== Description of problem == When adding an MPLS flow, ovs-ofctl ignores the mpls_ttl field. For example: # ovs-ofctl add-flow br0 "in_port=veth10,mpls,mpls_label=20,mpls_bos=1,mpls_ttl=64 actions=pop_mpls:0x0800,output:veth12" # ovs-ofctl dump-flows br0 cookie=0x0, duration=9.743s, table=0, n_packets=0, n_bytes=0, mpls,in_port=veth10,mpls_label=20,mpls_bos=1 actions=pop_mpls:0x0800,output:veth12 The mpls_ttl field is absent from the dump-flows command output. == Version-Release number of selected component (if applicable) == Problem originally found on RHEL 8 and reproduced with the latest upstream git tree, currently at 89b522aee379 ("ovsdb-idl: Add function to reset min_index."). # ovs-ofctl --version ovs-ofctl (Open vSwitch) 2.13.90 OpenFlow versions 0x1:0x6 == How reproducible == Always. == Steps to Reproduce == Here's a more complete scenario: Create two network namespaces, ns0 and ns2. # ip netns add ns0 # ip netns add ns2 # ip -n ns0 link set dev lo up # ip -n ns2 link set dev lo up Create a veth pair in each namespace, connected with the current namespace. # ip link add name veth01 netns ns0 type veth peer name veth10 # ip link add name veth12 type veth peer name veth21 netns ns2 # ip -n ns0 link set dev veth01 up # ip -n ns2 link set dev veth21 up # ip link set dev veth10 up # ip link set dev veth12 up The veth of ns0 has IP 192.0.2.10, ns2 has IP 192.0.2.12 # ip -n ns0 address add 192.0.2.10/24 dev veth01 # ip -n ns2 address add 192.0.2.12/24 dev veth21 Use tc to add an MPLS header to packets leaving ns0 or ns2. The TTL is set to 20 in ns0 and 30 in ns2. # tc -n ns0 qdisc replace dev veth01 root prio # tc -n ns2 qdisc replace dev veth21 root prio # tc -n ns0 filter add dev veth01 proto ipv4 flower dst_ip 192.0.2.12/32 action mpls push label 20 ttl 20 # tc -n ns2 filter add dev veth21 proto ipv4 flower dst_ip 192.0.2.10/32 action mpls push label 30 ttl 30 Use OVS to bridge the veths of ns0 and ns2 in the current namespace. # ovs-vsctl del-br br0 # ovs-vsctl add-br br0 # ovs-vsctl add-port br0 veth10 # ovs-vsctl add-port br0 veth12 Add flow for ARP. # ovs-ofctl del-flows br0 # ovs-ofctl add-flow br0 "table=0,priority=10 arp action=normal" Drop the MPLS header previously added by tc, but match of the wrong TTL (64 instead of 20 and 30). # ovs-ofctl add-flow br0 "in_port=veth10,mpls,mpls_label=20,mpls_bos=1,mpls_ttl=64 actions=pop_mpls:0x0800,output:veth12" # ovs-ofctl add-flow br0 "in_port=veth12,mpls,mpls_label=30,mpls_bos=1,mpls_ttl=64 actions=pop_mpls:0x0800,output:veth10" == Actual results == The MPLS flows are matched, even though the TTL is different. Therefore ns0 can ping ns2: # ip netns exec ns0 ping -c 1 192.0.2.12 PING 192.0.2.12 (192.0.2.12) 56(84) bytes of data. 64 bytes from 192.0.2.12: icmp_seq=1 ttl=64 time=2.13 ms --- 192.0.2.12 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.125/2.125/2.125/0.000 ms == Expected results == The MPLS flows don't match, because the TTL is different, and ping fails.
Patch sent upstream: https://mail.openvswitch.org/pipermail/ovs-dev/2020-September/375321.html
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (openvswitch2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0402