> On 20 May 2026, at 4:08 PM, Dumitru Ceara <[email protected]> wrote: > > !-------------------------------------------------------------------| > CAUTION: External Email > > |-------------------------------------------------------------------! > > On 5/20/26 12:35 PM, Dumitru Ceara wrote: >> Hi Naveen, >> >> Thanks for the patch! >> >> On 5/14/26 7:06 PM, Naveen Yerramneni wrote: >>> DHCP client extends its lease by unicasting a DHCPREQUEST to its >>> original DHCP server when the T1 timer fires (typically at 50% of >>> the lease). If that DHCPREQUEST gets no response, the T2 timer >>> fires (typically at 87.5% of the lease) and the client enters the >>> REBINDING state, where it broadcasts a DHCPREQUEST using its >>> currently leased IP as the source address (rather than 0.0.0.0). >>> >>> Today OVN's DHCP relay only matches DHCPREQUEST packets whose source >>> IP is 0.0.0.0, so the broadcast DHCPREQUEST sent by a client in the >>> REBINDING state is not matched by any relay flow and is dropped. >>> The lease cannot be renewed through the relay and the client >>> eventually falls back to a fresh DISCOVER. >>> >>> Extend the relay to also forward DHCPREQUEST packets whose source IP >>> lies in the relay LRP's subnet by widening the source-IP match of >>> the DHCP relay request flows to the set >>> ip4.src == {0.0.0.0, <lrp_cidr>}, where <lrp_cidr> is the CIDR of >>> the relay Logical_Router_Port. The set is applied to: >>> >>> - The priority-100 logical switch flow in ls_in_l2_lkup that >>> forwards client DHCP broadcasts to the relay LRP-attachment >>> port. >>> - The logical router lr_in_ip_input priority-110 >>> dhcp_relay_req_chk flow. >>> - The lr_in_dhcp_relay_req priority-100 forward and priority-1 >>> drop flows. >>> >>> The behaviour is controlled by a new NB_Global option: >>> >>> options:dhcp_relay_handle_rebind boolean (default 'true') >>> >>> Setting it to 'false' restores the previous behaviour and matches >>> only ip4.src == 0.0.0.0. >>> >> >> If we're changing defaults, why not just make it the only behavior? >> IIUC you're just extending the existing implementation, right? >> >> Also, this patch fails CI: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ovsrobot_ovn_actions_runs_25747657870_job_75615787412&d=DwICaQ&c=s883GpUCOChKOHiocYtGcg&r=2PQjSDR7A28z1kXE1ptSm6X36oL_nCq1XxeEt7FkLmA&m=UfOQg5_6DqwjAlYNnnEyTVjNlpWYgq54Vc2sFS_RmgmQv8GyXSM_xWQOzF72KQ9c&s=rxDte8jMhuO5jfuEboy37setfom1hTvKPV793cJYQ-o&e= >> >> 1 >> Expecting global_config compute count - 2 not to be 0 >> test 2 -ne 0 >> ./ovn-macros.at:897: "$@" >> Checking engine stats for node northd : recompute - norecompute : >> compute - compute >> Expecting northd recompute count - 1 to be 0 >> test 1 -eq 0 >> ./ovn-macros.at:897: "$@" >> ./ovn-macros.at:897: exit code was 1, expected 0 >> 815. ovn-northd.at:13500: 815. NB_Global and SB_Global incremental >> processing (ovn-northd.at:13500): FAILED ( 1 ) >> > > My bad, I had looked at the v1 CI run, the v2 run is green. > > There is however a warning from ovsrobot: > https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Dbuild_2026-2DMay_054822.html&d=DwICaQ&c=s883GpUCOChKOHiocYtGcg&r=2PQjSDR7A28z1kXE1ptSm6X36oL_nCq1XxeEt7FkLmA&m=UfOQg5_6DqwjAlYNnnEyTVjNlpWYgq54Vc2sFS_RmgmQv8GyXSM_xWQOzF72KQ9c&s=JYQZ5Lqo1IuXTd9why3bxJ4ka3ESBL2rjMGyxRbqeX8&e=
Thanks Dumitru for the review! I will address this warning. > > In any case, my question about making this the only behavior and > skipping the addition of yet another knob stands. > I think we can avoid this knob. I added this since I am changing the current behaviour. > Regards, > Dumitru > >> Regards, >> Dumitru >> >> >>> Signed-off-by: Naveen Yerramneni <[email protected]> >>> Acked-by: Aditya Mehakare <[email protected]> >>> Acked-by: Huzaifa Calcuttawala <[email protected]> >>> --- >>> V2: >>> - consider dhcp_relay_handle_rebind as optional to avoid unwanted >>> northd