[ovs-dev] [PATCH 1/2] ofproto-dpif-xlate: xlate ct_{mark, label} correctly.
Ben Pfaff
blp at ovn.org
Fri Apr 22 15:37:42 UTC 2016
On Fri, Apr 15, 2016 at 11:36:04AM -0700, Joe Stringer wrote:
> When translating multiple ct actions in a row which include modification
> of ct_mark or ct_labels, these fields could be incorrectly translated
> into datapath actions, resulting in modification of these fields for
> entries when the OpenFlow rules didn't actually specify the change.
>
> For instance, the following OpenFlow actions:
> ct(zone=1,commit,exec(set_field(1->ct_mark))),ct(zone=2,table=1),...
>
> Would translate into the datapath actions:
> ct(zone=1,commit,mark=1),ct(zone=2,mark=1),recirc(...),...
>
> This commit fixes the issue by zeroing the wildcards for these fields
> prior to performing nested actions translation (and restoring
> afterwards). As such, these fields do not hold both the match and the
> field modification values at the same time. As a result, the ct_mark and
> ct_labels don't leak from one ct action to the next.
>
> Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
> Fixes: 9daf23484fb1 ("Add connection tracking label support.")
> Signed-off-by: Joe Stringer <joe at ovn.org>
I looked this over carefully and did not spot any problems. Thank you!
Acked-by: Ben Pfaff <blp at ovn.org>
More information about the dev
mailing list