diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch index 781d4d8..ba72404 100644 --- a/SOURCES/openvswitch-3.3.0.patch +++ b/SOURCES/openvswitch-3.3.0.patch @@ -1,3 +1,16 @@ +diff --git a/.ci/dpdk-build.sh b/.ci/dpdk-build.sh +index 23f3166a54..698b9e1b14 100755 +--- a/.ci/dpdk-build.sh ++++ b/.ci/dpdk-build.sh +@@ -40,7 +40,7 @@ function build_dpdk() + # any DPDK driver. + # check-dpdk unit tests requires testpmd and some net/ driver. + DPDK_OPTS="$DPDK_OPTS -Denable_apps=test-pmd" +- enable_drivers="net/null,net/af_xdp,net/tap,net/virtio,net/pcap" ++ enable_drivers="net/null,net/af_xdp,net/tap,net/virtio" + DPDK_OPTS="$DPDK_OPTS -Denable_drivers=$enable_drivers" + # OVS depends on the vhost library (and its dependencies). + # net/tap depends on the gso library. diff --git a/.ci/dpdk-prepare.sh b/.ci/dpdk-prepare.sh index f7e6215dda..4424f9eb97 100755 --- a/.ci/dpdk-prepare.sh @@ -50,7 +63,7 @@ index d8a9722809..d73154a971 100644 memory: 4G diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml -index fc75581486..26f1861e70 100644 +index fc75581486..fba2d16031 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -2,13 +2,16 @@ name: Build and Test @@ -63,7 +76,8 @@ index fc75581486..26f1861e70 100644 jobs: build-dpdk: env: - dependencies: gcc libbpf-dev libnuma-dev libpcap-dev ninja-build pkgconf +- dependencies: gcc libbpf-dev libnuma-dev libpcap-dev ninja-build pkgconf ++ dependencies: gcc libbpf-dev libnuma-dev ninja-build pkgconf CC: gcc - DPDK_GIT: https://dpdk.org/git/dpdk - DPDK_VER: 23.11 @@ -81,7 +95,17 @@ index fc75581486..26f1861e70 100644 - name: update APT cache if: steps.dpdk_cache.outputs.cache-hit != 'true' -@@ -217,7 +220,7 @@ jobs: +@@ -76,8 +79,7 @@ jobs: + env: + dependencies: | + automake libtool gcc bc libjemalloc2 libjemalloc-dev libssl-dev \ +- llvm-dev libnuma-dev libpcap-dev selinux-policy-dev libbpf-dev \ +- lftp libreswan ++ llvm-dev libnuma-dev selinux-policy-dev libbpf-dev lftp libreswan + CC: ${{ matrix.compiler }} + DPDK: ${{ matrix.dpdk }} + DPDK_SHARED: ${{ matrix.dpdk_shared }} +@@ -217,7 +219,7 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: @@ -90,22 +114,18 @@ index fc75581486..26f1861e70 100644 - name: cache if: matrix.dpdk != '' || matrix.dpdk_shared != '' -@@ -238,6 +241,14 @@ jobs: - if: matrix.m32 != '' - run: sudo apt install -y gcc-multilib - -+ - name: Reduce ASLR entropy -+ if: matrix.sanitizers != '' -+ # Asan in llvm 14 provided in ubuntu-22.04 is incompatible with -+ # high-entropy ASLR configured in much newer kernels that GitHub -+ # runners are using leading to random crashes: -+ # https://github.com/actions/runner-images/issues/9491 -+ run: sudo sysctl -w vm.mmap_rnd_bits=28 -+ - - name: prepare - run: ./.ci/linux-prepare.sh - -@@ -346,7 +357,7 @@ jobs: +@@ -268,8 +270,8 @@ jobs: + needs: build-dpdk + env: + dependencies: | +- automake bc clang-tools libbpf-dev libnuma-dev libpcap-dev \ +- libunbound-dev libunwind-dev libssl-dev libtool llvm-dev ++ automake bc clang-tools libbpf-dev libnuma-dev libunbound-dev \ ++ libunwind-dev libssl-dev libtool llvm-dev + CC: clang + DPDK: dpdk + CLANG_ANALYZE: true +@@ -346,7 +348,7 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: @@ -114,7 +134,7 @@ index fc75581486..26f1861e70 100644 - name: get cached dpdk-dir uses: actions/cache/restore@v4 -@@ -399,7 +410,7 @@ jobs: +@@ -399,7 +401,7 @@ jobs: - name: set up python uses: actions/setup-python@v5 with: @@ -628,6 +648,18 @@ index 878c5c6a70..ecb91801cc 100644 #if __has_feature(c_thread_safety_attributes) /* "clang" annotations for thread safety check. * +diff --git a/include/openvswitch/meta-flow.h b/include/openvswitch/meta-flow.h +index 3b0220aaa2..fb7d17ebe7 100644 +--- a/include/openvswitch/meta-flow.h ++++ b/include/openvswitch/meta-flow.h +@@ -2305,6 +2305,7 @@ void mf_set_flow_value_masked(const struct mf_field *, + const union mf_value *mask, + struct flow *); + bool mf_is_tun_metadata(const struct mf_field *); ++bool mf_is_any_metadata(const struct mf_field *); + bool mf_is_frozen_metadata(const struct mf_field *); + bool mf_is_pipeline_field(const struct mf_field *); + bool mf_is_set(const struct mf_field *, const struct flow *); diff --git a/include/openvswitch/version.h.in b/include/openvswitch/version.h.in index 23d8fde4f1..231f61e30c 100644 --- a/include/openvswitch/version.h.in @@ -1501,6 +1533,136 @@ index dc5164b41c..bf25e6f20a 100644 mcast_snooping_flush_group(ms, grp); } +diff --git a/lib/meta-flow.c b/lib/meta-flow.c +index aa7cf1fcbb..b03fe7abf1 100644 +--- a/lib/meta-flow.c ++++ b/lib/meta-flow.c +@@ -1788,6 +1788,115 @@ mf_is_tun_metadata(const struct mf_field *mf) + mf->id < MFF_TUN_METADATA0 + TUN_METADATA_NUM_OPTS; + } + ++bool ++mf_is_any_metadata(const struct mf_field *mf) ++{ ++ switch (mf->id) { ++ case MFF_DP_HASH: ++ case MFF_RECIRC_ID: ++ case MFF_PACKET_TYPE: ++ case MFF_CONJ_ID: ++ case MFF_TUN_ERSPAN_DIR: ++ CASE_MFF_TUN_METADATA: ++ case MFF_METADATA: ++ case MFF_IN_PORT: ++ case MFF_IN_PORT_OXM: ++ case MFF_ACTSET_OUTPUT: ++ case MFF_SKB_PRIORITY: ++ case MFF_PKT_MARK: ++ case MFF_CT_STATE: ++ case MFF_CT_ZONE: ++ case MFF_CT_MARK: ++ case MFF_CT_LABEL: ++ case MFF_CT_NW_PROTO: ++ case MFF_CT_NW_SRC: ++ case MFF_CT_NW_DST: ++ case MFF_CT_IPV6_SRC: ++ case MFF_CT_IPV6_DST: ++ case MFF_CT_TP_SRC: ++ case MFF_CT_TP_DST: ++ CASE_MFF_REGS: ++ CASE_MFF_XREGS: ++ CASE_MFF_XXREGS: ++ return true; ++ ++ case MFF_TUN_ID: ++ case MFF_TUN_SRC: ++ case MFF_TUN_DST: ++ case MFF_TUN_IPV6_SRC: ++ case MFF_TUN_IPV6_DST: ++ case MFF_TUN_FLAGS: ++ case MFF_TUN_TTL: ++ case MFF_TUN_TOS: ++ case MFF_TUN_GBP_ID: ++ case