Rely on IP protocol from the incoming packet for learn action in table 68 if it has not specified in the related load-balancer.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2157846 Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> --- controller/lflow.c | 24 ++++++++++++++---------- tests/system-ovn.at | 16 ++++++++++++---- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/controller/lflow.c b/controller/lflow.c index bb47bb0c7..4b1cfe318 100644 --- a/controller/lflow.c +++ b/controller/lflow.c @@ -1567,9 +1567,6 @@ add_lb_vip_hairpin_reply_action(struct in6_addr *vip6, ovs_be32 vip, /* Hairpin replies have the same nw_proto as packets that created the * session. */ - union mf_value imm_proto = { - .u8 = lb_proto, - }; ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec); ol_spec->dst.field = mf_from_id(MFF_IP_PROTO); ol_spec->src.field = mf_from_id(MFF_IP_PROTO); @@ -1577,16 +1574,21 @@ add_lb_vip_hairpin_reply_action(struct in6_addr *vip6, ovs_be32 vip, ol_spec->dst.n_bits = ol_spec->dst.field->n_bits; ol_spec->n_bits = ol_spec->dst.n_bits; ol_spec->dst_type = NX_LEARN_DST_MATCH; - ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE; - mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match); - - /* Push value last, as this may reallocate 'ol_spec' */ - imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8); - src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes)); - memcpy(src_imm, &imm_proto, imm_bytes); /* Hairpin replies have source port == <backend-port>. */ if (has_l4_port) { + union mf_value imm_proto = { + .u8 = lb_proto, + }; + + ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE; + mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match); + + /* Push value last, as this may reallocate 'ol_spec' */ + imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8); + src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes)); + memcpy(src_imm, &imm_proto, imm_bytes); + ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec); switch (lb_proto) { case IPPROTO_TCP: @@ -1610,6 +1612,8 @@ add_lb_vip_hairpin_reply_action(struct in6_addr *vip6, ovs_be32 vip, ol_spec->n_bits = ol_spec->dst.n_bits; ol_spec->dst_type = NX_LEARN_DST_MATCH; ol_spec->src_type = NX_LEARN_SRC_FIELD; + } else { + ol_spec->src_type = NX_LEARN_SRC_FIELD; } /* Set MLF_LOOKUP_LB_HAIRPIN_BIT for hairpin replies. */ diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 710cf22a2..a34aeb0fa 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -4649,10 +4649,12 @@ ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.88:8080 42.42.42.1:4041 tcp ovn-nbctl lb-add lb-ipv4-tcp-dup 88.88.88.89:8080 42.42.42.1:4041 tcp ovn-nbctl lb-add lb-ipv4-udp 88.88.88.88:4040 42.42.42.1:2021 udp ovn-nbctl lb-add lb-ipv4-udp-dup 88.88.88.89:4040 42.42.42.1:2021 udp +ovn-nbctl lb-add lb-ipv4 88.88.88.90 42.42.42.1 ovn-nbctl ls-lb-add sw lb-ipv4-tcp ovn-nbctl ls-lb-add sw lb-ipv4-tcp-dup ovn-nbctl ls-lb-add sw lb-ipv4-udp ovn-nbctl ls-lb-add sw lb-ipv4-udp-dup +ovn-nbctl ls-lb-add sw lb-ipv4 ovn-nbctl lr-add rtr ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 42.42.42.254/24 @@ -4673,21 +4675,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l 42.42.42.1 4041 &], [0]) # Check that IPv4 TCP hairpin connection succeeds on both VIPs. NS_CHECK_EXEC([lsp], [nc 88.88.88.88 8080 -z], [0], [ignore], [ignore]) NS_CHECK_EXEC([lsp], [nc 88.88.88.89 8080 -z], [0], [ignore], [ignore]) +NS_CHECK_EXEC([lsp], [nc 88.88.88.90 4041 -z], [0], [ignore], [ignore]) # Capture IPv4 UDP hairpinned packets. filter="dst 42.42.42.1 and dst port 2021 and udp" -NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp ${filter} > lsp.pcap &]) +NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp ${filter} > lsp.pcap &]) sleep 1 # Generate IPv4 UDP hairpin traffic. NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.88 4040 &], [0]) NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.89 4040 &], [0]) +NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.90 2021 &], [0]) # Check hairpin traffic. OVS_WAIT_UNTIL([ total_pkts=$(cat lsp.pcap | wc -l) - test "${total_pkts}" = "2" + test "${total_pkts}" = "3" ]) OVS_APP_EXIT_AND_WAIT([ovn-controller]) @@ -4736,10 +4740,12 @@ ovn-nbctl lb-add lb-ipv6-tcp [[8800::0088]]:8080 [[4200::1]]:4041 tcp ovn-nbctl lb-add lb-ipv6-tcp-dup [[8800::0089]]:8080 [[4200::1]]:4041 tcp ovn-nbctl lb-add lb-ipv6-udp [[8800::0088]]:4040 [[4200::1]]:2021 udp ovn-nbctl lb-add lb-ipv6-udp-dup [[8800::0089]]:4040 [[4200::1]]:2021 udp +ovn-nbctl lb-add lb-ipv6 8800::0090 4200::1 ovn-nbctl ls-lb-add sw lb-ipv6-tcp ovn-nbctl ls-lb-add sw lb-ipv6-tcp-dup ovn-nbctl ls-lb-add sw lb-ipv6-udp ovn-nbctl ls-lb-add sw lb-ipv6-udp-dup +ovn-nbctl ls-lb-add sw lb-ipv6 ovn-nbctl lr-add rtr ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 4200::00ff/64 @@ -4759,21 +4765,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l 4200::1 4041 &], [0]) # Check that IPv6 TCP hairpin connection succeeds on both VIPs. NS_CHECK_EXEC([lsp], [nc 8800::0088 8080 -z], [0], [ignore], [ignore]) NS_CHECK_EXEC([lsp], [nc 8800::0089 8080 -z], [0], [ignore], [ignore]) +NS_CHECK_EXEC([lsp], [nc 8800::0090 4041 -z], [0], [ignore], [ignore]) # Capture IPv6 UDP hairpinned packets. filter="dst 4200::1 and dst port 2021 and udp" -NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp $filter > lsp.pcap &]) +NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp $filter > lsp.pcap &]) sleep 1 # Generate IPv6 UDP hairpin traffic. NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0088 4040 &], [0]) NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0089 4040 &], [0]) +NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0090 2021 &], [0]) # Check hairpin traffic. OVS_WAIT_UNTIL([ total_pkts=$(cat lsp.pcap | wc -l) - test "${total_pkts}" = "2" + test "${total_pkts}" = "3" ]) OVS_APP_EXIT_AND_WAIT([ovn-controller]) -- 2.39.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
