() at an earlier point before all
> >> >> reconfigurations are done, so this patch tries a generic approach to
> >> >> just re-run the bridge_reconfigure() when there are any port creations
> >> >> encountered "File exists" error, which indicates a possible resource
> >> >> conflict may have happened due to a later deleted port, and retry may
> >> >> succeed.
> >> >>
> >> >> Signed-off-by: Han Zhou mailto:hz...@ovn.org>>
> >> >> ---
> >> >> This is RFC because I am not sure if there is a better way to solve the 
> >> >> problem
> >> >> more specifically by executing the port_destruct for the old port 
> >> >> before trying
> >> >> to create the new port. The fix may be more complex though.
> >> >
> >> > I don't think re-trying is a good approach in general.  We should likely
> >> > just destroy the tnl_port structure right away, similarly to how we clean
> >> > up stp, lldp and bundles in ofproto_port_unregister().  Maybe we can add
> >> > a new callback similar to bundle_remove() and call tnl_port_del() from 
> >> > it?
> >> > (I didn't try, so I'm not 100% sure this will not cause any issues.)
> >> >
> >> > What do you think?
> >> >
> >> > Best regards, Ilya Maximets.
> >> > ___
> >> > dev mailing list
> >> > d...@openvswitch.org 
> >> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev 
> >> > 
> >>
> >> Hi Ilya and Han,
> >>
> >> We hit this issue some days

Re: [ovs-dev] [PATCH] netdev-dpdk: Clean up all marker flags if no offloads requested.

2024-03-12 Thread Mike Pattrick

On Mon, Mar 11, 2024 at 2:31 PM Ilya Maximets  wrote:
>
> Some drivers (primarily, Intel ones) do not expect any marking flags
> being set if no offloads are requested.  If these flags are present,
> driver will fail Tx preparation or behave abnormally.
>
> For example, ixgbe driver will refuse to process the packet with
> only RTE_MBUF_F_TX_TUNNEL_GENEVE and RTE_MBUF_F_TX_OUTER_IPV4 set.
> This pretty much breaks Geneve tunnels on these cards.
>
> An extra check is added to make sure we don't have any unexpected
> Tx offload flags set.
>
> Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
> Reported-at: https://github.com/openvswitch/ovs-issues/issues/321
> Signed-off-by: Ilya Maximets 

Acked-by: Mike Pattrick 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Ilya Maximets

On 3/12/24 14:28, Dumitru Ceara wrote:
> On 3/12/24 13:16, Eelco Chaudron wrote:
>>
>>
>> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
>>
>>> Starting with image version 20240310.1.0, GitHub runners are using
>>> 32-bit entropy for ASLR:
>>>
>>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>>   vm.mmap_rnd_bits = 32
>>>   vm.mmap_rnd_compat_bits = 16
>>>
>>> This breaks all the asan-enabled builds, because older asan gets
>>> confused by memory mappings and crashes with segmentation fault.
>>>
>>> The issue is fixed in newer releases of llvm:
>>>  
>>> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>>  https://reviews.llvm.org/D148280
>>>
>>> But these are not available in Ubuntu 22.04 image.
>>>
>>> This should be fixed by GitHub, but until new images are available
>>> reducing ASLR entropy manually to 28 bits to make builds work.
>>>
>>> Reported-at: https://github.com/actions/runner-images/issues/9491
>>> Signed-off-by: Ilya Maximets 
>>
>> Thanks for finding the solution to this!
>>
>> Acked-by: Eelco Chaudron 
>>
> 
> Acked-by: Dumitru Ceara 
> 
> Ilya, if you're OK with it, I can cherry-pick this into the OVN tree
> too.  It applies there too.  Here's the commit in my fork:
> 
> https://github.com/dceara/ovn/commit/7a9fdc76ce18f4081700ebee4aa88708a711f5f5

Yeah, sure.  Feel free to take it.

Best regards, Ilya Maximets.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:16, Eelco Chaudron wrote:
> 
> 
> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
> 
>> Starting with image version 20240310.1.0, GitHub runners are using
>> 32-bit entropy for ASLR:
>>
>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>   vm.mmap_rnd_bits = 32
>>   vm.mmap_rnd_compat_bits = 16
>>
>> This breaks all the asan-enabled builds, because older asan gets
>> confused by memory mappings and crashes with segmentation fault.
>>
>> The issue is fixed in newer releases of llvm:
>>  
>> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>  https://reviews.llvm.org/D148280
>>
>> But these are not available in Ubuntu 22.04 image.
>>
>> This should be fixed by GitHub, but until new images are available
>> reducing ASLR entropy manually to 28 bits to make builds work.
>>
>> Reported-at: https://github.com/actions/runner-images/issues/9491
>> Signed-off-by: Ilya Maximets 
> 
> Thanks for finding the solution to this!
> 
> Acked-by: Eelco Chaudron 
> 

Acked-by: Dumitru Ceara 

Ilya, if you're OK with it, I can cherry-pick this into the OVN tree
too.  It applies there too.  Here's the commit in my fork:

https://github.com/dceara/ovn/commit/7a9fdc76ce18f4081700ebee4aa88708a711f5f5

Thanks,
Dumitru

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Aaron Conole

Ilya Maximets  writes:

> Starting with image version 20240310.1.0, GitHub runners are using
> 32-bit entropy for ASLR:
>
>   $ sudo sysctl -a | grep vm.mmap.rnd
>   vm.mmap_rnd_bits = 32
>   vm.mmap_rnd_compat_bits = 16
>
> This breaks all the asan-enabled builds, because older asan gets
> confused by memory mappings and crashes with segmentation fault.
>
> The issue is fixed in newer releases of llvm:
>   
> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>   https://reviews.llvm.org/D148280
>
> But these are not available in Ubuntu 22.04 image.
>
> This should be fixed by GitHub, but until new images are available
> reducing ASLR entropy manually to 28 bits to make builds work.
>
> Reported-at: https://github.com/actions/runner-images/issues/9491
> Signed-off-by: Ilya Maximets 
> ---

Acked-by: Aaron Conole 

We'll probably need something similar in other projects, too... What a
mess.

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.09 2/2] Prepare for 23.09.4.

2024-03-12 Thread 0-day Robot

Bleep bloop.  Greetings Mark Michelson, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


git-am:
error: sha1 information is lacking or useless (NEWS).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Prepare for 23.09.4.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-24.03 2/2] Prepare for 24.03.2.

2024-03-12 Thread 0-day Robot

Bleep bloop.  Greetings Mark Michelson, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


git-am:
error: sha1 information is lacking or useless (NEWS).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Prepare for 24.03.2.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-24.03 1/2] Set release date for 24.03.1.

2024-03-12 Thread 0-day Robot

Bleep bloop.  Greetings Mark Michelson, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


git-am:
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Set release date for 24.03.1.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] controller: Set check_tnl_key for BFD on tunnel ifaces.

2024-03-12 Thread Dumitru Ceara

From: Frode Nordahl 

The OVS BFD configuration option `check_tnl_key` controls whether
OVS should consider the tunnel key before processing BFD control
messages.  The OVN pipeline design ensures traffic originating
from a logical port will have a non-zero tunnel key.

Always set `check_tnl_key` to "true" to avoid processing of
BFD control messages originating from a logical port.

CVE-2024-2182

Signed-off-by: Dumitru Ceara 
Signed-off-by: Frode Nordahl 
---
 controller/bfd.c | 3 +++
 tests/ovn.at | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/controller/bfd.c b/controller/bfd.c
index f24bfd0638..22a8c66959 100644
--- a/controller/bfd.c
+++ b/controller/bfd.c
@@ -235,6 +235,9 @@ bfd_run(const struct ovsrec_interface_table 
*interface_table,
 if (mult) {
 smap_add(, "mult", mult);
 }
+/* `check_tnl_key` must always be set to "true" to avoid processing of
+ * BFD control messages originating from a logical port. */
+smap_add(, "check_tnl_key", "true");
 }
 
 /* Enable or disable bfd */
diff --git a/tests/ovn.at b/tests/ovn.at
index e87df6c8dc..0595f1167e 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -13814,7 +13814,7 @@ for chassis in gw1 hv1 hv2; do
 echo "checking gw2 -> $chassis"
 OVS_WAIT_UNTIL([
 bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface 
name=ovn-$chassis-0)
-test "$bfd_cfg" = "enable=true min_rx=2000"
+test "$bfd_cfg" = "check_tnl_key=true enable=true min_rx=2000"
 ])
 done
 ovn-nbctl --wait=hv set NB_Global . options:"bfd-min-tx"=1500
@@ -13822,7 +13822,7 @@ for chassis in gw1 hv1 hv2; do
 echo "checking gw2 -> $chassis"
 OVS_WAIT_UNTIL([
 bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface 
name=ovn-$chassis-0)
-test "$bfd_cfg" = "enable=true min_rx=2000 min_tx=1500"
+test "$bfd_cfg" = "check_tnl_key=true enable=true min_rx=2000 min_tx=1500"
 ])
 done
 ovn-nbctl remove NB_Global . options "bfd-min-rx"
@@ -13831,7 +13831,7 @@ for chassis in gw1 hv1 hv2; do
 echo "checking gw2 -> $chassis"
 OVS_WAIT_UNTIL([
 bfd_cfg=$(ovs-vsctl --bare --columns bfd find Interface 
name=ovn-$chassis-0)
-test "$bfd_cfg" = "enable=true min_tx=1500 mult=15"
+test "$bfd_cfg" = "check_tnl_key=true enable=true min_tx=1500 mult=15"
 ])
 done
 
-- 
2.39.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-22.03 2/2] Prepare for 22.03.8.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 3 +++
>  configure.ac | 2 +-
>  debian/changelog | 6 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/NEWS b/NEWS
> index a28249bff..8d92161bb 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,6 @@
> +OVN v22.03.8 - xx xxx 
> +--
> +
>  OVN v22.03.7 - 12 Mar 2024
>  --
>- Bug fixes
> diff --git a/configure.ac b/configure.ac
> index e11553351..3b92cc52a 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,7 +13,7 @@
>  # limitations under the License.
>  
>  AC_PREREQ(2.63)
> -AC_INIT(ovn, 22.03.7, b...@openvswitch.org)
> +AC_INIT(ovn, 22.03.8, b...@openvswitch.org)
>  AC_CONFIG_MACRO_DIR([m4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AC_CONFIG_HEADERS([config.h])
> diff --git a/debian/changelog b/debian/changelog
> index e8d6d2478..e7362e15e 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +OVN (22.03.8-1) unstable; urgency=low
> +   [ OVN team ]
> +   * New upstream version
> +
> + -- OVN team   Tue, 12 Mar 2024 08:36:00 -0400
> +
>  OVN (22.03.7-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-22.03 1/2] Set release date for 22.03.7.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 4 +++-
>  debian/changelog | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index 6087f91d8..a28249bff 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,5 +1,7 @@
> -OVN v22.03.7 - xx xxx 
> +OVN v22.03.7 - 12 Mar 2024
>  --
> +  - Bug fixes
> +  - Security: Fixed vulnerability CVE-2024-2182.
>  
>  OVN v22.03.6 - 01 Mar 2024
>  --
> diff --git a/debian/changelog b/debian/changelog
> index 0aa5ce0ed..e8d6d2478 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -2,7 +2,7 @@ OVN (22.03.7-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version
>  
> - -- OVN team   Fri, 01 Mar 2024 14:06:36 -0500
> + -- OVN team   Tue, 12 Mar 2024 08:36:00 -0400
>  
>  OVN (22.03.6-1) unstable; urgency=low
> [ OVN team ]

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.03 2/2] Prepare for 23.03.4.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 3 +++
>  configure.ac | 2 +-
>  debian/changelog | 6 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/NEWS b/NEWS
> index b36fa42a4..9f93953db 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,6 @@
> +OVN v23.03.4 - xx xxx 
> +--
> +
>  OVN v23.03.3 - 12 Mar 2024
>  --
>- Bug fixes
> diff --git a/configure.ac b/configure.ac
> index 4dd414b58..bdd7b74a7 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,7 +13,7 @@
>  # limitations under the License.
>  
>  AC_PREREQ(2.63)
> -AC_INIT(ovn, 23.03.3, b...@openvswitch.org)
> +AC_INIT(ovn, 23.03.4, b...@openvswitch.org)
>  AC_CONFIG_MACRO_DIR([m4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AC_CONFIG_HEADERS([config.h])
> diff --git a/debian/changelog b/debian/changelog
> index 4694f269a..946c3739b 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +OVN (23.03.4-1) unstable; urgency=low
> +   [ OVN team ]
> +   * New upstream version
> +
> + -- OVN team   Tue, 12 Mar 2024 08:35:50 -0400
> +
>  OVN (23.03.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.03 1/2] Set release date for 23.03.3.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 4 +++-
>  debian/changelog | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index 6caaeead1..b36fa42a4 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,7 +1,9 @@
> -OVN v23.03.3 - xx xxx 
> +OVN v23.03.3 - 12 Mar 2024
>  --
> +  - Bug fixes
>- Add "garp-max-timeout-sec" config option to vswitchd external-ids to
>  cap the time between when ovn-controller sends gARP packets.
> +  - Security: Fixed vulnerability CVE-2024-2182.
>  
>  OVN v23.03.2 - 15 Sep 2023
>  --
> diff --git a/debian/changelog b/debian/changelog
> index bce721bc5..4694f269a 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -2,7 +2,7 @@ OVN (23.03.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version
>  
> - -- OVN team   Fri, 15 Sep 2023 14:00:22 -0400
> + -- OVN team   Tue, 12 Mar 2024 08:35:50 -0400
>  
>  OVN (23.03.2-1) unstable; urgency=low
> [ OVN team ]

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.06 2/2] Prepare for 23.06.4.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 3 +++
>  configure.ac | 2 +-
>  debian/changelog | 6 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/NEWS b/NEWS
> index 9c73ad4ec..a87cfd7ec 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,6 @@
> +OVN v23.06.4 - xx xxx 
> +--
> +
>  OVN v23.06.3 - 12 Mar 2024
>  --
>- Bug fixes
> diff --git a/configure.ac b/configure.ac
> index 2be07cdbd..4dbcf5701 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,7 +13,7 @@
>  # limitations under the License.
>  
>  AC_PREREQ(2.63)
> -AC_INIT(ovn, 23.06.3, b...@openvswitch.org)
> +AC_INIT(ovn, 23.06.4, b...@openvswitch.org)
>  AC_CONFIG_MACRO_DIR([m4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AC_CONFIG_HEADERS([config.h])
> diff --git a/debian/changelog b/debian/changelog
> index 58c8e490a..8cc24162d 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +OVN (23.06.4-1) unstable; urgency=low
> +   [ OVN team ]
> +   * New upstream version
> +
> + -- OVN team   Tue, 12 Mar 2024 08:35:42 -0400
> +
>  OVN (23.06.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.06 1/2] Set release date for 23.06.3.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 4 +++-
>  debian/changelog | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index 12c5e9efd..9c73ad4ec 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,7 +1,9 @@
> -OVN v23.06.3 - xx xxx 
> +OVN v23.06.3 - 12 Mar 2024
>  --
> +  - Bug fixes
>- Add "garp-max-timeout-sec" config option to vswitchd external-ids to
>  cap the time between when ovn-controller sends gARP packets.
> +  - Security: Fixed vulnerability CVE-2024-2182.
>  
>  OVN v23.06.2 - 15 Sep 2023
>  --
> diff --git a/debian/changelog b/debian/changelog
> index 8acd377db..58c8e490a 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -2,7 +2,7 @@ OVN (23.06.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version
>  
> - -- OVN team   Fri, 15 Sep 2023 14:00:25 -0400
> + -- OVN team   Tue, 12 Mar 2024 08:35:42 -0400
>  
>  OVN (23.06.2-1) unstable; urgency=low
> [ OVN team ]

