On Tue, Jan 17, 2023 at 8:11 AM Dumitru Ceara <[email protected]> wrote: > > On 12/15/22 07:37, Han Zhou wrote: > > On Wed, Dec 14, 2022 at 2:52 PM Lorenzo Bianconi < > > [email protected]> wrote: > >> > >> In the current codebase ct_commit {} action clears ct_state metadata of > >> the incoming packet. This behaviour introduces an issue if we need to > >> check the connection tracking state in the subsequent pipeline stages, > >> e.g. for hairpin traffic: > >> > >> table=14(ls_in_pre_hairpin ), priority=100 , match=(ip && ct.trk), > > action=(reg0[6] = chk_lb_hairpin(); reg0[12] = chk_lb_hairpin_reply(); > > next;) > >> > >> Fix the issue moving PRE_HAIRPIN,NAT_HAIRPIN and HAIRPIN stages before > >> ACL_AFTER_LB and STATEFUL ones. > >> > >> Suggested-by: Han Zhou <[email protected]> > >> Suggested-by: Dumitru Ceara <[email protected]> > >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2103086 > >> Signed-off-by: Lorenzo Bianconi <[email protected]> > >> --- > >> Changes since v3: > >> - swap hairpin stages with acl_after_lb and stateful ones > >> Changes since v2: > >> - add ovn system-tests for ct_commit_continue > >> Changes since v1: > >> - introduce new nested action ct_commit_continue instead of modifying > >> ct_commit_v2 > >> --- > >> northd/northd.c | 10 +-- > >> northd/ovn-northd.8.xml | 176 ++++++++++++++++++++-------------------- > >> tests/ovn-northd.at | 6 +- > >> tests/system-ovn.at | 24 +++++- > >> 4 files changed, 118 insertions(+), 98 deletions(-) > > [...] > > >> > > > > Thanks Lorenzo. > > Acked-by: Han Zhou <[email protected]> > > > > Thanks, Lorenzo and Han! I applied this to the main branch. I was also > thinking of backporting this wherever possible; do you see a reason why > I shouldn't? > > Moving the stages around should not create issues if backported but I > wanted to be sure I'm not missing something. > > Regards, > Dumitru >
I think it is ok to backport because it is an important bug fix, and I don't see obvious problems, either. Thanks, Han _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
