[ovs-dev] [PATCH v3 1/2] conntrack: Return NEW for IPv6 ND packets without tracking.

Ben Pfaff blp at ovn.org
Tue Mar 7 23:14:59 UTC 2017


On Fri, Dec 23, 2016 at 05:31:40PM -0800, Daniele Di Proietto wrote:
> The userspace connection tracker treats Neighbor Discovery packets
> as invalid, because they're not checked against any connection.
> 
> This in inconsistent with the kernel connection tracker which always
> returns 'CS_NEW'.
> 
> Therefore, this commit makes the userspace connection tracker conforming
> with the kernel.  ND packets still do not create or read any state, but
> they're treated as NEW.
> 
> To support this, the key extraction functions can now return
> KEY_NO_TRACK, meaning the packet should be treated statelessly and not
> be sent to the connection tracker.
> 
> We also have to remove a test that explicitly checked that neighbor
> discovery was treated as invalid.
> 
> Reported-by: Sridhar Gaddam <sgaddam at redhat.com>
> Signed-off-by: Daniele Di Proietto <diproiettod at vmware.com>

The actual changes would be slightly clearer if this were two patches:
one that changes "bool" to the new "enum", without a behavioral change,
and then a second one that adds the new KEY_NO_TRACK.

But I think that it makes sense anyway.  Thank you.

Acked-by: Ben Pfaff <blp at ovn.org>


More information about the dev mailing list