NACK: [SRU][F:linux-bluefield][PATCH 0/5] Fix ct_state nat matching and nat action not being executed

Stefan Bader stefan.bader at canonical.com
Mon Jan 17 10:05:21 UTC 2022 

On 13.01.22 17:05, Bodong Wang wrote:
> Netfilter conntrack maintains NAT flags per connection indicating
> whether NAT was configured for the connection. Openvswitch maintains
> NAT flags on the per packet flow key ct_state field, indicating
> whether NAT was actually executed on the packet.
> 
> When a packet misses from tc to ovs the conntrack NAT flags are set.
> However, NAT was not necessarily executed on the packet because the
> connection's state might still be in NEW state. As such, openvswitch
> wrongly assumes that NAT was executed and sets an incorrect flow key
> NAT flags. This can lead to incorrect matching on ct_state nat flags,
> and nat not being executed by ovs.
> 
> This patch series fixed the bug above.
> 
> 
> Paul Blakey (4):
>    net/sched: Extend qdisc control block with tc control block
>    net/sched: flow_dissector: Fix matching on zone id for invalid conns
>    net: openvswitch: Fix matching zone id for invalid conns arriving from
>      tc
>    UBUNTU: SAUCE: net: openvswitch: Fix ct_state nat flags for conns
>      arriving from tc
> 
> Vlad Buslov (1):
>    net: zero-initialize tc skb extension on allocation
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en_tc.c |  2 +-
>   include/linux/skbuff.h                          |  7 +++++--
>   include/net/pkt_cls.h                           | 11 +++++++++++
>   include/net/pkt_sched.h                         | 18 ++++++++++++++++++
>   include/net/sch_generic.h                       |  2 --
>   net/core/dev.c                                  |  8 ++++----
>   net/core/flow_dissector.c                       |  3 ++-
>   net/openvswitch/flow.c                          | 20 ++++++++++++++++++--
>   net/sched/act_ct.c                              | 21 ++++++++++++++-------
>   net/sched/cls_api.c                             | 11 ++++++++---
>   net/sched/cls_flower.c                          |  6 ++++--
>   net/sched/sch_frag.c                            |  3 ++-
>   12 files changed, 87 insertions(+), 25 deletions(-)
> 
V2 on the mailing list.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220117/4391e8de/attachment.sig>

More information about the kernel-team mailing list