We can't downgrade to OF1.0 and expect inconsistent CT actions
be silently disgarded.  Instead, datapath flow install fails, so
it is better to flag inconsistent CT actions as hard errors.

Signed-off-by: Jarno Rajahalme <ja...@ovn.org>
---
 lib/ofp-actions.c     |  7 +++++--
 tests/ofproto-dpif.at | 40 ++++++++++++++++++++--------------------
 tests/ovs-ofctl.at    | 46 +++++++++++++++++++++++-----------------------
 3 files changed, 48 insertions(+), 45 deletions(-)

diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index f896f98..19e47fb 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -7033,7 +7033,10 @@ ofpact_check__(enum ofputil_protocol *usable_protocols, 
struct ofpact *a,
         if (!dl_type_is_ip_any(flow->dl_type)
             || (flow->ct_state & CS_INVALID && oc->flags & NX_CT_F_COMMIT)
             || (oc->alg == IPPORT_FTP && flow->nw_proto != IPPROTO_TCP)) {
-            inconsistent_match(usable_protocols);
+            /* We can't downgrade to OF1.0 and expect inconsistent CT actions
+             * be silently disgarded.  Instead, datapath flow install fails, so
+             * it is better to flag inconsistent CT actions as hard errors. */
+            return OFPERR_OFPBAC_MATCH_INCONSISTENT;
         }
 
         if (oc->zone_src.field) {
@@ -7052,7 +7055,7 @@ ofpact_check__(enum ofputil_protocol *usable_protocols, 
struct ofpact *a,
             (on->range_af == AF_INET && flow->dl_type != htons(ETH_TYPE_IP)) ||
             (on->range_af == AF_INET6
              && flow->dl_type != htons(ETH_TYPE_IPV6))) {
-            inconsistent_match(usable_protocols);
+            return OFPERR_OFPBAC_MATCH_INCONSISTENT;
         }
         return 0;
     }
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index e2b983f..7b5972d 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -8396,7 +8396,7 @@ add_of_ports br0 1 2
 AT_CHECK([ovs-appctl vlog/set dpif_netdev:dbg vconn:info ofproto_dpif:info])
 
 AT_DATA([flows.txt], [dnl
-ct_state=-trk,action=ct(table=0,zone=0)
+ipv6,ct_state=-trk,action=ct(table=0,zone=0)
 ct_state=+trk,action=controller
 ])
 
@@ -8407,14 +8407,14 @@ AT_CHECK([ovs-ofctl monitor br0 65534 invalid_ttl -P 
nxt_packet_in --detach --no
 
 AT_CHECK([ovs-appctl time/stop])
 
-AT_CHECK([ovs-appctl netdev-dummy/receive p2 
'eth(src=80:88:88:88:88:88,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=192.168.0.1,tip=192.168.0.2,op=1,sha=50:54:00:00:00:05,tha=00:00:00:00:00:00)'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p2 
'0060970769ea0000860580da86dd6000000000203afffe80000000000000020086fffe0580dafe80000000000000026097fffe0769ea870068bd00000000fe80000000000000026097fffe0769ea01010000860580da'])
 
 OVS_WAIT_UNTIL([test `wc -l < ofctl_monitor.log` -ge 1])
 OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl exit])
 
 AT_CHECK([cat ofctl_monitor.log], [0], [dnl
-NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 ct_state=inv|trk,in_port=2 
(via action) data_len=42 (unbuffered)
-arp,vlan_tci=0x0000,dl_src=80:88:88:88:88:88,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=192.168.0.1,arp_tpa=192.168.0.2,arp_op=1,arp_sha=50:54:00:00:00:05,arp_tha=00:00:00:00:00:00
+NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=86 ct_state=inv|trk,in_port=2 
(via action) data_len=86 (unbuffered)
+icmp6,vlan_tci=0x0000,dl_src=00:00:86:05:80:da,dl_dst=00:60:97:07:69:ea,ipv6_src=fe80::200:86ff:fe05:80da,ipv6_dst=fe80::260:97ff:fe07:69ea,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=255,icmp_type=135,icmp_code=0,nd_target=fe80::260:97ff:fe07:69ea,nd_sll=00:00:86:05:80:da,nd_tll=00:00:00:00:00:00
 icmp6_csum:68bd
 ])
 
