[ovs-discuss] [SFC NSH] Update "eth dst" for original packet after decap nsh encapsulation packet.
wang junqiang
wangjq_china at outlook.com
Tue Jan 15 01:32:53 UTC 2019
Hi,
If you are careful, you will find that NSH is no problem without using a proxy. Just go through the physical interface without going through the table.
Why is this? Because the ovs code has a checksum, for the NSH check, if encap and decap are used together, there will be problems, this is the need to change the code. The ovs actions have a series of actions, and these actions are checked and executed first. Decap checks whether it is an NSH message, but there is encap, so the check fails, so why is there no problem with MPLS? Because MPLS push_mpls is set. The mpls field causes the pop_mpls check to succeed, but push_nsh does not have this setting.
Recompile the source code and replace openvswitch.ko
If you have any questions, you can always restore your mail.
code:
vim datapath/flow_netlink.c
__ovs_nla_copy_actions
case OVS_ACTION_ATTR_PUSH_ETH:
/* Disallow pushing an Ethernet header if one
* is already present */
if (mac_proto != MAC_PROTO_NONE)
return -EINVAL;
//mac_proto = MAC_PROTO_NONE;
mac_proto = MAC_PROTO_ETHERNET;
break;
case OVS_ACTION_ATTR_POP_ETH:
if (mac_proto != MAC_PROTO_ETHERNET)
return -EINVAL;
if (vlan_tci & htons(VLAN_TAG_PRESENT))
return -EINVAL;
//mac_proto = MAC_PROTO_ETHERNET;
mac_proto = MAC_PROTO_NONE;
break;
case OVS_ACTION_ATTR_POP_NSH: {
//__be16 inner_proto;
//if (eth_type != htons(ETH_P_NSH))
// return -EINVAL;
//inner_proto = tun_p_to_eth_p(key->nsh.base.np);
//if (!inner_proto)
// return -EINVAL;
if (key->nsh.base.np == TUN_P_ETHERNET)
mac_proto = MAC_PROTO_ETHERNET;
else
mac_proto = MAC_PROTO_NONE;
break;
validate_set
if (key_type > OVS_KEY_ATTR_MAX ||
!check_attr_len(key_len, ovs_key_lens[key_type].len))
return -EINVAL;
/************************************************************/
if (key_len == 28) {
return 0;
} else if (key_type == OVS_KEY_ATTR_ETHERNET) {
mac_proto = MAC_PROTO_ETHERNET;
}
/************************************************************/
if (masked && !validate_masked(nla_data(ovs_key), key_len))
return -EINVAL;
<https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=wangjq_china&uid=wangjq_china%40outlook.com&iconUrl=http%3A%2F%2Fmail-online.nosdn.127.net%2Fsmbbd5217c6c1185a0336c405480773143.jpg&items=%5B%22wangjq_china%40outlook.com%22%5D>
[http://mail-online.nosdn.127.net/smbbd5217c6c1185a0336c405480773143.jpg]
wangjq_china
wangjq_china at outlook.com
签名由 网易邮箱大师<https://mail.163.com/dashi/dlpro.html?from=mail81> 定制
On 1/14/2019 09:53,Hoàng Công Phước<hoangphuocbk2.07 at gmail.com><mailto:hoangphuocbk2.07 at gmail.com> wrote:
Hi Wang,
Could you upload your patch to ovs? I would appreciate your help about that case ^^. Thank you.
Vào CN, 13 thg 1, 2019 vào lúc 04:36 wang junqiang <wangjq_china at outlook.com<mailto:wangjq_china at outlook.com>> đã viết:
Hi,
I also encountered this problem, need to change the source code to solve.
获取 Outlook for iOS<https://aka.ms/o0ukef>
________________________________
发件人: ovs-discuss-bounces at openvswitch.org<mailto:ovs-discuss-bounces at openvswitch.org> 代表 Hoàng Công Phước <hoangphuocbk2.07 at gmail.com<mailto:hoangphuocbk2.07 at gmail.com>>
发送时间: 星期六, 一月 12, 2019 11:11
收件人: Ben Pfaff
抄送: bugs at openvswitch.org<mailto:bugs at openvswitch.org>
主题: Re: [ovs-discuss] [SFC NSH] Update "eth_dst" for original packet after decap nsh encapsulation packet.
here are the document I am following:
https://github.com/openvswitch/ovs/blob/master/tests/nsh.at#L65-L68
My ovs version is 2.9.0 and when I check ovs, in version 2.9.0, NSH is supported.
Vào Th 7, 12 thg 1, 2019 vào lúc 01:52 Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>> đã viết:
I don't think OVS supports this kind of encapsulation.
On Fri, Jan 11, 2019 at 10:42:10AM +0900, Hoàng Công Phước wrote:
> Hi Ben, thank for your
>
> I am sorry because I didn't show the encapsulation command. In this case,
> original packet is encapsulated 2 times, with nsh and ethernet headers.
> Here is the flow:
>
> table=0, n_packets=0, n_bytes=0,
> priority=30,tcp,in_port="tap09d8de0e-20",nw_src=10.10.0.111,nw_dst=
> 10.10.0.0/24,tp_dst=80<http://10.10.0.0/24,tp_dst=80>
> actions=encap(nsh),set_field:0x33->nsh_spi,set_field:255->nsh_si,encap(ethernet),set_field:fa:16:3e:05:3a:12->eth_dst,resubmit(,5)
>
> As I known, after using decap() 2 times, I can get the original packet. So,
> I can update eth_dst to it.
>
>
>
>
>
> Vào Th 6, 11 thg 1, 2019 vào lúc 04:32 Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>> đã viết:
>
> > On Fri, Jan 11, 2019 at 04:26:03AM +0900, Hoàng Công Phước wrote:
> > > Hi experts,
> > >
> > > I am trying to update "eth_dst" for original packet after decap nsh
> > > encapsulation packet. Here is my command about it:
> > >
> > > $ sudo ovs-ofctl add-flow br-int "table=10, priority=1, dl_vlan=4,
> > > dl_dst=fa:16:3e:05:3a:12, dl_type=0x894f, nsh_mdtype=1, nsh_spi=0x33,
> > > nsh_si=254, actions=strip_vlan,
> > > move:NXM_OF_ETH_DST->OXM_OF_PKT_REG0[0..47], decap(), decap(),
> > > move:OXM_OF_PKT_REG0[0..47]->NXM_OF_ETH_DST, output:tap62c2fc56-14"
> > >
> > > However, I got an error, that is:
> > > "2019-01-10T19:11:27Z|00001|meta_flow|WARN|destination field eth_dst
> > lacks
> > > correct prerequisites
> > > ovs-ofctl: actions are invalid with specified match
> > > (OFPBAC_MATCH_INCONSISTENT)"
> > >
> > > If I remove "move:NXM_OF_ETH_DST->OXM_OF_PKT_REG0[0..47]" and
> > > "move:OXM_OF_PKT_REG0[0..47]->NXM_OF_ETH_DST", it worked. So there is an
> > > error with copy eth_dst value from outer to inner packet. I am beginner
> > > with Open vSwitch, so it's very helpful if someone can help me to figure
> > > the problem out.
> >
> > It looks to me that the first decap removes the NSH header and the
> > second decap removes the Ethernet header. At that point, there's no
> > Ethernet destination field to set, so the error seems reasonable.
> >
>
>
> --
> Hoàng Công Phước
--
Hoàng Công Phước
--
Hoàng Công Phước
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20190115/d650108a/attachment-0001.html>
More information about the discuss
mailing list