On Wed, Sep 16, 2020 at 10:38 AM Greg Rose <[email protected]> wrote: > > From: aaron conole <[email protected]> > > Upstream commit: > commit 5d50aa83e2c8e91ced2cca77c198b468ca9210f4 > author: aaron conole <[email protected]> > date: tue dec 3 16:34:13 2019 -0500 > > openvswitch: support asymmetric conntrack > > the openvswitch module shares a common conntrack and nat infrastructure > exposed via netfilter. it's possible that a packet needs both snat and > dnat manipulation, due to e.g. tuple collision. netfilter can support > this because it runs through the nat table twice - once on ingress and > again after egress. the openvswitch module doesn't have such capability. > > like netfilter hook infrastructure, we should run through nat twice to > keep the symmetry. > > fixes: 05752523e565 ("openvswitch: interface with nat.") > signed-off-by: aaron conole <[email protected]> > signed-off-by: david s. miller <[email protected]> > > Fixes: c5f6c06b58d6 ("datapath: Interface with NAT.") > Cc: aaron conole <[email protected]> > Acked-by: Aaron Conole <[email protected]> > Signed-off-by: Greg Rose <[email protected]> > ---
Acked-by: Yi-Hung Wei <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
