git.baikalelectronics.ru Git - kernel.git/commit

author	Aaron Conole <aconole@redhat.com>
	Fri, 18 Mar 2022 12:43:19 +0000 (08:43 -0400)
committer	Jakub Kicinski <kuba@kernel.org>
	Tue, 22 Mar 2022 05:29:10 +0000 (22:29 -0700)
commit	a0501704b2ca1a00daaa02ea8d4678ac4f76872e
tree	88c003c460c70e52093cd3e8a631ae0ad620a5e8	tree \| snapshot
parent	2ade22ebf561b70d0d6d59be8900164937441409	commit \| diff

openvswitch: always update flow key after nat

During NAT, a tuple collision may occur.  When this happens, openvswitch
will make a second pass through NAT which will perform additional packet
modification.  This will update the skb data, but not the flow key that
OVS uses.  This means that future flow lookups, and packet matches will
have incorrect data.  This has been supported since
139175a753dd ("openvswitch: support asymmetric conntrack").

That commit failed to properly update the sw_flow_key attributes, since
it only called the ovs_ct_nat_update_key once, rather than each time
ovs_ct_nat_execute was called.  As these two operations are linked, the
ovs_ct_nat_execute() function should always make sure that the
sw_flow_key is updated after a successful call through NAT infrastructure.

Fixes: 139175a753dd ("openvswitch: support asymmetric conntrack")
Cc: Dumitru Ceara <dceara@redhat.com>
Cc: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Link: https://lore.kernel.org/r/20220318124319.3056455-1-aconole@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>