From: Frode Nordahl <[email protected]> While there is a hardware offload friendly approach to fixing processing of fragmented traffic to load balancers in 8e6f9a8355e2 ("northd: Fix HW offload problem related to ct_tuple."), the change is quite invasive, and not compatible with our requirement to make UDP fragmentation work for switch egress pipeline user space data path back to OVN 22.03.
In a subsequent commit a optional workaround to this problem is provided, which relies on this field being available. The documentation for OVN Northbound ACL table already states that the match column uses the same expression language as the OVN Southbound Logical_Flow match column. As we know use of these fields may be considered low level and problematic, consequently notes are added to mark them as internal API and discourage their use. Related: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2115795 Related: https://issues.redhat.com/browse/FDP-684 Signed-off-by: Frode Nordahl <[email protected]> --- lib/logical-fields.c | 9 +++++++++ ovn-nb.xml | 8 ++++++++ ovn-sb.xml | 10 ++++++++++ tests/ovn.at | 4 ++++ 4 files changed, 31 insertions(+) diff --git a/lib/logical-fields.c b/lib/logical-fields.c index fcafeeac2..ac33f7bf1 100644 --- a/lib/logical-fields.c +++ b/lib/logical-fields.c @@ -368,6 +368,15 @@ ovn_init_symtab(struct shash *symtab) expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", OVN_ICMP4_FRAG_MTU); expr_symtab_add_ovn_field(symtab, "icmp6.frag_mtu", OVN_ICMP6_FRAG_MTU); + + expr_symtab_add_field(symtab, "ct_proto", MFF_CT_NW_PROTO, + "ct.trk", false); + + expr_symtab_add_predicate(symtab, "ct_udp", "ct_proto == 17"); + expr_symtab_add_field(symtab, "ct_udp.dst", MFF_CT_TP_DST, + "ct_udp", false); + expr_symtab_add_field(symtab, "ct_udp.src", MFF_CT_TP_SRC, + "ct_udp", false); } const char * diff --git a/ovn-nb.xml b/ovn-nb.xml index ea7164e6c..75838dd30 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2644,6 +2644,14 @@ or Note that you can not create an ACL matching on a port with type=router or type=localnet. </p> + + <p> + Note that matching directly on connection tracker metadata fields such + as <code>ct_proto</code>, <code>ct_udp</code> and their subfields is + for internal use between ovn-northd and ovn-controller, may be removed + at any time and consequently not supported as part of the Northbound + API. + </p> </column> <column name="action"> diff --git a/ovn-sb.xml b/ovn-sb.xml index c5e86a87e..2ae30dc49 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -1147,6 +1147,16 @@ </li> </ul> </li> + <li> + <p> + <code>ct_proto</code> and <code>ct_udp</code> subfields represent + connection tracker metadata containing L4 information for UDP + packets. Note: for internal use, may be removed at any time. + </p> + <ul> + <li><code>ct_udp.src</code> <code>ct_udp.dst</code></li> + </ul> + </li> </ul> <p> diff --git a/tests/ovn.at b/tests/ovn.at index 2ac9107c4..d678cfe0f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -154,7 +154,11 @@ ct_mark.natted = ct_mark[1] ct_mark.obs_collector_id = ct_mark[16..23] ct_mark.obs_stage = ct_mark[4..5] ct_mark.skip_snat = ct_mark[2] +ct_proto = NXM_NX_CT_NW_PROTO ct_state = NXM_NX_CT_STATE +ct_udp = ct_proto == 17 +ct_udp.dst = NXM_NX_CT_TP_DST +ct_udp.src = NXM_NX_CT_TP_SRC ]]) AT_CLEANUP -- 2.34.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
