Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On 12/4/23 14:18, Marcelo Leitner wrote: > On Mon, Dec 04, 2023 at 01:57:50PM +0100, Ilya Maximets wrote: >> On 12/4/23 13:40, Marcelo Leitner wrote: >>> On Sat, Dec 02, 2023 at 12:06:59AM +0100, Ilya Maximets wrote: >>> ... Adding a test case that demonstrates a scenario where the issue occurs - bridging of two tunnels. >>> >>> I get the fix and it LGTM. What I don't get is the test case. >>> Considering that the attr was getting simply ignored, wouldn't the >>> test case always succeed? That is, I don't see how ignoring tp_src >>> would cause the test to fail. Can you please elaborate? >> >> Ignoring the tp_src is causing tc code to warn about kernel >> acknowledgement mismatch. Testsuite doesn't tolerate warnings, >> so the test fails on checking the logs: > > Nice. > > ... >> We do not check if the offloading is actually happening, but we >> check if there is any miscommunication between ovs-vswitchd and >> the kernel (TC). >> >> Does that make sense? > > Yes, thanks. > > Reviewed-by: Marcelo Ricardo Leitner > Thanks, everyone! Applied and backported down to 2.17. Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
Thanks Ilya for the clarification. I didn’t know about check_logs logic. Tested-by: Vladislav Odintsov > On 4 Dec 2023, at 15:59, Ilya Maximets wrote: > > On 12/2/23 16:16, Vladislav Odintsov wrote: >> Hi Ilya, thanks for the added test! >> >> I’ve got one question about it, psb. >> >>> On 2 Dec 2023, at 02:06, Ilya Maximets wrote: >>> >>> There is no TCA_TUNNEL_KEY_ENC_SRC_PORT in the kernel, so the offload >>> should not be attempted if OVS_TUNNEL_KEY_ATTR_TP_SRC is requested >>> by OVS. Current code just ignores the attribute in the tunnel(set()) >>> action leading to a flow mismatch and potential incorrect datapath >>> behavior: >>> >>> |tc(handler21)|DBG|tc flower compare failed action compare >>> ... >>> Action 0 mismatch: >>> - Expected Action: >>> 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 >>> 0020 c0 5b 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 >>> 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 >>> ... >>> - Received Action: >>> 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 >>> 0020 00 00 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 >>> 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 >>> ... >>> >>> In the tc_action dump above we can see the difference on the second >>> line. The action dumped from a kernel is missing 'c0 5b' - source >>> port for a tunnel(set()) action on the second line. >>> >>> Removing the field from the tc_action_encap structure entirely to >>> avoid any potential confusion. >>> >>> Note: In general, the source port number in the tunnel(set()) action >>> is not particularly useful for most tunnels, because they may just >>> ignore the value. Specs for Geneve and VXLAN suggest using a value >>> based on the headers of the inner packet as a source port. >>> In vast majority of scenarios the source port doesn't actually end >>> up in the action itself. >>> Having a mismatch between the userspace and TC leads to constant >>> revalidation of the flow and warnings in the log. >>> >>> Adding a test case that demonstrates a scenario where the issue >>> occurs - bridging of two tunnels. >>> >>> Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using >>> tc interface") >>> Reported-at: >>> https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html >>> Reported-by: Vladislav Odintsov >>> Signed-off-by: Ilya Maximets >>> --- >>> >>> Version 2: >>> * Slightly adjusted a commit message now that we understand the >>>scenario