Public bug reported:
SRU Justification:
ct conns were not offloaded if tc filter has ct commit action.
* Explain the bug(s)
Currently established connections are not offloaded if the filter has a
"ct commit" action. This behavior will not offload connections of the
following scenario:
$ tc_filter add dev $DEV ingress protocol ip prio 1 flower \
ct_state -trk \
action ct commit action goto chain 1
$ tc_filter add dev $DEV ingress protocol ip chain 1 prio 1 flower \
action mirred egress redirect dev $DEV2
$ tc_filter add dev $DEV2 ingress protocol ip prio 1 flower \
action ct commit action goto chain 1
$ tc_filter add dev $DEV2 ingress protocol ip prio 1 chain 1 flower \
ct_state +trk+est \
action mirred egress redirect dev $DEV
Offload established connections, regardless of the commit flag.
* brief explanation of fixes
don't skip processing ct conns if ct commit action exists.
* How to test
Add ct commit action to the tc filters, which is not +trk+new which is not
offloaded anyway.
Can use the example explained above.
Run traffic and check if offloaded or not.
* What it could break.
Offloading of ct conns depending on how user set the rules in tc and/or ovs.
If the ct commit action exists in tc filter that is offloaded, then established
ct conns will not be offloaded.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1929459
Title:
CT: Offload connections with commit action
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1929459/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
