If the protocol is not natively supported, this assigns generic protocol
tracker so we can always assume a valid pointer after these calls.
Signed-off-by: Pablo Neira Ayuso
---
net/openvswitch/conntrack.c | 8
1 file changed, 8 deletions(-)
diff --git a/net/openvswitch/conntrack.c b
On Wed, Apr 20, 2016 at 02:31:10PM -0700, Jarno Rajahalme wrote:
> Clear the skb hash when it does not reflect the actual header values
> any more.
>
> Signed-off-by: Jarno Rajahalme
> ---
> net/netfilter/nf_nat_core.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/nf_na
On Fri, Mar 18, 2016 at 02:33:45PM +0100, Arnd Bergmann wrote:
> The openvswitch code has gained support for calling into the
> nf-nat-ipv4/ipv6 modules, however those can be loadable modules
> in a configuration in which openvswitch is built-in, leading
> to link errors:
>
> net/built-in.o: In fu
On Mon, Mar 21, 2016 at 11:15:19AM -0700, Jarno Rajahalme wrote:
> OVS should call into CT NAT for packets of new expected connections only
> when the conntrack state is persisted with the 'commit' option to the
> OVS CT action. The test for this condition is doubly wrong, as the CT
> status field
On Wed, Mar 16, 2016 at 01:47:13PM +0100, Arnd Bergmann wrote:
> The openvswitch code has gained support for calling into the
> nf-nat-ipv4/ipv6 modules, however those can be loadable modules
> in a configuration in which openvswitch is built-in, leading
> to link errors:
>
> net/built-in.o: In fu
On Thu, Mar 10, 2016 at 10:54:15AM -0800, Jarno Rajahalme wrote:
> This series adds NAT support to openvswitch kernel module. A few
> changes are needed to the netfilter code to facilitate this (patches
> 1-2/8). Patches 3-7 make the openvswitch kernel module ready for the
> patch 8 that adds the
On Wed, Feb 17, 2016 at 02:06:54PM -0800, Joe Stringer wrote:
> On 5 February 2016 at 17:41, Jarno Rajahalme wrote:
> > Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This
> > avoids dropping a SYN packet re-opening an existing TCP connection.
> >
> > Signed-off-by: Jarno Rajahalme
Hi Jarno,
On Fri, Jan 08, 2016 at 10:29:53AM -0800, Jarno Rajahalme wrote:
> This series adds NAT support to openvswitch kernel module. A few
> changes are needed to the netfilter code to facilitate this (patches
> 1-2/8). Patches 3-6 make the openvswitch kernel module ready for the
> patch 7 th
On Wed, Dec 16, 2015 at 04:36:41PM -0800, Jarno Rajahalme wrote:
> Define a new inline function to map conntrack status to enum
> ip_conntrack_info. This removes the need to otherwise duplicate this
> code in a later patch ("openvswitch: Find existing conntrack entry
> after upcall.").
>
> Signed
On Tue, Dec 08, 2015 at 05:01:04PM -0800, Jarno Rajahalme wrote:
> Define a new inline function to map conntrack status to enum
> ip_conntrack_info. This removes the need to otherwise duplicate this
> code in a later patch ("openvswitch: Find existing conntrack entry
> after upcall.").
>
> Signed
On Tue, Dec 08, 2015 at 05:01:10PM -0800, Jarno Rajahalme wrote:
> - /* Call the helper right after nf_conntrack_in() for confirmed
> - * connections, but only when commiting for unconfirmed connections.
> - */
> ct = nf_ct_get(skb, &ctinfo);
> - if (ct && (nf_ct_is_confirme
On Wed, Nov 25, 2015 at 04:08:16PM -0800, Jarno Rajahalme wrote:
> NAT checksum recalculation code assumes existence of skb_dst, which
> becomes a problem for a later patch in the series ("openvswitch:
> Interface with NAT."). Simplify this by removing the check on
> skb_dst, as the checksum will
On Tue, Oct 20, 2015 at 03:20:26PM -0700, Jarno Rajahalme wrote:
> Define a new inline function to map conntrack status to enum
> ip_conntrack_info. This removes the need to otherwise duplicate this
> code in a later patch.
Where is that later patch that justifies this update?
> Signed-off-by: J
On Tue, Oct 20, 2015 at 03:20:27PM -0700, Jarno Rajahalme wrote:
> NAT checksum recalculation code assumed existence of skb_dst, which
> becomes a problem for a later patch in the series. Simplify this by
> removing the checks, as the checksum will be dealt with later in the
> stack.
Please, resu
On Tue, Oct 20, 2015 at 03:20:28PM -0700, Jarno Rajahalme wrote:
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 77850f1..1e6c2ac 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -291,7 +291,7 @@ size_t ovs_key_attr_siz
On Mon, Dec 03, 2012 at 09:28:55AM -0800, Jesse Gross wrote:
> On Mon, Dec 3, 2012 at 6:04 AM, Pablo Neira Ayuso wrote:
> > On Thu, Nov 29, 2012 at 10:35:45AM -0800, Jesse Gross wrote:
> >> @@ -159,9 +162,10 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned
On Thu, Nov 29, 2012 at 10:35:45AM -0800, Jesse Gross wrote:
> From: Ansis Atteka
>
> This patch prepares ipv6_find_hdr() function so that it could be
> able to skip routing headers, where segements_left is 0. This is
> required to handle multiple routing header case correctly when
> changing IPv
17 matches
Mail list logo
