[ovs-build] Passed: ovsrobot/ovn#961 (series_199948 - 11f6e33)

Travis CI builds at travis-ci.com
Mon Sep 7 13:16:56 UTC 2020 

Build Update for ovsrobot/ovn
-------------------------------------

Build: #961
Status: Passed

Duration: 18 mins and 1 sec
Commit: 11f6e33 (series_199948)
Author: Numan Siddique
Message: northd: Add lflows to send all pkts to conntrack if LB is configured on a lswitch.

Prior to this patch, if a load balancer is configured on a logical switch but with no
ACLs with allow-related configured, then in the ingress pipeline only the packets
with ip.dst = VIP will be sent to conntrack using the zone id of the source logical port.

If the backend of the load balancer, sends an invalid packet (for example invalid tcp
sequence number), then such packets will be delivered to the source logical port VIF
without unDNATting. This causes the source to reset the connection.

This patch fixes this issue by sending all the packets to conntrack if a load balancer
is configured on the logical switch. Because of this, any invalid (ct.inv) packets will
be dropped in the ingress pipeline itself.

Unfortunately this impacts the performance as now there will be extra recirculations
because of ct and ct_commit (for new connections) actions.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1870359
Reported-by: Tim Rozet (trozet at redhat.com)
Signed-off-by: Numan Siddique <numans at ovn.org>
Signed-off-by: 0-day Robot <robot at bytheb.org>

View the changeset: https://github.com/ovsrobot/ovn/commit/11f6e33b0b2d

View the full build log and details: https://travis-ci.com/github/ovsrobot/ovn/builds/183133412?utm_medium=notification&utm_source=email


--

You can unsubscribe from build emails from the ovsrobot/ovn repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=9136199&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20200907/d143e3c2/attachment-0001.html>

More information about the build mailing list