Re: [RFC] [net]openvswitch: Clear the ct flow key for the recirculated packet

[Numan Siddique <nusiddiq-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]

On Fri, Mar 17, 2017 at 2:41 AM, Lance Richardson <lrichard@redhat.com>
wrote:

> > From: "Numan Siddique" <nusiddiq@redhat.com>
> > To: netdev@vger.kernel.org, "ovs dev" <dev@openvswitch.org>
> > Cc: "Joe Stringer" <joe@ovn.org>, "Andy Zhou" <azhou@ovn.org>,
> jarno@ovn.org
> > Sent: Thursday, March 16, 2017 8:25:06 AM
> > Subject: [RFC] [net]openvswitch: Clear the ct flow key for the
> recirculated packet
> >
> > It is possible that the ct flow key information would have
> > gone stale for the packets received from the userspace due to
> > clone or ct_clear actions.
> >
> > In the case of OVN, it adds ping responder flows, which modifies
> > the original icmp4 request packet to a reply packet. It uses the
> > OVS actions - clone and ct_clear. When the reply packet hits the
> > "ovs_ct_execute" function, and since the ct flow key info is not
> > cleared, the connection tracker doesn't set the state to
> > ESTABLISHED state.
> >
> > Note: This patch is marked as RFC, as I am not sure if this is the
> correct
> > place to address this issue or it should be addressed in ovs-vswitchd
> > to set the OVS_KEY_ATTR_CT_STATE and other related attributes
> > properly for ct_clear action.
> >
> > Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
> > ---
>
> Hi Numan,
>
> With this patch applied I'm consistently seeing failures for two of the
> kernel datapath unit tests (via "make check-kernel"):
>
>  16: conntrack - force commit                        FAILED (
> system-traffic.at:692)
>  54: conntrack - SNAT with ct_mark change on reply   FAILED (
> system-traffic.at:2446)
>
>
Thanks Lance for comments.
I will take care of running the sanity checks next time.

​
_______________________________________________
dev mailing list
dev@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev