[ovs-dev] [PATCH v5] conntrack: document all-zero IP SNAT behavior and add a test case

Eelco Chaudron echaudro at redhat.com
Wed Jul 14 14:45:09 UTC 2021



On 9 Jul 2021, at 16:07, Ilya Maximets wrote:

> On 7/9/21 10:29 AM, Eelco Chaudron wrote:
>>
>>
>> On 8 Jul 2021, at 21:23, Ilya Maximets wrote:
>>
>>> On 6/10/21 11:24 AM, Eelco Chaudron wrote:
>>>> Currently, conntrack in the kernel has an undocumented feature referred
>>>> to as all-zero IP address SNAT. Basically, when a source port
>>>> collision is detected during the commit, the source port will be
>>>> translated to an ephemeral port. If there is no collision, no SNAT is
>>>> performed.
>>>>
>>>> This patchset documents this behavior and adds a self-test to verify
>>>> it's not changing. In addition, a datapath feature flag is added for
>>>> the all-zero IP SNAT case. This will help applications on top of OVS,
>>>> like OVN, to determine this feature can be used.
>>>>
>>>> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
>>>> Acked-by: Aaron Conole <aconole at redhat.com>
>>>> Acked-by: Dumitru Ceara <dceara at redhat.com>
>>>> ---
>>>>
>>>> v5: Windows datapath does not support all-zero SNAT, add checks.
>>>> v4: Added datapath support flag for all-zero SNAT.
>>>> v3: Renamed NULL SNAT to all-zero IP SNAT.
>>>> v2: Fixed NULL SNAT to only work in the -rpl state to be inline with
>>>>     OpenShift-SDN's behavior.
>>>
>>>
>>> Thanks, everyone!  I added a NEWS entry and applied to master.
>>
>> Can we also backport this patch? It’s not adding any new features, just the datapath support flag, and a unit test?
>
> OK.  That makes sense, since it's not really a new feature, but
> a documentation for an always existed behavior.
>
> I backported it to 2.15.  2.13 has some conflicts, if you think
> that it's needed there, please, send a backport with branch-2.13
> subject prefix.
>

Just now sent you a patch that will apply to 2.13. Let me know if that would be enough?

//Eelco



More information about the dev mailing list