On 22 April 2016 at 08:37, Ben Pfaff <b...@ovn.org> wrote:
> On Fri, Apr 15, 2016 at 11:36:04AM -0700, Joe Stringer wrote:
>> When translating multiple ct actions in a row which include modification
>> of ct_mark or ct_labels, these fields could be incorrectly translated
>> into datapath actions, resulting in modification of these fields for
>> entries when the OpenFlow rules didn't actually specify the change.
>>
>> For instance, the following OpenFlow actions:
>> ct(zone=1,commit,exec(set_field(1->ct_mark))),ct(zone=2,table=1),...
>>
>> Would translate into the datapath actions:
>> ct(zone=1,commit,mark=1),ct(zone=2,mark=1),recirc(...),...
>>
>> This commit fixes the issue by zeroing the wildcards for these fields
>> prior to performing nested actions translation (and restoring
>> afterwards). As such, these fields do not hold both the match and the
>> field modification values at the same time. As a result, the ct_mark and
>> ct_labels don't leak from one ct action to the next.
>>
>> Fixes: 8e53fe8cf7a1 ("Add connection tracking mark support.")
>> Fixes: 9daf23484fb1 ("Add connection tracking label support.")
>> Signed-off-by: Joe Stringer <j...@ovn.org>
>
> I looked this over carefully and did not spot any problems. Thank you!
>
> Acked-by: Ben Pfaff <b...@ovn.org>
Thanks, I applied this patch to master and branch-2.5.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
