From patchwork Tue Nov 17 22:00:06 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Russell Bryant <russell@ovn.org>
X-Patchwork-Id: 545782
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (unknown
	[IPv6:2600:3c00::f03c:91ff:fe6e:bdf7])
	by ozlabs.org (Postfix) with ESMTP id 546D414031F
	for <incoming@patchwork.ozlabs.org>;
	Wed, 18 Nov 2015 09:00:19 +1100 (AEDT)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 8CFE11022A;
	Tue, 17 Nov 2015 14:00:17 -0800 (PST)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67])
	by archives.nicira.com (Postfix) with ESMTPS id 37BBB10225
	for <dev@openvswitch.org>; Tue, 17 Nov 2015 14:00:16 -0800 (PST)
Received: from bar2.cudamail.com (unknown [192.168.21.12])
	by mx1e4.cudamail.com (Postfix) with ESMTPS id 6728C1E0158
	for <dev@openvswitch.org>; Tue, 17 Nov 2015 15:00:15 -0700 (MST)
X-ASG-Debug-ID: 1447797614-03dc530880645b60001-byXFYA
Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar2.cudamail.com
	with
	ESMTP id F2AZinCjwfJwEsge (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Tue, 17 Nov 2015 15:00:14 -0700 (MST)
X-Barracuda-Envelope-From: russell@ovn.org
X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1
Received: from unknown (HELO mx1.redhat.com) (209.132.183.28)
	by mx1-pf1.cudamail.com with ESMTPS (DHE-RSA-AES256-SHA encrypted);
	17 Nov 2015 22:00:14 -0000
Received-SPF: neutral (mx1-pf1.cudamail.com: 209.132.183.28 is neither
	permitted nor denied by SPF record at ovn.org)
X-Barracuda-Apparent-Source-IP: 209.132.183.28
X-Barracuda-RBL-IP: 209.132.183.28
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	by mx1.redhat.com (Postfix) with ESMTPS id BF5AE368E3;
	Tue, 17 Nov 2015 22:00:11 +0000 (UTC)
Received: from x1c.redhat.com (ovpn-112-87.phx2.redhat.com [10.3.112.87])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id tAHM07Qc028233; Tue, 17 Nov 2015 17:00:09 -0500
X-CudaMail-Envelope-Sender: russell@ovn.org
From: Russell Bryant <russell@ovn.org>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-E1-1116086581
X-CudaMail-DTE: 111715
X-CudaMail-Originating-IP: 209.132.183.28
Date: Tue, 17 Nov 2015 14:00:06 -0800
X-ASG-Orig-Subj: [##CM-E1-1116086581##][PATCH] ovn: Fix ACLs for child
	logical ports.
Message-Id: <1447797606-1887-1-git-send-email-russell@ovn.org>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
X-Barracuda-Connect: UNKNOWN[192.168.24.1]
X-Barracuda-Start-Time: 1447797614
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [PATCH] ovn: Fix ACLs for child logical ports.
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

The physical input flows for child logical ports (for the
container-in-a-VM use case, for example) did not set a conntrack zone
ID.  The previous code only allocated a zone ID for local VIFs and
missed doing it for child ports.

Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
---
 ovn/controller/binding.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index 7f31b31..89dca98 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -144,7 +144,6 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
         /* We have no integration bridge, therefore no local logical ports.
          * We'll remove our chassis from all port binding records below. */
     }
-    update_ct_zones(&lports, ct_zones, ct_zone_bitmap);
     sset_clone(&all_lports, &lports);
 
     ovsdb_idl_txn_add_comment(
@@ -155,6 +154,9 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
         if (sset_find_and_delete(&lports, binding_rec->logical_port) ||
                 (binding_rec->parent_port && binding_rec->parent_port[0] &&
                  sset_contains(&all_lports, binding_rec->parent_port))) {
+            if (binding_rec->parent_port && binding_rec->parent_port[0]) {
+                sset_add(&all_lports, binding_rec->logical_port);
+            }
             if (binding_rec->chassis == chassis_rec) {
                 continue;
             }
@@ -173,6 +175,9 @@ binding_run(struct controller_ctx *ctx, const struct ovsrec_bridge *br_int,
     SSET_FOR_EACH (name, &lports) {
         VLOG_DBG("No port binding record for lport %s", name);
     }
+
+    update_ct_zones(&all_lports, ct_zones, ct_zone_bitmap);
+
     sset_destroy(&lports);
     sset_destroy(&all_lports);
 }