Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/808397/?format=api
{ "id": 808397, "url": "http://patchwork.ozlabs.org/api/patches/808397/?format=api", "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/1504209851-28202-1-git-send-email-jpettit@ovn.org/", "project": { "id": 47, "url": "http://patchwork.ozlabs.org/api/projects/47/?format=api", "name": "Open vSwitch", "link_name": "openvswitch", "list_id": "ovs-dev.openvswitch.org", "list_email": "ovs-dev@openvswitch.org", "web_url": "http://openvswitch.org/", "scm_url": "git@github.com:openvswitch/ovs.git", "webscm_url": "https://github.com/openvswitch/ovs", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1504209851-28202-1-git-send-email-jpettit@ovn.org>", "list_archive_url": null, "date": "2017-08-31T20:04:10", "name": "[ovs-dev,branch-2.8,1/2] Revert \"ofproto-dpif: Mark packets as \"untracked\" after call to ct().\"", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "0066966682650154ab6a6837a24eb76aab564e2d", "submitter": { "id": 67602, "url": "http://patchwork.ozlabs.org/api/people/67602/?format=api", "name": "Justin Pettit", "email": "jpettit@ovn.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/1504209851-28202-1-git-send-email-jpettit@ovn.org/mbox/", "series": [ { "id": 899, "url": "http://patchwork.ozlabs.org/api/series/899/?format=api", "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=899", "date": "2017-08-31T20:04:11", "name": "[ovs-dev,branch-2.8,1/2] Revert \"ofproto-dpif: Mark packets as \"untracked\" after call to ct().\"", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/899/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/808397/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/808397/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<ovs-dev-bounces@openvswitch.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "dev@openvswitch.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "ovs-dev@mail.linuxfoundation.org" ], "Authentication-Results": "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=openvswitch.org\n\t(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;\n\tenvelope-from=ovs-dev-bounces@openvswitch.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from mail.linuxfoundation.org (mail.linuxfoundation.org\n\t[140.211.169.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xjtd7631vz9s81\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 1 Sep 2017 06:04:43 +1000 (AEST)", "from mail.linux-foundation.org (localhost [127.0.0.1])\n\tby mail.linuxfoundation.org (Postfix) with ESMTP id 899C1B7C;\n\tThu, 31 Aug 2017 20:04:18 +0000 (UTC)", "from smtp1.linuxfoundation.org (smtp1.linux-foundation.org\n\t[172.17.192.35])\n\tby mail.linuxfoundation.org (Postfix) with ESMTPS id 5CF02B56\n\tfor <dev@openvswitch.org>; Thu, 31 Aug 2017 20:04:16 +0000 (UTC)", "from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net\n\t[217.70.183.196])\n\tby smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0BBA2D3\n\tfor <dev@openvswitch.org>; Thu, 31 Aug 2017 20:04:14 +0000 (UTC)", "from localhost.localdomain (unknown [209.66.79.214])\n\t(Authenticated sender: jpettit@ovn.org)\n\tby relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 370841720B3\n\tfor <dev@openvswitch.org>; Thu, 31 Aug 2017 22:04:12 +0200 (CEST)" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "X-Originating-IP": "209.66.79.214", "From": "Justin Pettit <jpettit@ovn.org>", "To": "dev@openvswitch.org", "Date": "Thu, 31 Aug 2017 13:04:10 -0700", "Message-Id": "<1504209851-28202-1-git-send-email-jpettit@ovn.org>", "X-Mailer": "git-send-email 2.7.4", "X-Spam-Status": "No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW\n\tautolearn=disabled version=3.3.1", "X-Spam-Checker-Version": "SpamAssassin 3.3.1 (2010-03-16) on\n\tsmtp1.linux-foundation.org", "Subject": "[ovs-dev] [branch-2.8 1/2] Revert \"ofproto-dpif: Mark packets as\n\t\"untracked\" after call to ct().