[ovs-dev] [PATCH ovs] conntrack: Update the icmp stats accurately.

Ilya Maximets i.maximets at ovn.org
Thu Jan 14 18:54:59 UTC 2021


On 12/23/20 12:23 PM, xiangxia.m.yue at gmail.com wrote:
> From: Tonghao Zhang <xiangxia.m.yue at gmail.com>
> 
> The same icmp packet may traverse conntrack module more than once.
> Or same icmp packets traverse contranck module in orderly.
> 
> Don't change stats to CS_ESTABLISHED before receiving reply or related packets.
> 
> Fixes: b269a1229df2 ("conntrack: Track ICMP type and code.")
> Cc: Daniele Di Proietto <diproiettod at vmware.com>
> Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
> ---

Hi, Aaron.  Could you, please, take a look at this patch?

>  lib/conntrack-icmp.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/conntrack-icmp.c b/lib/conntrack-icmp.c
> index 9b7263011..7e24d90a5 100644
> --- a/lib/conntrack-icmp.c
> +++ b/lib/conntrack-icmp.c
> @@ -59,13 +59,16 @@ icmp_conn_update(struct conntrack *ct, struct conn *conn_,
>                   struct dp_packet *pkt OVS_UNUSED, bool reply, long long now)
>  {
>      struct conn_icmp *conn = conn_icmp_cast(conn_);
> +    enum ct_update_res ret = CT_UPDATE_VALID;
>  
>      if (reply && conn->state == ICMPS_FIRST) {
>         conn->state = ICMPS_REPLY;
> +    } else if (conn->state == ICMPS_FIRST) {
> +        ret = CT_UPDATE_VALID_NEW;
>      }
>  
>      conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
> -    return CT_UPDATE_VALID;
> +    return ret;
>  }
>  
>  static bool
> 



More information about the dev mailing list