From patchwork Fri May 24 08:00:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasyl Saienko X-Patchwork-Id: 1938837 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mirantis.com header.i=@mirantis.com header.a=rsa-sha256 header.s=google header.b=CYwyHAOM; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VlyCG1wRXz1ynR for ; Fri, 24 May 2024 18:00:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 68655419F3; Fri, 24 May 2024 08:00:38 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id vbVt8LD0TTWJ; Fri, 24 May 2024 08:00:34 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 3AC35401AE Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key, unprotected) header.d=mirantis.com header.i=@mirantis.com header.a=rsa-sha256 header.s=google header.b=CYwyHAOM Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 3AC35401AE; Fri, 24 May 2024 08:00:34 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id CD89FC0DD9; Fri, 24 May 2024 08:00:33 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 85FD5C0037 for ; Fri, 24 May 2024 08:00:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 6E2C2408B9 for ; Fri, 24 May 2024 08:00:21 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id CpRnTmgfEPJc for ; Fri, 24 May 2024 08:00:19 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::534; helo=mail-ed1-x534.google.com; envelope-from=vsaienko@mirantis.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org E6267408AD Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=mirantis.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E6267408AD Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=mirantis.com header.i=@mirantis.com header.a=rsa-sha256 header.s=google header.b=CYwyHAOM Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by smtp4.osuosl.org (Postfix) with ESMTPS id E6267408AD for ; Fri, 24 May 2024 08:00:18 +0000 (UTC) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-5785eab8d5dso237180a12.3 for ; Fri, 24 May 2024 01:00:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mirantis.com; s=google; t=1716537616; x=1717142416; darn=openvswitch.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8iFesVGLc6nX3BhP1FPkvTQhXbG6Gee01ao8pQPZafk=; b=CYwyHAOMblHO/BLi1/VvtYaqa9v8fTdxyH1V39zleACBx1XVdhFuE5HiCwe2LP04uT DiffksoJLz4azFYXvtZ+0Qov9+J5ZfXopQ5KJfhvLNcdgxaxJs/MpCiGBlwF8YsZgdMF tgSuQU41HSurC9/Tocnq0peJ9SfhrwPl5Lf9g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716537616; x=1717142416; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8iFesVGLc6nX3BhP1FPkvTQhXbG6Gee01ao8pQPZafk=; b=OJYokVjVRwCDCC58i6V/rQgwRm8vOeLn1k0E/ZVmVrgQbhh9DtDmuHypG1mtcKCmQr iIBs9o8jtIpP9sx2erfjtnJRcWlQPRk4jw0J7dHiq8MLwaGkANDRsZllYw11XCLCQ5ZT Wca8rJ569nNARM6fUIUbZOoxJ3ZOZIot4YpiJmbD2qhluIIcsoFLYm24KfM5DB3LvLQE UplejhC+J9DOT2lPs3diT6kS2YL6mrmElk9ysk9zNr/f7DYTqM8ntBsIXLS3uRHvcw6H gY1ZM7XYUN3QliHfumwEmIyisAdTSqbzmEqnI89zpo9OfJr2IDO5ZqrAKtBJg1yK/kJi kxKQ== X-Gm-Message-State: AOJu0YwMTeh4vDlf/CCbh1bPiWGfXQfrmuHtyC/0TiZ0Y+SLAvavC1KM 7gDHU/R7l6fcaYLnIgJBdr20awmxtt9zdb7q237zzyzsA73jNnSodIqvdUiL5A46054FXJwX72r GEOI= X-Google-Smtp-Source: AGHT+IHW4ROfEGyegOVQ8UAmnn98bpUcfdv1gVSNWoNN6OwKufq4bXIFSyKoy+ffbCuuhef+nXT8bA== X-Received: by 2002:a17:906:1857:b0:a59:f3f9:d24c with SMTP id a640c23a62f3a-a6265134253mr95234966b.76.1716537616528; Fri, 24 May 2024 01:00:16 -0700 (PDT) Received: from bookajoy.lan ([217.196.161.245]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a626cda8491sm87501166b.219.2024.05.24.01.00.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 01:00:15 -0700 (PDT) From: Vasyl Saienko To: dev@openvswitch.org Date: Fri, 24 May 2024 11:00:04 +0300 Message-ID: <20240524080004.29355-1-vsaienko@mirantis.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH v2 ovn] Do not reply on unicast arps for IPv4 targets. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Reply only if target ethernet address is broadcast, if address is specified explicitly do noting to let target reply by itself. This technique allows to monitor target aliveness with arping. Closes #239 Signed-off-by: Vasyl Saienko Acked-by: Numan Siddique --- northd/northd.c | 11 +++++++++-- northd/ovn-northd.8.xml | 7 ++++--- tests/ovn-northd.at | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 37f443e70..e80e1885d 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -8832,8 +8832,15 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, for (size_t i = 0; i < op->n_lsp_addrs; i++) { for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { ds_clear(match); - ds_put_format(match, "arp.tpa == %s && arp.op == 1", - op->lsp_addrs[i].ipv4_addrs[j].addr_s); + /* NOTE(vsaienko): Do not reply on unicast ARPs, forward + * them to the target to have ability to monitor target + * aliveness via ARPs. + */ + ds_put_format(match, + "arp.tpa == %s && " + "arp.op == 1 && " + "eth.dst == ff:ff:ff:ff:ff:ff", + op->lsp_addrs[i].ipv4_addrs[j].addr_s); ds_clear(actions); ds_put_format(actions, "eth.dst = eth.src; " diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index b14a30285..ffdd67895 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1435,9 +1435,10 @@

  • - Priority-50 flows that match ARP requests to each known IP address - A of every logical switch port, and respond with ARP - replies directly with corresponding Ethernet address E: + Priority-50 flows that match only broadcast ARP requests to each + known IPv4 address A of every logical switch port, and + respond with ARP replies directly with corresponding Ethernet + address E: 

    diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index be006fb32..4162196f4 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -9283,9 +9283,9 @@ AT_CAPTURE_FILE([S1flows])
 
 AT_CHECK([grep -e "ls_in_arp_rsp" S1flows | ovn_strip_lflows], [0], [dnl
   table=??(ls_in_arp_rsp      ), priority=0    , match=(1), action=(next;)
-  table=??(ls_in_arp_rsp      ), priority=100  , match=(arp.tpa == 192.168.0.10 && arp.op == 1 && inport == "S1-vm1"), action=(next;)
+  table=??(ls_in_arp_rsp      ), priority=100  , match=(arp.tpa == 192.168.0.10 && arp.op == 1 && eth.dst == ff:ff:ff:ff:ff:ff && inport == "S1-vm1"), action=(next;)
   table=??(ls_in_arp_rsp      ), priority=100  , match=(nd_ns && ip6.dst == {fd00::10, ff02::1:ff00:10} && nd.target == fd00::10 && inport == "S1-vm1"), action=(next;)
-  table=??(ls_in_arp_rsp      ), priority=50   , match=(arp.tpa == 192.168.0.10 && arp.op == 1), action=(eth.dst = eth.src; eth.src = 50:54:00:00:00:10; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = 50:54:00:00:00:10; arp.tpa = arp.spa; arp.spa = 192.168.0.10; outport = inport; flags.loopback = 1; output;)
+  table=??(ls_in_arp_rsp      ), priority=50   , match=(arp.tpa == 192.168.0.10 && arp.op == 1 && eth.dst == ff:ff:ff:ff:ff:ff), action=(eth.dst = eth.src; eth.src = 50:54:00:00:00:10; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = 50:54:00:00:00:10; arp.tpa = arp.spa; arp.spa = 192.168.0.10; outport = inport; flags.loopback = 1; output;)
   table=??(ls_in_arp_rsp      ), priority=50   , match=(nd_ns && ip6.dst == {fd00::10, ff02::1:ff00:10} && nd.target == fd00::10), action=(nd_na { eth.src = 50:54:00:00:00:10; ip6.src = fd00::10; nd.target = fd00::10; nd.tll = 50:54:00:00:00:10; outport = inport; flags.loopback = 1; output; };)
 ])