\"", "X-BeenThere": "ovs-dev@openvswitch.org", "X-Mailman-Version": "2.1.12", "Precedence": "list", "List-Id": "<ovs-dev.openvswitch.org>", "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>", "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>", "List-Post": "<mailto:ovs-dev@openvswitch.org>", "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>", "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "ovs-dev-bounces@openvswitch.org", "Errors-To": "ovs-dev-bounces@openvswitch.org" }, "content": "This reverts commit 8473cf69d25c4682cc6f6857b86b490a8c27cbd4.\n\nThis commit introduced a change in the conntrack API. This affected\nsome existing applications, so we will delay introducing the change\nuntil the next major release.\n\nSigned-off-by: Justin Pettit <jpettit@ovn.org>\nRequested-by: Flavio Leitner <fbl@sysclose.org>\n---\n NEWS | 4 ----\n lib/ofp-actions.c | 27 ++++++++++++++-------------\n ofproto/ofproto-dpif-xlate.c | 21 ++++++++++++++-------\n tests/ofproto-dpif.at | 10 +++++-----\n tests/system-traffic.at | 4 ++--\n utilities/ovs-ofctl.8.in | 10 ++++------\n 6 files changed, 39 insertions(+), 37 deletions(-)", "diff": "diff --git a/NEWS b/NEWS\nindex 8e6fb79d38ca..ecb32c4df80c 100644\n--- a/NEWS\n+++ b/NEWS\n@@ -74,10 +74,6 @@ v2.8.0 - xx xxx xxxx\n Used generic encap and decap actions to implement encapsulation and\n decapsulation of NSH header.\n IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/\n- * Conntrack state is only available to the processing path that\n- follows the \"recirc_table\" argument of the ct() action. Starting\n- in OVS 2.8, this state is now cleared for the current processing\n- path whenever ct() is called.\n - Fedora Packaging:\n * OVN services are no longer restarted automatically after upgrade.\n * ovs-vswitchd and ovsdb-server run as non-root users by default.\ndiff --git a/lib/ofp-actions.c b/lib/ofp-actions.c\nindex 71eb70c3c239..bfc8a805ffd5 100644\n--- a/lib/ofp-actions.c\n+++ b/lib/ofp-actions.c\n@@ -5858,19 +5858,20 @@ format_DEBUG_RECIRC(const struct ofpact_null *a OVS_UNUSED,\n *\n * - Packet State:\n *\n- * Untracked packets have an unknown connection state. In most\n- * cases, packets entering the OpenFlow pipeline will initially be\n- * in the untracked state. Untracked packets may become tracked by\n- * executing NXAST_CT with a \"recirc_table\" specified. This makes\n- * various aspects about the connection available, in particular\n- * the connection state.\n- *\n- * An NXAST_CT action always puts the packet into an untracked\n- * state for the current processing path. If \"recirc_table\" is\n- * set, execution is forked and the packet passes through the\n- * connection tracker. The specified table's processing path is\n- * able to match on Connection state until the end of the OpenFlow\n- * pipeline or NXAST_CT is called again.\n+ * Untracked packets have not yet passed through the connection tracker,\n+ * and the connection state for such packets is unknown. In most cases,\n+ * packets entering the OpenFlow pipeline will initially be in the\n+ * untracked state. Untracked packets may become tracked by executing\n+ * NXAST_CT with a \"recirc_table\" specified. This makes various aspects\n+ * about the connection available, in particular the connection state.\n+ *\n+ * Tracked packets have previously passed through the connection tracker.\n+ * These packets will remain tracked through until the end of the OpenFlow\n+ * pipeline. Tracked packets which have NXAST_CT executed with a\n+ * \"recirc_table\" specified will return to the tracked state.\n+ *\n+ * The packet state is only significant for the duration of packet\n+ * processing within the OpenFlow pipeline.