recompute. >>> --- >>> Documentation/ref/ovn-logical-flows.7.rst | 32 ++++++++------ >>> NEWS | 5 +++ >>> northd/en-global-config.c | 5 +++ >>> northd/northd.c | 51 +++++++++++++++++++---- >>> ovn-nb.xml | 18 ++++++++ >>> tests/ovn-northd.at | 48 ++++++++++++++++++--- >>> tests/ovn.at | 9 +++- >>> 7 files changed, 140 insertions(+), 28 deletions(-) >>> >>> diff --git a/Documentation/ref/ovn-logical-flows.7.rst >>> b/Documentation/ref/ovn-logical-flows.7.rst >>> index 0b69d7bb0..0d46301b3 100644 >>> --- a/Documentation/ref/ovn-logical-flows.7.rst >>> +++ b/Documentation/ref/ovn-logical-flows.7.rst >>> @@ -1392,7 +1392,9 @@ This table implements switching behavior. It >>> contains these logical flows: >>> >>> - A priority-100 flow that forwards all DHCP broadcast packets coming from >>> VIFs >>> to the logical router port's MAC when DHCP relay is enabled on the logical >>> - switch. >>> + switch. By default the ``ip4.src`` match is the set ``{0.0.0.0, >>> lrp_cidr}``. >>> + If ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column >>> is set >>> + to ``false`` the match is ``ip4.src == 0.0.0.0`` only. >>> >>> - A priority-100 flow that matches ``reg8[23] == 1`` and does ``output`` >>> action. >>> This ensures that packets that got injected back into this table from >>> egress >>> @@ -2199,9 +2201,11 @@ contains the following flows to implement very basic >>> IP host functionality. >>> - For each logical router port configured with DHCP relay the following >>> priority-110 flows are added to manage the DHCP relay traffic: >>> >>> - - if ``inport`` is lrp and ``ip4.src == 0.0.0.0`` and ``ip4.dst == >>> - 255.255.255.255`` and ``ip4.frag == 0`` and ``udp.src == 68`` and >>> ``udp.dst >>> - == 67``, the ``dhcp_relay_req_chk`` action is executed. :: >>> + - if ``inport`` is lrp and ``ip4.src == {0.0.0.0, lrp_cidr}`` and >>> ``ip4.dst >>> + == 255.255.255.255`` and ``ip4.frag == 0`` and ``udp.src == 68`` and >>> + ``udp.dst == 67``, the ``dhcp_relay_req_chk`` action is executed. >>> Setting >>> + ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column to >>> + ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only. :: >>> >>> reg9[7] = dhcp_relay_req_chk(lrp_ip, dhcp_server_ip);next >>> >>> @@ -2499,10 +2503,12 @@ This stage process the DHCP request packets on >>> which ``dhcp_relay_req_chk`` >>> action is applied in the IP input stage. >>> >>> - A priority-100 logical flow is added for each logical router port >>> configured >>> - with DHCP relay that matches ``inport`` is lrp and ``ip4.src == >>> 0.0.0.0`` and >>> - ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and ``udp.dst == >>> 67`` and >>> - ``reg9[7] == 1`` and applies following actions. If ``reg9[7]`` is set to >>> 1 >>> - then, ``dhcp_relay_req_chk`` action was successful. :: >>> + with DHCP relay that matches ``inport`` is lrp and ``ip4.src == {0.0.0.0, >>> + lrp_cidr}`` and ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and >>> + ``udp.dst == 67`` and ``reg9[7] == 1`` and applies following actions. If >>> + ``reg9[7]`` is set to 1 then, ``dhcp_relay_req_chk`` action was >>> successful. >>> + Setting ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` >>> column >>> + to ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only. :: >>> >>> ip4.src=lrp ip; >>> ip4.dst=dhcp server ip; >>> @@ -2510,10 +2516,12 @@ action is applied in the IP input stage. >>> next; >>> >>> - A priority-1 logical flow is added for each logical router port configured >>> - with DHCP relay that matches ``inport`` is lrp and ``ip4.src == >>> 0.0.0.0`` and >>> - ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and ``udp.dst == >>> 67`` and >>> - ``reg9[7] == 0`` and drops the packet. If ``reg9[7]`` is set to 0 then, >>> - ``dhcp_relay_req_chk`` action was unsuccessful. >>> + with DHCP relay that matches ``inport`` is lrp and ``ip4.src == {0.0.0.0, >>> + lrp_cidr}`` and ``ip4.dst == 255.255.255.255`` and ``udp.src == 68`` and >>> + ``udp.dst == 67`` and ``reg9[7] == 0`` and drops the packet. If >>> ``reg9[7]`` >>> + is set to 0 then, ``dhcp_relay_req_chk`` action was unsuccessful. >>> Setting >>> + ``dhcp_relay_handle_rebind`` in the ``NB_Global`` ``options`` column to >>> + ``false`` restricts the ``ip4.src`` match to ``0.0.0.0`` only. >>> >>> - A priority-0 flow that matches all packets to advance to the next table. >>> >>> diff --git a/NEWS b/NEWS >>> index 9839d19b9..4e8df14ae 100644 >>> --- a/NEWS >>> +++ b/NEWS >>> @@ -12,6 +12,11 @@ Post v26.03.0 >>> * Add ECMP/multi-homing support for EVPN FDB entries. FDB entries >>> backed by a kernel nexthop group are load-balanced via OpenFlow >>> select groups with weighted buckets. >>> + - The DHCP relay now also forwards DHCPREQUEST packets whose >>> + source IP lies in the relay LRP's subnet, in addition to >>> + ip4.src == 0.0.0.0. Controlled by the new NB_Global option >>> + dhcp_relay_handle_rebind (default true); set it to false to >>> + match only ip4.src == 0.0.0.0. >>> >>> OVN v26.03.0 - xxx xx xxxx >>> -------------------------- >>> diff --git a/northd/en-global-config.c b/northd/en-global-config.c >>> index d49ddb94a..7fb16b9d7 100644 >>> --- a/northd/en-global-config.c >>> +++ b/northd/en-global-config.c >>> @@ -724,6 +724,11 @@ check_nb_options_out_of_sync( >>> return true; >>> } >>> >>> + if (config_out_of_sync(&nb->options, &config_data->nb_options, >>> + "dhcp_relay_handle_rebind", false)) { >>> + return true; >>> + } >>> + >>> return false; >>> } >>> >>> diff --git a/northd/northd.c b/northd/northd.c >>> index 8305e0428..16c5916a9 100644 >>> --- a/northd/northd.c >>> +++ b/northd/northd.c >>> @@ -105,6 +105,11 @@ static bool default_acl_drop; >>> * and ports tunnel key allocation (12 bits for each instead of default >>> 16). */ >>> static bool vxlan_mode; >>> >>> +/* If 'true' (default), DHCP relay flows match both ip4.src == 0.0.0.0 >>> + * and ip4.src within the relay LRP's CIDR. If 'false', only >>> + * ip4.src == 0.0.0.0 is matched. */ >>> +static bool dhcp_relay_handle_rebind = true; >>> + >>> #define MAX_OVN_TAGS 4096 >>> >>> #define MAX_OVN_NF_GROUP_IDS 256 >>> @@ -10072,14 +10077,25 @@ build_lswitch_dhcp_relay_flows(struct ovn_port >>> *op, >>> ds_clear(match); >>> ds_clear(actions); >>> >>> + /* Match 0.0.0.0 and the LRP's CIDR when 'dhcp_relay_handle_rebind' >>> + * is enabled (default); match only 0.0.0.0 when disabled. */ >>> + struct ds src_ip_match = DS_EMPTY_INITIALIZER; >>> + if (dhcp_relay_handle_rebind && rp->lrp_networks.n_ipv4_addrs > 0) { >>> + ds_put_format(&src_ip_match, "ip4.src == {0.0.0.0, %s/%u}", >>> + rp->lrp_networks.ipv4_addrs[0].network_s, >>> + rp->lrp_networks.ipv4_addrs[0].plen); >>> + } else { >>> + ds_put_cstr(&src_ip_match, "ip4.src == 0.0.0.0"); >>> + } >>> + >>> ds_put_format( >>> match, "inport == %s && eth.src == %s && " >>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " >>> + "%s && ip4.dst == 255.255.255.255 && " >>> "udp.src == 68 && udp.dst == 67", >>> - op->json_key, op->lsp_addrs[0].ea_s); >>> + op->json_key, op->lsp_addrs[0].ea_s, ds_cstr(&src_ip_match)); >>> ds_put_format(actions, >>> "eth.dst = %s; outport = %s; next; /* DHCP_RELAY_REQ */", >>> - rp->lrp_networks.ea_s,sp->json_key); >>> + rp->lrp_networks.ea_s, sp->json_key); >>> ovn_lflow_add(lflows, op->od, >>> S_SWITCH_IN_L2_LKUP, 100, >>> ds_cstr(match), >>> @@ -10089,6 +10105,8 @@ build_lswitch_dhcp_relay_flows(struct ovn_port *op, >>> WITH_HINT(&op->nbsp->header_)); >>> ds_clear(match); >>> ds_clear(actions); >>> + ds_destroy(&src_ip_match); >>> + >>> free(server_ip_str); >>> } >>> >>> @@ -16734,11 +16752,22 @@ build_dhcp_relay_flows_for_lrouter_port(struct >>> ovn_port *op, >>> ds_clear(match); >>> ds_clear(actions); >>> >>> + /* Match 0.0.0.0 and the LRP's CIDR when 'dhcp_relay_handle_rebind' >>> + * is enabled (default); match only 0.0.0.0 when disabled. */ >>> + struct ds src_ip_match = DS_EMPTY_INITIALIZER; >>> + if (dhcp_relay_handle_rebind) { >>> + ds_put_format(&src_ip_match, "ip4.src == {0.0.0.0, %s/%u}", >>> + op->lrp_networks.ipv4_addrs[0].network_s, >>> + op->lrp_networks.ipv4_addrs[0].plen); >>> + } else { >>> + ds_put_cstr(&src_ip_match, "ip4.src == 0.0.0.0"); >>> + } >>> + >>> ds_put_format( >>> match, "inport == %s && " >>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " >>> + "%s && ip4.dst == 255.255.255.255 && " >>> "ip.frag == 0 && udp.src == 68 && udp.dst == 67", >>> - op->json_key); >>> + op->json_key, ds_cstr(&src_ip_match)); >>> ds_put_format(actions, >>> REGBIT_DHCP_RELAY_REQ_CHK >>> " = dhcp_relay_req_chk(%s, %s);" >>> @@ -16757,10 +16786,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct >>> ovn_port *op, >>> >>> ds_put_format( >>> match, "inport == %s && " >>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " >>> + "%s && ip4.dst == 255.255.255.255 && " >>> "udp.src == 68 && udp.dst == 67 && " >>> REGBIT_DHCP_RELAY_REQ_CHK, >>> - op->json_key); >>> + op->json_key, ds_cstr(&src_ip_match)); >>> ds_put_format(actions, >>> "ip4.src = %s; ip4.dst = %s; udp.src = 67; next; " >>> "/* DHCP_RELAY_REQ */", >>> @@ -16775,10 +16804,10 @@ build_dhcp_relay_flows_for_lrouter_port(struct >>> ovn_port *op, >>> >>> ds_put_format( >>> match, "inport == %s && " >>> - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " >>> + "%s && ip4.dst == 255.255.255.255 && " >>> "udp.src == 68 && udp.dst == 67 && " >>> REGBIT_DHCP_RELAY_REQ_CHK" == 0", >>> - op->json_key); >>> + op->json_key, ds_cstr(&src_ip_match)); >>> ds_put_format(actions, "drop; /* DHCP_RELAY_REQ */"); >>> >>> ovn_lflow_add(lflows, op->od, S_ROUTER_IN_DHCP_RELAY_REQ, 1, >>> @@ -16787,6 +16816,7 @@ build_dhcp_relay_flows_for_lrouter_port(struct >>> ovn_port *op, >>> >>> ds_clear(match); >>> ds_clear(actions); >>> + ds_destroy(&src_ip_match); >>> >>> ds_put_format( >>> match, "ip4.src == %s && ip4.dst == %s && " >>> @@ -21249,6 +21279,9 @@ ovnnb_db_run(struct northd_input *input_data, >>> false); >>> use_common_zone = smap_get_bool(input_data->nb_options, >>> "use_common_zone", >>> false); >>> + dhcp_relay_handle_rebind = smap_get_bool(input_data->nb_options, >>> + "dhcp_relay_handle_rebind", >>> + true); >>> >>> vxlan_mode = input_data->vxlan_mode; >>> >>> diff --git a/ovn-nb.xml b/ovn-nb.xml >>> index 2e8a6a6f1..f5fb775b5 100644 >>> --- a/ovn-nb.xml >>> +++ b/ovn-nb.xml >>> @@ -464,6 +464,24 @@ >>> </p> >>> </column> >>> >>> + <column name="options" key="dhcp_relay_handle_rebind" >>> + type='{"type": "boolean"}'> >>> + <p> >>> + Default is <code>true</code>. The DHCP relay forwards both >>> + broadcast DHCPREQUEST packets sent with no source IP >>> + assigned and those sent with the client's currently leased >>> + IP as the source address. The latter are typically sent by >>> + clients in the REBINDING state (T2 timer expiry) when they >>> + cannot reach their original DHCP server. >>> + </p> >>> + >>> + <p> >>> + Set to <code>false</code> to forward only DHCPREQUEST >>> + packets sent with no source IP assigned. Refer to >>> + <code>ovn-northd</code>(8) for the exact logical-flow match. >>> + </p> >>> + </column> >>> + >>> <group title="Options for services health check confguration"> >>> <p> >>> These options are used when health configuration is enabled for >>> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at >>> index 074b1526b..52b4f78a0 100644 >>> --- a/tests/ovn-northd.at >>> +++ b/tests/ovn-northd.at >>> @@ -13394,23 +13394,43 @@ check ovn-nbctl --wait=sb sync >>> ovn-sbctl lflow-list > lflows >>> AT_CAPTURE_FILE([lflows]) >>> >>> +# Default: match the set {0.0.0.0, lrp_cidr}. >>> AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0], >>> [dnl >>> - table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" >>> && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && ip.frag == 0 && >>> udp.src == 68 && udp.dst == 67), action=(reg9[[7]] = >>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] = >>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */) >>> table=??