[ovs-git] [openvswitch/ovs] 53950e: ofproto-dpif-xlate: xlate ct_{mark, label} correct...

GitHub noreply at github.com
Fri Apr 22 22:47:19 UTC 2016


  Branch: refs/heads/branch-2.5
  Home:   https://github.com/openvswitch/ovs
  Commit: 53950e50b2f56f6b25f8b6aa3fa95438c7b1f835
      https://github.com/openvswitch/ovs/commit/53950e50b2f56f6b25f8b6aa3fa95438c7b1f835
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-04-22 (Fri, 22 Apr 2016)

  Changed paths:
    M lib/util.h
    M ofproto/ofproto-dpif-xlate.c
    M tests/system-traffic.at

  Log Message:
  -----------
  ofproto-dpif-xlate: xlate ct_{mark, label} correctly.

When translating multiple ct actions in a row which include modification
of ct_mark or ct_labels, these fields could be incorrectly translated
into datapath actions, resulting in modification of these fields for
entries when the OpenFlow rules didn't actually specify the change.

For instance, the following OpenFlow actions:
ct(zone=1,commit,exec(set_field(1->ct_mark))),ct(zone=2,table=1),...

Would translate into the datapath actions:
ct(zone=1,commit,mark=1),ct(zone=2,mark=1),recirc(...),...

This commit fixes the issue by zeroing the wildcards for these fields
prior to performing nested actions translation (and restoring
afterwards). As such, these fields do not hold both the match and the
field modification values at the same time. As a result, the ct_mark and
ct_labels don't leak from one ct action to the next.

Upstream: f2d105b5915f ("ofproto-dpif-xlate: xlate ct_{mark, label} correctly.")
Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
Fixes: 9daf23484fb1 ("Add connection tracking label support.")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list