From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B25C152798 for ; Mon, 8 Jul 2024 23:23:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.216.245.30 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720481017; cv=none; b=X7oQpr6R+KRAknYRaCwdZTUk7A+Tcojhjb1XHezNak0qw4EGfn9z5WLigKSt9Kh82l5W89sLLMAkC61BmmhE7VV6Wp8oRp3r8rp9sKatQ/kMSpKe4I+2slgR0e6C3MsmX2y0Cmg7BbUhfr8C30Y+kMNZjSEeILrjdkcvSCaONXE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720481017; c=relaxed/simple; bh=viFzJ94D/9goW4gHxe8JXgfhSTzovaLlzFiulBvvjjc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=jwNTCTITuWj3yKOK7iI7vyMnBxFj7AU+nzP3EcJJeAukD5gq2fBW14HKf9VBSGulk4PuawAdRKKPCtP4NUScbzv5VmwCHAysjYLQXDIwogV6HXg5CjXAD6xjAQ8XWtjgsgUQI58dCgMIkmWnsyeglSXAePIb47qKhUAv6lBVKI0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de; spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1sQx0J-0004pJ-Iz; Tue, 09 Jul 2024 00:38:39 +0200 Date: Tue, 9 Jul 2024 00:38:39 +0200 From: Florian Westphal To: Xin Long Cc: Florian Westphal , Ilya Maximets , network dev , dev@openvswitch.org, Marcelo Ricardo Leitner , Jiri Pirko , Davide Caratti , Jamal Hadi Salim , Eric Dumazet , Cong Wang , kuba@kernel.org, Paolo Abeni , davem@davemloft.net, Pablo Neira Ayuso , Aaron Conole Subject: Re: [PATCH net-next 3/3] openvswitch: set IPS_CONFIRMED in tmpl status only when commit is set in conntrack Message-ID: <20240708223839.GA18283@breakpoint.cc> References: <5a9886fd-cdd7-4aa2-880f-5664288d5f25@ovn.org> <619f9212-fa90-44d2-9951-800523413c8d@ovn.org> <20240619201959.GA1513@breakpoint.cc> <20240619212030.GB1513@breakpoint.cc> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Xin Long wrote: > I can avoid this warning by not allocating ext for commit ct in ovs: > > @@ -426,7 +426,7 @@ static int ovs_ct_set_labels(struct nf_conn *ct, > struct sw_flow_key *key, > struct nf_conn_labels *cl; > int err; > > - cl = ovs_ct_get_conn_labels(ct); > + cl = nf_ct_labels_find(ct); > if (!cl) > return -ENOSPC; > > However, the test case would fail, although the failure can be worked around > by setting ct_label in the 1st rule: > > table=0,priority=30,in_port=1,ip,nw_dst=172.1.1.2,actions=ct(commit,nat(dst=10.1.1.2:80),exec(set_field:0x01->ct_label),table=1) > > So I'm worrying our change may break some existing OVS user cases. Then ovs_ct_limit_init() and nf_connlabels_get() need to be called once on the first conntrack operatation, regardless if labels are asked for or not. Not nice but still better than current state. ovs_ct_execute() perhaps?