diff --git a/SOURCES/openvswitch-2.16.0.patch b/SOURCES/openvswitch-2.16.0.patch index a9758fe..aa9ed13 100644 --- a/SOURCES/openvswitch-2.16.0.patch +++ b/SOURCES/openvswitch-2.16.0.patch @@ -93,16 +93,20 @@ index d8fa931fab..1dbead3276 100644 .. note:: diff --git a/NEWS b/NEWS -index 559a51ba3f..139c24a4f8 100644 +index 559a51ba3f..ecaf9ffd78 100644 --- a/NEWS +++ b/NEWS -@@ -1,3 +1,13 @@ -+v2.16.2 - xx xxx xxxx +@@ -1,3 +1,17 @@ ++v2.16.3 - xx xxx xxxx +--------------------- + - Python: + * For SSL support, the use of the pyOpenSSL library has been replaced + with the native 'ssl' module. + ++v2.16.2 - 17 Dec 2021 ++--------------------- ++ - Bug fixes ++ +v2.16.1 - 21 Oct 2021 +--------------------- + - Bug fixes @@ -111,7 +115,7 @@ index 559a51ba3f..139c24a4f8 100644 --------------------- - Removed support for 1024-bit Diffie-Hellman key exchange, which is now diff --git a/configure.ac b/configure.ac -index 16b32be965..64c26828f2 100644 +index 16b32be965..92817b62e1 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ @@ -119,7 +123,7 @@ index 16b32be965..64c26828f2 100644 AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.16.0, bugs@openvswitch.org) -+AC_INIT(openvswitch, 2.16.2, bugs@openvswitch.org) ++AC_INIT(openvswitch, 2.16.3, bugs@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) @@ -392,16 +396,42 @@ index 2b314ce274..74130a4600 100644 const PNL_ATTR actions); /* +diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +index 4cce92f66c..bc18c56b81 100644 +--- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h ++++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +@@ -108,7 +108,14 @@ static inline bool rpl_nf_ct_delete(struct nf_conn *ct, u32 portid, int report) + static inline unsigned int + rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) + { +- return nf_conntrack_in(state->net, state->pf, state->hook, skb); ++ int err; ++ ++ /* Repeat if requested, see nf_iterate(). */ ++ do { ++ err = nf_conntrack_in(state->net, state->pf, state->hook, skb); ++ } while (err == NF_REPEAT); ++ ++ return err; + } + #define nf_conntrack_in rpl_nf_conntrack_in + #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ diff --git a/debian/changelog b/debian/changelog -index 239d210b96..a0838ea3d7 100644 +index 239d210b96..9fa140c6ff 100644 --- a/debian/changelog +++ b/debian/changelog -@@ -1,3 +1,15 @@ +@@ -1,3 +1,21 @@ ++openvswitch (2.16.3-1) unstable; urgency=low ++ [ Open vSwitch team ] ++ * New upstream version ++ ++ -- Open vSwitch team Fri, 17 Dec 2021 22:14:03 +0100 ++ +openvswitch (2.16.2-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + -+ -- Open vSwitch team Thu, 21 Oct 2021 23:58:12 +0200 ++ -- Open vSwitch team Fri, 17 Dec 2021 22:14:03 +0100 + +openvswitch (2.16.1-1) unstable; urgency=low + [ Open vSwitch team ] @@ -614,6 +644,161 @@ index b7d577870d..fe24f9abdf 100644 "cannot use CPU flag based optimizations"); return false; } +diff --git a/lib/dpif-netdev-extract-avx512.c b/lib/dpif-netdev-extract-avx512.c +index ec64419e38..8d8003b05f 100644 +--- a/lib/dpif-netdev-extract-avx512.c ++++ b/lib/dpif-netdev-extract-avx512.c +@@ -161,6 +161,15 @@ _mm512_maskz_permutexvar_epi8_wrap(__mmask64 kmask, __m512i idx, __m512i a) + #define PATTERN_IPV4_UDP