Public bug reported:
* Explain the bug
When using OVS with tc to offload connection tracking flows, if user matches on
ct_state other then trk and est, such as ct_state +rpl, it will be silently
ignored by TC/HW and might result in wrong actions being executed.
* How to test
Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices)
Enable HW offload and configure connection tracking OpenFlow rules which match
on ct_state +rpl and do different actions based on that match.
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new
actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2"
With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl
match, and without they don't have,
meaning the match is ignored.
* What it could break.
NA
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944390
Title:
Fix ignoring ct state match of OVS offload to TC/HW
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
