From patchwork Wed Sep 7 10:04:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1675210 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=fail (SPF fail - not authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010:0:a800:ff:fe79:d16b; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=EW7uKVqX; dkim-atps=neutral Received: from smtp4.osuosl.org (unknown [IPv6:2605:bc80:3010:0:a800:ff:fe79:d16b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MMyYQ5MF5z1yhR for ; Wed, 7 Sep 2022 20:05:14 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 287E44035D; Wed, 7 Sep 2022 10:05:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 287E44035D Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=EW7uKVqX X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwULAa_0Dfz0; Wed, 7 Sep 2022 10:05:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id D79A440228; Wed, 7 Sep 2022 10:05:09 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org D79A440228 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A65F1C0032; Wed, 7 Sep 2022 10:05:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1991BC002D for ; Wed, 7 Sep 2022 10:05:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id DA14A40228 for ; Wed, 7 Sep 2022 10:05:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DA14A40228 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YTtHHbdcbaCm for ; Wed, 7 Sep 2022 10:05:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7CA554028B Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7CA554028B for ; Wed, 7 Sep 2022 10:05:07 +0000 (UTC) Received: by mail-lj1-x232.google.com with SMTP id z20so15366047ljq.3 for ; Wed, 07 Sep 2022 03:05:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date; bh=KKMgh4k/Bl+8ho3sppqyCzS9xfFJ9MGjWqwuPH242M8=; b=EW7uKVqXFUIXrfRCAIvkOnFEh945r7LvDr2fc0EPnx4Vq3cy95CrxnHMMQrt14yJ4b +q0vrpV3UOQg7x+kfNbbQOAkC5MH335zr56INSFRipG43eskqUgsPjZNwXsT3zNhiVRC ucEP2Ra0Uv2ukbOOIcWgZaKfdi/t95gWLcR3Mt+QpOP2PhweIpR0l9W+d0mkNR2+sMca 63QG6vwcOo2wFcLkM22YD60AknrRuhOBTviKqIbUtXjOgagihgwqLGmuJsXiQApPJgYR eb1UuDRiB14TpTXi4VljosTFx7KlGlSZkhAxrvcCDz4xt5IEyF0d/0FPXeVXMX5m9nqd lwYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date; bh=KKMgh4k/Bl+8ho3sppqyCzS9xfFJ9MGjWqwuPH242M8=; b=558MGwoZOLVsJK5dIq3ewDEJvAERzMjByAYxplIVJ0ngirdYX3Rkc6Yj2DbHdlH+84 ReIfigWTvgRseXXGpuvlo9Wnyizl76LGJpmQ4v/hOzLBFSkPQqY7RhsY/5hKHbQeKiOX RDWamCk/6xgjLnO5OiqpJeNNT1NKIJ45zy5yGcY54Zqv2USNaQ2aPtlXbLLafgSt9Zxg WD9v0uTEX5mXZ5U5FmwxSBJTKNIVY7OtRh4+RFn+OgaFOWlk5pTE3tzbypMQeC6liRAM yFSgHCMMFEGO8cHWWXdXv1OXXpJX2og6VED2Jo78MaL531dQPjDd1SaiqPUFl5Sv/q3z r98g== X-Gm-Message-State: ACgBeo2NzEN6SZ0hm7upj+PBT8UsHIm3TeSRFJSq3ixYpNmdeOBJGwO7 mWbifhSPE+1q0qfg/trunheYUGf+11HNdQ== X-Google-Smtp-Source: AA6agR6qoDtn4HGSRUZka/MPYUG8/g7bdOoBIRAw4hnOa1+zgKRW2XgDbIRcPBmzIaWXMfjQsddf1g== X-Received: by 2002:a2e:700b:0:b0:267:3af4:427d with SMTP id l11-20020a2e700b000000b002673af4427dmr717571ljc.507.1662545105069; Wed, 07 Sep 2022 03:05:05 -0700 (PDT) Received: from ip-10-70-112-12.vpc-1e810be1.internal (c2-178-216-98-9.elastic.cloud.croc.ru. [178.216.98.9]) by smtp.gmail.com with ESMTPSA id z13-20020a05651c11cd00b00262fae1ffe6sm2517331ljo.110.2022.09.07.03.04.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Sep 2022 03:05:03 -0700 (PDT) From: Vladislav Odintsov To: dev@openvswitch.org Date: Wed, 7 Sep 2022 13:04:57 +0300 Message-Id: <20220907100457.1817917-1-odivlad@gmail.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn] controller: flush associated conntrack zone on PB release X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This patch adds conntrack zone flush when port binding is released. system-test is added to test this functionality. Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2022-September/397524.html Signed-off-by: Vladislav Odintsov Acked-by: Mark Michelson --- controller/ovn-controller.c | 4 +- tests/system-ovn.at | 77 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 2 deletions(-) diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 89a495a04..fb81d143c 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -692,7 +692,7 @@ update_ct_zones(const struct shash *binding_lports, VLOG_DBG("removing ct zone %"PRId32" for '%s'", ct_zone->data, ct_zone->name); - add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_DB_QUEUED, + add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_OF_QUEUED, ct_zone->data, false, ct_zone->name); bitmap_set0(ct_zone_bitmap, ct_zone->data); @@ -2223,7 +2223,7 @@ ct_zones_runtime_data_handler(struct engine_node *node, void *data) t_lport->pb->logical_port); if (ct_zone) { add_pending_ct_zone_entry( - &ct_zones_data->pending, CT_ZONE_DB_QUEUED, + &ct_zones_data->pending, CT_ZONE_OF_QUEUED, ct_zone->data, false, ct_zone->name); bitmap_set0(ct_zones_data->bitmap, ct_zone->data); diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 992813614..8acfb3e39 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -4144,6 +4144,83 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([conntrack zone flush after port binding release]) + +CHECK_CONNTRACK() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# One LS ls1 with two lports p1 and p2. +# Stateful ACL is added to ls1. +# +# foo -- R1 -- alice +# | +# bar ---- + +check ovn-nbctl ls-add ls1 +check ovn-nbctl acl-add ls1 from-lport 1 1 allow-related + +# Logical port 'p1' in switch 'ls1'. +ADD_NAMESPACES(p1) +ADD_VETH(p1, p1, br-int, "192.168.1.10/24", "00:00:00:00:00:10") +ovn-nbctl lsp-add ls1 p1 \ +-- lsp-set-addresses p1 "00:00:00:00:00:10 192.168.1.10" + +# Logical port 'p2' in switch 'ls1'. +ovn-nbctl lsp-add ls1 p2 \ +-- lsp-set-addresses p2 "00:00:00:00:00:20 192.168.1.20" + +ovn-nbctl --wait=hv sync + +zone_id=$(ovn-appctl -t ovn-controller ct-zone-list | grep p1 | cut -d ' ' -f2) + +# ping from p1 to p2 +NS_CHECK_EXEC([p1], [ping -q -c 1 -w1 192.168.1.20 > /dev/null], [1]) + +# check conntrack zone has icmp entry +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=$zone_id | \ +FORMAT_CT(192.168.1.10) | \ +sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl +icmp,orig=(src=192.168.1.10,dst=192.168.1.20,id=,type=8,code=0),reply=(src=192.168.1.20,dst=192.168.1.10,id=,type=0,code=0),zone= +]) + +# release port binding +check ovs-vsctl clear interface ovs-p1 external_ids + +# check conntrack zone is flushed +check ovs-appctl dpctl/dump-conntrack zone=$zone_id + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([2 LSs IGMP and MLD]) AT_SKIP_IF([test $HAVE_TCPDUMP = no])