[ovs-git] [openvswitch/ovs] 94e711: conntrack: Refactor algs.

GitHub noreply at github.com
Mon Dec 11 22:17:51 UTC 2017


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 94e711433c34c4f0b21779d24ee3a22136c8f4be
      https://github.com/openvswitch/ovs/commit/94e711433c34c4f0b21779d24ee3a22136c8f4be
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2017-12-11 (Mon, 11 Dec 2017)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Refactor algs.

Upcoming requirements for new algs make it desirable to split out
alg helpers more cleanly.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>


  Commit: bd7d93f8b4855ff8edc14dc094cd91a48ea10d17
      https://github.com/openvswitch/ovs/commit/bd7d93f8b4855ff8edc14dc094cd91a48ea10d17
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2017-12-11 (Mon, 11 Dec 2017)

  Changed paths:
    M lib/conntrack.c
    M lib/conntrack.h
    M lib/dpif-netdev.c
    M tests/test-conntrack.c

  Log Message:
  -----------
  conntrack: Allow specified alg port numbers.

Algs can use variable control port numbers for servers.
The main use case is a kind of feeble security measure; the
thinking being by some is that it obscures the alg traffic.
It is really not very effective, but the kernel has this
capability. This patch mimics the capability.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>


  Commit: 3a2a425b4c4ebd49dcf07e5eb6d901c98424b999
      https://github.com/openvswitch/ovs/commit/3a2a425b4c4ebd49dcf07e5eb6d901c98424b999
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2017-12-11 (Mon, 11 Dec 2017)

  Changed paths:
    M lib/conntrack.c
    M tests/system-traffic.at

  Log Message:
  -----------
  conntrack: Disable algs by default.

Presently, alg processing is enabled by default to better exercise code.
This is similar to kernels before 4.7 as well.  The recommended default
behavior in the newer kernels is to only process algs if a helper is
supplied in a conntrack rule.  The behavior is changed to match the
later kernels.

A test is extended to check that the control connection is still
created in such a case.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>


Compare: https://github.com/openvswitch/ovs/compare/f0aa3801f1e8...3a2a425b4c4e


More information about the git mailing list