[ovs-dev] [PATCH] conntrack: fix inverse check nat_action_info in check_orig_tuple

wenxu at ucloud.cn wenxu at ucloud.cn
Mon Jun 21 04:51:24 UTC 2021


From: wenxu <wenxu at ucloud.cn>

When the conntrack is not be found, CT will check whether the pkt has
be NATed, get the orignal tuple and search the conntrack from orignal
tuple.

If there is nat_action_info in the rule, the pkt maybe NATed.
So it should find the original tuple to find the conntrack.

Signed-off-by: wenxu <wenxu at ucloud.cn>
---
 lib/conntrack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 99198a6..c329acd 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1163,7 +1163,7 @@ check_orig_tuple(struct conntrack *ct, struct dp_packet *pkt,
          !pkt->md.ct_orig_tuple.ipv4.ipv4_proto) ||
         (ctx_in->key.dl_type == htons(ETH_TYPE_IPV6) &&
          !pkt->md.ct_orig_tuple.ipv6.ipv6_proto) ||
-        nat_action_info) {
+        !nat_action_info) {
         return false;
     }
 
-- 
1.8.3.1



More information about the dev mailing list