(lr_in_ip_input ), priority=110 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 && >>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */) >>> - table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1" >>> && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && >>> udp.dst == 67 && reg9[[7]]), action=(ip4.src = 192.168.1.1; ip4.dst = >>> 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */) >>> - table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1" >>> && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && >>> udp.dst == 67 && reg9[[7]] == 0), action=(drop; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = >>> 192.168.1.1; ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /* >>> DHCP_RELAY_REQ */) >>> table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67), >>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1, >>> 172.16.1.1); next; /* DHCP_RELAY_RESP */) >>> table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1"; >>> output; /* DHCP_RELAY_RESP */) >>> table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */) >>> - table=??(ls_in_l2_lkup ), priority=100 , match=(inport == >>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == 0.0.0.0 && >>> ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67), >>> action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; next; /* >>> DHCP_RELAY_REQ */) >>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport == >>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == {0.0.0.0, >>> 192.168.1.0/24} && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst >>> == 67), action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; >>> next; /* DHCP_RELAY_REQ */) >>> ]) >>> >>> -# Set invalid dhcp_relay_port in ls0 >>> +# Invalid dhcp_relay_port: the ls_in_l2_lkup flow is suppressed; the >>> +# logical router flows keep the default match. >>> check ovn-nbctl --wait=sb set Logical_Switch ls0 >>> other_config:dhcp_relay_port=foo >>> >>> ovn-sbctl lflow-list > lflows >>> AT_CAPTURE_FILE([lflows]) >>> >>> +AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0], >>> [dnl >>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] = >>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_ip_input ), priority=110 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 && >>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = >>> 192.168.1.1; ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /* >>> DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67), >>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1, >>> 172.16.1.1); next; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1"; >>> output; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */) >>> +]) >>> + >>> +# Restore the relay port and disable dhcp_relay_handle_rebind: the >>> +# relay flows now match only ip4.src == 0.0.0.0. >>> +check ovn-nbctl set Logical_Switch ls0 >>> other_config:dhcp_relay_port=lrp1-attachment >>> +check ovn-nbctl --wait=sb set NB_Global . >>> options:dhcp_relay_handle_rebind=false >>> + >>> +ovn-sbctl lflow-list > lflows >>> +AT_CAPTURE_FILE([lflows]) >>> + >>> AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0], >>> [dnl >>> table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" && >>> ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && ip.frag == 0 && udp.src >>> == 68 && udp.dst == 67), action=(reg9[[7]] = >>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */) >>> table=??(lr_in_ip_input ), priority=110 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 && >>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */) >>> @@ -13419,6 +13439,24 @@ AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed >>> 's/table=../table=??/'], [0], [dnl >>> table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67), >>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1, >>> 172.16.1.1); next; /* DHCP_RELAY_RESP */) >>> table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1"; >>> output; /* DHCP_RELAY_RESP */) >>> table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */) >>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport == >>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == 0.0.0.0 && >>> ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67), >>> action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; next; /* >>> DHCP_RELAY_REQ */) >>> +]) >>> + >>> +# Remove the option: flows revert to the default match. >>> +check ovn-nbctl --wait=sb remove NB_Global . options >>> dhcp_relay_handle_rebind >>> + >>> +ovn-sbctl lflow-list > lflows >>> +AT_CAPTURE_FILE([lflows]) >>> + >>> +AT_CHECK([grep -e "DHCP_RELAY_" lflows | sed 's/table=../table=??/'], [0], >>> [dnl >>> + table=??(lr_in_ip_input ), priority=110 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[[7]] = >>> dhcp_relay_req_chk(192.168.1.1, 172.16.1.1);next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_ip_input ), priority=110 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && ip.frag == 0 && udp.src == 67 && >>> udp.dst == 67), action=(next; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]]), action=(ip4.src = >>> 192.168.1.1; ip4.dst = 172.16.1.1; udp.src = 67; next; /* DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_req), priority=1 , match=(inport == "lrp1" >>> && ip4.src == {0.0.0.0, 192.168.1.0/24} && ip4.dst == 255.255.255.255 && >>> udp.src == 68 && udp.dst == 67 && reg9[[7]] == 0), action=(drop; /* >>> DHCP_RELAY_REQ */) >>> + table=??(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src == >>> 172.16.1.1 && ip4.dst == 192.168.1.1 && udp.src == 67 && udp.dst == 67), >>> action=(reg2 = ip4.dst; reg9[[8]] = dhcp_relay_resp_chk(192.168.1.1, >>> 172.16.1.1); next; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]]), action=(ip4.src = 192.168.1.1; udp.dst = 68; outport = "lrp1"; >>> output; /* DHCP_RELAY_RESP */) >>> + table=??(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src == >>> 172.16.1.1 && reg2 == 192.168.1.1 && udp.src == 67 && udp.dst == 67 && >>> reg9[[8]] == 0), action=(drop; /* DHCP_RELAY_RESP */) >>> + table=??(ls_in_l2_lkup ), priority=100 , match=(inport == >>> "ls0-port1" && eth.src == 02:00:00:00:00:10 && ip4.src == {0.0.0.0, >>> 192.168.1.0/24} && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst >>> == 67), action=(eth.dst = 02:00:00:00:00:01; outport = "lrp1-attachment"; >>> next; /* DHCP_RELAY_REQ */) >>> ]) >>> >>> # Clear the dhcp_relay from lrp1 >>> diff --git a/tests/ovn.at b/tests/ovn.at >>> index fbaa63d99..0e2299b81 100644 >>> --- a/tests/ovn.at >>> +++ b/tests/ovn.at >>> @@ -41221,8 +41221,12 @@ sid=$src_ip >>> # send packet >>> send_dhcp_packet $src_mac $src_ip $dst_mac $dst_ip 01 01 $yiaddr $giaddr >>> $sid vif0 >>> >>> +# The default set match ip4.src == {0.0.0.0, lrp_cidr} compiles to >>> +# two OF flows; only the 0.0.0.0 one sees the DISCOVER packet. >>> +# Sort for stable ordering. >>> OVS_WAIT_FOR_OUTPUT([ovs-ofctl dump-flows br-int >>> table=$dhcp_relay_req_table | grep -v NXST | grep 255.255.255.255 | grep >>> resubmit | >>> -cut -d ' ' -f5-5 | sed "s/,//"], [0], [dnl >>> +cut -d ' ' -f5-5 | sed "s/,//" | sort], [0], [dnl >>> +n_packets=0 >>> n_packets=1 >>> ]) >>> >>> @@ -41233,7 +41237,8 @@ giaddr=`ip_to_hex 192.168.1.1` >>> send_dhcp_packet $src_mac $src_ip $dst_mac $dst_ip 01 01 $yiaddr $giaddr >>> $sid vif0 >>> >>> OVS_WAIT_FOR_OUTPUT([ovs-ofctl dump-flows br-int >>> table=$dhcp_relay_req_table | grep -v NXST | grep 255.255.255.255 | grep >>> drop | >>> -cut -d ' ' -f5-5 | sed "s/,//"], [0], [dnl >>> +cut -d ' ' -f5-5 | sed "s/,//" | sort], [0], [dnl >>> +n_packets=0 >>> n_packets=1 >>> ]) _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
