Merge ~fnordahl/ubuntu/+source/ovn:bug/1857026-focal into ~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal
- Git
- lp:~fnordahl/ubuntu/+source/ovn
- bug/1857026-focal
- Merge into ubuntu/focal
Proposed by
Frode Nordahl
Status: | Merged |
---|---|
Merged at revision: | 1272554ada5e7ecfcc9b090d696d7b092779bdb6 |
Proposed branch: | ~fnordahl/ubuntu/+source/ovn:bug/1857026-focal |
Merge into: | ~ubuntu-server-dev/ubuntu/+source/ovn:ubuntu/focal |
Diff against target: |
803 lines (+775/-0) 4 files modified
debian/changelog (+8/-0) debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch (+274/-0) debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch (+491/-0) debian/patches/series (+2/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Pending | ||
Review via email: mp+413737@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
Frode Nordahl (fnordahl) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index c0af91d..2094609 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,11 @@ | |||
6 | 1 | ovn (20.03.2-0ubuntu0.20.04.3) focal; urgency=medium | ||
7 | 2 | |||
8 | 3 | * Add support for PTR DNS requests (LP: #1857026) | ||
9 | 4 | - d/p/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch | ||
10 | 5 | - d/p/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch | ||
11 | 6 | |||
12 | 7 | -- Frode Nordahl <frode.nordahl@canonical.com> Thu, 06 Jan 2022 10:00:00 +0100 | ||
13 | 8 | |||
14 | 1 | ovn (20.03.2-0ubuntu0.20.04.2) focal; urgency=medium | 9 | ovn (20.03.2-0ubuntu0.20.04.2) focal; urgency=medium |
15 | 2 | 10 | ||
16 | 3 | * Add RBAC rules for IGMP_Group table (LP: #1914988): | 11 | * Add RBAC rules for IGMP_Group table (LP: #1914988): |
17 | diff --git a/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch b/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch | |||
18 | 4 | new file mode 100644 | 12 | new file mode 100644 |
19 | index 0000000..bfb394a | |||
20 | --- /dev/null | |||
21 | +++ b/debian/patches/lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch | |||
22 | @@ -0,0 +1,274 @@ | |||
23 | 1 | Origin: backport, https://github.com/ovn-org/ovn/commit/9287f425e8bc5781728b2ff1c60413d3c39c33a8 | ||
24 | 2 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1857026 | ||
25 | 3 | Last-Update: 2022-01-06 | ||
26 | 4 | |||
27 | 5 | From 815d4c04992d994bcd75b3d642fe6cc694ec99b3 Mon Sep 17 00:00:00 2001 | ||
28 | 6 | From: Mark Michelson <mmichels@redhat.com> | ||
29 | 7 | Date: Mon, 20 Apr 2020 09:25:09 -0400 | ||
30 | 8 | Subject: [PATCH 1/2] DNS: Make DNS lookups case insensitive. | ||
31 | 9 | |||
32 | 10 | From RFC 1035 Section 2.3.3: | ||
33 | 11 | |||
34 | 12 | "For all parts of the DNS that are part of the official protocol, all | ||
35 | 13 | comparisons between character strings (e.g., labels, domain names, etc.) | ||
36 | 14 | are done in a case-insensitive manner." | ||
37 | 15 | |||
38 | 16 | OVN was using case-sensitive lookups and therefore was not complying. | ||
39 | 17 | This change makes lookups case insensitive by storing lowercase record | ||
40 | 18 | names in the southbound database and converting incoming query names to | ||
41 | 19 | lowercase. | ||
42 | 20 | |||
43 | 21 | Signed-off-by: Mark Michelson <mmichels@redhat.com> | ||
44 | 22 | Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1819069 | ||
45 | 23 | Reported-by: Jianlin Shi <jishi@redhat.com> | ||
46 | 24 | Acked-by: Numan Siddique <numans@ovn.org> | ||
47 | 25 | (cherry picked from commit 9287f425e8bc5781728b2ff1c60413d3c39c33a8) | ||
48 | 26 | --- | ||
49 | 27 | controller/pinctrl.c | 7 ++++- | ||
50 | 28 | lib/ovn-util.c | 15 +++++++++++ | ||
51 | 29 | lib/ovn-util.h | 5 ++++ | ||
52 | 30 | northd/ovn-northd.c | 15 ++++++++++- | ||
53 | 31 | ovn-sb.xml | 3 ++- | ||
54 | 32 | tests/ovn.at | 61 ++++++++++++++++++++++++++++++++------------ | ||
55 | 33 | 6 files changed, 87 insertions(+), 19 deletions(-) | ||
56 | 34 | |||
57 | 35 | diff --git a/controller/pinctrl.c b/controller/pinctrl.c | ||
58 | 36 | index 5822f03ef..4879dcc45 100644 | ||
59 | 37 | --- a/controller/pinctrl.c | ||
60 | 38 | +++ b/controller/pinctrl.c | ||
61 | 39 | @@ -1767,7 +1767,12 @@ pinctrl_handle_dns_lookup( | ||
62 | 40 | struct dns_data *d = iter->data; | ||
63 | 41 | for (size_t i = 0; i < d->n_dps; i++) { | ||
64 | 42 | if (d->dps[i] == dp_key) { | ||
65 | 43 | - answer_ips = smap_get(&d->records, ds_cstr(&query_name)); | ||
66 | 44 | + /* DNS records in SBDB are stored in lowercase. Convert to | ||
67 | 45 | + * lowercase to perform case insensitive lookup | ||
68 | 46 | + */ | ||
69 | 47 | + char *query_name_lower = str_tolower(ds_cstr(&query_name)); | ||
70 | 48 | + answer_ips = smap_get(&d->records, query_name_lower); | ||
71 | 49 | + free(query_name_lower); | ||
72 | 50 | if (answer_ips) { | ||
73 | 51 | break; | ||
74 | 52 | } | ||
75 | 53 | diff --git a/lib/ovn-util.c b/lib/ovn-util.c | ||
76 | 54 | index 514e2489f..1b30c2e9a 100644 | ||
77 | 55 | --- a/lib/ovn-util.c | ||
78 | 56 | +++ b/lib/ovn-util.c | ||
79 | 57 | @@ -21,6 +21,7 @@ | ||
80 | 58 | #include "openvswitch/ofp-parse.h" | ||
81 | 59 | #include "ovn-nb-idl.h" | ||
82 | 60 | #include "ovn-sb-idl.h" | ||
83 | 61 | +#include <ctype.h> | ||
84 | 62 | |||
85 | 63 | VLOG_DEFINE_THIS_MODULE(ovn_util); | ||
86 | 64 | |||
87 | 65 | @@ -550,3 +551,17 @@ ip46_equals(const struct v46_ip *addr1, const struct v46_ip *addr2) | ||
88 | 66 | (addr1->family == AF_INET ? addr1->ipv4 == addr2->ipv4 : | ||
89 | 67 | IN6_ARE_ADDR_EQUAL(&addr1->ipv6, &addr2->ipv6))); | ||
90 | 68 | } | ||
91 | 69 | + | ||
92 | 70 | +char * | ||
93 | 71 | +str_tolower(const char *orig) | ||
94 | 72 | +{ | ||
95 | 73 | + char *copy = xmalloc(strlen(orig) + 1); | ||
96 | 74 | + char *p = copy; | ||
97 | 75 | + | ||
98 | 76 | + while (*orig) { | ||
99 | 77 | + *p++ = tolower(*orig++); | ||
100 | 78 | + } | ||
101 | 79 | + *p = '\0'; | ||
102 | 80 | + | ||
103 | 81 | + return copy; | ||
104 | 82 | +} | ||
105 | 83 | diff --git a/lib/ovn-util.h b/lib/ovn-util.h | ||
106 | 84 | index 11238f61c..4076e8b9a 100644 | ||
107 | 85 | --- a/lib/ovn-util.h | ||
108 | 86 | +++ b/lib/ovn-util.h | ||
109 | 87 | @@ -124,4 +124,9 @@ struct v46_ip { | ||
110 | 88 | bool ip46_parse_cidr(const char *str, struct v46_ip *prefix, | ||
111 | 89 | unsigned int *plen); | ||
112 | 90 | bool ip46_equals(const struct v46_ip *addr1, const struct v46_ip *addr2); | ||
113 | 91 | + | ||
114 | 92 | +/* Returns a lowercase copy of orig. | ||
115 | 93 | + * Caller must free the returned string. | ||
116 | 94 | + */ | ||
117 | 95 | +char *str_tolower(const char *orig); | ||
118 | 96 | #endif | ||
119 | 97 | diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c | ||
120 | 98 | index 9cc2c04bb..4ced1b48f 100644 | ||
121 | 99 | --- a/northd/ovn-northd.c | ||
122 | 100 | +++ b/northd/ovn-northd.c | ||
123 | 101 | @@ -10634,7 +10634,20 @@ sync_dns_entries(struct northd_context *ctx, struct hmap *datapaths) | ||
124 | 102 | dns_info->sb_dns, | ||
125 | 103 | (struct sbrec_datapath_binding **)dns_info->sbs, | ||
126 | 104 | dns_info->n_sbs); | ||
127 | 105 | - sbrec_dns_set_records(dns_info->sb_dns, &dns_info->nb_dns->records); | ||
128 | 106 | + | ||
129 | 107 | + /* DNS lookups are case-insensitive. Convert records to lowercase so | ||
130 | 108 | + * we can do consistent lookups when DNS requests arrive | ||
131 | 109 | + */ | ||
132 | 110 | + struct smap lower_records = SMAP_INITIALIZER(&lower_records); | ||
133 | 111 | + struct smap_node *node; | ||
134 | 112 | + SMAP_FOR_EACH (node, &dns_info->nb_dns->records) { | ||
135 | 113 | + smap_add_nocopy(&lower_records, xstrdup(node->key), | ||
136 | 114 | + str_tolower(node->value)); | ||
137 | 115 | + } | ||
138 | 116 | + | ||
139 | 117 | + sbrec_dns_set_records(dns_info->sb_dns, &lower_records); | ||
140 | 118 | + | ||
141 | 119 | + smap_destroy(&lower_records); | ||
142 | 120 | free(dns_info->sbs); | ||
143 | 121 | free(dns_info); | ||
144 | 122 | } | ||
145 | 123 | diff --git a/ovn-sb.xml b/ovn-sb.xml | ||
146 | 124 | index 2703e6d0c..64c33d2df 100644 | ||
147 | 125 | --- a/ovn-sb.xml | ||
148 | 126 | +++ b/ovn-sb.xml | ||
149 | 127 | @@ -3581,7 +3581,8 @@ tcp.flags = RST; | ||
150 | 128 | <column name="records"> | ||
151 | 129 | Key-value pair of DNS records with <code>DNS query name</code> as the key | ||
152 | 130 | and a string of IP address(es) separated by comma or space as the | ||
153 | 131 | - value. | ||
154 | 132 | + value. ovn-northd stores the DNS query name in all lowercase in order to | ||
155 | 133 | + facilitate case-insensitive lookups. | ||
156 | 134 | |||
157 | 135 | <p><b>Example: </b> "vm1.ovn.org" = "10.0.0.4 aef0::4"</p> | ||
158 | 136 | </column> | ||
159 | 137 | diff --git a/tests/ovn.at b/tests/ovn.at | ||
160 | 138 | index 4d9ee1256..b6eff4349 100644 | ||
161 | 139 | --- a/tests/ovn.at | ||
162 | 140 | +++ b/tests/ovn.at | ||
163 | 141 | @@ -8317,6 +8317,12 @@ set_dns_params() { | ||
164 | 142 | # IPv4 address - 10.0.0.4 | ||
165 | 143 | expected_dns_answer=${query_name}00010001${ttl}00040a000004 | ||
166 | 144 | ;; | ||
167 | 145 | + VM1) | ||
168 | 146 | + # VM1.OVN.ORG | ||
169 | 147 | + query_name=03564d31034f564e034f524700 | ||
170 | 148 | + # IPv4 address - 10.0.0.4 | ||
171 | 149 | + expected_dns_answer=${query_name}00010001${ttl}00040a000004 | ||
172 | 150 | + ;; | ||
173 | 151 | vm2) | ||
174 | 152 | # vm2.ovn.org | ||
175 | 153 | query_name=03766d32036f766e036f726700 | ||
176 | 154 | @@ -8479,6 +8485,29 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
177 | 155 | rm -f 1.expected | ||
178 | 156 | rm -f 2.expected | ||
179 | 157 | |||
180 | 158 | +# Try vm1 again but an all-caps query name | ||
181 | 159 | + | ||
182 | 160 | +set_dns_params VM1 | ||
183 | 161 | +src_ip=`ip_to_hex 10 0 0 6` | ||
184 | 162 | +dst_ip=`ip_to_hex 10 0 0 1` | ||
185 | 163 | +dns_reply=1 | ||
186 | 164 | +test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
187 | 165 | + | ||
188 | 166 | +# NXT_RESUMEs should be 3. | ||
189 | 167 | +OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
190 | 168 | + | ||
191 | 169 | +$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
192 | 170 | +cat 2.expected | cut -c -48 > expout | ||
193 | 171 | +AT_CHECK([cat 2.packets | cut -c -48], [0], [expout]) | ||
194 | 172 | +# Skipping the IPv4 checksum. | ||
195 | 173 | +cat 2.expected | cut -c 53- > expout | ||
196 | 174 | +AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout]) | ||
197 | 175 | + | ||
198 | 176 | +reset_pcap_file hv1-vif1 hv1/vif1 | ||
199 | 177 | +reset_pcap_file hv1-vif2 hv1/vif2 | ||
200 | 178 | +rm -f 1.expected | ||
201 | 179 | +rm -f 2.expected | ||
202 | 180 | + | ||
203 | 181 | # Clear the query name options for ls1-lp2 | ||
204 | 182 | ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org | ||
205 | 183 | |||
206 | 184 | @@ -8488,8 +8517,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
207 | 185 | dns_reply=0 | ||
208 | 186 | test_dns 1 f00000000001 f00000000002 $src_ip $dst_ip $dns_reply $dns_req_data | ||
209 | 187 | |||
210 | 188 | -# NXT_RESUMEs should be 3. | ||
211 | 189 | -OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
212 | 190 | +# NXT_RESUMEs should be 4. | ||
213 | 191 | +OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
214 | 192 | |||
215 | 193 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets | ||
216 | 194 | AT_CHECK([cat 1.packets], [0], []) | ||
217 | 195 | @@ -8510,8 +8539,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
218 | 196 | dns_reply=0 | ||
219 | 197 | test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data | ||
220 | 198 | |||
221 | 199 | -# NXT_RESUMEs should be 3 only. | ||
222 | 200 | -OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
223 | 201 | +# NXT_RESUMEs should be 4 only. | ||
224 | 202 | +OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
225 | 203 | |||
226 | 204 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
227 | 205 | AT_CHECK([cat 2.packets], [0], []) | ||
228 | 206 | @@ -8531,8 +8560,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
229 | 207 | dns_reply=1 | ||
230 | 208 | test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
231 | 209 | |||
232 | 210 | -# NXT_RESUMEs should be 4. | ||
233 | 211 | -OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
234 | 212 | +# NXT_RESUMEs should be 5. | ||
235 | 213 | +OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
236 | 214 | |||
237 | 215 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
238 | 216 | cat 2.expected | cut -c -48 > expout | ||
239 | 217 | @@ -8553,8 +8582,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
240 | 218 | dns_reply=1 | ||
241 | 219 | test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
242 | 220 | |||
243 | 221 | -# NXT_RESUMEs should be 5. | ||
244 | 222 | -OVS_WAIT_UNTIL([test 5 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
245 | 223 | +# NXT_RESUMEs should be 6. | ||
246 | 224 | +OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
247 | 225 | |||
248 | 226 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
249 | 227 | cat 2.expected | cut -c -48 > expout | ||
250 | 228 | @@ -8575,8 +8604,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
251 | 229 | dns_reply=0 | ||
252 | 230 | test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data | ||
253 | 231 | |||
254 | 232 | -# NXT_RESUMEs should be 6. | ||
255 | 233 | -OVS_WAIT_UNTIL([test 6 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
256 | 234 | +# NXT_RESUMEs should be 7. | ||
257 | 235 | +OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
258 | 236 | |||
259 | 237 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
260 | 238 | AT_CHECK([cat 2.packets], [0], []) | ||
261 | 239 | @@ -8593,8 +8622,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
262 | 240 | dns_reply=0 | ||
263 | 241 | test_dns 2 f00000000002 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data | ||
264 | 242 | |||
265 | 243 | -# NXT_RESUMEs should be 7. | ||
266 | 244 | -OVS_WAIT_UNTIL([test 7 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
267 | 245 | +# NXT_RESUMEs should be 8. | ||
268 | 246 | +OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
269 | 247 | |||
270 | 248 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets | ||
271 | 249 | AT_CHECK([cat 2.packets], [0], []) | ||
272 | 250 | @@ -8613,8 +8642,8 @@ dst_ip=`ip_to_hex 10 0 0 1` | ||
273 | 251 | dns_reply=1 | ||
274 | 252 | test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
275 | 253 | |||
276 | 254 | -# NXT_RESUMEs should be 8. | ||
277 | 255 | -OVS_WAIT_UNTIL([test 8 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
278 | 256 | +# NXT_RESUMEs should be 9. | ||
279 | 257 | +OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
280 | 258 | |||
281 | 259 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets | ||
282 | 260 | cat 1.expected | cut -c -48 > expout | ||
283 | 261 | @@ -8635,8 +8664,8 @@ dst_ip=aef00000000000000000000000000001 | ||
284 | 262 | dns_reply=1 | ||
285 | 263 | test_dns6 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
286 | 264 | |||
287 | 265 | -# NXT_RESUMEs should be 9. | ||
288 | 266 | -OVS_WAIT_UNTIL([test 9 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
