From patchwork Wed Feb  7 16:35:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ales Musil <amusil@redhat.com>
X-Patchwork-Id: 1896218
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=C1FrGZjc;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TVQjP11Hvz23hb
	for <incoming@patchwork.ozlabs.org>; Thu,  8 Feb 2024 03:36:09 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 4650183C35;
	Wed,  7 Feb 2024 16:36:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id CDls8Kf2qPK8; Wed,  7 Feb 2024 16:36:06 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 28BBA83C1A
Authentication-Results: smtp1.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=C1FrGZjc
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp1.osuosl.org (Postfix) with ESMTPS id 28BBA83C1A;
	Wed,  7 Feb 2024 16:36:06 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id EDD19C0077;
	Wed,  7 Feb 2024 16:36:05 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id A3BF8C0037
 for <dev@openvswitch.org>; Wed,  7 Feb 2024 16:36:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 83956404E8
 for <dev@openvswitch.org>; Wed,  7 Feb 2024 16:36:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IILZlYnh9Ep7 for <dev@openvswitch.org>;
 Wed,  7 Feb 2024 16:36:03 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 7DFD3404A8
Authentication-Results: smtp4.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7DFD3404A8
Authentication-Results: smtp4.osuosl.org;
 dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=C1FrGZjc
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp4.osuosl.org (Postfix) with ESMTPS id 7DFD3404A8
 for <dev@openvswitch.org>; Wed,  7 Feb 2024 16:36:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1707323762;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=JNYjt1qmFyOjVPY5UnUHTC7lii/WeNoDu+Vr8VVTZjA=;
 b=C1FrGZjcvwXOsKzON6UzHkposysEXEunRw5HQhAK/9IzdFyAGaN8YLfEFsUkO84FHye5gY
 0RYKJ5ayBJplcTAoC3YZP5ApoFrXR5Xxe7CS070Ak341o45ZLWtDS8p2w3Dg5jB61yQTPH
 omNLtUpkIysCQKSdP7H53ydE4A9WvDE=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-360-xF64TOMHOTCW77T94a_cIA-1; Wed, 07 Feb 2024 11:35:59 -0500
X-MC-Unique: xF64TOMHOTCW77T94a_cIA-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
 [10.11.54.4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1F43F831071
 for <dev@openvswitch.org>; Wed,  7 Feb 2024 16:35:59 +0000 (UTC)
Received: from amusil.redhat.com (unknown [10.45.224.13])
 by smtp.corp.redhat.com (Postfix) with ESMTP id EA45C2026D08;
 Wed,  7 Feb 2024 16:35:57 +0000 (UTC)
From: Ales Musil <amusil@redhat.com>
To: dev@openvswitch.org
Date: Wed,  7 Feb 2024 17:35:54 +0100
Message-ID: <20240207163555.213086-2-amusil@redhat.com>
In-Reply-To: <20240207163555.213086-1-amusil@redhat.com>
References: <20240207163555.213086-1-amusil@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Cc: dceara@redhat.com
Subject: [ovs-dev] [PATCH ovn v5 1/2] actions: Adjust the ct_commit_nat
	action.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The ct_commit nat was hardcoded to use DNAT zone
in router pipeline. Extend it that it accepts
two new arguments (snat/dnat) which will determine
the zone for router pipeline. The switch pipeline
has only one, so it resolves to the same for both arguments.

In order to keep backward compatibility the ct_commit_nat
without any arguments is the same as ct_commit_nat(dnat).

Signed-off-by: Ales Musil <amusil@redhat.com>
---
v5: Rebase on top of current main.
v4: Rebase on top of current main.
v3: Rebase on top of current main.
v2: Rebase on top of current main.
    Address comment from Dumitru:
    - Make the ct_commit_nat to accept only snat/dnat parameter.
---
 include/ovn/actions.h | 12 ++++++--
 lib/actions.c         | 69 +++++++++++++++++++++++++++++++++----------
 tests/ovn.at          | 21 +++++++++++++
 utilities/ovn-trace.c |  2 +-
 4 files changed, 86 insertions(+), 18 deletions(-)

diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 49cfe0624..49fb96fc6 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -75,7 +75,7 @@ struct collector_set_ids;
     OVNACT(CT_LB_MARK,        ovnact_ct_lb)           \
     OVNACT(SELECT,            ovnact_select)          \
     OVNACT(CT_CLEAR,          ovnact_null)            \
-    OVNACT(CT_COMMIT_NAT,     ovnact_ct_nat)          \
+    OVNACT(CT_COMMIT_NAT,     ovnact_ct_commit_nat)   \
     OVNACT(CLONE,             ovnact_nest)            \
     OVNACT(ARP,               ovnact_nest)            \
     OVNACT(ICMP4,             ovnact_nest)            \
@@ -274,7 +274,7 @@ enum ovnact_ct_nat_type {
     OVNACT_CT_NAT_UNSPEC,
 };
 
-/* OVNACT_CT_DNAT, OVNACT_CT_SNAT, OVNACT_CT_COMMIT_NAT. */
+/* OVNACT_CT_DNAT, OVNACT_CT_SNAT. */
 struct ovnact_ct_nat {
     struct ovnact ovnact;
     int family;
@@ -296,6 +296,14 @@ struct ovnact_ct_nat {
     uint8_t ltable;             /* Logical table ID of next table. */
 };
 
+/* OVNACT_CT_COMMIT_NAT. */
+struct ovnact_ct_commit_nat {
+    struct ovnact ovnact;
+
+    bool dnat_zone;
+    uint8_t ltable;
+};
+
 enum ovnact_ct_lb_flag {
     OVNACT_CT_LB_FLAG_NONE,
     OVNACT_CT_LB_FLAG_SKIP_SNAT,
diff --git a/lib/actions.c b/lib/actions.c
index fdc0529de..a45874dfb 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -1020,16 +1020,29 @@ parse_CT_COMMIT_NAT(struct action_context *ctx)
 
     if (ctx->pp->cur_ltable >= ctx->pp->n_tables) {
         lexer_error(ctx->lexer,
-                    "\"ct_commit_related\" action not allowed in last table.");
+                    "\"ct_commit_nat\" action not allowed in last table.");
         return;
     }
 
-    struct ovnact_ct_nat *cn = ovnact_put_CT_COMMIT_NAT(ctx->ovnacts);
-    cn->commit = true;
+    struct ovnact_ct_commit_nat *cn = ovnact_put_CT_COMMIT_NAT(ctx->ovnacts);
     cn->ltable = ctx->pp->cur_ltable + 1;
-    cn->family = AF_UNSPEC;
-    cn->type = OVNACT_CT_NAT_UNSPEC;
-    cn->port_range.exists = false;
+    cn->dnat_zone = true;
+
+    if (!lexer_match(ctx->lexer, LEX_T_LPAREN)) {
+        return;
+    }
+
+    if (lexer_match_id(ctx->lexer, "dnat")) {
+        cn->dnat_zone = true;
+    } else if (lexer_match_id(ctx->lexer, "snat")) {
+        cn->dnat_zone = false;
+    } else {
+        lexer_error(ctx->lexer, "\"ct_commit_nat\" action accepts"
+                    " only \"dnat\" or \"snat\" parameter.");
+        return;
+    }
+
+    lexer_force_match(ctx->lexer, LEX_T_RPAREN);
 }
 
 static void
@@ -1082,9 +1095,10 @@ format_CT_SNAT_IN_CZONE(const struct ovnact_ct_nat *cn, struct ds *s)
 }
 
 static void
-format_CT_COMMIT_NAT(const struct ovnact_ct_nat *cn OVS_UNUSED, struct ds *s)
+format_CT_COMMIT_NAT(const struct ovnact_ct_commit_nat *cn, struct ds *s)
 {
-    ds_put_cstr(s, "ct_commit_nat;");
+    ds_put_cstr(s, "ct_commit_nat");
+    ds_put_cstr(s, cn->dnat_zone ? "(dnat);" : "(snat);");
 }
 
 static void
@@ -1189,20 +1203,45 @@ encode_CT_SNAT_IN_CZONE(const struct ovnact_ct_nat *cn,
 }
 
