ACK: [SRU][F:linux-bluefield][PATCH V3 0/5] Fix ct_state nat matching and nat action not being executed

Tim Gardner tim.gardner at canonical.com
Wed Jan 19 16:19:30 UTC 2022 

Acked-by: Tim Gardner <tim.gardner at canonical.com>

On 1/18/22 1:20 PM, Bodong Wang wrote:
> Netfilter conntrack maintains NAT flags per connection indicating
> whether NAT was configured for the connection. Openvswitch maintains
> NAT flags on the per packet flow key ct_state field, indicating
> whether NAT was actually executed on the packet.
> 
> When a packet misses from tc to ovs the conntrack NAT flags are set.
> However, NAT was not necessarily executed on the packet because the
> connection's state might still be in NEW state. As such, openvswitch
> wrongly assumes that NAT was executed and sets an incorrect flow key
> NAT flags. This can lead to incorrect matching on ct_state nat flags,
> and nat not being executed by ovs.
> 
> This patch series fixed the bug above.
> 
> V1->v2:
> Fix upstream commit SHA for patch "net/sched: Extend qdisc control block with tc control block"
> 
> V2->v3:
> Use commit SHA from linux-next for patch "net: openvswitch: Fix ct_state
> nat flags for conns arriving from tc"
> 
> Paul Blakey (4):
>    net/sched: Extend qdisc control block with tc control block
>    net/sched: flow_dissector: Fix matching on zone id for invalid conns
>    net: openvswitch: Fix matching zone id for invalid conns arriving from
>      tc
>    net: openvswitch: Fix ct_state nat flags for conns arriving from tc
> 
> Vlad Buslov (1):
>    net: zero-initialize tc skb extension on allocation
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en_tc.c |  2 +-
>   include/linux/skbuff.h                          |  7 +++++--
>   include/net/pkt_cls.h                           | 11 +++++++++++
>   include/net/pkt_sched.h                         | 18 ++++++++++++++++++
>   include/net/sch_generic.h                       |  2 --
>   net/core/dev.c                                  |  8 ++++----
>   net/core/flow_dissector.c                       |  3 ++-
>   net/openvswitch/flow.c                          | 20 ++++++++++++++++++--
>   net/sched/act_ct.c                              | 21 ++++++++++++++-------
>   net/sched/cls_api.c                             | 11 ++++++++---
>   net/sched/cls_flower.c                          |  6 ++++--
>   net/sched/sch_frag.c                            |  3 ++-
>   12 files changed, 87 insertions(+), 25 deletions(-)
> 

-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list