Bug 1805651
| Summary: | ovn: fix tcp_reset action handling | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | lorenzo bianconi <lorenzo.bianconi> |
| Component: | ovn2.12 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jianlin Shi <jishi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | RHEL 8.0 | CC: | ctrautma, jishi, mmichels, ralongi, trozet |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn2.12-2.12.0-30.el7fdn | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-10 15:14:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1772655, 1810567, 1810570 | ||
|
Description
lorenzo bianconi
2020-02-21 09:56:27 UTC
reproduced on ovn2.12.0-27 with following script: #!/bin/bash systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25 systemctl restart ovn-controller ip netns add server0 ip link add veth0_s0 netns server0 type veth peer name veth0_s0_p ip netns exec server0 ip link set lo up ip netns exec server0 ip link set veth0_s0 up ip netns exec server0 ip link set veth0_s0 address 00:00:00:01:01:02 ip netns exec server0 ip addr add 192.168.1.1/24 dev veth0_s0 ip netns exec server0 ip addr add 2000::1/64 dev veth0_s0 ip netns exec server0 ip route add default via 192.168.1.254 dev veth0_s0 ip netns exec server0 ip -6 route add default via 2000::a dev veth0_s0 ip netns add server1 ip link add veth0_s1 netns server1 type veth peer name veth0_s1_p ip netns exec server1 ip link set lo up ip netns exec server1 ip link set veth0_s1 up ip netns exec server1 ip link set veth0_s1 address 00:00:00:01:02:02 ip netns exec server1 ip addr add 192.168.1.2/24 dev veth0_s1 ip netns exec server1 ip addr add 2000::2/64 dev veth0_s1 ip netns exec server1 ip route add default via 192.168.1.254 dev veth0_s1 ip netns exec server1 ip -6 route add default via 2000::a dev veth0_s1 ovs-vsctl add-port br-int veth0_s0_p ovs-vsctl add-port br-int veth0_s1_p ip link set veth0_s0_p up ip link set veth0_s1_p up ovs-vsctl set interface veth0_s0_p external_ids:iface-id=ls1p1 ovs-vsctl set interface veth0_s1_p external_ids:iface-id=ls1p2 ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2000::1" ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:02:02 192.168.1.2 2000::2" ovn-nbctl acl-add ls1 from-lport 1000 "inport == \"ls1p1\" && tcp && tcp.dst == 80" reject ovn-nbctl acl-add ls1 from-lport 1000 "inport == \"ls1p1\" && ip6 && tcp && tcp.dst == 80" reject ip netns exec server1 nc -l 80 -k & sleep 3 ip netns exec server0 nc 192.168.1.2 80 <<< "h" ip netns exec server0 nc -6 2000::2 80 <<< "h" [root@dell-per740-42 bz1805651]# rpm -qa | grep -E "openvswitch|ov" openvswitch2.12-2.12.0-23.el7fdp.x86_64 ovn2.12-central-2.12.0-27.el7fdp.x86_64 openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch ovn2.12-2.12.0-27.el7fdp.x86_64 ovn2.12-host-2.12.0-27.el7fdp.x86_64 [root@dell-per740-42 bz1805651]# bash -x setup.sh + systemctl start openvswitch + systemctl start ovn-northd + ovn-nbctl set-connection ptcp:6641 + ovn-sbctl set-connection ptcp:6642 + ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25 + systemctl restart ovn-controller ...... + ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && tcp && tcp.dst == 80' reject + ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && ip6 && tcp && tcp.dst == 80' reject + sleep 3 + ip netns exec server1 nc -l 80 -k + ip netns exec server0 nc 192.168.1.2 80 Ncat: Connection timed out. + ip netns exec server0 nc -6 2000::2 80 Ncat: Connection timed out. <==== time out Verified on 2.12.0-36: [root@dell-per740-42 bz1805651]# rpm -qa | grep -E "openvswitch|ov" openvswitch2.12-2.12.0-23.el7fdp.x86_64 ovn2.12-host-2.12.0-36.el7fdp.x86_64 openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch ovn2.12-central-2.12.0-36.el7fdp.x86_64 ovn2.12-2.12.0-36.el7fdp.x86_64 [root@dell-per740-42 bz1805651]# bash -x setup.sh + systemctl start openvswitch + systemctl start ovn-northd + ovn-nbctl set-connection ptcp:6641 + ovn-sbctl set-connection ptcp:6642 + ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25 + systemctl restart ovn-controller ...... + ovn-nbctl lsp-set-addresses ls1p2 '00:00:00:01:02:02 192.168.1.2 2000::2' + ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && tcp && tcp.dst == 80' reject + ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && ip6 && tcp && tcp.dst == 80' reject + sleep 3 + ip netns exec server1 nc -l 80 -k + ip netns exec server0 nc 192.168.1.2 80 Ncat: Connection refused. + ip netns exec server0 nc -6 2000::2 80 Ncat: Connection refused. <==== refused *** Bug 1795790 has been marked as a duplicate of this bug. *** ovn2.12 has been superceded by ovn2.13. |