diff --git a/SOURCES/openvswitch-2.17.0.patch b/SOURCES/openvswitch-2.17.0.patch index 0ff5a11..d74a2c4 100644 --- a/SOURCES/openvswitch-2.17.0.patch +++ b/SOURCES/openvswitch-2.17.0.patch @@ -110140,10 +110140,24 @@ index bbb31ef275..7054f8e745 100644 struct hook *h = &hooks[i]; if (h->cancel_cb) { diff --git a/lib/flow.c b/lib/flow.c -index dd523c889b..ffc1681f8c 100644 +index dd523c889b..38f8c69bab 100644 --- a/lib/flow.c +++ b/lib/flow.c -@@ -408,7 +408,8 @@ parse_ethertype(const void **datap, size_t *sizep) +@@ -402,18 +402,25 @@ parse_ethertype(const void **datap, size_t *sizep) + return htons(FLOW_DL_TYPE_NONE); + } + ++static inline bool ++icmp6_is_nd(const struct icmp6_data_header *icmp6) ++{ ++ return (icmp6->icmp6_base.icmp6_code == 0 && ++ (icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_SOLICIT || ++ icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_ADVERT)); ++} ++ + /* Returns 'true' if the packet is an ND packet. In that case the '*nd_target' + * and 'arp_buf[]' are filled in. If the packet is not an ND packet, 'false' + * is returned and no values are filled in on '*nd_target' or 'arp_buf[]'. */ static inline bool parse_icmpv6(const void **datap, size_t *sizep, const struct icmp6_data_header *icmp6, @@ -110152,8 +110166,14 @@ index dd523c889b..ffc1681f8c 100644 + const union ovs_16aligned_in6_addr **nd_target, struct eth_addr arp_buf[2], uint8_t *opt_type) { - if (icmp6->icmp6_base.icmp6_code != 0 || -@@ -1060,7 +1061,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) +- if (icmp6->icmp6_base.icmp6_code != 0 || +- (icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_SOLICIT && +- icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_ADVERT)) { ++ if (!icmp6_is_nd(icmp6)) { + return false; + } + +@@ -1060,7 +1067,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) } } else if (OVS_LIKELY(nw_proto == IPPROTO_ICMPV6)) { if (OVS_LIKELY(size >= sizeof(struct icmp6_data_header))) { @@ -110162,7 +110182,23 @@ index dd523c889b..ffc1681f8c 100644 struct eth_addr arp_buf[2]; /* This will populate whether we received Option 1 * or Option 2. */ -@@ -1129,7 +1130,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) +@@ -1108,6 +1115,15 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) + } + } + } ++ } else if (ct_nw_proto_p && ++ (*ct_nw_proto_p == IPPROTO_TCP || ++ *ct_nw_proto_p == IPPROTO_UDP || ++ *ct_nw_proto_p == IPPROTO_SCTP || ++ *ct_nw_proto_p == IPPROTO_ICMP || ++ (*ct_nw_proto_p == IPPROTO_ICMPV6 && !icmp6_is_nd(data)))) { ++ miniflow_pad_from_64(mf, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_src, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst); + } + out: + dst->map = mf.map; +@@ -1129,7 +1145,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) * If 'packet' is not an Ethernet packet embedding TCP, returns 0. * 'dl_type_p' will be set only if the 'packet' is an Ethernet packet. * 'nw_frag_p' will be set only if the 'packet' is an IP packet. @@ -110171,7 +110207,7 @@ index dd523c889b..ffc1681f8c 100644 * * The caller must ensure that 'packet' is at least ETH_HEADER_LEN bytes * long.'*/ -@@ -1950,7 +1951,7 @@ flow_wildcards_init_for_packet(struct flow_wildcards *wc, +@@ -1950,7 +1966,7 @@ flow_wildcards_init_for_packet(struct flow_wildcards *wc, } /* IPv4 or IPv6. */ @@ -110180,7 +110216,7 @@ index dd523c889b..ffc1681f8c 100644 WC_MASK_FIELD(wc, nw_tos); WC_MASK_FIELD(wc, nw_ttl); WC_MASK_FIELD(wc, nw_proto); -@@ -3345,6 +3346,24 @@ flow_compose(struct dp_packet *p, const struct flow *flow, +@@ -3345,6 +3361,24 @@ flow_compose(struct dp_packet *p, const struct flow *flow, arp->ar_sha = flow->arp_sha; arp->ar_tha = flow->arp_tha; } @@ -133089,7 +133125,7 @@ index 871a3bda4f..3d84a53182 100644 ]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index f22d86e466..579b725928 100644 +index f22d86e466..9f4b2349f1 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -10,13 +10,13 @@ ADD_NAMESPACES(at_ns0, at_ns1) @@ -133280,13 +133316,11 @@ index f22d86e466..579b725928 100644 dnl Okay, now check the overlay with different packet sizes -NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl - 3 packets transmitted, 3 received, 0% packet loss, time 0ms - ]) --NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) +NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl - 3 packets transmitted, 3 received, 0% packet loss, time 0ms - ]) --NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) +NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) @@ -133325,15 +133359,17 @@ index f22d86e466..579b725928 100644 + +dnl First, check the underlay +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 172.31.1.100 | FORMAT_PING], [0], [dnl -+3 packets transmitted, 3 received, 0% packet loss, time 0ms -+]) + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) +-NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl +dnl Okay, now check the overlay with different packet sizes +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl -+3 packets transmitted, 3 received, 0% packet loss, time 0ms -+]) + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) +-NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl +NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) @@ -133604,13 +133640,11 @@ index f22d86e466..579b725928 100644 dnl Okay, now check the overlay with different packet sizes -NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl - 3 packets transmitted, 3 received, 0% packet loss, time 0ms - ]) --NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) +NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl - 3 packets transmitted, 3 received, 0% packet loss, time 0ms - ]) --NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl ++3 packets transmitted, 3 received, 0% packet loss, time 0ms ++]) +NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.100 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) @@ -133726,13 +133760,15 @@ index f22d86e466..579b725928 100644 +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +NS_CHECK_EXEC([at_ns1], [ping -q -c 3 -i 0.3 -W 2 172.31.2.100 | FORMAT_PING], [0], [dnl -+3 packets transmitted, 3 received, 0% packet loss, time 0ms -+]) + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) +-NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl + +dnl Now, check the overlay with different packet sizes. +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl -+3 packets transmitted, 3 received, 0% packet loss, time 0ms -+]) + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) +-NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -w 2 10.1.1.100 | FORMAT_PING], [0], [dnl +NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) @@ -134148,17 +134184,17 @@ index f22d86e466..579b725928 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) -+ -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8847 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) @@ -134306,6 +134342,12 @@ index f22d86e466..579b725928 100644 +m4_define([MPLS_HEADER], [m4_join([,], + [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], + [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ ++m4_define([ICMP_PKT], [m4_join([,], ++ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], ++ [nw_src=10.1.1.1,nw_dst=10.1.1.2], ++ [nw_proto=1,nw_ttl=64,nw_frag=no], ++ [icmp_type=8,icmp_code=0])]) -dnl Check the expected decapsulated on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) @@ -134315,19 +134357,13 @@ index f22d86e466..579b725928 100644 -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0060: *3637" 2>&1 1>/dev/null]) -+m4_define([ICMP_PKT], [m4_join([,], -+ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], -+ [nw_src=10.1.1.1,nw_dst=10.1.1.2], -+ [nw_proto=1,nw_ttl=64,nw_frag=no], -+ [icmp_type=8,icmp_code=0])]) - +dnl The packet is an eth/mpls/eth/ip/icmp sent from p0(at_ns0) interface +dnl directed to p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + "$(ovs-ofctl compose-packet --bare 'MPLS_HEADER')" \ + "$(ovs-ofctl compose-packet --bare 'ICMP_PKT')"], + [0], [ignore]) -+ + +dnl Check the expected decapsulated on the egress interface. +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q \ + "^$(ovs-ofctl compose-packet --bare 'ICMP_PKT')\$"]) @@ -134358,14 +134394,22 @@ index f22d86e466..579b725928 100644 + [nw_src=10.1.1.1,nw_dst=10.1.1.2], + [nw_proto=1,nw_ttl=64,nw_frag=no], + [icmp_type=8,icmp_code=0])]) -+ + +-dnl Check the expected decapsulated on the egress interface +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0010: *0054 *0344 *4000 *4001 *2161 *0a01 *0101 *0a01" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0020: *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61 *0000" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0030: *0000 *500b *0200 *0000 *0000 *1011 *1213 *1415" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) +-OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0060: *3637" 2>&1 1>/dev/null]) +dnl The packet is an eth/mpls/eth/ip/icmp sent from p0(at_ns0) interface +dnl directed to p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + "$(ovs-ofctl compose-packet --bare 'MPLS_HEADER')" \ + "$(ovs-ofctl compose-packet --bare 'ICMP_PKT')"], + [0], [ignore]) -+ + +dnl Check the expected decapsulated on the egress interface. +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q \ + "^$(ovs-ofctl compose-packet --bare 'ICMP_PKT')\$"]) @@ -134396,19 +134440,11 @@ index f22d86e466..579b725928 100644 + other_config:min-rate=2000000 other_config:max-rate=3000000 dnl + other_config:burst=3000000], + [ignore], [ignore]) - --dnl Check the expected decapsulated on the egress interface --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0010: *0054 *0344 *4000 *4001 *2161 *0a01 *0101 *0a01" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0020: *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61 *0000" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0030: *0000 *500b *0200 *0000 *0000 *1011 *1213 *1415" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) --OVS_WAIT_UNTIL([cat p1.pcap | egrep "0x0060: *3637" 2>&1 1>/dev/null]) ++ +dnl Wait for qdiscs to be applied. +OVS_WAIT_UNTIL([tc qdisc show dev ovs-p0 | grep -q htb]) +OVS_WAIT_UNTIL([tc qdisc show dev ovs-p1 | grep -q htb]) - ++ +dnl Check the configuration. +m4_define([HTB_CONF], [rate 2Mbit ceil 3Mbit burst 375000b cburst 375000b]) +AT_CHECK([tc class show dev ovs-p0 | grep -q 'class htb .* HTB_CONF']) @@ -134531,7 +134567,7 @@ index f22d86e466..579b725928 100644 ]) AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1)], [0], [dnl -@@ -3181,19 +3640,23 @@ dnl Modify userspace conntrack fragmentation handling. +@@ -3181,18 +3640,107 @@ dnl Modify userspace conntrack fragmentation handling. DPCTL_MODIFY_FRAGMENTATION() dnl Ipv4 fragmentation connectivity check. @@ -134549,16 +134585,99 @@ index f22d86e466..579b725928 100644 dnl Check userspace conntrack fragmentation counters. DPCTL_CHECK_FRAGMENTATION_PASS() --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv4 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping -s 65507 -q -c 1 -W 0.5 10.1.1.2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v4 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv4 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") ++ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,arp,action=normal ++priority=100,ip,ct_state=-trk,action=ct(table=0) ++priority=100,in_port=2,icmp,ct_state=+rpl,action=1 ++priority=100,in_port=1,ip,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=100,in_port=1,ip,ct_nw_proto=1,ct_tp_src=8,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl Total Length: 1420 ++dnl Identification: 0x0001 (1) ++dnl 001. .... = Flags: 0x1, More fragments ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..1. .... = More fragments: Set ++dnl ...0 0000 0000 0000 = Fragment Offset: 0 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1392 bytes) ++dnl Data (1392 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 05 8c 00 01 20 00 40 11 3f 5c 0a 01 01 01 0a 01 01 02" ++udp="00 01 00 02 06 48 dd 56" ++data_len=$(seq 1392) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl 0100 .... = Version: 4 ++dnl .... 0101 = Header Length: 20 bytes (5) ++dnl Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) ++dnl 0000 00.. = Differentiated Services Codepoint: Default (0) ++dnl .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) ++dnl Total Length: 228 ++dnl Identification: 0x0001 (1) ++dnl 000. .... = Flags: 0x0 ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..0. .... = More fragments: Not set ++dnl ...0 0000 1010 1111 = Fragment Offset: 1400 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl Data (208 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 00 e4 00 01 00 af 40 11 63 55 0a 01 01 01 0a 01 01 02" ++data_len=$(seq 208) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -W 1 10.1.1.2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sort], [0], [dnl ++icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ++udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv4 fragmentation expiry]) -@@ -3258,12 +3721,12 @@ dnl Modify userspace conntrack fragmentation handling. +@@ -3258,12 +3806,12 @@ dnl Modify userspace conntrack fragmentation handling. DPCTL_MODIFY_FRAGMENTATION() dnl Ipv4 fragmentation connectivity check. @@ -134573,7 +134692,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3303,22 +3766,22 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3303,22 +3851,22 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) dnl Ipv4 fragmentation connectivity check. @@ -134600,7 +134719,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3345,6 +3808,11 @@ AT_CHECK([ovs-ofctl bundle br0 bundle.txt]) +@@ -3345,6 +3893,11 @@ AT_CHECK([ovs-ofctl bundle br0 bundle.txt]) AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl ]) @@ -134612,7 +134731,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3472,16 +3940,20 @@ dnl "connect: Cannot assign requested address" +@@ -3472,15 +4025,105 @@ dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl Ipv6 fragmentation connectivity check. @@ -134627,16 +134746,100 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv6 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping6 -s 65487 -q -c 1 -W 0.5 fc00::2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v6 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv6 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "fc00::1/96", "50:54:00:00:00:09", [], "nodad") ++ADD_VETH(p1, at_ns1, br0, "fc00::2/96", "50:54:00:00:00:0a", [], "nodad") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,ipv6,ct_state=-trk,action=ct(table=0) ++priority=10,in_port=2,ipv6,ct_tp_src=128,ct_state=+trk+est+rpl,action=1 ++priority=10,in_port=1,ipv6,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=10,in_port=1,ipv6,ct_nw_proto=58,ct_tp_src=128,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++priority=100,icmp6,icmp_type=135,action=normal ++priority=100,icmp6,icmp_type=136,action=normal ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 1344 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0000 0000 0... = Offset: 0 (0 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...1 = More Fragments: Yes ++dnl Identification: 0x9bdb1fa7 ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1328 bytes) ++dnl Data (1328 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 05 40 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 00 01 9b db 1f a7" ++udp="00 01 00 02 06 48 fb 56" ++data_len=$(seq 1328) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl IPv6 Packet content ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 280 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0101 0011 1... = Offset: 167 (1336 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...0 = More Fragments: No ++dnl Identification: 0x9bdb1fa7 ++dnl Data (272 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 01 18 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 05 38 9b db 1f a7" ++data_len=$(seq 272) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Send also fragmented ICMPv6. ++NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 1 -W 1 fc00::2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2) | sort], [0], [dnl ++icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0) ++udp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv6 fragmentation expiry]) -@@ -3554,12 +4026,12 @@ dnl "connect: Cannot assign requested address" +@@ -3554,12 +4197,12 @@ dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl Ipv4 fragmentation connectivity check. @@ -134651,7 +134854,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3597,22 +4069,22 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3597,22 +4240,22 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00:1::4]) dnl Ipv6 fragmentation connectivity check. @@ -134678,7 +134881,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3823,18 +4295,18 @@ ADD_NATIVE_TUNNEL([vxlan], [at_vxlan1], [at_ns0], [172.31.1.100], [10.1.1.1/24], +@@ -3823,18 +4466,18 @@ ADD_NATIVE_TUNNEL([vxlan], [at_vxlan1], [at_ns0], [172.31.1.100], [10.1.1.1/24], [id 0 dstport 4789]) dnl First, check the underlay @@ -134701,7 +134904,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3883,18 +4355,18 @@ dnl "connect: Cannot assign requested address" +@@ -3883,18 +4526,18 @@ dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl First, check the underlay @@ -134724,7 +134927,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -3919,8 +4391,8 @@ NS_CHECK_EXEC([at_ns0], [ip route add 10.1.1.0/24 via 10.2.1.2]) +@@ -3919,8 +4562,8 @@ NS_CHECK_EXEC([at_ns0], [ip route add 10.1.1.0/24 via 10.2.1.2]) NS_CHECK_EXEC([at_ns1], [ip route add 10.1.1.0/24 via 10.2.1.1]) dnl Solely for debugging when things go wrong @@ -134735,7 +134938,7 @@ index f22d86e466..579b725928 100644 AT_DATA([flows.txt], [dnl table=0,arp,actions=normal -@@ -4007,7 +4479,7 @@ dnl The default udp_single and icmp_first timeouts are 30 seconds in +@@ -4007,7 +4650,7 @@ dnl The default udp_single and icmp_first timeouts are 30 seconds in dnl kernel DP, and 60 seconds in userspace DP. dnl Send ICMP