[ovs-dev] [PATCH] Documentation: Clarify connection tracking tutorial

Yifeng Sun pkusunyifeng at gmail.com
Fri Jun 14 21:26:25 UTC 2019


Looks good to me, thanks for the fix.

Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>

On Fri, Jun 14, 2019 at 1:44 PM Greg Rose <gvrose8192 at gmail.com> wrote:
>
> The current documentation states that "all packets entering OVS for
> the first time are "untracked"".  However there is a minor exception
> to this in the case where a packet (re)enters the same datapath and
> the namespace has not changed.  In that case there is no need to
> scrub the packet and in this case the connection may already be
> in the "tracked" state.
>
> Reported-by: Quan Tian <qtian at vmware.com>
> Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
> ---
>  Documentation/tutorials/ovs-conntrack.rst | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/tutorials/ovs-conntrack.rst b/Documentation/tutorials/ovs-conntrack.rst
> index 27d6e04..5daffb6 100644
> --- a/Documentation/tutorials/ovs-conntrack.rst
> +++ b/Documentation/tutorials/ovs-conntrack.rst
> @@ -308,8 +308,14 @@ Let's add that flow::
>
>  A TCP syn packet sent from "left" namespace will match flow #1
>  because the packet is coming to OVS from veth_l0 port and it is not being
> -tracked.  (as the packet just entered OVS. All packets entering OVS for the
> -first time are "untracked")
> +tracked.  This is because the packet just entered OVS. All packets entering
> +OVS for the first time are "untracked" with a minor exception being
> +when a packet (re)enters the same datapath that it already belongs to
> +there is no need to discard the namespace and other information.  In this
> +case the connection will remain in the tracked state.  If the namespace
> +has changed then it is discarded and a new connection tracker is
> +created since connection tracking information is logically separate
> +for different namespaces.
>  The flow will send the packet to the connection tracker due to the action "ct".
>  Also "table=0" in the "ct" action forks the pipeline processing in two.  The
>  original instance of packet will continue processing the current action list
> --
> 1.8.3.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list