MFF_TUN_GBP_FLAGS: ++ case MFF_TUN_ERSPAN_IDX: ++ case MFF_TUN_ERSPAN_VER: ++ case MFF_TUN_ERSPAN_HWID: ++ case MFF_TUN_GTPU_FLAGS: ++ case MFF_TUN_GTPU_MSGTYPE: ++ case MFF_ETH_SRC: ++ case MFF_ETH_DST: ++ case MFF_ETH_TYPE: ++ case MFF_VLAN_TCI: ++ case MFF_DL_VLAN: ++ case MFF_VLAN_VID: ++ case MFF_DL_VLAN_PCP: ++ case MFF_VLAN_PCP: ++ case MFF_MPLS_LABEL: ++ case MFF_MPLS_TC: ++ case MFF_MPLS_BOS: ++ case MFF_MPLS_TTL: ++ case MFF_IPV4_SRC: ++ case MFF_IPV4_DST: ++ case MFF_IPV6_SRC: ++ case MFF_IPV6_DST: ++ case MFF_IPV6_LABEL: ++ case MFF_IP_PROTO: ++ case MFF_IP_DSCP: ++ case MFF_IP_DSCP_SHIFTED: ++ case MFF_IP_ECN: ++ case MFF_IP_TTL: ++ case MFF_IP_FRAG: ++ case MFF_ARP_OP: ++ case MFF_ARP_SPA: ++ case MFF_ARP_TPA: ++ case MFF_ARP_SHA: ++ case MFF_ARP_THA: ++ case MFF_TCP_SRC: ++ case MFF_TCP_DST: ++ case MFF_TCP_FLAGS: ++ case MFF_UDP_SRC: ++ case MFF_UDP_DST: ++ case MFF_SCTP_SRC: ++ case MFF_SCTP_DST: ++ case MFF_ICMPV4_TYPE: ++ case MFF_ICMPV4_CODE: ++ case MFF_ICMPV6_TYPE: ++ case MFF_ICMPV6_CODE: ++ case MFF_ND_TARGET: ++ case MFF_ND_SLL: ++ case MFF_ND_TLL: ++ case MFF_ND_RESERVED: ++ case MFF_ND_OPTIONS_TYPE: ++ case MFF_NSH_FLAGS: ++ case MFF_NSH_MDTYPE: ++ case MFF_NSH_NP: ++ case MFF_NSH_SPI: ++ case MFF_NSH_SI: ++ case MFF_NSH_C1: ++ case MFF_NSH_C2: ++ case MFF_NSH_C3: ++ case MFF_NSH_C4: ++ case MFF_NSH_TTL: ++ return false; ++ ++ case MFF_N_IDS: ++ default: ++ OVS_NOT_REACHED(); ++ } ++} ++ + bool + mf_is_frozen_metadata(const struct mf_field *mf) + { +@@ -2543,7 +2652,8 @@ mf_set(const struct mf_field *mf, + break; + + case MFF_IP_FRAG: +- match_set_nw_frag_masked(match, value->u8, mask->u8); ++ match_set_nw_frag_masked(match, value->u8, ++ mask->u8 & FLOW_NW_FRAG_MASK); + break; + + case MFF_ARP_SPA: diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 45f61930d4..fd54f34692 100644 --- a/lib/netdev-dpdk.c @@ -2903,10 +3065,10 @@ index 281d4dc65e..faa5babde2 100644 else SSL_LIBS="-lssl -lcrypto" diff --git a/ofproto/bond.c b/ofproto/bond.c -index cfdf44f854..0858de3746 100644 +index cfdf44f854..45a36fabb9 100644 --- a/ofproto/bond.c +++ b/ofproto/bond.c -@@ -186,7 +186,7 @@ static struct bond_member *choose_output_member(const struct bond *, +@@ -186,13 +186,14 @@ static struct bond_member *choose_output_member(const struct bond *, struct flow_wildcards *, uint16_t vlan) OVS_REQ_RDLOCK(rwlock); @@ -2915,7 +3077,14 @@ index cfdf44f854..0858de3746 100644 static bool bond_may_recirc(const struct bond *); static void bond_update_post_recirc_rules__(struct bond *, bool force) OVS_REQ_WRLOCK(rwlock); -@@ -246,7 +246,7 @@ bond_create(const struct bond_settings *s, struct ofproto_dpif *ofproto) + static bool bond_is_falling_back_to_ab(const struct bond *); + static void bond_add_lb_output_buckets(const struct bond *); + static