diff --git a/SOURCES/openvswitch-3.4.0.patch b/SOURCES/openvswitch-3.4.0.patch index 30f7934..139ffac 100644 --- a/SOURCES/openvswitch-3.4.0.patch +++ b/SOURCES/openvswitch-3.4.0.patch @@ -1628,10 +1628,52 @@ index 940c43c070..b7516257c5 100644 } diff --git a/lib/flow.c b/lib/flow.c -index 9be4375246..0eb34892f2 100644 +index 9be4375246..68d6731239 100644 --- a/lib/flow.c +++ b/lib/flow.c -@@ -1187,7 +1187,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) +@@ -402,6 +402,14 @@ parse_ethertype(const void **datap, size_t *sizep) + return htons(FLOW_DL_TYPE_NONE); + } + ++static inline bool ++icmp6_is_nd(const struct icmp6_data_header *icmp6) ++{ ++ return (icmp6->icmp6_base.icmp6_code == 0 && ++ (icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_SOLICIT || ++ icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_ADVERT)); ++} ++ + /* Returns 'true' if the packet is an ND packet. In that case the '*nd_target' + * and 'arp_buf[]' are filled in. If the packet is not an ND packet, 'false' + * is returned and no values are filled in on '*nd_target' or 'arp_buf[]'. */ +@@ -412,9 +420,7 @@ parse_icmpv6(const void **datap, size_t *sizep, + const union ovs_16aligned_in6_addr **nd_target, + struct eth_addr arp_buf[2], uint8_t *opt_type) + { +- if (icmp6->icmp6_base.icmp6_code != 0 || +- (icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_SOLICIT && +- icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_ADVERT)) { ++ if (!icmp6_is_nd(icmp6)) { + return false; + } + +@@ -1166,6 +1172,15 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) + } + } + } ++ } else if (ct_nw_proto_p && ++ (*ct_nw_proto_p == IPPROTO_TCP || ++ *ct_nw_proto_p == IPPROTO_UDP || ++ *ct_nw_proto_p == IPPROTO_SCTP || ++ *ct_nw_proto_p == IPPROTO_ICMP || ++ (*ct_nw_proto_p == IPPROTO_ICMPV6 && !icmp6_is_nd(data)))) { ++ miniflow_pad_from_64(mf, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_src, ct_tp_src); ++ miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst); + } + out: + dst->map = mf.map; +@@ -1187,7 +1202,7 @@ parse_dl_type(const void **datap, size_t *sizep, ovs_be16 *first_vlan_tci_p) * If 'packet' is not an Ethernet packet embedding TCP, returns 0. * 'dl_type_p' will be set only if the 'packet' is an Ethernet packet. * 'nw_frag_p' will be set only if the 'packet' is an IP packet. @@ -3701,7 +3743,7 @@ index 3d84a53182..03ec01270f 100644 OVS_TRAFFIC_VSWITCHD_STOP(["/.*ethtool command ETHTOOL_G.*/d"]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at -index 202ff04922..4553f919f9 100644 +index 202ff04922..6cb1a75b12 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -38,7 +38,7 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], @@ -4229,33 +4271,200 @@ index 202ff04922..4553f919f9 100644 dnl Send UDP packet on port 1 twice. AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) -@@ -4330,7 +4511,11 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING +@@ -4330,6 +4511,95 @@ NS_CHECK_EXEC([at_ns0], [ping -s 3200 -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING dnl Check userspace conntrack fragmentation counters. DPCTL_CHECK_FRAGMENTATION_PASS() --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv4 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping -s 65507 -q -c 1 -W 0.5 10.1.1.2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v4 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv4 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") ++ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,arp,action=normal ++priority=100,ip,ct_state=-trk,action=ct(table=0) ++priority=100,in_port=2,icmp,ct_state=+rpl,action=1 ++priority=100,in_port=1,ip,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=100,in_port=1,ip,ct_nw_proto=1,ct_tp_src=8,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl Total Length: 1420 ++dnl Identification: 0x0001 (1) ++dnl 001. .... = Flags: 0x1, More fragments ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..1. .... = More fragments: Set ++dnl ...0 0000 0000 0000 = Fragment Offset: 0 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1392 bytes) ++dnl Data (1392 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 05 8c 00 01 20 00 40 11 3f 5c 0a 01 01 01 0a 01 01 02" ++udp="00 01 00 02 06 48 dd 56" ++data_len=$(seq 1392) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv4 (0x0800) ++dnl Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.2 ++dnl 0100 .... = Version: 4 ++dnl .... 0101 = Header Length: 20 bytes (5) ++dnl Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) ++dnl 0000 00.. = Differentiated Services Codepoint: Default (0) ++dnl .