diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch index c6cd9e2..bcead91 100644 --- a/SOURCES/openvswitch-3.3.0.patch +++ b/SOURCES/openvswitch-3.3.0.patch @@ -2368,10 +2368,24 @@ index 5788294ae0..f7035333e6 100644 } diff --git a/lib/flow.c b/lib/flow.c -index 8e3402388c..0eb34892f2 100644 +index 8e3402388c..68d6731239 100644 --- a/lib/flow.c +++ b/lib/flow.c -@@ -408,7 +408,8 @@ parse_ethertype(const void **datap, size_t *sizep) +@@ -402,18 +402,25 @@ parse_ethertype(const void **datap, size_t *sizep) + return htons(FLOW_DL_TYPE_NONE); + } + ++static inline bool ++icmp6_is_nd(const struct icmp6_data_header *icmp6) ++{ ++ return (icmp6->icmp6_base.icmp6_code == 0 && ++ (icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_SOLICIT || ++ icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_ADVERT)); ++} ++ + /* Returns 'true' if the packet is an ND packet. In that case the '*nd_target' + * and 'arp_buf[]' are filled in. If the packet is not an ND packet, 'false' + * is returned and no values are filled in on '*nd_target' or 'arp_buf[]'. */ static inline bool parse_icmpv6(const void **datap, size_t *sizep, const struct icmp6_data_header *icmp6, @@ -2380,8 +2394,14 @@ index 8e3402388c..0eb34892f2 100644 + const union ovs_16aligned_in6_addr **nd_target, struct eth_addr arp_buf[2], uint8_t *opt_type) { - if (icmp6->icmp6_base.icmp6_code != 0 || -@@ -1117,7 +1118,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) +- if (icmp6->icmp6_base.icmp6_code != 0 || +- (icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_SOLICIT && +- icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_ADVERT)) { ++ if (!icmp6_is_nd(icmp6)) { + return false; + } + +@@ -1117,7 +1124,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) } } else if (OVS_LIKELY(nw_proto == IPPROTO_ICMPV6)) { if (OVS_LIKELY(size >= sizeof(struct icmp6_data_header))) { @@ -2390,7 +2410,23 @@ index 8e3402388c..0eb34892f2 100644 struct eth_addr arp_buf[2]; /* This will populate whether we received Option 1 * or Option 2. */ -@@ -1186,7 +1187,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) +@@ -1165,6 +1172,15 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) + } + } + } ++ } else if (ct_nw_proto_p && ++ (*ct_nw_proto_p == IPPROTO_TCP || ++ *ct_nw_proto_p == IPPROTO_UDP || ++ *ct_nw_proto_p == IPPROTO_SCTP || ++ *ct_nw_proto_p == IPPROTO_ICMP || ++ (*ct_nw_proto_p == IPPROTO_ICMPV6 && !icmp6_is_nd(data)))) { ++ miniflow_pad_from_64(mf, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_src, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst); + } + out: + dst->map = mf.map; +@@ -1186,7 +1202,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) * If 'packet' is not an Ethernet packet embedding TCP, returns 0. * 'dl_type_p' will be set only if the 'packet' is an Ethernet packet. * 'nw_frag_p' will be set only if the 'packet' is an IP packet. @@ -2399,7 +2435,7 @@ index 8e3402388c..0eb34892f2 100644 * * The caller must ensure that 'packet' is at least ETH_HEADER_LEN bytes * long.'*/ -@@ -3420,6 +3421,24 @@ flow_compose(struct dp_packet *p, const struct flow *flow, +@@ -3420,6 +3436,24 @@ flow_compose(struct dp_packet *p, const struct flow *flow, arp->ar_sha = flow->arp_sha; arp->ar_tha = flow->arp_tha; } @@ -8344,7 +8380,7 @@ index 3d84a53182..03ec01270f 100644 OVS_TRAFFIC_VSWITCHD_STOP(["/.*ethtool command ETHTOOL_G.*/d"]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index 98e494abf4..e79f55c13f 100644 +index 98e494abf4..3312e3d929 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -38,7 +38,7 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], @@ -8629,17 +8665,17 @@ index 98e494abf4..e79f55c13f 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) -+ -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8847 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) @@ -8711,17 +8747,17 @@ index 98e494abf4..e79f55c13f 100644 +dnl p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT')], [0], [ignore]) ++ ++dnl Check the expected mpls encapsulated packet on the egress interface. ++m4_define([MPLS_HEADER], [m4_join([,], ++ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], ++ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -dnl Check the expected mpls encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *0000 *0000 *0002 *0000 *0000 *0001 *8848 *0000" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0010: *2140 *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0020: *4500 *0054 *0344 *4000 *4001 *2161 *0a01 *0101" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0a01 *0102 *0800 *efac *7ce4 *0003 *5b2c *1f61" 2>&1 1>/dev/null]) -+dnl Check the expected mpls encapsulated packet on the egress interface. -+m4_define([MPLS_HEADER], [m4_join([,], -+ [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8848], -+ [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) -+ +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q "m4_join([], [^], + $(ovs-ofctl compose-packet --bare 'MPLS_HEADER'), + $(ovs-ofctl compose-packet --bare 'ICMP_PKT'), [\$])"]) @@ -8787,6 +8823,12 @@ index 98e494abf4..e79f55c13f 100644 +m4_define([MPLS_HEADER], [m4_join([,], + [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], + [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ ++m4_define([ICMP_PKT], [m4_join([,], ++ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], ++ [nw_src=10.1.1.1,nw_dst=10.1.1.2], ++ [nw_proto=1,nw_ttl=64,nw_frag=no], ++ [icmp_type=8,icmp_code=0])]) -dnl Check the expected decapsulated on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) @@ -8796,19 +8838,13 @@ index 98e494abf4..e79f55c13f 100644 -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0060: *3637" 2>&1 1>/dev/null]) -+m4_define([ICMP_PKT], [m4_join([,], -+ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], -+ [nw_src=10.1.1.1,nw_dst=10.1.1.2], -+ [nw_proto=1,nw_ttl=64,nw_frag=no], -+ [icmp_type=8,icmp_code=0])]) - +dnl The packet is an eth/mpls/eth/ip/icmp sent from p0(at_ns0) interface +dnl directed to p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + "$(ovs-ofctl compose-packet --bare 'MPLS_HEADER')" \ + "$(ovs-ofctl compose-packet --bare 'ICMP_PKT')"], + [0], [ignore]) -+ + +dnl Check the expected decapsulated on the egress interface. +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q \ + "^$(ovs-ofctl compose-packet --bare 'ICMP_PKT')\$"]) @@ -8833,6 +8869,12 @@ index 98e494abf4..e79f55c13f 100644 +m4_define([MPLS_HEADER], [m4_join([,], + [eth_src=00:00:00:00:00:01,eth_dst=00:00:00:00:00:02,eth_type=0x8847], + [mpls_label=2,mpls_ttl=64,mpls_bos=1])]) ++ ++m4_define([ICMP_PKT], [m4_join([,], ++ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], ++ [nw_src=10.1.1.1,nw_dst=10.1.1.2], ++ [nw_proto=1,nw_ttl=64,nw_frag=no], ++ [icmp_type=8,icmp_code=0])]) -dnl Check the expected decapsulated on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *36b1 *ee7c *0102 *36b1 *ee7c *0103 *0800 *4500" 2>&1 1>/dev/null]) @@ -8842,19 +8884,13 @@ index 98e494abf4..e79f55c13f 100644 -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0040: *1617 *1819 *1a1b *1c1d *1e1f *2021 *2223 *2425" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0050: *2627 *2829 *2a2b *2c2d *2e2f *3031 *3233 *3435" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0060: *3637" 2>&1 1>/dev/null]) -+m4_define([ICMP_PKT], [m4_join([,], -+ [eth_src=36:b1:ee:7c:01:03,eth_dst=36:b1:ee:7c:01:02,eth_type=0x0800], -+ [nw_src=10.1.1.1,nw_dst=10.1.1.2], -+ [nw_proto=1,nw_ttl=64,nw_frag=no], -+ [icmp_type=8,icmp_code=0])]) - +dnl The packet is an eth/mpls/eth/ip/icmp sent from p0(at_ns0) interface +dnl directed to p1(at_ns1) interface. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + "$(ovs-ofctl compose-packet --bare 'MPLS_HEADER')" \ + "$(ovs-ofctl compose-packet --bare 'ICMP_PKT')"], + [0], [ignore]) -+ + +dnl Check the expected decapsulated on the egress interface. +OVS_WAIT_UNTIL([ovs-pcap p1.pcap | grep -q \ + "^$(ovs-ofctl compose-packet --bare 'ICMP_PKT')\$"]) @@ -9102,33 +9138,200 @@ index 98e494abf4..e79f55c13f 100644 dnl Send UDP packet on port 1 twice. AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4200,7 +4360,11 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING +@@ -4200,6 +4360,95 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING dnl Check userspace conntrack fragmentation counters. DPCTL_CHECK_FRAGMENTATION_PASS() --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv4 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping -s 65507 -q -c 1 -W 0.5 10.1.1.2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v4 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv4 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") ++ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,arp,action=normal ++priority=100,ip,ct_state=-trk,action=ct(table=0) ++priority=100,in_port=2,icmp,ct_state=+rpl,action=1 ++priority=100,in_port=1,ip,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=100,in_port=1,ip,ct_nw_proto=1,ct_tp_src=8,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl Total Length: 1420 ++dnl Identification: 0x0001 (1) ++dnl 001. .... = Flags: 0x1, More fragments ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..1. .... = More fragments: Set ++dnl ...0 0000 0000 0000 = Fragment Offset: 0 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1392 bytes) ++dnl Data (1392 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 05 8c 00 01 20 00 40 11 3f 5c 0a 01 01 01 0a 01 01 02" ++udp="00 01 00 02 06 48 dd 56" ++data_len=$(seq 1392) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl 0100 .... = Version: 4 ++dnl .... 0101 = Header Length: 20 bytes (5) ++dnl Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) ++dnl 0000 00.. = Differentiated Services Codepoint: Default (0) ++dnl .