Detect looping flows #2674
Detect looping flows #2674
Conversation
| for _, key := range flow.FlowKeys { | ||
| switch k := key.(type) { | ||
| case odp.InPortFlowKey: | ||
| inVports[k.VportID()] = struct{}{} |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
| // A checkFlowLoop checks whether the flow is free from the following loops: | ||
| // * in_port == out_port, where in_port is non-vxlan vport; | ||
| // * a packet is sent back to a vxlan tunnel it has been received from. | ||
| func (fastdp *FastDatapath) checkFlowLoop(flow *odp.FlowSpec) bool { |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
| @@ -1134,6 +1137,11 @@ func (fastdp *FastDatapath) send(fops FlowOp, frame []byte, lock *fastDatapathLo | |||
| } | |||
| } | |||
|
|
|||
| if !fastdp.checkFlowLoop(&flow) { | |||
| log.Error("ODP flow contains a loop ", flow) | |||
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
| } | ||
| } | ||
| case odp.SetTunnelAction: | ||
| if inVxlan && a.TunnelAttrs.TunnelId == vxlanKey.TunnelId && |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
| for _, action := range flow.Actions { | ||
| switch a := action.(type) { | ||
| case odp.OutputAction: | ||
| if _, ok := inVports[a.VportID()]; ok { |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
|
|
||
| for _, action := range flow.Actions { | ||
| switch a := action.(type) { | ||
| case odp.OutputAction: |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
brb
force-pushed
the
issues/2650-fix-looping-flows
branch
2 times, most recently
from
846bc54
to
af962f7
Compare
The introduced "isHairpinFlow" detects whether a flow has been created due to enabled hairpin mode.
brb
force-pushed
the
issues/2650-fix-looping-flows
branch
from
af962f7
to
f4f90b3
Compare
The updated version includes parsing of IFLA_PROTINFO which is needed to get info about hairpin mode when subscribing to link updates.
| log.Errorf("Unable to subscribe to netlink updates: %s", err) | ||
| } | ||
|
|
||
| pi, err := netlink.LinkGetProtinfo(link) |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
brb
force-pushed
the
issues/2650-fix-looping-flows
branch
2 times, most recently
from
98d47c6
to
aa9c032
Compare
|
PTAL. |
Enabled hairpin mode on vethwe-bridge was one of the root causes for installing looping flows in the fastdp mode. Also, it confused the weave custom L2 bridge, as the bridge treats a bounced back packet, e.g. ARP brodcast request, as a local one (the case for "Captured a packet associated with remote host").
This PR includes the following changes:
BLOCKERS: vishvananda/netlink#179 (I've temporarily changed the vendored netlink dep). The PR has been merged.Fixes #2650