From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FF9A1A3BDC for ; Tue, 13 Aug 2024 18:58:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.216.245.30 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723575521; cv=none; b=YqIY/0v1iDgs8Jj3neUor2I4+RrU2sq/367joUsmH7btCrUmfsE1i8+Lqjf6q1ExgDY+2eC4vpAv7eymiJT7/7rZT92VvL6XHyOP/JrWk7BxCH/BgHuDSoAxn/ucCUsBpkjTQDzvkLXESqTCHQv2SSQ1yRb+ceCeLT/NNhaq5SU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723575521; c=relaxed/simple; bh=GjP0NE8jN/694JNItDU+k0EcDObtnocqc8zuTIuRfTo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Vq4uw0VvQIbTmt2wOUhg5UoLIvC9tN2CGNrKypIsnmr1iVHYeFFo7G+c0PjFxJPjFrioSYWeB8EihFThSha7OqL3ecSu74qvM5Tqu9Yj+zMXYWekWIkbN04jF/yLrpzl1yUqsrMANlQk3b8mayvae047HLLvD895tzpKns3LMzs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de; spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1sdwj3-000410-SS; Tue, 13 Aug 2024 20:58:33 +0200 Date: Tue, 13 Aug 2024 20:58:33 +0200 From: Florian Westphal To: Xin Long Cc: network dev , dev@openvswitch.org, ovs-dev@openvswitch.org, davem@davemloft.net, kuba@kernel.org, Eric Dumazet , Paolo Abeni , Pravin B Shelar , Ilya Maximets , Aaron Conole , Florian Westphal Subject: Re: [PATCHv2 net-next] openvswitch: switch to per-action label counting in conntrack Message-ID: <20240813185833.GA15353@breakpoint.cc> References: <6b9347d5c1a0b364e88d900b29a616c3f8e5b1ca.1723483073.git.lucien.xin@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6b9347d5c1a0b364e88d900b29a616c3f8e5b1ca.1723483073.git.lucien.xin@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Xin Long wrote: > Similar to commit 70f06c115bcc ("sched: act_ct: switch to per-action > label counting"), we should also switch to per-action label counting > in openvswitch conntrack, as Florian suggested. > > The difference is that nf_connlabels_get() is called unconditionally > when creating an ct action in ovs_ct_copy_action(). As with these > flows: > > table=0,ip,actions=ct(commit,table=1) > table=1,ip,actions=ct(commit,exec(set_field:0xac->ct_label),table=2) > > it needs to make sure the label ext is created in the 1st flow before > the ct is committed in ovs_ct_commit(). Otherwise, the warning in > nf_ct_ext_add() when creating the label ext in the 2nd flow will > be triggered: With this and https://patchwork.ozlabs.org/project/netfilter-devel/patch/7380c37e2d58a93164b7f2212c90cd23f9d910f8.1721268584.git.lucien.xin@gmail.com/ applied new netns doesn't have conntrack enabled anymore, so Acked-by: Florian Westphal Thanks Xinlong!