From patchwork Thu Feb 8 21:49:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1896772 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TW9cl0QsWz23hb for ; Fri, 9 Feb 2024 08:49:43 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 2C74F4ECC9; Thu, 8 Feb 2024 21:49:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1yf3mghJoZc1; Thu, 8 Feb 2024 21:49:40 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 19A8B4ED22 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 19A8B4ED22; Thu, 8 Feb 2024 21:49:40 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id DB5DAC0072; Thu, 8 Feb 2024 21:49:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3EAEFC0037 for ; Thu, 8 Feb 2024 21:49:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C2F264EC85 for ; Thu, 8 Feb 2024 21:49:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LK8t6XGACJR0 for ; Thu, 8 Feb 2024 21:49:36 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4b98:dc4:8::223; helo=relay3-d.mail.gandi.net; envelope-from=numans@ovn.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 696CE4ECCC Authentication-Results: smtp4.osuosl.org; dmarc=none (p=none dis=none) header.from=ovn.org DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 696CE4ECCC Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::223]) by smtp4.osuosl.org (Postfix) with ESMTPS id 696CE4ECCC for ; Thu, 8 Feb 2024 21:49:34 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id 87D5860002; Thu, 8 Feb 2024 21:49:31 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Thu, 8 Feb 2024 16:49:26 -0500 Message-ID: <20240208214926.12763-1-numans@ovn.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240208214904.12696-1-numans@ovn.org> References: <20240208214904.12696-1-numans@ovn.org> MIME-Version: 1.0 X-GND-Sasl: numans@ovn.org Subject: [ovs-dev] [PATCH ovn v1 2/4] northd: Don't add ARP request responder flows for NAT multiple times. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique If an SNAT external_ip belongs to the router IP, then there is no need to generate ARP request responder flows in build_lswitch_rport_arp_req_flows_for_lbnats() as these flows for router ips are generated by build_lswitch_rport_arp_req_flows(). Otherwise this results in the lflow_table_add_lflow() to be called multiple times for the same match and actions and the ovn_lflow to have multiple dp_refcnts. Fixes: fe1c5df98b6f ("northd: forward arp request to lrp snat on.") Signed-off-by: Numan Siddique Acked-by: Han Zhou Acked-by: Dumitru Ceara --- northd/en-lr-nat.c | 6 ++++++ northd/en-lr-nat.h | 2 ++ northd/northd.c | 28 ++++++++++++++++++++++++---- northd/northd.h | 1 + 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/northd/en-lr-nat.c b/northd/en-lr-nat.c index 7664ec0ca9..ad11025c69 100644 --- a/northd/en-lr-nat.c +++ b/northd/en-lr-nat.c @@ -288,6 +288,8 @@ lr_nat_record_init(struct lr_nat_record *lrnat_rec, struct ovn_nat *nat_entry = &lrnat_rec->nat_entries[i]; nat_entry->nb = nat; + nat_entry->is_router_ip = false; + if (!extract_ip_addresses(nat->external_ip, &nat_entry->ext_addrs) || !nat_entry_is_valid(nat_entry)) { @@ -302,6 +304,10 @@ lr_nat_record_init(struct lr_nat_record *lrnat_rec, /* If this is a SNAT rule add the IP to the set of unique SNAT IPs. */ if (!strcmp(nat->type, "snat")) { + if (sset_contains(&od->router_ips, nat->external_ip)) { + nat_entry->is_router_ip = true; + } + if (!nat_entry_is_v6(nat_entry)) { snat_ip_add(lrnat_rec, nat_entry->ext_addrs.ipv4_addrs[0].addr_s, diff --git a/northd/en-lr-nat.h b/northd/en-lr-nat.h index 16b166ee05..6d3b2b6d65 100644 --- a/northd/en-lr-nat.h +++ b/northd/en-lr-nat.h @@ -37,6 +37,8 @@ struct ovn_nat { * list of nat entries. Currently * only used for SNAT. */ + bool is_router_ip; /* Indicates if the NAT external_ip is also one of + * router's lrp ip. Initialized only for SNAT. */ }; /* Stores the list of SNAT entries referencing a unique SNAT IP address. diff --git a/northd/northd.c b/northd/northd.c index a5d5e67117..c59aa8d304 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -431,6 +431,7 @@ ovn_datapath_create(struct hmap *datapaths, const struct uuid *key, hmap_insert(datapaths, &od->key_node, uuid_hash(&od->key)); od->lr_group = NULL; hmap_init(&od->ports); + sset_init(&od->router_ips); return od; } @@ -459,6 +460,7 @@ ovn_datapath_destroy(struct hmap *datapaths, struct ovn_datapath *od) free(od->l3dgw_ports); destroy_mcast_info_for_datapath(od); destroy_ports_for_datapath(od); + sset_destroy(&od->router_ips); free(od); } } @@ -2190,6 +2192,19 @@ join_logical_ports(const struct sbrec_port_binding_table *sbrec_pb_table, op->lrp_networks = lrp_networks; op->od = od; + + for (size_t j = 0; j < op->lrp_networks.n_ipv4_addrs; j++) { + sset_add(&op->od->router_ips, + op->lrp_networks.ipv4_addrs[j].addr_s); + } + for (size_t j = 0; j < op->lrp_networks.n_ipv6_addrs; j++) { + /* Exclude the LLA. */ + if (!in6_is_lla(&op->lrp_networks.ipv6_addrs[j].addr)) { + sset_add(&op->od->router_ips, + op->lrp_networks.ipv6_addrs[j].addr_s); + } + } + hmap_insert(&od->ports, &op->dp_node, hmap_node_hash(&op->key_node)); @@ -8302,22 +8317,27 @@ build_lswitch_rport_arp_req_flows_for_lbnats( struct ovn_nat *nat_entry = CONTAINER_OF(ovs_list_front(&snat_ip->snat_entries), struct ovn_nat, ext_addr_list_node); + if (nat_entry->is_router_ip) { + /* If its a router ip, then there is no need to add the ARP + * request forwarder flows as it will be added by + * build_lswitch_rport_arp_req_flows(). */ + continue; + } + const struct nbrec_nat *nat = nat_entry->nb; /* Check if the ovn port has a network configured on which we could * expect ARP requests/NS for the SNAT external_ip. */ if (nat_entry_is_v6(nat_entry)) { - if (!lr_stateful_rec || - !sset_contains(&lr_stateful_rec->lb_ips->ips_v6, + if (!sset_contains(&lr_stateful_rec->lb_ips->ips_v6, nat->external_ip)) { build_lswitch_rport_arp_req_flow( nat->external_ip, AF_INET6, sw_op, sw_od, 80, lflows, stage_hint, lflow_ref); } } else { - if (!lr_stateful_rec || - !sset_contains(&lr_stateful_rec->lb_ips->ips_v4, + if (!sset_contains(&lr_stateful_rec->lb_ips->ips_v4, nat->external_ip)) { build_lswitch_rport_arp_req_flow( nat->external_ip, AF_INET, sw_op, sw_od, 80, lflows, diff --git a/northd/northd.h b/northd/northd.h index b5c175929e..3f1cd83413 100644 --- a/northd/northd.h +++ b/northd/northd.h @@ -293,6 +293,7 @@ struct ovn_datapath { struct ovn_datapath **ls_peers; size_t n_ls_peers; size_t n_allocated_ls_peers; + struct sset router_ips; /* Router port IPs except the IPv6 LLAs. */ /* Logical switch data. */ struct ovn_port **router_ports;