Re: [ovs-dev] [PATCH net 1/2] openvswitch: support asymmetric conntrack

2019-11-09 Thread Pravin Shelar 
On Fri, Nov 8, 2019 at 1:07 PM Aaron Conole  wrote:
>
> The openvswitch module shares a common conntrack and NAT infrastructure
> exposed via netfilter.  It's possible that a packet needs both SNAT and
> DNAT manipulation, due to e.g. tuple collision.  Netfilter can support
> this because it runs through the NAT table twice - once on ingress and
> again after egress.  The openvswitch module doesn't have such capability.
>
> Like netfilter hook infrastructure, we should run through NAT twice to
> keep the symmetry.
>
> Fixes: 05752523e565 ("openvswitch: Interface with NAT.")
> Signed-off-by: Aaron Conole 

The patch looks ok. But I am not able apply it. can you fix the encoding.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] Extending ovs_action_attr to add a new action

2019-11-09 Thread Matteo Croce 
On Fri, Nov 8, 2019 at 11:04 PM William Tu  wrote:
>
> On Fri, Nov 08, 2019 at 05:12:55PM +0100, Matteo Croce wrote:
> > Hi,
> >
> > I need to add a field to enum ovs_action_attr, but I see that the
> > definition between the upstream header[1] and the one in compat[2]
> > differs.
> > Upstream enum stops at OVS_ACTION_ATTR_CHECK_PKT_LEN, with an extra
> > "hidden" element after __OVS_ACTION_ATTR_MAX (22)
> > Our compat version instead, has OVS_ACTION_ATTR_TUNNEL_{PUSH,POP}
> > defined only #ifndef __KERNEL__, with __OVS_ACTION_ATTR_MAX being 22
> > for the kernel and 24 for userspace.
> >
> > If I add a field OVS_ACTION_ATTR_WHATEVER just before
> > __OVS_ACTION_ATTR_MAX in the kernel, older userspace will incorrectly
> > see the new action as OVS_ACTION_ATTR_TUNNEL_PUSH.
>
> "older userspace" means you're using userspace datapath (dpif-netdev)?
> If true, then it's not using kernel module.
>
> if "older userspace" means just ovs-vswitchd using kernel module,
> and you want to upgrade ovs kernel module with your new action
> and without upgrade ovs-vswitchd?
>

Yes, I mean older vswitchd with a new kernel module. If I add a field
after OVS_ACTION_ATTR_TUNNEL_POP, and then I downgrade the userspace
utils I end up in this situation:

# ovs-dpctl dump-flows
in_port(1),eth(),eth_type(0x0800), packets:1, bytes:98, used:605.381s,
actions:tnl_push(tnl_port(65544),header(size=252,type=131097,eth(dst=14:00:00:00:84:03,src=00:00:03:01:00:00,dl_type=0x0500),ipv6(src=1400::800:1300:0:0:800,dst=200::800:300:200:0:800,label=21504,proto=8,tclass=0x0,hlimit=0),),out_port(2)),2

while adding it before OVS_ACTION_ATTR_TUNNEL_POP I get this:

# ovs-dpctl dump-flows
in_port(1),eth(),eth_type(0x0800), packets:1, bytes:98, used:3.661s,
actions:bad length 0, expected 4 for: action22,2

> Usually we also upgrade ovs-vswitchd, so I don't know how this can be done.
>

So it's not a problem, we can assume that the userspace can't be older
than the kernel datapath.

Regards,
-- 
Matteo Croce
per aspera ad upstream

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev