[ovs-dev] [PATCH] conntrack: Fix TCP conntrack state
Dumitru Ceara
dceara at redhat.com
Tue Feb 11 15:07:53 UTC 2020
On 2/7/20 11:55 PM, Yi-Hung Wei wrote:
> If a TCP connection is in SYN_SENT state, receiving another SYN packet
> would just renew the timeout of that conntrack entry rather than create
> a new one. Thus, tcp_conn_update() should return CT_UPDATE_VALID_NEW.
>
> This also fixes regressions of a couple of OVN system tests.
>
> Fixes: a867c010ee91 ("conntrack: Fix conntrack new state")
> Reported-by: Dumitru Ceara <dceara at redhat.com>
> Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Hi Yi-Hung,
The changes look good to me but I'll let userspace conntrack reviewers
formally ack the patch.
I did try it out and it works fine.
Regards,
Dumitru
Tested-by: Dumitru Ceara <dceara at redhat.com>
> ---
> Please backport to branch 2.13.
>
> ---
> lib/conntrack-tcp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
> index 416cb769d22f..47261c7551d1 100644
> --- a/lib/conntrack-tcp.c
> +++ b/lib/conntrack-tcp.c
> @@ -189,7 +189,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
> } else if (src->state <= CT_DPIF_TCPS_SYN_SENT) {
> src->state = CT_DPIF_TCPS_SYN_SENT;
> conn_update_expiration(ct, &conn->up, CT_TM_TCP_FIRST_PACKET, now);
> - return CT_UPDATE_NEW;
> + return CT_UPDATE_VALID_NEW;
> }
> }
>
>
More information about the dev
mailing list