Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-124

Userspace conntrack doesn't populate ct_tp_src/dst for later IP fragments

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • openvswitch3.2
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • rhel-sst-network-fastdatapath
    • ssg_networking
    • Important

      Reported by amusil@redhat.com on slack:

      I have the following flow

      priority=120,ct_state=+new+trk,ct_nw_proto=17,ct_tp_dst=4242,ip,metadata=0x3,nw_dst=172.16.1.20 actions=load:0->NXM_NX_XXREG0[97],group:1

      which is able to match only on the first fragment, the later ones have ct_tp_ zero e.g.:

      ufid:0e5ed43e-df35-4688-9746-5e122ce9b13a, recirc_id(0xb),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0x3f),ct_zone(0x3/0),ct_mark(0/0x1),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17,tp_src=33704/0,tp_dst=4242),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03/00:00:00:00:00:00,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20,proto=17/0,tos=0/0,ttl=64/0,frag=first),udp(src=33704/0,dst=4242/0), packets:0, bytes:0, used:never, dp:ovs, actions:hash(l4(0)),recirc(0xc), dp-extra-info:miniflow_bits(5,3)

ufid:aa5301ac-9799-4e05-abd5-839a5c71ea1b, recirc_id(0xb),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0x3f),ct_zone(0x3/0),ct_mark(0/0x3),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17,tp_src=0/0,tp_dst=0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2,dst=172.16.1.20,proto=17,tos=0/0,ttl=64,frag=later), packets:0, bytes:0, used:never, dp:ovs, actions:ct(commit,zone=3,mark=0/0x1,nat(src)),set(eth(src=00:00:01:01:02:04,dst=00:00:00:00:00:00)),set(ipv4(ttl=63)),userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=14,rule_cookie=0xb41ca3db,controller_id=0,max_len=65535)), dp-extra-info:miniflow_bits(5,3)

      Full datapath flow chain:

      ufid:39f92277-57e7-4002-8621-5b78835cf771, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20,proto=17,tos=0/0,ttl=64/0,frag=first),udp(src=60344/0,dst=4242), packets:0, bytes:0, used:never, dp:ovs, actions:ct(zone=3,nat),recirc(0xa), dp-extra-info:miniflow_bits(5,3)
ufid:36b833e6-1bdc-4d80-a62a-e3322a6fec32, recirc_id(0xb),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0x3f),ct_zone(0x3/0),ct_mark(0/0x1),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17,tp_src=60344/0,tp_dst=4242),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03/00:00:00:00:00:00,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20,proto=17/0,tos=0/0,ttl=64/0,frag=first),udp(src=60344/0,dst=4242/0), packets:0, bytes:0, used:never, dp:ovs, actions:hash(l4(0)),recirc(0xc), dp-extra-info:miniflow_bits(5,3)
ufid:b7457dd1-9ccd-4de8-80e2-9f74d40a7c0a, recirc_id(0xc),dp_hash(0x7f03b0aa/0xf),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0),ct_zone(0x3/0),ct_mark(0/0),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tp_src=60344/0,tp_dst=4242/0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03/00:00:00:00:00:00,dst=00:00:01:01:02:03/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tos=0/0,ttl=64/0,frag=first),udp(src=60344/0,dst=4242/0), packets:0, bytes:0, used:never, dp:ovs, actions:ct(commit,zone=3,mark=0x2/0x2,nat(dst=172.16.1.2:4242)),recirc(0xd), dp-extra-info:miniflow_bits(5,1)
ufid:b998e30b-e88f-4467-8624-7328997c4eb6, recirc_id(0x3),dp_hash(0x2b550019/0xf),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0),ct_zone(0x3/0),ct_mark(0/0),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tp_src=33704/0,tp_dst=4242/0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03/00:00:00:00:00:00,dst=00:00:01:01:02:03/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tos=0/0,ttl=64/0,frag=first),udp(src=33704/0,dst=4242/0), packets:0, bytes:0, used:never, dp:ovs, actions:ct(commit,zone=3,mark=0x2/0x2,nat(dst=172.16.1.2:4242)),recirc(0x9), dp-extra-info:miniflow_bits(5,1)


ufid:53f9aa4c-b1d8-4a7f-84d6-19391f9a689a, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20,proto=17,tos=0/0,ttl=64/0,frag=later), packets:0, bytes:0, used:never, dp:ovs, actions:ct(zone=3,nat),recirc(0xb), dp-extra-info:miniflow_bits(5,2)
ufid:bb9dabbe-0afd-4a93-afa4-bd5ea08bd540, recirc_id(0xb),dp_hash(0/0),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0x3f),ct_zone(0x3/0),ct_mark(0/0x3),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17,tp_src=0/0,tp_dst=0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03,dst=00:00:01:01:02:03),eth_type(0x0800),ipv4(src=192.168.1.2,dst=172.16.1.20,proto=17,tos=0/0,ttl=64,frag=later), packets:0, bytes:0, used:never, dp:ovs, actions:ct(commit,zone=3,mark=0/0x1,nat(src)),set(eth(src=00:00:01:01:02:04,dst=00:00:00:00:00:00)),set(ipv4(ttl=63)),userspace(pid=0,controller(reason=1,dont_send=0,continuation=0,recirc_id=14,rule_cookie=0xd7586d92,controller_id=0,max_len=65535)), dp-extra-info:miniflow_bits(5,3)
ufid:cf8329f3-8274-4e9b-b033-d12d01983f0b, recirc_id(0x3),dp_hash(0x6f36403/0xf),skb_priority(0/0),in_port(ovs-client),skb_mark(0/0),ct_state(0x21/0),ct_zone(0x3/0),ct_mark(0/0),ct_label(0/0),ct_tuple4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tp_src=0/0,tp_dst=0/0),packet_type(ns=0,id=0),eth(src=f0:00:00:01:02:03/00:00:00:00:00:00,dst=00:00:01:01:02:03/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=192.168.1.2/0.0.0.0,dst=172.16.1.20/0.0.0.0,proto=17/0,tos=0/0,ttl=64/0,frag=later), packets:0, bytes:0, used:never, dp:ovs, actions:ct(commit,zone=3,mark=0x2/0x2,nat(dst=172.16.1.2:4242)),recirc(0x9), dp-extra-info:miniflow_bits(5,1)

      It looks like the metadata is being populated for the first IP fragment, but not for the second one.
      This prevents OVN from fixing FD-2724.

      Reproducer in a form of OVN system test: Here

              pvalerio@redhat.com Paolo Valerio
              imaximet@redhat.com Ilya Maximets
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: