[ovs-build] Passed: ovsrobot/ovn#1058 (series_204465 - 56afa67)

Travis CI builds at travis-ci.com
Mon Sep 28 01:46:47 UTC 2020


Build Update for ovsrobot/ovn
-------------------------------------

Build: #1058
Status: Passed

Duration: 23 mins and 13 secs
Commit: 56afa67 (series_204465)
Author: Han Zhou
Message: ovn-northd.c: Fix ACL priority related to tcp_reset action.

When there "reject" is used as ACL action, there are logical flows generated
to handle TCP and non-TCP packets separately, so that tcp_reset is used to
reject TCP packets while ICMP is used to reject non-TCP packets.

The current implementation uses priority OVN_ACL_PRI_OFFSET + acl_priroity + 10
for handling TCP packets, while OVN_ACL_PRI_OFFSET + acl_priroity for
non-TCP packets. This can cause the ACL priorities defined by users incorrectly
handled. For example, a user creates two ACLs:

1. priority: 1001, match: tcp.dst == 443, action: allow
2. priority: 1000, match: any, action: reject

The generates lflows would be:
1. priority: 2010, match: any, action: tcp_reset
2. priority: 2001, match: tcp.dst == 443, action: allow
3. priority: 2000, match: any, action: icmp

Now if a TCP packet with dst port 443 comes, it will be rejected.

This patch fixes the problem by using OVN_ACL_PRI_OFFSET + acl_priority * 2 + 1
as flow priority for the tcp_reset flow, and OVN_ACL_PRI_OFFSET + acl_priority * 2
for other ACL related flows including the ICMP flows.

Fixes: 366ac0d89 ("OVN: add tcp_reset action to ovn acl reject support")
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: 0-day Robot <robot at bytheb.org>

View the changeset: https://github.com/ovsrobot/ovn/commit/56afa67728dc

View the full build log and details: https://travis-ci.com/github/ovsrobot/ovn/builds/186915126?utm_medium=notification&utm_source=email


--

You can unsubscribe from build emails from the ovsrobot/ovn repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=9136199&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20200928/3bbeb364/attachment.html>


More information about the build mailing list