[ovs-git] [openvswitch/ovs] 4d1829: ofproto-dpif-xlate: Generate bitmasks in set_field...

GitHub noreply at github.com
Fri Apr 15 18:21:58 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 4d1829347af5bff0fe3cdd1c20b2bead569a26ba
      https://github.com/openvswitch/ovs/commit/4d1829347af5bff0fe3cdd1c20b2bead569a26ba
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-04-15 (Fri, 15 Apr 2016)

  Changed paths:
    M include/openvswitch/meta-flow.h
    M lib/meta-flow.c
    M ofproto/ofproto-dpif-xlate.c
    M tests/ofproto-dpif.at
    M tests/system-traffic.at

  Log Message:
  -----------
  ofproto-dpif-xlate: Generate bitmasks in set_field.

Previously, whenever a set_field() action was executed, the entire field
would become masked and the entire field replaced, regardless of the
mask specified in the set_field() action.

In most cases this is fine, although it may lead to more specific
wildcards than strictly necessary. However, in a particular case with
connection tracking actions it could lead to the wrong behaviour.

Unlike most OpenFlow fields, the ct_{mark,labels} fields are typically
unknown until the ct(...,recirc_table=N,...) action is executed however
the packet may actually belong to a connection which has a nonzero value
for one of these fields. This can lead to the wrong behaviour with flows
such as the following:

in_port=1,ip,actions=ct(commit,exec(set_field(0x1/0x1->ct_mark))),2
in_port=2,ip,actions=ct(commit,exec(set_field(0x2/0x2->ct_mark))),1

Connections flowing through these actions will always update the ct_mark
field stored within the conntrack table. However, rather than modifying
only the specified bits (0x1 in one direction, 0x2 in the other), the
entire ct_mark field will be replaced. Such connections will constantly
toggle the value of ct_mark between 0x1 and 0x2, rather than becoming
0x3 and keeping that value.

This commit fixes the issue by ensuring that set_field actions only
modify the modified bits in the wildcards, rather than masking the
entire field.

Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes: 9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>


  Commit: 96f46bfc3d7e26246228754905a4a52f4ec6021d
      https://github.com/openvswitch/ovs/commit/96f46bfc3d7e26246228754905a4a52f4ec6021d
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-04-15 (Fri, 15 Apr 2016)

  Changed paths:
    M utilities/ovs-ofctl.8.in

  Log Message:
  -----------
  manpages: Update documentation for ct_* masks.

These have been supported all along, but the documentation neglected to
mention the fact.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/25d436fbd49f...96f46bfc3d7e


More information about the git mailing list