and UDP traffic @@ -134744,7 +134947,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4033,7 +4505,7 @@ done +@@ -4033,7 +4676,7 @@ done AT_CHECK([ovs-vsctl --may-exist add-zone-tp $DP_TYPE zone=5 udp_first=1 udp_single=1 icmp_first=1 icmp_reply=1]) dnl Send ICMP and UDP traffic @@ -134753,7 +134956,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4051,7 +4523,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +@@ -4051,7 +4694,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl ]) dnl Re-send ICMP and UDP traffic to test conntrack cache @@ -134762,7 +134965,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4072,7 +4544,7 @@ dnl Set the timeout policy to default again. +@@ -4072,7 +4715,7 @@ dnl Set the timeout policy to default again. AT_CHECK([ovs-vsctl del-zone-tp $DP_TYPE zone=5]) dnl Send ICMP and UDP traffic @@ -134771,7 +134974,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4100,15 +4572,15 @@ action=normal +@@ -4100,15 +4743,15 @@ action=normal AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -134790,7 +134993,7 @@ index f22d86e466..579b725928 100644 "1616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161610a, actions=ct(table=1)"]) AT_CHECK([ovs-appctl dpctl/dump-flows | head -2 | tail -1 | grep -q -e ["]udp[(]src=5001["]]) -@@ -4265,7 +4737,7 @@ table=2,in_port=1,ip,ct_state=+trk+est,ct_zone=2,action=LOCAL +@@ -4265,7 +4908,7 @@ table=2,in_port=1,ip,ct_state=+trk+est,ct_zone=2,action=LOCAL AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -134799,7 +135002,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -4336,7 +4808,7 @@ table=4,priority=100,ip,action=output:NXM_NX_REG0[[]] +@@ -4336,7 +4979,7 @@ table=4,priority=100,ip,action=output:NXM_NX_REG0[[]] AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -134808,7 +135011,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -5031,11 +5503,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) +@@ -5031,11 +5674,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address 80:88:88:88:88:88]) ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") @@ -134822,7 +135025,7 @@ index f22d86e466..579b725928 100644 in_port=2,ct_state=-trk,tcp,tp_dst=34568,action=ct(table=0,zone=1,nat) in_port=2,ct_state=+trk,ct_zone=1,tcp,action=1 dnl -@@ -5059,17 +5531,29 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -5059,17 +5702,29 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -134856,7 +135059,7 @@ index f22d86e466..579b725928 100644 AT_CLEANUP AT_SETUP([conntrack - more complex SNAT]) -@@ -5360,7 +5844,7 @@ table=10 priority=0 action=drop +@@ -5360,7 +6015,7 @@ table=10 priority=0 action=drop AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) rm p0.pcap @@ -134865,7 +135068,7 @@ index f22d86e466..579b725928 100644 sleep 1 dnl UDP packets from ns0->ns1 should solicit "destination unreachable" response. -@@ -5384,7 +5868,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst= +@@ -5384,7 +6039,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst= udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),mark=1 ]) @@ -134874,7 +135077,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -6074,7 +6558,7 @@ dnl waiting, we get occasional failures due to the following error: +@@ -6074,7 +6729,7 @@ dnl waiting, we get occasional failures due to the following error: dnl "connect: Cannot assign requested address" OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::240]) @@ -134883,7 +135086,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -6128,13 +6612,13 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +@@ -6128,13 +6783,13 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) rm p0.pcap @@ -134899,7 +135102,7 @@ index f22d86e466..579b725928 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl udp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::240,sport=,dport=) -@@ -6454,7 +6938,7 @@ on_exit 'ovs-appctl revalidator/purge' +@@ -6454,7 +7109,7 @@ on_exit 'ovs-appctl revalidator/purge' on_exit 'ovs-appctl dpif/dump-flows br0' dnl Should work with the virtual IP address through NAT @@ -134908,7 +135111,7 @@ index f22d86e466..579b725928 100644 echo Request $i NS_CHECK_EXEC([at_ns1], [wget 10.1.1.64 -t 5 -T 1 --retry-connrefused -v -o wget$i.log]) done -@@ -6722,10 +7206,18 @@ table=2,priority=10 ct_state=+trk+est action=drop +@@ -6722,10 +7377,18 @@ table=2,priority=10 ct_state=+trk+est action=drop AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -134930,7 +135133,7 @@ index f22d86e466..579b725928 100644 sleep 1 -@@ -6743,6 +7235,302 @@ AT_CHECK([ovs-ofctl