void bond_del_lb_output_buckets(const struct bond *); ++static bool bond_is_balanced(const struct bond *bond) OVS_REQ_RDLOCK(rwlock); + + + /* Attempts to parse 's' as the name of a bond balancing mode. If successful, +@@ -246,7 +247,7 @@ bond_create(const struct bond_settings *s, struct ofproto_dpif *ofproto) ovs_refcount_init(&bond->ref_cnt); hmap_init(&bond->pr_rule_ops); @@ -2924,7 +3093,7 @@ index cfdf44f854..0858de3746 100644 bond->active_member_changed = false; bond->primary = NULL; -@@ -299,7 +299,10 @@ bond_unref(struct bond *bond) +@@ -299,7 +300,10 @@ bond_unref(struct bond *bond) } free(bond->hash); bond->hash = NULL; @@ -2936,7 +3105,7 @@ index cfdf44f854..0858de3746 100644 hmap_destroy(&bond->pr_rule_ops); free(bond->primary); -@@ -331,17 +334,8 @@ add_pr_rule(struct bond *bond, const struct match *match, +@@ -331,17 +335,8 @@ add_pr_rule(struct bond *bond, const struct match *match, hmap_insert(&bond->pr_rule_ops, &pr_op->hmap_node, hash); } @@ -2955,7 +3124,7 @@ index cfdf44f854..0858de3746 100644 { struct match match; struct bond_pr_rule_op *pr_op; -@@ -407,6 +401,15 @@ update_recirc_rules__(struct bond *bond) +@@ -407,6 +402,15 @@ update_recirc_rules__(struct bond *bond) VLOG_ERR("failed to remove post recirculation flow %s", err_s); free(err_s); @@ -2971,7 +3140,7 @@ index cfdf44f854..0858de3746 100644 } hmap_remove(&bond->pr_rule_ops, &pr_op->hmap_node); -@@ -421,12 +424,6 @@ update_recirc_rules__(struct bond *bond) +@@ -421,12 +425,6 @@ update_recirc_rules__(struct bond *bond) ofpbuf_uninit(&ofpacts); } @@ -2984,6 +3153,41 @@ index cfdf44f854..0858de3746 100644 /* Updates 'bond''s overall configuration to 's'. * +@@ -552,6 +550,7 @@ bond_find_member_by_mac(const struct bond *bond, const struct eth_addr mac) + + static void + bond_active_member_changed(struct bond *bond) ++ OVS_REQ_WRLOCK(rwlock) + { + if (bond->active_member) { + struct eth_addr mac; +@@ -561,6 +560,9 @@ bond_active_member_changed(struct bond *bond) + bond->active_member_mac = eth_addr_zero; + } + bond->active_member_changed = true; ++ if (!bond_is_balanced(bond)) { ++ bond->bond_revalidate = true; ++ } + seq_change(connectivity_seq_get()); + } + +@@ -1124,7 +1126,7 @@ bond_get_recirc_id_and_hash_basis(struct bond *bond, uint32_t *recirc_id, + /* Rebalancing. */ + + static bool +-bond_is_balanced(const struct bond *bond) OVS_REQ_RDLOCK(rwlock) ++bond_is_balanced(const struct bond *bond) + { + return bond->rebalance_interval + && (bond->balance == BM_SLB || bond->balance == BM_TCP) +@@ -1728,7 +1730,6 @@ bond_unixctl_set_active_member(struct unixctl_conn *conn, + } + + if (bond->active_member != member) { +- bond->bond_revalidate = true; + bond->active_member = member; + VLOG_INFO("bond %s: active member is now %s", + bond->name, member->name); diff --git a/ofproto/ofproto-dpif-mirror.c b/ofproto/ofproto-dpif-mirror.c index 343b75f0ed..45024580aa 100644 --- a/ofproto/ofproto-dpif-mirror.c @@ -3150,7 +3354,7 @@ index b5cbeed878..f122b47f1c 100644 /* Clears 'recircs' if filled by revalidate_ukey(). */ reval_op_init(&ops[n_ops++], result, udpif, ukey, &recircs, diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c -index 1cf4d5f7c9..fec01aea1f 100644 +index 1cf4d5f7c9..1b5ada8305 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -677,6 +677,7 @@ static size_t count_skb_priorities(const struct xport *); @@ -3296,6 +3500,15 @@ index 1cf4d5f7c9..fec01aea1f 100644 ctx->pause->controller_id); } else { if (ctx->recirc_update_dp_hash) { +@@ -7139,7 +7149,7 @@ reset_mirror_ctx(struct xlate_ctx *ctx, const struct flow *flow, + + set_field = ofpact_get_SET_FIELD(a); + mf = set_field->field; +- if (mf_are_prereqs_ok(mf, flow, NULL) && !mf_is_tun_metadata(mf)) { ++ if (mf_are_prereqs_ok(mf, flow, NULL) && !mf_is_any_metadata(mf)) { + ctx->mirrors = 0; + } + return; diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index f59d69c4d1..f6a80f1aec 100644 --- a/ofproto/ofproto-dpif.c @@ -4751,10 +4964,60 @@ index 55296e5593..0040a50b36 100644 AT_CHECK([ diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at -index e305e7b9cd..d9c3334baa 100644 +index e305e7b9cd..033f548084 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at -@@ -547,6 +547,23 @@ ovs-appctl time/warp 1000 100 +@@ -351,6 +351,49 @@ recirc_id(0),in_port(4),packet_type(ns=0,id=0),eth(src=50:54:00:00:00:0b,dst=ff: + OVS_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([ofproto-dpif - active-backup bonding set primary]) ++ ++OVS_VSWITCHD_START( ++ [add-bond br0 bond0 p1 p2 bond_mode=active-backup \ ++ other_config:bond-primary=p1 -- \ ++ set bridge br0 other-config:hwaddr=aa:66:aa:66:aa:00 -- \ ++ set interface p1 type=dummy options:pstream=punix:$OVS_RUNDIR/p1.sock ofport_request=1 -- \ ++ set interface p2 type=dummy options:pstream=punix:$OVS_RUNDIR/p2.sock ofport_request=2 -- \ ++ add-port br0 p7 -- set interface p7 ofport_request=7 type=dummy -- \ ++ add-br br1 -- \ ++ set bridge br1 other-config:hwaddr=aa:66:aa:66:00:00 -- \ ++ set bridge br1 datapath-type=dummy -- \ ++ add-bond br1 bond1 p3 p4 bond_mode=active-backup \ ++ other_config:bond-primary=p3 -- \ ++ set interface p3 type=dummy options:stream=unix:$OVS_RUNDIR/p1.sock ofport_request=3 -- \ ++ set interface p4 type=dummy options:stream=unix:$OVS_RUNDIR/p2.sock ofport_request=4 -- \ ++ add-port br1 p8 -- set interface p8 ofport_request=8 type=dummy]) ++ ++WAIT_FOR_DUMMY_PORTS([p3], [p4]) ++ ++AT_CHECK([ovs-ofctl add-flow br0 action=normal]) ++AT_CHECK([ovs-ofctl add-flow br1 action=normal]) ++ ++dnl Create datapath flow with bidirectional traffic. ++AT_CHECK([ovs-appctl netdev-dummy/receive p8 'in_port(8),eth(src=50:54:00:00:00:0a,dst=50:54:00:00:00:09),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.2,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)']) ++AT_CHECK([ovs-appctl netdev-dummy/receive p7 'in_port(7),eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x0800),ipv4(src=10.0.0.2,dst=10.0.0.