[Bug 1811769] Re: update ct zone fail in ovs 2.10

cing 1811769 at bugs.launchpad.net
Tue Jan 15 08:11:43 UTC 2019 

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1811769

Title:
  update ct zone fail  in ovs 2.10

Status in openvswitch package in Ubuntu:
  New

Bug description:
  Hello everyone
  I find a proplem in my ct case, as follows

  My openflow rules in ovs userspace follow:
  table=0, priority=1000,in_port=100, actions=set_field:0x64->reg6,write_metadata:0x17e600000007,goto_table:10
  table=10, priority=2000,ip actions=ct(table=15,zone=NXM_NX_REG6[0..15])
  table=15, priority=2000,ct_state=-new+rel-inv+trk actions=goto_table:20
  table=15, priority=2000,ct_state=+new+rel-inv+trk,ip actions=ct(commit,table=20,zone=NXM_NX_CT_ZONE[])
  table=15, priority=2000,ct_state=+inv+trk actions=drop
  table=20,priority=0 actions=output:200

  we send packet from in_port 100 to output port 200

  dump datapath flows in kernel follow, ct_zone=100 in dp flows:

  ufid:3d4386a1-b5e6-4c16-8baa-1d7f6833c95e, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(port-5mtbybsxco),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=fa:16:3e:15:d1:73,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=172.0.0.0/252.0.0.0,proto=17,tos=0/0,ttl=0/0,frag=no),udp(src=32768/0x8000,dst=0/0), packets:120540, bytes:9643200, used:0.685s, dp:ovs, actions:ct(zone=100),recirc(0x1)
  ufid:86cd3e24-bc9d-48ae-b9e7-98780d936539, recirc_id(0x1),dp_hash(0/0),skb_priority(0/0),in_port(port-5mtbybsxco),skb_mark(0/0),ct_state(0x21/0x37),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=128.0.0.0/128.0.0.0,proto=17,tos=0/0,ttl=0/0,frag=no),udp(src=0/0,dst=53), packets:120539, bytes:9643120, used:0.685s, dp:ovs, actions:ct(commit,zone=100),recirc(0xe)

  then, I expect to update zone from 100 to 200, so I update openflow rule in table 0
  table=0, priority=1000,in_port=100, actions=set_field:0xc8->reg6,write_metadata:0x17e600000007,goto_table:10

  after update finished, we dump flows in dp:
  ufid:3d4386a1-b5e6-4c16-8baa-1d7f6833c95e, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(port-5mtbybsxco),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=fa:16:3e:15:d1:73,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=172.0.0.0/252.0.0.0,proto=17,tos=0/0,ttl=0/0,frag=no),udp(src=32768/0x8000,dst=0/0), packets:120540, bytes:9643200, used:0.685s, dp:ovs, actions:ct(zone=200),recirc(0x1)
  ufid:86cd3e24-bc9d-48ae-b9e7-98780d936539, recirc_id(0x1),dp_hash(0/0),skb_priority(0/0),in_port(port-5mtbybsxco),skb_mark(0/0),ct_state(0x21/0x37),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=128.0.0.0/128.0.0.0,proto=17,tos=0/0,ttl=0/0,frag=no),udp(src=0/0,dst=53), packets:120539, bytes:9643120, used:0.685s, dp:ovs, actions:ct(commit,zone=100),recirc(0xe)

  ct actions of recirc_id (0x1) datapath flow can not update zone=200,
  it’s still 100

  so I think this is a bug, I hope someone can help answer, thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1811769/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list