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) ++dnl Total Length: 228 ++dnl Identification: 0x0001 (1) ++dnl 000. .... = Flags: 0x0 ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..0. .... = More fragments: Not set ++dnl ...0 0000 1010 1111 = Fragment Offset: 1400 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl Data (208 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 00 e4 00 01 00 af 40 11 63 55 0a 01 01 01 0a 01 01 02" ++data_len=$(seq 208) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -W 1 10.1.1.2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sort], [0], [dnl ++icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ++udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv4 fragmentation expiry]) -@@ -4494,7 +4658,11 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -W 2 fc00::2 | FORMAT_PING +@@ -4494,6 +4743,96 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -W 2 fc00::2 | FORMAT_PING 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv6 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping6 -s 65487 -q -c 1 -W 0.5 fc00::2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v6 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv6 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "fc00::1/96", "50:54:00:00:00:09", [], "nodad") ++ADD_VETH(p1, at_ns1, br0, "fc00::2/96", "50:54:00:00:00:0a", [], "nodad") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,ipv6,ct_state=-trk,action=ct(table=0) ++priority=10,in_port=2,ipv6,ct_tp_src=128,ct_state=+trk+est+rpl,action=1 ++priority=10,in_port=1,ipv6,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=10,in_port=1,ipv6,ct_nw_proto=58,ct_tp_src=128,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++priority=100,icmp6,icmp_type=135,action=normal ++priority=100,icmp6,icmp_type=136,action=normal ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 1344 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0000 0000 0... = Offset: 0 (0 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...1 = More Fragments: Yes ++dnl Identification: 0x9bdb1fa7 ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1328 bytes) ++dnl Data (1328 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 05 40 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 00 01 9b db 1f a7" ++udp="00 01 00 02 06 48 fb 56" ++data_len=$(seq 1328) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl IPv6 Packet content ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 280 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0101 0011 1... = Offset: 167 (1336 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...0 = More Fragments: No ++dnl Identification: 0x9bdb1fa7 ++dnl Data (272 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 01 18 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 05 38 9b db 1f a7" ++data_len=$(seq 272) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Send also fragmented ICMPv6. ++NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 1 -W 1 fc00::2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2) | sort], [0], [dnl ++icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0) ++udp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv6 fragmentation expiry]) -@@ -5230,14 +5398,14 @@ OVS_START_L7([at_ns0], [http]) +@@ -5230,14 +5569,14 @@ OVS_START_L7([at_ns0], [http]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from ns0->ns1 should work fine. @@ -9145,7 +9348,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5271,7 +5439,7 @@ OVS_START_L7([at_ns0], [http6]) +@@ -5271,7 +5610,7 @@ OVS_START_L7([at_ns0], [http6]) OVS_START_L7([at_ns1], [http6]) dnl HTTP requests from ns0->ns1 should work fine. @@ -9154,7 +9357,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=),protoinfo=(state=) -@@ -5279,7 +5447,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc +@@ -5279,7 +5618,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc dnl HTTP requests from ns1->ns0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9163,7 +9366,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5317,19 +5485,21 @@ OVS_START_L7([at_ns1], [http]) +@@ -5317,19 +5656,21 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -9187,7 +9390,7 @@ index 98e494abf4..e79f55c13f 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5359,10 +5529,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5359,10 +5700,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -9201,7 +9404,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5375,10 +5545,12 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -5375,10 +5716,12 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - multi-stage pipeline, local]) @@ -9214,7 +9417,7 @@ index 98e494abf4..e79f55c13f 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5430,10 +5602,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5430,10 +5773,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -9227,7 +9430,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5682,7 +5854,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -5682,7 +6025,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9236,7 +9439,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([find -name index.html], [0], [dnl ./index.html -@@ -5749,12 +5921,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -5749,12 +6092,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9251,7 +9454,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5765,12 +5937,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -5765,12 +6108,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9266,7 +9469,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -5779,7 +5951,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -5779,7 +6122,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -9275,7 +9478,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5789,7 +5961,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -5789,7 +6132,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -9284,7 +9487,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -5855,12 +6027,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) +@@ -5855,12 +6198,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9299,7 +9502,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5871,12 +6043,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -5871,12 +6214,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9314,7 +9517,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -5885,7 +6057,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -5885,7 +6228,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -9323,7 +9526,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5895,7 +6067,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -5895,7 +6238,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -9332,7 +9535,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -5930,7 +6102,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) +@@ -5930,7 +6273,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9341,7 +9544,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp -@@ -5991,7 +6163,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -5991,7 +6334,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9350,7 +9553,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6050,7 +6222,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -6050,7 +6393,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP passive requests from p0->p1 should work fine. @@ -9359,7 +9562,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6100,12 +6272,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -6100,12 +6443,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -9374,7 +9577,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=2,protoinfo=(state=),helper=ftp -@@ -6116,7 +6288,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -6116,7 +6459,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -9383,7 +9586,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp -@@ -6240,7 +6412,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6240,7 +6583,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -9392,7 +9595,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6330,7 +6502,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6330,7 +6673,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -9401,7 +9604,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6397,11 +6569,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) +@@ -6397,11 +6740,11 @@ ADD_NAMESPACES(at_ns0, at_ns1) ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address 80:88:88:88:88:88]) ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") @@ -9415,7 +9618,7 @@ index 98e494abf4..e79f55c13f 100644 in_port=2,ct_state=-trk,tcp,tp_dst=34568,action=ct(table=0,zone=1,nat) in_port=2,ct_state=+trk,ct_zone=1,tcp,action=1 dnl -@@ -6425,17 +6597,28 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6425,17 +6768,28 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -9449,7 +9652,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CLEANUP AT_SETUP([conntrack - more complex SNAT]) -@@ -6481,7 +6664,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6481,7 +6835,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -9458,7 +9661,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6575,14 +6758,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6575,14 +6929,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -9475,7 +9678,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6613,7 +6796,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 +@@ -6613,7 +6967,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 ]) AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -9484,7 +9687,7 @@ index 98e494abf4..e79f55c13f 100644 dnl - make sure only dst nat has been performed AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.240)], [0], [dnl -@@ -6671,14 +6854,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6671,14 +7025,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -9501,7 +9704,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -7206,7 +7389,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7206,7 +7560,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9510,7 +9713,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7266,7 +7449,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7266,7 +7620,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9519,7 +9722,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7326,7 +7509,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) +@@ -7326,7 +7680,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9528,7 +9731,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.200)], [0], [dnl -@@ -7386,7 +7569,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7386,7 +7740,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9537,7 +9740,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7446,7 +7629,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7446,7 +7800,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9546,7 +9749,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.120.240)], [0], [dnl -@@ -7491,12 +7674,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +@@ -7491,12 +7845,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl HTTP requests from ns0->ns1 should work fine. OVS_START_L7([at_ns1], [http6]) @@ -9561,7 +9764,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7535,7 +7718,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] +@@ -7535,7 +7889,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http6]) @@ -9570,7 +9773,7 @@ index 98e494abf4..e79f55c13f 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::1)], [0], [dnl icmpv6,orig=(src=fc00::1,dst=fc00::240,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0),zone=1 -@@ -7685,7 +7868,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7685,7 +8039,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9579,7 +9782,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7746,7 +7929,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7746,7 +8100,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9588,7 +9791,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7806,7 +7989,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -7806,7 +8160,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -9597,7 +9800,7 @@ index 98e494abf4..e79f55c13f 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7949,7 +8132,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' +@@ -7949,7 +8303,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' dnl Should work with the virtual IP address through NAT for i in $(seq 1 50); do echo Request $i @@ -9606,7 +9809,7 @@ index 98e494abf4..e79f55c13f 100644 done dnl Each server should have at least one connection. -@@ -8215,10 +8398,18 @@ table=2,priority=10 ct_state=+trk+est action=drop +@@ -8215,10 +8569,18 @@ table=2,priority=10 ct_state=+trk+est action=drop AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -9617,18 +9820,18 @@ index 98e494abf4..e79f55c13f 100644 + [nw_src=10.1.1.1,nw_dst=10.1.1.2], + [nw_proto=1,nw_ttl=64,nw_frag=no], + [icmp_type=8,icmp_code=0])]) -+ + +-NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 1c 00 01 00 00 40 01 64 dc 0a 01 01 01 0a 01 01 02 08 00 f7 ff ff ff ff ff > /dev/null]) +# Sending ICMP packets, first and second. +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT' '')], [0], [ignore]) - --NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 1c 00 01 00 00 40 01 64 dc 0a 01 01 01 0a 01 01 02 08 00 f7 ff ff ff ff ff > /dev/null]) ++ +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ + $(ovs-ofctl compose-packet --bare 'ICMP_PKT' '')], [0], [ignore]) sleep 1 -@@ -8237,6 +8428,7 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -8237,6 +8599,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - can match and clear ct_state from outside OVS]) @@ -9636,7 +9839,7 @@ index 98e494abf4..e79f55c13f 100644 CHECK_CONNTRACK_LOCAL_STACK() OVS_CHECK_GENEVE() -@@ -8247,6 +8439,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) +@@ -8247,6 +8610,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) @@ -9644,7 +9847,7 @@ index 98e494abf4..e79f55c13f 100644 ADD_NAMESPACES(at_ns0) dnl Set up underlay link from host into the namespace using veth pair. -@@ -8389,6 +8582,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl +@@ -8389,6 +8753,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP @@ -9698,7 +9901,7 @@ index 98e494abf4..e79f55c13f 100644 AT_BANNER([IGMP]) AT_SETUP([IGMP - flood under normal action]) -@@ -8724,21 +8964,29 @@ dnl The flow will encap a nsh header to the TCP syn packet +@@ -8724,21 +9135,29 @@ dnl The flow will encap a nsh header to the TCP syn packet dnl eth/ip/tcp --> OVS --> eth/nsh/eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,ip,actions=encap(nsh(md_type=1)),set_field:0x1234->nsh_spi,set_field:0x11223344->nsh_c1,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -9717,11 +9920,6 @@ index 98e494abf4..e79f55c13f 100644 + [nw_src=192.168.0.10,nw_dst=10.0.0.10], + [nw_proto=6,nw_ttl=64,nw_frag=no], + [tcp_src=1024,tcp_dst=2048,tcp_flags=syn])]) -+ -+dnl Send the TCP SYN packet from p0(at_ns0) interface directed to -+dnl p1(at_ns1) interface. -+NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ -+ $(ovs-ofctl compose-packet --bare 'TCP_SYN_PKT')], [0], [ignore]) -dnl Check the expected nsh encapsulated packet on the egress interface -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *f2ff *0000 *0002 *f2ff *0000 *0001 *894f *0fc6" 2>&1 1>/dev/null]) @@ -9730,6 +9928,11 @@ index 98e494abf4..e79f55c13f 100644 -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0001 *0800 *4500 *0028 *0001 *0000 *4006 *b013" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0040: *c0a8 *000a *0a00 *000a *0400 *0800 *0000 *00c8" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0050: *0000 *0000 *5002 *2000 *b85e *0000" 2>&1 1>/dev/null]) ++dnl Send the TCP SYN packet from p0(at_ns0) interface directed to ++dnl p1(at_ns1) interface. ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ ++ $(ovs-ofctl compose-packet --bare 'TCP_SYN_PKT')], [0], [ignore]) ++ +m4_define([NSH_HEADER], [m4_join([,], + [eth_src=f2:ff:00:00:00:01,eth_dst=f2:ff:00:00:00:02,eth_type=0x894f], + [nsh_ttl=63,nsh_np=3,nsh_spi=0x1234,nsh_si=255], @@ -9741,7 +9944,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8756,19 +9004,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet +@@ -8756,19 +9175,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet dnl eth/nsh/eth/ip/tcp --> OVS --> eth/ip/tcp AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f, actions=decap(),decap(), ovs-p1"]) @@ -9783,7 +9986,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8788,22 +9048,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, +@@ -8788,22 +9219,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4, dnl nsh_ttl=7 and change the md1 context AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x03,actions=decap(),decap(),encap(nsh(md_type=1)),set_field:0x07->nsh_ttl,set_field:0x0101->nsh_spi,set_field:0x04->nsh_si,set_field:0x100f0e0d->nsh_c1,set_field:0x0c0b0a09->nsh_c2,set_field:0x08070605->nsh_c3,set_field:0x04030201->nsh_c4,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"]) @@ -9808,14 +10011,6 @@ index 98e494abf4..e79f55c13f 100644 + [eth_src=f2:ff:00:00:00:01,eth_dst=f2:ff:00:00:00:02,eth_type=0x894f], + [nsh_ttl=8,nsh_np=3,nsh_spi=0x100,nsh_si=3,nsh_mdtype=1], + [nsh_c1=0x01020304,nsh_c2=0x05060708,nsh_c3=0x090a0b0c,nsh_c4=0x0d0e0f10])]) -+ -+dnl Send the NSH packet with TCP SYN payload from p0(at_ns0) interface directed -+dnl to p1(at_ns1) interface. -+dnl The nsh_ttl is 8, nsh_spi is 0x100 and nsh_si is 3. -+NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ -+ "$(ovs-ofctl compose-packet --bare 'NSH_HEADER_1')" \ -+ "$(ovs-ofctl compose-packet --bare 'TCP_SYN_PKT')"], -+ [0], [ignore]) -dnl Check the expected NSH packet with new fields in the header -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0000: *f2ff *0000 *0002 *f2ff *0000* 0001 *894f *01c6" 2>&1 1>/dev/null]) @@ -9824,6 +10019,14 @@ index 98e494abf4..e79f55c13f 100644 -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0030: *0001 *0800 *4500 *0028 *0001 *0000 *4006 *b013" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0040: *c0a8 *000a *0a00 *000a *0400 *0800 *0000 *00c8" 2>&1 1>/dev/null]) -OVS_WAIT_UNTIL([cat p1.pcap | grep -E "0x0050: *0000 *0000 *5002 *2000 *b85e *0000" 2>&1 1>/dev/null]) ++dnl Send the NSH packet with TCP SYN payload from p0(at_ns0) interface directed ++dnl to p1(at_ns1) interface. ++dnl The nsh_ttl is 8, nsh_spi is 0x100 and nsh_si is 3. ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \ ++ "$(ovs-ofctl compose-packet --bare 'NSH_HEADER_1')" \ ++ "$(ovs-ofctl compose-packet --bare 'TCP_SYN_PKT')"], ++ [0], [ignore]) ++ +m4_define([NSH_HEADER_2], [m4_join([,], + [eth_src=f2:ff:00:00:00:01,eth_dst=f2:ff:00:00:00:02,eth_type=0x894f], + [nsh_ttl=7,nsh_np=3,nsh_spi=0x101,nsh_si=4,nsh_mdtype=1], @@ -9836,7 +10039,7 @@ index 98e494abf4..e79f55c13f 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -8824,31 +9100,50 @@ dnl packet to to at_ns2. +@@ -8824,31 +9271,50 @@ dnl packet to to at_ns2. AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x02,actions=ovs-p1"]) AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x01,actions=ovs-p2"]) diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec index 0b5b37c..7e0a0a6 100644 --- a/SPECS/openvswitch3.3.spec +++ b/SPECS/openvswitch3.3.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 3.3.0 -Release: 38%{?dist} +Release: 39%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -769,6 +769,12 @@ exit 0 %endif %changelog +* Thu Feb 13 2025 Open vSwitch CI - 3.3.0-39 +- Merging upstream branch-3.3 [RH git: 2d50482dd3] + Commit list: + a735a13827 miniflow_extract: Push ct_tp_{src, dst} for later frags. (FDP-124) + + * Wed Feb 12 2025 Open vSwitch CI - 3.3.0-38 - Merging upstream branch-3.3 [RH git: 8e7500af23] Commit list: