From patchwork Wed Mar  6 18:11:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Horman <horms@ovn.org>
X-Patchwork-Id: 1908984
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TqgVW3LpBz1yX0
	for <incoming@patchwork.ozlabs.org>; Thu,  7 Mar 2024 05:11:31 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id 233A3417D8;
	Wed,  6 Mar 2024 18:11:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
	by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ry2U4QzND0mC; Wed,  6 Mar 2024 18:11:25 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 9787141748
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp4.osuosl.org (Postfix) with ESMTPS id 9787141748;
	Wed,  6 Mar 2024 18:11:25 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 69337C0077;
	Wed,  6 Mar 2024 18:11:25 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 948A0C0037
 for <ovs-dev@openvswitch.org>; Wed,  6 Mar 2024 18:11:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 8261D60769
 for <ovs-dev@openvswitch.org>; Wed,  6 Mar 2024 18:11:23 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fhEJvLXESPSF for <ovs-dev@openvswitch.org>;
 Wed,  6 Mar 2024 18:11:22 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.70.183.200;
 helo=relay7-d.mail.gandi.net; envelope-from=horms@ovn.org;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 4EFD360760
Authentication-Results: smtp3.osuosl.org;
 dmarc=none (p=none dis=none) header.from=ovn.org
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 4EFD360760
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 4EFD360760
 for <ovs-dev@openvswitch.org>; Wed,  6 Mar 2024 18:11:22 +0000 (UTC)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 9977F2000A;
 Wed,  6 Mar 2024 18:11:19 +0000 (UTC)
From: 'Simon Horman' <horms@ovn.org>
Date: Wed, 06 Mar 2024 18:11:10 +0000
MIME-Version: 1.0
Message-Id: <20240306-branch-3-2-series_397657-v1-2-feee97afc4d4@ovn.org>
References: <20240306-branch-3-2-series_397657-v1-0-feee97afc4d4@ovn.org>
In-Reply-To: <20240306-branch-3-2-series_397657-v1-0-feee97afc4d4@ovn.org>
To: ovs-dev@openvswitch.org
X-Mailer: b4 0.12.3
X-GND-Sasl: horms@ovn.org
Cc: Peng He <hepeng.0320@bytedance.com>, Ilya Maximets <i.maximets@ovn.org>
Subject: [ovs-dev] [PATCH branch-3.2 2/2] conntrack: Fix flush not flushing
 all elements.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

From: Xavier Simonart <xsimonar@redhat.com>

On netdev datapath, when a ct element was cleaned, the cmap
could be shrinked, potentially causing some elements to be skipped
in the flush iteration.

Fixes: 967bb5c5cd90 ("conntrack: Add rcu support.")
Signed-off-by: Xavier Simonart <xsimonar@redhat.com>
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Simon Horman <horms@ovn.org>
---
The test has been updated to avoid using ovs-ofctl compose-packet --bare
which does not exist until OVS v3.3. Instead frames are constructed
using printf.
---
 lib/conntrack.c         | 14 ++++--------
 lib/conntrack.h         |  2 +-
 tests/system-traffic.at | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 11 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 47a443fba4db..592bbaa3e149 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2632,25 +2632,19 @@ conntrack_dump_start(struct conntrack *ct, struct conntrack_dump *dump,
 
     dump->ct = ct;
     *ptot_bkts = 1; /* Need to clean up the callers. */
+    dump->cursor = cmap_cursor_start(&ct->conns);
     return 0;
 }
 
 int
 conntrack_dump_next(struct conntrack_dump *dump, struct ct_dpif_entry *entry)
 {
-    struct conntrack *ct = dump->ct;
     long long now = time_msec();
 
-    for (;;) {
-        struct cmap_node *cm_node = cmap_next_position(&ct->conns,
-                                                       &dump->cm_pos);
-        if (!cm_node) {
-            break;
-        }
-        struct conn_key_node *keyn;
-        struct conn *conn;
+    struct conn_key_node *keyn;
+    struct conn *conn;
 
-        INIT_CONTAINER(keyn, cm_node, cm_node);
+    CMAP_CURSOR_FOR_EACH_CONTINUE (keyn, cm_node, &dump->cursor) {
         if (keyn->dir != CT_DIR_FWD) {
             continue;
         }
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 57d5159b61b8..ecf539b736c2 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -101,8 +101,8 @@ struct conntrack_dump {
     struct conntrack *ct;
     unsigned bucket;
     union {
-        struct cmap_position cm_pos;
         struct hmap_position hmap_pos;
+        struct cmap_cursor cursor;
     };
     bool filter_zone;
     uint16_t zone;
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 3cdc27951449..23404a279972 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -7913,6 +7913,65 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
+AT_SETUP([conntrack - Flush many conntrack entries by port])
+CHECK_CONNTRACK()
+OVS_TRAFFIC_VSWITCHD_START()
+
+ADD_NAMESPACES(at_ns0, at_ns1)
+
+ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
+ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+
+AT_DATA([flows.txt], [dnl
+priority=100,in_port=1,udp,action=ct(zone=1,commit),2
+])
+
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+
+dnl 20 packets from port 1 and 1 packet from port 2.
+flow_l3="\
+    eth_src=50:54:00:00:00:09,eth_dst=50:54:00:00:00:0a,dl_type=0x0800,\
+    nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_proto=17,nw_ttl=64,nw_frag=no"
+
+head="50540000000a50540000000908004500005c000000004011648d0a0101010a010102"
+len=72
+base_csum=1366
+tail="000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\
+      202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f"
+
+dst_port=1
+for src_port in $(seq 1 20); do
+    csum=$((base_csum - src_port - dst_port))
+    frame=$(printf "%s%04x%04x%04x%04x%s" $head 1 $src_port $len $csum $tail)
+    AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=$frame actions=resubmit(,0)"])
+done
+
+src_port=2
+dst_port=1
+csum=$((base_csum - src_port - dst_port))
+frame=$(printf "%s%04x%04x%04x%04x%s" $head $src_port $dst_port $len $csum $tail)
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=$frame actions=resubmit(,0)"])
+
+: > conntrack
+
+for i in $(seq 1 20); do
+    echo "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=1,dport=${i}),reply=(src=10.1.1.2,dst=10.1.1.1,sport=${i},dport=1),zone=1" >> conntrack
+done
+echo "udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1" >> conntrack
+
+sort conntrack > expout
+
+AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | sort ], [0], [expout])
+
+dnl Check that flushing conntrack by port 1 flush all ct for port 1 but keeps ct for port 2.
+AT_CHECK([ovs-appctl dpctl/flush-conntrack zone=1 'ct_nw_proto=17,ct_tp_src=1'])
+AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=1 | grep -F "src=10.1.1.1," | sort ], [0], [dnl
+udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=2,dport=1),reply=(src=10.1.1.2,dst=10.1.1.1,sport=1,dport=2),zone=1
+])
+
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
 AT_BANNER([IGMP])
 
 AT_SETUP([IGMP - flood under normal action])