]> git.proxmox.com Git - ovs.git/commitdiff
projects / ovs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02290df)
netdev-offload-tc: Reject rules with unsupported ct_state flags.
authorwenxu <wenxu@ucloud.cn>
Thu, 4 Feb 2021 02:50:14 +0000 (10:50 +0800)
committerIlya Maximets <i.maximets@ovn.org>
Thu, 4 Feb 2021 17:39:53 +0000 (18:39 +0100)
TC flower doesn't support some ct state flags such as
INVALID/SNAT/DNAT/REPLY. So it is better to reject this rule.

Fixes: 576126a931cd ("netdev-offload-tc: Add conntrack support")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Reviewed-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
lib/netdev-offload-tc.c patch | blob | blame | history

diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c
index 717a987d14d87d25fb20cd3a9dae481c72b16f8c..72b791505291fd5be640d73fac414314aadf179f 100644 (file)
--- a/lib/netdev-offload-tc.c
+++ b/lib/netdev-offload-tc.c
@@ -1656,6 +1656,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match,
                 flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
             }
             flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_NEW;
+            mask->ct_state &= ~OVS_CS_F_NEW;
         }
 
         if (mask->ct_state & OVS_CS_F_ESTABLISHED) {
@@ -1663,6 +1664,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match,
                 flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
             }
             flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
+            mask->ct_state &= ~OVS_CS_F_ESTABLISHED;
         }
 
         if (mask->ct_state & OVS_CS_F_TRACKED) {
@@ -1670,14 +1672,13 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match,
                 flower.key.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
             }
             flower.mask.ct_state |= TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
+            mask->ct_state &= ~OVS_CS_F_TRACKED;
         }
 
         if (flower.key.ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED) {
             flower.key.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
             flower.mask.ct_state &= ~(TCA_FLOWER_KEY_CT_FLAGS_NEW);
         }
-
-        mask->ct_state = 0;
     }
 
     if (mask->ct_zone) {
openvswitch packages for PVE