[ovs-dev] [RFC] [net]openvswitch: Clear the ct flow key for the recirculated packet
Lance Richardson
lrichard at redhat.com
Thu Mar 16 21:11:35 UTC 2017
> From: "Numan Siddique" <nusiddiq at redhat.com>
> To: netdev at vger.kernel.org, "ovs dev" <dev at openvswitch.org>
> Cc: "Joe Stringer" <joe at ovn.org>, "Andy Zhou" <azhou at ovn.org>, jarno at ovn.org
> Sent: Thursday, March 16, 2017 8:25:06 AM
> Subject: [RFC] [net]openvswitch: Clear the ct flow key for the recirculated packet
>
> It is possible that the ct flow key information would have
> gone stale for the packets received from the userspace due to
> clone or ct_clear actions.
>
> In the case of OVN, it adds ping responder flows, which modifies
> the original icmp4 request packet to a reply packet. It uses the
> OVS actions - clone and ct_clear. When the reply packet hits the
> "ovs_ct_execute" function, and since the ct flow key info is not
> cleared, the connection tracker doesn't set the state to
> ESTABLISHED state.
>
> Note: This patch is marked as RFC, as I am not sure if this is the correct
> place to address this issue or it should be addressed in ovs-vswitchd
> to set the OVS_KEY_ATTR_CT_STATE and other related attributes
> properly for ct_clear action.
>
> Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
> ---
Hi Numan,
With this patch applied I'm consistently seeing failures for two of the
kernel datapath unit tests (via "make check-kernel"):
16: conntrack - force commit FAILED (system-traffic.at:692)
54: conntrack - SNAT with ct_mark change on reply FAILED (system-traffic.at:2446)
More information about the dev
mailing list