Rely on IP protocol from the incoming packet for learn action
in table 68 if it has not specified in the related load-balancer.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2157846
Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
---
controller/lflow.c | 24 ++++++++++++++----------
tests/system-ovn.at | 16 ++++++++++++----
2 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/controller/lflow.c b/controller/lflow.c
index bb47bb0c7..4b1cfe318 100644
--- a/controller/lflow.c
+++ b/controller/lflow.c
@@ -1567,9 +1567,6 @@ add_lb_vip_hairpin_reply_action(struct in6_addr
*vip6, ovs_be32 vip,
/* Hairpin replies have the same nw_proto as packets that created the
* session.
*/
- union mf_value imm_proto = {
- .u8 = lb_proto,
- };
ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec);
ol_spec->dst.field = mf_from_id(MFF_IP_PROTO);
ol_spec->src.field = mf_from_id(MFF_IP_PROTO);
@@ -1577,16 +1574,21 @@ add_lb_vip_hairpin_reply_action(struct in6_addr
*vip6, ovs_be32 vip,
ol_spec->dst.n_bits = ol_spec->dst.field->n_bits;
ol_spec->n_bits = ol_spec->dst.n_bits;
ol_spec->dst_type = NX_LEARN_DST_MATCH;
- ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE;
- mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match);
-
- /* Push value last, as this may reallocate 'ol_spec' */
- imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8);
- src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes));
- memcpy(src_imm, &imm_proto, imm_bytes);
/* Hairpin replies have source port == <backend-port>. */
if (has_l4_port) {
+ union mf_value imm_proto = {
+ .u8 = lb_proto,
+ };
+
+ ol_spec->src_type = NX_LEARN_SRC_IMMEDIATE;
+ mf_write_subfield_value(&ol_spec->dst, &imm_proto, &match);
+
+ /* Push value last, as this may reallocate 'ol_spec' */
+ imm_bytes = DIV_ROUND_UP(ol_spec->dst.n_bits, 8);
+ src_imm = ofpbuf_put_zeros(ofpacts, OFPACT_ALIGN(imm_bytes));
+ memcpy(src_imm, &imm_proto, imm_bytes);
+
ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec);
switch (lb_proto) {
case IPPROTO_TCP:
@@ -1610,6 +1612,8 @@ add_lb_vip_hairpin_reply_action(struct in6_addr
*vip6, ovs_be32 vip,
ol_spec->n_bits = ol_spec->dst.n_bits;
ol_spec->dst_type = NX_LEARN_DST_MATCH;
ol_spec->src_type = NX_LEARN_SRC_FIELD;
+ } else {
+ ol_spec->src_type = NX_LEARN_SRC_FIELD;
}
/* Set MLF_LOOKUP_LB_HAIRPIN_BIT for hairpin replies. */
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 710cf22a2..a34aeb0fa 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -4649,10 +4649,12 @@ ovn-nbctl lb-add lb-ipv4-tcp 88.88.88.88:8080
42.42.42.1:4041 tcp
ovn-nbctl lb-add lb-ipv4-tcp-dup 88.88.88.89:8080 42.42.42.1:4041 tcp
ovn-nbctl lb-add lb-ipv4-udp 88.88.88.88:4040 42.42.42.1:2021 udp
ovn-nbctl lb-add lb-ipv4-udp-dup 88.88.88.89:4040 42.42.42.1:2021 udp
+ovn-nbctl lb-add lb-ipv4 88.88.88.90 42.42.42.1
ovn-nbctl ls-lb-add sw lb-ipv4-tcp
ovn-nbctl ls-lb-add sw lb-ipv4-tcp-dup
ovn-nbctl ls-lb-add sw lb-ipv4-udp
ovn-nbctl ls-lb-add sw lb-ipv4-udp-dup
+ovn-nbctl ls-lb-add sw lb-ipv4
ovn-nbctl lr-add rtr
ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 42.42.42.254/24
@@ -4673,21 +4675,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l
42.42.42.1 4041 &], [0])
# Check that IPv4 TCP hairpin connection succeeds on both VIPs.
NS_CHECK_EXEC([lsp], [nc 88.88.88.88 8080 -z], [0], [ignore], [ignore])
NS_CHECK_EXEC([lsp], [nc 88.88.88.89 8080 -z], [0], [ignore], [ignore])
+NS_CHECK_EXEC([lsp], [nc 88.88.88.90 4041 -z], [0], [ignore], [ignore])
# Capture IPv4 UDP hairpinned packets.
filter="dst 42.42.42.1 and dst port 2021 and udp"
-NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp ${filter} > lsp.pcap &])
+NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp ${filter} > lsp.pcap &])
sleep 1
# Generate IPv4 UDP hairpin traffic.
NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.88 4040 &], [0])
NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.89 4040 &], [0])
+NS_CHECK_EXEC([lsp], [echo a | nc -u 88.88.88.90 2021 &], [0])
# Check hairpin traffic.
OVS_WAIT_UNTIL([
total_pkts=$(cat lsp.pcap | wc -l)
- test "${total_pkts}" = "2"
+ test "${total_pkts}" = "3"
])
OVS_APP_EXIT_AND_WAIT([ovn-controller])
@@ -4736,10 +4740,12 @@ ovn-nbctl lb-add lb-ipv6-tcp
[[8800::0088]]:8080 [[4200::1]]:4041 tcp
ovn-nbctl lb-add lb-ipv6-tcp-dup [[8800::0089]]:8080 [[4200::1]]:4041 tcp
ovn-nbctl lb-add lb-ipv6-udp [[8800::0088]]:4040 [[4200::1]]:2021 udp
ovn-nbctl lb-add lb-ipv6-udp-dup [[8800::0089]]:4040 [[4200::1]]:2021 udp
+ovn-nbctl lb-add lb-ipv6 8800::0090 4200::1
ovn-nbctl ls-lb-add sw lb-ipv6-tcp
ovn-nbctl ls-lb-add sw lb-ipv6-tcp-dup
ovn-nbctl ls-lb-add sw lb-ipv6-udp
ovn-nbctl ls-lb-add sw lb-ipv6-udp-dup
+ovn-nbctl ls-lb-add sw lb-ipv6
ovn-nbctl lr-add rtr
ovn-nbctl lrp-add rtr rtr-sw 00:00:00:00:01:00 4200::00ff/64
@@ -4759,21 +4765,23 @@ NS_CHECK_EXEC([lsp], [timeout 2s nc -k -l 4200::1
4041 &], [0])
# Check that IPv6 TCP hairpin connection succeeds on both VIPs.
NS_CHECK_EXEC([lsp], [nc 8800::0088 8080 -z], [0], [ignore], [ignore])
NS_CHECK_EXEC([lsp], [nc 8800::0089 8080 -z], [0], [ignore], [ignore])
+NS_CHECK_EXEC([lsp], [nc 8800::0090 4041 -z], [0], [ignore], [ignore])
# Capture IPv6 UDP hairpinned packets.
filter="dst 4200::1 and dst port 2021 and udp"
-NS_CHECK_EXEC([lsp], [tcpdump -nn -c 2 -i lsp $filter > lsp.pcap &])
+NS_CHECK_EXEC([lsp], [tcpdump -nn -c 3 -i lsp $filter > lsp.pcap &])
sleep 1
# Generate IPv6 UDP hairpin traffic.
NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0088 4040 &], [0])
NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0089 4040 &], [0])
+NS_CHECK_EXEC([lsp], [echo a | nc -u 8800::0090 2021 &], [0])
# Check hairpin traffic.
OVS_WAIT_UNTIL([
total_pkts=$(cat lsp.pcap | wc -l)
- test "${total_pkts}" = "2"
+ test "${total_pkts}" = "3"
])
OVS_APP_EXIT_AND_WAIT([ovn-controller])
--
2.39.0
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
