From: Tonghao Zhang <[email protected]>
The same icmp packet may traverse conntrack module more than once.
Or same icmp packets traverse contranck module in orderly.
Don't change stats to CS_ESTABLISHED before receiving reply or related packets.
Fixes: b269a1229df2 ("conntrack: Track ICMP type and code.")
Cc: Daniele Di Proietto <[email protected]>
Signed-off-by: Tonghao Zhang <[email protected]>
---
lib/conntrack-icmp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/conntrack-icmp.c b/lib/conntrack-icmp.c
index 9b7263011..7e24d90a5 100644
--- a/lib/conntrack-icmp.c
+++ b/lib/conntrack-icmp.c
@@ -59,13 +59,16 @@ icmp_conn_update(struct conntrack *ct, struct conn *conn_,
struct dp_packet *pkt OVS_UNUSED, bool reply, long long now)
{
struct conn_icmp *conn = conn_icmp_cast(conn_);
+ enum ct_update_res ret = CT_UPDATE_VALID;
if (reply && conn->state == ICMPS_FIRST) {
conn->state = ICMPS_REPLY;
+ } else if (conn->state == ICMPS_FIRST) {
+ ret = CT_UPDATE_VALID_NEW;
}
conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
- return CT_UPDATE_VALID;
+ return ret;
}
static bool
--
2.14.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
