From patchwork Mon Dec 19 12:12:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gurucharan Shetty
X-Patchwork-Id: 707260
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 3tjFm157Mxz9t0H
for ;
Tue, 20 Dec 2016 09:22:41 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 8ABE0955;
Mon, 19 Dec 2016 22:22:38 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 612FC258
for ; Mon, 19 Dec 2016 22:22:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f193.google.com (mail-io0-f193.google.com
[209.85.223.193])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D2D81FB
for ; Mon, 19 Dec 2016 22:22:36 +0000 (UTC)
Received: by mail-io0-f193.google.com with SMTP id f73so20570595ioe.2
for ; Mon, 19 Dec 2016 14:22:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id;
bh=SmFwBPPj56nfVjq6WBQa4DHJwIR9viOWUI+DaW8+WkY=;
b=gZ37FOtfBChOb5gEda4I6syUiDo6Gu7nltB8u9L9mIMT25hdAGVQUIWsR13k5He6F8
Xp91i10o+gQUWuM1o00CSrFpettXdGksH9TirMzmmIWUfQ5dZkxoNzZNpIJdJXlqPA4g
tWT9rhGqjc3owctpIptL98iCSqZ8iETbq5LmCsICK2RumCuBpkt4WwcKtPvyjIYG+pap
f63hlZpDZ6Ke5vAnMeb/+pSOPrgnDwVyRVSXrBMTd6BPusxipZ9y9P2+/gUqFmOYv9Z1
B3zv3W4uzuy9K6++orSklKb9BJLvMFdNMeAMifAf3JZuVDHrGjYg4H6KjgJzqB0djvqE
H2+Q==
X-Gm-Message-State:
AIkVDXID9fauKVB/xCIOkkYoNVGgBijObujhuwdWQjBAxD/e8EyPfpI4i29R6oj7KDHwvA==
X-Received: by 10.107.133.206 with SMTP id
p75mr20767151ioi.175.1482186155725;
Mon, 19 Dec 2016 14:22:35 -0800 (PST)
Received: from ubuntu.eng.vmware.com ([208.91.1.34])
by smtp.gmail.com with ESMTPSA id
y20sm9075712ioy.8.2016.12.19.14.22.33 for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Mon, 19 Dec 2016 14:22:34 -0800 (PST)
From: Gurucharan Shetty
To: dev@openvswitch.org
Date: Mon, 19 Dec 2016 04:12:17 -0800
Message-Id: <1482149537-20962-1-git-send-email-guru@ovn.org>
X-Mailer: git-send-email 1.9.1
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00, DATE_IN_PAST_06_12,
FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH] ovn-controller: Fix conntrack zone in gateway
routers.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
The gateway router was using the ct_next action to
reassemble packets. But ct_next action by default would
use the zone allocated for a logical port and in case of
gateway routers that value was zero. This would make
the flow use the default zone of zero. This had some
unintended consequences as the zone used to track packets
and the zone used to eventually commit it (DNAT zone)
was different. As a result, a packet would never have ct.est set.
With this commit, when ct_next action is used in a gateway
router, we use the DNAT zone. This is similar to the
strategy used in commit c2e954a117a8 (ovn-controller: Datapath
based conntrack zone for load-balancing.)
Signed-off-by: Gurucharan Shetty
Acked-by: Ben Pfaff
---
ovn/lib/actions.c | 3 ++-
ovn/ovn-sb.xml | 8 +++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c
index fa8f175..686ecc5 100644
--- a/ovn/lib/actions.c
+++ b/ovn/lib/actions.c
@@ -551,7 +551,8 @@ encode_CT_NEXT(const struct ovnact_next *next,
{
struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
ct->recirc_table = ep->first_ptable + next->ltable;
- ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE);
+ ct->zone_src.field = ep->is_switch ? mf_from_id(MFF_LOG_CT_ZONE)
+ : mf_from_id(MFF_LOG_DNAT_ZONE);
ct->zone_src.ofs = 0;
ct->zone_src.n_bits = 16;
ofpact_finish(ofpacts, &ct->ofpact);
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 65191ed..6daa8aa 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -1037,9 +1037,11 @@
As a side effect, IP fragments will be reassembled for matching.
If a fragmented packet is output, then it will be sent with any
overlapping fragments squashed. The connection tracking state is
- scoped by the logical port, so overlapping addresses may be used.
- To allow traffic related to the matched flow, execute
- ct_commit
.
+ scoped by the logical port when the action is used in a flow for
+ a logical switch, so overlapping addresses may be used. To allow
+ traffic related to the matched flow, execute ct_commit
+
. Connection tracking state is scoped by the logical
+ topology when the action is used in a flow for a router.