On 1/17/23 19:39, Han Zhou wrote: > On Tue, Jan 17, 2023 at 8:11 AM Dumitru Ceara <[email protected]> wrote: >> >> On 12/15/22 07:37, Han Zhou wrote: >>> On Wed, Dec 14, 2022 at 2:52 PM Lorenzo Bianconi < >>> [email protected]> wrote: >>>> >>>> In the current codebase ct_commit {} action clears ct_state metadata of >>>> the incoming packet. This behaviour introduces an issue if we need to >>>> check the connection tracking state in the subsequent pipeline stages, >>>> e.g. for hairpin traffic: >>>> >>>> table=14(ls_in_pre_hairpin ), priority=100 , match=(ip && ct.trk), >>> action=(reg0[6] = chk_lb_hairpin(); reg0[12] = chk_lb_hairpin_reply(); >>> next;) >>>> >>>> Fix the issue moving PRE_HAIRPIN,NAT_HAIRPIN and HAIRPIN stages before >>>> ACL_AFTER_LB and STATEFUL ones. >>>> >>>> Suggested-by: Han Zhou <[email protected]> >>>> Suggested-by: Dumitru Ceara <[email protected]> >>>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2103086 >>>> Signed-off-by: Lorenzo Bianconi <[email protected]> >>>> --- >>>> Changes since v3: >>>> - swap hairpin stages with acl_after_lb and stateful ones >>>> Changes since v2: >>>> - add ovn system-tests for ct_commit_continue >>>> Changes since v1: >>>> - introduce new nested action ct_commit_continue instead of modifying >>>> ct_commit_v2 >>>> --- >>>> northd/northd.c | 10 +-- >>>> northd/ovn-northd.8.xml | 176 ++++++++++++++++++++-------------------- >>>> tests/ovn-northd.at | 6 +- >>>> tests/system-ovn.at | 24 +++++- >>>> 4 files changed, 118 insertions(+), 98 deletions(-) >> >> [...] >> >>>> >>> >>> Thanks Lorenzo. >>> Acked-by: Han Zhou <[email protected]> >>> >> >> Thanks, Lorenzo and Han! I applied this to the main branch. I was also >> thinking of backporting this wherever possible; do you see a reason why >> I shouldn't? >> >> Moving the stages around should not create issues if backported but I >> wanted to be sure I'm not missing something. >> >> Regards, >> Dumitru >> > > I think it is ok to backport because it is an important bug fix, and I > don't see obvious problems, either. >
Thanks for the confirmation, I backported this to all branches down to 21.12. Thanks, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
