From patchwork Fri Aug 18 08:58:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1822761 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RRwm86KL2z1ygH for ; Fri, 18 Aug 2023 18:59:20 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 29622419B9; Fri, 18 Aug 2023 08:59:18 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 29622419B9 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xk8SjmwP9is9; Fri, 18 Aug 2023 08:59:16 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 2CAE641986; Fri, 18 Aug 2023 08:59:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 2CAE641986 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id DA600C0039; Fri, 18 Aug 2023 08:59:14 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 086DDC0039 for ; Fri, 18 Aug 2023 08:59:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id E9622426EE for ; Fri, 18 Aug 2023 08:58:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E9622426EE X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DSSjKcOT00J for ; Fri, 18 Aug 2023 08:58:23 +0000 (UTC) Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by smtp4.osuosl.org (Postfix) with ESMTPS id 62239426F2 for ; Fri, 18 Aug 2023 08:58:23 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 62239426F2 Received: by mail.gandi.net (Postfix) with ESMTPSA id C35AD20007; Fri, 18 Aug 2023 08:58:19 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 18 Aug 2023 14:28:15 +0530 Message-Id: <20230818085815.1031063-1-numans@ovn.org> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818085606.1030792-1-numans@ovn.org> References: <20230818085606.1030792-1-numans@ovn.org> MIME-Version: 1.0 X-GND-Sasl: numans@ovn.org Subject: [ovs-dev] [PATCH ovn v6 10/16] northd: Fix LSP incremental processing if dhcp options are set. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique The flows to allow DHCP response from ovn-controller were missing if a logical VIF port had dhcp v4/v6 options set and were handled incrementally. Fixes: 8bbd67891f68 ("northd: Incremental processing of VIF additions in 'lflow' node.") Signed-off-by: Numan Siddique --- northd/northd.c | 125 ++++++++++++++++++++++---------------------- tests/ovn-northd.at | 25 +++++++++ 2 files changed, 87 insertions(+), 63 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 9b9c6de826..6de3c11ac7 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -8328,68 +8328,6 @@ build_acls(struct ovn_datapath *od, const struct chassis_features *features, } } - /* Add 34000 priority flow to allow DHCP reply from ovn-controller to all - * logical ports of the datapath if the CMS has configured DHCPv4 options. - * */ - for (size_t i = 0; i < od->nbs->n_ports; i++) { - if (lsp_is_external(od->nbs->ports[i])) { - continue; - } - - if (od->nbs->ports[i]->dhcpv4_options) { - const char *server_id = smap_get( - &od->nbs->ports[i]->dhcpv4_options->options, "server_id"); - const char *server_mac = smap_get( - &od->nbs->ports[i]->dhcpv4_options->options, "server_mac"); - const char *lease_time = smap_get( - &od->nbs->ports[i]->dhcpv4_options->options, "lease_time"); - if (server_id && server_mac && lease_time) { - const char *dhcp_actions = - has_stateful ? REGBIT_ACL_VERDICT_ALLOW" = 1; " - "ct_commit; next;" - : REGBIT_ACL_VERDICT_ALLOW" = 1; next;"; - ds_clear(&match); - ds_put_format(&match, "outport == \"%s\" && eth.src == %s " - "&& ip4.src == %s && udp && udp.src == 67 " - "&& udp.dst == 68", od->nbs->ports[i]->name, - server_mac, server_id); - ovn_lflow_add_with_lport_and_hint( - lflows, od, S_SWITCH_OUT_ACL_EVAL, 34000, ds_cstr(&match), - dhcp_actions, od->nbs->ports[i]->name, - &od->nbs->ports[i]->dhcpv4_options->header_); - } - } - - if (od->nbs->ports[i]->dhcpv6_options) { - const char *server_mac = smap_get( - &od->nbs->ports[i]->dhcpv6_options->options, "server_id"); - struct eth_addr ea; - if (server_mac && eth_addr_from_string(server_mac, &ea)) { - /* Get the link local IP of the DHCPv6 server from the - * server MAC. */ - struct in6_addr lla; - in6_generate_lla(ea, &lla); - - char server_ip[INET6_ADDRSTRLEN + 1]; - ipv6_string_mapped(server_ip, &lla); - - const char *dhcp6_actions = - has_stateful ? REGBIT_ACL_VERDICT_ALLOW" = 1; " - "ct_commit; next;" - : REGBIT_ACL_VERDICT_ALLOW" = 1; next;"; - ds_clear(&match); - ds_put_format(&match, "outport == \"%s\" && eth.src == %s " - "&& ip6.src == %s && udp && udp.src == 547 " - "&& udp.dst == 546", od->nbs->ports[i]->name, - server_mac, server_ip); - ovn_lflow_add_with_lport_and_hint( - lflows, od, S_SWITCH_OUT_ACL_EVAL, 34000, ds_cstr(&match), - dhcp6_actions, od->nbs->ports[i]->name, - &od->nbs->ports[i]->dhcpv6_options->header_); - } - } - } - /* Add a 34000 priority flow to advance the DNS reply from ovn-controller, * if the CMS has configured DNS records for the datapath. */ @@ -9701,6 +9639,34 @@ build_dhcpv4_options_flows(struct ovn_port *op, ds_destroy(&options_action); ds_destroy(&response_action); ds_destroy(&ipv4_addr_match); + + /* Add 34000 priority flow to allow DHCP reply from ovn-controller + * to the ogical port of the datapath if the CMS has configured + * DHCPv4 options. + * */ + if (!is_external) { + const char *server_id = smap_get( + &op->nbsp->dhcpv4_options->options, "server_id"); + const char *server_mac = smap_get( + &op->nbsp->dhcpv4_options->options, "server_mac"); + const char *lease_time = smap_get( + &op->nbsp->dhcpv4_options->options, "lease_time"); + ovs_assert(server_id && server_mac && lease_time); + const char *dhcp_actions = + (op->od->has_stateful_acl || op->od->has_lb_vip) + ? REGBIT_ACL_VERDICT_ALLOW" = 1; ct_commit; next;" + : REGBIT_ACL_VERDICT_ALLOW" = 1; next;"; + ds_clear(&match); + ds_put_format(&match, "outport == %s && eth.src == %s " + "&& ip4.src == %s && udp && udp.src == 67 " + "&& udp.dst == 68",op->json_key, + server_mac, server_id); + ovn_lflow_add_with_lport_lflow_ref( + lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000, + ds_cstr(&match),dhcp_actions, op->key, NULL, + &op->nbsp->dhcpv4_options->header_, + lflow_dep_mgr, op->key, op->od); + } break; } } @@ -9756,6 +9722,40 @@ build_dhcpv6_options_flows(struct ovn_port *op, lflow_dep_mgr, op->key, op->od); ds_destroy(&options_action); ds_destroy(&response_action); + + /* Add 34000 priority flow to allow DHCP reply from ovn-controller + * to the ogical port of the datapath if the CMS has configured + * DHCPv6 options. + * */ + if (!is_external) { + const char *server_mac = smap_get( + &op->nbsp->dhcpv6_options->options, "server_id"); + struct eth_addr ea; + ovs_assert(server_mac && + eth_addr_from_string(server_mac, &ea)); + /* Get the link local IP of the DHCPv6 server from the + * server MAC. */ + struct in6_addr lla; + in6_generate_lla(ea, &lla); + + char server_ip[INET6_ADDRSTRLEN + 1]; + ipv6_string_mapped(server_ip, &lla); + + const char *dhcp6_actions = + (op->od->has_stateful_acl || op->od->has_lb_vip) + ? REGBIT_ACL_VERDICT_ALLOW" = 1; ct_commit; next;" + : REGBIT_ACL_VERDICT_ALLOW" = 1; next;"; + ds_clear(&match); + ds_put_format(&match, "outport == %s && eth.src == %s " + "&& ip6.src == %s && udp && udp.src == 547 " + "&& udp.dst == 546", op->json_key, + server_mac, server_ip); + ovn_lflow_add_with_lport_lflow_ref( + lflows, op->od, S_SWITCH_OUT_ACL_EVAL, 34000, + ds_cstr(&match), dhcp6_actions, op->key, NULL, + &op->nbsp->dhcpv6_options->header_, + lflow_dep_mgr, op->key, op->od); + } break; } } @@ -16334,7 +16334,6 @@ build_lswitch_and_lrouter_iterate_by_lsp(struct ovn_port *op, build_lswitch_external_port(op, lflows, &op->lflow_dep_mgr); build_lswitch_ip_unicast_lookup(op, lflows, actions, match, &op->lflow_dep_mgr); - /* Build Logical Router Flows. */ build_ip_routing_flows_for_router_type_lsp(op, lr_ports, lflows); build_arp_resolve_flows_for_lsp(op, lflows, lr_ports, match, actions, diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 234d5a8bbd..a5f64ed5bd 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -9624,6 +9624,31 @@ check_recompute_counter 0 0 CHECK_NO_CHANGE_AFTER_RECOMPUTE +# Associate DHCP for lsp0-2 +ovn-nbctl dhcp-options-create 192.168.0.0/24 + +CIDR_UUID=$(ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="192.168.0.0/24") +ovn-nbctl dhcp-options-set-options $CIDR_UUID lease_time=3600 router=192.168.0.1 server_id=192.168.0.1 server_mac=c0:ff:ee:00:00:01 hostname="\"foo\"" + +check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats +ovn-nbctl --wait=sb lsp-set-dhcpv4-options lsp0-2 $CIDR_UUID +check_recompute_counter 0 0 + +CHECK_NO_CHANGE_AFTER_RECOMPUTE + +# Add IPv6 address and associate DHCPv6 for lsp0-2 +check ovn-nbctl lsp-set-addresses lsp0-2 "aa:aa:aa:00:00:01 192.168.0.11 aef0::4" +d1="$(ovn-nbctl create DHCP_Options cidr="aef0\:\:/64" \ +options="\"server_id\"=\"00:00:00:10:00:01\"")" + +check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats +ovn-nbctl --wait=sb lsp-set-dhcpv6-options lsp0-2 ${d1} +check_recompute_counter 0 0 + +CHECK_NO_CHANGE_AFTER_RECOMPUTE + +check ovn-nbctl --wait=hv ls-del ls0 + OVN_CLEANUP([hv1]) AT_CLEANUP ])