289 | 267 | +# NXT_RESUMEs should be 10 | ||
290 | 268 | +OVS_WAIT_UNTIL([test 10 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
291 | 269 | |||
292 | 270 | $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets | ||
293 | 271 | # Skipping the UDP checksum. | ||
294 | 272 | -- | ||
295 | 273 | 2.33.1 | ||
296 | 274 | |||
297 | diff --git a/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch b/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch | |||
298 | 0 | new file mode 100644 | 275 | new file mode 100644 |
299 | index 0000000..4386c6c | |||
300 | --- /dev/null | |||
301 | +++ b/debian/patches/lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch | |||
302 | @@ -0,0 +1,491 @@ | |||
303 | 1 | Origin: backport, https://github.com/ovn-org/ovn/commit/82a4e44e308171cb545211eb2534475ef16a4c0e | ||
304 | 2 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1857026 | ||
305 | 3 | Last-Update: 2022-01-06 | ||
306 | 4 | |||
307 | 5 | From e612a270f789af616e98cc204eee42b8b114de41 Mon Sep 17 00:00:00 2001 | ||
308 | 6 | From: Vladislav Odintsov <odivlad@gmail.com> | ||
309 | 7 | Date: Fri, 19 Feb 2021 11:57:59 +0300 | ||
310 | 8 | Subject: [PATCH 2/2] controller: Add support for PTR DNS requests. | ||
311 | 9 | |||
312 | 10 | The native OVN DNS support doesn't yet support for PTR DNS requests. | ||
313 | 11 | This patch adds the support for it. If suppose there is a dns record | ||
314 | 12 | as - "vm1.ovn.org"="10.0.0.4", then a normal DNS request will query for | ||
315 | 13 | "vm1.ovn.org" and the reply will be the IP address - 10.0.0.4. | ||
316 | 14 | PTR DNS request helps in getting the domain name of the IP address. | ||
317 | 15 | For the above example, the PTR DNS request will have a query name as | ||
318 | 16 | - "4.0.0.10.in-addr.arpa". And the response will have "vm1.ovn.org". | ||
319 | 17 | In order to support this feature, this patch expects the CMS to define | ||
320 | 18 | an another entry in the DNS record as - "4.0.0.10.in-addr.arpa"="vm1.ovn.org". | ||
321 | 19 | |||
322 | 20 | This makes the job of ovn-controller easier to support this feature. | ||
323 | 21 | |||
324 | 22 | Submitted-at: https://github.com/ovn-org/ovn/pull/74 | ||
325 | 23 | Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> | ||
326 | 24 | Signed-off-by: Numan Siddique <numans@ovn.org> | ||
327 | 25 | (cherry picked from commit 82a4e44e308171cb545211eb2534475ef16a4c0e) | ||
328 | 26 | --- | ||
329 | 27 | controller/pinctrl.c | 181 +++++++++++++++++++++++++++++++------------ | ||
330 | 28 | lib/ovn-l7.h | 8 ++ | ||
331 | 29 | ovn-nb.xml | 6 ++ | ||
332 | 30 | tests/ovn.at | 83 +++++++++++++++++++- | ||
333 | 31 | 4 files changed, 228 insertions(+), 50 deletions(-) | ||
334 | 32 | |||
335 | 33 | diff --git a/controller/pinctrl.c b/controller/pinctrl.c | ||
336 | 34 | index 4879dcc45..c505077e0 100644 | ||
337 | 35 | --- a/controller/pinctrl.c | ||
338 | 36 | +++ b/controller/pinctrl.c | ||
339 | 37 | @@ -1658,6 +1658,106 @@ destroy_dns_cache(void) | ||
340 | 38 | } | ||
341 | 39 | } | ||
342 | 40 | |||
343 | 41 | +/* Populates dns_answer struct with base data. | ||
344 | 42 | + * Copy the answer section | ||
345 | 43 | + * Format of the answer section is | ||
346 | 44 | + * - NAME -> The domain name | ||
347 | 45 | + * - TYPE -> 2 octets containing one of the RR type codes | ||
348 | 46 | + * - CLASS -> 2 octets which specify the class of the data | ||
349 | 47 | + * in the RDATA field. | ||
350 | 48 | + * - TTL -> 32 bit unsigned int specifying the time | ||
351 | 49 | + * interval (in secs) that the resource record | ||
352 | 50 | + * may be cached before it should be discarded. | ||
353 | 51 | + * - RDLENGTH -> 16 bit integer specifying the length of the | ||
354 | 52 | + * RDATA field. | ||
355 | 53 | + * - RDATA -> a variable length string of octets that | ||
356 | 54 | + * describes the resource. | ||
357 | 55 | + */ | ||
358 | 56 | +static void | ||
359 | 57 | +dns_build_base_answer( | ||
360 | 58 | + struct ofpbuf *dns_answer, const uint8_t *in_queryname, | ||
361 | 59 | + uint16_t query_length, int query_type) | ||
362 | 60 | +{ | ||
363 | 61 | + ofpbuf_put(dns_answer, in_queryname, query_length); | ||
364 | 62 | + put_be16(dns_answer, htons(query_type)); | ||
365 | 63 | + put_be16(dns_answer, htons(DNS_CLASS_IN)); | ||
366 | 64 | + put_be32(dns_answer, htonl(DNS_DEFAULT_RR_TTL)); | ||
367 | 65 | +} | ||
368 | 66 | + | ||
369 | 67 | +/* Populates dns_answer struct with a TYPE A answer. */ | ||
370 | 68 | +static void | ||
371 | 69 | +dns_build_a_answer( | ||
372 | 70 | + struct ofpbuf *dns_answer, const uint8_t *in_queryname, | ||
373 | 71 | + uint16_t query_length, const ovs_be32 addr) | ||
374 | 72 | +{ | ||
375 | 73 | + dns_build_base_answer(dns_answer, in_queryname, query_length, | ||
376 | 74 | + DNS_QUERY_TYPE_A); | ||
377 | 75 | + put_be16(dns_answer, htons(sizeof(ovs_be32))); | ||
378 | 76 | + put_be32(dns_answer, addr); | ||
379 | 77 | +} | ||
380 | 78 | + | ||
381 | 79 | +/* Populates dns_answer struct with a TYPE AAAA answer. */ | ||
382 | 80 | +static void | ||