\n *\n * - Connection State:\n *\ndiff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c\nindex 9e1f837cb23e..973e760547fa 100644\n--- a/ofproto/ofproto-dpif-xlate.c\n+++ b/ofproto/ofproto-dpif-xlate.c\n@@ -5721,7 +5721,9 @@ put_ct_nat(struct xlate_ctx *ctx)\n static void\n compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)\n {\n+ ovs_u128 old_ct_label = ctx->xin->flow.ct_label;\n ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;\n+ uint32_t old_ct_mark = ctx->xin->flow.ct_mark;\n uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;\n size_t ct_offset;\n uint16_t zone;\n@@ -5733,7 +5735,7 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)\n /* Process nested actions first, to populate the key. */\n ctx->ct_nat_action = NULL;\n ctx->wc->masks.ct_mark = 0;\n- ctx->wc->masks.ct_label = OVS_U128_ZERO;\n+ ctx->wc->masks.ct_label.u64.hi = ctx->wc->masks.ct_label.u64.lo = 0;\n do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx);\n \n if (ofc->zone_src.field) {\n@@ -5759,18 +5761,23 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)\n ctx->ct_nat_action = NULL;\n nl_msg_end_nested(ctx->odp_actions, ct_offset);\n \n+ /* Restore the original ct fields in the key. These should only be exposed\n+ * after recirculation to another table. */\n+ ctx->xin->flow.ct_mark = old_ct_mark;\n ctx->wc->masks.ct_mark = old_ct_mark_mask;\n+ ctx->xin->flow.ct_label = old_ct_label;\n ctx->wc->masks.ct_label = old_ct_label_mask;\n \n- if (ofc->recirc_table != NX_CT_RECIRC_NONE) {\n+ if (ofc->recirc_table == NX_CT_RECIRC_NONE) {\n+ /* If we do not recirculate as part of this action, hide the results of\n+ * connection tracking from subsequent recirculations. */\n+ ctx->conntracked = false;\n+ } else {\n+ /* Use ct_* fields from datapath during recirculation upcall. */\n ctx->conntracked = true;\n compose_recirculate_and_fork(ctx, ofc->recirc_table);\n+ ctx->conntracked = false;\n }\n-\n- /* The ct_* fields are only available in the scope of the 'recirc_table'\n- * call chain. */\n- flow_clear_conntrack(&ctx->xin->flow);\n- ctx->conntracked = false;\n }\n \n static void\ndiff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at\nindex 28a7e827cac2..284a65ec6524 100644\n--- a/tests/ofproto-dpif.at\n+++ b/tests/ofproto-dpif.at\n@@ -8949,7 +8949,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl exit])\n \n dnl Check this output. We only see the latter two packets, not the first.\n AT_CHECK([cat ofctl_monitor.log], [0], [dnl\n-NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action) data_len=42 (unbuffered)\n+NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 ct_state=new|trk,ct_zone=1,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2 udp_csum:e9d6\n dnl\n NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 ct_state=est|rpl|trk,ct_zone=1,ct_mark=0x1,ct_label=0x4d2000000000000000000000000,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x2,reg4=0x1,in_port=2 (via action) data_len=42 (unbuffered)\n@@ -8970,7 +8970,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl exit])\n \n dnl Check this output. We should see both packets\n AT_CHECK([cat ofctl_monitor.log], [0], [dnl\n-NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action) data_len=42 (unbuffered)\n+NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 ct_state=new|trk,ct_zone=1,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x1,reg4=0x1,in_port=1 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=3,tp_dst=2 udp_csum:e9d4\n dnl\n NXT_PACKET_IN (xid=0x0): table_id=6 cookie=0x0 total_len=42 ct_state=est|rpl|trk,ct_zone=1,ct_mark=0x1,ct_label=0x4d2000000000000000000000000,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=2,reg0=0x1,reg1=0x4d2,reg2=0x1,reg3=0x2,reg4=0x1,in_port=2 (via action) data_len=42 (unbuffered)\n@@ -9025,7 +9025,7 @@ AT_CHECK([cat ofctl_monitor.log], [0], [dnl\n NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 in_port=1 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2 udp_csum:e9d6\n dnl\n-NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 in_port=2 (via action) data_len=42 (unbuffered)\n+NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=2 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=2,tp_dst=1 udp_csum:e9d6\n ])\n \n@@ -9047,7 +9047,7 @@ AT_CHECK([cat ofctl_monitor.log], [0], [dnl\n NXT_PACKET_IN (xid=0x0): cookie=0x0 total_len=42 in_port=1 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=3,tp_dst=4 udp_csum:e9d2\n dnl\n-NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 in_port=2 (via action) data_len=42 (unbuffered)\n+NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=3,ct_tp_dst=4,in_port=2 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=4,tp_dst=3 udp_csum:e9d2\n ])\n \n@@ -9362,7 +9362,7 @@ OVS_WAIT_UNTIL([ovs-appctl -t ovs-ofctl exit])\n \n dnl Check this output. We only see the latter two packets, not the first.\n AT_CHECK([cat ofctl_monitor.log], [0], [dnl\n-NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 in_port=1 (via action) data_len=42 (unbuffered)\n+NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 ct_state=new|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=1 (via action) data_len=42 (unbuffered)\n udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=1,tp_dst=2 udp_csum:e9d6\n dnl\n NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=42 ct_state=est|rpl|trk,ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=17,ct_tp_src=1,ct_tp_dst=2,in_port=2 (via action) data_len=42 (unbuffered)\ndiff --git a/tests/system-traffic.at b/tests/system-traffic.at\nindex 522eaa615834..798dd2cbd2c2 100644\n--- a/tests/system-traffic.at\n+++ b/tests/system-traffic.at\n@@ -2287,7 +2287,7 @@ dnl Ingress pipeline\n dnl - Allow all connections from LOCAL port (commit and proceed to egress)\n dnl - All other connections go through conntracker using the input port as\n dnl a connection tracking zone.\n-table=1,priority=150,in_port=LOCAL,ip,ct_state=+trk+new,action=ct(commit,table=2,zone=OXM_OF_IN_PORT[[0..15]])\n+table=1,priority=150,in_port=LOCAL,ip,ct_state=+trk+new,action=ct(commit,zone=OXM_OF_IN_PORT[[0..15]]),goto_table:2\n table=1,priority=100,ip,action=ct(table=2,zone=OXM_OF_IN_PORT[[0..15]])\n table=1,priority=1,action=drop\n \n@@ -2295,7 +2295,7 @@ dnl Egress pipeline\n dnl - Allow all connections from LOCAL port (commit and skip to output)\n dnl - Allow other established connections to go through conntracker using\n dnl output port as a connection tracking zone.\n-table=2,priority=150,in_port=LOCAL,ip,ct_state=+trk+new,action=ct(commit,table=4,zone=NXM_NX_REG0[[0..15]])\n+table=2,priority=150,in_port=LOCAL,ip,ct_state=+trk+new,action=ct(commit,zone=NXM_NX_REG0[[0..15]]),goto_table:4\n table=2,priority=100,ip,ct_state=+trk+est,action=ct(table=3,zone=NXM_NX_REG0[[0..15]])\n table=2,priority=1,action=drop\n \ndiff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in\nindex c65de97f5e2e..f6bd90374a18 100644\n--- a/utilities/ovs-ofctl.8.in\n+++ b/utilities/ovs-ofctl.8.in\n@@ -1031,13 +1031,11 @@ Restores the queue to the value it was before any \\fBset_queue\\fR\n actions were applied.\n .\n .IP \\fBct\\fR\n-.IQ \\fBct(\\fR[\\fIargument\\fR][\\fB,\\fIargument\\fR...]\\fB)\n+.IQ \\fBct\\fB(\\fR[\\fIargument\\fR][\\fB,\\fIargument\\fR...]\\fB)\n Send the packet through the connection tracker. Refer to the \\fBct_state\\fR\n-documentation above for possible packet and connection states. A \\fBct\\fR\n-action always sets the packet to an untracked state and clears out the\n-\\fBct_state\\fR fields for the current processing path. Those fields are\n-only available for the processing path pointed to by the \\fBtable\\fR\n-argument. The following arguments are supported:\n+documentation above for possible packet and connection states. The following\n+arguments are supported:\n+\n .RS\n .IP \\fBcommit\\fR\n .RS\n", "prefixes": [ "ovs-dev", "branch-2.8", "1/2" ] }