diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch index c479d55..b98bfff 100644 --- a/SOURCES/openvswitch-3.3.0.patch +++ b/SOURCES/openvswitch-3.3.0.patch @@ -63,7 +63,7 @@ index d8a9722809..d73154a971 100644 memory: 4G diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml -index fc75581486..abda9549bf 100644 +index fc75581486..6c37a1d244 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -2,17 +2,23 @@ name: Build and Test @@ -113,17 +113,77 @@ index fc75581486..abda9549bf 100644 - name: update APT cache if: steps.dpdk_cache.outputs.cache-hit != 'true' -@@ -76,8 +83,7 @@ jobs: +@@ -71,13 +78,66 @@ jobs: + if: steps.dpdk_cache.outputs.cache-hit != 'true' + run: ./.ci/dpdk-build.sh + ++ build-libreswan: ++ strategy: ++ matrix: ++ runner: [ubuntu-24.04] ++ env: ++ dependencies: build-essential fakeroot devscripts equivs ++ libreswan_ver: v5.1 ++ name: libreswan ++ outputs: ++ libreswan_key: ${{ steps.gen_libreswan_key.outputs.key }} ++ runs-on: ${{ matrix.runner }} ++ timeout-minutes: 30 ++ ++ steps: ++ - name: Checkout Libreswan ++ uses: actions/checkout@v4 ++ with: ++ repository: libreswan/libreswan ++ path: libreswan ++ ref: ${{ env.libreswan_ver }} ++ ++ - name: generate cache key ++ id: gen_libreswan_key ++ run: echo 'key=libreswan-${{ env.libreswan_ver }}-${{ matrix.runner }}' ++ >> $GITHUB_OUTPUT ++ ++ - name: cache ++ id: libreswan_cache ++ uses: actions/cache@v4 ++ with: ++ path: libreswan-deb ++ key: ${{ steps.gen_libreswan_key.outputs.key }} ++ ++ - name: update APT cache ++ if: steps.libreswan_cache.outputs.cache-hit != 'true' ++ run: sudo apt update || true ++ ++ - name: install common dependencies ++ if: steps.libreswan_cache.outputs.cache-hit != 'true' ++ run: sudo apt install -y ${{ env.dependencies }} ++ ++ - name: install build dependencies ++ if: steps.libreswan_cache.outputs.cache-hit != 'true' ++ run: mk-build-deps --install --root-cmd sudo ++ libreswan/packaging/debian/control ++ ++ - name: build ++ if: steps.libreswan_cache.outputs.cache-hit != 'true' ++ run: cd libreswan && make deb ++ ++ - name: move the package to cache ++ if: steps.libreswan_cache.outputs.cache-hit != 'true' ++ run: mkdir -p libreswan-deb && mv libreswan_*.deb ./libreswan-deb ++ + build-linux: +- needs: build-dpdk ++ needs: [build-dpdk, build-libreswan] env: dependencies: | automake libtool gcc bc libjemalloc2 libjemalloc-dev libssl-dev \ - llvm-dev libnuma-dev libpcap-dev selinux-policy-dev libbpf-dev \ - lftp libreswan -+ llvm-dev libnuma-dev selinux-policy-dev libxdp-dev lftp libreswan ++ llvm-dev libnuma-dev selinux-policy-dev libxdp-dev lftp CC: ${{ matrix.compiler }} DPDK: ${{ matrix.dpdk }} DPDK_SHARED: ${{ matrix.dpdk_shared }} -@@ -90,7 +96,7 @@ jobs: +@@ -90,7 +150,7 @@ jobs: TEST_RANGE: ${{ matrix.test_range }} name: linux ${{ join(matrix.*, ' ') }} @@ -132,16 +192,37 @@ index fc75581486..abda9549bf 100644 timeout-minutes: 30 strategy: -@@ -217,7 +223,7 @@ jobs: +@@ -217,19 +277,27 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: - python-version: '3.9' + python-version: ${{ env.python_default }} - - name: cache +- - name: cache ++ - name: DPDK cache if: matrix.dpdk != '' || matrix.dpdk_shared != '' -@@ -268,13 +274,13 @@ jobs: + uses: actions/cache@v4 + with: + path: dpdk-dir + key: ${{ needs.build-dpdk.outputs.dpdk_key }} + ++ - name: Libreswan cache ++ uses: actions/cache@v4 ++ with: ++ path: libreswan-deb ++ key: ${{ needs.build-libreswan.outputs.libreswan_key }} ++ + - name: update APT cache + run: sudo apt update || true + - name: install common dependencies + run: sudo apt install -y ${{ env.dependencies }} ++ - name: install Libreswan ++ run: sudo apt install -y ./libreswan-deb/libreswan_*.deb + - name: install libunbound libunwind python3-unbound + # GitHub Actions doesn't have 32-bit versions of these libraries. + if: matrix.m32 == '' +@@ -268,13 +336,13 @@ jobs: needs: build-dpdk env: dependencies: | @@ -158,7 +239,7 @@ index fc75581486..abda9549bf 100644 timeout-minutes: 30 steps: -@@ -346,7 +352,7 @@ jobs: +@@ -346,7 +414,7 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: @@ -167,7 +248,7 @@ index fc75581486..abda9549bf 100644 - name: get cached dpdk-dir uses: actions/cache/restore@v4 -@@ -399,7 +405,7 @@ jobs: +@@ -399,7 +467,7 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: @@ -176,7 +257,7 @@ index fc75581486..abda9549bf 100644 - name: install dependencies run: brew install automake libtool - name: prepare -@@ -421,7 +427,7 @@ jobs: +@@ -421,7 +489,7 @@ jobs: DPDK: ${{ matrix.dpdk }} name: linux deb ${{ matrix.dpdk }} dpdk @@ -6967,10 +7048,21 @@ index 114aaebc77..c0ecad6cfb 100644 +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index 98e494abf4..b6de1ed611 100644 +index 98e494abf4..518815da61 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at -@@ -2359,11 +2359,22 @@ table=20 actions=drop +@@ -253,6 +253,10 @@ priority=0,actions=NORMAL + AT_CHECK([ovs-ofctl del-flows br0]) + AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + ++dnl We need to wait until the new flows are actually in the datapath to avoid ++dnl intermittent loss of first ping packet. ++AT_CHECK([ovs-appctl revalidator/wait]) ++ + NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::3 | FORMAT_PING], [0], [dnl + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) +@@ -2359,11 +2363,22 @@ table=20 actions=drop AT_CHECK([ovs-ofctl del-flows br0]) AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -6995,7 +7087,7 @@ index 98e494abf4..b6de1ed611 100644 AT_CHECK([ovs-appctl dpctl/dump-flows | strip_stats | strip_used | dnl strip_key32 | strip_ptype | strip_eth | strip_recirc | dnl -@@ -2375,10 +2386,14 @@ recirc_id(),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(ty +@@ -2375,10 +2390,14 @@ recirc_id(),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(ty OVS_WAIT_UNTIL([ovs-appctl dpctl/dump-flows | grep ",nd" | wc -l | grep -E ^0]) dnl Send a matching neighbor discovery. @@ -7012,7 +7104,7 @@ index 98e494abf4..b6de1ed611 100644 AT_CHECK([ovs-appctl dpctl/dump-flows | strip_stats | strip_used | dnl strip_key32 | strip_ptype | strip_eth | strip_recirc | dnl -@@ -2407,20 +2422,29 @@ dnl The flow will encap a mpls header to the ip packet +@@ -2407,20 +2426,29 @@ dnl The flow will encap a mpls header to the ip packet dnl eth/ip/icmp --> OVS --> eth/mpls/eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x0800 actions=encap(mpls),set_mpls_label:2,encap(ethernet),set_field:00:00:00:00:00:02->dl_dst,set_field:00:00:00:00:00:01->dl_src,ovs-p1"]) @@ -7036,24 +7128,24 @@ index 98e494abf4..b6de1ed611 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) ++ ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8847 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -+ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -2439,20 +2463,29 @@ dnl The flow will encap a mpls header to the ip packet +@@ -2439,20 +2467,29 @@ dnl The flow will encap a mpls header to the ip packet dnl eth/ip/icmp --> OVS --> eth/mpls/eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x0800 actions=encap(mpls),set_mpls_label:2,encap(ethernet),set_field:00:00:00:00:00:02->dl_dst,set_field:00:00:00:00:00:01->dl_src,ovs-p1"]) @@ -7094,7 +7186,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -2472,20 +2505,29 @@ dnl The flow will encap a mpls header to the ip packet +@@ -2472,20 +2509,29 @@ dnl The flow will encap a mpls header to the ip packet dnl eth/ip/icmp --> OVS --> eth/mpls/eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x0800 actions=encap(mpls_mc),set_mpls_label:2,encap(ethernet),set_field:00:00:00:00:00:02->dl_dst,set_field:00:00:00:00:00:01->dl_src,ovs-p1"]) @@ -7118,24 +7210,24 @@ index 98e494abf4..b6de1ed611 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) -+ -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8848 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -2504,20 +2546,29 @@ dnl The flow will encap a mpls header to the ip packet +@@ -2504,20 +2550,29 @@ dnl The flow will encap a mpls header to the ip packet dnl eth/ip/icmp --> OVS --> eth/mpls/eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x0800 actions=encap(mpls_mc),set_mpls_label:2,encap(ethernet),set_field:00:00:00:00:00:02->dl_dst,set_field:00:00:00:00:00:01->dl_src,ovs-p1"]) @@ -7159,24 +7251,24 @@ index 98e494abf4..b6de1ed611 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) -+ -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8848 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -2538,24 +2589,30 @@ dnl eth/mpls/eth/ip/icmp --> OVS --> eth/ip/icmp +@@ -2538,24 +2593,30 @@ dnl eth/mpls/eth/ip/icmp --> OVS --> eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x8847,mpls_label=2 actions=decap(),decap(packet_type(ns=0,type=0)),ovs-p1"]) @@ -7194,6 +7286,12 @@ index 98e494abf4..b6de1ed611 100644 +m4_define([MPLS_HEADER], [m4_join([,], + [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], + [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ ++m4_define([ICMP_PKT], [m4_join([,], ++ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], ++ [nw_src=10.1.1.1,nw_dst=10.1.1.2], ++ [nw_proto=1,nw_ttl=64,nw_frag=no], ++ [icmp_type=8,icmp_code=0])]) -dnl Check the expected decapsulated on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) @@ -7203,26 +7301,20 @@ index 98e494abf4..b6de1ed611 100644 -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0060: *3637" 2>&1 1>/dev/null]) -+m4_define([ICMP_PKT], [m4_join([,], -+ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], -+ [nw_src=10.1.1.1,nw_dst=10.1.1.2], -+ [nw_proto=1,nw_ttl=64,nw_frag=no], -+ [icmp_type=8,icmp_code=0])]) - +dnl The packet is an eth/mpls/eth/ip/icmp sent from p0(at_ns0) interface +dnl directed to p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + "$(ovs-ofctl compose-packet --bare 'MPLS_HEADER')" \ + "$(ovs-ofctl compose-packet --bare 'ICMP_PKT')"], + [0], [ignore]) -+ + +dnl Check the expected decapsulated on the egress interface. +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q \ + "^$(ovs-ofctl compose-packet --bare 'ICMP_PKT')\$"]) OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -2575,24 +2632,30 @@ dnl eth/mpls/eth/ip/icmp --> OVS --> eth/ip/icmp +@@ -2575,24 +2636,30 @@ dnl eth/mpls/eth/ip/icmp --> OVS --> eth/ip/icmp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x8847,mpls_label=2 actions=decap(),decap(packet_type(ns=0,type=0)),ovs-p1"]) @@ -7268,7 +7360,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3103,7 +3166,10 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +@@ -3103,7 +3170,10 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ]) @@ -7280,7 +7372,7 @@ index 98e494abf4..b6de1ed611 100644 dnl Pings from ns1->ns0 should fail. NS_CHECK_EXEC([at_ns1], [ping -q -c 3 -i 0.3 -w 2 10.1.1.1 | FORMAT_PING], [0], [dnl -@@ -3244,6 +3310,11 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl +@@ -3244,6 +3314,11 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0) ]) @@ -7292,7 +7384,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -6397,11 +6468,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) +@@ -6397,11 +6472,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address 80:88:88:88:88:88]) ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") @@ -7306,7 +7398,7 @@ index 98e494abf4..b6de1ed611 100644 in_port=2,ct_state=-trk,tcp,tp_dst=34568,action=ct(table=0,zone=1,nat) in_port=2,ct_state=+trk,ct_zone=1,tcp,action=1 dnl -@@ -6425,17 +6496,28 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6425,17 +6500,28 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -7339,7 +7431,7 @@ index 98e494abf4..b6de1ed611 100644 AT_CLEANUP AT_SETUP([conntrack - more complex SNAT]) -@@ -6850,6 +6932,12 @@ dnl Checks the implementation of conntrack with FTP ALGs in combination with +@@ -6850,6 +6936,12 @@ dnl Checks the implementation of conntrack with FTP ALGs in combination with dnl NAT, using the provided flow table. m4_define([CHECK_FTP_NAT], [AT_SETUP([conntrack - FTP $1]) @@ -7352,7 +7444,7 @@ index 98e494abf4..b6de1ed611 100644 AT_SKIP_IF([test $HAVE_FTP = no]) AT_SKIP_IF([test $HAVE_LFTP = no]) CHECK_CONNTRACK() -@@ -8215,10 +8303,18 @@ table=2,priority=10 ct_state=+trk+est action=drop +@@ -8215,10 +8307,18 @@ table=2,priority=10 ct_state=+trk+est action=drop AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -7374,7 +7466,7 @@ index 98e494abf4..b6de1ed611 100644 sleep 1 -@@ -8389,6 +8485,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl +@@ -8389,6 +8489,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP @@ -7428,7 +7520,7 @@ index 98e494abf4..b6de1ed611 100644 AT_BANNER([IGMP]) AT_SETUP([IGMP - flood under normal action]) -@@ -8724,21 +8867,29 @@ dnl The flow will encap a nsh header to the TCP syn packet +@@ -8724,21 +8871,29 @@ dnl The flow will encap a nsh header to the TCP syn packet dnl eth/ip/tcp --> OVS --> eth/nsh/eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,ip,actions=encap(nsh(md_type=1)),set_field:0x1234->nsh_spi,set_field:0x11223344->nsh_c1,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -7471,7 +7563,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8756,19 +8907,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet +@@ -8756,19 +8911,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet dnl eth/nsh/eth/ip/tcp --> OVS --> eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f, actions=decap(),decap(), ovs-p1"]) @@ -7513,7 +7605,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8788,22 +8951,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, +@@ -8788,22 +8955,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, dnl nsh_ttl=7 and change the md1 context AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x03,actions=decap(),decap(),encap(nsh(md_type=1)),set_field:0x07->nsh_ttl,set_field:0x0101->nsh_spi,set_field:0x04->nsh_si,set_field:0x100f0e0d->nsh_c1,set_field:0x0c0b0a09->nsh_c2,set_field:0x08070605->nsh_c3,set_field:0x04030201->nsh_c4,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -7566,7 +7658,7 @@ index 98e494abf4..b6de1ed611 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8824,31 +9003,50 @@ dnl packet to to at_ns2. +@@ -8824,31 +9007,50 @@ dnl packet to to at_ns2. AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x02,actions=ovs-p1"]) AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x01,actions=ovs-p2"]) diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec index 76398a6..3ce0b22 100644 --- a/SPECS/openvswitch3.3.spec +++ b/SPECS/openvswitch3.3.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 3.3.0 -Release: 59%{?dist} +Release: 60%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -769,6 +769,13 @@ exit 0 %endif %changelog +* Fri Nov 15 2024 Open vSwitch CI - 3.3.0-60 +- Merging upstream branch-3.3 [RH git: 4aef47f349] + Commit list: + 989b85be8f tests: Fix transient failure in ping6 header modify. () + 2139157fa7 github: Build Libreswan v5.1 from sources. + + * Mon Nov 11 2024 Open vSwitch CI - 3.3.0-59 - Merging upstream branch-3.3 [RH git: 4bd7df7dc6] Commit list: