We can't downgrade to OF1.0 and expect inconsistent CT actions
be silently disgarded. Instead, datapath flow install fails, so
it is better to flag inconsistent CT actions as hard errors.
Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
lib/ofp-actions.c | 7 +++++--
tests/ofproto-dpif.at | 40 ++++++++++++++++++++--------------------
tests/ovs-ofctl.at | 46 +++++++++++++++++++++++-----------------------
3 files changed, 48 insertions(+), 45 deletions(-)
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index f896f98..19e47fb 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -7033,7 +7033,10 @@ ofpact_check__(enum ofputil_protocol *usable_protocols,
struct ofpact *a,
if (!dl_type_is_ip_any(flow->dl_type)
|| (flow->ct_state & CS_INVALID && oc->flags & NX_CT_F_COMMIT)
|| (oc->alg == IPPORT_FTP && flow->nw_proto != IPPROTO_TCP)) {
- inconsistent_match(usable_protocols);
+ /* We can't downgrade to OF1.0 and expect inconsistent CT actions
+ * be silently disgarded. Instead, datapath flow install fails, so
+ * it is better to flag inconsistent CT actions as hard errors. */
+ return OFPERR_OFPBAC_MATCH_INCONSISTENT;
}
if (oc->zone_src.field) {
@@ -7052,7 +7055,7 @@ ofpact_check__(enum ofputil_protocol *usable_protocols,
struct ofpact *a,
(on->range_af == AF_INET && flow->dl_type != htons(ETH_TYPE_IP)) ||
(on->range_af == AF_INET6
&& flow->dl_type != htons(ETH_TYPE_IPV6))) {
- inconsistent_match(usable_protocols);
+ return OFPERR_OFPBAC_MATCH_INCONSISTENT;
}
return 0;
}
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index e2b983f..7b5972d 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -8396,7 +8396,7 @@ add_of_ports br0 1 2
AT_CHECK([ovs-appctl vlog/set dpif_netdev:dbg vconn:info ofproto_dpif:info])
AT_DATA([flows.txt], [dnl
-ct_state=-trk,action=ct(table=0,zone=0)
+ipv6,ct_state=-trk,action=ct(table=0,zone=0)
ct_state=+trk,action=controller
])
@@ -8407,14 +8407,14 @@ AT_CHECK([ovs-ofctl monitor br0 65534 invalid_ttl -P
nxt_packet_in --detach --no
AT_CHECK([ovs-appctl time/stop])
-AT_CHECK([ovs-appctl netdev-dummy/receive p2
'eth(src=80:88:88:88:88:88,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=192.168.0.1,tip=192.168.0.2,op=1,sha=50:54:00:00:00:05,tha=00:00:00:00:00:00)'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p2
'0060970769ea0000860580da86dd6000000000203afffe80000000000000020086fffe0580dafe80000000000000026097fffe0769ea870068bd00000000fe80000000000000026097fffe0769ea01010000860580da'])
OVS_WAIT_UNTIL([test `wc -l < ofctl_monitor.log` -ge 1])
OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl exit])
AT_CHECK([cat ofctl_monitor.log], [0], [dnl
-NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 ct_state=inv|trk,in_port=2
(via action) data_len=42 (unbuffered)
-arp,vlan_tci=0x0000,dl_src=80:88:88:88:88:88,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=192.168.0.1,arp_tpa=192.168.0.2,arp_op=1,arp_sha=50:54:00:00:00:05,arp_tha=00:00:00:00:00:00
+NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=86 ct_state=inv|trk,in_port=2
(via action) data_len=86 (unbuffered)
+icmp6,vlan_tci=0x0000,dl_src=00:00:86:05:80:da,dl_dst=00:60:97:07:69:ea,ipv6_src=fe80::200:86ff:fe05:80da,ipv6_dst=fe80::260:97ff:fe07:69ea,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=255,icmp_type=135,icmp_code=0,nd_target=fe80::260:97ff:fe07:69ea,nd_sll=00:00:86:05:80:da,nd_tll=00:00:00:00:00:00
icmp6_csum:68bd
])
OVS_VSWITCHD_STOP
@@ -8545,8 +8545,8 @@ AT_DATA([flows.txt], [dnl
dnl Table 0
dnl
table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,action=ct(commit,table=1)
-table=0,priority=10,in_port=2,action=ct(table=1)
+table=0,priority=10,ip,in_port=1,udp,action=ct(commit,table=1)
+table=0,priority=10,ip,in_port=2,action=ct(table=1)
table=0,priority=1,action=drop
dnl
dnl Table 1
@@ -8596,12 +8596,12 @@ dnl Allow new connections on p1->p2. Allow only
established connections p2->p1
AT_DATA([flows.txt], [dnl
dnl Table 0
dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_mark)),controller
-table=0,priority=10,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:3->ct_mark)),controller
-table=0,priority=10,in_port=1,udp,tp_src=5,action=ct(commit,exec(set_field:5->ct_mark)),controller
-table=0,priority=10,in_port=2,actions=ct(table=1)
-table=0,priority=1,action=drop
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_mark)),controller
+table=0,ip,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:3->ct_mark)),controller
+table=0,ip,in_port=1,udp,tp_src=5,action=ct(commit,exec(set_field:5->ct_mark)),controller
+table=0,ip,in_port=2,actions=ct(table=1)
+table=0,priority=0,action=drop
dnl
dnl Table 1
dnl
@@ -8657,10 +8657,10 @@ dnl Allow new connections on p1->p2. Allow only
established connections p2->p1
AT_DATA([flows.txt], [dnl
dnl Table 0
dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:000000000000000001->ct_label))
-table=0,priority=10,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:000000000000000002->ct_label))
-table=0,priority=10,in_port=2,actions=ct(table=1)
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:000000000000000001->ct_label))
+table=0,ip,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:000000000000000002->ct_label))
+table=0,ip,in_port=2,actions=ct(table=1)
dnl
dnl Table 1
dnl
@@ -8714,10 +8714,10 @@ dnl subtables are visited, meaning consistent
megaflows.
dnl
dnl Table 0
dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_label)),2
-table=0,priority=10,in_port=2,actions=ct(table=1)
-table=0,priority=1,action=drop
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_label)),2
+table=0,ip,in_port=2,actions=ct(table=1)
+table=0,priority=0,action=drop
dnl
dnl Table 1
dnl
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at
index da7b262..0e6b92c 100644
--- a/tests/ovs-ofctl.at
+++ b/tests/ovs-ofctl.at
@@ -190,23 +190,23 @@ sctp actions=drop
in_port=0 actions=resubmit:0
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
-actions=ct(nat)
-actions=ct(commit,nat(dst))
-actions=ct(commit,nat(src))
-actions=ct(commit,nat(src=10.0.0.240,random))
-actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
-actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
-actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
-actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
-actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
-actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
-actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
+ip,actions=ct(nat)
+ip,actions=ct(commit,nat(dst))
+ip,actions=ct(commit,nat(src))
+ip,actions=ct(commit,nat(src=10.0.0.240,random))
+ip,actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
+ip,actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
+ip,actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
+ipv6,actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
+ipv6,actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
+ipv6,actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
+tcp,actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
]])
AT_CHECK([ovs-ofctl parse-flows flows.txt
], [0], [stdout])
AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: OpenFlow10,NXM
+[[usable protocols: any
chosen protocol: OpenFlow10-table_id
OFPT_FLOW_MOD: ADD tcp,tp_src=123 actions=FLOOD
OFPT_FLOW_MOD: ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0
actions=drop
@@ -221,17 +221,17 @@ OFPT_FLOW_MOD: ADD sctp actions=drop
OFPT_FLOW_MOD: ADD in_port=0 actions=resubmit:0
OFPT_FLOW_MOD: ADD
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
OFPT_FLOW_MOD: ADD
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
-OFPT_FLOW_MOD: ADD actions=ct(nat)
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(dst))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.0.0.240,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
-OFPT_FLOW_MOD: ADD
actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
-OFPT_FLOW_MOD: ADD
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
-OFPT_FLOW_MOD: ADD
actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
+OFPT_FLOW_MOD: ADD ip actions=ct(nat)
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(dst))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src=10.0.0.240,random))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
+OFPT_FLOW_MOD: ADD ip
actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
+OFPT_FLOW_MOD: ADD ipv6
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
+OFPT_FLOW_MOD: ADD ipv6
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
+OFPT_FLOW_MOD: ADD ipv6
actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
+OFPT_FLOW_MOD: ADD tcp
actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
]])
AT_CLEANUP
--
2.1.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
