From patchwork Fri Aug  9 08:27:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
X-Patchwork-Id: 1970853
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=gxdmxAXg;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WgH8c3Rx1z1ybS
	for <incoming@patchwork.ozlabs.org>; Fri,  9 Aug 2024 18:27:28 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id EACB681E24;
	Fri,  9 Aug 2024 08:27:26 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id YB2L0kQspjGO; Fri,  9 Aug 2024 08:27:25 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 6100281340
Authentication-Results: smtp1.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=gxdmxAXg
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp1.osuosl.org (Postfix) with ESMTPS id 6100281340;
	Fri,  9 Aug 2024 08:27:25 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 2CCBEC0078;
	Fri,  9 Aug 2024 08:27:25 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id B806DC0033
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 9C43F60E35
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:23 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id GtiLqgbmiQK1 for <ovs-dev@openvswitch.org>;
 Fri,  9 Aug 2024 08:27:22 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com;
 envelope-from=lorenzo.bianconi@redhat.com; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org B335760D65
Authentication-Results: smtp3.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org B335760D65
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=gxdmxAXg
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp3.osuosl.org (Postfix) with ESMTPS id B335760D65
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1723192040;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Yx3ohBAXuxQWerRxW3TKShScOnHviIDA94w91UP4bfU=;
 b=gxdmxAXgltpw+RKkfOlJu8xtCYfUJAPfCDAkD2iKar65OJbb0q3JrV5lSTP0B2qEdoPOYJ
 Zt4GSHX0BW/ghtHG/7DRLsNvIQOOq9Cf9gG4Io2exF9skuHTFJzzDaU7J4tNWquzrPl99Z
 Dm81Yh0AVeR9R/gR9Agzz/VDHkB8Y94=
Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com
 [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-449-NtGyD9_8PO6rlFVfKRaIGQ-1; Fri, 09 Aug 2024 04:27:19 -0400
X-MC-Unique: NtGyD9_8PO6rlFVfKRaIGQ-1
Received: by mail-lj1-f199.google.com with SMTP id
 38308e7fff4ca-2ef31dbc770so17002991fa.1
 for <ovs-dev@openvswitch.org>; Fri, 09 Aug 2024 01:27:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1723192037; x=1723796837;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=Yx3ohBAXuxQWerRxW3TKShScOnHviIDA94w91UP4bfU=;
 b=VfdcTe4ukVWPwCWW9OfHvw1A6q4ZrHtdcYeNGvb+UwBdv6FVHWyu00LVrwC8oMdI8h
 gTWj0+HQCEMNysb7LTdGc8jLsNfEVVu04vY3gCyxOXPzyTV/+X4ZO0pVFcCCSNMO7V+5
 Q1kNdRBwhtBC9lsyziMOHJmQDS2LEFBQT1PhJFnLJ1R51u16CO9vtcHYaMBx8U6nDRiM
 waQlJc+YpIOXYZbXJA1SJtPCoRhOOpIbRxIx0w2XPt93XHu18YidppUPs/Jh2/6ePa8f
 9JLYJ4x688+2S8Z4g074h1ZwpRbsofrvYm+rVgMADGLPE2nYrM13QP8q9hH8j9IGFw7R
 dx9g==
X-Gm-Message-State: AOJu0Yw6FowNxBcePpDUjxVPVaS9Sr/NAd61ibHv8DvNw1onffCXLrXB
 IyzFG+PN43zLjIVjy7zF2ZrtyT7LRF4EtxVv3iNkuF1rxQAh74EgNser/+GgWZgLWokb7aTCkUA
 +VybEriemQfEuzGV8P7EGkwLo/9sSQUPMtL6bqm9tuR7QY/Yjvct+yaF9b+SqK8nqI6SHuJbfc5
 JzEwTy2ORLsvXdhSC7XTaX2HDD9qEAgT7OOCwgcC4+74YUp9S2Lw==
X-Received: by 2002:a2e:7c17:0:b0:2ec:55b5:ed45 with SMTP id
 38308e7fff4ca-2f1a6c758e1mr5764021fa.24.1723192037162;
 Fri, 09 Aug 2024 01:27:17 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEezu96Gc/+KC1Om0jkS4bi9Cxg05UuBFcocXHdAyIt0c1SyAxgjDSaLOcg4CcjEQ9EHYxHTQ==
X-Received: by 2002:a2e:7c17:0:b0:2ec:55b5:ed45 with SMTP id
 38308e7fff4ca-2f1a6c758e1mr5763881fa.24.1723192036419;
 Fri, 09 Aug 2024 01:27:16 -0700 (PDT)
Received: from localhost (53.116.107.80.static.otenet.gr. [80.107.116.53])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4290598f18asm117530725e9.27.2024.08.09.01.27.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Aug 2024 01:27:16 -0700 (PDT)
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: ovs-dev@openvswitch.org
Date: Fri,  9 Aug 2024 10:27:05 +0200
Message-ID: 
 <dc72fa2e0fd055cdec1a0b712ac60543bc8d6cb7.1723190435.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
References: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH v10 1/3] northd: Introduce ECMP_Nexthop table in
 SB db.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Cc: dceara@redhat.com
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Introduce ECMP_Nexthop table in the SB db in order to track active
ecmp-symmetric-reply connections and flush stale ones.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 lib/ovn-util.h           |  2 ++
 northd/en-northd.c       | 35 ++++++++++++++++++++
 northd/en-northd.h       |  4 +++
 northd/inc-proc-northd.c |  7 +++-
 northd/northd.c          | 70 ++++++++++++++++++++++++++++++++++++++++
 northd/northd.h          | 10 ++++++
 ovn-sb.ovsschema         | 16 ++++++++-
 ovn-sb.xml               | 31 ++++++++++++++++++
 tests/ovn-northd.at      |  4 +++
 9 files changed, 177 insertions(+), 2 deletions(-)

diff --git a/lib/ovn-util.h b/lib/ovn-util.h
index 7b98b9b9a..622fec531 100644
--- a/lib/ovn-util.h
+++ b/lib/ovn-util.h
@@ -38,6 +38,8 @@
 #define STT_TUNNEL_OVERHEAD 18
 #define VXLAN_TUNNEL_OVERHEAD 30
 
+#define ECMP_NEXTHOP_IDS_LEN 65535
+
 struct eth_addr;
 struct nbrec_logical_router_port;
 struct ovsrec_flow_sample_collector_set_table;
diff --git a/northd/en-northd.c b/northd/en-northd.c
index 34f0a7df7..63f93bbf4 100644
--- a/northd/en-northd.c
+++ b/northd/en-northd.c
@@ -404,6 +404,25 @@ en_bfd_sync_run(struct engine_node *node, void *data)
     engine_set_node_state(node, EN_UPDATED);
 }
 
