On 5 February 2017 at 14:28, David Miller <da...@davemloft.net> wrote: > From: Jarno Rajahalme <ja...@ovn.org> > Date: Thu, 2 Feb 2017 17:10:00 -0800 > >> This does not match either of the conntrack tuples above. Normally >> this does not matter, as the conntrack lookup was already done using >> the tuple (B,A), but if the current packet does not match any flow in >> the OVS datapath, the packet is sent to userspace via an upcall, >> during which the packet's skb is freed, and the conntrack entry >> pointer in the skb is lost. > > This is the real bug. > > If the metadata for a packet is important, as it obviously is here, > then upcalls should preserve that metadata across the upcall. This > is exactly how NF_QUEUE handles this problem and so should OVS.
Looks like the patch #5 provides this preservation across upcall, so this patch can be converted to use the key->ct.orig_* from that patch instead of doing the invert.
