[ovs-dev] [PATCH v5] conntrack: document all-zero IP SNAT behavior and add a test case

Ilya Maximets i.maximets at ovn.org
Fri Jul 16 11:39:08 UTC 2021


On 7/14/21 4:45 PM, Eelco Chaudron wrote:
> 
> 
> On 9 Jul 2021, at 16:07, Ilya Maximets wrote:
> 
>> On 7/9/21 10:29 AM, Eelco Chaudron wrote:
>>>
>>>
>>> On 8 Jul 2021, at 21:23, Ilya Maximets wrote:
>>>
>>>> On 6/10/21 11:24 AM, Eelco Chaudron wrote:
>>>>> Currently, conntrack in the kernel has an undocumented feature referred
>>>>> to as all-zero IP address SNAT. Basically, when a source port
>>>>> collision is detected during the commit, the source port will be
>>>>> translated to an ephemeral port. If there is no collision, no SNAT is
>>>>> performed.
>>>>>
>>>>> This patchset documents this behavior and adds a self-test to verify
>>>>> it's not changing. In addition, a datapath feature flag is added for
>>>>> the all-zero IP SNAT case. This will help applications on top of OVS,
>>>>> like OVN, to determine this feature can be used.
>>>>>
>>>>> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
>>>>> Acked-by: Aaron Conole <aconole at redhat.com>
>>>>> Acked-by: Dumitru Ceara <dceara at redhat.com>
>>>>> ---
>>>>>
>>>>> v5: Windows datapath does not support all-zero SNAT, add checks.
>>>>> v4: Added datapath support flag for all-zero SNAT.
>>>>> v3: Renamed NULL SNAT to all-zero IP SNAT.
>>>>> v2: Fixed NULL SNAT to only work in the -rpl state to be inline with
>>>>>     OpenShift-SDN's behavior.
>>>>
>>>>
>>>> Thanks, everyone!  I added a NEWS entry and applied to master.
>>>
>>> Can we also backport this patch? It’s not adding any new features, just the datapath support flag, and a unit test?
>>
>> OK.  That makes sense, since it's not really a new feature, but
>> a documentation for an always existed behavior.
>>
>> I backported it to 2.15.  2.13 has some conflicts, if you think
>> that it's needed there, please, send a backport with branch-2.13
>> subject prefix.
>>
> 
> Just now sent you a patch that will apply to 2.13. Let me know if that would be enough?

That's OK.  But the patch for 2.13 needs some rebase.
See my reply for the backport.

Best regards, Ilya Maximets.



More information about the dev mailing list