Upstream commit:
commit 1c1779fa54b2a9d4e1de990095d790d64b9e00a1
Author: Jarno Rajahalme <[email protected]>
Date: Tue Jun 21 14:59:37 2016 -0700
openvswitch: Set mark and labels before confirming.
Set conntrack mark and labels right before committing so that
the initial conntrack NEW event has the mark and labels.
Signed-off-by: Jarno Rajahalme <[email protected]>
Acked-by: Joe Stringer <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Pravin B Shelar <[email protected]>
---
datapath/conntrack.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 795ed91..1ef6828 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -484,9 +484,6 @@ static int ovs_ct_commit(struct net *net, struct
sw_flow_key *key,
err = __ovs_ct_lookup(net, key, info, skb);
if (err)
return err;
- if (nf_conntrack_confirm(skb) != NF_ACCEPT)
- return -EINVAL;
-
return 0;
}
@@ -528,15 +525,29 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
if (err)
goto err;
+ /* Apply changes before confirming the connection so that the initial
+ * conntrack NEW netlink event carries the values given in the CT
+ * action.
+ */
+
if (info->mark.mask) {
err = ovs_ct_set_mark(skb, key, info->mark.value,
info->mark.mask);
if (err)
goto err;
}
- if (labels_nonzero(&info->labels.mask))
+ if (labels_nonzero(&info->labels.mask)) {
err = ovs_ct_set_labels(skb, key, &info->labels.value,
&info->labels.mask);
+ if (err)
+ goto err;
+ }
+ /* This will take care of sending queued events even if the connection
+ * is already confirmed.
+ */
+ if (info->commit && nf_conntrack_confirm(skb) != NF_ACCEPT)
+ err = -EINVAL;
+
err:
skb_push(skb, nh_ofs);
if (err)
--
1.8.3.1
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