383 | 81 | +dns_build_aaaa_answer( | ||
384 | 82 | + struct ofpbuf *dns_answer, const uint8_t *in_queryname, | ||
385 | 83 | + uint16_t query_length, const struct in6_addr *addr) | ||
386 | 84 | +{ | ||
387 | 85 | + dns_build_base_answer(dns_answer, in_queryname, query_length, | ||
388 | 86 | + DNS_QUERY_TYPE_AAAA); | ||
389 | 87 | + put_be16(dns_answer, htons(sizeof(*addr))); | ||
390 | 88 | + ofpbuf_put(dns_answer, addr, sizeof(*addr)); | ||
391 | 89 | +} | ||
392 | 90 | + | ||
393 | 91 | +/* Populates dns_answer struct with a TYPE PTR answer. */ | ||
394 | 92 | +static void | ||
395 | 93 | +dns_build_ptr_answer( | ||
396 | 94 | + struct ofpbuf *dns_answer, const uint8_t *in_queryname, | ||
397 | 95 | + uint16_t query_length, const char *answer_data) | ||
398 | 96 | +{ | ||
399 | 97 | + char *encoded_answer; | ||
400 | 98 | + uint16_t encoded_answer_length; | ||
401 | 99 | + | ||
402 | 100 | + dns_build_base_answer(dns_answer, in_queryname, query_length, | ||
403 | 101 | + DNS_QUERY_TYPE_PTR); | ||
404 | 102 | + | ||
405 | 103 | + /* Initialize string 2 chars longer than real answer: | ||
406 | 104 | + * first label length and terminating zero-length label. | ||
407 | 105 | + * If the answer_data is - vm1tst.ovn.org, it will be encoded as | ||
408 | 106 | + * - 0010 (Total length which is 16) | ||
409 | 107 | + * - 06766d31747374 (vm1tst) | ||
410 | 108 | + * - 036f766e (ovn) | ||
411 | 109 | + * - 036f7267 (org | ||
412 | 110 | + * - 00 (zero length field) */ | ||
413 | 111 | + encoded_answer_length = strlen(answer_data) + 2; | ||
414 | 112 | + encoded_answer = (char *)xzalloc(encoded_answer_length); | ||
415 | 113 | + | ||
416 | 114 | + put_be16(dns_answer, htons(encoded_answer_length)); | ||
417 | 115 | + uint8_t label_len_index = 0; | ||
418 | 116 | + uint16_t label_len = 0; | ||
419 | 117 | + char *encoded_answer_ptr = (char *)encoded_answer + 1; | ||
420 | 118 | + while (*answer_data) { | ||
421 | 119 | + if (*answer_data == '.') { | ||
422 | 120 | + /* Label has ended. Update the length of the label. */ | ||
423 | 121 | + encoded_answer[label_len_index] = label_len; | ||
424 | 122 | + label_len_index += (label_len + 1); | ||
425 | 123 | + label_len = 0; /* Init to 0 for the next label. */ | ||
426 | 124 | + } else { | ||
427 | 125 | + *encoded_answer_ptr = *answer_data; | ||
428 | 126 | + label_len++; | ||
429 | 127 | + } | ||
430 | 128 | + encoded_answer_ptr++; | ||
431 | 129 | + answer_data++; | ||
432 | 130 | + } | ||
433 | 131 | + | ||
434 | 132 | + /* This is required for the last label if it doesn't end with '.' */ | ||
435 | 133 | + if (label_len) { | ||
436 | 134 | + encoded_answer[label_len_index] = label_len; | ||
437 | 135 | + } | ||
438 | 136 | + | ||
439 | 137 | + ofpbuf_put(dns_answer, encoded_answer, encoded_answer_length); | ||
440 | 138 | + free(encoded_answer); | ||
441 | 139 | +} | ||
442 | 140 | + | ||
443 | 141 | /* Called with in the pinctrl_handler thread context. */ | ||
444 | 142 | static void | ||
445 | 143 | pinctrl_handle_dns_lookup( | ||
446 | 144 | @@ -1753,15 +1853,16 @@ pinctrl_handle_dns_lookup( | ||
447 | 145 | } | ||
448 | 146 | |||
449 | 147 | uint16_t query_type = ntohs(*ALIGNED_CAST(const ovs_be16 *, in_dns_data)); | ||
450 | 148 | - /* Supported query types - A, AAAA and ANY */ | ||
451 | 149 | + /* Supported query types - A, AAAA, ANY and PTR */ | ||
452 | 150 | if (!(query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_AAAA | ||
453 | 151 | - || query_type == DNS_QUERY_TYPE_ANY)) { | ||
454 | 152 | + || query_type == DNS_QUERY_TYPE_ANY | ||
455 | 153 | + || query_type == DNS_QUERY_TYPE_PTR)) { | ||
456 | 154 | ds_destroy(&query_name); | ||
457 | 155 | goto exit; | ||
458 | 156 | } | ||
459 | 157 | |||
460 | 158 | uint64_t dp_key = ntohll(pin->flow_metadata.flow.metadata); | ||
461 | 159 | - const char *answer_ips = NULL; | ||
462 | 160 | + const char *answer_data = NULL; | ||
463 | 161 | struct shash_node *iter; | ||
464 | 162 | SHASH_FOR_EACH (iter, &dns_cache) { | ||
465 | 163 | struct dns_data *d = iter->data; | ||
466 | 164 | @@ -1771,76 +1872,58 @@ pinctrl_handle_dns_lookup( | ||
467 | 165 | * lowercase to perform case insensitive lookup | ||
468 | 166 | */ | ||
469 | 167 | char *query_name_lower = str_tolower(ds_cstr(&query_name)); | ||
470 | 168 | - answer_ips = smap_get(&d->records, query_name_lower); | ||
471 | 169 | + answer_data = smap_get(&d->records, query_name_lower); | ||
472 | 170 | free(query_name_lower); | ||
473 | 171 | - if (answer_ips) { | ||
474 | 172 | + if (answer_data) { | ||
475 | 173 | break; | ||
476 | 174 | } | ||
477 | 175 | } | ||
478 | 176 | } | ||
479 | 177 | |||
480 | 178 | - if (answer_ips) { | ||
481 | 179 | + if (answer_data) { | ||
482 | 180 | break; | ||
483 | 181 | } | ||
484 | 182 | } | ||
485 | 183 | |||
486 | 184 | ds_destroy(&query_name); | ||
487 | 185 | - if (!answer_ips) { | ||
488 | 186 | + if (!answer_data) { | ||
489 | 187 | goto exit; | ||
490 | 188 | } | ||
491 | 189 | |||
492 | 190 | - struct lport_addresses ip_addrs; | ||
493 | 191 | - if (!extract_ip_addresses(answer_ips, &ip_addrs)) { | ||
494 | 192 | - goto exit; | ||
495 | 193 | - } | ||
496 | 194 | |||
497 | 195 | uint16_t ancount = 0; | ||
498 | 196 | uint64_t dns_ans_stub[128 / 8]; | ||
499 | 197 | struct ofpbuf dns_answer = OFPBUF_STUB_INITIALIZER(dns_ans_stub); | ||
500 | 198 | |||
501 | 199 | - if (query_type == DNS_QUERY_TYPE_A || query_type == DNS_QUERY_TYPE_ANY) { | ||
502 | 200 | - for (size_t i = 0; i < ip_addrs.n_ipv4_addrs; i++) { | ||
503 | 201 | - /* Copy the answer section */ | ||
504 | 202 | - /* Format of the answer section is | ||
505 | 203 | - * - NAME -> The domain name | ||
506 | 204 | - * - TYPE -> 2 octets containing one of the RR type codes | ||
507 | 205 | - * - CLASS -> 2 octets which specify the class of the data | ||
508 | 206 | - * in the RDATA field. | ||
509 | 207 | - * - TTL -> 32 bit unsigned int specifying the time | ||
510 | 208 | - * interval (in secs) that the resource record | ||
511 | 209 | - * may be cached before it should be discarded. | ||
512 | 210 | - * - RDLENGTH -> 16 bit integer specifying the length of the | ||
513 | 211 | - * RDATA field. | ||
514 | 212 | - * - RDATA -> a variable length string of octets that | ||
515 | 213 | - * describes the resource. In our case it will | ||
516 | 214 | - * be IP address of the domain name. | ||
517 | 215 | - */ | ||
518 | 216 | - ofpbuf_put(&dns_answer, in_queryname, idx); | ||
519 | 217 | - put_be16(&dns_answer, htons(DNS_QUERY_TYPE_A)); | ||
520 | 218 | - put_be16(&dns_answer, htons(DNS_CLASS_IN)); | ||
521 | 219 | - put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL)); | ||
522 | 220 | - put_be16(&dns_answer, htons(sizeof(ovs_be32))); | ||
523 | 221 | - put_be32(&dns_answer, ip_addrs.ipv4_addrs[i].addr); | ||
524 | 222 | - ancount++; | ||
525 | 223 | + if (query_type == DNS_QUERY_TYPE_PTR) { | ||
526 | 224 | + dns_build_ptr_answer(&dns_answer, in_queryname, idx, answer_data); | ||
527 | 225 | + ancount++; | ||
528 | 226 | + } else { | ||
529 | 227 | + struct lport_addresses ip_addrs; | ||
530 | 228 | + if (!extract_ip_addresses(answer_data, &ip_addrs)) { | ||
531 | 229 | + goto exit; | ||
532 | 230 | + } | ||
533 | 231 | + | ||
534 | 232 | + if (query_type == DNS_QUERY_TYPE_A || | ||
535 | 233 | + query_type == DNS_QUERY_TYPE_ANY) { | ||
536 | 234 | + for (size_t i = 0; i < ip_addrs.n_ipv4_addrs; i++) { | ||
537 | 235 | + dns_build_a_answer(&dns_answer, in_queryname, idx, | ||
538 | 236 | + ip_addrs.ipv4_addrs[i].addr); | ||
539 | 237 | + ancount++; | ||
540 | 238 | + } | ||
541 | 239 | } | ||
542 | 240 | - } | ||
543 | 241 | |||
544 | 242 | - if (query_type == DNS_QUERY_TYPE_AAAA || | ||
545 | 243 | - query_type == DNS_QUERY_TYPE_ANY) { | ||
546 | 244 | - for (size_t i = 0; i < ip_addrs.n_ipv6_addrs; i++) { | ||
547 | 245 | - ofpbuf_put(&dns_answer, in_queryname, idx); | ||
548 | 246 | - put_be16(&dns_answer, htons(DNS_QUERY_TYPE_AAAA)); | ||
549 | 247 | - put_be16(&dns_answer, htons(DNS_CLASS_IN)); | ||
550 | 248 | - put_be32(&dns_answer, htonl(DNS_DEFAULT_RR_TTL)); | ||
551 | 249 | - const struct in6_addr *ip6 = &ip_addrs.ipv6_addrs[i].addr; | ||
552 | 250 | - put_be16(&dns_answer, htons(sizeof *ip6)); | ||
553 | 251 | - ofpbuf_put(&dns_answer, ip6, sizeof *ip6); | ||
554 | 252 | - ancount++; | ||
555 | 253 | + if (query_type == DNS_QUERY_TYPE_AAAA || | ||
556 | 254 | + query_type == DNS_QUERY_TYPE_ANY) { | ||
557 | 255 | + for (size_t i = 0; i < ip_addrs.n_ipv6_addrs; i++) { | ||
558 | 256 | + dns_build_aaaa_answer(&dns_answer, in_queryname, idx, | ||
559 | 257 | + &ip_addrs.ipv6_addrs[i].addr); | ||
560 | 258 | + ancount++; | ||
561 | 259 | + } | ||
562 | 260 | } | ||
563 | 261 | + destroy_lport_addresses(&ip_addrs); | ||
564 | 262 | } | ||
565 | 263 | |||
566 | 264 | - destroy_lport_addresses(&ip_addrs); | ||
567 | 265 | - | ||
568 | 266 | if (!ancount) { | ||
569 | 267 | ofpbuf_uninit(&dns_answer); | ||
570 | 268 | goto exit; | ||
571 | 269 | diff --git a/lib/ovn-l7.h b/lib/ovn-l7.h | ||
572 | 270 | index 507949c28..899162866 100644 | ||
573 | 271 | --- a/lib/ovn-l7.h | ||
574 | 272 | +++ b/lib/ovn-l7.h | ||
575 | 273 | @@ -26,6 +26,14 @@ | ||
576 | 274 | #include "hash.h" | ||
577 | 275 | #include "ovn/logical-fields.h" | ||
578 | 276 | |||
579 | 277 | +#define DNS_QUERY_TYPE_A 0x01 | ||
580 | 278 | +#define DNS_QUERY_TYPE_AAAA 0x1c | ||
581 | 279 | +#define DNS_QUERY_TYPE_ANY 0xff | ||
582 | 280 | +#define DNS_QUERY_TYPE_PTR 0x0c | ||
583 | 281 | + | ||
584 | 282 | +#define DNS_CLASS_IN 0x01 | ||
585 | 283 | +#define DNS_DEFAULT_RR_TTL 3600 | ||
586 | 284 | + | ||
587 | 285 | /* Generic options map which is used to store dhcpv4 opts and dhcpv6 opts. */ | ||
588 | 286 | struct gen_opts_map { | ||
589 | 287 | struct hmap_node hmap_node; | ||
590 | 288 | diff --git a/ovn-nb.xml b/ovn-nb.xml | ||
591 | 289 | index f30cc9ee9..a57e7498f 100644 | ||
592 | 290 | --- a/ovn-nb.xml | ||
593 | 291 | +++ b/ovn-nb.xml | ||
594 | 292 | @@ -3188,7 +3188,13 @@ | ||
595 | 293 | Key-value pair of DNS records with <code>DNS query name</code> as the key | ||
596 | 294 | and value as a string of IP address(es) separated by comma or space. | ||
597 | 295 | |||
598 | 296 | + For PTR requests, the key-value pair can be | ||
599 | 297 | + <code>Reverse IPv4 address.in-addr.arpa</code> and the value | ||
600 | 298 | + <code>DNS domain name</code>. For IPv6 addresses, the key | ||
601 | 299 | + has to be <code>Reverse IPv6 address.ip6.arpa</code>. | ||
602 | 300 | + | ||
603 | 301 | <p><b>Example: </b> "vm1.ovn.org" = "10.0.0.4 aef0::4"</p> | ||
604 | 302 | + <p><b>Example: </b> "4.0.0.10.in-addr.arpa" = "vm1.ovn.org"</p> | ||
605 | 303 | </column> | ||
606 | 304 | |||
607 | 305 | <column name="external_ids"> | ||
608 | 306 | diff --git a/tests/ovn.at b/tests/ovn.at | ||
609 | 307 | index b6eff4349..87d0bd4fc 100644 | ||
610 | 308 | --- a/tests/ovn.at | ||
611 | 309 | +++ b/tests/ovn.at | ||
612 | 310 | @@ -8256,10 +8256,13 @@ ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4" | ||
613 | 311 | |||
614 | 312 | DNS1=`ovn-nbctl create DNS records={}` | ||
615 | 313 | DNS2=`ovn-nbctl create DNS records={}` | ||
616 | 314 | +DNS3=`ovn-nbctl create DNS records={}` | ||
617 | 315 | |||
618 | 316 | ovn-nbctl set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4" | ||
619 | 317 | ovn-nbctl set DNS $DNS1 records:vm2.ovn.org="10.0.0.6 20.0.0.4" | ||
620 | 318 | ovn-nbctl set DNS $DNS2 records:vm3.ovn.org="40.0.0.4" | ||
621 | 319 | +ovn-nbctl set DNS $DNS3 records:4.0.0.10.in-addr.arpa="vm1.ovn.org" | ||
622 | 320 | +ovn-nbctl set DNS $DNS3 records:4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.a.ip6.arpa="vm1.ovn.org" | ||
623 | 321 | |||
624 | 322 | ovn-nbctl set Logical_switch ls1 dns_records="$DNS1" | ||
625 | 323 | |||
626 | 324 | @@ -8365,6 +8368,21 @@ set_dns_params() { | ||
627 | 325 | vm1_incomplete) | ||
628 | 326 | # set type to none | ||
629 | 327 | type='' | ||
630 | 328 | + ;; | ||
631 | 329 | + vm1_ipv4_ptr) | ||
632 | 330 | + # 4.0.0.10.in-addr.arpa | ||
633 | 331 | + query_name=01340130013002313007696e2d61646472046172706100 | ||
634 | 332 | + type=000c | ||
635 | 333 | + # vm1.ovn.org | ||
636 | 334 | + expected_dns_answer=${query_name}${type}0001${ttl}000d03766d31036f766e036f726700 | ||
637 | 335 | + ;; | ||
638 | 336 | + vm1_ipv6_ptr) | ||
639 | 337 | + # 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.a.ip6.arpa | ||
640 | 338 | + query_name=0134013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001300130013001660165016103697036046172706100 | ||
641 | 339 | + type=000c | ||
642 | 340 | + # vm1.ovn.org | ||
643 | 341 | + expected_dns_answer=${query_name}${type}0001${ttl}000d03766d31036f766e036f726700 | ||
644 | 342 | + ;; | ||
645 | 343 | esac | ||
646 | 344 | # TTL - 3600 | ||
647 | 345 | local dns_req_header=010201200001000000000000 | ||
648 | 346 | @@ -8464,6 +8482,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
649 | 347 | rm -f 1.expected | ||
650 | 348 | rm -f 2.expected | ||
651 | 349 | |||
652 | 350 | + | ||
653 | 351 | set_dns_params vm1 | ||
654 | 352 | src_ip=`ip_to_hex 10 0 0 6` | ||
655 | 353 | dst_ip=`ip_to_hex 10 0 0 1` | ||
656 | 354 | @@ -8485,8 +8504,8 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
657 | 355 | rm -f 1.expected | ||
658 | 356 | rm -f 2.expected | ||
659 | 357 | |||
660 | 358 | -# Try vm1 again but an all-caps query name | ||
661 | 359 | |||
662 | 360 | +# Try vm1 again but an all-caps query name | ||
663 | 361 | set_dns_params VM1 | ||
664 | 362 | src_ip=`ip_to_hex 10 0 0 6` | ||
665 | 363 | dst_ip=`ip_to_hex 10 0 0 1` | ||
666 | 364 | @@ -8508,6 +8527,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
667 | 365 | rm -f 1.expected | ||
668 | 366 | rm -f 2.expected | ||
669 | 367 | |||
670 | 368 | + | ||
671 | 369 | # Clear the query name options for ls1-lp2 | ||
672 | 370 | ovn-nbctl --wait=hv remove DNS $DNS1 records vm2.ovn.org | ||
673 | 371 | |||
674 | 372 | @@ -8528,6 +8548,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
675 | 373 | rm -f 1.expected | ||
676 | 374 | rm -f 2.expected | ||
677 | 375 | |||
678 | 376 | + | ||
679 | 377 | # Clear the query name for ls1-lp1 | ||
680 | 378 | # Since ls1 has no query names configued, | ||
681 | 379 | # ovn-northd should not add the DNS flows. | ||
682 | 380 | @@ -8550,6 +8571,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
683 | 381 | rm -f 1.expected | ||
684 | 382 | rm -f 2.expected | ||
685 | 383 | |||
686 | 384 | + | ||
687 | 385 | # Test IPv6 (AAAA records) using IPv4 packet. | ||
688 | 386 | # Add back the DNS options for ls1-lp1. | ||
689 | 387 | ovn-nbctl --wait=hv set DNS $DNS1 records:vm1.ovn.org="10.0.0.4 aef0::4" | ||
690 | 388 | @@ -8575,6 +8597,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
691 | 389 | rm -f 1.expected | ||
692 | 390 | rm -f 2.expected | ||
693 | 391 | |||
694 | 392 | + | ||
695 | 393 | # Test both IPv4 (A) and IPv6 (AAAA records) using IPv4 packet. | ||
696 | 394 | set_dns_params vm1_ipv4_v6 | ||
697 | 395 | src_ip=`ip_to_hex 10 0 0 6` | ||
698 | 396 | @@ -8597,6 +8620,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
699 | 397 | rm -f 1.expected | ||
700 | 398 | rm -f 2.expected | ||
701 | 399 | |||
702 | 400 | + | ||
703 | 401 | # Invalid type. | ||
704 | 402 | set_dns_params vm1_invalid_type | ||
705 | 403 | src_ip=`ip_to_hex 10 0 0 6` | ||
706 | 404 | @@ -8615,6 +8639,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
707 | 405 | rm -f 1.expected | ||
708 | 406 | rm -f 2.expected | ||
709 | 407 | |||
710 | 408 | + | ||
711 | 409 | # Incomplete DNS packet. | ||
712 | 410 | set_dns_params vm1_incomplete | ||
713 | 411 | src_ip=`ip_to_hex 10 0 0 6` | ||
714 | 412 | @@ -8633,6 +8658,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
715 | 413 | rm -f 1.expected | ||
716 | 414 | rm -f 2.expected | ||
717 | 415 | |||
718 | 416 | + | ||
719 | 417 | # Add one more DNS record to the ls1. | ||
720 | 418 | ovn-nbctl --wait=hv set Logical_switch ls1 dns_records="$DNS1 $DNS2" | ||
721 | 419 | |||
722 | 420 | @@ -8657,6 +8683,7 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
723 | 421 | rm -f 1.expected | ||
724 | 422 | rm -f 2.expected | ||
725 | 423 | |||
726 | 424 | + | ||
727 | 425 | # Try DNS query over IPv6 | ||
728 | 426 | set_dns_params vm1 | ||
729 | 427 | src_ip=aef00000000000000000000000000004 | ||
730 | 428 | @@ -8677,6 +8704,60 @@ reset_pcap_file hv1-vif2 hv1/vif2 | ||
731 | 429 | rm -f 1.expected | ||
732 | 430 | rm -f 2.expected | ||
733 | 431 | |||
734 | 432 | + | ||
735 | 433 | +# Add one more DNS record to the ls1. | ||
736 | 434 | +ovn-nbctl --wait=hv set Logical_switch ls1 dns_records="$DNS1 $DNS2 $DNS3" | ||
737 | 435 | +echo "*************************" | ||
738 | 436 | +ovn-sbctl list DNS | ||
739 | 437 | +echo "*************************" | ||
740 | 438 | +ovn-nbctl list DNS | ||
741 | 439 | +echo "*************************" | ||
742 | 440 | + | ||
743 | 441 | +# Test PTR record for IPv4 address using IPv4 packet. | ||
744 | 442 | +set_dns_params vm1_ipv4_ptr | ||
745 | 443 | +src_ip=`ip_to_hex 10 0 0 4` | ||
746 | 444 | +dst_ip=`ip_to_hex 10 0 0 1` | ||
747 | 445 | +dns_reply=1 | ||
748 | 446 | +test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
749 | 447 | + | ||
750 | 448 | +# NXT_RESUMEs should be 11. | ||
751 | 449 | +OVS_WAIT_UNTIL([test 11 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
752 | 450 | + | ||
753 | 451 | +$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets | ||
754 | 452 | +cat 1.expected | cut -c -48 > expout | ||
755 | 453 | +AT_CHECK([cat 1.packets | cut -c -48], [0], [expout]) | ||
756 | 454 | +# Skipping the IPv4 checksum. | ||
757 | 455 | +cat 1.expected | cut -c 53- > expout | ||
758 | 456 | +AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout]) | ||
759 | 457 | + | ||
760 | 458 | +reset_pcap_file hv1-vif1 hv1/vif1 | ||
761 | 459 | +reset_pcap_file hv1-vif2 hv1/vif2 | ||
762 | 460 | +rm -f 1.expected | ||
763 | 461 | +rm -f 2.expected | ||
764 | 462 | + | ||
765 | 463 | + | ||
766 | 464 | +# Test PTR record for IPv6 address using IPv4 packet. | ||
767 | 465 | +set_dns_params vm1_ipv6_ptr | ||
768 | 466 | +src_ip=`ip_to_hex 10 0 0 4` | ||
769 | 467 | +dst_ip=`ip_to_hex 10 0 0 1` | ||
770 | 468 | +dns_reply=1 | ||
771 | 469 | +test_dns 1 f00000000001 f000000000f0 $src_ip $dst_ip $dns_reply $dns_req_data $dns_resp_data | ||
772 | 470 | + | ||
773 | 471 | +# NXT_RESUMEs should be 12. | ||
774 | 472 | +OVS_WAIT_UNTIL([test 12 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) | ||
775 | 473 | + | ||
776 | 474 | +$PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets | ||
777 | 475 | +cat 1.expected | cut -c -48 > expout | ||
778 | 476 | +AT_CHECK([cat 1.packets | cut -c -48], [0], [expout]) | ||
779 | 477 | +# Skipping the IPv4 checksum. | ||
780 | 478 | +cat 1.expected | cut -c 53- > expout | ||
781 | 479 | +AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout]) | ||
782 | 480 | + | ||
783 | 481 | +reset_pcap_file hv1-vif1 hv1/vif1 | ||
784 | 482 | +reset_pcap_file hv1-vif2 hv1/vif2 | ||
785 | 483 | +rm -f 1.expected | ||
786 | 484 | +rm -f 2.expected | ||
787 | 485 | + | ||
788 | 486 | OVN_CLEANUP([hv1]) | ||
789 | 487 | |||
790 | 488 | AT_CLEANUP | ||
791 | 489 | -- | ||
792 | 490 | 2.33.1 | ||
793 | 491 | |||
794 | diff --git a/debian/patches/series b/debian/patches/series | |||
795 | index fbe5db9..ba80c08 100644 | |||
796 | --- a/debian/patches/series | |||
797 | +++ b/debian/patches/series | |||
798 | @@ -4,3 +4,5 @@ lp-1914988-tests-Use-ovn_start-in-tests-ovn-controller.at.patch | |||
799 | 4 | lp-1914988-tests-Make-certificate-generation-extendable.patch | 4 | lp-1914988-tests-Make-certificate-generation-extendable.patch |
800 | 5 | lp-1914988-tests-Test-with-SSL-and-RBAC-for-controller-by-defau.patch | 5 | lp-1914988-tests-Test-with-SSL-and-RBAC-for-controller-by-defau.patch |
801 | 6 | lp-1943266-physical-do-not-forward-traffic-from-localport-to-a-.patch | 6 | lp-1943266-physical-do-not-forward-traffic-from-localport-to-a-.patch |
802 | 7 | lp-1857026-0001-DNS-Make-DNS-lookups-case-insensitive.patch | ||
803 | 8 | lp-1857026-0002-controller-Add-support-for-PTR-DNS-requests.patch |
Package building in https:/ /launchpad. net/~fnordahl/ +archive/ ubuntu/ lp1857026