+void
+en_ecmp_nexthop_run(struct engine_node *node, void *data)
+{
+    const struct engine_context *eng_ctx = engine_get_context();
+    struct static_routes_data *static_routes_data =
+        engine_get_input_data("static_routes", node);
+    struct ecmp_nexthop_data *enh_data = data;
+    const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nexthop_table =
+        EN_OVSDB_GET(engine_get_input("SB_ecmp_nexthop", node));
+
+    ecmp_nexthop_destroy(data);
+    ecmp_nexthop_init(data);
+    build_ecmp_nexthop_table(eng_ctx->ovnsb_idl_txn,
+                             &static_routes_data->parsed_routes,
+                             &enh_data->nexthops,
+                             sbrec_ecmp_nexthop_table);
+    engine_set_node_state(node, EN_UPDATED);
+}
+
 void
 *en_northd_init(struct engine_node *node OVS_UNUSED,
                 struct engine_arg *arg OVS_UNUSED)
@@ -454,6 +473,16 @@ void
     return data;
 }
 
+void
+*en_ecmp_nexthop_init(struct engine_node *node OVS_UNUSED,
+                      struct engine_arg *arg OVS_UNUSED)
+{
+    struct ecmp_nexthop_data *data = xzalloc(sizeof *data);
+
+    ecmp_nexthop_init(data);
+    return data;
+}
+
 void
 en_northd_cleanup(void *data)
 {
@@ -526,3 +555,9 @@ en_bfd_sync_cleanup(void *data)
 {
     bfd_destroy(data);
 }
+
+void
+en_ecmp_nexthop_cleanup(void *data)
+{
+    ecmp_nexthop_destroy(data);
+}
diff --git a/northd/en-northd.h b/northd/en-northd.h
index 631a7c17a..2666cc67e 100644
--- a/northd/en-northd.h
+++ b/northd/en-northd.h
@@ -42,5 +42,9 @@ bool bfd_sync_northd_change_handler(struct engine_node *node,
                                     void *data OVS_UNUSED);
 void en_bfd_sync_run(struct engine_node *node, void *data);
 void en_bfd_sync_cleanup(void *data OVS_UNUSED);
+void en_ecmp_nexthop_run(struct engine_node *node, void *data);
+void *en_ecmp_nexthop_init(struct engine_node *node OVS_UNUSED,
+                           struct engine_arg *arg OVS_UNUSED);
+void en_ecmp_nexthop_cleanup(void *data);
 
 #endif /* EN_NORTHD_H */
diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
index 1f79916a5..06c7ee2b8 100644
--- a/northd/inc-proc-northd.c
+++ b/northd/inc-proc-northd.c
@@ -103,7 +103,8 @@ static unixctl_cb_func chassis_features_list;
     SB_NODE(fdb, "fdb") \
     SB_NODE(static_mac_binding, "static_mac_binding") \
     SB_NODE(chassis_template_var, "chassis_template_var") \
-    SB_NODE(logical_dp_group, "logical_dp_group")
+    SB_NODE(logical_dp_group, "logical_dp_group") \
+    SB_NODE(ecmp_nexthop, "ecmp_nexthop")
 
 enum sb_engine_node {
 #define SB_NODE(NAME, NAME_STR) SB_##NAME,
@@ -162,6 +163,7 @@ static ENGINE_NODE(route_policies, "route_policies");
 static ENGINE_NODE(static_routes, "static_routes");
 static ENGINE_NODE(bfd, "bfd");
 static ENGINE_NODE(bfd_sync, "bfd_sync");
+static ENGINE_NODE(ecmp_nexthop, "ecmp_nexthop");
 
 void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
                           struct ovsdb_idl_loop *sb)
@@ -264,6 +266,9 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
     engine_add_input(&en_bfd_sync, &en_route_policies, NULL);
     engine_add_input(&en_bfd_sync, &en_northd, bfd_sync_northd_change_handler);
 
+    engine_add_input(&en_ecmp_nexthop, &en_sb_ecmp_nexthop, NULL);
+    engine_add_input(&en_ecmp_nexthop, &en_static_routes, NULL);
+
     engine_add_input(&en_sync_meters, &en_nb_acl, NULL);
     engine_add_input(&en_sync_meters, &en_nb_meter, NULL);
     engine_add_input(&en_sync_meters, &en_sb_meter, NULL);
diff --git a/northd/northd.c b/northd/northd.c
index 0c73e70df..4135f102f 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -10665,6 +10665,64 @@ build_bfd_map(const struct nbrec_bfd_table *nbrec_bfd_table,
     }
 }
 
+void
+build_ecmp_nexthop_table(
+        struct ovsdb_idl_txn *ovnsb_txn,
+        struct hmap *routes,
+        struct simap *nexthops,
+        const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nexthop_table)
+{
+    if (!ovnsb_txn) {
+        return;
+    }
+
+    unsigned long *nexthop_ids = bitmap_allocate(ECMP_NEXTHOP_IDS_LEN);
+    const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop;
+    SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sb_ecmp_nexthop,
+                                       sbrec_ecmp_nexthop_table) {
+        simap_put(nexthops, sb_ecmp_nexthop->nexthop,
+                  sb_ecmp_nexthop->id);
+        bitmap_set1(nexthop_ids, sb_ecmp_nexthop->id);
+    }
+
+    struct sset nb_nexthops_sset = SSET_INITIALIZER(&nb_nexthops_sset);
+
+    struct parsed_route *pr;
+    HMAP_FOR_EACH (pr, key_node, routes) {
+        if (!pr->ecmp_symmetric_reply) {
+            continue;
+        }
+
+        const struct nbrec_logical_router_static_route *r = pr->route;
+        if (!simap_contains(nexthops, r->nexthop)) {
+            int id = bitmap_scan(nexthop_ids, 0, 1, ECMP_NEXTHOP_IDS_LEN);
+            if (id == ECMP_NEXTHOP_IDS_LEN) {
+                static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
+                VLOG_WARN_RL(&rl, "nexthop id address space is exhausted");
+                continue;
+            }
+            bitmap_set1(nexthop_ids, id);
+            simap_put(nexthops, r->nexthop, id);
+
+            sb_ecmp_nexthop = sbrec_ecmp_nexthop_insert(ovnsb_txn);
+            sbrec_ecmp_nexthop_set_nexthop(sb_ecmp_nexthop, r->nexthop);
+            sbrec_ecmp_nexthop_set_id(sb_ecmp_nexthop, id);
+        }
+        sset_add(&nb_nexthops_sset, r->nexthop);
+    }
+
+    SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH_SAFE (sb_ecmp_nexthop,
+                                            sbrec_ecmp_nexthop_table) {
+        if (!sset_contains(&nb_nexthops_sset, sb_ecmp_nexthop->nexthop)) {
+            simap_find_and_delete(nexthops, sb_ecmp_nexthop->nexthop);
+            sbrec_ecmp_nexthop_delete(sb_ecmp_nexthop);
+        }
+    }
+
+    sset_destroy(&nb_nexthops_sset);
+    bitmap_free(nexthop_ids);
+}
+
 /* Returns a string of the IP address of the router port 'op' that
  * overlaps with 'ip_s".  If one is not found, returns NULL.
  *
@@ -18480,6 +18538,12 @@ bfd_init(struct bfd_data *data)
     hmap_init(&data->bfd_connections);
 }
 
+void
+ecmp_nexthop_init(struct ecmp_nexthop_data *data)
+{
+    simap_init(&data->nexthops);
+}
+
 void
 northd_destroy(struct northd_data *data)
 {
@@ -18561,6 +18625,12 @@ static_routes_destroy(struct static_routes_data *data)
     __bfd_destroy(&data->bfd_active_connections);
 }
 
+void
+ecmp_nexthop_destroy(struct ecmp_nexthop_data *data)
+{
+    simap_destroy(&data->nexthops);
+}
+
 void
 ovnnb_db_run(struct northd_input *input_data,
              struct northd_data *data,
diff --git a/northd/northd.h b/northd/northd.h
index e04ec5856..5ff4bdcc8 100644
--- a/northd/northd.h
+++ b/northd/northd.h
@@ -188,6 +188,10 @@ struct bfd_data {
     struct hmap bfd_connections;
 };
 
+struct ecmp_nexthop_data {
+    struct simap nexthops;
+};
+
 struct lr_nat_table;
 
 struct lflow_input {
@@ -731,6 +735,12 @@ void static_routes_destroy(struct static_routes_data *);
 void bfd_init(struct bfd_data *);
 void bfd_destroy(struct bfd_data *);
 
+void build_ecmp_nexthop_table(struct ovsdb_idl_txn *,
+                              struct hmap *, struct simap *,
+                              const struct sbrec_ecmp_nexthop_table *);
+void ecmp_nexthop_init(struct ecmp_nexthop_data *);
+void ecmp_nexthop_destroy(struct ecmp_nexthop_data *);
+
 struct lflow_table;
 struct lr_stateful_tracked_data;
 struct ls_stateful_tracked_data;
diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema
index ec39fdd81..cc7810e98 100644
--- a/ovn-sb.ovsschema
+++ b/ovn-sb.ovsschema
@@ -1,7 +1,7 @@
 {
     "name": "OVN_Southbound",
     "version": "20.35.0",
-    "cksum": "2897301415 31493",
+    "cksum": "2767238276 32154",
     "tables": {
         "SB_Global": {
             "columns": {
@@ -610,6 +610,20 @@
                                           "refTable": "Datapath_Binding"}}}},
             "indexes": [["logical_port", "ip"]],
             "isRoot": true},
+        "ECMP_Nexthop": {
+            "columns": {
+                "nexthop": {"type": "string"},
+                "id": {"type": {"key": {"type": "integer",
+                                        "minInteger": 0,
+                                        "maxInteger": 65535}}},
+                "external_ids": {
+                    "type": {"key": "string", "value": "string",
+                             "min": 0, "max": "unlimited"}},
+                "options": {
+                    "type": {"key": "string", "value": "string",
+                             "min": 0, "max": "unlimited"}}},
+            "indexes": [["nexthop"]],
+            "isRoot": true},
         "Chassis_Template_Var": {
             "columns": {
                 "chassis": {"type": "string"},
diff --git a/ovn-sb.xml b/ovn-sb.xml
index cbcbbfb53..de0bd636f 100644
--- a/ovn-sb.xml
+++ b/ovn-sb.xml
@@ -5175,4 +5175,35 @@ tcp.flags = RST;
       The set of variable values for a given chassis.
     </column>
   </table>
+
+  <table name="ECMP_Nexthop">
+    <p>
+      Each record in this table represents an active ECMP route committed by
+      <code>ovn-northd</code> to <code>ovs</code> connection-tracking table.
+      <code>ECMP_Nexthop</code> table is used by <code>ovn-controller</code>
+      to track active ct entries and to flush stale ones.
+    </p>
+    <column name="nexthop">
+      <p>
+        Nexthop IP address for this ECMP route. Nexthop IP address should
+        be the IP address of a connected router port or the IP address of
+        an external device used as nexthop for the given destination.
+      </p>
+    </column>
+
+    <column name="id">
+      <p>
+        Nexthop unique identifier. Nexthop ID is used to track active
+        ecmp-symmetric-reply connections and flush stale ones.
+      </p>
+    </column>
+
+    <column name="options">
+      Reserved for future use.
+    </column>
+
+    <column name="external_ids">
+      See <em>External IDs</em> at the beginning of this document.
+    </column>
+  </table>
 </database>
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index f2f42275a..e4c882265 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -6800,6 +6800,7 @@ check ovn-nbctl lsp-set-addresses public-lr0 router
 check ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public
 
 check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.0.10
+check_row_count ECMP_Nexthop 1
 
 ovn-sbctl dump-flows lr0 > lr0flows
 
@@ -6817,6 +6818,7 @@ AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | ovn_strip_lflows], [0], [dn
 ])
 
 check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.0.20
+check_row_count ECMP_Nexthop 2
 
 ovn-sbctl dump-flows lr0 > lr0flows
 AT_CHECK([grep -w "lr_in_ip_routing" lr0flows | ovn_strip_lflows], [0], [dnl
@@ -6846,6 +6848,7 @@ AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], [
 
 # add ecmp route with wrong nexthop
 check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.1.20
+check_row_count ECMP_Nexthop 2
 
 ovn-sbctl dump-flows lr0 > lr0flows
 AT_CHECK([grep -w "lr_in_ip_routing" lr0flows | ovn_strip_lflows], [0], [dnl
@@ -6865,6 +6868,7 @@ AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | sed 's/192\.168\.0\..0/192.
 
 check ovn-nbctl lr-route-del lr0
 wait_row_count nb:Logical_Router_Static_Route 0
+check_row_count ECMP_Nexthop 0
 
 check ovn-nbctl --wait=sb lr-route-add lr0 1.0.0.0/24 192.168.0.10
 ovn-sbctl dump-flows lr0 > lr0flows

From patchwork Fri Aug  9 08:27:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
X-Patchwork-Id: 1970855
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=BN3k48kE;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WgH8p1p4rz1ybS
	for <incoming@patchwork.ozlabs.org>; Fri,  9 Aug 2024 18:27:38 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 791A660E59;
	Fri,  9 Aug 2024 08:27:35 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id TOVX2EpzzEAD; Fri,  9 Aug 2024 08:27:33 +0000 (UTC)
X-Comment: SPF check N/A for local connections -
 client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 6941160E41
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=BN3k48kE
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp3.osuosl.org (Postfix) with ESMTPS id 6941160E41;
	Fri,  9 Aug 2024 08:27:33 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id BECE5C0926;
	Fri,  9 Aug 2024 08:27:32 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 14F76C0033
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 7D7F4412F8
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:27 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id VAnV16nVwyQK for <ovs-dev@openvswitch.org>;
 Fri,  9 Aug 2024 08:27:25 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com;
 envelope-from=lorenzo.bianconi@redhat.com; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org C7865412F5
Authentication-Results: smtp4.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C7865412F5
Authentication-Results: smtp4.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=BN3k48kE
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp4.osuosl.org (Postfix) with ESMTPS id C7865412F5
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1723192043;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=2px6oqIVFdz8HUOuCiNsH/rSP/eeZzFZPBEh+2koayE=;
 b=BN3k48kEIMzVubRq0fyNR/F0AuA78W7VLNHdM5a6D1r0XqiOHeA+evzbvg5i5cods0N4hE
 c8wm1SEQFPuWg8bfOiAJ3eitTGubq+wgxL1sqIFAKMZ0UVhKgJ0D+Iic+8RTfWEw8AVitE
 EJ9ZIrEz+gfUKv2cmCpSGSFAWzzvh2I=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-381-Fh-3H57nOBaRmdH5XXksOQ-1; Fri, 09 Aug 2024 04:27:21 -0400
X-MC-Unique: Fh-3H57nOBaRmdH5XXksOQ-1
Received: by mail-wm1-f71.google.com with SMTP id
 5b1f17b1804b1-428040f49f9so12636665e9.0
 for <ovs-dev@openvswitch.org>; Fri, 09 Aug 2024 01:27:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1723192040; x=1723796840;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=2px6oqIVFdz8HUOuCiNsH/rSP/eeZzFZPBEh+2koayE=;
 b=GJ3EEvUkIR+UHecCbeJwRXRyX3yzh8ivBveMcYpdGXA4decf5JDE8fu11cmL+wnDBv
 ZUv47+MzfaKYCaXeWfBXANoSDSwl5EvODcjGqhAqyAT3mac6FeBisyIHvTjYMBn/s5Ub
 L7xS0s5vI0alBgo6JWia3LJbf1uVrG+PV+jb5XK3u078NyENBQ0PgXHX7qv5TwyhDDZ3
 OEOPXPUQPMibeRI2Qiwn12ftyT/OL6Cy2oj2t/1tZ3gHBo4hm/AL8HYwGHFQnSXIhzLs
 XmqpffaXuCBiA//0DKvBMe0RlS7gonpWbCQhG+FNPOGWCYzc+xAX6mTg2EzRjx1jwqqE
 O+MA==
X-Gm-Message-State: AOJu0YzMdt041wotUkbFUG4v38BNi0BjrRq6lp/M6nTU03Qsz8bAr81u
 7N6vXgcZGw7hSher9cAlnbJU1SfhGuq4sD4+e8ZPMd09cuq27oWbisdb7Bxi0Cef9RXECXtsWwC
 FaPEXEOubDuF+yn7uPF0VCSaISb+Wgt6/KvO0VvOK1EMh7SXB3sVKj2PrJXed1Q7Z/5iTxIRcAB
 eq+SvqPWRwdVkroDguG1FpyRkt19zkHCp1a7qOKN+MAJCsG3AiJQ==
X-Received: by 2002:a05:600c:1d1d:b0:426:66e9:b844 with SMTP id
 5b1f17b1804b1-429c3a17067mr6411495e9.8.1723192040103;
 Fri, 09 Aug 2024 01:27:20 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHKwj3sqA83yEt5nT637BSrCLS0poF3/eXId1SMOwWjOCrRW3bVI6rEdk46Y7b4+hbD+O/H/g==
X-Received: by 2002:a05:600c:1d1d:b0:426:66e9:b844 with SMTP id
 5b1f17b1804b1-429c3a17067mr6411205e9.8.1723192039473;
 Fri, 09 Aug 2024 01:27:19 -0700 (PDT)
Received: from localhost (53.116.107.80.static.otenet.gr. [80.107.116.53])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4290c738e01sm63546385e9.11.2024.08.09.01.27.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Aug 2024 01:27:19 -0700 (PDT)
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: ovs-dev@openvswitch.org
Date: Fri,  9 Aug 2024 10:27:06 +0200
Message-ID: 
 <7a771fbab6e7336b949a7521969cbfca7130354c.1723190435.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
References: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH v10 2/3] northd: Add nexhop id in ct_label.label.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Cc: dceara@redhat.com
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Introduce the nexthop identifier in the ct_label.label field for
ecmp-symmetric replies connections. This field will be used by
ovn-controller to track ct entries and to flush them if requested by the
CMS (e.g. removing the related static routes).

Acked-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Ales Musil <amusil@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 northd/en-lflow.c        |  3 ++
 northd/inc-proc-northd.c |  1 +
 northd/northd.c          | 35 ++++++++++++++------
 northd/northd.h          |  1 +
 tests/ovn.at             |  4 +--
 tests/system-ovn.at      | 71 ++++++++++++++++++++++++----------------
 6 files changed, 74 insertions(+), 41 deletions(-)

diff --git a/northd/en-lflow.c b/northd/en-lflow.c
index a713f1598..f9d7f2459 100644
--- a/northd/en-lflow.c
+++ b/northd/en-lflow.c
@@ -55,6 +55,8 @@ lflow_get_input_data(struct engine_node *node,
         engine_get_input_data("lr_stateful", node);
     struct ed_type_ls_stateful *ls_stateful_data =
         engine_get_input_data("ls_stateful", node);
+    struct ecmp_nexthop_data *nexthop_data =
+        engine_get_input_data("ecmp_nexthop", node);
 
     lflow_input->sbrec_logical_flow_table =
         EN_OVSDB_GET(engine_get_input("SB_logical_flow", node));
@@ -84,6 +86,7 @@ lflow_get_input_data(struct engine_node *node,
     lflow_input->parsed_routes = &static_routes_data->parsed_routes;
     lflow_input->route_tables = &static_routes_data->route_tables;
     lflow_input->route_policies = &route_policies_data->route_policies;
+    lflow_input->nexthops_table = &nexthop_data->nexthops;
 
     struct ed_type_global_config *global_config =
         engine_get_input_data("global_config", node);
diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
index 06c7ee2b8..cb880b439 100644
--- a/northd/inc-proc-northd.c
+++ b/northd/inc-proc-northd.c
@@ -282,6 +282,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
     engine_add_input(&en_lflow, &en_bfd_sync, NULL);
     engine_add_input(&en_lflow, &en_route_policies, NULL);
     engine_add_input(&en_lflow, &en_static_routes, NULL);
+    engine_add_input(&en_lflow, &en_ecmp_nexthop, NULL);
     engine_add_input(&en_lflow, &en_global_config,
                      node_global_config_handler);
 
diff --git a/northd/northd.c b/northd/northd.c
index 4135f102f..5ad30d854 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -11512,7 +11512,8 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
                                struct ovn_port *out_port,
                                const struct parsed_route *route,
                                struct ds *route_match,
-                               struct lflow_ref *lflow_ref)
+                               struct lflow_ref *lflow_ref,
+                               struct simap *nexthops_table)
 {
     const struct nbrec_logical_router_static_route *st_route = route->route;
     struct ds match = DS_EMPTY_INITIALIZER;
@@ -11547,9 +11548,15 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
     ds_put_cstr(&match, " && (ct.new || ct.est)");
     ds_put_format(&actions,
             "ct_commit { ct_label.ecmp_reply_eth = eth.src; "
-            "ct_mark.ecmp_reply_port = %" PRId64 ";}; "
-            "next;",
+            "ct_mark.ecmp_reply_port = %" PRId64 ";",
             out_port->sb->tunnel_key);
+
+    struct simap_node *n = simap_find(nexthops_table, st_route->nexthop);
+    if (n) {
+        ds_put_format(&actions, " ct_label.label = %d;", n->data);
+    }
+    ds_put_cstr(&actions, " }; next;");
+
     ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100,
                             ds_cstr(&match), ds_cstr(&actions),
                             &st_route->header_,
@@ -11606,7 +11613,8 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows,
 static void
 build_ecmp_route_flow(struct lflow_table *lflows, struct ovn_datapath *od,
                       const struct hmap *lr_ports, struct ecmp_groups_node *eg,
-                      struct lflow_ref *lflow_ref)
+                      struct lflow_ref *lflow_ref,
+                      struct simap *nexthops_table)
 
 {
     bool is_ipv4 = IN6_IS_ADDR_V4MAPPED(&eg->prefix);
@@ -11663,7 +11671,7 @@ build_ecmp_route_flow(struct lflow_table *lflows, struct ovn_datapath *od,
                                                      out_port->key)) {
             add_ecmp_symmetric_reply_flows(lflows, od, lrp_addr_s, out_port,
                                            route_, &route_match,
-                                           lflow_ref);
+                                           lflow_ref, nexthops_table);
         }
         ds_clear(&match);
         ds_put_format(&match, REG_ECMP_GROUP_ID" == %"PRIu16" && "
@@ -13565,7 +13573,7 @@ build_static_route_flows_for_lrouter(
         struct ovn_datapath *od, struct lflow_table *lflows,
         const struct hmap *lr_ports, struct hmap *parsed_routes,
         struct simap *route_tables, const struct hmap *bfd_connections,
-        struct lflow_ref *lflow_ref)
+        struct lflow_ref *lflow_ref, struct simap *nexthops_table)
 {
     ovs_assert(od->nbr);
     ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_IP_ROUTING_ECMP,
@@ -13607,7 +13615,8 @@ build_static_route_flows_for_lrouter(
     HMAP_FOR_EACH (group, hmap_node, &ecmp_groups) {
         /* add a flow in IP_ROUTING, and one flow for each member in
          * IP_ROUTING_ECMP. */
-        build_ecmp_route_flow(lflows, od, lr_ports, group, lflow_ref);
+        build_ecmp_route_flow(lflows, od, lr_ports, group, lflow_ref,
+                              nexthops_table);
     }
     const struct unique_routes_node *ur;
     HMAP_FOR_EACH (ur, hmap_node, &unique_routes) {
@@ -16818,6 +16827,7 @@ struct lswitch_flow_build_info {
     struct hmap *parsed_routes;
     struct hmap *route_policies;
     struct simap *route_tables;
+    struct simap *nexthops_table;
 };
 
 /* Helper function to combine all lflow generation which is iterated by
@@ -16864,7 +16874,8 @@ build_lswitch_and_lrouter_iterate_by_lr(struct ovn_datapath *od,
     build_ip_routing_pre_flows_for_lrouter(od, lsi->lflows, NULL);
     build_static_route_flows_for_lrouter(od, lsi->lflows, lsi->lr_ports,
                                          lsi->parsed_routes, lsi->route_tables,
-                                         lsi->bfd_connections, NULL);
+                                         lsi->bfd_connections, NULL,
+                                         lsi->nexthops_table);
     build_mcast_lookup_flows_for_lrouter(od, lsi->lflows, &lsi->match,
                                          &lsi->actions, NULL);
     build_ingress_policy_flows_for_lrouter(od, lsi->lflows, lsi->lr_ports,
@@ -17191,7 +17202,8 @@ build_lswitch_and_lrouter_flows(
     const struct sampling_app_table *sampling_apps,
     struct hmap *parsed_routes,
     struct hmap *route_policies,
-    struct simap *route_tables)
+    struct simap *route_tables,
+    struct simap *nexthops_table)
 {
 
     char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac);
@@ -17229,6 +17241,7 @@ build_lswitch_and_lrouter_flows(
             lsiv[index].parsed_routes = parsed_routes;
             lsiv[index].route_tables = route_tables;
             lsiv[index].route_policies = route_policies;
+            lsiv[index].nexthops_table = nexthops_table;
             ds_init(&lsiv[index].match);
             ds_init(&lsiv[index].actions);
 
@@ -17275,6 +17288,7 @@ build_lswitch_and_lrouter_flows(
             .route_policies = route_policies,
             .match = DS_EMPTY_INITIALIZER,
             .actions = DS_EMPTY_INITIALIZER,
+            .nexthops_table = nexthops_table,
         };
 
         /* Combined build - all lflow generation from lswitch and lrouter
@@ -17441,7 +17455,8 @@ void build_lflows(struct ovsdb_idl_txn *ovnsb_txn,
                                     input_data->sampling_apps,
                                     input_data->parsed_routes,
                                     input_data->route_policies,
-                                    input_data->route_tables);
+                                    input_data->route_tables,
+                                    input_data->nexthops_table);
 
     if (parallelization_state == STATE_INIT_HASH_SIZES) {
         parallelization_state = STATE_USE_PARALLELIZATION;
diff --git a/northd/northd.h b/northd/northd.h
index 5ff4bdcc8..6e0258ff4 100644
--- a/northd/northd.h
+++ b/northd/northd.h
@@ -222,6 +222,7 @@ struct lflow_input {
     struct hmap *parsed_routes;
     struct hmap *route_policies;
     struct simap *route_tables;
+    struct simap *nexthops_table;
 };
 
 extern int parallelization_state;
diff --git a/tests/ovn.at b/tests/ovn.at
index aac9af0c0..a1d689e84 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -28717,7 +28717,7 @@ AT_CHECK([
     for hv in 1 2; do
         grep table=$ecmp_stateful hv${hv}flows | \
         grep "priority=100" | \
-        grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
+        grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))"
 
         grep table=$arp_resolve hv${hv}flows | \
         grep "priority=200" | \
@@ -28846,7 +28846,7 @@ AT_CHECK([
     for hv in 1 2; do
         grep table=$ecmp_stateful hv${hv}flows | \
         grep "priority=100" | \
-        grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
+        grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))"
 
         grep table=$arp_resolve hv${hv}flows | \
         grep "priority=200" | \
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 7ba2e150b..6318459ef 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -6172,18 +6172,21 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \
 # and just ensure that the known ethernet address is present.
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/'], [0], [dnl
-icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=<cleared>,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=<cleared>,type=0,code=0),zone=<cleared>,mark=<cleared>,labels=0x401020400000000
-tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x401020400000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl
+icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=<cleared>,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=<cleared>,type=0,code=0),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020400000000
+tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020400000000,protoinfo=(state=<cleared>)
 ])
 
 # Ensure datapaths show conntrack states as expected
 # Like with conntrack entries, we shouldn't try to predict
 # port binding tunnel keys. So omit them from expected labels.
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est+trk).*ct(.*label=0x401020400000000/.*)' -c], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-flows | sed -e 's/label=0x[[0-9]]/label=0x?/' | \
+grep 'ct_state(+new-est+trk).*ct(.*label=0x?000000000401020400000000/.*)' -c], [0], [dnl
 2
 ])
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+trk).*ct_label(0x401020400000000)' -c], [0], [dnl
+AT_CHECK([[ovs-appctl dpctl/dump-flows | sed -e 's/ct_label(0x[0-9]/ct_label(0x?/' | \
+grep 'ct_state(-new+est+trk).*ct_label(0x?000000000401020400000000)' -c]], [0], [dnl
 2
 ])
 
@@ -6202,18 +6205,21 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \
 [0], [dnl
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
 ])
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est+trk).*ct(.*label=0x1001020400000000/.*)' -c], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-flows | sed -e 's/label=0x[[0-9]]/label=0x?/' | \
+grep 'ct_state(+new-est+trk).*ct(.*label=0x?000000001001020400000000/.*)' -c], [0], [dnl
 2
 ])
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+trk).*ct_label(0x1001020400000000)' -c], [0], [dnl
+AT_CHECK([[ovs-appctl dpctl/dump-flows | sed -e 's/ct_label(0x[0-9]/ct_label(0x?/' | \
+grep 'ct_state(-new+est+trk).*ct_label(0x?000000001001020400000000)' -c]], [0], [dnl
 2
 ])
 
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x1001020400000000 | FORMAT_CT(172.16.0.1) | \
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(172.16.0.1) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/' | sort], [0], [dnl
-icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=<cleared>,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=<cleared>,type=0,code=0),zone=<cleared>,mark=<cleared>,labels=0x1001020400000000
-tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x1001020400000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
+icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=<cleared>,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=<cleared>,type=0,code=0),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000
+tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000,protoinfo=(state=<cleared>)
 ])
 # Check entries in table 76 and 77 expires w/o traffic
 OVS_WAIT_UNTIL([
@@ -6235,10 +6241,11 @@ NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 172.16.0.1 | FORMAT_PING], \
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
 ])
 
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x401020500000000 | FORMAT_CT(172.16.0.1) | \
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 401020500000000 | FORMAT_CT(172.16.0.1) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/' | sort], [0], [dnl
-tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x401020500000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
+tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020500000000,protoinfo=(state=<cleared>)
 ])
 
 OVS_APP_EXIT_AND_WAIT([ovn-controller])
@@ -6388,11 +6395,12 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \
 # Ensure datapaths show conntrack states as expected
 # Like with conntrack entries, we shouldn't try to predict
 # port binding tunnel keys. So omit them from expected labels.
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est+trk).*ct(.*label=0x401020400000000/.*)' -c], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-flows | sed -e 's/label=0x[[0-9]]/label=0x?/' | \
+grep 'ct_state(+new-est+trk).*ct(.*label=0x?000000000401020400000000/.*)' -c], [0], [dnl
 2
 ])
-
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+trk).*ct_label(0x401020400000000)' -c], [0], [dnl
+AT_CHECK([[ovs-appctl dpctl/dump-flows | sed -e 's/ct_label(0x[0-9]/ct_label(0x?/' | \
+grep 'ct_state(-new+est+trk).*ct_label(0x?000000000401020400000000)' -c]], [0], [dnl
 2
 ])
 
@@ -6401,9 +6409,10 @@ AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+trk).*ct_label(0
 # and just ensure that the known ethernet address is present.
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/' | sort], [0], [dnl
-icmpv6,orig=(src=fd07::1,dst=fd01::2,id=<cleared>,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=<cleared>,type=129,code=0),zone=<cleared>,mark=<cleared>,labels=0x401020400000000
-tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x401020400000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
+icmpv6,orig=(src=fd07::1,dst=fd01::2,id=<cleared>,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=<cleared>,type=129,code=0),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020400000000
+tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020400000000,protoinfo=(state=<cleared>)
 ])
 
 # Flush conntrack entries for easier output parsing of next test.
@@ -6420,18 +6429,21 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
 ])
 
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est+trk).*ct(.*label=0x1001020400000000/.*)' -c], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-flows | sed -e 's/label=0x[[0-9]]/label=0x?/' | \
+grep 'ct_state(+new-est+trk).*ct(.*label=0x?000000001001020400000000/.*)' -c], [0], [dnl
 2
 ])
-AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+trk).*ct_label(0x1001020400000000)' -c], [0], [dnl
+AT_CHECK([[ovs-appctl dpctl/dump-flows | sed -e 's/ct_label(0x[0-9]/ct_label(0x?/' | \
+grep 'ct_state(-new+est+trk).*ct_label(0x?000000001001020400000000)' -c]], [0], [dnl
 2
 ])
 
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x1001020400000000 | FORMAT_CT(fd01::2) | \
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(fd01::2) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/'], [0], [dnl
-icmpv6,orig=(src=fd07::1,dst=fd01::2,id=<cleared>,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=<cleared>,type=129,code=0),zone=<cleared>,mark=<cleared>,labels=0x1001020400000000
-tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x1001020400000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl
+icmpv6,orig=(src=fd07::1,dst=fd01::2,id=<cleared>,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=<cleared>,type=129,code=0),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000
+tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000,protoinfo=(state=<cleared>)
 ])
 
 # Check entries in table 76 and 77 expires w/o traffic
@@ -6451,10 +6463,11 @@ NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 fd07::1 | FORMAT_PING], \
 3 packets transmitted, 3 received, 0% packet loss, time 0ms
 ])
 
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x1001020400000000 | FORMAT_CT(fd07::1) | \
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(fd07::1) | \
 sed -e 's/zone=[[0-9]]*/zone=<cleared>/' |
-sed -e 's/mark=[[0-9]]*/mark=<cleared>/' | sort], [0], [dnl
-tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x1001020400000000,protoinfo=(state=<cleared>)
+sed -e 's/mark=[[0-9]]*/mark=<cleared>/' |
+sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
+tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000,protoinfo=(state=<cleared>)
 ])
 
 OVS_APP_EXIT_AND_WAIT([ovn-controller])

From patchwork Fri Aug  9 08:27:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
X-Patchwork-Id: 1970854
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=O2cuhfky;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.137; helo=smtp4.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WgH8l3bWsz1ybS
	for <incoming@patchwork.ozlabs.org>; Fri,  9 Aug 2024 18:27:35 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id BFB7F41329;
	Fri,  9 Aug 2024 08:27:33 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id yh9-ENOuWBLt; Fri,  9 Aug 2024 08:27:32 +0000 (UTC)
X-Comment: SPF check N/A for local connections -
 client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org CE9044131C
Authentication-Results: smtp4.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=O2cuhfky
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp4.osuosl.org (Postfix) with ESMTPS id CE9044131C;
	Fri,  9 Aug 2024 08:27:31 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 7770BC0035;
	Fri,  9 Aug 2024 08:27:31 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 2396FC0035
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id E475681E32
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:27 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id LHHJdHWJJ--z for <ovs-dev@openvswitch.org>;
 Fri,  9 Aug 2024 08:27:27 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com;
 envelope-from=lorenzo.bianconi@redhat.com; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org DF2BD81E25
Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org DF2BD81E25
Authentication-Results: smtp1.osuosl.org;
 dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=O2cuhfky
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp1.osuosl.org (Postfix) with ESMTPS id DF2BD81E25
 for <ovs-dev@openvswitch.org>; Fri,  9 Aug 2024 08:27:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1723192045;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=kZks9quO7rgq48tM8s8zSSXSeXq/y8/To5hlVe3/80Q=;
 b=O2cuhfkyQf7g95rkYbqnPujx1ncrTjY6y6VqcDzWPDNZxdVhLGZ+P7BlVPVbE2zIBno6wf
 GHvSRe5p+V1bdx8C6FP6JPp7sJ/rDo0I6A1rDSIXheA3U+niALhGYCM/wQfiHBmILtSnn8
 rOtVdHBkNB7AieeNL3OqB6XkiRp9Pbo=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-531-DDGCYWocOfK56GaAuC97Bg-1; Fri, 09 Aug 2024 04:27:24 -0400
X-MC-Unique: DDGCYWocOfK56GaAuC97Bg-1
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-4280a39ecebso13757525e9.0
 for <ovs-dev@openvswitch.org>; Fri, 09 Aug 2024 01:27:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1723192043; x=1723796843;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=XSsajUZ4N3YHMvK+mWrbwJTO2dapbd1Qpj5nlMvM4p0=;
 b=VbS9ECd5FEnQHajWGInRo2NeX/O/8tbfDtGssojzLNm4mEX4NxaiCMzlwNnoIp2u64
 V2dbQ/Q1s7LaxzqPyKVudd/zYo+kCrjyGuIr0SRi5cEdQr/gdwufzs/oVOVqgP+qPsuB
 SvMbY0J5fOjMaL7+PAFnn/JNnf/VN1rwQbsSSDnq68o0y+5ca00DuSfamzk5zS59IiBB
 5RIKbuYRwijmMYHiKRjn9wvJq/SNfKFWPcU2urj9UkuzV4+b91r9Ewow9N7wv2ZB8f42
 GS4aCgHl1QDlFkPPtMZkLPcwtZsnlLCt9Pc5e6eVqAZ+Z3o3pz+qgbZSQJilnShCEWWV
 ir8A==
X-Gm-Message-State: AOJu0Yw6W75YrwgBBzIKfbbWX778voOqEKf/4pgIeXtbNvfqNIPbWi0V
 oQV7zBfKF+53tV8ku/TCqx36lH1Ic5CS6lYa/1agSzj1X3H/gqwtokt1PtjuB4p+RZV/NdVVrdT
 nmTA0FgnxjsMPBcmLwrh1upg40xa9tgMNWUEhsUVZlYRAb/69hxce/bZb9iduZKF4Aa0DlL8fy0
 R4yWohWnHb+X7gRuZKwTXwJy1+HXOvSJay1LZNg7oakYs5WA5bqQ==
X-Received: by 2002:a05:600c:450e:b0:424:8743:86b4 with SMTP id
 5b1f17b1804b1-4290b843962mr37521505e9.6.1723192042879;
 Fri, 09 Aug 2024 01:27:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE/2PbswEjduYwuUTcZToFEl5XgZdOgh3GuboZRi0ALoZ5ETrayLX2NV6NCGtVrTSZX7YuhRQ==
X-Received: by 2002:a05:600c:450e:b0:424:8743:86b4 with SMTP id
 5b1f17b1804b1-4290b843962mr37521325e9.6.1723192042340;
 Fri, 09 Aug 2024 01:27:22 -0700 (PDT)
Received: from localhost (53.116.107.80.static.otenet.gr. [80.107.116.53])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36d27228ea8sm4482985f8f.93.2024.08.09.01.27.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 09 Aug 2024 01:27:22 -0700 (PDT)
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: ovs-dev@openvswitch.org
Date: Fri,  9 Aug 2024 10:27:07 +0200
Message-ID: 
 <33a7f366476c7013b9f5d57ebc11874d316d2c3f.1723190435.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
References: <cover.1723190435.git.lorenzo.bianconi@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH v10 3/3] ofctrl: Introduce ecmp_nexthop_monitor.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Cc: dceara@redhat.com
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Introduce ecmp_nexthop_monitor in ovn-controller in order to track and
flush ecmp-symmetric reply ct entires when requested by the CMS (e.g
removing the related static routes).

