[ovs-dev] [PATCHv3 1/2] ofproto-dpif-xlate: Generate bitmasks in set_field.

Joe Stringer joe at ovn.org
Fri Apr 15 18:37:05 UTC 2016


On 14 April 2016 at 10:08, Ben Pfaff <blp at ovn.org> wrote:
> On Mon, Apr 04, 2016 at 02:56:03PM -0700, Joe Stringer wrote:
>> Previously, whenever a set_field() action was executed, the entire field
>> would become masked and the entire field replaced, regardless of the
>> mask specified in the set_field() action.
>>
>> In most cases this is fine, although it may lead to more specific
>> wildcards than strictly necessary. However, in a particular case with
>> connection tracking actions it could lead to the wrong behaviour.
>>
>> Unlike most OpenFlow fields, the ct_{mark,labels} fields are typically
>> unknown until the ct(...,recirc_table=N,...) action is executed however
>> the packet may actually belong to a connection which has a nonzero value
>> for one of these fields. This can lead to the wrong behaviour with flows
>> such as the following:
>>
>> in_port=1,ip,actions=ct(commit,exec(set_field(0x1/0x1->ct_mark))),2
>> in_port=2,ip,actions=ct(commit,exec(set_field(0x2/0x2->ct_mark))),1
>>
>> Connections flowing through these actions will always update the ct_mark
>> field stored within the conntrack table. However, rather than modifying
>> only the specified bits (0x1 in one direction, 0x2 in the other), the
>> entire ct_mark field will be replaced. Such connections will constantly
>> toggle the value of ct_mark between 0x1 and 0x2, rather than becoming
>> 0x3 and keeping that value.
>>
>> This commit fixes the issue by ensuring that set_field actions only
>> modify the modified bits in the wildcards, rather than masking the
>> entire field.
>>
>> Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
>> Fixes: 9daf23484fb1 ("Add connection tracking label support.")
>> Signed-off-by: Joe Stringer <joe at ovn.org>
>
> Acked-by: Ben Pfaff <blp at ovn.org>

Thanks, I applied this to master and branch-2.5.



More information about the dev mailing list