[ovs-git] [ovn-org/ovn] 925632: ovn-controller: Fix the missing ct zone entries fo...

numansiddique noreply at github.com
Fri Jul 17 17:12:52 UTC 2020

  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 925632ee6032225ea399e3671353c04297204eae
  Author: Numan Siddique <numans at ovn.org>
  Date:   2020-07-17 (Fri, 17 Jul 2020)

  Changed paths:
    M controller/binding.c
    M tests/ovn.at
    M tests/system-ovn.at

  Log Message:
  ovn-controller: Fix the missing ct zone entries for container ports.

After the commit in the Fixes tag, ovn-controller was not creating ct zone
entries for the container ports in the integration bridge's external_ids
column. Because of this, when a container port sends a traffic to
load balancer VIP, zone id is not used (because REG13 is not set).
But the reverse traffic doesn't go through the ct_lb action for undnat,
but instead go to the conntrack via the ct_commit() OVN action and the
packet gets dropped. This happens if an ACL with allow-related action
which matches in the egress pipeline of the logical switch.

This patch fixes this regression and the tests make sure the the ct zone
entries are created for the container ports.

Fixes: 6c8b9a132532("ovn-controller: Store the local port bindings in the runtime data I-P state.")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1857865
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1858191
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

More information about the git mailing list