[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPWQB7HUqyK8EiTZagaxV=g_3An9meNgtBAOWUh_UVDgWwuoPQ@mail.gmail.com>
Date: Tue, 28 Jun 2016 15:18:04 +0200
From: Joe Stringer <joe@....org>
To: Samuel Gauthier <samuel.gauthier@...nd.com>
Cc: Pravin B Shelar <pshelar@...ira.com>,
"David S. Miller" <davem@...emloft.net>,
ovs dev <dev@...nvswitch.org>, netdev <netdev@...r.kernel.org>,
Joe Stringer <joestringer@...ira.com>,
netfilter-devel@...r.kernel.org, Justin Pettit <jpettit@...ira.com>
Subject: Re: [ovs-dev] [PATCH net] openvswitch: fix conntrack netlink event delivery
On 28 June 2016 at 14:12, Samuel Gauthier <samuel.gauthier@...nd.com> wrote:
> Only the first and last netlink message for a particular conntrack are
> actually sent. The first message is sent through nf_conntrack_confirm when
> the conntrack is committed. The last one is sent when the conntrack is
> destroyed on timeout. The other conntrack state change messages are not
> advertised.
>
> When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
> is called for each packet, from the postrouting hook, which in turn calls
> nf_ct_deliver_cached_events to send the state change netlink messages.
>
> This commit fixes the problem by calling nf_conntrack_confirm all the time,
> i.e not only in the commit case.
>
> Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
> CC: Joe Stringer <joestringer@...ira.com>
> CC: Justin Pettit <jpettit@...ira.com>
> CC: Andy Zhou <azhou@...ira.com>
> CC: Thomas Graf <tgraf@...g.ch>
> Signed-off-by: Samuel Gauthier <samuel.gauthier@...nd.com>
This breaks the semantics of OVS_CT_ATTR_COMMIT. If you just want to
ensure that nf_ct_deliver_cached_events() is run, then we should call
to that for confirmed connections in the non-commit case.
Powered by blists - more mailing lists