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)']) ++AT_CHECK([ovs-appctl netdev-dummy/receive p8 'in_port(8),eth(src=50:54:00:00:00:0a,dst=50:54:00:00:00:09),eth_type(0x0800),ipv4(src=10.0.0.1,dst=10.0.0.2,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)']) ++AT_CHECK([ovs-appctl netdev-dummy/receive p7 'in_port(7),eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x0800),ipv4(src=10.0.0.2,dst=10.0.0.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)']) ++ ++dnl Set p2 and p4 as primary. ++AT_CHECK([ovs-vsctl set port bond0 other_config:bond-primary=p2 -- \ ++ set port bond1 other_config:bond-primary=p4]) ++ ++OVS_WAIT_UNTIL([ovs-appctl bond/show | grep -q 'active-backup primary: p4']) ++ ++AT_CHECK([ovs-appctl revalidator/wait]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-flows --names | grep -q "actions:p[[13]]"], [1]) ++AT_CHECK([ovs-appctl dpctl/dump-flows --names | grep -q "actions:p[[24]]"], [0]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_SETUP([ofproto-dpif - balance-slb bonding]) + # Create br0 with members bond0(p1, p2, p3) and p7, + # and br1 with members p4, p5, p6 and p8. +@@ -547,6 +590,23 @@ ovs-appctl time/warp 1000 100 ovs-appctl bond/show > bond3.txt AT_CHECK([sed -n '/member p2/,/^$/p' bond3.txt | grep 'hash'], [0], [ignore]) @@ -4778,7 +5041,7 @@ index e305e7b9cd..d9c3334baa 100644 OVS_VSWITCHD_STOP() AT_CLEANUP -@@ -740,6 +757,73 @@ Datapath actions: drop +@@ -740,6 +800,73 @@ Datapath actions: drop OVS_VSWITCHD_STOP() AT_CLEANUP @@ -4852,7 +5115,7 @@ index e305e7b9cd..d9c3334baa 100644 AT_SETUP([ofproto-dpif - bond - allow duplicated frames]) dnl Receiving of duplicated multicast frames should be allowed with 'all_members_active'. OVS_VSWITCHD_START([dnl -@@ -930,6 +1014,28 @@ AT_CHECK([tail -1 stdout], [0], +@@ -930,6 +1057,28 @@ AT_CHECK([tail -1 stdout], [0], OVS_VSWITCHD_STOP AT_CLEANUP @@ -4881,7 +5144,7 @@ index e305e7b9cd..d9c3334baa 100644 AT_SETUP([ofproto-dpif - group actions have no effect afterwards]) OVS_VSWITCHD_START add_of_ports br0 1 10 -@@ -1132,6 +1238,60 @@ bucket3 >= 500 +@@ -1132,6 +1281,60 @@ bucket3 >= 500 OVS_VSWITCHD_STOP AT_CLEANUP @@ -4942,7 +5205,41 @@ index e305e7b9cd..d9c3334baa 100644 AT_SETUP([ofproto-dpif - select group with explicit dp_hash selection method]) OVS_VSWITCHD_START -@@ -6178,6 +6338,57 @@ AT_CHECK([test 1 = `$PYTHON3 "$top_srcdir/utilities/ovs-pcap.in" p2-tx.pcap | wc +@@ -5242,6 +5445,33 @@ AT_CHECK_UNQUOTED([tail -1 stdout], [0], + OVS_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([ofproto-dpif - mirroring, metadata modification]) ++AT_KEYWORDS([mirror mirrors mirroring]) ++OVS_VSWITCHD_START ++add_of_ports br0 1 2 3 ++AT_CHECK([ovs-vsctl set Bridge br0 mirrors=@m -- \ ++ --id=@p3 get Port p3 -- \ ++ --id=@m create Mirror name=mymirror select_all=true output_port=@p3], ++ [0], [ignore]) ++ ++AT_DATA([flows.txt], [dnl ++in_port=1 actions=load:0x00->NXM_OF_IN_PORT[[]],output:2 ++]) ++AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) ++ ++dnl Metadata modified, duplicate packet shouldn't be delivered to mirror. ++m4_define([ICMP_FLOW], [m4_join([,], ++ [in_port(1),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800)], ++ [ipv4(src=192.168.0.1,dst=192.168.0.2,proto=1,tos=0,ttl=128,frag=no)], ++ [icmp(type=8,code=0)])]) ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy "ICMP_FLOW"], [0], [stdout]) ++AT_CHECK_UNQUOTED([tail -1 stdout], [0], ++ [Datapath actions: 3,2 ++]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_SETUP([ofproto-dpif - mirroring, OFPP_NONE ingress port]) + AT_KEYWORDS([mirror mirrors mirroring]) + OVS_VSWITCHD_START +@@ -6178,6 +6408,57 @@ AT_CHECK([test 1 = `$PYTHON3 "$top_srcdir/utilities/ovs-pcap.in" p2-tx.pcap | wc OVS_VSWITCHD_STOP AT_CLEANUP @@ -5000,7 +5297,7 @@ index e305e7b9cd..d9c3334baa 100644 AT_SETUP([ofproto-dpif - continuation with patch port]) AT_KEYWORDS([continuations pause resume]) OVS_VSWITCHD_START( -@@ -7653,12 +7864,14 @@ dummy@ovs-dummy: hit:0 missed:0 +@@ -7653,12 +7934,14 @@ dummy@ovs-dummy: hit:0 missed:0 vm1 5/3: (dummy: ifindex=2011) ]) @@ -5018,7 +5315,7 @@ index e305e7b9cd..d9c3334baa 100644 dnl Prime ARP Cache for 1.1.2.92 AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:b6,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=00:00:00:00:00:00)']) -@@ -7669,10 +7882,13 @@ ovs-vsctl \ +@@ -7669,10 +7952,13 @@ ovs-vsctl \ --id=@sf create sflow targets=\"127.0.0.1:$SFLOW_PORT\" agent=127.0.0.1 \ header=128 sampling=1 polling=0 @@ -5034,7 +5331,7 @@ index e305e7b9cd..d9c3334baa 100644 ]) dnl add rule for int-br to force packet onto tunnel. There is no ifindex -@@ -12041,3 +12257,48 @@ AT_CHECK([test 1 = `ovs-ofctl parse-pcap p2-tx.pcap | wc -l`]) +@@ -12041,3 +12327,48 @@ AT_CHECK([test 1 = `ovs-ofctl parse-pcap p2-tx.pcap | wc -l`]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -5099,6 +5396,62 @@ index c22fb3c79c..3795ca7149 100644 m4_divert_pop([PREPARE_TESTS]) m4_define([TESTABLE_LOG], [-vPATTERN:ANY:'%c|%p|%m']) +diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at +index d03d365003..a9337f6192 100644 +--- a/tests/ovs-ofctl.at ++++ b/tests/ovs-ofctl.at +@@ -3086,6 +3086,51 @@ AT_CHECK([ovs-ofctl -O OpenFlow14 dump-flows br0 | ofctl_strip | sed '/OFPST_FLO + OVS_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([ovs-ofctl replace-flows with fragments]) ++OVS_VSWITCHD_START ++ ++AT_DATA([frag_flows.txt], [dnl ++ ip,nw_frag=first actions=drop ++ ip,nw_frag=later actions=drop ++ ip,nw_frag=no actions=NORMAL ++ ip,nw_frag=not_later actions=NORMAL ++ ip,nw_frag=yes actions=LOCAL ++]) ++AT_DATA([replace_flows.txt], [dnl ++ ip,nw_frag=first actions=NORMAL ++ ip,nw_frag=later actions=LOCAL ++ ip,nw_frag=no actions=drop ++ ip,nw_frag=not_later actions=drop ++ ip,nw_frag=yes actions=drop ++]) ++ ++AT_CHECK([ovs-ofctl -O OpenFlow13 add-flows br0 frag_flows.txt]) ++on_exit 'ovs-ofctl -O OpenFlow13 dump-flows br0' ++ ++dnl Check that flow replacement works. ++AT_CHECK([ovs-ofctl -vvconn:console:dbg -O OpenFlow13 \ ++ replace-flows br0 replace_flows.txt 2>&1 | grep FLOW_MOD \ ++ | sed 's/.*\(OFPT_FLOW_MOD.*\)/\1/' | strip_xids | sort], [0], [dnl ++OFPT_FLOW_MOD (OF1.3): ADD ip,nw_frag=first actions=NORMAL ++OFPT_FLOW_MOD (OF1.3): ADD ip,nw_frag=later actions=LOCAL ++OFPT_FLOW_MOD (OF1.3): ADD ip,nw_frag=no actions=drop ++OFPT_FLOW_MOD (OF1.3): ADD ip,nw_frag=not_later actions=drop ++OFPT_FLOW_MOD (OF1.3): ADD ip,nw_frag=yes actions=drop ++]) ++ ++dnl Check that replacement to the same set doesn't cause flow modifications. ++AT_CHECK([ovs-ofctl -vvconn:console:dbg -O OpenFlow13 \ ++ replace-flows br0 replace_flows.txt 2>&1 | grep FLOW_MOD \ ++ | sed 's/.*\(OFPT_FLOW_MOD.*\)/\1/' | strip_xids | sort], [0], []) ++ ++dnl Compare the flow dump against the expected set. ++cat replace_flows.txt > expout ++AT_CHECK([ovs-ofctl -O OpenFlow13 dump-flows br0 \ ++ | ofctl_strip | sed '/OFPST_FLOW/d' | sort], [0], [expout]) ++ ++OVS_VSWITCHD_STOP ++AT_CLEANUP ++ + AT_SETUP([ovs-ofctl replace-flows with --bundle]) + OVS_VSWITCHD_START + diff --git a/tests/ovsdb-cluster.at b/tests/ovsdb-cluster.at index 481afc08b3..9d8b4d06a4 100644 --- a/tests/ovsdb-cluster.at diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec index 3a71839..5fe4120 100644 --- a/SPECS/openvswitch3.3.spec +++ b/SPECS/openvswitch3.3.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 3.3.0 -Release: 56%{?dist} +Release: 57%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -769,6 +769,16 @@ exit 0 %endif %changelog +* Wed Oct 30 2024 Open vSwitch CI - 3.3.0-57 +- Merging upstream branch-3.3 [RH git: 7e02cc5483] + Commit list: + f1b70cb48d meta-flow: Fix nw_frag mask while parsing from string. + 1fbb050141 ci: Remove dependency on libpcap. + a9db0f3177 github: Remove ASLR entropy workaround. + 4f7c8c2592 bond: Always revalidate unbalanced bonds when active member changes. (FDP-845) + a9e40e3227 ofproto-dpif-upcall: Fix redundant mirror on metadata modification. (FDP-699) + + * Thu Oct 24 2024 Open vSwitch CI - 3.3.0-56 - Merging dpdk subtree [RH git: 61607569a5] Commit list: