[ovs-git] [openvswitch/ovs] 4a777f: datapath: Use pre-routing hook for conntrack.

GitHub noreply at github.com
Fri Sep 9 21:34:34 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 4a777f56ca73e221d2ae39fd8ff0f711731395ec
      https://github.com/openvswitch/ovs/commit/4a777f56ca73e221d2ae39fd8ff0f711731395ec
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-09-09 (Fri, 09 Sep 2016)

  Changed paths:
    M datapath/conntrack.c

  Log Message:
  -----------
  datapath: Use pre-routing hook for conntrack.

The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in()
call, which does deeper (eg l4proto) validation. It was previously
thought that using the NF_INET_ROUTING hook for this function on older
kernels would trigger kernel panics due to a dependency on the
unpopulated skb->dev, however during recent testing on a variety of
platforms (Centos7.[12], Ubuntu 1[46].04, Fedora23) using the latest
distribution kernels and the OVS kernel module testsuite, no such kernel
panics were observed. Therefore it appears to be safe to bring this in
line with upstream without any other workarounds.

Reported-by: Jesse Gross <jesse at kernel.org>
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>




More information about the git mailing list