controller: Fix missing first ping from pod to external

The first ping from pod to external (through patch port) might fail. The icmp packet is properly sent by pinctrl (after L2 resolution) to OVS, and OVS receives the packet with in_port set to the patch port (on br-int side). OVS drops it with the following warning: "received packet on unassociated datapath", as it fails to find a datapath port associated to it. Setting the in_port to OFPP_CONTROLLER fixes the issue. Note that this (almost) reverts 8f1c38e ("pinctrl: fix IP buffering with connection-tracking") which was needed before 323ae1e8 (in ovs) ("ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER.") Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2129283 Reviewed-by: Ales Musil <amusil@redhat.com> Signed-off-by: Xavier Simonart <xsimonar@redhat.com> Signed-off-by: Dumitru Ceara <dceara@redhat.com> (cherry picked from commit d712a8a)
putnopvut · Jan 17, 2023 · e74caae · e74caae
1 parent e45f448
commit e74caae
Show file tree

Hide file tree

Showing 2 changed files with 112 additions and 3 deletions.
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
@@ -1366,7 +1366,6 @@ prepare_ipv6_prefixd(struct ovsdb_idl_txn *ovnsb_idl_txn,
 
 struct buffer_info {
     struct ofpbuf ofpacts;
-    ofp_port_t ofp_port;
     struct dp_packet *p;
 };
 
@@ -1442,7 +1441,6 @@ buffered_push_packet(struct buffered_packets *bp,
     union mf_value pkt_mark_value;
     mf_get_value(pkt_mark_field, &md->flow, &pkt_mark_value);
     ofpact_put_set_field(&bi->ofpacts, pkt_mark_field, &pkt_mark_value, NULL);
-    bi->ofp_port = md->flow.in_port.ofp_port;
 
     struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&bi->ofpacts);
     resubmit->in_port = OFPP_CONTROLLER;
@@ -1478,7 +1476,7 @@ buffered_send_packets(struct rconn *swconn, struct buffered_packets *bp,
             .ofpacts = bi->ofpacts.data,
             .ofpacts_len = bi->ofpacts.size,
         };
-        match_set_in_port(&po.flow_metadata, bi->ofp_port);
+        match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
         queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
 
         ofpbuf_uninit(&bi->ofpacts);

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
@@ -8211,3 +8211,114 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
 
 AT_CLEANUP
 ])
+
+###########################################################
+## ls1 -- cluster-router -- join - gr1 -- public1 -- ln1 ##
+###########################################################
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([Gateway router with dynamic_neigh_routers])
+
+CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+ADD_BR([br-ex], [set Bridge br-ex fail-mode=standalone])
+
+check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=provider:br-ex
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+        -- set Open_vSwitch . external-ids:system-id=hv1 \
+        -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+        -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+        -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+        -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Add routers
+check ovn-nbctl lr-add gr1
+check ovn-nbctl lr-add cluster-router
+
+# Add switches
+check ovn-nbctl ls-add join
+check ovn-nbctl ls-add public1
+check ovn-nbctl ls-add ls1
+
+# Add ls1 ports
+check ovn-nbctl lsp-add ls1 ls1p1 \
+    -- lsp-set-addresses ls1p1 "00:00:00:00:01:11 10.244.2.11"
+
+check ovn-nbctl lsp-add ls1 ls1-to-cluster-router \
+    -- lsp-set-type ls1-to-cluster-router router \
+    -- lsp-set-options ls1-to-cluster-router router-port=cluster-router-to-ls1 \
+    -- lsp-set-addresses ls1-to-cluster-router router
+
+# Add cluster-router ports
+check ovn-nbctl lrp-add cluster-router cluster-router-to-ls1 "00:00:00:0f:01:01" 10.244.2.1/24 \
+    -- lrp-add cluster-router cluster-router-to-join "00:00:00:0f:02:01" 100.64.0.1/16 \
+    -- lrp-set-gateway-chassis cluster-router-to-ls1 hv1 10 \
+    -- --policy=src-ip lr-route-add cluster-router 10.244.2.0/24 100.64.0.3
+
+# Add join ports
+check ovn-nbctl lsp-add join join-to-cluster-router \
+    -- lsp-set-type join-to-cluster-router router \
+    -- lsp-set-options join-to-cluster-router router-port=cluster-router-to-join \
+    -- lsp-set-addresses join-to-cluster-router router \
+    -- lsp-add join join-to-gr1 \
+    -- lsp-set-type join-to-gr1 router \
+    -- lsp-set-options join-to-gr1 router-port=gr1-to-join \
+    -- lsp-set-addresses join-to-gr1 router
+
+check ovn-nbctl set logical_router gr1 options:lb_force_snat_ip=router_ip \
+    -- set logical_router gr1 options:snat-ct-zone=0 \
+    -- set logical_router gr1 options:dynamic_neigh_routers=true
+
+# Add gr1 ports and set natting
+check ovn-nbctl lrp-add gr1 gr1-to-join "00:00:00:0f:02:03" 100.64.0.3/16 \
+    -- lr-route-add gr1 10.244.0.0/16 100.64.0.1 \
+    -- lr-nat-add gr1 snat 10.89.189.12 10.244.0.0/16 \
+    -- lrp-add gr1 gr1-to-public1 "0a:0a:b6:fc:03:12" 10.89.189.12/24 \
+    -- set logical_router gr1 options:chassis=hv1
+
+# Add public1 ports
+check ovn-nbctl lsp-add public1 public1-to-gr1 \
+    -- lsp-set-type public1-to-gr1 router \
+    -- lsp-set-options public1-to-gr1 router-port=gr1-to-public1 \
+    -- lsp-set-addresses public1-to-gr1 router \
+    -- lsp-add public1 ln1 \
+    -- lsp-set-type ln1 localnet \
+    -- lsp-set-options ln1 network_name=provider \
+    -- lsp-set-addresses ln1 unknown
+
+check ovn-nbctl --wait=hv sync
+
+ADD_NAMESPACES(ns_ls1p1)
+ADD_VETH(ls1p1, ns_ls1p1, br-int, "10.244.2.11/24", "00:00:00:00:01:11", "10.244.2.1")
+
+ADD_NAMESPACES(ns_ext1)
+ADD_VETH(ln1, ns_ext1, br-ex, "10.89.189.1/24", "0a:0a:b6:fc:03:01")
+
+NS_CHECK_EXEC([ns_ls1p1], [ping -q -c 3 -i 0.3 -w 2 10.89.189.1 | FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as ovn-nb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as northd
+OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])
+
+as
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
+/connection dropped.*/d"])
+AT_CLEANUP
+])