APPLIED: [SRU][F:linux-bluefield][PATCH V3 0/5] Fix ct_state nat matching and nat action not being executed

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Wed Feb 9 00:21:50 UTC 2022 

Applied to Focal:linux-bluefield

Thanks!

- Luke

On Tue, Jan 18, 2022 at 12:20 PM Bodong Wang <bodong at nvidia.com> wrote:

> Netfilter conntrack maintains NAT flags per connection indicating
> whether NAT was configured for the connection. Openvswitch maintains
> NAT flags on the per packet flow key ct_state field, indicating
> whether NAT was actually executed on the packet.
>
> When a packet misses from tc to ovs the conntrack NAT flags are set.
> However, NAT was not necessarily executed on the packet because the
> connection's state might still be in NEW state. As such, openvswitch
> wrongly assumes that NAT was executed and sets an incorrect flow key
> NAT flags. This can lead to incorrect matching on ct_state nat flags,
> and nat not being executed by ovs.
>
> This patch series fixed the bug above.
>
> V1->v2:
> Fix upstream commit SHA for patch "net/sched: Extend qdisc control block
> with tc control block"
>
> V2->v3:
> Use commit SHA from linux-next for patch "net: openvswitch: Fix ct_state
> nat flags for conns arriving from tc"
>
> Paul Blakey (4):
>   net/sched: Extend qdisc control block with tc control block
>   net/sched: flow_dissector: Fix matching on zone id for invalid conns
>   net: openvswitch: Fix matching zone id for invalid conns arriving from
>     tc
>   net: openvswitch: Fix ct_state nat flags for conns arriving from tc
>
> Vlad Buslov (1):
>   net: zero-initialize tc skb extension on allocation
>
>  drivers/net/ethernet/mellanox/mlx5/core/en_tc.c |  2 +-
>  include/linux/skbuff.h                          |  7 +++++--
>  include/net/pkt_cls.h                           | 11 +++++++++++
>  include/net/pkt_sched.h                         | 18 ++++++++++++++++++
>  include/net/sch_generic.h                       |  2 --
>  net/core/dev.c                                  |  8 ++++----
>  net/core/flow_dissector.c                       |  3 ++-
>  net/openvswitch/flow.c                          | 20 ++++++++++++++++++--
>  net/sched/act_ct.c                              | 21 ++++++++++++++-------
>  net/sched/cls_api.c                             | 11 ++++++++---
>  net/sched/cls_flower.c                          |  6 ++++--
>  net/sched/sch_frag.c                            |  3 ++-
>  12 files changed, 87 insertions(+), 25 deletions(-)
>
> --
> 1.8.3.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220208/caf47e77/attachment.html>

More information about the kernel-team mailing list