diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch
index 91bdfab..bf424c5 100644
--- a/SOURCES/openvswitch-3.3.0.patch
+++ b/SOURCES/openvswitch-3.3.0.patch
@@ -654,12 +654,20 @@ index 94f488d183..23c3417a70 100644
  	  touch $@
  endif
 diff --git a/NEWS b/NEWS
-index 8888fb3ec5..f7ac8d2028 100644
+index 8888fb3ec5..f60881f804 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -1,3 +1,24 @@
+@@ -1,3 +1,32 @@
 +v3.3.4 - xx xxx xxxx
 +--------------------
++   - The limit on the number of fields for address prefix tracking in flow
++     tables increased from 3 to 4.  For example, it is now possible to
++     specify both IPv4 and IPv6 address fields at the same time:
++      $ ovs-vsctl set Bridge br0 flow_tables:123=@N -- \
++          --id=@N create Flow_Table \
++                    name=table123 prefixes=nw_dst,nw_src,ipv6_dst,ipv6_src
++     This allows to significantly reduce amount of datapath flows generated
++     from mixed IPv4+IPv6 flow tables, if configured.
 +
 +v3.3.3 - 15 Nov 2024
 +--------------------
@@ -1604,6 +1612,28 @@ index 9af258917b..b8149e7897 100644
                            bfd_diag_str(diag));
              bfd_put_details(&ds, bfd);
              VLOG_INFO("%s", ds_cstr(&ds));
+diff --git a/lib/classifier.h b/lib/classifier.h
+index f55a2cba99..c9cab970ec 100644
+--- a/lib/classifier.h
++++ b/lib/classifier.h
+@@ -170,7 +170,7 @@
+  * value of the "prefix" key is a comma separated list of field names.
+  *
+  * There is a maximum number of fields that can be enabled for any one
+- * flow table.  Currently this limit is 3.
++ * flow table.  Currently this limit is 4.
+  *
+  *
+  * Partitioning (Lookup Time and Wildcard Optimization)
+@@ -328,7 +328,7 @@ struct cls_trie {
+ 
+ enum {
+     CLS_MAX_INDICES = 3,   /* Maximum number of lookup indices per subtable. */
+-    CLS_MAX_TRIES = 3      /* Maximum number of prefix trees per classifier. */
++    CLS_MAX_TRIES = 4,     /* Maximum number of prefix trees per classifier. */
+ };
+ 
+ /* A flow classifier. */
 diff --git a/lib/conntrack.c b/lib/conntrack.c
 index 013709bd62..cf6e2919ba 100644
 --- a/lib/conntrack.c
@@ -5511,6 +5541,21 @@ index f321bae55f..8565a0bae9 100644
 +    *) HAVE_PYTEST=no
 +       echo "$0: unexpected error probing Python unit test requirements" >&2 ;;
  esac
+diff --git a/tests/classifier.at b/tests/classifier.at
+index 93a13f32b1..05e82ea968 100644
+--- a/tests/classifier.at
++++ b/tests/classifier.at
+@@ -180,8 +180,8 @@ Datapath actions: drop
+ ])
+ 
+ AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=ipv6_label], [0])
+-AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src], [1], [],
+-[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src: 4 value(s) specified but the maximum number is 3
++AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_src,tun_dst,tun_src,ipv6_src], [1], [],
++[ovs-vsctl: nw_dst,nw_src,tun_dst,tun_src,ipv6_src: 5 value(s) specified but the maximum number is 4
+ ])
+ AT_CHECK([ovs-vsctl set Flow_Table t0 prefixes=nw_dst,nw_dst], [1], [],
+ [ovs-vsctl: nw_dst,nw_dst: set contains duplicate value
 diff --git a/tests/dpif-netdev.at b/tests/dpif-netdev.at
 index 790b5a43af..c16bdd0326 100644
 --- a/tests/dpif-netdev.at
@@ -7058,7 +7103,7 @@ index 114aaebc77..c0ecad6cfb 100644
 +OVS_TRAFFIC_VSWITCHD_STOP
 +AT_CLEANUP
 diff --git a/tests/system-traffic.at b/tests/system-traffic.at
-index 98e494abf4..518815da61 100644
+index 98e494abf4..80f9ec0dbf 100644
 --- a/tests/system-traffic.at
 +++ b/tests/system-traffic.at
 @@ -253,6 +253,10 @@ priority=0,actions=NORMAL
@@ -7441,20 +7486,7 @@ index 98e494abf4..518815da61 100644
  AT_CLEANUP
  
  AT_SETUP([conntrack - more complex SNAT])
-@@ -6850,6 +6936,12 @@ dnl Checks the implementation of conntrack with FTP ALGs in combination with
- dnl NAT, using the provided flow table.
- m4_define([CHECK_FTP_NAT],
-    [AT_SETUP([conntrack - FTP $1])
-+    m4_if(m4_index([$1], [orig tuple]), -1, [], [
-+      dnl XXX: 6.8.0-1014-azure #16~22.04.1-Ubuntu kernel in GitHub Actions
-+      dnl contains a known conntrack bug, but doesn't have a fix for it:
-+      dnl   a23ac973f67f ("openvswitch: get related ct labels from its master
-+      dnl                  if it is not confirmed")
-+      OVS_CHECK_GITHUB_ACTION()])
-     AT_SKIP_IF([test $HAVE_FTP = no])
-     AT_SKIP_IF([test $HAVE_LFTP = no])
-     CHECK_CONNTRACK()
-@@ -8215,10 +8307,18 @@ table=2,priority=10  ct_state=+trk+est action=drop
+@@ -8215,10 +8301,18 @@ table=2,priority=10  ct_state=+trk+est action=drop
  
  AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
  
@@ -7476,7 +7508,7 @@ index 98e494abf4..518815da61 100644
  
  sleep 1
  
-@@ -8389,6 +8489,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl
+@@ -8389,6 +8483,53 @@ AT_CHECK([ovs-pcap client.pcap | grep 000000002010000000002000], [0], [dnl
  OVS_TRAFFIC_VSWITCHD_STOP
  AT_CLEANUP
  
@@ -7530,7 +7562,7 @@ index 98e494abf4..518815da61 100644
  AT_BANNER([IGMP])
  
  AT_SETUP([IGMP - flood under normal action])
-@@ -8724,21 +8871,29 @@ dnl The flow will encap a nsh header to the TCP syn packet
+@@ -8724,21 +8865,29 @@ dnl The flow will encap a nsh header to the TCP syn packet
  dnl eth/ip/tcp --> OVS --> eth/nsh/eth/ip/tcp
  AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,ip,actions=encap(nsh(md_type=1)),set_field:0x1234->nsh_spi,set_field:0x11223344->nsh_c1,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"])
  
@@ -7573,7 +7605,7 @@ index 98e494abf4..518815da61 100644
  
  OVS_TRAFFIC_VSWITCHD_STOP
  AT_CLEANUP
-@@ -8756,19 +8911,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet
+@@ -8756,19 +8905,31 @@ dnl The flow will decap a nsh header which in turn carries a TCP syn packet
  dnl eth/nsh/eth/ip/tcp --> OVS --> eth/ip/tcp
  AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f, actions=decap(),decap(), ovs-p1"])
  
@@ -7615,7 +7647,7 @@ index 98e494abf4..518815da61 100644
  
  OVS_TRAFFIC_VSWITCHD_STOP
  AT_CLEANUP
-@@ -8788,22 +8955,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4,
+@@ -8788,22 +8949,38 @@ dnl The flow will add another NSH header with nsh_spi=0x101, nsh_si=4,
  dnl nsh_ttl=7 and change the md1 context
  AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,in_port=ovs-p0,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x03,actions=decap(),decap(),encap(nsh(md_type=1)),set_field:0x07->nsh_ttl,set_field:0x0101->nsh_spi,set_field:0x04->nsh_si,set_field:0x100f0e0d->nsh_c1,set_field:0x0c0b0a09->nsh_c2,set_field:0x08070605->nsh_c3,set_field:0x04030201->nsh_c4,encap(ethernet),set_field:f2:ff:00:00:00:02->dl_dst,set_field:f2:ff:00:00:00:01->dl_src,ovs-p1"])
  
@@ -7668,7 +7700,7 @@ index 98e494abf4..518815da61 100644
  
  OVS_TRAFFIC_VSWITCHD_STOP
  AT_CLEANUP
-@@ -8824,31 +9007,50 @@ dnl packet to to at_ns2.
+@@ -8824,31 +9001,50 @@ dnl packet to to at_ns2.
  AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x02,actions=ovs-p1"])
  AT_CHECK([ovs-ofctl -Oopenflow13 add-flow br0 "table=0,priority=100,dl_type=0x894f,nsh_spi=0x100,nsh_si=0x01,actions=ovs-p2"])
  
@@ -9138,6 +9170,41 @@ index 95a65fcdcd..0352030fec 100644
          }
      }
  
+diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema
+index e2d5e2e85e..61be3ac079 100644
+--- a/vswitchd/vswitch.ovsschema
++++ b/vswitchd/vswitch.ovsschema
+@@ -1,6 +1,6 @@
+ {"name": "Open_vSwitch",
+- "version": "8.5.0",
+- "cksum": "4040946650 27557",
++ "version": "8.5.1",
++ "cksum": "1754428673 27557",
+  "tables": {
+    "Open_vSwitch": {
+      "columns": {
+@@ -385,7 +385,7 @@
+        "groups": {
+          "type": {"key": "string", "min": 0, "max": "unlimited"}},
+        "prefixes": {
+-         "type": {"key": "string", "min": 0, "max": 3}},
++         "type": {"key": "string", "min": 0, "max": 4}},
+        "external_ids": {
+          "type": {"key": "string", "value": "string",
+                   "min": 0, "max": "unlimited"}}}},
+diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
+index 612ba41e3b..882add5b5e 100644
+--- a/vswitchd/vswitch.xml
++++ b/vswitchd/vswitch.xml
+@@ -4867,7 +4867,7 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
+ 
+         <p>
+           There is a maximum number of fields that can be enabled for any
+-          one flow table.  Currently this limit is 3.
++          one flow table.  Currently this limit is 4.
+         </p>
+       </column>
+     </group>
 diff --git a/dpdk/.github/workflows/build.yml b/dpdk/.github/workflows/build.yml
 index 272a6ffc7f..6b35c56da0 100644
 --- a/dpdk/.github/workflows/build.yml
diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec
index 0028869..d513fd1 100644
--- a/SPECS/openvswitch3.3.spec
+++ b/SPECS/openvswitch3.3.spec
@@ -57,7 +57,7 @@ Summary: Open vSwitch
 Group: System Environment/Daemons daemon/database/utilities
 URL: http://www.openvswitch.org/
 Version: 3.3.0
-Release: 15%{?dist}
+Release: 16%{?dist}
 
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@@ -769,6 +769,13 @@ exit 0
 %endif
 
 %changelog
+* Wed Nov 27 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-16
+- Merging upstream branch-3.3 [RH git: 68822af9c4]
+    Commit list:
+    6fed6a7d31 classifier: Increase the maximum number of prefixes (tries).
+    634bce05b9 Revert "github: Skip FTP SNAT orig tuple tests due to broken Ubuntu kernel."
+
+
 * Mon Nov 18 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-15
 - Merging dpdk subtree [RH git: edff947ee5]
     Commit list: