From 3e3373033eb997d8529f4aeb0d2f89153f596d86 Mon Sep 17 00:00:00 2001 From: Enrique Llorente Date: Thu, 12 Dec 2024 12:59:42 +0100 Subject: [PATCH] northd: del l2 lookup table entry for disabled lsp For scenarios where a logical switch has empty type LSP and localnet type LSP, disabling the normal LSP should end up steering traffic to the localnet LSP. This change do that by removing the l2 lookup table entry for this LSP, previously when disabled the entry was changing from: match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0p1"; output;) and after enabled=false: match=(eth.dst == 00:00:00:00:00:01), action=(drop;) So it was still matching and traffic will be drop instead of being steering to localnet port. Reported-at: https://issues.redhat.com/browse/FDP-1033 Signed-off-by: Enrique Llorente Signed-off-by: 0-day Robot --- northd/northd.c | 12 +++++++----- tests/ovn-northd.at | 4 ---- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index af69f8c528..50d5a22e3e 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -10307,14 +10307,16 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op, return; } + /* Skip adding the unicast lookup flows the LSP is explicitly disabled */ + if (!lsp_is_enabled(op->nbsp)) { + return; + } + bool lsp_clone_to_unknown = lsp_is_clone_to_unknown(op->nbsp); - bool lsp_enabled = lsp_is_enabled(op->nbsp); - const char *action = lsp_enabled - ? ((lsp_clone_to_unknown && op->od->has_unknown) + const char *action = lsp_clone_to_unknown && op->od->has_unknown ? "clone {outport = %s; output; };" "outport = \""MC_UNKNOWN "\"; output;" - : "outport = %s; output;") - : debug_drop_action(); + : "outport = %s; output;"; if (lsp_is_router(op->nbsp) && op->peer && op->peer->nbrp) { /* For ports connected to logical routers add flows to bypass the diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 45816836e4..9a3fd9266d 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -9095,9 +9095,7 @@ ovn_strip_lflows ], [0], [dnl table=??(ls_in_check_port_sec), priority=50 , match=(1), action=(reg0[[15]] = check_in_port_sec(); next;) table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport = get_fdb(eth.dst); next;) table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)), action=(handle_svc_check(inport);) - table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(drop;) table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0p2"; output;) - table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:01:01), action=(drop;) table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:02:02), action=(outport = "sw0p2"; output;) table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;) @@ -9129,9 +9127,7 @@ ovn_strip_lflows ], [0], [dnl table=??(ls_in_check_port_sec), priority=70 , match=(inport == "sw0p2"), action=(set_queue(10); reg0[[15]] = check_in_port_sec(); next;) table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport = get_fdb(eth.dst); next;) table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)), action=(handle_svc_check(inport);) - table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(drop;) table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0p2"; output;) - table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:01:01), action=(drop;) table=??(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:02:02), action=(outport = "sw0p2"; output;) table=??(ls_in_l2_lkup ), priority=70 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) table=??(ls_in_l2_unknown ), priority=0 , match=(1), action=(output;)