PATTERN_IPV4_GEN(0x45, 0, 0, 0x11) + #define PATTERN_IPV4_TCP PATTERN_IPV4_GEN(0x45, 0, 0, 0x06) + ++#define PATTERN_TCP_GEN(data_offset) \ ++ 0, 0, 0, 0, /* sport, dport */ \ ++ 0, 0, 0, 0, /* sequence number */ \ ++ 0, 0, 0, 0, /* ack number */ \ ++ data_offset, /* data offset: used to verify = 5, options not supported */ ++ ++#define PATTERN_TCP_MASK PATTERN_TCP_GEN(0xF0) ++#define PATTERN_TCP PATTERN_TCP_GEN(0x50) ++ + #define NU 0 + #define PATTERN_IPV4_UDP_SHUFFLE \ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, NU, NU, /* Ether */ \ +@@ -320,8 +329,16 @@ static const struct mfex_profile mfex_profiles[PROFILE_COUNT] = + }, + + [PROFILE_ETH_IPV4_TCP] = { +- .probe_mask.u8_data = { PATTERN_ETHERTYPE_MASK PATTERN_IPV4_MASK }, +- .probe_data.u8_data = { PATTERN_ETHERTYPE_IPV4 PATTERN_IPV4_TCP}, ++ .probe_mask.u8_data = { ++ PATTERN_ETHERTYPE_MASK ++ PATTERN_IPV4_MASK ++ PATTERN_TCP_MASK ++ }, ++ .probe_data.u8_data = { ++ PATTERN_ETHERTYPE_IPV4 ++ PATTERN_IPV4_TCP ++ PATTERN_TCP ++ }, + + .store_shuf.u8_data = { PATTERN_IPV4_TCP_SHUFFLE }, + .store_kmsk = PATTERN_IPV4_TCP_KMASK, +@@ -353,10 +370,16 @@ static const struct mfex_profile mfex_profiles[PROFILE_COUNT] = + + [PROFILE_ETH_VLAN_IPV4_TCP] = { + .probe_mask.u8_data = { +- PATTERN_ETHERTYPE_MASK PATTERN_DT1Q_MASK PATTERN_IPV4_MASK ++ PATTERN_ETHERTYPE_MASK ++ PATTERN_DT1Q_MASK ++ PATTERN_IPV4_MASK ++ PATTERN_TCP_MASK + }, + .probe_data.u8_data = { +- PATTERN_ETHERTYPE_DT1Q PATTERN_DT1Q_IPV4 PATTERN_IPV4_TCP ++ PATTERN_ETHERTYPE_DT1Q ++ PATTERN_DT1Q_IPV4 ++ PATTERN_IPV4_TCP ++ PATTERN_TCP + }, + + .store_shuf.u8_data = { PATTERN_DT1Q_IPV4_TCP_SHUFFLE }, +@@ -374,16 +397,31 @@ static const struct mfex_profile mfex_profiles[PROFILE_COUNT] = + /* Protocol specific helper functions, for calculating offsets/lenghts. */ + static int32_t + mfex_ipv4_set_l2_pad_size(struct dp_packet *pkt, struct ip_header *nh, +- uint32_t len_from_ipv4) ++ uint32_t len_from_ipv4, uint32_t next_proto_len) + { +- /* Handle dynamic l2_pad_size. */ +- uint16_t tot_len = ntohs(nh->ip_tot_len); +- if (OVS_UNLIKELY(tot_len > len_from_ipv4 || +- (len_from_ipv4 - tot_len) > UINT16_MAX)) { +- return -1; +- } +- dp_packet_set_l2_pad_size(pkt, len_from_ipv4 - tot_len); +- return 0; ++ /* Handle dynamic l2_pad_size; note that avx512 has already validated ++ * the IP->ihl field to be 5, so 20 bytes of IP header (no options). ++ */ ++ uint16_t ip_tot_len = ntohs(nh->ip_tot_len); ++ ++ /* Error if IP total length is greater than remaining packet size. */ ++ bool err_ip_tot_len_too_high = ip_tot_len > len_from_ipv4; ++ ++ /* Error if IP total length is less than the size of the IP header ++ * itself, and the size of the next-protocol this profile matches on. ++ */ ++ bool err_ip_tot_len_too_low = ++ (IP_HEADER_LEN + next_proto_len) > ip_tot_len; ++ ++ /* Ensure the l2 pad size will not overflow. */ ++ bool err_len_u16_overflow = (len_from_ipv4 - ip_tot_len) > UINT16_MAX; ++ ++ if (OVS_UNLIKELY(err_ip_tot_len_too_high || err_ip_tot_len_too_low || ++ err_len_u16_overflow)) { ++ return -1; ++ } ++ dp_packet_set_l2_pad_size(pkt, len_from_ipv4 - ip_tot_len); ++ return 0; + } + + /* Fixup the VLAN CFI and PCP, reading the PCP from the input to this function, +@@ -450,7 +488,14 @@ mfex_avx512_process(struct dp_packet_batch *packets, + + /* Load packet data and probe with AVX512 mask & compare. */ + const uint8_t *pkt = dp_packet_data(packet); +- __m512i v_pkt0 = _mm512_loadu_si512(pkt); ++ __m512i v_pkt0; ++ if (size >= 64) { ++ v_pkt0 = _mm512_loadu_si512(pkt); ++ } else { ++ uint64_t load_kmask = (1ULL << size) - 1; ++ v_pkt0 = _mm512_maskz_loadu_epi8(load_kmask, pkt); ++ } ++ + __m512i v_pkt0_masked = _mm512_and_si512(v_pkt0, v_mask); + __mmask64 k_cmp = _mm512_cmpeq_epi8_mask(v_pkt0_masked, v_vals); + if (k_cmp != UINT64_MAX) { +@@ -498,7 +543,8 @@ mfex_avx512_process(struct dp_packet_batch *packets, + + uint32_t size_from_ipv4 = size - VLAN_ETH_HEADER_LEN; + struct ip_header *nh = (void *)&pkt[VLAN_ETH_HEADER_LEN]; +- if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4)) { ++ if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4, ++ TCP_HEADER_LEN)) { + continue; + } + +@@ -512,7 +558,8 @@ mfex_avx512_process(struct dp_packet_batch *packets, + + uint32_t size_from_ipv4 = size - VLAN_ETH_HEADER_LEN; + struct ip_header *nh = (void *)&pkt[VLAN_ETH_HEADER_LEN]; +- if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4)) { ++ if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4, ++ UDP_HEADER_LEN)) { + continue; + } + } break; +@@ -525,7 +572,8 @@ mfex_avx512_process(struct dp_packet_batch *packets, + /* Handle dynamic l2_pad_size. */ + uint32_t size_from_ipv4 = size - sizeof(struct eth_header); + struct ip_header *nh = (void *)&pkt[sizeof(struct eth_header)]; +- if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4)) { ++ if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4, ++ TCP_HEADER_LEN)) { + continue; + } + } break; +@@ -534,7 +582,8 @@ mfex_avx512_process(struct dp_packet_batch *packets, + /* Handle dynamic l2_pad_size. */ + uint32_t size_from_ipv4 = size - sizeof(struct eth_header); + struct ip_header *nh = (void *)&pkt[sizeof(struct eth_header)]; +- if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4)) { ++ if (mfex_ipv4_set_l2_pad_size(packet, nh, size_from_ipv4, ++ UDP_HEADER_LEN)) { + continue; + } + diff --git a/lib/dpif-netdev-private-dfc.h b/lib/dpif-netdev-private-dfc.h index 92092ebec9..3dfc91f0fe 100644 --- a/lib/dpif-netdev-private-dfc.h @@ -1906,11 +2091,231 @@ index b30a11c24b..41835f6f4d 100644 return NULL; } +diff --git a/lib/tnl-neigh-cache.c b/lib/tnl-neigh-cache.c +index 5bda4af7e0..995c88bf17 100644 +--- a/lib/tnl-neigh-cache.c ++++ b/lib/tnl-neigh-cache.c +@@ -32,6 +32,7 @@ + #include "errno.h" + #include "flow.h" + #include "netdev.h" ++#include "ovs-atomic.h" + #include "ovs-thread.h" + #include "packets.h" + #include "openvswitch/poll-loop.h" +@@ -44,14 +45,13 @@ + #include "openvswitch/vlog.h" + + +-/* In seconds */ +-#define NEIGH_ENTRY_DEFAULT_IDLE_TIME (15 * 60) ++#define NEIGH_ENTRY_DEFAULT_IDLE_TIME_MS (15 * 60 * 1000) + + struct tnl_neigh_entry { + struct cmap_node cmap_node; + struct in6_addr ip; + struct eth_addr mac; +- time_t expires; /* Expiration time. */ ++ atomic_llong expires; /* Expiration time in ms. */ + char br_name[IFNAMSIZ]; + }; + +@@ -64,6 +64,16 @@ tnl_neigh_hash(const struct in6_addr *ip) + return hash_bytes(ip->s6_addr, 16, 0); + } + ++static bool ++tnl_neigh_expired(struct tnl_neigh_entry *neigh) ++{ ++ long long expires; ++ ++ atomic_read_explicit(&neigh->expires, &expires, memory_order_acquire); ++ ++ return expires <= time_msec(); ++} ++ + static struct tnl_neigh_entry * + tnl_neigh_lookup__(const char br_name[IFNAMSIZ], const struct in6_addr *dst) + { +@@ -73,11 +83,13 @@ tnl_neigh_lookup__(const char br_name[IFNAMSIZ], const struct in6_addr *dst) + hash = tnl_neigh_hash(dst); + CMAP_FOR_EACH_WITH_HASH (neigh, cmap_node, hash, &table) { + if (ipv6_addr_equals(&neigh->ip, dst) && !strcmp(neigh->br_name, br_name)) { +- if (neigh->expires <= time_now()) { ++ if (tnl_neigh_expired(neigh)) { + return NULL; + } + +- neigh->expires = time_now() + NEIGH_ENTRY_DEFAULT_IDLE_TIME; ++ atomic_store_explicit(&neigh->expires, time_msec() + ++ NEIGH_ENTRY_DEFAULT_IDLE_TIME_MS, ++ memory_order_release); + return neigh; + } + } +@@ -113,15 +125,16 @@ tnl_neigh_delete(struct tnl_neigh_entry *neigh) + ovsrcu_postpone(neigh_entry_free, neigh); + } + +-static void +-tnl_neigh_set__(const char name[IFNAMSIZ], const struct in6_addr *dst, +- const struct eth_addr mac) ++void ++tnl_neigh_set(const char name[IFNAMSIZ], const struct in6_addr *dst, ++ const struct eth_addr mac) + { + ovs_mutex_lock(&mutex); + struct tnl_neigh_entry *neigh = tnl_neigh_lookup__(name, dst); + if (neigh) { + if (eth_addr_equals(neigh->mac, mac)) { +- neigh->expires = time_now() + NEIGH_ENTRY_DEFAULT_IDLE_TIME; ++ atomic_store_relaxed(&neigh->expires, time_msec() + ++ NEIGH_ENTRY_DEFAULT_IDLE_TIME_MS); + ovs_mutex_unlock(&mutex); + return; + } +@@ -133,7 +146,8 @@ tnl_neigh_set__(const char name[IFNAMSIZ], const struct in6_addr *dst, + + neigh->ip = *dst; + neigh->mac = mac; +- neigh->expires = time_now() + NEIGH_ENTRY_DEFAULT_IDLE_TIME; ++ atomic_store_relaxed(&neigh->expires, time_msec() + ++ NEIGH_ENTRY_DEFAULT_IDLE_TIME_MS); + ovs_strlcpy(neigh->br_name, name, sizeof neigh->br_name); + cmap_insert(&table, &neigh->cmap_node, tnl_neigh_hash(&neigh->ip)); + ovs_mutex_unlock(&mutex); +@@ -144,12 +158,12 @@ tnl_arp_set(const char name[IFNAMSIZ], ovs_be32 dst, + const struct eth_addr mac) + { + struct in6_addr dst6 = in6_addr_mapped_ipv4(dst); +- tnl_neigh_set__(name, &dst6, mac); ++ tnl_neigh_set(name, &dst6, mac); + } + + static int + tnl_arp_snoop(const struct flow *flow, struct flow_wildcards *wc, +- const char name[IFNAMSIZ]) ++ const char name[IFNAMSIZ], bool allow_update) + { + /* Snoop normal ARP replies and gratuitous ARP requests/replies only */ + if (!is_arp(flow) +@@ -159,13 +173,17 @@ tnl_arp_snoop(const struct flow *flow, struct flow_wildcards *wc, + return EINVAL; + } + +- tnl_arp_set(name, FLOW_WC_GET_AND_MASK_WC(flow, wc, nw_src), flow->arp_sha); ++ memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src); ++ ++ if (allow_update) { ++ tnl_arp_set(name, flow->nw_src, flow->arp_sha); ++ } + return 0; + } + + static int + tnl_nd_snoop(const struct flow *flow, struct flow_wildcards *wc, +- const char name[IFNAMSIZ]) ++ const char name[IFNAMSIZ], bool allow_update) + { + if (!is_nd(flow, wc) || flow->tp_src != htons(ND_NEIGHBOR_ADVERT)) { + return EINVAL; +@@ -184,20 +202,22 @@ tnl_nd_snoop(const struct flow *flow, struct flow_wildcards *wc, + memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst); + memset(&wc->masks.nd_target, 0xff, sizeof wc->masks.nd_target); + +- tnl_neigh_set__(name, &flow->nd_target, flow->arp_tha); ++ if (allow_update) { ++ tnl_neigh_set(name, &flow->nd_target, flow->arp_tha); ++ } + return 0; + } + + int + tnl_neigh_snoop(const struct flow *flow, struct flow_wildcards *wc, +- const char name[IFNAMSIZ]) ++ const char name[IFNAMSIZ], bool allow_update) + { + int res; +- res = tnl_arp_snoop(flow, wc, name); ++ res = tnl_arp_snoop(flow, wc, name, allow_update); + if (res != EINVAL) { + return res; + } +- return tnl_nd_snoop(flow, wc, name); ++ return tnl_nd_snoop(flow, wc, name, allow_update); + } + + void +@@ -208,7 +228,7 @@ tnl_neigh_cache_run(void) + + ovs_mutex_lock(&mutex); + CMAP_FOR_EACH(neigh, cmap_node, &table) { +- if (neigh->expires <= time_now()) { ++ if (tnl_neigh_expired(neigh)) { + tnl_neigh_delete(neigh); + changed = true; + } +@@ -294,7 +314,7 @@ tnl_neigh_cache_add(struct unixctl_conn *conn, int argc OVS_UNUSED, + return; + } + +- tnl_neigh_set__(br_name, &ip6, mac); ++ tnl_neigh_set(br_name, &ip6, mac); + unixctl_command_reply(conn, "OK"); + } + +@@ -319,7 +339,7 @@ tnl_neigh_cache_show(struct unixctl_conn *conn, int argc OVS_UNUSED, + + ds_put_format(&ds, ETH_ADDR_FMT" %s", + ETH_ADDR_ARGS(neigh->mac), neigh->br_name); +- if (neigh->expires <= time_now()) { ++ if (tnl_neigh_expired(neigh)) { + ds_put_format(&ds, " STALE"); + } + ds_put_char(&ds, '\n'); +diff --git a/lib/tnl-neigh-cache.h b/lib/tnl-neigh-cache.h +index e4b42b0594..877bca3127 100644 +--- a/lib/tnl-neigh-cache.h ++++ b/lib/tnl-neigh-cache.h +@@ -32,7 +32,9 @@ + #include "util.h" + + int tnl_neigh_snoop(const struct flow *flow, struct flow_wildcards *wc, +- const char dev_name[IFNAMSIZ]); ++ const char dev_name[IFNAMSIZ], bool allow_update); ++void tnl_neigh_set(const char name[IFNAMSIZ], const struct in6_addr *dst, ++ const struct eth_addr mac); + int tnl_neigh_lookup(const char dev_name[IFNAMSIZ], const struct in6_addr *dst, + struct eth_addr *mac); + void tnl_neigh_cache_init(void); diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c -index a426fcfeb6..970f78bb52 100644 +index a426fcfeb6..bb22d29034 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c -@@ -6177,11 +6177,32 @@ static void +@@ -4097,7 +4097,21 @@ terminate_native_tunnel(struct xlate_ctx *ctx, struct flow *flow, + (flow->dl_type == htons(ETH_TYPE_ARP) || + flow->nw_proto == IPPROTO_ICMPV6) && + is_neighbor_reply_correct(ctx, flow)) { +- tnl_neigh_snoop(flow, wc, ctx->xbridge->name); ++ tnl_neigh_snoop(flow, wc, ctx->xbridge->name, ++ ctx->xin->allow_side_effects); ++ } else if (*tnl_port != ODPP_NONE && ++ ctx->xin->allow_side_effects && ++ dl_type_is_ip_any(flow->dl_type)) { ++ struct eth_addr mac = flow->dl_src; ++ struct in6_addr s_ip6; ++ ++ if (flow->dl_type == htons(ETH_TYPE_IP)) { ++ in6_addr_set_mapped_ipv4(&s_ip6, flow->nw_src); ++ } else { ++ s_ip6 = flow->ipv6_src; ++ } ++ ++ tnl_neigh_set(ctx->xbridge->name, &s_ip6, mac); + } + } + +@@ -6177,11 +6191,32 @@ static void compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc, bool is_last_action) { @@ -1921,7 +2326,7 @@ index a426fcfeb6..970f78bb52 100644 + if (ofc->zone_src.field) { + union mf_subvalue value; + memset(&value, 0xff, sizeof(value)); -+ + + zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow); + if (ctx->xin->frozen_state) { + /* If the upcall is a resume of a recirculation, we only need to @@ -1939,14 +2344,14 @@ index a426fcfeb6..970f78bb52 100644 + } else { + zone = ofc->zone_imm; + } - ++ + size_t ct_offset; + ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label; + uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark; /* Ensure that any prior actions are applied before composing the new * conntrack action. */ xlate_commit_actions(ctx); -@@ -6193,11 +6214,6 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc, +@@ -6193,11 +6228,6 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc, do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx, is_last_action, false); @@ -1958,7 +2363,7 @@ index a426fcfeb6..970f78bb52 100644 ct_offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CT); if (ofc->flags & NX_CT_F_COMMIT) { -@@ -6333,6 +6349,7 @@ xlate_check_pkt_larger(struct xlate_ctx *ctx, +@@ -6333,6 +6363,7 @@ xlate_check_pkt_larger(struct xlate_ctx *ctx, * then ctx->exit would be true. Reset to false so that we can * do flow translation for 'IF_LESS_EQUAL' case. finish_freezing() * would have taken care of Undoing the changes done for freeze. */ @@ -1966,7 +2371,7 @@ index a426fcfeb6..970f78bb52 100644 ctx->exit = false; offset_attr = nl_msg_start_nested( -@@ -6357,7 +6374,7 @@ xlate_check_pkt_larger(struct xlate_ctx *ctx, +@@ -6357,7 +6388,7 @@ xlate_check_pkt_larger(struct xlate_ctx *ctx, ctx->was_mpls = old_was_mpls; ctx->conntracked = old_conntracked; ctx->xin->flow = old_flow; @@ -1975,7 +2380,7 @@ index a426fcfeb6..970f78bb52 100644 } static void -@@ -6738,6 +6755,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, +@@ -6738,6 +6769,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, return; } @@ -1983,7 +2388,7 @@ index a426fcfeb6..970f78bb52 100644 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { struct ofpact_controller *controller; const struct ofpact_metadata *metadata; -@@ -6752,7 +6770,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, +@@ -6752,7 +6784,7 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, recirc_for_mpls(a, ctx); @@ -1992,7 +2397,7 @@ index a426fcfeb6..970f78bb52 100644 /* Check if need to store the remaining actions for later * execution. */ if (ctx->freezing) { -@@ -7160,6 +7178,12 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, +@@ -7160,6 +7192,12 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, ofpacts_len); xlate_check_pkt_larger(ctx, ofpact_get_CHECK_PKT_LARGER(a), remaining_acts, remaining_acts_len); @@ -4980,11 +5385,100 @@ index daa55dab7b..637271619f 100644 ovsdb_idl_txn_commit_block(myTxn); ovsdb_idl_txn_destroy(myTxn); ovsdb_idl_get_initial_snapshot(idl); +diff --git a/tests/tunnel-push-pop-ipv6.at b/tests/tunnel-push-pop-ipv6.at +index 59723e63b8..c7665a1aeb 100644 +--- a/tests/tunnel-push-pop-ipv6.at ++++ b/tests/tunnel-push-pop-ipv6.at +@@ -432,6 +432,42 @@ AT_CHECK([ovs-appctl dpif/dump-flows int-br | grep 'in_port(6081)'], [0], [dnl + tunnel(tun_id=0x7b,ipv6_src=2001:cafe::92,ipv6_dst=2001:cafe::88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=3,rule_cookie=0,controller_id=0,max_len=65535)) + ]) + ++dnl Receive VXLAN with different MAC and verify that the neigh cache gets updated ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000f8bc1244cafe86dd60000000003a11402001cafe0000000000000000000000922001cafe000000000000000000000088c85312b5003abc700c00000300007b00ffffffffffff00000000000008004500001c0001000040117cce7f0000017f0000010035003500080172']) ++ ++ovs-appctl time/warp 1000 ++ovs-appctl time/warp 1000 ++ ++dnl Check VXLAN tunnel push ++AT_CHECK([ovs-ofctl add-flow int-br action=2]) ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=36:b1:ee:7c:01:01,dst=36:b1:ee:7c:01:02),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: clone(tnl_push(tnl_port(4789),header(size=70,type=4,eth(dst=f8:bc:12:44:ca:fe,src=aa:55:aa:55:00:00,dl_type=0x86dd),ipv6(src=2001:cafe::88,dst=2001:cafe::92,label=0,proto=17,tclass=0x0,hlimit=64),udp(src=0,dst=4789,csum=0xffff),vxlan(flags=0x8000000,vni=0x7b)),out_port(100)),1) ++]) ++ ++AT_CHECK([ovs-appctl tnl/arp/show | tail -n+3 | sort], [0], [dnl ++2001:cafe::92 f8:bc:12:44:ca:fe br0 ++2001:cafe::93 f8:bc:12:44:34:b7 br0 ++]) ++ ++dnl Restore and check the cache entries ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000f8bc124434b686dd60000000003a11402001cafe0000000000000000000000922001cafe000000000000000000000088c85312b5003abc700c00000300007b00ffffffffffff00000000000008004500001c0001000040117cce7f0000017f0000010035003500080172']) ++ ++ovs-appctl time/warp 1000 ++ovs-appctl time/warp 1000 ++ ++dnl Check VXLAN tunnel push ++AT_CHECK([ovs-ofctl add-flow int-br action=2]) ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=36:b1:ee:7c:01:01,dst=36:b1:ee:7c:01:02),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: clone(tnl_push(tnl_port(4789),header(size=70,type=4,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x86dd),ipv6(src=2001:cafe::88,dst=2001:cafe::92,label=0,proto=17,tclass=0x0,hlimit=64),udp(src=0,dst=4789,csum=0xffff),vxlan(flags=0x8000000,vni=0x7b)),out_port(100)),1) ++]) ++ ++AT_CHECK([ovs-appctl tnl/arp/show | tail -n+3 | sort], [0], [dnl ++2001:cafe::92 f8:bc:12:44:34:b6 br0 ++2001:cafe::93 f8:bc:12:44:34:b7 br0 ++]) ++ + ovs-appctl time/warp 10000 + + AT_CHECK([ovs-vsctl del-port int-br t3 \ diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at -index 48c5de9d19..6364653975 100644 +index 48c5de9d19..6a597488e6 100644 --- a/tests/tunnel-push-pop.at +++ b/tests/tunnel-push-pop.at -@@ -595,6 +595,64 @@ OVS_WAIT_UNTIL([test `ovs-pcap p0.pcap | grep 50540000000a5054000000091235 | wc +@@ -522,6 +522,41 @@ AT_CHECK([ovs-appctl dpif/dump-flows int-br | grep 'in_port(6081)'], [0], [dnl + tunnel(tun_id=0x7b,src=1.1.2.92,dst=1.1.2.88,geneve({class=0xffff,type=0x80,len=4,0xa/0xf}{class=0xffff,type=0,len=4}),flags(-df-csum+key)),recirc_id(0),in_port(6081),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=2,rule_cookie=0,controller_id=0,max_len=65535)) + ]) + ++dnl Receive VXLAN with different MAC and verify that the neigh cache gets updated ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000f8bc1244cafe08004500004e00010000401173e90101025c01010258c85312b5003a8cd40c00000300007b00ffffffffffff00000000000008004500001c0001000040117cce7f0000017f0000010035003500080172']) ++ ++ovs-appctl time/warp 1000 ++ovs-appctl time/warp 1000 ++ ++dnl Check VXLAN tunnel push ++AT_CHECK([ovs-ofctl add-flow int-br action=2]) ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=36:b1:ee:7c:01:01,dst=36:b1:ee:7c:01:02),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: clone(tnl_push(tnl_port(4789),header(size=50,type=4,eth(dst=f8:bc:12:44:ca:fe,src=aa:55:aa:55:00:00,dl_type=0x0800),ipv4(src=1.1.