The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.
Bug 1805651 - ovn: fix tcp_reset action handling
Summary: ovn: fix tcp_reset action handling
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: ovn2.12
Version: RHEL 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: lorenzo bianconi
QA Contact: Jianlin Shi
URL:
Whiteboard:
: 1795790 (view as bug list)
Depends On:
Blocks: 1772655 1810567 1810570
TreeView+ depends on / blocked
 
Reported: 2020-02-21 09:56 UTC by lorenzo bianconi
Modified: 2020-11-10 15:14 UTC (History)
5 users (show)

Fixed In Version: ovn2.12-2.12.0-30.el7fdn
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-10 15:14:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description lorenzo bianconi 2020-02-21 09:56:27 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Jianlin Shi 2020-03-19 06:43:29 UTC 
reproduced on ovn2.12.0-27 with following script:

#!/bin/bash                                                                                          

systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641                                                                    
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25
systemctl restart ovn-controller
ip netns add server0                                                                                  
ip link add veth0_s0 netns server0 type veth peer name veth0_s0_p
ip netns exec server0 ip link set lo up                                                               
ip netns exec server0 ip link set veth0_s0 up
ip netns exec server0 ip link set veth0_s0 address 00:00:00:01:01:02
ip netns exec server0 ip addr add 192.168.1.1/24 dev veth0_s0
ip netns exec server0 ip addr add 2000::1/64 dev veth0_s0
ip netns exec server0 ip route add default via 192.168.1.254 dev veth0_s0
ip netns exec server0 ip -6 route add default via 2000::a dev veth0_s0

ip netns add server1
ip link add veth0_s1 netns server1 type veth peer name veth0_s1_p
ip netns exec server1 ip link set lo up                                                               
ip netns exec server1 ip link set veth0_s1 up
ip netns exec server1 ip link set veth0_s1 address 00:00:00:01:02:02
ip netns exec server1 ip addr add 192.168.1.2/24 dev veth0_s1
ip netns exec server1 ip addr add 2000::2/64 dev veth0_s1
ip netns exec server1 ip route add default via 192.168.1.254 dev veth0_s1
ip netns exec server1 ip -6 route add default via 2000::a dev veth0_s1

ovs-vsctl add-port br-int veth0_s0_p
ovs-vsctl add-port br-int veth0_s1_p
ip link set veth0_s0_p up                                                                             
ip link set veth0_s1_p up
ovs-vsctl set interface veth0_s0_p external_ids:iface-id=ls1p1
ovs-vsctl set interface veth0_s1_p external_ids:iface-id=ls1p2
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 ls1p1                                                                           
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2000::1"
ovn-nbctl lsp-add ls1 ls1p2                                                                           
ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:02:02 192.168.1.2 2000::2"

ovn-nbctl acl-add ls1 from-lport 1000 "inport == \"ls1p1\" && tcp && tcp.dst == 80" reject
ovn-nbctl acl-add ls1 from-lport 1000 "inport == \"ls1p1\" && ip6 && tcp && tcp.dst == 80" reject

ip netns exec server1 nc -l 80 -k &
sleep 3
ip netns exec server0 nc 192.168.1.2 80 <<< "h"
ip netns exec server0 nc -6 2000::2 80 <<< "h"

[root@dell-per740-42 bz1805651]# rpm -qa | grep -E "openvswitch|ov"
openvswitch2.12-2.12.0-23.el7fdp.x86_64
ovn2.12-central-2.12.0-27.el7fdp.x86_64
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch
ovn2.12-2.12.0-27.el7fdp.x86_64
ovn2.12-host-2.12.0-27.el7fdp.x86_64

[root@dell-per740-42 bz1805651]# bash -x setup.sh                        
+ systemctl start openvswitch                                         
+ systemctl start ovn-northd 
+ ovn-nbctl set-connection ptcp:6641                                       
+ ovn-sbctl set-connection ptcp:6642                             
+ ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25
+ systemctl restart ovn-controller 
......
+ ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && tcp && tcp.dst == 80' reject
+ ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && ip6 && tcp && tcp.dst == 80' reject
+ sleep 3                                                          
+ ip netns exec server1 nc -l 80 -k                      
+ ip netns exec server0 nc 192.168.1.2 80                                
Ncat: Connection timed out.                                           
+ ip netns exec server0 nc -6 2000::2 80                       
Ncat: Connection timed out.

<==== time out

Verified on 2.12.0-36:

[root@dell-per740-42 bz1805651]# rpm -qa | grep -E "openvswitch|ov"
openvswitch2.12-2.12.0-23.el7fdp.x86_64
ovn2.12-host-2.12.0-36.el7fdp.x86_64
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch
ovn2.12-central-2.12.0-36.el7fdp.x86_64
ovn2.12-2.12.0-36.el7fdp.x86_64

[root@dell-per740-42 bz1805651]# bash -x setup.sh 
+ systemctl start openvswitch
+ systemctl start ovn-northd
+ ovn-nbctl set-connection ptcp:6641
+ ovn-sbctl set-connection ptcp:6642
+ ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.50.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.50.25
+ systemctl restart ovn-controller
......
+ ovn-nbctl lsp-set-addresses ls1p2 '00:00:00:01:02:02 192.168.1.2 2000::2'
+ ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && tcp && tcp.dst == 80' reject
+ ovn-nbctl acl-add ls1 from-lport 1000 'inport == "ls1p1" && ip6 && tcp && tcp.dst == 80' reject
+ sleep 3
+ ip netns exec server1 nc -l 80 -k
+ ip netns exec server0 nc 192.168.1.2 80
Ncat: Connection refused.
+ ip netns exec server0 nc -6 2000::2 80
Ncat: Connection refused.

<==== refused
Comment 4 Numan Siddique 2020-04-06 15:09:53 UTC 
*** Bug 1795790 has been marked as a duplicate of this bug. ***
Comment 7 Dan Williams 2020-11-10 15:14:05 UTC 
ovn2.12 has been superceded by ovn2.13.
Note You need to log in before you can comment on or make changes to this bug.