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.09 2/2] Prepare for 23.09.4.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 3 +++
>  configure.ac | 2 +-
>  debian/changelog | 6 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/NEWS b/NEWS
> index 31c069aea..97e1c41d5 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,6 @@
> +OVN v23.09.4 - xx xxx 
> +--
> +
>  OVN v23.09.3 - 12 Mar 2024
>  --
>- Bug fixes
> diff --git a/configure.ac b/configure.ac
> index 090a29a15..c71ade236 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,7 +13,7 @@
>  # limitations under the License.
>  
>  AC_PREREQ(2.63)
> -AC_INIT(ovn, 23.09.3, b...@openvswitch.org)
> +AC_INIT(ovn, 23.09.4, b...@openvswitch.org)
>  AC_CONFIG_MACRO_DIR([m4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AC_CONFIG_HEADERS([config.h])
> diff --git a/debian/changelog b/debian/changelog
> index bbce8a3cb..4f2fabdd7 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +OVN (23.09.4-1) unstable; urgency=low
> +   [ OVN team ]
> +   * New upstream version
> +
> + -- OVN team   Tue, 12 Mar 2024 08:35:34 -0400
> +
>  OVN (23.09.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-23.09 1/2] Set release date for 23.09.3.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 4 +++-
>  debian/changelog | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index 58b1c9066..31c069aea 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,5 +1,7 @@
> -OVN v23.09.3 - xx xxx 
> +OVN v23.09.3 - 12 Mar 2024
>  --
> +  - Bug fixes
> +  - Security: Fixed vulnerability CVE-2024-2182.
>  
>  OVN v23.09.2 - 01 Mar 2024
>  --
> diff --git a/debian/changelog b/debian/changelog
> index d61c4a6ef..bbce8a3cb 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -2,7 +2,7 @@ OVN (23.09.3-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version
>  
> - -- OVN team   Fri, 01 Mar 2024 14:06:41 -0500
> + -- OVN team   Tue, 12 Mar 2024 08:35:34 -0400
>  
>  OVN (23.09.2-1) unstable; urgency=low
> [ OVN team ]

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-24.03 2/2] Prepare for 24.03.2.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 3 +++
>  configure.ac | 2 +-
>  debian/changelog | 6 ++
>  3 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/NEWS b/NEWS
> index e91cbe43f..ca3562425 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,6 @@
> +OVN v24.03.2 - xx xxx 
> +--
> +
>  OVN v24.03.1 - 12 Mar 2024
>  --
>- Bug fixes
> diff --git a/configure.ac b/configure.ac
> index 5f15422f2..962422bd2 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -13,7 +13,7 @@
>  # limitations under the License.
>  
>  AC_PREREQ(2.63)
> -AC_INIT(ovn, 24.03.1, b...@openvswitch.org)
> +AC_INIT(ovn, 24.03.2, b...@openvswitch.org)
>  AC_CONFIG_MACRO_DIR([m4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AC_CONFIG_HEADERS([config.h])
> diff --git a/debian/changelog b/debian/changelog
> index 2f20941be..acf278a15 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +OVN (24.03.2-1) unstable; urgency=low
> +   [ OVN team ]
> +   * New upstream version
> +
> + -- OVN team   Tue, 12 Mar 2024 08:34:38 -0400
> +
>  OVN (24.03.1-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn branch-24.03 1/2] Set release date for 24.03.1.

2024-03-12 Thread Dumitru Ceara

On 3/12/24 13:36, Mark Michelson wrote:
> Signed-off-by: Mark Michelson 
> ---

Acked-by: Dumitru Ceara 

>  NEWS | 4 +++-
>  debian/changelog | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index c66a2bc50..e91cbe43f 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,5 +1,7 @@
> -OVN v24.03.1 - xx xxx 
> +OVN v24.03.1 - 12 Mar 2024
>  --
> +  - Bug fixes
> +  - Security: Fixed vulnerability CVE-2024-2182.
>  
>  OVN v24.03.0 - 01 Mar 2024
>  --
> diff --git a/debian/changelog b/debian/changelog
> index a54703d57..2f20941be 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -2,7 +2,7 @@ OVN (24.03.1-1) unstable; urgency=low
> [ OVN team ]
> * New upstream version
>  
> - -- OVN team   Fri, 01 Mar 2024 14:06:45 -0500
> + -- OVN team   Tue, 12 Mar 2024 08:34:38 -0400
>  
>  ovn (24.03.0-1) unstable; urgency=low
>  

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.09 2/2] Prepare for 23.09.4.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 3 +++
 configure.ac | 2 +-
 debian/changelog | 6 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 31c069aea..97e1c41d5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+OVN v23.09.4 - xx xxx 
+--
+
 OVN v23.09.3 - 12 Mar 2024
 --
   - Bug fixes
diff --git a/configure.ac b/configure.ac
index 090a29a15..c71ade236 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.63)
-AC_INIT(ovn, 23.09.3, b...@openvswitch.org)
+AC_INIT(ovn, 23.09.4, b...@openvswitch.org)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
diff --git a/debian/changelog b/debian/changelog
index bbce8a3cb..4f2fabdd7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+OVN (23.09.4-1) unstable; urgency=low
+   [ OVN team ]
+   * New upstream version
+
+ -- OVN team   Tue, 12 Mar 2024 08:35:34 -0400
+
 OVN (23.09.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-22.03 1/2] Set release date for 22.03.7.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 4 +++-
 debian/changelog | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 6087f91d8..a28249bff 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
-OVN v22.03.7 - xx xxx 
+OVN v22.03.7 - 12 Mar 2024
 --
+  - Bug fixes
+  - Security: Fixed vulnerability CVE-2024-2182.
 
 OVN v22.03.6 - 01 Mar 2024
 --
diff --git a/debian/changelog b/debian/changelog
index 0aa5ce0ed..e8d6d2478 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ OVN (22.03.7-1) unstable; urgency=low
[ OVN team ]
* New upstream version
 
- -- OVN team   Fri, 01 Mar 2024 14:06:36 -0500
+ -- OVN team   Tue, 12 Mar 2024 08:36:00 -0400
 
 OVN (22.03.6-1) unstable; urgency=low
[ OVN team ]
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-22.03 0/2] Release patches for v22.03.7.

2024-03-12 Thread Mark Michelson



Mark Michelson (2):
  Set release date for 22.03.7.
  Prepare for 22.03.8.

 NEWS | 7 ++-
 configure.ac | 2 +-
 debian/changelog | 8 +++-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-22.03 2/2] Prepare for 22.03.8.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 3 +++
 configure.ac | 2 +-
 debian/changelog | 6 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index a28249bff..8d92161bb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+OVN v22.03.8 - xx xxx 
+--
+
 OVN v22.03.7 - 12 Mar 2024
 --
   - Bug fixes
diff --git a/configure.ac b/configure.ac
index e11553351..3b92cc52a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.63)
-AC_INIT(ovn, 22.03.7, b...@openvswitch.org)
+AC_INIT(ovn, 22.03.8, b...@openvswitch.org)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
diff --git a/debian/changelog b/debian/changelog
index e8d6d2478..e7362e15e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+OVN (22.03.8-1) unstable; urgency=low
+   [ OVN team ]
+   * New upstream version
+
+ -- OVN team   Tue, 12 Mar 2024 08:36:00 -0400
+
 OVN (22.03.7-1) unstable; urgency=low
[ OVN team ]
* New upstream version
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.03 2/2] Prepare for 23.03.4.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 3 +++
 configure.ac | 2 +-
 debian/changelog | 6 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index b36fa42a4..9f93953db 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+OVN v23.03.4 - xx xxx 
+--
+
 OVN v23.03.3 - 12 Mar 2024
 --
   - Bug fixes
diff --git a/configure.ac b/configure.ac
index 4dd414b58..bdd7b74a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.63)
-AC_INIT(ovn, 23.03.3, b...@openvswitch.org)
+AC_INIT(ovn, 23.03.4, b...@openvswitch.org)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
diff --git a/debian/changelog b/debian/changelog
index 4694f269a..946c3739b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+OVN (23.03.4-1) unstable; urgency=low
+   [ OVN team ]
+   * New upstream version
+
+ -- OVN team   Tue, 12 Mar 2024 08:35:50 -0400
+
 OVN (23.03.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.06 1/2] Set release date for 23.06.3.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 4 +++-
 debian/changelog | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 12c5e9efd..9c73ad4ec 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,9 @@
-OVN v23.06.3 - xx xxx 
+OVN v23.06.3 - 12 Mar 2024
 --
+  - Bug fixes
   - Add "garp-max-timeout-sec" config option to vswitchd external-ids to
 cap the time between when ovn-controller sends gARP packets.
+  - Security: Fixed vulnerability CVE-2024-2182.
 
 OVN v23.06.2 - 15 Sep 2023
 --
diff --git a/debian/changelog b/debian/changelog
index 8acd377db..58c8e490a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ OVN (23.06.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
 
- -- OVN team   Fri, 15 Sep 2023 14:00:25 -0400
+ -- OVN team   Tue, 12 Mar 2024 08:35:42 -0400
 
 OVN (23.06.2-1) unstable; urgency=low
[ OVN team ]
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.03 1/2] Set release date for 23.03.3.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 4 +++-
 debian/changelog | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 6caaeead1..b36fa42a4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,9 @@
-OVN v23.03.3 - xx xxx 
+OVN v23.03.3 - 12 Mar 2024
 --
+  - Bug fixes
   - Add "garp-max-timeout-sec" config option to vswitchd external-ids to
 cap the time between when ovn-controller sends gARP packets.
+  - Security: Fixed vulnerability CVE-2024-2182.
 
 OVN v23.03.2 - 15 Sep 2023
 --
diff --git a/debian/changelog b/debian/changelog
index bce721bc5..4694f269a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ OVN (23.03.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
 
- -- OVN team   Fri, 15 Sep 2023 14:00:22 -0400
+ -- OVN team   Tue, 12 Mar 2024 08:35:50 -0400
 
 OVN (23.03.2-1) unstable; urgency=low
[ OVN team ]
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.06 2/2] Prepare for 23.06.4.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 3 +++
 configure.ac | 2 +-
 debian/changelog | 6 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 9c73ad4ec..a87cfd7ec 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+OVN v23.06.4 - xx xxx 
+--
+
 OVN v23.06.3 - 12 Mar 2024
 --
   - Bug fixes
diff --git a/configure.ac b/configure.ac
index 2be07cdbd..4dbcf5701 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.63)
-AC_INIT(ovn, 23.06.3, b...@openvswitch.org)
+AC_INIT(ovn, 23.06.4, b...@openvswitch.org)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
diff --git a/debian/changelog b/debian/changelog
index 58c8e490a..8cc24162d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+OVN (23.06.4-1) unstable; urgency=low
+   [ OVN team ]
+   * New upstream version
+
+ -- OVN team   Tue, 12 Mar 2024 08:35:42 -0400
+
 OVN (23.06.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.03 0/2] Release patches for v23.03.3.

2024-03-12 Thread Mark Michelson



Mark Michelson (2):
  Set release date for 23.03.3.
  Prepare for 23.03.4.

 NEWS | 7 ++-
 configure.ac | 2 +-
 debian/changelog | 8 +++-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.09 0/2] Release patches for v23.09.3.

2024-03-12 Thread Mark Michelson



Mark Michelson (2):
  Set release date for 23.09.3.
  Prepare for 23.09.4.

 NEWS | 7 ++-
 configure.ac | 2 +-
 debian/changelog | 8 +++-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.06 0/2] Release patches for v23.06.3.

2024-03-12 Thread Mark Michelson



Mark Michelson (2):
  Set release date for 23.06.3.
  Prepare for 23.06.4.

 NEWS | 7 ++-
 configure.ac | 2 +-
 debian/changelog | 8 +++-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-24.03 2/2] Prepare for 24.03.2.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 3 +++
 configure.ac | 2 +-
 debian/changelog | 6 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index e91cbe43f..ca3562425 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+OVN v24.03.2 - xx xxx 
+--
+
 OVN v24.03.1 - 12 Mar 2024
 --
   - Bug fixes
diff --git a/configure.ac b/configure.ac
index 5f15422f2..962422bd2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 AC_PREREQ(2.63)
-AC_INIT(ovn, 24.03.1, b...@openvswitch.org)
+AC_INIT(ovn, 24.03.2, b...@openvswitch.org)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
diff --git a/debian/changelog b/debian/changelog
index 2f20941be..acf278a15 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+OVN (24.03.2-1) unstable; urgency=low
+   [ OVN team ]
+   * New upstream version
+
+ -- OVN team   Tue, 12 Mar 2024 08:34:38 -0400
+
 OVN (24.03.1-1) unstable; urgency=low
[ OVN team ]
* New upstream version
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-23.09 1/2] Set release date for 23.09.3.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 4 +++-
 debian/changelog | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 58b1c9066..31c069aea 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
-OVN v23.09.3 - xx xxx 
+OVN v23.09.3 - 12 Mar 2024
 --
+  - Bug fixes
+  - Security: Fixed vulnerability CVE-2024-2182.
 
 OVN v23.09.2 - 01 Mar 2024
 --
diff --git a/debian/changelog b/debian/changelog
index d61c4a6ef..bbce8a3cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ OVN (23.09.3-1) unstable; urgency=low
[ OVN team ]
* New upstream version
 
- -- OVN team   Fri, 01 Mar 2024 14:06:41 -0500
+ -- OVN team   Tue, 12 Mar 2024 08:35:34 -0400
 
 OVN (23.09.2-1) unstable; urgency=low
[ OVN team ]
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-24.03 0/2] Release patches for v24.03.1.

2024-03-12 Thread Mark Michelson



Mark Michelson (2):
  Set release date for 24.03.1.
  Prepare for 24.03.2.

 NEWS | 7 ++-
 configure.ac | 2 +-
 debian/changelog | 8 +++-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn branch-24.03 1/2] Set release date for 24.03.1.

2024-03-12 Thread Mark Michelson

Signed-off-by: Mark Michelson 
---
 NEWS | 4 +++-
 debian/changelog | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index c66a2bc50..e91cbe43f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
-OVN v24.03.1 - xx xxx 
+OVN v24.03.1 - 12 Mar 2024
 --
+  - Bug fixes
+  - Security: Fixed vulnerability CVE-2024-2182.
 
 OVN v24.03.0 - 01 Mar 2024
 --
diff --git a/debian/changelog b/debian/changelog
index a54703d57..2f20941be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ OVN (24.03.1-1) unstable; urgency=low
[ OVN team ]
* New upstream version
 
- -- OVN team   Fri, 01 Mar 2024 14:06:45 -0500
+ -- OVN team   Tue, 12 Mar 2024 08:34:38 -0400
 
 ovn (24.03.0-1) unstable; urgency=low
 
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Eelco Chaudron




On 12 Mar 2024, at 12:47, Ilya Maximets wrote:

> Starting with image version 20240310.1.0, GitHub runners are using
> 32-bit entropy for ASLR:
>
>   $ sudo sysctl -a | grep vm.mmap.rnd
>   vm.mmap_rnd_bits = 32
>   vm.mmap_rnd_compat_bits = 16
>
> This breaks all the asan-enabled builds, because older asan gets
> confused by memory mappings and crashes with segmentation fault.
>
> The issue is fixed in newer releases of llvm:
>  
> https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>  https://reviews.llvm.org/D148280
>
> But these are not available in Ubuntu 22.04 image.
>
> This should be fixed by GitHub, but until new images are available
> reducing ASLR entropy manually to 28 bits to make builds work.
>
> Reported-at: https://github.com/actions/runner-images/issues/9491
> Signed-off-by: Ilya Maximets 

Thanks for finding the solution to this!

Acked-by: Eelco Chaudron 

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

2024-03-12 Thread Ilya Maximets

Starting with image version 20240310.1.0, GitHub runners are using
32-bit entropy for ASLR:

  $ sudo sysctl -a | grep vm.mmap.rnd
  vm.mmap_rnd_bits = 32
  vm.mmap_rnd_compat_bits = 16

This breaks all the asan-enabled builds, because older asan gets
confused by memory mappings and crashes with segmentation fault.

The issue is fixed in newer releases of llvm:
  
https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
  https://reviews.llvm.org/D148280

But these are not available in Ubuntu 22.04 image.

This should be fixed by GitHub, but until new images are available
reducing ASLR entropy manually to 28 bits to make builds work.

Reported-at: https://github.com/actions/runner-images/issues/9491
Signed-off-by: Ilya Maximets 
---
 .github/workflows/build-and-test.yml | 8 
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/build-and-test.yml 
b/.github/workflows/build-and-test.yml
index fc7558148..6f5139304 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -238,6 +238,14 @@ jobs:
   if:   matrix.m32 != ''
   run:  sudo apt install -y gcc-multilib
 
+- name: Reduce ASLR entropy
+  if:   matrix.sanitizers != ''
+  # Asan in llvm 14 provided in ubuntu-22.04 is incompatible with
+  # high-entropy ASLR configured in much newer kernels that GitHub
+  # runners are using leading to random crashes:
+  #   https://github.com/actions/runner-images/issues/9491
+  run: sudo sysctl -w vm.mmap_rnd_bits=28
+
 - name: prepare
   run:  ./.ci/linux-prepare.sh
 
-- 
2.43.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn 1/3] northd: Introduce ECMP_Nexthop table in SB db.

2024-03-12 Thread Lorenzo Bianconi

> Hi Lorenzo,

Hi Mark,

> 
> I have some comments below.

thx for the review.

> 
> On 3/7/24 08:19, Lorenzo Bianconi wrote:
> > Introduce ECMP_Nexthop table in the SB db in order to track active
> > ecmp-symmetric-reply connections and flush stale ones.
> > 
> > Signed-off-by: Lorenzo Bianconi 
> > ---
> >   northd/en-northd.c   |  4 ++
> >   northd/inc-proc-northd.c |  8 +++-
> >   northd/northd.c  | 98 
> >   northd/northd.h  |  3 ++
> >   ovn-sb.ovsschema | 15 +-
> >   ovn-sb.xml   | 19 
> >   tests/ovn-northd.at  |  4 ++
> >   7 files changed, 147 insertions(+), 4 deletions(-)
> > 
> > diff --git a/northd/en-northd.c b/northd/en-northd.c
> > index 4479b4aff..8d2ab481f 100644
> > --- a/northd/en-northd.c
> > +++ b/northd/en-northd.c
> > @@ -76,6 +76,8 @@ northd_get_input_data(struct engine_node *node,
> >   EN_OVSDB_GET(engine_get_input("NB_chassis_template_var", node));
> >   input_data->nbrec_mirror_table =
> >   EN_OVSDB_GET(engine_get_input("NB_mirror", node));
> > +input_data->nbrec_static_route_table =
> > +EN_OVSDB_GET(engine_get_input("NB_logical_router_static_route", 
> > node));
> >   input_data->sbrec_datapath_binding_table =
> >   EN_OVSDB_GET(engine_get_input("SB_datapath_binding", node));
> > @@ -101,6 +103,8 @@ northd_get_input_data(struct engine_node *node,
> >   EN_OVSDB_GET(engine_get_input("SB_chassis_template_var", node));
> >   input_data->sbrec_mirror_table =
> >   EN_OVSDB_GET(engine_get_input("SB_mirror", node));
> > +input_data->sbrec_ecmp_nexthop_table =
> > +EN_OVSDB_GET(engine_get_input("SB_ecmp_nexthop", node));
> >   struct ed_type_lb_data *lb_data =
> >   engine_get_input_data("lb_data", node);
> > diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
> > index e1073812c..1c58da0bf 100644
> > --- a/northd/inc-proc-northd.c
> > +++ b/northd/inc-proc-northd.c
> > @@ -61,7 +61,8 @@ static unixctl_cb_func chassis_features_list;
> >   NB_NODE(meter, "meter") \
> >   NB_NODE(bfd, "bfd") \
> >   NB_NODE(static_mac_binding, "static_mac_binding") \
> > -NB_NODE(chassis_template_var, "chassis_template_var")
> > +NB_NODE(chassis_template_var, "chassis_template_var") \
> > +NB_NODE(logical_router_static_route, "logical_router_static_route")
> >   enum nb_engine_node {
> >   #define NB_NODE(NAME, NAME_STR) NB_##NAME,
> > @@ -101,7 +102,8 @@ static unixctl_cb_func chassis_features_list;
> >   SB_NODE(fdb, "fdb") \
> >   SB_NODE(static_mac_binding, "static_mac_binding") \
> >   SB_NODE(chassis_template_var, "chassis_template_var") \
> > -SB_NODE(logical_dp_group, "logical_dp_group")
> > +SB_NODE(logical_dp_group, "logical_dp_group") \
> > +SB_NODE(ecmp_nexthop, "ecmp_nexthop")
> >   enum sb_engine_node {
> >   #define SB_NODE(NAME, NAME_STR) SB_##NAME,
> > @@ -180,6 +182,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
> >   engine_add_input(_northd, _nb_mirror, NULL);
> >   engine_add_input(_northd, _nb_static_mac_binding, NULL);
> >   engine_add_input(_northd, _nb_chassis_template_var, NULL);
> > +engine_add_input(_northd, _nb_logical_router_static_route, NULL);
> >   engine_add_input(_northd, _sb_chassis, NULL);
> >   engine_add_input(_northd, _sb_mirror, NULL);
> > @@ -192,6 +195,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
> >   engine_add_input(_northd, _sb_fdb, NULL);
> >   engine_add_input(_northd, _sb_static_mac_binding, NULL);
> >   engine_add_input(_northd, _sb_chassis_template_var, NULL);
> > +engine_add_input(_northd, _sb_ecmp_nexthop, NULL);
> >   engine_add_input(_northd, _global_config,
> >northd_global_config_handler);
> > diff --git a/northd/northd.c b/northd/northd.c
> > index 4b39137e7..3770f9f94 100644
> > --- a/northd/northd.c
> > +++ b/northd/northd.c
> > @@ -16654,6 +16654,101 @@ sync_mirrors(struct ovsdb_idl_txn *ovnsb_txn,
> >   shash_destroy(_mirrors);
> >   }
> > +struct sb_ecmp_nexthop_entry {
> > +struct hmap_node hmap_node;
> > +const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop;
> > +};
> > +
> > +static struct sb_ecmp_nexthop_entry *
> > +sb_ecmp_nexthop_lookup(const struct hmap *map, const char *nexthop)
> > +{
> > +uint32_t hash = hash_string(nexthop, 0);
> > +struct sb_ecmp_nexthop_entry *enh_e;
> > +
> > +HMAP_FOR_EACH_WITH_HASH (enh_e, hmap_node, hash, map) {
> > +if (!strcmp(enh_e->sb_ecmp_nexthop->nexthop, nexthop)) {
> > +return enh_e;
> > +}
> > +}
> > +return NULL;
> > +}
> > +
> > +#define NEXTHOP_IDS_LEN65535
> > +static void
> > +sync_ecmp_symmetric_reply_nexthop(struct ovsdb_idl_txn *ovnsb_txn,
> > +const struct nbrec_logical_router_static_route_table 
> > *nbrec_sr_table,
> > +const struct sbrec_ecmp_nexthop_table

[ovs-dev] [PATCH ovn v2 1/2] tests: Move ovn interconnection tests to ovn-ic.at.

2024-03-12 Thread Mohammad Heib

Move ovn-ic tests that exist in ovn.at to ovn-ic.at.

Signed-off-by: Mohammad Heib 
---
 tests/ovn-ic.at | 687 
 tests/ovn.at| 686 ---
 2 files changed, 687 insertions(+), 686 deletions(-)

diff --git a/tests/ovn-ic.at b/tests/ovn-ic.at
index 44dbf8ab1..12267e960 100644
--- a/tests/ovn-ic.at
+++ b/tests/ovn-ic.at
@@ -1442,3 +1442,690 @@ OVN_CLEANUP_IC([az1], [az2])
 
 AT_CLEANUP
 ])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([interconnection])
+AT_KEYWORDS([slowtest])
+
+ovn_init_ic_db
+# The number needs to stay relatively low due to high memory consumption
+# with address sanitizers enabled.
+n_az=3
+n_ts=3
+for i in `seq 1 $n_az`; do
+ovn_start az$i
+done
+
+net_add n1
+
+# 1 HV and 1 GW per AZ
+for az in `seq 1 $n_az`; do
+sim_add hv$az
+as hv$az
+check ovs-vsctl add-br br-phys
+ovn_az_attach az$az n1 br-phys 192.168.$az.1 16
+for p in `seq 1 $n_ts`; do
+check ovs-vsctl -- add-port br-int vif$p -- \
+set interface vif$p external-ids:iface-id=lsp$az-$p \
+options:tx_pcap=hv$az/vif$p-tx.pcap \
+options:rxq_pcap=hv$az/vif$p-rx.pcap \
+ofport-request=$p
+done
+
+sim_add gw$az
+as gw$az
+check ovs-vsctl add-br br-phys
+ovn_az_attach az$az n1 br-phys 192.168.$az.2 16
+check ovs-vsctl set open . external-ids:ovn-is-interconn=true
+done
+
+for ts in `seq 1 $n_ts`; do
+AT_CHECK([ovn-ic-nbctl create Transit_Switch name=ts$ts], [0], [ignore])
+for az in `seq 1 $n_az`; do
+echo "az$az: wait for ts$ts..."
+check ovn_as az$az ovn-nbctl wait-until logical_switch ts$ts
+done
+done
+
+for az in `seq 1 $n_az`; do
+ovn_as az$az
+check ovn-nbctl set nb_global . options:ic-route-learn=true
+check ovn-nbctl set nb_global . options:ic-route-adv=true
+
+# Each AZ has n_ts LSPi->LSi->LRi connecting to each TSi
+echo
+echo "az$az"
+for i in `seq 1 $n_ts`; do
+lsp_mac=00:00:00:0$az:0$i:00
+lrp_ls_mac=00:00:00:0$az:0$i:01
+lrp_ts_mac=00:00:00:0$az:0$i:02
+lsp_ip=10.$az.$i.123
+lrp_ls_ip=10.$az.$i.1
+lrp_ts_ip=169.254.$i.$az
+
+check ovn-nbctl ls-add ls$az-$i
+check ovn-nbctl lsp-add ls$az-$i lsp$az-$i
+check ovn-nbctl lsp-set-addresses lsp$az-$i "$lsp_mac $lsp_ip"
+
+check ovn-nbctl lr-add lr$az-$i
+
+check ovn-nbctl lrp-add lr$az-$i lrp-lr$az-$i-ls$az-$i $lrp_ls_mac 
$lrp_ls_ip/24
+check ovn-nbctl lsp-add ls$az-$i lsp-ls$az-$i-lr$az-$i
+check ovn-nbctl lsp-set-addresses lsp-ls$az-$i-lr$az-$i router
+check ovn-nbctl lsp-set-type lsp-ls$az-$i-lr$az-$i router
+check ovn-nbctl lsp-set-options lsp-ls$az-$i-lr$az-$i 
router-port=lrp-lr$az-$i-ls$az-$i
+
+check ovn-nbctl lrp-add lr$az-$i lrp-lr$az-$i-ts$i $lrp_ts_mac 
$lrp_ts_ip/24
+check ovn-nbctl lsp-add ts$i lsp-ts$i-lr$az-$i
+check ovn-nbctl lsp-set-addresses lsp-ts$i-lr$az-$i router
+check ovn-nbctl lsp-set-type lsp-ts$i-lr$az-$i router
+check ovn-nbctl lsp-set-options lsp-ts$i-lr$az-$i 
router-port=lrp-lr$az-$i-ts$i
+check ovn-nbctl lrp-set-gateway-chassis lrp-lr$az-$i-ts$i gw$az
+done
+check ovn-nbctl --wait=hv sync
+ovn-sbctl list Port_Binding > az$az.ports
+wait_for_ports_up
+done
+
+# Pre-populate the hypervisors' ARP tables so that we don't lose any
+# packets for ARP resolution (native tunneling doesn't queue packets
+# for ARP resolution).
+OVN_POPULATE_ARP
+
+for i in `seq 1 $n_az`; do
+check ovn_as az$i ovn-nbctl --wait=hv sync
+ovn_as az$i ovn-sbctl dump-flows > az$i/sbflows
+done
+
+# Allow some time for ovn-northd and ovn-controller to catch up.
+# XXX This should be more systematic.
+sleep 2
+
+# Populate requested-chassis options for remote lsps
+for az in $(seq 1 $n_az); do
+ovn_as az${az}
+for ts in $(seq 1 $n_ts); do
+for i in $(seq 1 $n_ts); do
+if [[ $i -eq ${az} ]]; then
+continue
+fi
+check ovn-nbctl lsp-set-options lsp-ts${ts}-lr${i}-${ts} 
requested-chassis=gw$i
+done
+done
+done
+
+ovn-ic-nbctl show > ic-nbctl.dump
+AT_CAPTURE_FILE([ic-nbctl.dump])
+
+(echo "-ISB dump-"
+ ovn-ic-sbctl show
+ echo "-"
+ ovn-ic-sbctl list gateway
+ echo "-"
+ ovn-ic-sbctl list datapath_binding
+ echo "-"
+ ovn-ic-sbctl list port_binding
+ echo "-"
+ ovn-ic-sbctl list route
+ echo "-") > ic-sbctl.dump
+AT_CAPTURE_FILE([ic-sbctl.dump])
+
+AT_CAPTURE_FILE([expected])
+AT_CAPTURE_FILE([received])
+check_packets() {
+> expected
+> received
+for az in `seq 1 $n_az`; do
+for i in `seq 1 $n_ts`; do
+pcap=hv$az/vif$i-tx.pcap
+echo "--- $pcap" | tee -a expected >> received
+if test -e $az-$i.expected; then
+

[ovs-dev] [PATCH ovn v2 2/2] tests: Use sync command in ovn-ic tests.

2024-03-12 Thread Mohammad Heib

Use the sync commands in the ovn-ic unit tests
and remove lines that wait for IC-SB to sync with IC-NB.

Signed-off-by: Mohammad Heib 
---
 tests/ovn-ic.at | 178 
 1 file changed, 72 insertions(+), 106 deletions(-)

diff --git a/tests/ovn-ic.at b/tests/ovn-ic.at
index 12267e960..4a24e171b 100644
--- a/tests/ovn-ic.at
+++ b/tests/ovn-ic.at
@@ -6,7 +6,7 @@ ovn_init_ic_db
 ovn_start az1
 ovn_start az2
 
-wait_row_count ic-sb:Availability_Zone 2
+check ovn-ic-nbctl --wait=sb sync
 AT_CHECK([ovn-ic-sbctl show], [0], [dnl
 availability-zone az1
 availability-zone az2
@@ -31,7 +31,6 @@ OVN_CLEANUP_IC([az1], [az2])
 AT_CLEANUP
 ])
 
-
 OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-ic -- AZ update in GW])
 ovn_init_ic_db
@@ -47,10 +46,12 @@ check ovs-vsctl set open . 
external-ids:ovn-is-interconn=true
 
 az_uuid=$(fetch_column ic-sb:availability-zone _uuid name="az1")
 ovn_as az1 ovn-nbctl set NB_Global . name="az2"
-wait_column "$az_uuid" ic-sb:availability-zone _uuid name="az2"
+
+check ovn-ic-nbctl --wait=sb sync
+check_column "$az_uuid" ic-sb:availability-zone _uuid name="az2"
 
 # make sure that gateway still point to the same AZ with new name
-wait_column "$az_uuid" ic-sb:gateway availability_zone name="gw-az1"
+check_column "$az_uuid" ic-sb:gateway availability_zone name="gw-az1"
 
 OVN_CLEANUP_IC([az1])
 AT_CLEANUP
@@ -66,11 +67,11 @@ ovn_start az1
 ovn-sbctl chassis-add fakechassis vxlan 192.168.0.2
 
 AT_CHECK([ovn-ic-nbctl ts-add ts1])
-AT_CHECK([ovn-ic-nbctl ts-add ts2])
+AT_CHECK([ovn-ic-nbctl --wait=sb ts-add ts2])
 
 # Check ISB
-wait_row_count ic-sb:Datapath_Binding 1 transit_switch=ts1
-wait_row_count ic-sb:Datapath_Binding 1 transit_switch=ts2
+check_row_count ic-sb:Datapath_Binding 1 transit_switch=ts1
+check_row_count ic-sb:Datapath_Binding 1 transit_switch=ts2
 check_column "ts1 ts2" ic-sb:Datapath_Binding transit_switch
 check_column "ts1 ts2" nb:Logical_Switch name
 
@@ -81,8 +82,8 @@ ts1_key=$(fetch_column ic-sb:Datapath_Binding tunnel_key 
transit_switch=ts1)
 check_column "$ts1_key" Datapath_Binding tunnel_key 
external_ids:interconn-ts=ts1
 
 # Test delete
-AT_CHECK([ovn-ic-nbctl ts-del ts1])
-wait_row_count ic-sb:Datapath_Binding 0 transit_switch=ts1
+AT_CHECK([ovn-ic-nbctl --wait=sb ts-del ts1])
+check_row_count ic-sb:Datapath_Binding 0 transit_switch=ts1
 check_column ts2 ic-sb:Datapath_Binding transit_switch
 check_column ts2 nb:Logical_Switch name
 
@@ -111,12 +112,11 @@ done
 ovn_as az1
 
 # create transit switch and connect to LR
-check ovn-ic-nbctl ts-add ts1
+check ovn-ic-nbctl --wait=sb ts-add ts1
 check ovn-nbctl lr-add lr1
 check ovn-nbctl lrp-add lr1 lrp1 00:00:00:00:00:01 10.0.0.1/24
 check ovn-nbctl lrp-set-gateway-chassis lrp1 gw-az1
 
-OVS_WAIT_UNTIL([ovn-nbctl show | grep switch | grep ts1])
 check ovn-nbctl lsp-add ts1 lsp1 -- \
 lsp-set-addresses lsp1 router -- \
 lsp-set-type lsp1 router -- \
@@ -124,8 +124,8 @@ check ovn-nbctl lsp-add ts1 lsp1 -- \
 
 wait_row_count Datapath_Binding 1 external_ids:interconn-ts=ts1
 
-# check port binding appeared
-OVS_WAIT_UNTIL([ovn-ic-sbctl show | grep lsp1])
+# Sync ic-sb DB to see the TS changes.
+check ovn-ic-nbctl --wait=sb sync
 
 AT_CHECK([ovn-ic-sbctl show | grep -A2 lsp1], [0], [dnl
 port lsp1
@@ -134,8 +134,8 @@ AT_CHECK([ovn-ic-sbctl show | grep -A2 lsp1], [0], [dnl
 ])
 
 # remove transit switch and check if port_binding is deleted
-check ovn-ic-nbctl ts-del ts1
-wait_row_count ic-sb:Port_Binding 0 logical_port=lsp1
+check ovn-ic-nbctl --wait=sb ts-del ts1
+check_row_count ic-sb:Port_Binding 0 logical_port=lsp1
 for i in 1 2; do
 az=az$i
 ovn_as $az
@@ -180,8 +180,7 @@ create_ic_infra() {
 
 ovn_as $az
 
-check ovn-ic-nbctl ts-add $ts
-OVS_WAIT_UNTIL([ovn-nbctl show | grep switch | grep $ts])
+check ovn-ic-nbctl --wait=sb ts-add $ts
 check ovn-nbctl lr-add $lr
 check ovn-nbctl lrp-add $lr $lrp 00:00:00:00:00:0$az_id 10.0.$az_id.1/24
 check ovn-nbctl lrp-set-gateway-chassis $lrp gw-$az
@@ -197,18 +196,18 @@ create_ic_infra() {
 create_ic_infra 1 1
 create_ic_infra 1 2
 create_ic_infra 2 1
+check ovn-ic-nbctl --wait=sb sync
 
 ovn_as az1
 
-wait_row_count ic-sb:Route 3 ip_prefix=192.168.0.0/16
+check_row_count ic-sb:Route 3 ip_prefix=192.168.0.0/16
 
 # remove transit switch 1 (from az1) and check if its route is deleted
 # same route from another AZ and ts should remain, as
-check ovn-ic-nbctl ts-del ts1-1
-sleep 2
+check ovn-ic-nbctl --wait=sb ts-del ts1-1
 ovn-ic-sbctl list route
 ovn-ic-nbctl list transit_switch
-wait_row_count ic-sb:route 2 ip_prefix=192.168.0.0/16
+checl_row_count ic-sb:route 2 ip_prefix=192.168.0.0/16
 ovn-ic-sbctl list route
 
 for i in 1 2; do
@@ -246,7 +245,7 @@ done
 ovn_as az1
 
 # create transit switch and connect to LR
-check ovn-ic-nbctl ts-add ts1
+check ovn-ic-nbctl --wait=sb ts-add ts1
 for i in 1 2; do
 ovn_as az$i
 
@@ -254,7 +253,6 @@ for i in 1 2; do
 check ovn-nbctl lrp-add lr1 lrp$i

[ovs-dev] [PATCH] conntrack: Do not use icmp reverse helper for icmpv6.

2024-03-12 Thread Paolo Valerio

In the flush tuple code path, while populating the conn_key,
reverse_icmp_type() gets called for both icmp and icmpv6 cases,
while, depending on the proto, its respective helper should be
called, instead.

The above leads to an abort:

[...]
0x7f3d461888ff in __GI_abort () at abort.c:79
0x0064eeb7 in reverse_icmp_type (type=128 '\200') at 
lib/conntrack.c:1795
0x00650a63 in tuple_to_conn_key (tuple=0x7ffe0db5c620, zone=0, 
key=0x7ffe0db5c520)
at lib/conntrack.c:2590
0x006510f7 in conntrack_flush_tuple (ct=0x25715a0, 
tuple=0x7ffe0db5c620, zone=0) at lib/conntrack.c:2787
0x004b5988 in dpif_netdev_ct_flush (dpif=0x25e4640, 
zone=0x7ffe0db5c6a4, tuple=0x7ffe0db5c620)
at lib/dpif-netdev.c:9618
0x0049938a in ct_dpif_flush_tuple (dpif=0x25e4640, zone=0x0, 
match=0x7ffe0db5c7e0) at lib/ct-dpif.c:331
0x0049942a in ct_dpif_flush (dpif=0x25e4640, zone=0x0, 
match=0x7ffe0db5c7e0) at lib/ct-dpif.c:361
0x00657b9a in dpctl_flush_conntrack (argc=2, argv=0x254ceb0, 
dpctl_p=0x7ffe0db5c8a0) at lib/dpctl.c:1797
0x0065af36 in dpctl_unixctl_handler (conn=0x25c48d0, argc=2, 
argv=0x254ceb0,
[...]

Fix it by calling reverse_icmp6_type() when needed.
Furthermore, self tests have been modified in order to exercise and
check this behavior.

Fixes: 271e48a0e244 ("conntrack: Support conntrack flush by ct 5-tuple")
Reported-at: https://issues.redhat.com/browse/FDP-447
Signed-off-by: Paolo Valerio 
---
 lib/conntrack.c |  4 +++-
 tests/system-traffic.at | 10 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 5786424f6..a62f27d24 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2586,7 +2586,9 @@ tuple_to_conn_key(const struct ct_dpif_tuple *tuple, 
uint16_t zone,
 key->src.icmp_type = tuple->icmp_type;
 key->src.icmp_code = tuple->icmp_code;
 key->dst.icmp_id = tuple->icmp_id;
-key->dst.icmp_type = reverse_icmp_type(tuple->icmp_type);
+key->dst.icmp_type = (tuple->ip_proto == IPPROTO_ICMP) ?
+reverse_icmp_type(tuple->icmp_type) :
+reverse_icmp6_type(tuple->icmp_type);
 key->dst.icmp_code = tuple->icmp_code;
 } else {
 key->src.port = tuple->src_port;
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 2d12d558e..87de0692a 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -3103,7 +3103,10 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | 
FORMAT_CT(10.1.1.2)], [0], [dnl
 
icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0)
 ])
 
-AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+AT_CHECK([ovs-appctl dpctl/flush-conntrack 
'ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2'])
+
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+])
 
 dnl Pings from ns1->ns0 should fail.
 NS_CHECK_EXEC([at_ns1], [ping -q -c 3 -i 0.3 -w 2 10.1.1.1 | FORMAT_PING], 
[0], [dnl
@@ -3244,6 +3247,11 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | 
FORMAT_CT(fc00::2)], [0], [dnl
 
icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0)
 ])
 
+AT_CHECK([ovs-appctl dpctl/flush-conntrack 
'ct_ipv6_src=fc00::1,ct_ipv6_dst=fc00::2'])
+
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+])
+
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v3 1/2] tests: Add helper for tcpdump.

2024-03-12 Thread Ales Musil

The way how tcpdump was called in tests was inconsistent,
a lot fo the tests didn't even wait for the tcpdump to properly
start, some of them didn't redirect the stderr which could cause
leak into the test stderr and fail the test.

To prevent that add macro that starts tcpdump and properly
waits for the "listening" state, at the same time redirects
the stderr into separate file.

Signed-off-by: Ales Musil 
---
v2: Rebase on top of current main.
Address comment from Dumitru and rework the tcpdump in system tests.
v3: Rebase on top of current main.
---
 tests/system-common-macros.at |  25 ++-
 tests/system-ovn-kmod.at  |  24 +--
 tests/system-ovn.at   | 312 ++
 3 files changed, 151 insertions(+), 210 deletions(-)

diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at
index 177178067..021f5cb9a 100644
--- a/tests/system-common-macros.at
+++ b/tests/system-common-macros.at
@@ -271,6 +271,18 @@ m4_define([OVS_START_L7],
]
 )
 
+# NETNS_START_TCPDUMP([namespace], [params], [name])
+#
+# Helper to properly start tcpdump and wait for the startup.
+# The tcpdump output is available in .tcpdump file.
+m4_define([NETNS_START_TCPDUMP],
+[
+ NETNS_DAEMONIZE([$1], [tcpdump -l $2 >$3.tcpdump 2>$3.stderr], [$3.pid])
+ OVS_WAIT_UNTIL([grep -q "listening" $3.stderr])
+]
+)
+
+
 # OVS_CHECK_VXLAN()
 #
 # Do basic check for vxlan functionality, skip the test if it's not there.
@@ -438,8 +450,7 @@ chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd6.leases
 chmod 775 /var/lib/dhcp
 chmod 664 /var/lib/dhcp/dhcpd6.leases
 
-NS_CHECK_EXEC([server], [tcpdump -nni s1 > pkt.pcap &])
-
+NETNS_START_TCPDUMP([server], [-nni s1], [server])
 NETNS_DAEMONIZE([server], [dhcpd -6 -f s1 > dhcpd.log 2>&1], [dhcpd.pid])
 ovn-nbctl --wait=hv sync
 
@@ -462,22 +473,20 @@ ovn-nbctl list logical_router_port rp-public > 
/tmp/rp-public
 ovn-nbctl set logical_router_port rp-sw0 options:prefix=false
 ovn-nbctl set logical_router_port rp-sw1 options:prefix=false
 # Renew message
-NS_CHECK_EXEC([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x05 and 
ip6[[113:4]]=0x${prefix} > renew.pcap &])
+NETNS_START_TCPDUMP([server], [-c 1 -nni s1 ip6[[48:1]]=0x05 and 
ip6[[113:4]]=0x${prefix}], [renew])
 # Reply message with Status OK
-NS_CHECK_EXEC([server], [tcpdump -c 1 -nni s1 ip6[[48:1]]=0x07 and 
ip6[[81:4]]=0x${prefix} > reply.pcap &])
+NETNS_START_TCPDUMP([server], [-c 1 -nni s1 ip6[[48:1]]=0x07 and 
ip6[[81:4]]=0x${prefix}], [reply])
 
 OVS_WAIT_UNTIL([
-total_pkts=$(cat renew.pcap | wc -l)
+total_pkts=$(cat renew.tcpdump | wc -l)
 test "${total_pkts}" = "1"
 ])
 
 OVS_WAIT_UNTIL([
-total_pkts=$(cat reply.pcap | wc -l)
+total_pkts=$(cat reply.tcpdump | wc -l)
 test "${total_pkts}" = "1"
 ])
 
-kill $(pidof tcpdump)
-
 ovn-nbctl set logical_router_port rp-sw0 options:prefix=false
 ovn-nbctl clear logical_router_port rp-sw0 ipv6_prefix
 OVS_WAIT_WHILE([test "$(ovn-nbctl get logical_router_port rp-sw0 ipv6_prefix | 
cut -c3-16)" = "[2001:1db8:]"])
diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at
index 14fe4ecec..d8a27213c 100644
--- a/tests/system-ovn-kmod.at
+++ b/tests/system-ovn-kmod.at
@@ -668,19 +668,15 @@ test_fragmented_traffic() {
 NETNS_DAEMONIZE([server], [nc -l -u 172.16.1.2 4242 > /dev/null], 
[server.pid])
 
 # Collect ICMP packets on client side
-NETNS_DAEMONIZE([client], [tcpdump -l -U -i client -vnne \
-udp > client.pcap 2>client_err], [tcpdump0.pid])
-OVS_WAIT_UNTIL([grep "listening" client_err])
+NETNS_START_TCPDUMP([client], [-U -i client -vnne udp], [tcpdump-client])
 
 # Collect UDP packets on server side
-NETNS_DAEMONIZE([server], [tcpdump -l -U -i server -vnne \
-'udp and ip[[6:2]] > 0 and not ip[[6]] = 64' > server.pcap 2>server_err], 
[tcpdump1.pid])
-OVS_WAIT_UNTIL([grep "listening" server_err])
+NETNS_START_TCPDUMP([server], [-U -i server -vnne 'udp and ip[[6:2]] > 0 
and not ip[[6]] = 64'], [tcpdump-server])
 
 NS_CHECK_EXEC([client], [$PYTHON3 ./client.py])
-OVS_WAIT_UNTIL([test "$(cat server.pcap | wc -l)" = "4"])
+OVS_WAIT_UNTIL([test "$(cat tcpdump-server.tcpdump | wc -l)" = "4"])
 
-check kill $(cat tcpdump0.pid) $(cat tcpdump1.pid) $(cat server.pid)
+check kill $(cat tcpdump-client.pid) $(cat tcpdump-server.pid) $(cat 
server.pid)
 }
 
 AS_BOX([LB on router without port and protocol])
@@ -1006,14 +1002,10 @@ while True:
 NETNS_DAEMONIZE([server], [$PYTHON3 ./server.py > server.log], [server.pid])
 
 dnl Collect packets on server side.
-NETNS_DAEMONIZE([server], [tcpdump -l -U -i server -vnne \
-  'ip and (icmp or udp)' > server.tcpdump 2>server_err], 
[tcpdump0.pid])
-OVS_WAIT_UNTIL([grep "listening" server_err])
+NETNS_START_TCPDUMP([server], [-U -i server -vnne 'ip and (icmp or udp)'], 
[tcpdump-server])
 
 dnl Collect packets on client side.
-NETNS_DAEMONIZE([client], [tcpdump -l -U -i client -vnne \
-  'ip and

[ovs-dev] [PATCH ovn v3 2/2] tests: Address netcat 7.94 changes.

2024-03-12 Thread Ales Musil

Fedora received an update of netcat to version 7.94, this version
brings ability for UDP to accept multiple connections without closing
(-k/--keep-open) [0]. That had negative impact on the tests as the UDP
netcat server was closing sooner that expected.

Make sure that the server is alive when we expect it to and avoid
checking kill of server that might be already finished.

[0] https://github.com/nmap/nmap/issues/1223
Signed-off-by: Ales Musil 
---
 tests/system-ovn-kmod.at | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at
index d8a27213c..c100451ed 100644
--- a/tests/system-ovn-kmod.at
+++ b/tests/system-ovn-kmod.at
@@ -676,7 +676,7 @@ test_fragmented_traffic() {
 NS_CHECK_EXEC([client], [$PYTHON3 ./client.py])
 OVS_WAIT_UNTIL([test "$(cat tcpdump-server.tcpdump | wc -l)" = "4"])
 
-check kill $(cat tcpdump-client.pid) $(cat tcpdump-server.pid) $(cat 
server.pid)
+kill $(cat tcpdump-client.pid) $(cat tcpdump-server.pid) $(cat server.pid)
 }
 
 AS_BOX([LB on router without port and protocol])
@@ -813,8 +813,7 @@ wait_for_ports_up
 check ovn-nbctl --wait=hv sync
 
 # Create service that listens for TCP and UDP
-NETNS_DAEMONIZE([vm2], [nc -l -u 1234], [nc0.pid])
-NETNS_DAEMONIZE([vm2], [nc -l -k 1235], [nc1.pid])
+NETNS_DAEMONIZE([vm2], [nc -l -k 1235], [nc0.pid])
 
 test_icmp() {
 # Make sure that a ping works as expected
@@ -838,7 +837,9 @@ 
icmp,orig=(src=173.0.1.2,dst=172.16.0.102,id=,type=8,code=0),reply=(src
 }
 
 test_udp() {
+NETNS_DAEMONIZE([vm2], [nc -l -u 1234], [nc1.pid])
 NS_CHECK_EXEC([vm1], [nc -u 30.0.0.1 1234 -p 1222 -z])
+kill $(cat nc1.pid)
 
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
 sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
-- 
2.44.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

56 matches

Mail list logo