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),udp(src=0,dst=4789,csum=0x0),vxlan(flags=0x8000000,vni=0x7b)),out_port(100)),1) ++]) ++ ++AT_CHECK([ovs-appctl tnl/neigh/show | tail -n+3 | sort], [0], [dnl ++1.1.2.92 f8:bc:12:44:ca:fe br0 ++1.1.2.93 f8:bc:12:44:34:b7 br0 ++]) ++ ++dnl Restore and check the cache entries ++AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa550000f8bc124434b608004500004e00010000401173e90101025c01010258c85312b5003a8cd40c00000300007b00ffffffffffff00000000000008004500001c0001000040117cce7f0000017f0000010035003500080172']) ++ ++ovs-appctl time/warp 1000 ++ovs-appctl time/warp 1000 ++ ++dnl Check VXLAN tunnel push ++AT_CHECK([ovs-appctl ofproto/trace ovs-dummy 'in_port(2),eth(src=36:b1:ee:7c:01:01,dst=36:b1:ee:7c:01:02),eth_type(0x0800),ipv4(src=1.1.3.88,dst=1.1.3.112,proto=47,tos=0,ttl=64,frag=no)'], [0], [stdout]) ++AT_CHECK([tail -1 stdout], [0], ++ [Datapath actions: clone(tnl_push(tnl_port(4789),header(size=50,type=4,eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),ipv4(src=1.1.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),udp(src=0,dst=4789,csum=0x0),vxlan(flags=0x8000000,vni=0x7b)),out_port(100)),1) ++]) ++ ++AT_CHECK([ovs-appctl tnl/neigh/show | tail -n+3 | sort], [0], [dnl ++1.1.2.92 f8:bc:12:44:34:b6 br0 ++1.1.2.93 f8:bc:12:44:34:b7 br0 ++]) ++ + ovs-appctl time/warp 10000 + + AT_CHECK([ovs-vsctl del-port int-br t3 \ +@@ -595,6 +630,64 @@ OVS_WAIT_UNTIL([test `ovs-pcap p0.pcap | grep 50540000000a5054000000091235 | wc OVS_VSWITCHD_STOP AT_CLEANUP diff --git a/SPECS/openvswitch2.16.spec b/SPECS/openvswitch2.16.spec index b2851c7..a9aaec5 100644 --- a/SPECS/openvswitch2.16.spec +++ b/SPECS/openvswitch2.16.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.16.0 -Release: 33%{?dist} +Release: 36%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -699,6 +699,29 @@ exit 0 %endif %changelog +* Thu Jan 13 2022 Open vSwitch CI - 2.16.0-36 +- Merging upstream branch-2.16 [RH git: edae801e00] + Commit list: + ba7fffb832 dpif-netdev: Improve loading of packet data for undersized packets. + + +* Sat Dec 18 2021 Open vSwitch CI - 2.16.0-35 +- Merging upstream branch-2.16 [RH git: 6ad0375ff5] + Commit list: + 2595b7b3d1 Prepare for 2.16.3. + 6caaae525c Set release date for 2.16.2. + 443e3657d7 ofproto-dpif-xlate: Snoop ingress packets and update neigh cache if needed. + 75d2ef9a60 tnl-neigh-cache: Do not refresh the entry while revalidating. + 5d88836566 tnl-neigh-cache: Read/write expires atomically. + fb42c99c15 dpif-netdev: Improve handling of IP/TCP in avx512 mfex. + + +* Thu Dec 09 2021 Open vSwitch CI - 2.16.0-34 +- Merging upstream branch-2.16 [RH git: 07b9bf085a] + Commit list: + f42c484445 compat: handle NF_REPEAT error on nf_conntrack_in. + + * Mon Dec 06 2021 Open vSwitch CI - 2.16.0-33 - Merging upstream branch-2.16 [RH git: 8708b55152] Commit list: