lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 May 2020 11:40:56 +0800 From: wenxu <wenxu@...oud.cn> To: Edward Cree <ecree@...arflare.com>, paulb@...lanox.com, saeedm@...lanox.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata On 5/28/2020 7:35 PM, Edward Cree wrote: > On 28/05/2020 08:15, wenxu@...oud.cn wrote: >> From: wenxu <wenxu@...oud.cn> >> >> Currently all the conntrack entry offfload rules will be add >> in both ct and ct_nat flow table in the mlx5e driver. It is >> not makesense. >> >> This serise provide nat attribute in the ct_metadata action which >> tell driver the rule should add to ct or ct_nat flow table > I don't understand why changes to the core are needed. > A conntrack entry should be a NAT if and only if it has > FLOW_ACTION_MANGLE actions. AIUI this is sufficient information > to distinguish NAT from non-NAT conntrack, and there's no need > for an additional bool in ct_metadata. > But it's possible my understanding is wrong. Yes, Currently the FLOW_ACTION_MANGLE can distinguish this. But I think the right way to get nat or non-nat conntrack is through the nf_conn->status ? > > -ed >
Powered by blists - more mailing lists