[ovs-dev] [patch v3 3/4] conntrack: Enforce conn_type for flush tuple.

Darrell Ball dlu998 at gmail.com
Tue Dec 11 03:26:32 UTC 2018


On Mon, Dec 10, 2018 at 5:42 PM Ben Pfaff <blp at ovn.org> wrote:

> On Mon, Nov 26, 2018 at 08:48:39AM -0800, Darrell Ball wrote:
> > The user should only reference a conntrack entry by the forward
> > direction context, as per 'conntrack_flush()', enforce this by
> > checking for 'default' conn_type.  The likelihood of a user
> > not using the original tuple is low, but it should be guarded
> > against, logged and documented.
> >
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > ---
> >
> > Backport to 2.9.
> >
> > v3: Move backport hint out of commit message.
> >     Remove warning log conditional for now.
>
> Would it be more user-friendly to translate these into the forward
> equivalent and flush that one?
>

If there were a practical application to try to flush a tuple using the
dynamic/random
NAT tuple assignment, yes; but there is not and it is also not worth the
added complexity
to handle the race b/w buckets for this purpose.


More information about the dev mailing list