The rest of the conntrack state (in the flow) is saved and restored, so this should be also.
Reported-by: Mickey Spiegel <[email protected]> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-January/326981.html Fixes: 7ae62a676d3a ("ofp-actions: Add clone action.") Signed-off-by: Ben Pfaff <[email protected]> --- ofproto/ofproto-dpif-xlate.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index e442956..b02e317 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4331,9 +4331,16 @@ xlate_sample_action(struct xlate_ctx *ctx, static void compose_clone_action(struct xlate_ctx *ctx, const struct ofpact_nest *oc) { + bool old_conntracked = ctx->conntracked; struct flow old_flow = ctx->xin->flow; + do_xlate_actions(oc->actions, ofpact_nest_get_action_len(oc), ctx); + ctx->xin->flow = old_flow; + + /* The clone's conntrack execution should have no effect on the original + * packet. */ + ctx->conntracked = old_conntracked; } static bool -- 2.10.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
