DragonFlow

SG flows couldn't let the first packet of a related connection pass

Bug #1586369 reported by yuan wei on 2016-05-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	DragonFlow	Fix Released	High	yuan wei

Bug Description

in current implement, SG flows don't match packets with both new and rel CT flag, so the first packet of a related connection will be droped.

take egress direction flow as a example:

current flow: table=6, priority=65534, ct_state=-new-est+rel-inv+trk actions=resubmit(,9)

should add flow: table=6, priority=65534, ct_state=+new-est+rel-inv+trk actions=ct(commit,table=9,zone=NXM_NX_CT_ZONE[])

Tags:

Revision history for this message

yuan wei (wei-yuan) wrote on 2016-05-27:

should also take packets with both rel and est CT flag into count. besides adding the flow, the current flow's match should also change to "ct_state=-new+rel-inv+trk"

yuan wei (wei-yuan) on 2016-05-30

Changed in dragonflow:
assignee:	nobody → yuan wei (wei-yuan)
status:	New → In Progress

Li Ma (nick-ma-z) on 2016-05-31

Changed in dragonflow:
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-31: Fix merged to dragonflow (master)

Reviewed: https://review.openstack.org/322393
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=231633a652786f4b0668da0958141e129f777a25
Submitter: Jenkins
Branch: master

commit 231633a652786f4b0668da0958141e129f777a25
Author: yuanwei <email address hidden>
Date: Sat May 28 14:35:44 2016 +0800

Modify SG flows which let packets of relative connections pass

    In current implement, SG flows don't match packets with both new
    and rel CT flag, or packets with both est and rel CT flag, so
    those packets will be dropped. This patch will fix this problem.

Change-Id: I5b725742bacc48a7d9e5597fcc1f67e786ee5c0d
Closes-Bug: #1586369

Changed in dragonflow:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-09: Fix proposed to dragonflow (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/327542

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-09: Fix merged to dragonflow (stable/mitaka)

Reviewed: https://review.openstack.org/327542
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=232722dfa3f3795c9add4648f987128b93a7fb8f
Submitter: Jenkins
Branch: stable/mitaka

commit 232722dfa3f3795c9add4648f987128b93a7fb8f
Author: yuanwei <email address hidden>
Date: Sat May 28 14:35:44 2016 +0800

Modify SG flows which let packets of relative connections pass

    In current implement, SG flows don't match packets with both new
    and rel CT flag, or packets with both est and rel CT flag, so
    those packets will be dropped. This patch will fix this problem.

    Change-Id: I5b725742bacc48a7d9e5597fcc1f67e786ee5c0d
    Closes-Bug: #1586369
    (cherry picked from commit 231633a652786f4b0668da0958141e129f777a25)

tags:

added: in-stable-mitaka

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.