On 28 June 2016 at 14:12, Samuel Gauthier <samuel.gauth...@6wind.com> wrote:
> Only the first and last netlink message for a particular conntrack are
> actually sent. The first message is sent through nf_conntrack_confirm when
> the conntrack is committed. The last one is sent when the conntrack is
> destroyed on timeout. The other conntrack state change messages are not
> advertised.
>
> When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
> is called for each packet, from the postrouting hook, which in turn calls
> nf_ct_deliver_cached_events to send the state change netlink messages.
>
> This commit fixes the problem by calling nf_conntrack_confirm all the time,
> i.e not only in the commit case.
>
> Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
> CC: Joe Stringer <joestrin...@nicira.com>
> CC: Justin Pettit <jpet...@nicira.com>
> CC: Andy Zhou <az...@nicira.com>
> CC: Thomas Graf <tg...@suug.ch>
> Signed-off-by: Samuel Gauthier <samuel.gauth...@6wind.com>This breaks the semantics of OVS_CT_ATTR_COMMIT. If you just want to ensure that nf_ct_deliver_cached_events() is run, then we should call to that for confirmed connections in the non-commit case.