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 controller/ofctrl.c         | 54 +++++++++++++++++++++++++++++++++++++
 controller/ofctrl.h         |  2 ++
 controller/ovn-controller.c |  2 ++
 tests/system-ovn.at         |  8 ++++++
 4 files changed, 66 insertions(+)

diff --git a/controller/ofctrl.c b/controller/ofctrl.c
index f9387d375..e023cab9b 100644
--- a/controller/ofctrl.c
+++ b/controller/ofctrl.c
@@ -45,6 +45,7 @@
 #include "ovn/actions.h"
 #include "lib/extend-table.h"
 #include "lib/lb.h"
+#include "lib/ovn-util.h"
 #include "openvswitch/poll-loop.h"
 #include "physical.h"
 #include "openvswitch/rconn.h"
@@ -389,9 +390,16 @@ struct meter_band_entry {
 
 static struct shash meter_bands;
 
+static unsigned long *ecmp_nexthop_ids;
+
 static void ofctrl_meter_bands_destroy(void);
 static void ofctrl_meter_bands_clear(void);
 
+static void ecmp_nexthop_monitor_run(
+        const struct sbrec_ecmp_nexthop_table *enh_table,
+        struct ovs_list *msgs);
+
+
 /* MFF_* field ID for our Geneve option.  In S_TLV_TABLE_MOD_SENT, this is
  * the option we requested (we don't know whether we obtained it yet).  In
  * S_CLEAR_FLOWS or S_UPDATE_FLOWS, this is really the option we have. */
@@ -430,6 +438,7 @@ ofctrl_init(struct ovn_extend_table *group_table,
     groups = group_table;
     meters = meter_table;
     shash_init(&meter_bands);
+    ecmp_nexthop_ids = bitmap_allocate(ECMP_NEXTHOP_IDS_LEN);
 }
 
 /* S_NEW, for a new connection.
@@ -877,6 +886,7 @@ ofctrl_destroy(void)
     expr_symtab_destroy(&symtab);
     shash_destroy(&symtab);
     ofctrl_meter_bands_destroy();
+    bitmap_free(ecmp_nexthop_ids);
 }
 
 uint64_t
@@ -2306,6 +2316,47 @@ add_meter(struct ovn_extend_table_info *m_desired,
     ofctrl_meter_bands_alloc(sb_meter, m_desired, msgs);
 }
 
+static void
+ecmp_nexthop_monitor_flush_ct_entry(uint64_t id, struct ovs_list *msgs)
+{
+    ovs_u128 mask = {
+        /* ct_labels.label BITS[96-127] */
+        .u64.hi = 0xffffffff00000000,
+    };
+    ovs_u128 nexthop = {
+        .u64.hi = id << 32,
+    };
+    struct ofp_ct_match match = {
+        .labels = nexthop,
+        .labels_mask = mask,
+    };
+    struct ofpbuf *msg = ofp_ct_match_encode(&match, NULL,
+                                             rconn_get_version(swconn));
+    ovs_list_push_back(msgs, &msg->list_node);
+}
+
+static void
+ecmp_nexthop_monitor_run(const struct sbrec_ecmp_nexthop_table *enh_table,
+                         struct ovs_list *msgs)
+{
+    unsigned long *ids = bitmap_allocate(ECMP_NEXTHOP_IDS_LEN);
+
+    const struct sbrec_ecmp_nexthop *sbrec_ecmp_nexthop;
+    SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sbrec_ecmp_nexthop, enh_table) {
+        bitmap_set1(ids, sbrec_ecmp_nexthop->id);
+    }
+
+    int id;
+    BITMAP_FOR_EACH_1 (id, ECMP_NEXTHOP_IDS_LEN, ecmp_nexthop_ids) {
+        if (!bitmap_is_set(ids, id)) {
+            ecmp_nexthop_monitor_flush_ct_entry(id, msgs);
+        }
+    }
+
+    bitmap_free(ecmp_nexthop_ids);
+    ecmp_nexthop_ids = ids;
+}
+
 static void
 installed_flow_add(struct ovn_flow *d,
                    struct ofputil_bundle_ctrl_msg *bc,
@@ -2664,6 +2715,7 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table,
            struct shash *pending_ct_zones,
            struct hmap *pending_lb_tuples,
            struct ovsdb_idl_index *sbrec_meter_by_name,
+           const struct sbrec_ecmp_nexthop_table *enh_table,
            uint64_t req_cfg,
            bool lflows_changed,
            bool pflows_changed)
@@ -2704,6 +2756,8 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table,
     /* OpenFlow messages to send to the switch to bring it up-to-date. */
     struct ovs_list msgs = OVS_LIST_INITIALIZER(&msgs);
 
+    ecmp_nexthop_monitor_run(enh_table, &msgs);
+
     /* Iterate through ct zones that need to be flushed. */
     struct shash_node *iter;
     SHASH_FOR_EACH(iter, pending_ct_zones) {
diff --git a/controller/ofctrl.h b/controller/ofctrl.h
index 129e3b6ad..33953a8a4 100644
--- a/controller/ofctrl.h
+++ b/controller/ofctrl.h
@@ -31,6 +31,7 @@ struct ofpbuf;
 struct ovsrec_bridge;
 struct ovsrec_open_vswitch_table;
 struct sbrec_meter_table;
+struct sbrec_ecmp_nexthop_table;
 struct shash;
 
 struct ovn_desired_flow_table {
@@ -59,6 +60,7 @@ void ofctrl_put(struct ovn_desired_flow_table *lflow_table,
                 struct shash *pending_ct_zones,
                 struct hmap *pending_lb_tuples,
                 struct ovsdb_idl_index *sbrec_meter_by_name,
+                const struct sbrec_ecmp_nexthop_table *enh_table,
                 uint64_t nb_cfg,
                 bool lflow_changed,
                 bool pflow_changed);
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 6a7cca673..27a4996a8 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -5725,6 +5725,8 @@ main(int argc, char *argv[])
                                    &ct_zones_data->ctx.pending,
                                    &lb_data->removed_tuples,
                                    sbrec_meter_by_name,
+                                   sbrec_ecmp_nexthop_table_get(
+                                        ovnsb_idl_loop.idl),
                                    ofctrl_seqno_get_req_cfg(),
                                    engine_node_changed(&en_lflow_output),
                                    engine_node_changed(&en_pflow_output));
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 6318459ef..75aa7097c 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -6248,6 +6248,10 @@ sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
 tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=10.0.0.2,dst=172.16.0.1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000000401020500000000,protoinfo=(state=<cleared>)
 ])
 
+# Flush connection tracking entries
+ovn-nbctl --wait=hv lr-route-del R1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1)])
+
 OVS_APP_EXIT_AND_WAIT([ovn-controller])
 
 as ovn-sb
@@ -6470,6 +6474,10 @@ sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl
 tcp,orig=(src=fd07::1,dst=fd01::2,sport=<cleared>,dport=<cleared>),reply=(src=fd01::2,dst=fd07::1,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=<cleared>,labels=0x?000000001001020400000000,protoinfo=(state=<cleared>)
 ])
 
+# Flush connection tracking entries
+check ovn-nbctl --wait=hv lr-route-del R1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2)])
+
 OVS_APP_EXIT_AND_WAIT([ovn-controller])
 
 as ovn-sb