[ovs-dev] [RFC PATCH] conntrack: extract l4 informations for SCTP
Paolo Valerio
pvalerio at redhat.com
Tue Mar 9 20:41:17 UTC 2021
Hi Aaron,
thanks for the feedback
Aaron Conole <aconole at redhat.com> writes:
> Paolo Valerio <pvalerio at redhat.com> writes:
>
>> since a27d70a89 ("conntrack: add generic IP protocol support") all
>> the unrecognized IP protocols gets handled using ct_proto_other ops
>> and are managed as L3 using 3 tuples.
>>
>> This patch stores L4 informations for SCTP in the conn_key so that
>> multiple conn instances, instead of one with ports zeroed, will be
>> created when there are multiple SCTP connections between two hosts.
>> It also performs crc32c check when not offloaded, and adds SCTP to
>> pat_enabled.
>>
>> With this patch, given two SCTP association between two hosts, and
>> given for example the following rules (ARP omitted):
>>
>> in_port=tap0,ip,action=ct(commit,zone=1,nat(src=10.1.1.240:12345-12346)),tap1
>> in_port=tap1,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)
>> in_port=tap1,ct_state=+trk,ct_zone=1,ip,action=tap0
>>
>> the following entries will be created:
>>
>> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=55884,dport=5201),reply=(src=10.1.1.1,dst=10.1.1.240,sport=5201,dport=12345),zone=1
>> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=59874,dport=5202),reply=(src=10.1.1.1,dst=10.1.1.240,sport=5202,dport=12346),zone=1
>>
>> instead of:
>>
>> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=0,dport=0),reply=(src=10.1.1.1,dst=10.1.1.240,sport=0,dport=0),zone=1
>>
>> Signed-off-by: Paolo Valerio <pvalerio at redhat.com>
>> ---
>
> This looks great, but I think we should have a test case here. Can you
> please add one to tests/system-traffic.at so that we don't break SCTP
> support in the future?
ACK, good idea. Will do.
More information about the dev
mailing list