Ubuntu
ovn package

Merge ~fnordahl/ubuntu/+source/ovn:bug/1857026-focal into ~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal

Proposed by Frode Nordahl on 2022-01-06

Status:

Merged

Merged at revision:

1272554ada5e7ecfcc9b090d696d7b092779bdb6

Proposed branch:

~fnordahl/ubuntu/+source/ovn:bug/1857026-focal

Merge into:

~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal

Diff against target:

803 lines (+775/-0)

4 files modified

debian/changelog (+8/-0)
debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch (+274/-0)
debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch (+491/-0)
debian/patches/series (+2/-0)

Undecided

Invalid

Link a bug report

Reviewer	Review Type	Date Requested	Status
James Page		2022-01-06	Pending
Review via email: mp+413737@code.launchpad.net

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2022-01-06:

Package building in https://launchpad.net/~fnordahl/+archive/ubuntu/lp1857026

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Frode Nordahl

Ubuntu Server Developers

Ubuntu
ovn package

Merge ~fnordahl/ubuntu/+source/ovn:bug/1857026-focal into ~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/changelog b/debian/changelog
 index c0af91d..2094609 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,11 @@
++ovn (20.03.2-0ubuntu0.20.04.3) focal; urgency=medium
++
++  * Add support for PTR DNS requests (LP: #1857026)
++    - d/p/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch
++    - d/p/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch
++
++ -- Frode Nordahl <frode.nordahl@canonical.com>  Thu, 06 Jan 2022 10:00:00 +0100
++
  ovn (20.03.2-0ubuntu0.20.04.2) focal; urgency=medium
    * Add RBAC rules for IGMP_Group table (LP: #1914988):
 diff --git a/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch b/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch
 new file mode 100644
 index 0000000..bfb394a
 --- /dev/null
 +++ b/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch
@@ -0,0 +1,274 @@
++Origin: backport, https://github.com/ovn-org/ovn/commit/9287f425e8bc5781728b2ff1c60413d3c39c33a8
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1857026
++Last-Update: 2022-01-06
++
++From 815d4c04992d994bcd75b3d642fe6cc694ec99b3 Mon Sep 17 00:00:00 2001
++From: Mark Michelson <mmichels@redhat.com>
++Date: Mon, 20 Apr 2020 09:25:09 -0400
++Subject: [PATCH 1/2] DNS: Make DNS lookups case insensitive.
++
++From RFC 1035 Section 2.3.3:
++
++"For all parts of the DNS that are part of the official protocol, all
++comparisons between character strings (e.g., labels, domain names, etc.)
++are done in a case-insensitive manner."
++
++OVN was using case-sensitive lookups and therefore was not complying.
++This change makes lookups case insensitive by storing lowercase record
++names in the southbound database and converting incoming query names to
++lowercase.
++
++Signed-off-by: Mark Michelson <mmichels@redhat.com>
++Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1819069
++Reported-by: Jianlin Shi <jishi@redhat.com>
++Acked-by: Numan Siddique <numans@ovn.org>
++(cherry picked from commit 9287f425e8bc5781728b2ff1c60413d3c39c33a8)
++---
++ controller/pinctrl.c |  7 ++++-
++ lib/ovn-util.c       | 15 +++++++++++
++ lib/ovn-util.h       |  5 ++++
++ northd/ovn-northd.c  | 15 ++++++++++-
++ ovn-sb.xml           |  3 ++-
++ tests/ovn.at         | 61 ++++++++++++++++++++++++++++++++------------
++ 6 files changed, 87 insertions(+), 19 deletions(-)
++
++diff --git a/controller/pinctrl.c b/controller/pinctrl.c
++index 5822f03ef..4879dcc45 100644
++--- a/controller/pinctrl.c
+++++ b/controller/pinctrl.c
++@@ -1767,7 +1767,12 @@ pinctrl_handle_dns_lookup(
++         struct dns_data *d = iter->data;
++         for (size_t i = 0; i < d->n_dps; i++) {
++             if (d->dps[i] == dp_key) {
++-                answer_ips = smap_get(&d->records, ds_cstr(&query_name));
+++                /* DNS records in SBDB are stored in lowercase. Convert to
+++                 * lowercase to perform case insensitive lookup
+++                 */
+++                char *query_name_lower = str_tolower(ds_cstr(&query_name));
+++                answer_ips = smap_get(&d->records, query_name_lower);
+++                free(query_name_lower);
++                 if (answer_ips) {
++                     break;
++                 }
++diff --git a/lib/ovn-util.c b/lib/ovn-util.c
++index 514e2489f..1b30c2e9a 100644
++--- a/lib/ovn-util.c
+++++ b/lib/ovn-util.c
++@@ -21,6 +21,7 @@
++ #include "openvswitch/ofp-parse.h"
++ #include "ovn-nb-idl.h"
++ #include "ovn-sb-idl.h"
+++#include <ctype.h>
++
++ VLOG_DEFINE_THIS_MODULE(ovn_util);
++
++@@ -550,3 +551,17 @@ ip46_equals(const struct v46_ip *addr1, const struct v46_ip *addr2)
++             (addr1->family == AF_INET ? addr1->ipv4 == addr2->ipv4 :
++              IN6_ARE_ADDR_EQUAL(&addr1->ipv6, &addr2->ipv6)));
++ }
+++
+++char *
+++str_tolower(const char *orig)
+++{
+++    char *copy = xmalloc(strlen(orig) + 1);
+++    char *p = copy;
+++
+++    while (*orig) {
+++        *p++ = tolower(*orig++);
+++    }
+++    *p = '\0';
+++
+++    return copy;
+++}
++diff --git a/lib/ovn-util.h b/lib/ovn-util.h
++index 11238f61c..4076e8b9a 100644
++--- a/lib/ovn-util.h
+++++ b/lib/ovn-util.h
++@@ -124,4 +124,9 @@ struct v46_ip {
++ bool ip46_parse_cidr(const char *str, struct v46_ip *prefix,
++                      unsigned int *plen);
++ bool ip46_equals(const struct v46_ip *addr1, const struct v46_ip *addr2);
+++
+++/* Returns a lowercase copy of orig.
+++ * Caller must free the returned string.
+++ */
+++char *str_tolower(const char *orig);
++ #endif
++diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
++index 9cc2c04bb..4ced1b48f 100644
++--- a/northd/ovn-northd.c
+++++ b/northd/ovn-northd.c
++@@ -10634,7 +10634,20 @@ sync_dns_entries(struct northd_context *ctx, struct hmap *datapaths)
++             dns_info->sb_dns,
++             (struct sbrec_datapath_binding **)dns_info->sbs,
++             dns_info->n_sbs);
++-        sbrec_dns_set_records(dns_info->sb_dns, &dns_info->nb_dns->records);
+++
+++        /* DNS lookups are case-insensitive. Convert records to lowercase so
+++         * we can do consistent lookups when DNS requests arrive
+++         */
+++        struct smap lower_records = SMAP_INITIALIZER(&lower_records);
+++        struct smap_node *node;
+++        SMAP_FOR_EACH (node, &dns_info->nb_dns->records) {
+++            smap_add_nocopy(&lower_records, xstrdup(node->key),
+++                            str_tolower(node->value));
+++        }
+++
+++        sbrec_dns_set_records(dns_info->sb_dns, &lower_records);
+++
+++        smap_destroy(&lower_records);
++         free(dns_info->sbs);
++         free(dns_info);
++     }
++diff --git a/ovn-sb.xml b/ovn-sb.xml
++index 2703e6d0c..64c33d2df 100644
++--- a/ovn-sb.xml
+++++ b/ovn-sb.xml
++@@ -3581,7 +3581,8 @@ tcp.flags = RST;
++     <column name="records">
++       Key-value pair of DNS records with <code>DNS query name</code> as the key
++       and a string of IP address(es) separated by comma or space as the
++-      value.
+++      value. ovn-northd stores the DNS query name in all lowercase in order to
+++      facilitate case-insensitive lookups.
++
++       <p><b>Example: </b> "vm1.ovn.org" = "10.0.0.4 aef0::4"</p>
++     </column>
++diff --git a/tests/ovn.at b/tests/ovn.at
++index 4d9ee1256..b6eff4349 100644
++--- a/tests/ovn.at
+++++ b/tests/ovn.at
++@@ -8317,6 +8317,12 @@ set_dns_params() {
++         # IPv4 address - 10.0.0.4
++         expected_dns_answer=${query_name}00010001${ttl}00040a000004
++         ;;
