From patchwork Thu Mar 16 12:25:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 739796 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vkSP13N9Fz9rxm for ; Thu, 16 Mar 2017 23:25:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752029AbdCPMZM (ORCPT ); Thu, 16 Mar 2017 08:25:12 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41216 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751531AbdCPMZL (ORCPT ); Thu, 16 Mar 2017 08:25:11 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B78E2C0094C7; Thu, 16 Mar 2017 12:25:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B78E2C0094C7 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=nusiddiq@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B78E2C0094C7 Received: from nusiddiq.blr.redhat.com (dhcp-0-150.blr.redhat.com [10.70.1.150]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1717618B36; Thu, 16 Mar 2017 12:25:07 +0000 (UTC) From: Numan Siddique Subject: [RFC] [net]openvswitch: Clear the ct flow key for the recirculated packet To: netdev@vger.kernel.org, ovs dev Cc: Joe Stringer , Andy Zhou , jarno@ovn.org Organization: Red Hat Message-ID: Date: Thu, 16 Mar 2017 17:55:06 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 16 Mar 2017 12:25:09 +0000 (UTC) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It is possible that the ct flow key information would have gone stale for the packets received from the userspace due to clone or ct_clear actions. In the case of OVN, it adds ping responder flows, which modifies the original icmp4 request packet to a reply packet. It uses the OVS actions - clone and ct_clear. When the reply packet hits the "ovs_ct_execute" function, and since the ct flow key info is not cleared, the connection tracker doesn't set the state to ESTABLISHED state. Note: This patch is marked as RFC, as I am not sure if this is the correct place to address this issue or it should be addressed in ovs-vswitchd to set the OVS_KEY_ATTR_CT_STATE and other related attributes properly for ct_clear action. Signed-off-by: Numan Siddique --- net/openvswitch/flow.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index 9d4bb8e..72b73db 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -836,6 +836,11 @@ int ovs_flow_key_extract_userspace(struct net *net, const struct nlattr *attr, if (err) return err; + /* Clear the ct flow key after key_extract to avoid using + * stale ct key information. + */ + ovs_ct_fill_key(skb, key); + /* Check that we have conntrack original direction tuple metadata only * for packets for which it makes sense. Otherwise the key may be * corrupted due to overlapping key fields.