[SRU][F:linux-bluefield][PATCH 0/5] Fix ct_state nat matching and nat action not being executed

[Bodong Wang]

Netfilter conntrack maintains NAT flags per connection indicating 
whether NAT was configured for the connection. Openvswitch maintains
NAT flags on the per packet flow key ct_state field, indicating
whether NAT was actually executed on the packet.

When a packet misses from tc to ovs the conntrack NAT flags are set.
However, NAT was not necessarily executed on the packet because the
connection's state might still be in NEW state. As such, openvswitch
wrongly assumes that NAT was executed and sets an incorrect flow key
NAT flags. This can lead to incorrect matching on ct_state nat flags,
and nat not being executed by ovs.

This patch series fixed the bug above.


Paul Blakey (4):
  net/sched: Extend qdisc control block with tc control block
  net/sched: flow_dissector: Fix matching on zone id for invalid conns
  net: openvswitch: Fix matching zone id for invalid conns arriving from
    tc
  UBUNTU: SAUCE: net: openvswitch: Fix ct_state nat flags for conns
    arriving from tc

Vlad Buslov (1):
  net: zero-initialize tc skb extension on allocation

 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c |  2 +-
 include/linux/skbuff.h                          |  7 +++++--
 include/net/pkt_cls.h                           | 11 +++++++++++
 include/net/pkt_sched.h                         | 18 ++++++++++++++++++
 include/net/sch_generic.h                       |  2 --
 net/core/dev.c                                  |  8 ++++----
 net/core/flow_dissector.c                       |  3 ++-
 net/openvswitch/flow.c                          | 20 ++++++++++++++++++--
 net/sched/act_ct.c                              | 21 ++++++++++++++-------
 net/sched/cls_api.c                             | 11 ++++++++---
 net/sched/cls_flower.c                          |  6 ++++--
 net/sched/sch_frag.c                            |  3 ++-
 12 files changed, 87 insertions(+), 25 deletions(-)

-- 
1.8.3.1