From 0506efbd0a310d769594701a34e2c05657c93729 Mon Sep 17 00:00:00 2001 From: Wilson Peng Date: Thu, 20 Jan 2022 08:32:20 +0800 Subject: datapath-windows: Pickup Ct tuple as CT lookup key in function OvsCtSetupLookupCtx CT marks which are loaded in non-first commit will be lost in ovs-windows.In linux OVS, the CT mark setting with same flow could be set successfully. Currenlty Ovs-windows will create one new CT with the flowKey(Extracted from the packet itself) If the packet is already done DNAT action after the 1st round flow processing. So the ct-mark Set on previous Conntrack will be lost.In the fix, it will make use of CT tuple src/dst address stored in the flowKey if the value is not zero and zone in the flowKey is same as the input zone. In the fix, it is also to adjust function OvsProcessDeferredActions to make it clear. //DNAT flow cookie=0x1040000000000, duration=950.326s, table=EndpointDNAT, n_packets=0, n_bytes=0, priority=200,tcp,reg3=0xc0a8fa2b,reg4=0x20050/0x7ffff actions=ct(commit,table=AntreaPolicyEgressRule,zone=65520,nat(dst=192.168.250.43:80),exec(load:0x1->NXM_NX_CT_MARK[2]) // Append ct_mark flow cookie=0x1000000000000, duration=11980.701s, table=SNATConntrackCommit, n_packets=6, n_bytes=396, priority=200,ct_state=+new+trk,ip,reg0=0x2 00/0x200,reg4=0/0xc00000 actions=load:0x3->NXM_NX_REG4[22..23],ct(commit,table=SNATConntrackCommit,zone=65520,exec(load:0x1->NXM_NX_CT_MARK[4 ],load:0x1->NXM_NX_CT_MARK[5])) // SNAT flow cookie=0x1000000000000, duration=11980.701s, table=SNATConntrackCommit, n_packets=6, n_bytes=396, priority=200,ct_state=+new+trk,ip,reg0=0x6 00/0x600,reg4=0xc00000/0xc00000 actions=ct(commit,table=L2Forwarding,zone=65521,nat(src=192.168.250.1),exec(load:0x1->NXM_NX_CT_MARK[2])) Reported-at:https://github.com/openvswitch/ovs-issues/issues/237 Signed-off-by: Wilson Peng Signed-off-by: Alin-Gabriel Serdean --- datapath-windows/ovsext/Recirc.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'datapath-windows/ovsext/Recirc.h') diff --git a/datapath-windows/ovsext/Recirc.h b/datapath-windows/ovsext/Recirc.h index 74130a460..b2d02a65c 100644 --- a/datapath-windows/ovsext/Recirc.h +++ b/datapath-windows/ovsext/Recirc.h @@ -41,8 +41,7 @@ NDIS_STATUS OvsProcessDeferredActions(POVS_SWITCH_CONTEXT switchContext, OvsCompletionList *completionList, UINT32 portNo, - ULONG sendFlags, - OVS_PACKET_HDR_INFO *layers); + ULONG sendFlags); /* * -------------------------------------------------------------------------- -- cgit v1.2.1