On 1/14/19, 4:49 AM, "[email protected] on behalf of David
Marchand" <[email protected] on behalf of
[email protected]> wrote:
On Mon, Jan 14, 2019 at 7:32 AM Darrell Ball <[email protected]> wrote:
> Thanks for the patch
>
> On Wed, Jan 9, 2019 at 7:33 AM David Marchand <[email protected]>
> wrote:
>
> The ftp alg deals with packets in two ways for the command connection:
>> either they are inspected and can be mangled when nat is enabled
>> (CT_FTP_CTL_INTEREST) or they just go through without being modified
>> (CT_FTP_CTL_OTHER).
>>
>> For CT_FTP_CTL_INTEREST packets, we must both adjust the packet tcp seq
>> number by the connection current offset, then prepare for the next
>> packets by setting an accumulated offset in the ct object.
>
>
>> The tests are updated so that ftp+NAT checks send multiple commands in a
>> single tcp command connection:
>>
>>
> 1/ Please update the commit message for the 2nd and 3rd paragraphs,
> including use case and a correction.
>
> The ftp alg deals with packets in two ways for the command connection:
> either they are inspected and can be mangled when nat is enabled
> (CT_FTP_CTL_INTEREST) or they just go through without being modified
> (CT_FTP_CTL_OTHER).
>
> For CT_FTP_CTL_INTEREST packets, we must both adjust the packet tcp seq
> number by the connection current offset, then prepare for the next
> packets by setting an accumulated offset in the ct object. However, this
> was not
> done for multiple CT_FTP_CTL_INTEREST packets for the same connection.
> This is relevant for handling multiple child data connections that also
> need natting.
>
> The tests are updated so that some ftp+NAT tests send multiple port
> commands or
> other similar commands for a single control connection. Wget is not able
> to do this,
> so switch to lftp.
>
> 2/ A couple conntrack.c comments.
>
> 3/ I requested changing the number of 'ls' commands below, since it is a
> stronger test.
>
Sure.
> 4/ I added another test below for reverse skew.
>
Well, adding a DNAT test at this point cannot work.
I can move it to the second patch.
Sure
Btw, I can also bundle the patches together tomorrow morning, which may be
easier.
> 5/ Please consider adding me as co-author
>
Ok.
I will wait for your reply on the 32bits wrapping fix before sending a v4.
Thanks.
--
David Marchand
_______________________________________________
dev mailing list
[email protected]
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&data=02%7C01%7Cdball%40vmware.com%7C4ce7c17ebcc6404de5a108d67a1ec040%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C636830669846619264&sdata=G7Hd0xuiM491btJDfHk5sT6mNodpUr2171gNtDRnnTE%3D&reserved=0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
