From: wenxu <[email protected]> When the conntrack is not be found, CT will check whether the pkt has be NATed, get the orignal tuple and search the conntrack from orignal tuple.
If there is nat_action_info in the rule, the pkt maybe NATed. So it should find the original tuple to find the conntrack. Signed-off-by: wenxu <[email protected]> --- lib/conntrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 99198a6..c329acd 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1163,7 +1163,7 @@ check_orig_tuple(struct conntrack *ct, struct dp_packet *pkt, !pkt->md.ct_orig_tuple.ipv4.ipv4_proto) || (ctx_in->key.dl_type == htons(ETH_TYPE_IPV6) && !pkt->md.ct_orig_tuple.ipv6.ipv6_proto) || - nat_action_info) { + !nat_action_info) { return false; } -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
