While there is a hardware offload friendly approach to fixing
processing of fragmented traffic to load balancers in 8e6f9a8355e2
("northd: Fix HW offload problem related to ct_tuple."), the change
is quite invasive, and not compatible with our requirement to make
UDP fragmentation work for switch egress pipeline user space data
path in already released versions of OVN.In a subsequent patch an optional solution to this problem is provided, which relies on these fields being available. The documentation for OVN Northbound ACL table already states that the match column uses the same expression language as the OVN Southbound Logical_Flow match column. As we know use of these fields may be considered low level and problematic, consequently they are introduced as internal API. Related: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2115795 Related: https://issues.redhat.com/browse/FDP-684 Signed-off-by: Frode Nordahl <fnord...@ubuntu.com> --- lib/logical-fields.c | 7 +++++++ ovn-nb.xml | 8 ++++++++ ovn-sb.xml | 10 ++++++++++ tests/ovn.at | 3 +++ 4 files changed, 28 insertions(+) diff --git a/lib/logical-fields.c b/lib/logical-fields.c index f19eb579b..c3e56743d 100644 --- a/lib/logical-fields.c +++ b/lib/logical-fields.c @@ -363,6 +363,13 @@ ovn_init_symtab(struct shash *symtab) expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", OVN_ICMP4_FRAG_MTU); expr_symtab_add_ovn_field(symtab, "icmp6.frag_mtu", OVN_ICMP6_FRAG_MTU); + + expr_symtab_add_field(symtab, "ct_proto", MFF_CT_NW_PROTO, + "ct.trk", false); + + expr_symtab_add_predicate(symtab, "ct_udp", "ct_proto == 17"); + expr_symtab_add_field(symtab, "ct_udp.dst", MFF_CT_TP_DST, + "ct_udp", false); } const char * diff --git a/ovn-nb.xml b/ovn-nb.xml index 4a7581807..622831da4 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2576,6 +2576,14 @@ or Note that you can not create an ACL matching on a port with type=router or type=localnet. </p> + + <p> + Note that matching directly on connection tracker metadata fields such + as <code>ct_proto</code>, <code>ct_udp</code> and their subfields is + for internal use between ovn-northd and ovn-controller, may be removed + at any time and consequently not supported as part of the Northbound + API. + </p> </column> <column name="action"> diff --git a/ovn-sb.xml b/ovn-sb.xml index db5faac66..5c98731ea 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -1147,6 +1147,16 @@ </li> </ul> </li> + <li> + <p> + <code>ct_proto</code> and <code>ct_udp</code> subfields represent + connection tracker metadata containing L4 information for UDP + packets. Note: for internal use, may be removed at any time. + </p> + <ul> + <li><code>ct_udp.src</code> <code>ct_udp.dst</code></li> + </ul> + </li> </ul> <p> diff --git a/tests/ovn.at b/tests/ovn.at index 18ce07e1a..724f8fd8d 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -154,7 +154,10 @@ ct_mark.natted = ct_mark[1] ct_mark.obs_collector_id = ct_mark[16..23] ct_mark.obs_stage = ct_mark[4..5] ct_mark.skip_snat = ct_mark[2] +ct_proto = NXM_NX_CT_NW_PROTO ct_state = NXM_NX_CT_STATE +ct_udp = ct_proto == 17 +ct_udp.dst = NXM_NX_CT_TP_DST ]]) AT_CLEANUP -- 2.43.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
