diff --git a/SOURCES/openvswitch-2.13.0.patch b/SOURCES/openvswitch-2.13.0.patch index c2e3036..6636f31 100644 --- a/SOURCES/openvswitch-2.13.0.patch +++ b/SOURCES/openvswitch-2.13.0.patch @@ -81098,6 +81098,37 @@ index 5289a70f6e..cf009f8264 100644 #define OVS_LOCKABLE __attribute__((lockable)) #define OVS_REQ_RDLOCK(...) __attribute__((shared_locks_required(__VA_ARGS__))) #define OVS_ACQ_RDLOCK(...) __attribute__((shared_lock_function(__VA_ARGS__))) +diff --git a/include/openvswitch/flow.h b/include/openvswitch/flow.h +index 57b6c925c7..ce8a19916b 100644 +--- a/include/openvswitch/flow.h ++++ b/include/openvswitch/flow.h +@@ -141,15 +141,14 @@ struct flow { + uint8_t nw_tos; /* IP ToS (including DSCP and ECN). */ + uint8_t nw_ttl; /* IP TTL/Hop Limit. */ + uint8_t nw_proto; /* IP protocol or low 8 bits of ARP opcode. */ ++ /* L4 (64-bit aligned) */ + struct in6_addr nd_target; /* IPv6 neighbor discovery (ND) target. */ + struct eth_addr arp_sha; /* ARP/ND source hardware address. */ + struct eth_addr arp_tha; /* ARP/ND target hardware address. */ +- ovs_be16 tcp_flags; /* TCP flags/ICMPv6 ND options type. +- * With L3 to avoid matching L4. */ ++ ovs_be16 tcp_flags; /* TCP flags/ICMPv6 ND options type. */ + ovs_be16 pad2; /* Pad to 64 bits. */ + struct ovs_key_nsh nsh; /* Network Service Header keys */ + +- /* L4 (64-bit aligned) */ + ovs_be16 tp_src; /* TCP/UDP/SCTP source port/ICMP type. */ + ovs_be16 tp_dst; /* TCP/UDP/SCTP destination port/ICMP code. */ + ovs_be16 ct_tp_src; /* CT original tuple source port/ICMP type. */ +@@ -179,7 +178,7 @@ BUILD_ASSERT_DECL(offsetof(struct flow, igmp_group_ip4) + sizeof(uint32_t) + enum { + FLOW_SEGMENT_1_ENDS_AT = offsetof(struct flow, dl_dst), + FLOW_SEGMENT_2_ENDS_AT = offsetof(struct flow, nw_src), +- FLOW_SEGMENT_3_ENDS_AT = offsetof(struct flow, tp_src), ++ FLOW_SEGMENT_3_ENDS_AT = offsetof(struct flow, nd_target), + }; + BUILD_ASSERT_DECL(FLOW_SEGMENT_1_ENDS_AT % sizeof(uint64_t) == 0); + BUILD_ASSERT_DECL(FLOW_SEGMENT_2_ENDS_AT % sizeof(uint64_t) == 0); diff --git a/include/openvswitch/hmap.h b/include/openvswitch/hmap.h index 8aea9c22db..68c284cf14 100644 --- a/include/openvswitch/hmap.h @@ -88814,7 +88845,7 @@ index 114aff8ea3..0fc6d2ea60 100644 enum xc_type type; union { diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c -index 4407f9c97a..bc190e855b 100644 +index 4407f9c97a..3c4ad52c88 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -460,7 +460,7 @@ static void xlate_commit_actions(struct xlate_ctx *ctx); @@ -89137,7 +89168,7 @@ index 4407f9c97a..bc190e855b 100644 + if (ofc->zone_src.field) { + union mf_subvalue value; + memset(&value, 0xff, sizeof(value)); - ++ + zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow); + if (ctx->xin->frozen_state) { + /* If the upcall is a resume of a recirculation, we only need to @@ -89155,7 +89186,7 @@ index 4407f9c97a..bc190e855b 100644 + } else { + zone = ofc->zone_imm; + } -+ + + size_t ct_offset; + ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label; + uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark; @@ -89261,7 +89292,20 @@ index 4407f9c97a..bc190e855b 100644 /* Restore stack, if any. */ if (state->stack) { -@@ -7571,14 +7658,10 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout) +@@ -7557,6 +7644,12 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout) + goto exit; + } + ++ if (!xin->frozen_state ++ && xin->flow.ct_state ++ && xin->flow.ct_state & CS_TRACKED) { ++ ctx.conntracked = true; ++ } ++ + /* Tunnel metadata in udpif format must be normalized before translation. */ + if (flow->tunnel.flags & FLOW_TNL_F_UDPIF) { + const struct tun_table *tun_tab = ofproto_get_tun_tab( +@@ -7571,14 +7664,10 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout) ctx.error = XLATE_INVALID_TUNNEL_METADATA; goto exit; } @@ -92005,10 +92049,42 @@ index d48463e263..904f1381c7 100644 +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) +AT_CLEANUP diff --git a/tests/classifier.at b/tests/classifier.at -index 88818618be..cdcd72c156 100644 +index 88818618be..f652b59837 100644 --- a/tests/classifier.at +++ b/tests/classifier.at -@@ -304,3 +304,39 @@ ovs-ofctl: "conjunction" actions may be used along with "note" but not any other +@@ -129,6 +129,31 @@ Datapath actions: 3 + OVS_VSWITCHD_STOP(["/'prefixes' with incompatible field: ipv6_label/d"]) + AT_CLEANUP + ++AT_SETUP([flow classifier - ipv6 ND dependency]) ++OVS_VSWITCHD_START ++add_of_ports br0 1 2 ++AT_DATA([flows.txt], [dnl ++ table=0,priority=100,ipv6,ipv6_src=1000::/10 actions=resubmit(,1) ++ table=0,priority=0 actions=NORMAL ++ table=1,priority=110,ipv6,ipv6_dst=1000::3 actions=resubmit(,2) ++ table=1,priority=100,ipv6,ipv6_dst=1000::4 actions=resubmit(,2) ++ table=1,priority=0 actions=NORMAL ++ table=2,priority=120,icmp6,nw_ttl=255,icmp_type=135,icmp_code=0,nd_target=1000::1 actions=NORMAL ++ table=2,priority=100,tcp actions=NORMAL ++ table=2,priority=100,icmp6 actions=NORMAL ++ table=2,priority=0 actions=NORMAL ++]) ++AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) ++ ++# test ICMPv6 echo request (which should have no nd_target field) ++AT_CHECK([ovs-appctl ofproto/trace br0 "in_port=1,eth_src=f6:d2:b0:19:5e:7b,eth_dst=d2:49:19:91:78:fe,dl_type=0x86dd,ipv6_src=1000::3,ipv6_dst=1000::4,nw_proto=58,icmpv6_type=128,icmpv6_code=0"], [0], [stdout]) ++AT_CHECK([tail -2 stdout], [0], ++ [Megaflow: recirc_id=0,eth,icmp6,in_port=1,dl_src=f6:d2:b0:19:5e:7b,dl_dst=d2:49:19:91:78:fe,ipv6_src=1000::/10,ipv6_dst=1000::4,nw_ttl=0,nw_frag=no ++Datapath actions: 100,2 ++]) ++OVS_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_BANNER([conjunctive match]) + + AT_SETUP([single conjunctive match]) +@@ -304,3 +329,39 @@ ovs-ofctl: "conjunction" actions may be used along with "note" but not any other ]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -92884,6 +92960,24 @@ index ff1cc93707..48bb50f259 100644 OVS_VSWITCHD_STOP AT_CLEANUP +diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at +index b2b17eed33..b9d7717efd 100644 +--- a/tests/ofproto-macros.at ++++ b/tests/ofproto-macros.at +@@ -133,6 +133,13 @@ strip_duration () { + strip_ufid () { + sed 's/ufid:[[-0-9a-f]]* //' + } ++ ++# Strips packets: and bytes: from output ++strip_stats () { ++ sed 's/packets:[[0-9]]*/packets:0/ ++ s/bytes:[[0-9]]*/bytes:0/' ++} ++ + m4_divert_pop([PREPARE_TESTS]) + + m4_define([TESTABLE_LOG], [-vPATTERN:ANY:'%c|%p|%m']) diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at index c8062c8acc..9adfcbe2d0 100644 --- a/tests/ovs-ofctl.at @@ -95231,7 +95325,7 @@ index 0000000000..1714273e35 +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index 4a39c929c2..7ac1da8482 100644 +index 4a39c929c2..f4e37470b2 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -258,6 +258,52 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PI @@ -95683,7 +95777,7 @@ index 4a39c929c2..7ac1da8482 100644 echo Request $i NS_CHECK_EXEC([at_ns1], [wget 10.1.1.64 -t 5 -T 1 --retry-connrefused -v -o wget$i.log]) done -@@ -5873,6 +6238,50 @@ ovs-appctl dpif/dump-flows br0 +@@ -5873,6 +6238,96 @@ ovs-appctl dpif/dump-flows br0 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP @@ -95731,6 +95825,52 @@ index 4a39c929c2..7ac1da8482 100644 +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + ++AT_SETUP([conntrack - can match and clear ct_state from outside OVS]) ++CHECK_CONNTRACK_LOCAL_STACK() ++OVS_CHECK_GENEVE() ++ ++OVS_TRAFFIC_VSWITCHD_START() ++ADD_BR([br-underlay], [set bridge br-underlay other-config:hwaddr=\"f0:00:00:01:01:02\"]) ++ ++AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) ++AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) ++AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) ++ ++ADD_NAMESPACES(at_ns0) ++ ++dnl Set up underlay link from host into the namespace using veth pair. ++ADD_VETH(p0, at_ns0, br-underlay, "172.31.1.1/24", "f0:00:00:01:01:01") ++AT_CHECK([ip addr add dev br-underlay "172.31.1.100/24"]) ++AT_CHECK([ip link set dev br-underlay up]) ++ ++dnl Set up tunnel endpoints on OVS outside the namespace and with a native ++dnl linux device inside the namespace. ++ADD_OVS_TUNNEL([geneve], [br0], [at_gnv0], [172.31.1.1], [10.1.1.100/24]) ++ADD_NATIVE_TUNNEL([geneve], [ns_gnv0], [at_ns0], [172.31.1.100], [10.1.1.1/24], ++ [vni 0]) ++ ++dnl First, check the underlay ++NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 172.31.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) ++ ++dnl Okay, now check the overlay ++NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) ++ ++dnl Confirm that the ct_state and ct_clear action found its way to the dp ++AT_CHECK([ovs-appctl dpctl/dump-flows --names | grep ct_clear | sort | dnl ++ grep 'eth(src=f0:00:00:01:01:02,dst=f0:00:00:01:01:01)' | dnl ++ strip_stats | strip_used | dnl ++ sed 's/,packet_type(ns=[[0-9]]*,id=[[0-9]]*),/,/'], ++ [0], [dnl ++recirc_id(0),in_port(br-underlay),ct_state(+trk),eth(src=f0:00:00:01:01:02,dst=f0:00:00:01:01:01),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:0.0s, actions:ct_clear,ovs-p0 ++]) ++ ++OVS_TRAFFIC_VSWITCHD_STOP ++AT_CLEANUP ++ AT_BANNER([802.1ad]) AT_SETUP([802.1ad - vlan_limit]) diff --git a/SPECS/openvswitch2.13.spec b/SPECS/openvswitch2.13.spec index 6bf1195..5c138eb 100644 --- a/SPECS/openvswitch2.13.spec +++ b/SPECS/openvswitch2.13.spec @@ -59,7 +59,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.13.0 -Release: 185%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} +Release: 186%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -715,6 +715,13 @@ exit 0 %endif %changelog +* Tue Jun 07 2022 Open vSwitch CI - 2.13.0-186 +- Merging upstream branch-2.13 [RH git: efde333169] + Commit list: + 24ad9da3e9 ofproto-dpif-xlate: Fix internal CT state for non-recirc traffic. + 61a1f14b26 classifier: Adjust segment boundary to execute prerequisite processing. (#2081773) + + * Tue May 31 2022 Open vSwitch CI - 2.13.0-185 - Merging upstream branch-2.13 [RH git: 5c18fae8e5] Commit list: