On 12/15/22 07:37, Han Zhou wrote: > On Wed, Dec 14, 2022 at 2:52 PM Lorenzo Bianconi < > [email protected]> wrote: >> >> In the current codebase ct_commit {} action clears ct_state metadata of >> the incoming packet. This behaviour introduces an issue if we need to >> check the connection tracking state in the subsequent pipeline stages, >> e.g. for hairpin traffic: >> >> table=14(ls_in_pre_hairpin ), priority=100 , match=(ip && ct.trk), > action=(reg0[6] = chk_lb_hairpin(); reg0[12] = chk_lb_hairpin_reply(); > next;) >> >> Fix the issue moving PRE_HAIRPIN,NAT_HAIRPIN and HAIRPIN stages before >> ACL_AFTER_LB and STATEFUL ones. >> >> Suggested-by: Han Zhou <[email protected]> >> Suggested-by: Dumitru Ceara <[email protected]> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2103086 >> Signed-off-by: Lorenzo Bianconi <[email protected]> >> --- >> Changes since v3: >> - swap hairpin stages with acl_after_lb and stateful ones >> Changes since v2: >> - add ovn system-tests for ct_commit_continue >> Changes since v1: >> - introduce new nested action ct_commit_continue instead of modifying >> ct_commit_v2 >> --- >> northd/northd.c | 10 +-- >> northd/ovn-northd.8.xml | 176 ++++++++++++++++++++-------------------- >> tests/ovn-northd.at | 6 +- >> tests/system-ovn.at | 24 +++++- >> 4 files changed, 118 insertions(+), 98 deletions(-)
[...] >> > > Thanks Lorenzo. > Acked-by: Han Zhou <[email protected]> > Thanks, Lorenzo and Han! I applied this to the main branch. I was also thinking of backporting this wherever possible; do you see a reason why I shouldn't? Moving the stages around should not create issues if backported but I wanted to be sure I'm not missing something. Regards, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