dump-flows br0 | grep table=2, | OFPROTO_CLEAR_DURATION_IDLE +@@ -6743,6 +7406,302 @@ AT_CHECK([ovs-ofctl dump-flows br0 | grep table=2, | OFPROTO_CLEAR_DURATION_IDLE OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP @@ -135233,7 +135436,7 @@ index f22d86e466..579b725928 100644 AT_BANNER([802.1ad]) AT_SETUP([802.1ad - vlan_limit]) -@@ -6768,7 +7556,7 @@ dnl CVLAN traffic should match the flow and drop +@@ -6768,7 +7727,7 @@ dnl CVLAN traffic should match the flow and drop AT_CHECK([ovs-appctl revalidator/purge]) AT_CHECK([ovs-vsctl set Open_vSwitch . other_config:vlan-limit=1]) AT_CHECK([ovs-ofctl add-flow br0 "priority=100 dl_type=0x8100 action=drop"]) @@ -135242,7 +135445,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -6818,11 +7606,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br2 flows-customer-br.txt]) +@@ -6818,11 +7777,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br2 flows-customer-br.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) @@ -135256,7 +135459,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -6874,11 +7662,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br2 flows-customer-br.txt]) +@@ -6874,11 +7833,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br2 flows-customer-br.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) @@ -135270,7 +135473,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -6926,24 +7714,24 @@ AT_CHECK([ovs-vsctl set port ovs-p2 vlan_mode=dot1q-tunnel tag=4094 cvlans=100,2 +@@ -6926,24 +7885,24 @@ AT_CHECK([ovs-vsctl set port ovs-p2 vlan_mode=dot1q-tunnel tag=4094 cvlans=100,2 OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.3.2.2]) @@ -135300,7 +135503,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP(["/dropping VLAN \(0\|300\) packet received on dot1q-tunnel port/d"]) AT_CLEANUP -@@ -6972,11 +7760,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows-br0.txt]) +@@ -6972,11 +7931,11 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows-br0.txt]) OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.2.2.2]) @@ -135314,7 +135517,7 @@ index f22d86e466..579b725928 100644 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -@@ -6998,21 +7786,29 @@ dnl The flow will encap a nsh header to the TCP syn packet +@@ -6998,21 +7957,29 @@ dnl The flow will encap a nsh header to the TCP syn packet dnl eth/ip/tcp --> OVS --> eth/nsh/eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,ip,actions=encap(nsh(md_type=1)),set_field:0x1234->nsh_spi,set_field:0x11223344->nsh_c1,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -135357,7 +135560,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7030,19 +7826,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet +@@ -7030,19 +7997,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet dnl eth/nsh/eth/ip/tcp --> OVS --> eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f, actions=decap(),decap(), ovs-p1"]) @@ -135399,7 +135602,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7062,22 +7870,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, +@@ -7062,22 +8041,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, dnl nsh_ttl=7 and change the md1 context AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x03,actions=decap(),decap(),encap(nsh(md_type=1)),set_field:0x07->nsh_ttl,set_field:0x0101->nsh_spi,set_field:0x04->nsh_si,set_field:0x100f0e0d->nsh_c1,set_field:0x0c0b0a09->nsh_c2,set_field:0x08070605->nsh_c3,set_field:0x04030201->nsh_c4,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -135452,7 +135655,7 @@ index f22d86e466..579b725928 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7098,31 +7922,50 @@ dnl packet to to at_ns2. +@@ -7098,31 +8093,50 @@ dnl packet to to at_ns2. AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x02,actions=ovs-p1"]) AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x01,actions=ovs-p2"]) diff --git a/SPECS/openvswitch2.17.spec b/SPECS/openvswitch2.17.spec index 180a0f6..2da1655 100644 --- a/SPECS/openvswitch2.17.spec +++ b/SPECS/openvswitch2.17.spec @@ -63,7 +63,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.17.0 -Release: 196%{?dist} +Release: 197%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -749,6 +749,12 @@ exit 0 %endif %changelog +* Thu Feb 20 2025 Open vSwitch CI - 2.17.0-197 +- Merging upstream branch-2.17 [RH git: d07f9b6a08] + Commit list: + 46b8756a45 miniflow_extract: Push ct_tp_{src, dst} for later frags. (FDP-124) + + * Fri Jan 24 2025 Open vSwitch CI - 2.17.0-196 - Merging upstream branch-2.17 [RH git: af26a90104] Commit list: