On 2022-01-31 12:52 PM, Eelco Chaudron wrote:
When programming NAT rules OVS only sets the minimum value for a
single IP/port value. However, responses from flower will always
return min == max for single IP/port values. This is causing the
verification to fail as the request is different than the response.
To avoid this, we will update the response to match the request.
Signed-off-by: Eelco Chaudron <[email protected]>
---
lib/tc.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/tc.c b/lib/tc.c
index ebec097dc..f2778af4c 100644
--- a/lib/tc.c
+++ b/lib/tc.c
@@ -1486,7 +1486,9 @@ nl_parse_act_ct(struct nlattr *options, struct tc_flower
*flower)
if (ipv4_max) {
ovs_be32 addr = nl_attr_get_be32(ipv4_max);
- action->ct.range.ipv4.max = addr;
+ if (action->ct.range.ipv4.min != addr) {
+ action->ct.range.ipv4.max = addr;
+ }
}
} else if (ipv6_min) {
action->ct.range.ip_family = AF_INET6;
@@ -1495,7 +1497,9 @@ nl_parse_act_ct(struct nlattr *options, struct tc_flower
*flower)
if (ipv6_max) {
struct in6_addr addr = nl_attr_get_in6_addr(ipv6_max);
- action->ct.range.ipv6.max = addr;
+ if (!ipv6_addr_equals(&action->ct.range.ipv6.min, &addr)) {
+ action->ct.range.ipv6.max = addr;
+ }
}
}
@@ -1503,6 +1507,10 @@ nl_parse_act_ct(struct nlattr *options, struct tc_flower *flower)
action->ct.range.port.min = nl_attr_get_be16(port_min);
if (port_max) {
action->ct.range.port.max = nl_attr_get_be16(port_max);
+ if (action->ct.range.port.min ==
+ action->ct.range.port.max) {
+ action->ct.range.port.max = 0;
+ }
}
}
}
Acked-by: Roi Dayan <[email protected]>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
