diff --git a/SOURCES/openvswitch-3.4.0.patch b/SOURCES/openvswitch-3.4.0.patch index ddc0ac2..a05f8b3 100644 --- a/SOURCES/openvswitch-3.4.0.patch +++ b/SOURCES/openvswitch-3.4.0.patch @@ -608,6 +608,41 @@ index 7054cf559e..e7c8b96d49 100644 of ``kern``, ``user``, ``mail``, ``daemon``, ``auth``, ``syslog``, ``lpr``, ``news``, ``uucp``, ``clock``, ``ftp``, ``ntp``, ``audit``, ``alert``, ``clock2``, ``local0``, ``local1``, ``local2``, +diff --git a/Documentation/topics/userspace-tso.rst b/Documentation/topics/userspace-tso.rst +index a21bb2b5de..07bdc29465 100644 +--- a/Documentation/topics/userspace-tso.rst ++++ b/Documentation/topics/userspace-tso.rst +@@ -109,9 +109,9 @@ then started again. OvS will then report:: + Limitations + ~~~~~~~~~~~ + +-The current OvS userspace `TSO` implementation supports flat and VLAN networks +-only (i.e. no support for `TSO` over tunneled connection [VxLAN, GRE, IPinIP, +-etc.]). ++The current OvS userspace `TSO` implementation supports flat, VLAN networks, ++and some tunneled connections. Currently only VxLAN and Geneve tunnels are ++supported. + + The NIC driver must support and advertise checksum offload for TCP and UDP. + However, SCTP is not mandatory because very few drivers advertised support +@@ -120,11 +120,12 @@ in Open vSwitch. Currently, if the NIC supports that, then the feature is + enabled, otherwise TSO can still be enabled but SCTP packets sent to the NIC + will be dropped. + +-There is no software implementation of TSO, so all ports attached to the +-datapath must support TSO or packets using that feature will be dropped +-on ports without TSO support. That also means guests using vhost-user +-in client mode will receive TSO packet regardless of TSO being enabled +-or disabled within the guest. ++There is no software implementation of TSO in conjunction with tunnels. So ++when VxLAN or Geneve tunnels are in use, all ports attached to the datapath ++must support TSO or packets using this combination of features will be dropped ++on ports without hardware TSO support. That also means guests using ++vhost-user in client mode will receive TSO packet regardless of TSO being ++enabled or disabled within the guest. + + All kernel devices that use the raw socket interface (veth, for example) + require the kernel commit 9d2f67e43b73 ("net/packet: fix packet drop as of diff --git a/NEWS b/NEWS index 944c95a8d7..3b22d550a1 100644 --- a/NEWS @@ -646,6 +681,19 @@ index 3e39120af8..d88a2432f7 100644 AC_CONFIG_SRCDIR([vswitchd/ovs-vswitchd.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) +diff --git a/debian/automake.mk b/debian/automake.mk +index 7b2afafae1..18be99bfac 100644 +--- a/debian/automake.mk ++++ b/debian/automake.mk +@@ -56,8 +56,6 @@ EXTRA_DIST += \ + debian/openvswitch-vtep.init \ + debian/openvswitch-vtep.install \ + debian/ovs-systemd-reload \ +- debian/patches/ovs-ctl-ipsec.patch \ +- debian/patches/series \ + debian/rules \ + debian/source/format \ + debian/source/lintian-overrides \ diff --git a/debian/changelog b/debian/changelog index b9f9b404bf..5211c58c0b 100644 --- a/debian/changelog @@ -666,6 +714,110 @@ index b9f9b404bf..5211c58c0b 100644 openvswitch (3.4.0-1) unstable; urgency=low * New upstream version +diff --git a/debian/control.in b/debian/control.in +index f9eea897ed..99b2b0d5df 100644 +--- a/debian/control.in ++++ b/debian/control.in +@@ -39,6 +39,7 @@ Rules-Requires-Root: no + Homepage: http://openvswitch.org/ + Vcs-Browser: https://salsa.debian.org/openstack-team/third-party/openvswitch/-/tree/debian/experimental + Vcs-Git: https://salsa.debian.org/openstack-team/third-party/openvswitch.git ++X-Python3-Version: >= 3.10 + + Package: openvswitch-common + Architecture: linux-any +@@ -94,7 +95,6 @@ Depends: + python3-openvswitch (= ${source:Version}), + strongswan, + ${misc:Depends}, +- ${shlibs:Depends}, + Suggests: python3:any + Breaks: + openvswitch-common (<< 2.17~), +@@ -258,7 +258,6 @@ Depends: + openvswitch-switch (>= ${binary:Version}), + python3-openvswitch (>= ${source:Version}), + ${misc:Depends}, +- ${python3:Depends}, + ${shlibs:Depends}, + Suggests: python3:any + Breaks: +diff --git a/debian/openvswitch-ipsec.service b/debian/openvswitch-ipsec.service +index 608a6a6188..51b9b315a0 100644 +--- a/debian/openvswitch-ipsec.service ++++ b/debian/openvswitch-ipsec.service +@@ -6,7 +6,8 @@ After=openvswitch-switch.service + [Service] + Type=forking + PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid +-ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ ++Restart=on-failure ++ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \ + --ike-daemon=strongswan start-ovs-ipsec + ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec + +diff --git a/debian/openvswitch-switch.ovs-vswitchd.service b/debian/openvswitch-switch.ovs-vswitchd.service +index 519d80d8ed..a4d445b953 100644 +--- a/debian/openvswitch-switch.ovs-vswitchd.service ++++ b/debian/openvswitch-switch.ovs-vswitchd.service +@@ -11,6 +11,7 @@ DefaultDependencies=no + [Service] + LimitNOFILE=1048576 + Type=forking ++PIDFile=/run/openvswitch/ovs-vswitchd.pid + Restart=on-failure + Environment=HOME=/var/run/openvswitch + EnvironmentFile=-/etc/default/openvswitch-switch +diff --git a/debian/openvswitch-switch.ovsdb-server.service b/debian/openvswitch-switch.ovsdb-server.service +index 339665b255..35654d7059 100644 +--- a/debian/openvswitch-switch.ovsdb-server.service ++++ b/debian/openvswitch-switch.ovsdb-server.service +@@ -8,6 +8,7 @@ DefaultDependencies=no + [Service] + LimitNOFILE=1048576 + Type=forking ++PIDFile=/run/openvswitch/ovsdb-server.pid + Restart=on-failure + EnvironmentFile=-/etc/default/openvswitch-switch + ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ +@@ -18,6 +19,3 @@ ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop + ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd \ + --no-record-hostname \ + --no-monitor restart $OVS_CTL_OPTS +-RuntimeDirectory=openvswitch +-RuntimeDirectoryMode=0755 +-RuntimeDirectoryPreserve=yes +diff --git a/debian/patches/ovs-ctl-ipsec.patch b/debian/patches/ovs-ctl-ipsec.patch +deleted file mode 100644 +index 63375cd47d..0000000000 +--- a/debian/patches/ovs-ctl-ipsec.patch ++++ /dev/null +@@ -1,18 +0,0 @@ +-Description: Don't monitor ipsec daemon +- For Ubuntu systemd will monitor the ovs-monitor-ipsec daemon so +- there is no need to spawn a separate monitor thread to deal with +- restarts. Doing so has the side effect of confusing systemd into +- monitoring the wrong process. +-Author: James Page +-Forwarded: not-needed +- +---- a/utilities/ovs-ctl.in +-+++ b/utilities/ovs-ctl.in +-@@ -245,7 +245,7 @@ start_ovs_ipsec () { +- --pidfile=${rundir}/ovs-monitor-ipsec.pid \ +- --ike-daemon=$IKE_DAEMON \ +- $no_restart \ +-- --log-file --detach --monitor unix:${rundir}/db.sock || return 1 +-+ --log-file --detach unix:${rundir}/db.sock || return 1 +- return 0 +- } +diff --git a/debian/patches/series b/debian/patches/series +deleted file mode 100644 +index 87a2a1d97c..0000000000 +--- a/debian/patches/series ++++ /dev/null +@@ -1 +0,0 @@ +-ovs-ctl-ipsec.patch diff --git a/include/openvswitch/meta-flow.h b/include/openvswitch/meta-flow.h index aff917bcf6..875f122c5f 100644 --- a/include/openvswitch/meta-flow.h @@ -678,6 +830,19 @@ index aff917bcf6..875f122c5f 100644 bool mf_is_frozen_metadata(const struct mf_field *); bool mf_is_pipeline_field(const struct mf_field *); bool mf_is_set(const struct mf_field *, const struct flow *); +diff --git a/include/openvswitch/ofp-ct.h b/include/openvswitch/ofp-ct.h +index d57b626784..ea68c2e605 100644 +--- a/include/openvswitch/ofp-ct.h ++++ b/include/openvswitch/ofp-ct.h +@@ -24,6 +24,8 @@ + + #include "openflow/nicira-ext.h" + ++struct ds; ++ + #ifdef __cplusplus + extern "C" { + #endif diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 37c509ac68..6c60c07e3f 100755 --- a/ipsec/ovs-monitor-ipsec.in @@ -1451,6 +1616,51 @@ index 940c43c070..b7516257c5 100644 rte_openlog_stream(log_stream); } +diff --git a/lib/flow.c b/lib/flow.c +index 9be4375246..0eb34892f2 100644 +--- a/lib/flow.c ++++ b/lib/flow.c +@@ -1187,7 +1187,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) + * If 'packet' is not an Ethernet packet embedding TCP, returns 0. + * 'dl_type_p' will be set only if the 'packet' is an Ethernet packet. + * 'nw_frag_p' will be set only if the 'packet' is an IP packet. +- * 'first_vlan_tci' will be set only if the 'packet' contains vlan header. ++ * 'first_vlan_tci_p' will be set only if the 'packet' contains vlan header. + * + * The caller must ensure that 'packet' is at least ETH_HEADER_LEN bytes + * long.'*/ +diff --git a/lib/ipf.c b/lib/ipf.c +index 2d715f5e9d..da50307a98 100644 +--- a/lib/ipf.c ++++ b/lib/ipf.c +@@ -410,11 +410,12 @@ ipf_reassemble_v4_frags(struct ipf_list *ipf_list) + dp_packet_set_size(pkt, dp_packet_size(pkt) - dp_packet_l2_pad_size(pkt)); + struct ip_header *l3 = dp_packet_l3(pkt); + int len = ntohs(l3->ip_tot_len); ++ int orig_len = dp_packet_size(pkt); + + int rest_len = frag_list[ipf_list->last_inuse_idx].end_data_byte - + frag_list[1].start_data_byte + 1; + +- if (len + rest_len > IPV4_PACKET_MAX_SIZE) { ++ if (orig_len + rest_len > IPV4_PACKET_MAX_SIZE) { + ipf_print_reass_packet( + "Unsupported big reassembled v4 packet; v4 hdr:", l3); + dp_packet_delete(pkt); +@@ -459,11 +460,12 @@ ipf_reassemble_v6_frags(struct ipf_list *ipf_list) + dp_packet_set_size(pkt, dp_packet_size(pkt) - dp_packet_l2_pad_size(pkt)); + struct ovs_16aligned_ip6_hdr *l3 = dp_packet_l3(pkt); + int pl = ntohs(l3->ip6_plen) - sizeof(struct ovs_16aligned_ip6_frag); ++ int orig_len = dp_packet_size(pkt); + + int rest_len = frag_list[ipf_list->last_inuse_idx].end_data_byte - + frag_list[1].start_data_byte + 1; + +- if (pl + rest_len > IPV6_PACKET_MAX_DATA) { ++ if (orig_len + rest_len > IPV6_PACKET_MAX_DATA) { + ipf_print_reass_packet( + "Unsupported big reassembled v6 packet; v6 hdr:", l3); + dp_packet_delete(pkt); diff --git a/lib/mcast-snooping.c b/lib/mcast-snooping.c index dc5164b41c..bf25e6f20a 100644 --- a/lib/mcast-snooping.c @@ -1852,6 +2062,70 @@ index eb55dd0417..5d8f1672a8 100644 void * netdev_tnl_ip_extract_tnl_md(struct dp_packet *packet, struct flow_tnl *tnl, +diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c +index 3be1c08d24..44b056535f 100644 +--- a/lib/netdev-offload-tc.c ++++ b/lib/netdev-offload-tc.c +@@ -1490,6 +1490,31 @@ parse_put_flow_ct_action(struct tc_flower *flower, + return 0; + } + ++/* This function returns true if the tc layer will add a l4 checksum action ++ * for this set action. Refer to the csum_update_flag() function for ++ * detailed logic. Note that even the kernel only supports updating TCP, ++ * UDP and ICMPv6. ++ */ ++static bool ++tc_will_add_l4_checksum(struct tc_flower *flower, int type) ++{ ++ switch (type) { ++ case OVS_KEY_ATTR_IPV4: ++ case OVS_KEY_ATTR_IPV6: ++ case OVS_KEY_ATTR_TCP: ++ case OVS_KEY_ATTR_UDP: ++ switch (flower->key.ip_proto) { ++ case IPPROTO_TCP: ++ case IPPROTO_UDP: ++ case IPPROTO_ICMPV6: ++ case IPPROTO_UDPLITE: ++ return true; ++ } ++ break; ++ } ++ return false; ++} ++ + static int + parse_put_flow_set_masked_action(struct tc_flower *flower, + struct tc_action *action, +@@ -1522,6 +1547,14 @@ parse_put_flow_set_masked_action(struct tc_flower *flower, + return EOPNOTSUPP; + } + ++ if (flower->key.flags & TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT ++ && tc_will_add_l4_checksum(flower, type)) { ++ VLOG_DBG_RL(&rl, "set action type %d not supported on fragments " ++ "due to checksum limitation", type); ++ ofpbuf_uninit(&set_buf); ++ return EOPNOTSUPP; ++ } ++ + for (i = 0; i < ARRAY_SIZE(set_flower_map[type]); i++) { + struct netlink_field *f = &set_flower_map[type][i]; + +@@ -2447,6 +2480,12 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match, + } + + mask->nw_frag = 0; ++ } else { ++ /* This scenario should not occur. Currently, all installed IP DP ++ * flows perform a fully masked match on the fragmentation bits. ++ * However, since TC depends on this behavior, we return ENOTSUPP ++ * for now in case this behavior changes in the future. */ ++ return EOPNOTSUPP; + } + + if (key->nw_proto == IPPROTO_TCP) { diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index fe6a17b6da..8a05f7c9c8 100644 --- a/lib/ofp-actions.c @@ -1967,6 +2241,22 @@ index 71039e24f1..6f5821689e 100644 char *suffix_copy; int error; +diff --git a/lib/tc.c b/lib/tc.c +index e55ba3b1bb..2510d0a3ff 100644 +--- a/lib/tc.c ++++ b/lib/tc.c +@@ -2958,7 +2958,10 @@ csum_update_flag(struct tc_flower *flower, + * eth(dst=),eth_type(0x0800) actions=set(ipv4(src=)) + * we need to force a more specific flow as this can, for example, + * need a recalculation of icmp checksum if the packet that passes +- * is ICMPv6 and tcp checksum if its tcp. */ ++ * is ICMPv6 and tcp checksum if its tcp. ++ * ++ * This section of the code must be kept in sync with the pre-check ++ * function in netdev-offload-tc.c, tc_will_add_l4_checksum(). */ + + switch (htype) { + case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: diff --git a/lib/vconn.c b/lib/vconn.c index e9603432d2..4b1c262eaa 100644 --- a/lib/vconn.c @@ -2204,6 +2494,46 @@ index d3c353b9d6..9c210877e4 100644 if (n_hash > MAX_SELECT_GROUP_HASH_VALUES || (max_hash != 0 && n_hash > max_hash)) { VLOG_DBG(" Too many hash values required: %"PRIu64, n_hash); +diff --git a/ovsdb/ovsdb-client.c b/ovsdb/ovsdb-client.c +index 45501911c3..3fa1d9afcd 100644 +--- a/ovsdb/ovsdb-client.c ++++ b/ovsdb/ovsdb-client.c +@@ -555,7 +555,7 @@ static void + check_ovsdb_error(struct ovsdb_error *error) + { + if (error) { +- ovs_fatal(0, "%s", ovsdb_error_to_string(error)); ++ ovs_fatal(0, "%s", ovsdb_error_to_string_free(error)); + } + } + +diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c +index facd680ff3..354382f111 100644 +--- a/ovsdb/ovsdb-tool.c ++++ b/ovsdb/ovsdb-tool.c +@@ -247,7 +247,7 @@ static void + check_ovsdb_error(struct ovsdb_error *error) + { + if (error) { +- ovs_fatal(0, "%s", ovsdb_error_to_string(error)); ++ ovs_fatal(0, "%s", ovsdb_error_to_string_free(error)); + } + } + +diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service +index 92dad44f93..a4bf475d0c 100644 +--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service ++++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service +@@ -6,7 +6,8 @@ After=openvswitch.service + [Service] + Type=forking + PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid +-ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ ++Restart=on-failure ++ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \ + --ike-daemon=libreswan start-ovs-ipsec + ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec + diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in index beb0ab0d66..fe2c5bb61a 100644 --- a/selinux/openvswitch-custom.te.in @@ -3032,10 +3362,25 @@ index 1e155fecea..4ab384d89c 100644 +OVS_TRAFFIC_VSWITCHD_STOP() +AT_CLEANUP diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at -index 5203b1df80..a48bd532a0 100644 +index 5203b1df80..7a7a19f7e4 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at -@@ -267,3 +267,94 @@ m4_define([OVS_CHECK_BAREUDP], +@@ -202,6 +202,14 @@ m4_define([DPCTL_CHECK_FRAGMENTATION_FAIL], + + ]) + ++# OVS_CHECK_FRAG_LARGE ++# ++# This check isn't valid for kernel ++m4_define([OVS_CHECK_FRAG_LARGE], ++[ ++ ++]) ++ + # OVS_CHECK_MIN_KERNEL([minversion], [minsublevel]) + # + # Skip test if kernel version falls below minversion.minsublevel +@@ -267,3 +275,94 @@ m4_define([OVS_CHECK_BAREUDP], AT_SKIP_IF([! ip link add dev ovs_bareudp0 type bareudp dstport 6635 ethertype mpls_uc 2>&1 >/dev/null]) AT_CHECK([ip link del dev ovs_bareudp0]) ]) @@ -3191,7 +3536,7 @@ index 3d84a53182..03ec01270f 100644 OVS_TRAFFIC_VSWITCHD_STOP(["/.*ethtool command ETHTOOL_G.*/d"]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index 202ff04922..a327702bbd 100644 +index 202ff04922..4553f919f9 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -38,7 +38,7 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], @@ -3311,7 +3656,7 @@ index 202ff04922..a327702bbd 100644 NETNS_DAEMONIZE([at_ns0], [tcpdump -n -x -i p0 dst host fc00:100::1 -l > p0.pcap 2>/dev/null], [tcpdump.pid]) sleep 1 -@@ -2436,6 +2433,98 @@ recirc_id(),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(ty +@@ -2436,6 +2433,190 @@ recirc_id(),in_port(2),eth_type(0x86dd),ipv6(proto=58,frag=no),icmpv6(ty OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP @@ -3407,10 +3752,102 @@ index 202ff04922..a327702bbd 100644 +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + ++AT_SETUP([datapath - mod_nw_src/set_field on IP fragments]) ++AT_SKIP_IF([test $HAVE_TCPDUMP = no]) ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24", 36:b1:ee:7c:01:03) ++ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24", 36:b1:ee:7c:01:02) ++ ++AT_DATA([flows.txt], [dnl ++ in_port=ovs-p0,ip,nw_src=10.1.1.1 actions=mod_nw_src=11.1.1.1,ovs-p1 ++ in_port=ovs-p0,ipv6,ipv6_src=fc00::1 actions=set_field:fc00::100->ipv6_src,ovs-p1 ++]) ++ ++AT_CHECK([ovs-ofctl del-flows br0]) ++AT_CHECK([ovs-ofctl -Oopenflow13 add-flows br0 flows.txt]) ++ ++NETNS_DAEMONIZE([at_ns1], ++ [tcpdump -l -nn -xx -U -i p1 -w p1.pcap 2> tcpdump.err], ++ [tcpdump.pid]) ++OVS_WAIT_UNTIL([grep "listening" tcpdump.err]) ++ ++dnl IPv4 Packet content: ++dnl Ethernet II, Src: 36:b1:ee:7c:01:03, Dst: 36:b1:ee:7c:01:02 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl 0100 .... = Version: 4 ++dnl .... 0101 = Header Length: 20 bytes (5) ++dnl Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) ++dnl Total Length: 38 ++dnl Identification: 0x0001 (1) ++dnl 001. .... = Flags: 0x1, More fragments ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..1. .... = More fragments: Set ++dnl ...0 0000 0000 0000 = Fragment Offset: 0 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl Header Checksum: 0x44c2 ++dnl Data (18 bytes) ++eth="36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 08 00" ++ip="45 00 00 26 00 01 20 00 40 11 44 c2 0a 01 01 01 0a 01 01 02" ++data="0b c4 08 84 00 26 e9 64 01 02 03 04 05 06 07 08 09 0a" ++packet="${eth} ${ip} ${data}" ++ ++dnl We send each packet multiple times, one for learning, which will go to ++dnl ovs-vswitchd, and the others will go through the actual datapath. ++for i in 1 2 3 4 5; do ++ NS_CHECK_EXEC([at_ns0], ++ [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++done ++ ++dnl Update source address and checksums in original packet for comparison. ++packet=$(echo "$packet" | sed -e 's/ //g' \ ++ -e 's/0a010101/0b010101/g' -e 's/44c2/43c2/g' -e 's/e964/e864/g') ++OVS_WAIT_UNTIL([test $(ovs-pcap p1.pcap | grep -c "${packet}") -eq 5]) ++ ++dnl Repeat similar test with IPv6. ++dnl Packet content: ++dnl Ethernet II, Src: 36:b1:ee:7c:01:03, Dst: 36:b1:ee:7c:01:02 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 24 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0000 0000 0... = Offset: 0 (0 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...1 = More Fragments: Yes ++dnl Identification: 0x2316ab36 ++dnl Data (16 bytes) ++eth="36 b1 ee 7c 01 02 36 b1 ee 7c 01 03 86 dd" ++ip="60 00 00 00 00 18 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 00 01 23 16 ab 36" ++data="0b c4 08 84 00 26 07 65 01 02 03 04 05 06 07 08" ++packet="${eth} ${ip} ${data}" ++ ++for i in 1 2 3 4 5; do ++ NS_CHECK_EXEC([at_ns0], ++ [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++done ++ ++dnl Update checksum and source address in original packet for comparison. ++packet=$(echo "$packet" | sed -e 's/ //g' -e 's/0765/0666/g' -e \ ++ 's/fc000000000000000000000000000001/fc000000000000000000000000000100/g') ++OVS_WAIT_UNTIL([test $(ovs-pcap p1.pcap | grep -c "${packet}") -eq 5]) ++ ++OVS_TRAFFIC_VSWITCHD_STOP ++AT_CLEANUP ++ AT_BANNER([MPLS]) AT_SETUP([mpls - encap header dp-support]) -@@ -3410,10 +3499,10 @@ OVS_START_L7([at_ns1], [http]) +@@ -3410,10 +3591,10 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3423,7 +3860,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3453,10 +3542,10 @@ dnl traffic can't be identified, because the initial request wasn't committed. +@@ -3453,10 +3634,10 @@ dnl traffic can't be identified, because the initial request wasn't committed. dnl For the first pair of ports, this means that the connection fails. OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) @@ -3436,7 +3873,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3492,7 +3581,7 @@ OVS_START_L7([at_ns1], [http]) +@@ -3492,7 +3673,7 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3445,7 +3882,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -3500,7 +3589,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src= +@@ -3500,7 +3681,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src= dnl HTTP requests from p2->p3 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3454,7 +3891,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=,dport=),reply=(src=10.1.1.4,dst=10.1.1.3,sport=,dport=),zone=2,protoinfo=(state=) -@@ -3539,7 +3628,7 @@ OVS_START_L7([at_ns1], [http]) +@@ -3539,7 +3720,7 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3463,7 +3900,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=4097,protoinfo=(state=) -@@ -3547,7 +3636,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src= +@@ -3547,7 +3728,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src= dnl HTTP requests from p2->p3 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3472,7 +3909,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=,dport=),reply=(src=10.1.1.4,dst=10.1.1.3,sport=,dport=),zone=4098,protoinfo=(state=) -@@ -3581,7 +3670,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3581,7 +3762,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3481,7 +3918,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,dnl -@@ -3607,7 +3696,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 dnl +@@ -3607,7 +3788,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 dnl dnl Wait for a flow flush as some datapaths (read TC) might take time to clear. AT_CHECK([ovs-appctl revalidator/wait], [0]) @@ -3490,7 +3927,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl | grep "+trk" | grep -q "ct_zone(0xf)" ], [0], []) -@@ -3641,7 +3730,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3641,7 +3822,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3499,7 +3936,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,dnl -@@ -3659,7 +3748,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 'priority=100,ct_state=-trk,tcp,in_port="ovs-p +@@ -3659,7 +3840,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 'priority=100,ct_state=-trk,tcp,in_port="ovs-p dnl Wait for a flow flush as some datapaths (read TC) might take time to clear. AT_CHECK([ovs-appctl revalidator/wait], [0]) @@ -3508,7 +3945,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl | grep "+trk" | sed 's/0xffff000f\/0xffff/0xf\/0xffff/' dnl -@@ -3707,7 +3796,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br1 flows-br1.txt]) +@@ -3707,7 +3888,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br1 flows-br1.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -3517,7 +3954,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3736,10 +3825,10 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3736,10 +3917,10 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3530,7 +3967,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -3778,10 +3867,10 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) +@@ -3778,10 +3959,10 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3543,7 +3980,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -3823,14 +3912,14 @@ OVS_START_L7([at_ns1], [http]) +@@ -3823,14 +4004,14 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3560,7 +3997,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=,dport=),reply=(src=10.1.1.4,dst=10.1.1.3,sport=,dport=),mark=2,protoinfo=(state=) ]) -@@ -3865,7 +3954,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3865,7 +4046,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3569,7 +4006,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),mark=3,protoinfo=(state=) -@@ -3904,14 +3993,14 @@ OVS_START_L7([at_ns1], [http]) +@@ -3904,14 +4085,14 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3586,7 +4023,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=,dport=),reply=(src=10.1.1.4,dst=10.1.1.3,sport=,dport=),mark=2,protoinfo=(state=) ]) -@@ -3950,11 +4039,11 @@ OVS_START_L7([at_ns1], [http]) +@@ -3950,11 +4131,11 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3600,7 +4037,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -3986,7 +4075,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -3986,7 +4167,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3609,7 +4046,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),labels=0x200000001,protoinfo=(state=) -@@ -4024,7 +4113,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -4024,7 +4205,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3618,7 +4055,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,mark=3,labels=0x200000001,protoinfo=(state=) -@@ -4060,7 +4149,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows1.txt]) +@@ -4060,7 +4241,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows1.txt]) dnl TCP traffic from ns0 to ns1 should fail. OVS_START_L7([at_ns1], [http]) @@ -3627,7 +4064,33 @@ index 202ff04922..a327702bbd 100644 dnl Send UDP packet on port 1 twice. AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -5360,14 +5449,14 @@ OVS_START_L7([at_ns0], [http]) +@@ -4330,7 +4511,11 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING + dnl Check userspace conntrack fragmentation counters. + DPCTL_CHECK_FRAGMENTATION_PASS() + +-OVS_TRAFFIC_VSWITCHD_STOP ++dnl Ipv4 max packet size fragmentation dropped. ++NS_EXEC([at_ns0], [ping -s 65507 -q -c 1 -W 0.5 10.1.1.2]) ++OVS_CHECK_FRAG_LARGE() ++ ++OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v4 packet/d"]) + AT_CLEANUP + + AT_SETUP([conntrack - IPv4 fragmentation expiry]) +@@ -4624,7 +4809,11 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -W 2 fc00::2 | FORMAT_PING + 3 packets transmitted, 3 received, 0% packet loss, time 0ms + ]) + +-OVS_TRAFFIC_VSWITCHD_STOP ++dnl Ipv6 max packet size fragmentation dropped. ++NS_EXEC([at_ns0], [ping6 -s 65487 -q -c 1 -W 0.5 fc00::2]) ++OVS_CHECK_FRAG_LARGE() ++ ++OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v6 packet/d"]) + AT_CLEANUP + + AT_SETUP([conntrack - IPv6 fragmentation expiry]) +@@ -5360,14 +5549,14 @@ OVS_START_L7([at_ns0], [http]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from ns0->ns1 should work fine. @@ -3644,7 +4107,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5401,7 +5490,7 @@ OVS_START_L7([at_ns0], [http6]) +@@ -5401,7 +5590,7 @@ OVS_START_L7([at_ns0], [http6]) OVS_START_L7([at_ns1], [http6]) dnl HTTP requests from ns0->ns1 should work fine. @@ -3653,7 +4116,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=),protoinfo=(state=) -@@ -5409,7 +5498,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc +@@ -5409,7 +5598,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc dnl HTTP requests from ns1->ns0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3662,7 +4125,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5447,19 +5536,21 @@ OVS_START_L7([at_ns1], [http]) +@@ -5447,19 +5636,21 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -3686,7 +4149,7 @@ index 202ff04922..a327702bbd 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5489,10 +5580,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5489,10 +5680,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -3700,7 +4163,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5505,10 +5596,12 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -5505,10 +5696,12 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - multi-stage pipeline, local]) @@ -3713,7 +4176,7 @@ index 202ff04922..a327702bbd 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5560,10 +5653,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5560,10 +5753,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -3726,7 +4189,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5812,7 +5905,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -5812,7 +6005,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3735,7 +4198,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([find -name index.html], [0], [dnl ./index.html -@@ -5879,12 +5972,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -5879,12 +6072,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3750,7 +4213,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5895,12 +5988,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -5895,12 +6088,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3765,7 +4228,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -5909,7 +6002,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -5909,7 +6102,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -3774,7 +4237,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5919,7 +6012,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -5919,7 +6112,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -3783,7 +4246,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -5985,12 +6078,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) +@@ -5985,12 +6178,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3798,7 +4261,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -6001,12 +6094,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -6001,12 +6194,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3813,7 +4276,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -6015,7 +6108,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -6015,7 +6208,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -3822,7 +4285,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -6025,7 +6118,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -6025,7 +6218,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -3831,7 +4294,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -6060,7 +6153,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) +@@ -6060,7 +6253,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3840,7 +4303,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp -@@ -6121,7 +6214,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -6121,7 +6314,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3849,7 +4312,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6180,7 +6273,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -6180,7 +6373,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP passive requests from p0->p1 should work fine. @@ -3858,7 +4321,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6230,12 +6323,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -6230,12 +6423,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -3873,7 +4336,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=2,protoinfo=(state=),helper=ftp -@@ -6246,7 +6339,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -6246,7 +6439,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -3882,7 +4345,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp -@@ -6370,7 +6463,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6370,7 +6563,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -3891,7 +4354,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6460,7 +6553,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6460,7 +6653,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -3900,7 +4363,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6567,7 +6660,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [d +@@ -6567,7 +6760,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [d tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.240,sport=,dport=),zone=1,protoinfo=(state=) ]) @@ -3909,7 +4372,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.240,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6622,7 +6715,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6622,7 +6815,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -3918,7 +4381,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6716,14 +6809,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6716,14 +6909,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -3935,7 +4398,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6754,7 +6847,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 +@@ -6754,7 +6947,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 ]) AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -3944,7 +4407,7 @@ index 202ff04922..a327702bbd 100644 dnl - make sure only dst nat has been performed AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.240)], [0], [dnl -@@ -6812,14 +6905,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6812,14 +7005,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -3961,7 +4424,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -7347,7 +7440,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7347,7 +7540,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3970,7 +4433,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7407,7 +7500,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7407,7 +7600,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3979,7 +4442,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7467,7 +7560,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) +@@ -7467,7 +7660,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3988,7 +4451,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.200)], [0], [dnl -@@ -7527,7 +7620,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7527,7 +7720,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -3997,7 +4460,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7587,7 +7680,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7587,7 +7780,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4006,7 +4469,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.120.240)], [0], [dnl -@@ -7632,12 +7725,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +@@ -7632,12 +7825,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl HTTP requests from ns0->ns1 should work fine. OVS_START_L7([at_ns1], [http6]) @@ -4021,7 +4484,7 @@ index 202ff04922..a327702bbd 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7676,7 +7769,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] +@@ -7676,7 +7869,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http6]) @@ -4030,7 +4493,7 @@ index 202ff04922..a327702bbd 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::1)], [0], [dnl icmpv6,orig=(src=fc00::1,dst=fc00::240,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0),zone=1 -@@ -7826,7 +7919,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7826,7 +8019,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4039,7 +4502,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7887,7 +7980,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7887,7 +8080,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4048,7 +4511,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7947,7 +8040,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -7947,7 +8140,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4057,7 +4520,7 @@ index 202ff04922..a327702bbd 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -8090,7 +8183,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' +@@ -8090,7 +8283,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' dnl Should work with the virtual IP address through NAT for i in $(seq 1 50); do echo Request $i @@ -4066,7 +4529,7 @@ index 202ff04922..a327702bbd 100644 done dnl Each server should have at least one connection. -@@ -8386,6 +8479,7 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -8386,6 +8579,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - can match and clear ct_state from outside OVS]) @@ -4074,7 +4537,7 @@ index 202ff04922..a327702bbd 100644 CHECK_CONNTRACK_LOCAL_STACK() OVS_CHECK_GENEVE() -@@ -8396,6 +8490,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) +@@ -8396,6 +8590,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) @@ -4083,10 +4546,25 @@ index 202ff04922..a327702bbd 100644 dnl Set up underlay link from host into the namespace using veth pair. diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at -index d9b5b7e4c4..c1be973478 100644 +index d9b5b7e4c4..49b277a089 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at -@@ -357,3 +357,19 @@ m4_define([OVS_CHECK_BAREUDP], +@@ -298,6 +298,14 @@ AT_CHECK([ovs-appctl dpctl/ipf-get-status -m | FORMAT_FRAG_LIST()], [], [dnl + ]) + ]) + ++# OVS_CHECK_FRAG_LARGE() ++# ++# The userspace needs to check that ipf larger fragments have occurred. ++m4_define([OVS_CHECK_FRAG_LARGE], ++[ ++ OVS_WAIT_UNTIL([grep -Eq 'Unsupported big reassembled (v4|v6) packet' ovs-vswitchd.log]) ++]) ++ + # OVS_CHECK_MIN_KERNEL([minversion], [maxversion]) + # + # The userspace skips all tests that check kernel version. +@@ -357,3 +365,19 @@ m4_define([OVS_CHECK_BAREUDP], [ AT_SKIP_IF([:]) ]) @@ -4195,6 +4673,28 @@ index 99b1b02bf9..cf4e622014 100644 dnl Output to tunnel from the controller. AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out int-br CONTROLLER "debug_slow,output:2" "${packet}5"]) OVS_WAIT_UNTIL([test `ovs-pcap p0.pcap | grep -E "${encap}${packet}5" | wc -l` -ge 1]) +diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in +index 57abd3a5b4..1f9ce1e6e8 100644 +--- a/utilities/ovs-ctl.in ++++ b/utilities/ovs-ctl.in +@@ -245,12 +245,15 @@ start_ovs_ipsec () { + if test X$RESTART_IKE_DAEMON = Xno; then + no_restart="--no-restart-ike-daemon" + fi ++ if test X"$MONITOR" != Xno; then ++ monitor_arg="--monitor" ++ fi + + ${datadir}/scripts/ovs-monitor-ipsec \ + --pidfile=${rundir}/ovs-monitor-ipsec.pid \ + --ike-daemon=$IKE_DAEMON \ +- $no_restart \ +- --log-file --detach --monitor unix:${rundir}/db.sock || return 1 ++ $no_restart $monitor_arg \ ++ --log-file --detach unix:${rundir}/db.sock || return 1 + return 0 + } + diff --git a/utilities/ovs-vsctl.c b/utilities/ovs-vsctl.c index 495be35652..edef0f18ef 100644 --- a/utilities/ovs-vsctl.c diff --git a/SPECS/openvswitch3.4.spec b/SPECS/openvswitch3.4.spec index cc3033f..17f3093 100644 --- a/SPECS/openvswitch3.4.spec +++ b/SPECS/openvswitch3.4.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 3.4.0 -Release: 27%{?dist} +Release: 37%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -275,7 +275,7 @@ This package provides IPsec tunneling support for OVS tunnels. mv dpdk-*/ %{dpdkdir}/ %if %{apply_patch} -%patch0 -p1 +%patch -P0 -p1 %endif %build @@ -770,6 +770,66 @@ exit 0 %endif %changelog +* Mon Jan 20 2025 Open vSwitch CI - 3.4.0-37 +- Merging upstream branch-3.4 [RH git: 83fc0be6e7] + Commit list: + 318c1cd977 ofp-ct: Add missing struct declaration. + + +* Fri Jan 17 2025 Open vSwitch CI - 3.4.0-36 +- Merging upstream branch-3.4 [RH git: 763e1e5f2c] + Commit list: + 6022b55b62 docs: Add tunnel support to TSO GRE documentation. + + +* Thu Jan 16 2025 Open vSwitch CI - 3.4.0-35 +- Merging upstream branch-3.4 [RH git: 76f2ce3983] + Commit list: + 6c77226a92 rhel, debian: Add missing restart policy to ipsec service. + c93755a782 rhel, debian: Fix systemd monitoring wrong pid for ovs-monitor-ipsec. + + +* Wed Jan 15 2025 Open vSwitch CI - 3.4.0-34 +- Merging upstream branch-3.4 [RH git: 87fc234aa3] + Commit list: + 7aa5f4270f dpif-netdev: Modify code comments for function parse_tcp_flags. + 4727d139bd ipf: Fix the over-sized reassembly. + + +* Tue Jan 14 2025 Open vSwitch CI - 3.4.0-33 +- Merging upstream branch-3.4 [RH git: 83a4a02a37] + Commit list: + 8c2bf8bff9 debian: Let *-ctl handle runtime directory. + 29dddea095 debian: Use PIDFile with systemd. + 308b441a12 debian: Add X-Python3-Version stanza. + 860b6f9858 debian: Drop shlibs:Depends macro for -ipsec. + 9ac8b0fc0e debian: Drop python3:Depends macro for -vtep. + + +* Tue Jan 14 2025 Timothy Redaelli - 3.4.0-32 +- pkgtool: OVS_SHA_REF should not be mandatory [RH git: 8639c9d8a6] + + +* Fri Jan 10 2025 Open vSwitch CI - 3.4.0-31 +- Merging upstream branch-3.4 [RH git: 45195f5432] + Commit list: + 80cccfbdd3 ovsdb: Fix asan warning on ovsdb fatal errors. + + +* Thu Jan 09 2025 Timothy Redaelli - 3.4.0-30 +- pkgtool: escape %% in changelog [RH git: 575ff3c7cf] + + +* Thu Jan 09 2025 Timothy Redaelli - 3.4.0-29 +- template: use %%patch -P0 instead of %%patch0 [RH git: 6be4f8029a] + + +* Thu Jan 09 2025 Open vSwitch CI - 3.4.0-28 +- Merging upstream branch-3.4 [RH git: ae855601ab] + Commit list: + 034b40fbb8 netdev-tc-offloads: Don't offload header modification on ip fragments. (FDP-545) + + * Fri Dec 13 2024 Open vSwitch CI - 3.4.0-27 - Merging upstream branch-3.4 [RH git: 9cfbb9a33d] Commit list: