[ovs-dev] [PATCH] conntrack: Fix TCP conntrack state

Dumitru Ceara dceara at redhat.com
Tue Feb 11 15:07:53 UTC 2020


On 2/7/20 11:55 PM, Yi-Hung Wei wrote:
> If a TCP connection is in SYN_SENT state, receiving another SYN packet
> would just renew the timeout of that conntrack entry rather than create
> a new one.  Thus, tcp_conn_update() should return CT_UPDATE_VALID_NEW.
> 
> This also fixes regressions of a couple of  OVN system tests.
> 
> Fixes: a867c010ee91 ("conntrack: Fix conntrack new state")
> Reported-by: Dumitru Ceara <dceara at redhat.com>
> Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>

Hi Yi-Hung,

The changes look good to me but I'll let userspace conntrack reviewers
formally ack the patch.

I did try it out and it works fine.

Regards,
Dumitru

Tested-by: Dumitru Ceara <dceara at redhat.com>

> ---
> Please backport to branch 2.13.
> 
> ---
>  lib/conntrack-tcp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
> index 416cb769d22f..47261c7551d1 100644
> --- a/lib/conntrack-tcp.c
> +++ b/lib/conntrack-tcp.c
> @@ -189,7 +189,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
>          } else if (src->state <= CT_DPIF_TCPS_SYN_SENT) {
>              src->state = CT_DPIF_TCPS_SYN_SENT;
>              conn_update_expiration(ct, &conn->up, CT_TM_TCP_FIRST_PACKET, now);
> -            return CT_UPDATE_NEW;
> +            return CT_UPDATE_VALID_NEW;
>          }
>      }
>  
> 



More information about the dev mailing list