-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
None
-
5
-
False
-
-
False
-
openvswitch3.5-3.5.0-17.el9fdp
-
rhel-9
-
None
-
rhel-net-ovs-dpdk
-
-
-
ssg_networking
-
OVS/DPDK - FDP-25.C
-
1
-
Important
Noticed while reading the code that userspace conntrack implementation does this:
static struct conn * conn_not_found(...) { if (commit) { struct conn_key_node *fwd_key_node, *rev_key_node; struct zone_limit *zl = zone_limit_lookup_or_default(ct, ctx->key.zone); if (zl && atomic_count_get(&zl->czl.count) >= zl->czl.limit) { return nc; } ... if (zl) { nc->admit_zone = zl->czl.zone; nc->zone_limit_seq = zl->czl.zone_limit_seq; atomic_count_inc(&zl->czl.count); } else { nc->admit_zone = INVALID_ZONE; } }
If zone_limit_lookup_or_default returns a default zone, the new connection will be counted and admitted into that default zone, not in the zone it should be. And the default zone limit will be applied to all connections for which there is no zone configuration in hash map.
Instead each connection should be counted into the zone they are committed to and the default limit should be applied to the number of connection in that specific zone.
- links to
-
RHBA-2025:148409
openvswitch3.5 bug fix and enhancement update