+++    VM1)
+++        # VM1.OVN.ORG
+++        query_name=03564d31034f564e034f524700
+++        # IPv4 address - 10.0.0.4
+++        expected_dns_answer=${query_name}00010001${ttl}00040a000004
+++        ;;
++     vm2)
++         # vm2.ovn.org
++         query_name=03766d32036f766e036f726700
++@@ -8479,6 +8485,29 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++# Try vm1 again but an all-caps query name
+++
+++set_dns_params VM1
+++src_ip=`ip_to_hex 10 0 0 6`
+++dst_ip=`ip_to_hex 10 0 0 1`
+++dns_reply=1
+++test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
+++
+++# NXT_RESUMEs should be 3.
+++OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++
+++$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
+++cat 2.expected | cut -c -48 > expout
+++AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
+++# Skipping the IPv4 checksum.
+++cat 2.expected | cut -c 53- > expout
+++AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
+++
+++reset_pcap_file hv1-vif1 hv1/vif1
+++reset_pcap_file hv1-vif2 hv1/vif2
+++rm -f 1.expected
+++rm -f 2.expected
+++
++ # Clear the query name options for ls1-lp2
++ ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org
++
++@@ -8488,8 +8517,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=0
++ test_dns 1 f00000000001 f00000000002 $src_ip $dst_ip $dns_reply $dns_req_data
++
++-# NXT_RESUMEs should be 3.
++-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 4.
+++OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
++ AT_CHECK([cat 1.packets], [0], [])
++@@ -8510,8 +8539,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=0
++ test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
++
++-# NXT_RESUMEs should be 3 only.
++-OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 4 only.
+++OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
++ AT_CHECK([cat 2.packets], [0], [])
++@@ -8531,8 +8560,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=1
++ test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
++
++-# NXT_RESUMEs should be 4.
++-OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 5.
+++OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
++ cat 2.expected | cut -c -48 > expout
++@@ -8553,8 +8582,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=1
++ test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
++
++-# NXT_RESUMEs should be 5.
++-OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 6.
+++OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
++ cat 2.expected | cut -c -48 > expout
++@@ -8575,8 +8604,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=0
++ test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
++
++-# NXT_RESUMEs should be 6.
++-OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 7.
+++OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
++ AT_CHECK([cat 2.packets], [0], [])
++@@ -8593,8 +8622,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=0
++ test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data
++
++-# NXT_RESUMEs should be 7.
++-OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 8.
+++OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
++ AT_CHECK([cat 2.packets], [0], [])
++@@ -8613,8 +8642,8 @@ dst_ip=`ip_to_hex 10 0 0 1`
++ dns_reply=1
++ test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
++
++-# NXT_RESUMEs should be 8.
++-OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 9.
+++OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
++ cat 1.expected | cut -c -48 > expout
++@@ -8635,8 +8664,8 @@ dst_ip=aef00000000000000000000000000001
++ dns_reply=1
++ test_dns6 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
++
++-# NXT_RESUMEs should be 9.
++-OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++# NXT_RESUMEs should be 10
+++OVS_WAIT_UNTIL([test 10 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
++
++ $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
++ # Skipping the UDP checksum.
++--
++2.33.1
++
 diff --git a/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch b/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch
 new file mode 100644
 index 0000000..4386c6c
 --- /dev/null
 +++ b/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch
@@ -0,0 +1,491 @@
++Origin: backport, https://github.com/ovn-org/ovn/commit/82a4e44e308171cb545211eb2534475ef16a4c0e
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1857026
++Last-Update: 2022-01-06
++
++From e612a270f789af616e98cc204eee42b8b114de41 Mon Sep 17 00:00:00 2001
++From: Vladislav Odintsov <odivlad@gmail.com>
++Date: Fri, 19 Feb 2021 11:57:59 +0300
++Subject: [PATCH 2/2] controller: Add support for PTR DNS requests.
++
++The native OVN DNS support doesn't yet support for PTR DNS requests.
++This patch adds the support for it.  If suppose there is a dns record
++as - "vm1.ovn.org"="10.0.0.4", then a normal DNS request will query for
++"vm1.ovn.org" and the reply will be the IP address - 10.0.0.4.
++PTR DNS request helps in getting the domain name of the IP address.
++For the above example, the PTR DNS request will have a query name as
++- "4.0.0.10.in-addr.arpa".  And the response will have "vm1.ovn.org".
++In order to support this feature, this patch expects the CMS to define
++an another entry in the DNS record  as - "4.0.0.10.in-addr.arpa"="vm1.ovn.org".
++
++This makes the job of ovn-controller easier to support this feature.
++
++Submitted-at: https://github.com/ovn-org/ovn/pull/74
++Signed-off-by: Vladislav Odintsov <odivlad@gmail.com>
++Signed-off-by: Numan Siddique <numans@ovn.org>
++(cherry picked from commit 82a4e44e308171cb545211eb2534475ef16a4c0e)
++---
++ controller/pinctrl.c | 181 +++++++++++++++++++++++++++++++------------
++ lib/ovn-l7.h         |   8 ++
++ ovn-nb.xml           |   6 ++
++ tests/ovn.at         |  83 +++++++++++++++++++-
++ 4 files changed, 228 insertions(+), 50 deletions(-)
++
++diff --git a/controller/pinctrl.c b/controller/pinctrl.c
++index 4879dcc45..c505077e0 100644
++--- a/controller/pinctrl.c
+++++ b/controller/pinctrl.c
++@@ -1658,6 +1658,106 @@ destroy_dns_cache(void)
++     }
++ }
++
+++/* Populates dns_answer struct with base data.
+++ * Copy the answer section
+++ * Format of the answer section is
+++ *  - NAME     -> The domain name
+++ *  - TYPE     -> 2 octets containing one of the RR type codes
+++ *  - CLASS    -> 2 octets which specify the class of the data
+++ *                in the RDATA field.
+++ *  - TTL      -> 32 bit unsigned int specifying the time
+++ *                interval (in secs) that the resource record
+++ *                 may be cached before it should be discarded.
+++ *  - RDLENGTH -> 16 bit integer specifying the length of the
+++ *                RDATA field.
+++ *  - RDATA    -> a variable length string of octets that
+++ *                describes the resource.
+++ */
+++static void
+++dns_build_base_answer(
+++    struct ofpbuf *dns_answer, const uint8_t *in_queryname,
+++    uint16_t query_length, int query_type)
+++{
+++    ofpbuf_put(dns_answer, in_queryname, query_length);
+++    put_be16(dns_answer, htons(query_type));
+++    put_be16(dns_answer, htons(DNS_CLASS_IN));
+++    put_be32(dns_answer, htonl(DNS_DEFAULT_RR_TTL));
+++}
+++
+++/* Populates dns_answer struct with a TYPE A answer. */
+++static void
+++dns_build_a_answer(
+++    struct ofpbuf *dns_answer, const uint8_t *in_queryname,
+++    uint16_t query_length, const ovs_be32 addr)
+++{
+++    dns_build_base_answer(dns_answer, in_queryname, query_length,
+++                          DNS_QUERY_TYPE_A);
+++    put_be16(dns_answer, htons(sizeof(ovs_be32)));
+++    put_be32(dns_answer, addr);
+++}
+++
+++/* Populates dns_answer struct with a TYPE AAAA answer. */
+++static void
+++dns_build_aaaa_answer(
+++    struct ofpbuf *dns_answer, const uint8_t *in_queryname,
+++    uint16_t query_length, const struct in6_addr *addr)
+++{
+++    dns_build_base_answer(dns_answer, in_queryname, query_length,
+++                          DNS_QUERY_TYPE_AAAA);
+++    put_be16(dns_answer, htons(sizeof(*addr)));
+++    ofpbuf_put(dns_answer, addr, sizeof(*addr));
+++}
+++
+++/* Populates dns_answer struct with a TYPE PTR answer. */
+++static void
+++dns_build_ptr_answer(
+++    struct ofpbuf *dns_answer, const uint8_t *in_queryname,
+++    uint16_t query_length, const char *answer_data)
+++{
+++    char *encoded_answer;
+++    uint16_t encoded_answer_length;
+++
+++    dns_build_base_answer(dns_answer, in_queryname, query_length,
+++                          DNS_QUERY_TYPE_PTR);
+++
+++    /* Initialize string 2 chars longer than real answer:
+++     * first label length and terminating zero-length label.
+++     * If the answer_data is - vm1tst.ovn.org, it will be encoded as
+++     *  - 0010 (Total length which is 16)
+++     *  - 06766d31747374 (vm1tst)
+++     *  - 036f766e (ovn)
+++     *  - 036f7267 (org
+++     *  - 00 (zero length field) */
+++    encoded_answer_length = strlen(answer_data) + 2;
+++    encoded_answer = (char *)xzalloc(encoded_answer_length);
+++
+++    put_be16(dns_answer, htons(encoded_answer_length));
+++    uint8_t label_len_index = 0;
+++    uint16_t label_len = 0;
+++    char *encoded_answer_ptr = (char *)encoded_answer + 1;
+++    while (*answer_data) {
+++        if (*answer_data == '.') {
+++            /* Label has ended.  Update the length of the label. */
+++            encoded_answer[label_len_index] = label_len;
+++            label_len_index += (label_len + 1);
+++            label_len = 0; /* Init to 0 for the next label. */
+++        } else {
+++            *encoded_answer_ptr =  *answer_data;
+++            label_len++;
+++        }
+++        encoded_answer_ptr++;
+++        answer_data++;
+++    }
+++
+++    /* This is required for the last label if it doesn't end with '.' */
+++    if (label_len) {
+++        encoded_answer[label_len_index] = label_len;
+++    }
+++
+++    ofpbuf_put(dns_answer, encoded_answer, encoded_answer_length);
+++    free(encoded_answer);
+++}
+++
++ /* Called with in the pinctrl_handler thread context. */
++ static void
++ pinctrl_handle_dns_lookup(
++@@ -1753,15 +1853,16 @@ pinctrl_handle_dns_lookup(
++     }
++
++     uint16_t query_type = ntohs(*ALIGNED_CAST(const ovs_be16 *, in_dns_data));
++-    /* Supported query types - A, AAAA and ANY */
+++    /* Supported query types - A, AAAA, ANY and PTR */
++     if (!(query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_AAAA
++-          || query_type == DNS_QUERY_TYPE_ANY)) {
+++          || query_type == DNS_QUERY_TYPE_ANY
+++          || query_type == DNS_QUERY_TYPE_PTR)) {
++         ds_destroy(&query_name);
++         goto exit;
++     }
++
++     uint64_t dp_key = ntohll(pin->flow_metadata.flow.metadata);
++-    const char *answer_ips = NULL;
+++    const char *answer_data = NULL;
++     struct shash_node *iter;
++     SHASH_FOR_EACH (iter, &dns_cache) {
++         struct dns_data *d = iter->data;
++@@ -1771,76 +1872,58 @@ pinctrl_handle_dns_lookup(
++                  * lowercase to perform case insensitive lookup
++                  */
++                 char *query_name_lower = str_tolower(ds_cstr(&query_name));
++-                answer_ips = smap_get(&d->records, query_name_lower);
+++                answer_data = smap_get(&d->records, query_name_lower);
++                 free(query_name_lower);
++-                if (answer_ips) {
+++                if (answer_data) {
++                     break;
++                 }
++             }
++         }
++
++-        if (answer_ips) {
+++        if (answer_data) {
++             break;
++         }
++     }
++
++     ds_destroy(&query_name);
++-    if (!answer_ips) {
+++    if (!answer_data) {
++         goto exit;
++     }
++
++-    struct lport_addresses ip_addrs;
++-    if (!extract_ip_addresses(answer_ips, &ip_addrs)) {
++-        goto exit;
++-    }
++
++     uint16_t ancount = 0;
++     uint64_t dns_ans_stub[128 / 8];
++     struct ofpbuf dns_answer = OFPBUF_STUB_INITIALIZER(dns_ans_stub);
++
++-    if (query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_ANY) {
++-        for (size_t i = 0; i < ip_addrs.n_ipv4_addrs; i++) {
++-            /* Copy the answer section */
++-            /* Format of the answer section is
++-             *  - NAME     -> The domain name
++-             *  - TYPE     -> 2 octets containing one of the RR type codes
++-             *  - CLASS    -> 2 octets which specify the class of the data
++-             *                in the RDATA field.
++-             *  - TTL      -> 32 bit unsigned int specifying the time
++-             *                interval (in secs) that the resource record
++-             *                 may be cached before it should be discarded.
++-             *  - RDLENGTH -> 16 bit integer specifying the length of the
++-             *                RDATA field.
++-             *  - RDATA    -> a variable length string of octets that
++-             *                describes the resource. In our case it will
++-             *                be IP address of the domain name.
++-             */
++-            ofpbuf_put(&dns_answer, in_queryname, idx);
++-            put_be16(&dns_answer, htons(DNS_QUERY_TYPE_A));
++-            put_be16(&dns_answer, htons(DNS_CLASS_IN));
++-            put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL));
++-            put_be16(&dns_answer, htons(sizeof(ovs_be32)));
++-            put_be32(&dns_answer, ip_addrs.ipv4_addrs[i].addr);
++-            ancount++;
+++    if (query_type == DNS_QUERY_TYPE_PTR) {
+++        dns_build_ptr_answer(&dns_answer, in_queryname, idx, answer_data);
+++        ancount++;
+++    } else {
+++        struct lport_addresses ip_addrs;
+++        if (!extract_ip_addresses(answer_data, &ip_addrs)) {
+++            goto exit;
+++        }
+++
+++        if (query_type == DNS_QUERY_TYPE_A ||
+++            query_type == DNS_QUERY_TYPE_ANY) {
+++            for (size_t i = 0; i < ip_addrs.n_ipv4_addrs; i++) {
+++                dns_build_a_answer(&dns_answer, in_queryname, idx,
+++                                   ip_addrs.ipv4_addrs[i].addr);
+++                ancount++;
+++            }
++         }
++-    }
++
++-    if (query_type == DNS_QUERY_TYPE_AAAA ||
++-        query_type == DNS_QUERY_TYPE_ANY) {
++-        for (size_t i = 0; i < ip_addrs.n_ipv6_addrs; i++) {
++-            ofpbuf_put(&dns_answer, in_queryname, idx);
++-            put_be16(&dns_answer, htons(DNS_QUERY_TYPE_AAAA));
++-            put_be16(&dns_answer, htons(DNS_CLASS_IN));
++-            put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL));
++-            const struct in6_addr *ip6 = &ip_addrs.ipv6_addrs[i].addr;
++-            put_be16(&dns_answer, htons(sizeof *ip6));
++-            ofpbuf_put(&dns_answer, ip6, sizeof *ip6);
++-            ancount++;
+++        if (query_type == DNS_QUERY_TYPE_AAAA ||
+++            query_type == DNS_QUERY_TYPE_ANY) {
+++            for (size_t i = 0; i < ip_addrs.n_ipv6_addrs; i++) {
+++                dns_build_aaaa_answer(&dns_answer, in_queryname, idx,
+++                                      &ip_addrs.ipv6_addrs[i].addr);
+++                ancount++;
+++            }
++         }
+++        destroy_lport_addresses(&ip_addrs);
++     }
++
++-    destroy_lport_addresses(&ip_addrs);
++-
++     if (!ancount) {
++         ofpbuf_uninit(&dns_answer);
++         goto exit;
++diff --git a/lib/ovn-l7.h b/lib/ovn-l7.h
++index 507949c28..899162866 100644
++--- a/lib/ovn-l7.h
+++++ b/lib/ovn-l7.h
++@@ -26,6 +26,14 @@
++ #include "hash.h"
++ #include "ovn/logical-fields.h"
++
+++#define DNS_QUERY_TYPE_A        0x01
+++#define DNS_QUERY_TYPE_AAAA     0x1c
+++#define DNS_QUERY_TYPE_ANY      0xff
+++#define DNS_QUERY_TYPE_PTR      0x0c
+++
+++#define DNS_CLASS_IN            0x01
+++#define DNS_DEFAULT_RR_TTL      3600
+++
++ /* Generic options map which is used to store dhcpv4 opts and dhcpv6 opts. */
++ struct gen_opts_map {
++     struct hmap_node hmap_node;
++diff --git a/ovn-nb.xml b/ovn-nb.xml
++index f30cc9ee9..a57e7498f 100644
++--- a/ovn-nb.xml
+++++ b/ovn-nb.xml
++@@ -3188,7 +3188,13 @@
++       Key-value pair of DNS records with <code>DNS query name</code> as the key
++       and value as a string of IP address(es) separated by comma or space.
++
+++      For PTR requests, the key-value pair can be
+++      <code>Reverse IPv4 address.in-addr.arpa</code> and the value
+++      <code>DNS domain name</code>.  For IPv6 addresses, the key
+++      has to be <code>Reverse IPv6 address.ip6.arpa</code>.
+++
++       <p><b>Example: </b> "vm1.ovn.org" = "10.0.0.4 aef0::4"</p>
+++      <p><b>Example: </b> "4.0.0.10.in-addr.arpa" = "vm1.ovn.org"</p>
++     </column>
++
++     <column name="external_ids">
++diff --git a/tests/ovn.at b/tests/ovn.at
++index b6eff4349..87d0bd4fc 100644
++--- a/tests/ovn.at
+++++ b/tests/ovn.at
++@@ -8256,10 +8256,13 @@ ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
++
++ DNS1=`ovn-nbctl create DNS records={}`
++ DNS2=`ovn-nbctl create DNS records={}`
+++DNS3=`ovn-nbctl create DNS records={}`
++
++ ovn-nbctl set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4"
++ ovn-nbctl set DNS $DNS1 records:vm2.ovn.org="10.0.0.6 20.0.0.4"
++ ovn-nbctl set DNS $DNS2 records:vm3.ovn.org="40.0.0.4"
+++ovn-nbctl set DNS $DNS3 records:4.0.0.10.in-addr.arpa="vm1.ovn.org"
+++ovn-nbctl set DNS $DNS3 records:4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.a.ip6.arpa="vm1.ovn.org"
++
++ ovn-nbctl set Logical_switch ls1 dns_records="$DNS1"
++
++@@ -8365,6 +8368,21 @@ set_dns_params() {
++     vm1_incomplete)
++         # set type to none
++         type=''
+++        ;;
+++    vm1_ipv4_ptr)
+++        # 4.0.0.10.in-addr.arpa
+++        query_name=01340130013002313007696e2d61646472046172706100
+++        type=000c
+++        # vm1.ovn.org
+++        expected_dns_answer=${query_name}${type}0001${ttl}000d03766d31036f766e036f726700
+++        ;;
+++    vm1_ipv6_ptr)
+++        # 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.a.ip6.arpa
+++        query_name=0134013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001660165016103697036046172706100
+++        type=000c
+++        # vm1.ovn.org
+++        expected_dns_answer=${query_name}${type}0001${ttl}000d03766d31036f766e036f726700
+++        ;;
++     esac
++     # TTL - 3600
++     local dns_req_header=010201200001000000000000
++@@ -8464,6 +8482,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ set_dns_params vm1
++ src_ip=`ip_to_hex 10 0 0 6`
++ dst_ip=`ip_to_hex 10 0 0 1`
++@@ -8485,8 +8504,8 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
++-# Try vm1 again but an all-caps query name
++
+++# Try vm1 again but an all-caps query name
++ set_dns_params VM1
++ src_ip=`ip_to_hex 10 0 0 6`
++ dst_ip=`ip_to_hex 10 0 0 1`
++@@ -8508,6 +8527,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Clear the query name options for ls1-lp2
++ ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org
++
++@@ -8528,6 +8548,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Clear the query name for ls1-lp1
++ # Since ls1 has no query names configued,
++ # ovn-northd should not add the DNS flows.
++@@ -8550,6 +8571,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Test IPv6 (AAAA records) using IPv4 packet.
++ # Add back the DNS options for ls1-lp1.
++ ovn-nbctl --wait=hv set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4"
++@@ -8575,6 +8597,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Test both IPv4 (A) and IPv6 (AAAA records) using IPv4 packet.
++ set_dns_params vm1_ipv4_v6
++ src_ip=`ip_to_hex 10 0 0 6`
++@@ -8597,6 +8620,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Invalid type.
++ set_dns_params vm1_invalid_type
++ src_ip=`ip_to_hex 10 0 0 6`
++@@ -8615,6 +8639,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Incomplete DNS packet.
++ set_dns_params vm1_incomplete
++ src_ip=`ip_to_hex 10 0 0 6`
++@@ -8633,6 +8658,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Add one more DNS record to the ls1.
++ ovn-nbctl --wait=hv set Logical_switch ls1 dns_records="$DNS1 $DNS2"
++
++@@ -8657,6 +8683,7 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
++ # Try DNS query over IPv6
++ set_dns_params vm1
++ src_ip=aef00000000000000000000000000004
++@@ -8677,6 +8704,60 @@ reset_pcap_file hv1-vif2 hv1/vif2
++ rm -f 1.expected
++ rm -f 2.expected
++
+++
+++# Add one more DNS record to the ls1.
+++ovn-nbctl --wait=hv set Logical_switch ls1 dns_records="$DNS1 $DNS2 $DNS3"
+++echo "*************************"
+++ovn-sbctl list DNS
+++echo "*************************"
+++ovn-nbctl list DNS
+++echo "*************************"
+++
+++# Test PTR record for IPv4 address using IPv4 packet.
+++set_dns_params vm1_ipv4_ptr
+++src_ip=`ip_to_hex 10 0 0 4`
+++dst_ip=`ip_to_hex 10 0 0 1`
+++dns_reply=1
+++test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
+++
+++# NXT_RESUMEs should be 11.
+++OVS_WAIT_UNTIL([test 11 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++
+++$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
+++cat 1.expected | cut -c -48 > expout
+++AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
+++# Skipping the IPv4 checksum.
+++cat 1.expected | cut -c 53- > expout
+++AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
+++
+++reset_pcap_file hv1-vif1 hv1/vif1
+++reset_pcap_file hv1-vif2 hv1/vif2
+++rm -f 1.expected
+++rm -f 2.expected
+++
+++
+++# Test PTR record for IPv6 address using IPv4 packet.
+++set_dns_params vm1_ipv6_ptr
+++src_ip=`ip_to_hex 10 0 0 4`
+++dst_ip=`ip_to_hex 10 0 0 1`
+++dns_reply=1
+++test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data
+++
+++# NXT_RESUMEs should be 12.
+++OVS_WAIT_UNTIL([test 12 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
+++
+++$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
+++cat 1.expected | cut -c -48 > expout
+++AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
+++# Skipping the IPv4 checksum.
+++cat 1.expected | cut -c 53- > expout
+++AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
+++
+++reset_pcap_file hv1-vif1 hv1/vif1
+++reset_pcap_file hv1-vif2 hv1/vif2
+++rm -f 1.expected
+++rm -f 2.expected
+++
++ OVN_CLEANUP([hv1])
++
++ AT_CLEANUP
++--
++2.33.1
++
 diff --git a/debian/patches/series b/debian/patches/series
 index fbe5db9..ba80c08 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -4,3 +4,5 @@ lp-1914988-tests-Use-ovn_start-in-tests-ovn-controller.at.patch
  lp-1914988-tests-Make-certificate-generation-extendable.patch
  lp-1914988-tests-Test-with-SSL-and-RBAC-for-controller-by-defau.patch
  lp-1943266-physical-do-not-forward-traffic-from-localport-to-a-.patch
++lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch
++lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch

Ubuntuovn package

Merge ~fnordahl/ubuntu/+source/ovn:bug/1857026-focal into ~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
ovn package