better. >>> * Added a test case that reproduces the issue. >>> >>> >>> lib/netdev-offload-tc.c | 4 ++- >>> lib/tc.h| 3 +- >>> tests/system-traffic.at | 77 + >>> 3 files changed, 82 insertions(+), 2 deletions(-) >>> >>> diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c >>> index b846a63c2..164c7eef6 100644 >>> --- a/lib/netdev-offload-tc.c >>> +++ b/lib/netdev-offload-tc.c >>> @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, >>> struct tc_action *action, >>> } >>> break; >>> case OVS_TUNNEL_KEY_ATTR_TP_SRC: { >>> -action->encap.tp_src = nl_attr_get_be16(tun_attr); >>> +/* There is no corresponding attribute in TC. */ >>> +VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); >>> +return EOPNOTSUPP; >>> } >>> break; >>> case OVS_TUNNEL_KEY_ATTR_TP_DST: { >>> diff --git a/lib/tc.h b/lib/tc.h >>> index 06707ffa4..fdbcf4b7c 100644 >>> --- a/lib/tc.h >>> +++ b/lib/tc.h >>> @@ -213,7 +213,8 @@ enum nat_type { >>> struct tc_action_encap { >>> bool id_present; >>> ovs_be64 id; >>> -ovs_be16 tp_src; >>> +/* ovs_be16 tp_src; Could have been here, but there is no >>> + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ >>> ovs_be16 tp_dst; >>> uint8_t tos; >>> uint8_t ttl; >>> diff --git a/tests/system-traffic.at b/tests/system-traffic.at >>> index a7d4ed83b..fd55fdee1 100644 >>> --- a/tests/system-traffic.at >>> +++ b/tests/system-traffic.at >>> @@ -903,6 +903,83 @@ ovs-pcap p0.pcap >>> AT_CHECK([ovs-pcap p0.pcap | grep -Eq >>> "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) >>> AT_CLEANUP >>> >>> +AT_SETUP([datapath - bridging two geneve tunnels]) >>> +OVS_CHECK_TUNNEL_TSO() >>> +OVS_CHECK_GENEVE() >>> + >>> +OVS_TRAFFIC_VSWITCHD_START() >>> +ADD_BR([br-underlay-0]) >>> +ADD_BR([br-underlay-1]) >>> + >>> +ADD_NAMESPACES(at_ns0) >>> +ADD_NAMESPACES(at_ns1) >>> + >>> +dnl Set up underlay link from host into the namespaces using veth pairs. >>> +ADD_VETH(p0, at_ns0, br-underlay-0,
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On Mon, Dec 04, 2023 at 01:57:50PM +0100, Ilya Maximets wrote: > On 12/4/23 13:40, Marcelo Leitner wrote: > > On Sat, Dec 02, 2023 at 12:06:59AM +0100, Ilya Maximets wrote: > > ... > >> Adding a test case that demonstrates a scenario where the issue > >> occurs - bridging of two tunnels. > > > > I get the fix and it LGTM. What I don't get is the test case. > > Considering that the attr was getting simply ignored, wouldn't the > > test case always succeed? That is, I don't see how ignoring tp_src > > would cause the test to fail. Can you please elaborate? > > Ignoring the tp_src is causing tc code to warn about kernel > acknowledgement mismatch. Testsuite doesn't tolerate warnings, > so the test fails on checking the logs: Nice. ... > We do not check if the offloading is actually happening, but we > check if there is any miscommunication between ovs-vswitchd and > the kernel (TC). > > Does that make sense? Yes, thanks. Reviewed-by: Marcelo Ricardo Leitner ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On 12/2/23 16:16, Vladislav Odintsov wrote: > Hi Ilya, thanks for the added test! > > I’ve got one question about it, psb. > >> On 2 Dec 2023, at 02:06, Ilya Maximets wrote: >> >> There is no TCA_TUNNEL_KEY_ENC_SRC_PORT in the kernel, so the offload >> should not be attempted if OVS_TUNNEL_KEY_ATTR_TP_SRC is requested >> by OVS. Current code just ignores the attribute in the tunnel(set()) >> action leading to a flow mismatch and potential incorrect datapath >> behavior: >> >> |tc(handler21)|DBG|tc flower compare failed action compare >> ... >> Action 0 mismatch: >> - Expected Action: >> 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 >> 0020 c0 5b 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 >> 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 >> ... >> - Received Action: >> 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 >> 0020 00 00 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 >> 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 >> ... >> >> In the tc_action dump above we can see the difference on the second >> line. The action dumped from a kernel is missing 'c0 5b' - source >> port for a tunnel(set()) action on the second line. >> >> Removing the field from the tc_action_encap structure entirely to >> avoid any potential confusion. >> >> Note: In general, the source port number in the tunnel(set()) action >> is not particularly useful for most tunnels, because they may just >> ignore the value. Specs for Geneve and VXLAN suggest using a value >> based on the headers of the inner packet as a source port. >> In vast majority of scenarios the source port doesn't actually end >> up in the action itself. >> Having a mismatch between the userspace and TC leads to constant >> revalidation of the flow and warnings in the log. >> >> Adding a test case that demonstrates a scenario where the issue >> occurs - bridging of two tunnels. >> >> Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc >> interface") >> Reported-at: >> https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html >> Reported-by: Vladislav Odintsov >> Signed-off-by: Ilya Maximets >> --- >> >> Version 2: >> * Slightly adjusted a commit message now that we understand the >> scenario better. >> * Added a test case that reproduces the issue. >> >> >> lib/netdev-offload-tc.c | 4 ++- >> lib/tc.h | 3 +- >> tests/system-traffic.at | 77 + >> 3 files changed, 82 insertions(+), 2 deletions(-) >> >> diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c >> index b846a63c2..164c7eef6 100644 >> --- a/lib/netdev-offload-tc.c >> +++ b/lib/netdev-offload-tc.c >> @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, >> struct tc_action *action, >> } >> break; >> case OVS_TUNNEL_KEY_ATTR_TP_SRC: { >> - action->encap.tp_src = nl_attr_get_be16(tun_attr); >> + /* There is no corresponding attribute in TC. */ >> + VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); >> + return EOPNOTSUPP; >> } >> break; >> case OVS_TUNNEL_KEY_ATTR_TP_DST: { >> diff --git a/lib/tc.h b/lib/tc.h >> index 06707ffa4..fdbcf4b7c 100644 >> --- a/lib/tc.h >> +++ b/lib/tc.h >> @@ -213,7 +213,8 @@ enum nat_type { >> struct tc_action_encap { >> bool id_present; >> ovs_be64 id; >> - ovs_be16 tp_src; >> + /* ovs_be16 tp_src; Could have been here, but there is no >> + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ >> ovs_be16 tp_dst; >> uint8_t tos; >> uint8_t ttl; >> diff --git a/tests/system-traffic.at b/tests/system-traffic.at >> index a7d4ed83b..fd55fdee1 100644 >> --- a/tests/system-traffic.at >> +++ b/tests/system-traffic.at >> @@ -903,6 +903,83 @@ ovs-pcap p0.pcap >> AT_CHECK([ovs-pcap p0.pcap | grep -Eq >> "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) >> AT_CLEANUP >> >> +AT_SETUP([datapath - bridging two geneve tunnels]) >> +OVS_CHECK_TUNNEL_TSO() >> +OVS_CHECK_GENEVE() >> + >> +OVS_TRAFFIC_VSWITCHD_START() >> +ADD_BR([br-underlay-0]) >> +ADD_BR([br-underlay-1]) >> + >> +ADD_NAMESPACES(at_ns0) >> +ADD_NAMESPACES(at_ns1) >> + >> +dnl Set up underlay link from host into the namespaces using veth pairs. >> +ADD_VETH(p0, at_ns0, br-underlay-0, "172.31.1.1/24") >> +AT_CHECK([ip addr add dev br-underlay-0 "172.31.1.100/24"]) >> +AT_CHECK([ip link set dev br-underlay-0 up]) >> + >> +ADD_VETH(p1, at_ns1, br-underlay-1, "172.31.2.1/24") >> +AT_CHECK([ip addr add dev br-underlay-1 "172.31.2.100/24"]) >> +AT_CHECK([ip link set dev br-underlay-1 up])
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On 12/4/23 13:40, Marcelo Leitner wrote: > On Sat, Dec 02, 2023 at 12:06:59AM +0100, Ilya Maximets wrote: > ... >> Adding a test case that demonstrates a scenario where the issue >> occurs - bridging of two tunnels. > > I get the fix and it LGTM. What I don't get is the test case. > Considering that the attr was getting simply ignored, wouldn't the > test case always succeed? That is, I don't see how ignoring tp_src > would cause the test to fail. Can you please elaborate? Ignoring the tp_src is causing tc code to warn about kernel acknowledgement mismatch. Testsuite doesn't tolerate warnings, so the test fails on checking the logs: ./system-traffic.at:980: check_logs --- /dev/null 2023-11-16 11:36:50.99100 -0500 +++ /root/ovs/tests/system-offloads-testsuite.dir/at-groups/40/stdout 2023-12-04 07:55:35.055945362 -0500 @@ -0,0 +1,6 @@ +2023-12-04T12:55:32.199Z|1|tc(handler22)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. +2023-12-04T12:55:32.199Z|2|tc(handler22)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. +2023-12-04T12:55:32.574Z|1|tc(handler8)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. +2023-12-04T12:55:32.765Z|1|tc(handler20)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. +2023-12-04T12:55:33.189Z|1|tc(handler23)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. +2023-12-04T12:55:33.597Z|3|tc(handler8)|WARN|Kernel flower acknowledgment does not match request! Set dpif_netlink to dbg to see which rule caused this error. <...> 40. system-traffic.at:906: FAILED (system-traffic.at:980) We do not check if the offloading is actually happening, but we check if there is any miscommunication between ovs-vswitchd and the kernel (TC). Does that make sense? > > Marcelo > >> >> Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc >> interface") >> Reported-at: >> https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html >> Reported-by: Vladislav Odintsov >> Signed-off-by: Ilya Maximets >> --- >> >> Version 2: >> * Slightly adjusted a commit message now that we understand the >> scenario better. >> * Added a test case that reproduces the issue. >> >> >> lib/netdev-offload-tc.c | 4 ++- >> lib/tc.h| 3 +- >> tests/system-traffic.at | 77 + >> 3 files changed, 82 insertions(+), 2 deletions(-) >> >> diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c >> index b846a63c2..164c7eef6 100644 >> --- a/lib/netdev-offload-tc.c >> +++ b/lib/netdev-offload-tc.c >> @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, >> struct tc_action *action, >> } >> break; >> case OVS_TUNNEL_KEY_ATTR_TP_SRC: { >> -action->encap.tp_src = nl_attr_get_be16(tun_attr); >> +/* There is no corresponding attribute in TC. */ >> +VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); >> +return EOPNOTSUPP; >> } >> break; >> case OVS_TUNNEL_KEY_ATTR_TP_DST: { >> diff --git a/lib/tc.h b/lib/tc.h >> index 06707ffa4..fdbcf4b7c 100644 >> --- a/lib/tc.h >> +++ b/lib/tc.h >> @@ -213,7 +213,8 @@ enum nat_type { >> struct tc_action_encap { >> bool id_present; >> ovs_be64 id; >> -ovs_be16 tp_src; >> +/* ovs_be16 tp_src; Could have been here, but there is no >> + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ >> ovs_be16 tp_dst; >> uint8_t tos; >> uint8_t ttl; >> diff --git a/tests/system-traffic.at b/tests/system-traffic.at >> index a7d4ed83b..fd55fdee1 100644 >> --- a/tests/system-traffic.at >> +++ b/tests/system-traffic.at >> @@ -903,6 +903,83 @@ ovs-pcap p0.pcap >> AT_CHECK([ovs-pcap p0.pcap | grep -Eq >> "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) >> AT_CLEANUP >> >> +AT_SETUP([datapath - bridging two geneve tunnels]) >> +OVS_CHECK_TUNNEL_TSO() >> +OVS_CHECK_GENEVE() >> + >> +OVS_TRAFFIC_VSWITCHD_START() >> +ADD_BR([br-underlay-0]) >> +ADD_BR([br-underlay-1]) >> + >> +ADD_NAMESPACES(at_ns0) >> +ADD_NAMESPACES(at_ns1) >> + >> +dnl Set up underlay link from host into the namespaces using veth pairs. >> +ADD_VETH(p0, at_ns0, br-underlay-0, "172.31.1.1/24") >> +AT_CHECK([ip addr add dev br-underlay-0 "172.31.1.100/24"]) >> +AT_CHECK([ip link set dev br-underlay-0 up]) >> + >> +ADD_VETH(p1, at_ns1, br-underlay-1, "172.31.2.1/24") >>
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On Sat, Dec 02, 2023 at 12:06:59AM +0100, Ilya Maximets wrote: ... > Adding a test case that demonstrates a scenario where the issue > occurs - bridging of two tunnels. I get the fix and it LGTM. What I don't get is the test case. Considering that the attr was getting simply ignored, wouldn't the test case always succeed? That is, I don't see how ignoring tp_src would cause the test to fail. Can you please elaborate? Marcelo > > Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc > interface") > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html > Reported-by: Vladislav Odintsov > Signed-off-by: Ilya Maximets > --- > > Version 2: > * Slightly adjusted a commit message now that we understand the > scenario better. > * Added a test case that reproduces the issue. > > > lib/netdev-offload-tc.c | 4 ++- > lib/tc.h| 3 +- > tests/system-traffic.at | 77 + > 3 files changed, 82 insertions(+), 2 deletions(-) > > diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c > index b846a63c2..164c7eef6 100644 > --- a/lib/netdev-offload-tc.c > +++ b/lib/netdev-offload-tc.c > @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, > struct tc_action *action, > } > break; > case OVS_TUNNEL_KEY_ATTR_TP_SRC: { > -action->encap.tp_src = nl_attr_get_be16(tun_attr); > +/* There is no corresponding attribute in TC. */ > +VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); > +return EOPNOTSUPP; > } > break; > case OVS_TUNNEL_KEY_ATTR_TP_DST: { > diff --git a/lib/tc.h b/lib/tc.h > index 06707ffa4..fdbcf4b7c 100644 > --- a/lib/tc.h > +++ b/lib/tc.h > @@ -213,7 +213,8 @@ enum nat_type { > struct tc_action_encap { > bool id_present; > ovs_be64 id; > -ovs_be16 tp_src; > +/* ovs_be16 tp_src; Could have been here, but there is no > + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ > ovs_be16 tp_dst; > uint8_t tos; > uint8_t ttl; > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index a7d4ed83b..fd55fdee1 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -903,6 +903,83 @@ ovs-pcap p0.pcap > AT_CHECK([ovs-pcap p0.pcap | grep -Eq > "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) > AT_CLEANUP > > +AT_SETUP([datapath - bridging two geneve tunnels]) > +OVS_CHECK_TUNNEL_TSO() > +OVS_CHECK_GENEVE() > + > +OVS_TRAFFIC_VSWITCHD_START() > +ADD_BR([br-underlay-0]) > +ADD_BR([br-underlay-1]) > + > +ADD_NAMESPACES(at_ns0) > +ADD_NAMESPACES(at_ns1) > + > +dnl Set up underlay link from host into the namespaces using veth pairs. > +ADD_VETH(p0, at_ns0, br-underlay-0, "172.31.1.1/24") > +AT_CHECK([ip addr add dev br-underlay-0 "172.31.1.100/24"]) > +AT_CHECK([ip link set dev br-underlay-0 up]) > + > +ADD_VETH(p1, at_ns1, br-underlay-1, "172.31.2.1/24") > +AT_CHECK([ip addr add dev br-underlay-1 "172.31.2.100/24"]) > +AT_CHECK([ip link set dev br-underlay-1 up]) > + > +dnl Set up two OVS tunnel endpoints in a root namespace and two native > +dnl linux devices inside the test namespaces. > +dnl > +dnl ns_gnv0 | ns_gnv1 > +dnl ip:10.1.1.1/24 | ip:10.1.1.2/24 > +dnl remote_ip: 172.31.1.100 | remote_ip: 172.31.2.100 > +dnl || | > +dnl || | > +dnl p0 | p1 > +dnl ip: 172.31.1.1/24| ip: 172.31.2.1/24 > +dnl | NS0 | NS1| > +dnl > -|+--| > +dnl | | > +dnl br-underlay-0: br-underlay-1: > +dnl ip: 172.31.1.100/24 ip: 172.31.2.100/24 > +dnl ovs-p0 ovs-p1 > +dnl | | > +dnl |br0| > +dnl encap/decap --- ip: 10.1.1.100/24 - encap/decap > +dnl at_gnv0 > +dnl remote_ip: 172.31.1.1 > +dnl at_gnv1 > +dnl remote_ip: 172.31.2.1 > +dnl > +ADD_OVS_TUNNEL([geneve], [br0], [at_gnv0], [172.31.1.1], [10.1.1.100/24]) > +ADD_NATIVE_TUNNEL([geneve], [ns_gnv0], [at_ns0], [172.31.1.100], > [10.1.1.1/24], > + [vni 0]) > +ADD_OVS_TUNNEL([geneve], [br0],
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
On 2 Dec 2023, at 0:06, Ilya Maximets wrote: > There is no TCA_TUNNEL_KEY_ENC_SRC_PORT in the kernel, so the offload > should not be attempted if OVS_TUNNEL_KEY_ATTR_TP_SRC is requested > by OVS. Current code just ignores the attribute in the tunnel(set()) > action leading to a flow mismatch and potential incorrect datapath > behavior: > > |tc(handler21)|DBG|tc flower compare failed action compare > ... > Action 0 mismatch: > - Expected Action: > 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 > 0020 c0 5b 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 > 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 > ... > - Received Action: > 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 > 0020 00 00 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 > 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 > ... > > In the tc_action dump above we can see the difference on the second > line. The action dumped from a kernel is missing 'c0 5b' - source > port for a tunnel(set()) action on the second line. > > Removing the field from the tc_action_encap structure entirely to > avoid any potential confusion. > > Note: In general, the source port number in the tunnel(set()) action > is not particularly useful for most tunnels, because they may just > ignore the value. Specs for Geneve and VXLAN suggest using a value > based on the headers of the inner packet as a source port. > In vast majority of scenarios the source port doesn't actually end > up in the action itself. > Having a mismatch between the userspace and TC leads to constant > revalidation of the flow and warnings in the log. > > Adding a test case that demonstrates a scenario where the issue > occurs - bridging of two tunnels. > > Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc > interface") > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html > Reported-by: Vladislav Odintsov > Signed-off-by: Ilya Maximets > --- Thank for fixing this and adding the unit test. Acked-by: Eelco Chaudron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
Hi Ilya, thanks for the added test! I’ve got one question about it, psb. > On 2 Dec 2023, at 02:06, Ilya Maximets wrote: > > There is no TCA_TUNNEL_KEY_ENC_SRC_PORT in the kernel, so the offload > should not be attempted if OVS_TUNNEL_KEY_ATTR_TP_SRC is requested > by OVS. Current code just ignores the attribute in the tunnel(set()) > action leading to a flow mismatch and potential incorrect datapath > behavior: > > |tc(handler21)|DBG|tc flower compare failed action compare > ... > Action 0 mismatch: > - Expected Action: > 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 > 0020 c0 5b 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 > 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 > ... > - Received Action: > 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 > 0020 00 00 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 > 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 > ... > > In the tc_action dump above we can see the difference on the second > line. The action dumped from a kernel is missing 'c0 5b' - source > port for a tunnel(set()) action on the second line. > > Removing the field from the tc_action_encap structure entirely to > avoid any potential confusion. > > Note: In general, the source port number in the tunnel(set()) action > is not particularly useful for most tunnels, because they may just > ignore the value. Specs for Geneve and VXLAN suggest using a value > based on the headers of the inner packet as a source port. > In vast majority of scenarios the source port doesn't actually end > up in the action itself. > Having a mismatch between the userspace and TC leads to constant > revalidation of the flow and warnings in the log. > > Adding a test case that demonstrates a scenario where the issue > occurs - bridging of two tunnels. > > Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc > interface") > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html > Reported-by: Vladislav Odintsov > Signed-off-by: Ilya Maximets > --- > > Version 2: > * Slightly adjusted a commit message now that we understand the >scenario better. > * Added a test case that reproduces the issue. > > > lib/netdev-offload-tc.c | 4 ++- > lib/tc.h| 3 +- > tests/system-traffic.at | 77 + > 3 files changed, 82 insertions(+), 2 deletions(-) > > diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c > index b846a63c2..164c7eef6 100644 > --- a/lib/netdev-offload-tc.c > +++ b/lib/netdev-offload-tc.c > @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, > struct tc_action *action, > } > break; > case OVS_TUNNEL_KEY_ATTR_TP_SRC: { > -action->encap.tp_src = nl_attr_get_be16(tun_attr); > +/* There is no corresponding attribute in TC. */ > +VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); > +return EOPNOTSUPP; > } > break; > case OVS_TUNNEL_KEY_ATTR_TP_DST: { > diff --git a/lib/tc.h b/lib/tc.h > index 06707ffa4..fdbcf4b7c 100644 > --- a/lib/tc.h > +++ b/lib/tc.h > @@ -213,7 +213,8 @@ enum nat_type { > struct tc_action_encap { > bool id_present; > ovs_be64 id; > -ovs_be16 tp_src; > +/* ovs_be16 tp_src; Could have been here, but there is no > + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ > ovs_be16 tp_dst; > uint8_t tos; > uint8_t ttl; > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index a7d4ed83b..fd55fdee1 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -903,6 +903,83 @@ ovs-pcap p0.pcap > AT_CHECK([ovs-pcap p0.pcap | grep -Eq > "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) > AT_CLEANUP > > +AT_SETUP([datapath - bridging two geneve tunnels]) > +OVS_CHECK_TUNNEL_TSO() > +OVS_CHECK_GENEVE() > + > +OVS_TRAFFIC_VSWITCHD_START() > +ADD_BR([br-underlay-0]) > +ADD_BR([br-underlay-1]) > + > +ADD_NAMESPACES(at_ns0) > +ADD_NAMESPACES(at_ns1) > + > +dnl Set up underlay link from host into the namespaces using veth pairs. > +ADD_VETH(p0, at_ns0, br-underlay-0, "172.31.1.1/24") > +AT_CHECK([ip addr add dev br-underlay-0 "172.31.1.100/24"]) > +AT_CHECK([ip link set dev br-underlay-0 up]) > + > +ADD_VETH(p1, at_ns1, br-underlay-1, "172.31.2.1/24") > +AT_CHECK([ip addr add dev br-underlay-1 "172.31.2.100/24"]) > +AT_CHECK([ip link set dev br-underlay-1 up]) > + > +dnl Set up two OVS tunnel endpoints in a root namespace and two native > +dnl linux devices inside the test namespaces. > +dnl > +dnl ns_gnv0
[ovs-dev] [PATCH v2] netdev-offload-tc: Fix offload of tunnel key tp_src.
There is no TCA_TUNNEL_KEY_ENC_SRC_PORT in the kernel, so the offload should not be attempted if OVS_TUNNEL_KEY_ATTR_TP_SRC is requested by OVS. Current code just ignores the attribute in the tunnel(set()) action leading to a flow mismatch and potential incorrect datapath behavior: |tc(handler21)|DBG|tc flower compare failed action compare ... Action 0 mismatch: - Expected Action: 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 0020 c0 5b 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 ... - Received Action: 0010 01 00 00 00 00 00 00 00-00 00 00 00 00 ff 00 11 0020 00 00 17 c1 00 40 00 00-0a 01 00 6d 0a 01 01 12 0050 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0060 01 02 80 01 00 18 00 0b-00 00 00 00 00 00 00 00 ... In the tc_action dump above we can see the difference on the second line. The action dumped from a kernel is missing 'c0 5b' - source port for a tunnel(set()) action on the second line. Removing the field from the tc_action_encap structure entirely to avoid any potential confusion. Note: In general, the source port number in the tunnel(set()) action is not particularly useful for most tunnels, because they may just ignore the value. Specs for Geneve and VXLAN suggest using a value based on the headers of the inner packet as a source port. In vast majority of scenarios the source port doesn't actually end up in the action itself. Having a mismatch between the userspace and TC leads to constant revalidation of the flow and warnings in the log. Adding a test case that demonstrates a scenario where the issue occurs - bridging of two tunnels. Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc interface") Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2023-October/052744.html Reported-by: Vladislav Odintsov Signed-off-by: Ilya Maximets --- Version 2: * Slightly adjusted a commit message now that we understand the scenario better. * Added a test case that reproduces the issue. lib/netdev-offload-tc.c | 4 ++- lib/tc.h| 3 +- tests/system-traffic.at | 77 + 3 files changed, 82 insertions(+), 2 deletions(-) diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index b846a63c2..164c7eef6 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -1627,7 +1627,9 @@ parse_put_flow_set_action(struct tc_flower *flower, struct tc_action *action, } break; case OVS_TUNNEL_KEY_ATTR_TP_SRC: { -action->encap.tp_src = nl_attr_get_be16(tun_attr); +/* There is no corresponding attribute in TC. */ +VLOG_DBG_RL(, "unsupported tunnel key attribute TP_SRC"); +return EOPNOTSUPP; } break; case OVS_TUNNEL_KEY_ATTR_TP_DST: { diff --git a/lib/tc.h b/lib/tc.h index 06707ffa4..fdbcf4b7c 100644 --- a/lib/tc.h +++ b/lib/tc.h @@ -213,7 +213,8 @@ enum nat_type { struct tc_action_encap { bool id_present; ovs_be64 id; -ovs_be16 tp_src; +/* ovs_be16 tp_src; Could have been here, but there is no + * TCA_TUNNEL_KEY_ENC_ attribute for it in the kernel. */ ovs_be16 tp_dst; uint8_t tos; uint8_t ttl; diff --git a/tests/system-traffic.at b/tests/system-traffic.at index a7d4ed83b..fd55fdee1 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -903,6 +903,83 @@ ovs-pcap p0.pcap AT_CHECK([ovs-pcap p0.pcap | grep -Eq "^[[[:xdigit:]]]{24}86dd603a1140fc000100fc01[[[:xdigit:]]]{4}17c1003a[[[:xdigit:]]]{4}6558fa163e949d8008060001080006040001[[[:xdigit:]]]{12}0af40afe$"]) AT_CLEANUP +AT_SETUP([datapath - bridging two geneve tunnels]) +OVS_CHECK_TUNNEL_TSO() +OVS_CHECK_GENEVE() + +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-underlay-0]) +ADD_BR([br-underlay-1]) + +ADD_NAMESPACES(at_ns0) +ADD_NAMESPACES(at_ns1) + +dnl Set up underlay link from host into the namespaces using veth pairs. +ADD_VETH(p0, at_ns0, br-underlay-0, "172.31.1.1/24") +AT_CHECK([ip addr add dev br-underlay-0 "172.31.1.100/24"]) +AT_CHECK([ip link set dev br-underlay-0 up]) + +ADD_VETH(p1, at_ns1, br-underlay-1, "172.31.2.1/24") +AT_CHECK([ip addr add dev br-underlay-1 "172.31.2.100/24"]) +AT_CHECK([ip link set dev br-underlay-1 up]) + +dnl Set up two OVS tunnel endpoints in a root namespace and two native +dnl linux devices inside the test namespaces. +dnl +dnl ns_gnv0 | ns_gnv1 +dnl ip:10.1.1.1/24 | ip:10.1.1.2/24 +dnl remote_ip: 172.31.1.100 | remote_ip: 172.31.2.100 +dnl || | +dnl || | +dnl p0