diff options
| author | Justin Pettit <jpettit@ovn.org> | 2017-08-07 14:44:02 -0700 |
|---|---|---|
| committer | Justin Pettit <jpettit@ovn.org> | 2017-08-21 12:44:10 -0700 |
| commit | f6fabcc62458d656046c9852ee80fcff3e516e6e (patch) | |
| tree | 0f7cae9473fee56236009a99f30b2575bc632f7b /ofproto | |
| parent | 3f9e248f6ea57b1b32c35f6e1803c4cadd557220 (diff) | |
| download | openvswitch-f6fabcc62458d656046c9852ee80fcff3e516e6e.tar.gz | |
ofproto-dpif: Mark packets as "untracked" after call to ct().
Packet and Connection state is only available to the processing path
that follows the "recirc_table" argument of the ct() action. The
previous behavior made these states available until the end of the
pipeline. This commit changes the behavior so that the Packet and
Connection state are cleared for the current processing path whenever
ct() is called (in addition to reaching the end of the pipeline.)
A future commit will remove the behavior that a "send to controller"
action causes all packets for that flow to be handled via the slow-path.
The current behavior of connection tracking state makes that difficult
due to datapath actions containing multiple OpenFlow rules that may
contain different connection tracking states. This change will make
that future commit possible.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Diffstat (limited to 'ofproto')
| -rw-r--r-- | ofproto/ofproto-dpif-xlate.c | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 973e76054..9e1f837cb 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -5721,9 +5721,7 @@ put_ct_nat(struct xlate_ctx *ctx) static void compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc) { - ovs_u128 old_ct_label = ctx->xin->flow.ct_label; ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label; - uint32_t old_ct_mark = ctx->xin->flow.ct_mark; uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark; size_t ct_offset; uint16_t zone; @@ -5735,7 +5733,7 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc) /* Process nested actions first, to populate the key. */ ctx->ct_nat_action = NULL; ctx->wc->masks.ct_mark = 0; - ctx->wc->masks.ct_label.u64.hi = ctx->wc->masks.ct_label.u64.lo = 0; + ctx->wc->masks.ct_label = OVS_U128_ZERO; do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx); if (ofc->zone_src.field) { @@ -5761,23 +5759,18 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc) ctx->ct_nat_action = NULL; nl_msg_end_nested(ctx->odp_actions, ct_offset); - /* Restore the original ct fields in the key. These should only be exposed - * after recirculation to another table. */ - ctx->xin->flow.ct_mark = old_ct_mark; ctx->wc->masks.ct_mark = old_ct_mark_mask; - ctx->xin->flow.ct_label = old_ct_label; ctx->wc->masks.ct_label = old_ct_label_mask; - if (ofc->recirc_table == NX_CT_RECIRC_NONE) { - /* If we do not recirculate as part of this action, hide the results of - * connection tracking from subsequent recirculations. */ - ctx->conntracked = false; - } else { - /* Use ct_* fields from datapath during recirculation upcall. */ + if (ofc->recirc_table != NX_CT_RECIRC_NONE) { ctx->conntracked = true; compose_recirculate_and_fork(ctx, ofc->recirc_table); - ctx->conntracked = false; } + + /* The ct_* fields are only available in the scope of the 'recirc_table' + * call chain. */ + flow_clear_conntrack(&ctx->xin->flow); + ctx->conntracked = false; } static void |