]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit
projects / mirror_ubuntu-jammy-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f8f3db) | patch
net: openvswitch: fix misuse of the cached connection on tuple changes
authorIlya Maximets <i.maximets@ovn.org>
Wed, 6 Jul 2022 12:36:00 +0000 (14:36 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Tue, 12 Jul 2022 08:34:37 +0000 (10:34 +0200)
commita4c41688f1885df8b6d229b05e3bf25f17d0b38a
tree72199aee9c8355863001092b1c72f63187591a54tree
parent6f8f3db744742e249fe3cb8dd4b6976b3ffb744ecommit | diff
net: openvswitch: fix misuse of the cached connection on tuple changes

BugLink: https://launchpad.net/bugs/1967856
commit 2061ecfdf2350994e5b61c43e50e98a7a70e95ee upstream.

If packet headers changed, the cached nfct is no longer relevant
for the packet and attempt to re-use it leads to the incorrect packet
classification.

This issue is causing broken connectivity in OpenStack deployments
with OVS/OVN due to hairpin traffic being unexpectedly dropped.

The setup has datapath flows with several conntrack actions and tuple
changes between them:

  actions:ct(commit,zone=8,mark=0/0x1,nat(src)),
          set(eth(src=00:00:00:00:00:01,dst=00:00:00:00:00:06)),
          set(ipv4(src=172.18.2.10,dst=192.168.100.6,ttl=62)),
          ct(zone=8),recirc(0x4)

After the first ct() action the packet headers are almost fully
re-written.  The next ct() tries to re-use the existing nfct entry
and marks the packet as invalid, so it gets dropped later in the
pipeline.

Clearing the cached conntrack entry whenever packet tuple is changed
to avoid the issue.

The flow key should not be cleared though, because we should still
be able to match on the ct_state if the recirculation happens after
the tuple change but before the next ct() action.

Cc: stable@vger.kernel.org
Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
Reported-by: Frode Nordahl <frode.nordahl@canonical.com>
Link: https://mail.openvswitch.org/pipermail/ovs-discuss/2022-May/051829.html
Link: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Link: https://lore.kernel.org/r/20220606221140.488984-1-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit cba7c76ea1e15fddb95706eb64659644a6a02b38 5.15.y)
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
net/openvswitch/actions.c diff | blob | blame | history
net/openvswitch/conntrack.c diff | blob | blame | history
Ubuntu Jammy Linux kernel mirror