From patchwork Mon Dec 19 12:12:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gurucharan Shetty X-Patchwork-Id: 707260 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tjFm157Mxz9t0H for ; Tue, 20 Dec 2016 09:22:41 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 8ABE0955; Mon, 19 Dec 2016 22:22:38 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 612FC258 for ; Mon, 19 Dec 2016 22:22:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f193.google.com (mail-io0-f193.google.com [209.85.223.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D2D81FB for ; Mon, 19 Dec 2016 22:22:36 +0000 (UTC) Received: by mail-io0-f193.google.com with SMTP id f73so20570595ioe.2 for ; Mon, 19 Dec 2016 14:22:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=SmFwBPPj56nfVjq6WBQa4DHJwIR9viOWUI+DaW8+WkY=; b=gZ37FOtfBChOb5gEda4I6syUiDo6Gu7nltB8u9L9mIMT25hdAGVQUIWsR13k5He6F8 Xp91i10o+gQUWuM1o00CSrFpettXdGksH9TirMzmmIWUfQ5dZkxoNzZNpIJdJXlqPA4g tWT9rhGqjc3owctpIptL98iCSqZ8iETbq5LmCsICK2RumCuBpkt4WwcKtPvyjIYG+pap f63hlZpDZ6Ke5vAnMeb/+pSOPrgnDwVyRVSXrBMTd6BPusxipZ9y9P2+/gUqFmOYv9Z1 B3zv3W4uzuy9K6++orSklKb9BJLvMFdNMeAMifAf3JZuVDHrGjYg4H6KjgJzqB0djvqE H2+Q== X-Gm-Message-State: AIkVDXID9fauKVB/xCIOkkYoNVGgBijObujhuwdWQjBAxD/e8EyPfpI4i29R6oj7KDHwvA== X-Received: by 10.107.133.206 with SMTP id p75mr20767151ioi.175.1482186155725; Mon, 19 Dec 2016 14:22:35 -0800 (PST) Received: from ubuntu.eng.vmware.com ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id y20sm9075712ioy.8.2016.12.19.14.22.33 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Dec 2016 14:22:34 -0800 (PST) From: Gurucharan Shetty To: dev@openvswitch.org Date: Mon, 19 Dec 2016 04:12:17 -0800 Message-Id: <1482149537-20962-1-git-send-email-guru@ovn.org> X-Mailer: git-send-email 1.9.1 X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00, DATE_IN_PAST_06_12, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH] ovn-controller: Fix conntrack zone in gateway routers. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org The gateway router was using the ct_next action to reassemble packets. But ct_next action by default would use the zone allocated for a logical port and in case of gateway routers that value was zero. This would make the flow use the default zone of zero. This had some unintended consequences as the zone used to track packets and the zone used to eventually commit it (DNAT zone) was different. As a result, a packet would never have ct.est set. With this commit, when ct_next action is used in a gateway router, we use the DNAT zone. This is similar to the strategy used in commit c2e954a117a8 (ovn-controller: Datapath based conntrack zone for load-balancing.) Signed-off-by: Gurucharan Shetty Acked-by: Ben Pfaff --- ovn/lib/actions.c | 3 ++- ovn/ovn-sb.xml | 8 +++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c index fa8f175..686ecc5 100644 --- a/ovn/lib/actions.c +++ b/ovn/lib/actions.c @@ -551,7 +551,8 @@ encode_CT_NEXT(const struct ovnact_next *next, { struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts); ct->recirc_table = ep->first_ptable + next->ltable; - ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE); + ct->zone_src.field = ep->is_switch ? mf_from_id(MFF_LOG_CT_ZONE) + : mf_from_id(MFF_LOG_DNAT_ZONE); ct->zone_src.ofs = 0; ct->zone_src.n_bits = 16; ofpact_finish(ofpacts, &ct->ofpact); diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml index 65191ed..6daa8aa 100644 --- a/ovn/ovn-sb.xml +++ b/ovn/ovn-sb.xml @@ -1037,9 +1037,11 @@ As a side effect, IP fragments will be reassembled for matching. If a fragmented packet is output, then it will be sent with any overlapping fragments squashed. The connection tracking state is - scoped by the logical port, so overlapping addresses may be used. - To allow traffic related to the matched flow, execute - ct_commit. + scoped by the logical port when the action is used in a flow for + a logical switch, so overlapping addresses may be used. To allow + traffic related to the matched flow, execute ct_commit + . Connection tracking state is scoped by the logical + topology when the action is used in a flow for a router.