[ovs-dev] [PATCHv2] ofproto-dpif: Mark packets as "untracked" after call to ct().

Flavio Leitner fbl at sysclose.org
Thu Aug 31 22:07:21 UTC 2017 

On Thu, 31 Aug 2017 13:17:28 -0700
Justin Pettit <jpettit at ovn.org> wrote:

> 
> > On Aug 29, 2017, at 9:13 PM, Flavio Leitner <fbl at sysclose.org> wrote:
> > 
> > On Mon, 21 Aug 2017 12:56:33 -0700
> > Justin Pettit <jpettit at ovn.org> wrote:
> > 
> >>> On Aug 21, 2017, at 12:38 PM, Joe Stringer <joe at ovn.org> wrote:
> >>> 
> >>> Overall I think that this is an improvement to consistency of what
> >>> connection tracking metadata is accessible from different points in
> >>> the OpenFlow pipeline. Although this will restrict the availability of
> >>> ct_state following the ct() action execution, controller writers who
> >>> wish to preserve access to this content across a CT action execution
> >>> can do so using registers. In practice I'm not aware of any controller
> >>> that is currently operating this way though.
> >>> 
> >>> Do we need a NEWS item for this?  
> >> 
> >> Good point I added something.
> >> 
> >>> Acked-by: Joe Stringer <joe at ovn.org>  
> >> 
> >> Thanks for all your suggestions and testing on these patches leading up to this no-slowpath work.  I've pushed this change to master and branch-2.8.
> > 
> > We found that at least OpenShift 3.6.0 breaks after this change.
> > 
> > It does:
> > "table=30, priority=300, ip, nw_dst=%s, ct_state=+rpl, actions=ct(nat),goto_table:70"
> > and then there is a rule that checks if ct_state=+rpl.
> > 
> > We are going to fix it to "actions=ct(nat,table=70)" in the newer
> > releases, but of course we can't change the past, and that prevents
> > us to provide newer OVS as updates.
> 
> I sent out a revert patch for branch-2.8:
> 
> 	https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/338154.html
> 
> It's unfortunate to introduce an API change, and I believe we have a good history of rarely doing that.  However, I think this change will provide a big long-term win when we can avoid slow-pathing controller actions.  As such, I'd still like to include this change in the 2.9 release (or whatever it's called).

It's unfortunate, indeed. We should strive to avoid that as much as
possible.  I hope we can find a way to support that change until it
comes as part of the next release though.  Let's see during the next
development cycle.

Thanks!
-- 
Flavio

More information about the dev mailing list