 static void
-encode_CT_COMMIT_NAT(const struct ovnact_ct_nat *cn,
-                         const struct ovnact_encode_params *ep,
-                         struct ofpbuf *ofpacts)
+encode_CT_COMMIT_NAT(const struct ovnact_ct_commit_nat *cn,
+                     const struct ovnact_encode_params *ep,
+                     struct ofpbuf *ofpacts)
 {
-    enum mf_field_id zone = ep->is_switch
-                            ? MFF_LOG_CT_ZONE
-                            : MFF_LOG_DNAT_ZONE;
-    encode_ct_nat(cn, ep, zone, ofpacts);
+    const size_t ct_offset = ofpacts->size;
+
+    struct ofpact_conntrack *ct = ofpact_put_CT(ofpacts);
+    ct->recirc_table = cn->ltable + first_ptable(ep, ep->pipeline);
+    ct->zone_src.ofs = 0;
+    ct->zone_src.n_bits = 16;
+    ct->flags = NX_CT_F_COMMIT;
+    ct->alg = 0;
+
+    if (ep->is_switch) {
+        ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE);
+    } else {
+        ct->zone_src.field = mf_from_id(cn->dnat_zone
+                                        ? MFF_LOG_DNAT_ZONE
+                                        : MFF_LOG_SNAT_ZONE);
+    }
+
+    struct ofpact_nat *nat = ofpact_put_NAT(ofpacts);
+    nat->range_af = AF_UNSPEC;
+    nat->flags = 0;
+
+    ct = ofpbuf_at_assert(ofpacts, ct_offset, sizeof *ct);
+    ofpacts->header = ct;
+    ofpact_finish_CT(ofpacts, &ct);
 }
 
 static void
 ovnact_ct_nat_free(struct ovnact_ct_nat *ct_nat OVS_UNUSED)
 {
 }
+
+static void
+ovnact_ct_commit_nat_free(struct ovnact_ct_commit_nat *cn OVS_UNUSED)
+{
+}
 
 static void
 parse_ct_lb_action(struct action_context *ctx, bool ct_lb_mark)
diff --git a/tests/ovn.at b/tests/ovn.at
index 0bbf3d6da..f3f0264e5 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1498,9 +1498,30 @@ ct_clear;
 
 # ct_commit_nat
 ct_commit_nat;
+    formats as ct_commit_nat(dnat);
     encodes as ct(commit,table=19,zone=NXM_NX_REG13[0..15],nat)
     has prereqs ip
 
+ct_commit_nat(snat);
+    encodes as ct(commit,table=19,zone=NXM_NX_REG13[0..15],nat)
+    has prereqs ip
+
+ct_commit_nat(dnat);
+    encodes as ct(commit,table=19,zone=NXM_NX_REG13[0..15],nat)
+    has prereqs ip
+
+ct_commit_nat(snat, dnat);
+    Syntax error at `,' expecting `)'.
+
+ct_commit_nat(dnat, ignore);
+    Syntax error at `,' expecting `)'.
+
+ct_commit_nat(ignore);
+    "ct_commit_nat" action accepts only "dnat" or "snat" parameter.
+
+ct_commit_nat();
+    "ct_commit_nat" action accepts only "dnat" or "snat" parameter.
+
 # clone
 clone { ip4.dst = 255.255.255.255; output; }; next;
     encodes as clone(set_field:255.255.255.255->ip_dst,resubmit(,64)),resubmit(,19)
diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
index 13ae464ad..e0f1c3ec9 100644
--- a/utilities/ovn-trace.c
+++ b/utilities/ovn-trace.c
@@ -2463,7 +2463,7 @@ execute_ct_nat(const struct ovnact_ct_nat *ct_nat,
 }
 
 static void
-execute_ct_commit_nat(const struct ovnact_ct_nat *ct_nat,
+execute_ct_commit_nat(const struct ovnact_ct_commit_nat *ct_nat,
                       const struct ovntrace_datapath *dp, struct flow *uflow,
                       enum ovnact_pipeline pipeline, struct ovs_list *super)
 {