[ovs-dev] Flow key update in conntrack/nat
Valentine Sinitsyn
valentine.sinitsyn at gmail.com
Wed Jan 11 10:47:42 UTC 2017
Hi all,
I'm struggling to find an answer to a seemingly simple question: why
does "ct(nat)" action need to update the flow key after NAT (see
ovs_nat_update_key())?
My confusion comes from the following scenario. Consider the first
to-be-NATed packet coming. There is no datapath flow installed, so this
results in an upcall. The userspace part will then install a new
datapath flow (using original, unmodified flow key it got) and execute
the action. Subsequent packets will be handled in the kernel
automatically, but again, the ovs_nat_update_key() flow key will be
silently discarded in ovs_vport_receive().
So it looks like the modified flow key is never used. What am I missing
here?
Thanks,
Valentine Sinitsyn
More information about the dev
mailing list