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) ++dnl Total Length: 228 ++dnl Identification: 0x0001 (1) ++dnl 000. .... = Flags: 0x0 ++dnl 0... .... = Reserved bit: Not set ++dnl .0.. .... = Don't fragment: Not set ++dnl ..0. .... = More fragments: Not set ++dnl ...0 0000 1010 1111 = Fragment Offset: 1400 ++dnl Time to Live: 64 ++dnl Protocol: UDP (17) ++dnl Data (208 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 08 00" ++ip="45 00 00 e4 00 01 00 af 40 11 63 55 0a 01 01 01 0a 01 01 02" ++data_len=$(seq 208) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ip} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++NS_CHECK_EXEC([at_ns0], [ping -s 1600 -q -c 1 -W 1 10.1.1.2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sort], [0], [dnl ++icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ++udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv4 fragmentation expiry]) -@@ -4624,7 +4809,11 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -W 2 fc00::2 | FORMAT_PING +@@ -4624,6 +4894,96 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -W 2 fc00::2 | FORMAT_PING 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) --OVS_TRAFFIC_VSWITCHD_STOP +dnl Ipv6 max packet size fragmentation dropped. +NS_EXEC([at_ns0], [ping6 -s 65487 -q -c 1 -W 0.5 fc00::2]) +OVS_CHECK_FRAG_LARGE() + +OVS_TRAFFIC_VSWITCHD_STOP(["/Unsupported big reassembled v6 packet/d"]) ++AT_CLEANUP ++ ++AT_SETUP([conntrack - IPv6 fragmentation with ct orig match]) ++CHECK_CONNTRACK() ++OVS_TRAFFIC_VSWITCHD_START() ++ ++ADD_NAMESPACES(at_ns0, at_ns1) ++ ++ADD_VETH(p0, at_ns0, br0, "fc00::1/96", "50:54:00:00:00:09", [], "nodad") ++ADD_VETH(p1, at_ns1, br0, "fc00::2/96", "50:54:00:00:00:0a", [], "nodad") ++ ++AT_DATA([flows.txt], [dnl ++priority=1,action=drop ++priority=10,ipv6,ct_state=-trk,action=ct(table=0) ++priority=10,in_port=2,ipv6,ct_tp_src=128,ct_state=+trk+est+rpl,action=1 ++priority=10,in_port=1,ipv6,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,ct_state=+new+trk,action=ct(commit) ++priority=10,in_port=1,ipv6,ct_nw_proto=58,ct_tp_src=128,ct_tp_dst=0,ct_state=+new+trk,action=ct(commit),2 ++priority=100,icmp6,icmp_type=135,action=normal ++priority=100,icmp6,icmp_type=136,action=normal ++]) ++ ++AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) ++ ++dnl Packet content: ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 1344 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0000 0000 0... = Offset: 0 (0 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...1 = More Fragments: Yes ++dnl Identification: 0x9bdb1fa7 ++dnl User Datagram Protocol, Src Port: 1, Dst Port: 2 ++dnl Source Port: 1 ++dnl Destination Port: 2 ++dnl Length: 1608 ++dnl UDP payload (1328 bytes) ++dnl Data (1328 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 05 40 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 00 01 9b db 1f a7" ++udp="00 01 00 02 06 48 fb 56" ++data_len=$(seq 1328) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${udp} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl IPv6 Packet content ++dnl Ethernet II, Src: 50:54:00:00:00:0a, Dst: 50:54:00:00:00:09 ++dnl Type: IPv6 (0x86dd) ++dnl Internet Protocol Version 6, Src: fc00::1, Dst: fc00::2 ++dnl Payload Length: 280 ++dnl Next Header: Fragment Header for IPv6 (44) ++dnl Hop Limit: 64 ++dnl Fragment Header for IPv6 ++dnl Next header: UDP (17) ++dnl Reserved octet: 0x00 ++dnl 0000 0101 0011 1... = Offset: 167 (1336 bytes) ++dnl .... .... .... .00. = Reserved bits: 0 ++dnl .... .... .... ...0 = More Fragments: No ++dnl Identification: 0x9bdb1fa7 ++dnl Data (272 bytes) ++eth="50 54 00 00 00 09 50 54 00 00 00 0a 86 dd" ++ipv6="60 00 00 00 01 18 2c 40 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 \ ++ fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 11 00 05 38 9b db 1f a7" ++data_len=$(seq 272) ++data=$(printf '00 %.0s' ${data_len}) ++packet="${eth} ${ipv6} ${data}" ++NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 ${packet} > /dev/null]) ++ ++dnl Send also fragmented ICMPv6. ++NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 1 -W 1 fc00::2 | FORMAT_PING], [0], [dnl ++1 packets transmitted, 1 received, 0% packet loss, time 0ms ++]) ++ ++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2) | sort], [0], [dnl ++icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0) ++udp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=) ++]) ++ + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP - AT_SETUP([conntrack - IPv6 fragmentation expiry]) -@@ -5360,14 +5549,14 @@ OVS_START_L7([at_ns0], [http]) +@@ -5360,14 +5720,14 @@ OVS_START_L7([at_ns0], [http]) OVS_START_L7([at_ns1], [http]) dnl HTTP requests from ns0->ns1 should work fine. @@ -4272,7 +4481,7 @@ index 202ff04922..4553f919f9 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5401,7 +5590,7 @@ OVS_START_L7([at_ns0], [http6]) +@@ -5401,7 +5761,7 @@ OVS_START_L7([at_ns0], [http6]) OVS_START_L7([at_ns1], [http6]) dnl HTTP requests from ns0->ns1 should work fine. @@ -4281,7 +4490,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc00::2,dst=fc00::1,sport=,dport=),protoinfo=(state=) -@@ -5409,7 +5598,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc +@@ -5409,7 +5769,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=,dport=),reply=(src=fc dnl HTTP requests from ns1->ns0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4290,7 +4499,7 @@ index 202ff04922..4553f919f9 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -5447,19 +5636,21 @@ OVS_START_L7([at_ns1], [http]) +@@ -5447,19 +5807,21 @@ OVS_START_L7([at_ns1], [http]) OVS_START_L7([at_ns3], [http]) dnl HTTP requests from p0->p1 should work fine. @@ -4314,7 +4523,7 @@ index 202ff04922..4553f919f9 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5489,10 +5680,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5489,10 +5851,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -4328,7 +4537,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5505,10 +5696,12 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -5505,10 +5867,12 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - multi-stage pipeline, local]) @@ -4341,7 +4550,7 @@ index 202ff04922..4553f919f9 100644 ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) -@@ -5560,10 +5753,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl +@@ -5560,10 +5924,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl OVS_START_L7([at_ns0], [http]) dnl HTTP requests from root namespace to p0 should work fine. @@ -4354,7 +4563,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=1 -@@ -5812,7 +6005,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -5812,7 +6176,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4363,7 +4572,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([find -name index.html], [0], [dnl ./index.html -@@ -5879,12 +6072,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -5879,12 +6243,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4378,7 +4587,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5895,12 +6088,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -5895,12 +6259,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4393,7 +4602,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -5909,7 +6102,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -5909,7 +6273,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -4402,7 +4611,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -5919,7 +6112,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -5919,7 +6283,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -4411,7 +4620,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -5985,12 +6178,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) +@@ -5985,12 +6349,12 @@ OVS_START_L7([at_ns1], [ftp], [11111]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4426,7 +4635,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -6001,12 +6194,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +@@ -6001,12 +6365,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4441,7 +4650,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=) -@@ -6015,7 +6208,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -6015,7 +6379,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -4450,7 +4659,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp ]) -@@ -6025,7 +6218,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +@@ -6025,7 +6389,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. @@ -4459,7 +4668,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=) ]) -@@ -6060,7 +6253,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) +@@ -6060,7 +6424,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4468,7 +4677,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),protoinfo=(state=),helper=ftp -@@ -6121,7 +6314,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -6121,7 +6485,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4477,7 +4686,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6180,7 +6373,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -6180,7 +6544,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP passive requests from p0->p1 should work fine. @@ -4486,7 +4695,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -6230,12 +6423,12 @@ OVS_START_L7([at_ns1], [ftp]) +@@ -6230,12 +6594,12 @@ OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p1->p0 should fail due to network failure. dnl Try 3 times, in 1 second intervals. @@ -4501,7 +4710,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=2,protoinfo=(state=),helper=ftp -@@ -6246,7 +6439,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= +@@ -6246,7 +6610,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src= AT_CHECK([ovs-appctl dpctl/flush-conntrack]) dnl Passive FTP requests from p0->p1 should work fine. @@ -4510,7 +4719,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=),helper=ftp -@@ -6370,7 +6563,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6370,7 +6734,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -4519,7 +4728,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6460,7 +6653,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6460,7 +6824,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -4528,7 +4737,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6567,7 +6760,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [d +@@ -6567,7 +6931,7 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [d tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.240,sport=,dport=),zone=1,protoinfo=(state=) ]) @@ -4537,7 +4746,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.240,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6622,7 +6815,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6622,7 +6986,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl HTTP requests from p0->p1 should work fine. OVS_START_L7([at_ns1], [http]) @@ -4546,7 +4755,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6716,14 +6909,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6716,14 +7080,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -4563,7 +4772,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -6754,7 +6947,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 +@@ -6754,7 +7118,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2 ]) AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) @@ -4572,7 +4781,7 @@ index 202ff04922..4553f919f9 100644 dnl - make sure only dst nat has been performed AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.240)], [0], [dnl -@@ -6812,14 +7005,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) +@@ -6812,14 +7176,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http]) @@ -4589,7 +4798,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=1,protoinfo=(state=) -@@ -7347,7 +7540,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7347,7 +7711,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4598,7 +4807,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7407,7 +7600,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7407,7 +7771,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4607,7 +4816,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7467,7 +7660,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) +@@ -7467,7 +7831,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4616,7 +4825,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.200)], [0], [dnl -@@ -7527,7 +7720,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) +@@ -7527,7 +7891,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4625,7 +4834,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -@@ -7587,7 +7780,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +@@ -7587,7 +7951,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4634,7 +4843,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.120.240)], [0], [dnl -@@ -7632,12 +7825,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) +@@ -7632,12 +7996,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) dnl HTTP requests from ns0->ns1 should work fine. OVS_START_L7([at_ns1], [http6]) @@ -4649,7 +4858,7 @@ index 202ff04922..4553f919f9 100644 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP -@@ -7676,7 +7869,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] +@@ -7676,7 +8040,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0] dnl Should work with the virtual IP address through NAT OVS_START_L7([at_ns1], [http6]) @@ -4658,7 +4867,7 @@ index 202ff04922..4553f919f9 100644 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::1)], [0], [dnl icmpv6,orig=(src=fc00::1,dst=fc00::240,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0),zone=1 -@@ -7826,7 +8019,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7826,7 +8190,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4667,7 +4876,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7887,7 +8080,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) +@@ -7887,7 +8251,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4676,7 +4885,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -7947,7 +8140,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) +@@ -7947,7 +8311,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid]) OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp]) dnl FTP requests from p0->p1 should work fine. @@ -4685,7 +4894,7 @@ index 202ff04922..4553f919f9 100644 dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl -@@ -8090,7 +8283,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' +@@ -8090,7 +8454,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0' dnl Should work with the virtual IP address through NAT for i in $(seq 1 50); do echo Request $i @@ -4694,7 +4903,7 @@ index 202ff04922..4553f919f9 100644 done dnl Each server should have at least one connection. -@@ -8386,6 +8579,7 @@ OVS_TRAFFIC_VSWITCHD_STOP +@@ -8386,6 +8750,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - can match and clear ct_state from outside OVS]) @@ -4702,7 +4911,7 @@ index 202ff04922..4553f919f9 100644 CHECK_CONNTRACK_LOCAL_STACK() OVS_CHECK_GENEVE() -@@ -8396,6 +8590,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) +@@ -8396,6 +8761,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) diff --git a/SPECS/openvswitch3.4.spec b/SPECS/openvswitch3.4.spec index 54d205d..a47d846 100644 --- a/SPECS/openvswitch3.4.spec +++ b/SPECS/openvswitch3.4.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 3.4.0 -Release: 45%{?dist} +Release: 46%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -770,6 +770,12 @@ exit 0 %endif %changelog +* Thu Feb 13 2025 Open vSwitch CI - 3.4.0-46 +- Merging upstream branch-3.4 [RH git: af23459b2a] + Commit list: + 4925ac2296 miniflow_extract: Push ct_tp_{src, dst} for later frags. (FDP-124) + + * Wed Feb 12 2025 Open vSwitch CI - 3.4.0-45 - Merging upstream branch-3.4 [RH git: 57d3e153cf] Commit list: