On 1 September 2016 at 18:08, Jesse Gross <je...@kernel.org> wrote: > On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer <j...@ovn.org> wrote: >> The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in() >> call, which does deeper (eg l4proto) validation. It was previously >> thought that using the NF_INET_ROUTING hook for this function on older >> kernels would trigger kernel panics due to a dependency on the >> unpopulated skb->dev, however during recent testing on a variety of >> platforms (Centos7.[12], Ubuntu 1[46].04, Fedora23) using the latest >> distribution kernels and the OVS kernel module testsuite, no such kernel >> panics were observed. Therefore it appears to be safe to bring this in >> line with upstream without any other workarounds. >> >> Reported-by: Jesse Gross <je...@kernel.org> >> Signed-off-by: Joe Stringer <j...@ovn.org> > > If you are confident that it doesn't cause problems on older kernels, > the change looks obviously correct to me relative to upstream.
Unfortunately I don't have concrete details of the original issue, so I can't say this with strong confidence. I don't think it was ever a problem upstream, (ie 4.3+), so we /could/ keep it as NF_INET_FORWARD on kernels older than that.. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev