git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Aaron Conole <aconole@redhat.com>
	Fri, 18 Mar 2022 12:43:19 +0000 (08:43 -0400)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 27 Apr 2022 09:58:00 +0000 (11:58 +0200)
commit	21f30dedb2a3e5554d16518370c4516319910ab6
tree	76a1dd8b4b3d59ea51d927b68fae38e041d7469e	tree
parent	ee1b9c60bff370284d350ac486e09af48eec42dc	commit \| diff

openvswitch: always update flow key after nat

BugLink: https://bugs.launchpad.net/bugs/1969110
[ Upstream commit 60b44ca6bd7518dd38fa2719bc9240378b6172c3 ]

During NAT, a tuple collision may occur.  When this happens, openvswitch
will make a second pass through NAT which will perform additional packet
modification.  This will update the skb data, but not the flow key that
OVS uses.  This means that future flow lookups, and packet matches will
have incorrect data.  This has been supported since
5d50aa83e2c8 ("openvswitch: support asymmetric conntrack").

That commit failed to properly update the sw_flow_key attributes, since
it only called the ovs_ct_nat_update_key once, rather than each time
ovs_ct_nat_execute was called.  As these two operations are linked, the
ovs_ct_nat_execute() function should always make sure that the
sw_flow_key is updated after a successful call through NAT infrastructure.

Fixes: 5d50aa83e2c8 ("openvswitch: support asymmetric conntrack")
Cc: Dumitru Ceara <dceara@redhat.com>
Cc: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Link: https://lore.kernel.org/r/20220318124319.3056455-1-aconole@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 894347d4d29bcdaa4ed3e817cf4dd88fafb48e9c)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>