 OVS_VSWITCHD_STOP
@@ -8545,8 +8545,8 @@ AT_DATA([flows.txt], [dnl
 dnl Table 0
 dnl
 table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,action=ct(commit,table=1)
-table=0,priority=10,in_port=2,action=ct(table=1)
+table=0,priority=10,ip,in_port=1,udp,action=ct(commit,table=1)
+table=0,priority=10,ip,in_port=2,action=ct(table=1)
 table=0,priority=1,action=drop
 dnl
 dnl Table 1
@@ -8596,12 +8596,12 @@ dnl Allow new connections on p1->p2. Allow only 
established connections p2->p1
 AT_DATA([flows.txt], [dnl
 dnl Table 0
 dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_mark)),controller
-table=0,priority=10,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:3->ct_mark)),controller
-table=0,priority=10,in_port=1,udp,tp_src=5,action=ct(commit,exec(set_field:5->ct_mark)),controller
-table=0,priority=10,in_port=2,actions=ct(table=1)
-table=0,priority=1,action=drop
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_mark)),controller
+table=0,ip,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:3->ct_mark)),controller
+table=0,ip,in_port=1,udp,tp_src=5,action=ct(commit,exec(set_field:5->ct_mark)),controller
+table=0,ip,in_port=2,actions=ct(table=1)
+table=0,priority=0,action=drop
 dnl
 dnl Table 1
 dnl
@@ -8657,10 +8657,10 @@ dnl Allow new connections on p1->p2. Allow only 
established connections p2->p1
 AT_DATA([flows.txt], [dnl
 dnl Table 0
 dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:000000000000000001->ct_label))
-table=0,priority=10,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:000000000000000002->ct_label))
-table=0,priority=10,in_port=2,actions=ct(table=1)
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:000000000000000001->ct_label))
+table=0,ip,in_port=1,udp,tp_src=3,action=ct(commit,exec(set_field:000000000000000002->ct_label))
+table=0,ip,in_port=2,actions=ct(table=1)
 dnl
 dnl Table 1
 dnl
@@ -8714,10 +8714,10 @@ dnl   subtables are visited, meaning consistent 
megaflows.
 dnl
 dnl Table 0
 dnl
-table=0,priority=100,arp,action=normal
-table=0,priority=10,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_label)),2
-table=0,priority=10,in_port=2,actions=ct(table=1)
-table=0,priority=1,action=drop
+table=0,arp,action=normal
+table=0,ip,in_port=1,udp,tp_src=1,action=ct(commit,exec(set_field:1->ct_label)),2
+table=0,ip,in_port=2,actions=ct(table=1)
+table=0,priority=0,action=drop
 dnl
 dnl Table 1
 dnl
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at
index da7b262..0e6b92c 100644
--- a/tests/ovs-ofctl.at
+++ b/tests/ovs-ofctl.at
@@ -190,23 +190,23 @@ sctp actions=drop
 in_port=0 actions=resubmit:0
 
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
 
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
-actions=ct(nat)
-actions=ct(commit,nat(dst))
-actions=ct(commit,nat(src))
-actions=ct(commit,nat(src=10.0.0.240,random))
-actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
-actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
-actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
-actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
-actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
-actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
-actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
+ip,actions=ct(nat)
+ip,actions=ct(commit,nat(dst))
+ip,actions=ct(commit,nat(src))
+ip,actions=ct(commit,nat(src=10.0.0.240,random))
+ip,actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
+ip,actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
+ip,actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
+ipv6,actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
+ipv6,actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
+ipv6,actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
+tcp,actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
 ]])
 
 AT_CHECK([ovs-ofctl parse-flows flows.txt
 ], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: OpenFlow10,NXM
+[[usable protocols: any
 chosen protocol: OpenFlow10-table_id
 OFPT_FLOW_MOD: ADD tcp,tp_src=123 actions=FLOOD
 OFPT_FLOW_MOD: ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 
actions=drop
@@ -221,17 +221,17 @@ OFPT_FLOW_MOD: ADD sctp actions=drop
 OFPT_FLOW_MOD: ADD in_port=0 actions=resubmit:0
 OFPT_FLOW_MOD: ADD 
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
 OFPT_FLOW_MOD: ADD 
actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
-OFPT_FLOW_MOD: ADD actions=ct(nat)
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(dst))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.0.0.240,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
-OFPT_FLOW_MOD: ADD 
actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
-OFPT_FLOW_MOD: ADD 
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
-OFPT_FLOW_MOD: ADD 
actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
-OFPT_FLOW_MOD: ADD actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
+OFPT_FLOW_MOD: ADD ip actions=ct(nat)
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(dst))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src=10.0.0.240,random))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
+OFPT_FLOW_MOD: ADD ip actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
+OFPT_FLOW_MOD: ADD ip 
actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
+OFPT_FLOW_MOD: ADD ipv6 
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
+OFPT_FLOW_MOD: ADD ipv6 
actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
+OFPT_FLOW_MOD: ADD ipv6 
actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
+OFPT_FLOW_MOD: ADD tcp 
actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),alg=ftp)
 ]])
 AT_CLEANUP
 
-- 
2.1.4

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to