diff options
| author | Eli Britstein <elibr@nvidia.com> | 2022-07-17 17:42:11 +0300 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-07-25 18:42:53 +0200 |
| commit | 0f639878cbe2dbe516a8827fe34643c3803975d1 (patch) | |
| tree | 7f9a46fbd925d8c47a4d4ab23df51f4a512df3d8 | |
| parent | 8c7f759b19006ca21aedf9863dc84253c24abc9a (diff) | |
| download | openvswitch-0f639878cbe2dbe516a8827fe34643c3803975d1.tar.gz | |
conntrack: Fix conntrack multiple new state.
A connection is established if we see packets from both directions.
The cited commit fixed the issue of sending twice in one direction,
but still an issue if more than that.
Fix it.
Fixes: a867c010ee91 ("conntrack: Fix conntrack new state")
Signed-off-by: Eli Britstein <elibr@nvidia.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
| -rw-r--r-- | lib/conntrack-other.c | 7 | ||||
| -rw-r--r-- | tests/system-traffic.at | 9 |
2 files changed, 13 insertions, 3 deletions
diff --git a/lib/conntrack-other.c b/lib/conntrack-other.c index d3b460185..7f3e63c38 100644 --- a/lib/conntrack-other.c +++ b/lib/conntrack-other.c @@ -48,18 +48,19 @@ other_conn_update(struct conntrack *ct, struct conn *conn_, struct dp_packet *pkt OVS_UNUSED, bool reply, long long now) { struct conn_other *conn = conn_other_cast(conn_); - enum ct_update_res ret = CT_UPDATE_VALID; if (reply && conn->state != OTHERS_BIDIR) { conn->state = OTHERS_BIDIR; } else if (conn->state == OTHERS_FIRST) { conn->state = OTHERS_MULTIPLE; - ret = CT_UPDATE_VALID_NEW; } conn_update_expiration(ct, &conn->up, other_timeouts[conn->state], now); - return ret; + if (conn->state == OTHERS_BIDIR) { + return CT_UPDATE_VALID; + } + return CT_UPDATE_VALID_NEW; } static bool diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 8c2ef930b..70f60db41 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2553,6 +2553,15 @@ NXST_FLOW reply: table=1, priority=100,ct_state=+est+trk,in_port=1 actions=output:2 ]) +dnl Send a 3rd UDP packet on port 1 +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) + +dnl There still should not be any packet that matches the established ct_state. +AT_CHECK([ovs-ofctl dump-flows br0 "table=1 in_port=1,ct_state=+trk+est" | ofctl_strip], [0], [dnl +NXST_FLOW reply: + table=1, priority=100,ct_state=+est+trk,in_port=1 actions=output:2 +]) + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP |