[ovs-discuss] Packet sent to netfilter after modification in the pipeline
Joe Stringer
joe at ovn.org
Mon Dec 12 21:25:29 UTC 2016
On 9 December 2016 at 00:57, Aswin S <aswinsuryan at gmail.com> wrote:
> Hi ,
>
>
> I was trying to use the ct action ( actions=ct(table=252,zone=5001)) for a
> packet which got modified in the pipeline, like I have swapped the layer 3
> and layer 4 parameters. But in the netfilter event log I couldn't see a
> modified packet being received.
>
> If a packet is modified in the pipeline and when it is send to netfilter,
> do we send the original one or the modified one when using ct action ?
It depends on where in the pipeline you modify the packet and where
you send it to conntrack. Actions are executed in order, so I'd expect
that if you modify l3/l4 fields before executing ct() action then
conntrack should see the modified packet.
Note that there was a netfilter events bug fixed a few months ago
which may also explain why you don't see the modified packet. Consider
upgrading to the latest version of your kernel, or using OVS 2.6 and
its backport module. For reference, here's the commit:
https://github.com/torvalds/linux/commit/d913d3a763a6f66a862a6eafcf6da89a7905832a
More information about the discuss
mailing list