Re: Bug fix for "openvswitch-datapath-dkms: packet don't pass in postrouting iptables table"

Thomas Goirand Sat, 29 Jun 2013 09:59:55 -0700

On 06/29/2013 06:43 PM, Adam D. Barratt wrote:
> On Tue, 2013-06-25 at 22:19 +0800, Thomas Goirand wrote:
>> Mehdi found out the upstream bug fix for this, and I incorporated it as
>> a patch for the Wheezy version. The patch applied cleanly, and we have
>> tested it, it really fixes the bug as we expected. We now use the
>> attached patch in production.
> [...]
>> To the release team: would you accept such bug fix? I believe the fix is
>> rather small, but it is really important for us that it's applied in
>> Wheezy: this is the cause of major problems using OpenVSwitch with
>> OpenStack.
> 
> Please add an appropriate Closes: to the changelog and use 1.4.2
> +git20120612-9.1~deb7u1 as the version for an upload targetted at
> "wheezy".


Hi Adam,

Thanks for accepting this bugfix and your quick reply.

The "Closes:" is obvious and I was about to do it, though I'm a bit
surprised by the version number scheme. I was expecting that you asked
me to upload 1.4.2+git20120612-9+squeeze1 (which would have also work as
it would be lower than 1.4.2+git20120612-9.1, I checked with dpkg
--compare-versions). Could you explain why using ~deb7u1 in this case,
just for my knowledge?

I have built the package in a clean chroot (my usual wheezy cowbuilder
machine), and uploaded the result here:

http://archive.gplhost.com/debian/pool/grizzly-backports/main/o/openvswitch/

I have attached the debdiff. Can I upload this now?

Cheers,

Thomas

diff -Nru openvswitch-1.4.2+git20120612/debian/changelog 
openvswitch-1.4.2+git20120612/debian/changelog
--- openvswitch-1.4.2+git20120612/debian/changelog      2012-08-06 
23:59:19.000000000 +0000
+++ openvswitch-1.4.2+git20120612/debian/changelog      2013-06-29 
16:34:39.000000000 +0000
@@ -1,3 +1,11 @@
+openvswitch (1.4.2+git20120612-9.1~deb7u1) wheezy-proposed-updates; urgency=low
+
+  * Non-maintainer upload, with previous approval from Ben Pfaff.
+  * Adds datapath patch: Reset upper layer protocol info on internal devices
+    (Closes: #714080).
+
+ -- Thomas Goirand <z...@debian.org>  Tue, 25 Jun 2013 09:52:45 +0000
+
 openvswitch (1.4.2+git20120612-9) unstable; urgency=low
 
   * Apply bug-684057-ovs-ctl-Add-support-for-newer-module-name.patch to
diff -Nru 
openvswitch-1.4.2+git20120612/debian/patches/datapath_Reset_upper_layer_protocol_info_on_internal_devices.patch
 
openvswitch-1.4.2+git20120612/debian/patches/datapath_Reset_upper_layer_protocol_info_on_internal_devices.patch
--- 
openvswitch-1.4.2+git20120612/debian/patches/datapath_Reset_upper_layer_protocol_info_on_internal_devices.patch
     1970-01-01 00:00:00.000000000 +0000
+++ 
openvswitch-1.4.2+git20120612/debian/patches/datapath_Reset_upper_layer_protocol_info_on_internal_devices.patch
     2013-06-25 18:28:32.000000000 +0000
@@ -0,0 +1,42 @@
+Description: datapath: Reset upper layer protocol info on internal devices.
+ It's possible that packets that are sent on internal devices (from
+ the OVS perspective) have already traversed the local IP stack.
+ After they go through the internal device, they will again travel
+ through the IP stack which may get confused by the presence of
+ existing information in the skb. The problem can be observed
+ when switching between namespaces. This clears out that information
+ to avoid problems but deliberately leaves other metadata alone.
+ This is to provide maximum flexibility in chaining together OVS
+ and other Linux components.
+Author: Jesse Gross <je...@nicira.com>
+Origin: upstream, 
http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=6467e95332be63d83610a794a42c85bda387ab07;hp=196ba341736b273c1ddf15e2545beec623d95bbd
+Date: Thu, 17 May 2012 18:43:15 +0000 (-0700)
+Signed-off-by: Jesse Gross <je...@nicira.com>
+Acked-by: Ben Pfaff <b...@nicira.com>
+
+diff --git a/datapath/vport-internal_dev.c b/datapath/vport-internal_dev.c
+index c56f3b2..165eef3 100644
+--- a/datapath/vport-internal_dev.c
++++ b/datapath/vport-internal_dev.c
+@@ -25,6 +25,9 @@
+ #include <linux/skbuff.h>
+ #include <linux/version.h>
+ 
++#include <net/dst.h>
++#include <net/xfrm.h>
++
+ #include "checksum.h"
+ #include "datapath.h"
+ #include "vlan.h"
+@@ -281,6 +284,11 @@ static int internal_dev_recv(struct vport *vport, struct 
sk_buff *skb)
+ #endif
+ 
+       len = skb->len;
++
++      skb_dst_drop(skb);
++      nf_reset(skb);
++      secpath_reset(skb);
++
+       skb->dev = netdev;
+       skb->pkt_type = PACKET_HOST;
+       skb->protocol = eth_type_trans(skb, netdev);
diff -Nru openvswitch-1.4.2+git20120612/debian/patches/series 
openvswitch-1.4.2+git20120612/debian/patches/series
--- openvswitch-1.4.2+git20120612/debian/patches/series 2012-08-07 
02:16:37.000000000 +0000
+++ openvswitch-1.4.2+git20120612/debian/patches/series 2013-06-25 
18:28:32.000000000 +0000
@@ -16,3 +16,5 @@
 
 bug-684057-ovs-ctl-Add-support-for-newer-module-name.patch
 debian-changes-1.4.2+git20120612-9
+
+datapath_Reset_upper_layer_protocol_info_on_internal_devices.patch

Re: Bug fix for "openvswitch-datapath-dkms: packet don't pass in postrouting iptables table"

Reply via email to