From: Frode Nordahl <[email protected]> While there is a hardware offload friendly approach to fixing processing of fragmented traffic to load balancers in 8e6f9a8355e2 ("northd: Fix HW offload problem related to ct_tuple."), the change is quite invasive, and not compatible with our requirement to make UDP fragmentation work for switch egress pipeline user space data path back to OVN 22.03.
In a subsequent commit a optional workaround to this problem is provided, which relies on this field being available. The documentation for OVN Northbound ACL table already states that the match column uses the same expression language as the OVN Southbound Logical_Flow match column. As we know use of these fields may be considered low level and problematic, consequently notes are added to mark them as internal API and discourage their use. Related: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2115795 Related: https://issues.redhat.com/browse/FDP-684 Signed-off-by: Frode Nordahl <[email protected]> --- lib/logical-fields.c | 9 +++++++++ ovn-nb.xml | 8 ++++++++ ovn-sb.xml | 10 ++++++++++ tests/ovn.at | 4 ++++ 4 files changed, 31 insertions(+) diff --git a/lib/logical-fields.c b/lib/logical-fields.c index e479a78c1..6c0f42c80 100644 --- a/lib/logical-fields.c +++ b/lib/logical-fields.c @@ -359,6 +359,15 @@ ovn_init_symtab(struct shash *symtab) expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", OVN_ICMP4_FRAG_MTU); expr_symtab_add_ovn_field(symtab, "icmp6.frag_mtu", OVN_ICMP6_FRAG_MTU); + + expr_symtab_add_field(symtab, "ct_proto", MFF_CT_NW_PROTO, + "ct.trk", false); + + expr_symtab_add_predicate(symtab, "ct_udp", "ct_proto == 17"); + expr_symtab_add_field(symtab, "ct_udp.dst", MFF_CT_TP_DST, + "ct_udp", false); + expr_symtab_add_field(symtab, "ct_udp.src", MFF_CT_TP_SRC, + "ct_udp", false); } const char * diff --git a/ovn-nb.xml b/ovn-nb.xml index 4a7581807..622831da4 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2576,6 +2576,14 @@ or Note that you can not create an ACL matching on a port with type=router or type=localnet. </p> + + <p> + Note that matching directly on connection tracker metadata fields such + as <code>ct_proto</code>, <code>ct_udp</code> and their subfields is + for internal use between ovn-northd and ovn-controller, may be removed + at any time and consequently not supported as part of the Northbound + API. + </p> </column> <column name="action"> diff --git a/ovn-sb.xml b/ovn-sb.xml index db5faac66..5c98731ea 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -1147,6 +1147,16 @@ </li> </ul> </li> + <li> + <p> + <code>ct_proto</code> and <code>ct_udp</code> subfields represent + connection tracker metadata containing L4 information for UDP + packets. Note: for internal use, may be removed at any time. + </p> + <ul> + <li><code>ct_udp.src</code> <code>ct_udp.dst</code></li> + </ul> + </li> </ul> <p> diff --git a/tests/ovn.at b/tests/ovn.at index 0dabec8d9..077bad9c2 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -154,7 +154,11 @@ ct_mark.natted = ct_mark[1] ct_mark.obs_collector_id = ct_mark[16..23] ct_mark.obs_stage = ct_mark[4..5] ct_mark.skip_snat = ct_mark[2] +ct_proto = NXM_NX_CT_NW_PROTO ct_state = NXM_NX_CT_STATE +ct_udp = ct_proto == 17 +ct_udp.dst = NXM_NX_CT_TP_DST +ct_udp.src = NXM_NX_CT_TP_SRC ]]) AT_CLEANUP -- 2.43.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
