In patch [1] rpl_nf_conntrack_in was backported as static inline function without do..while loop handling NF_REPEAT error. In patch [2] rpl_nf_conntrack_in backported function was removed from compat/include/net/netfilter/nf_conntrack_core.h as an unused.
As a result the do..while loop around nf_conntrack_in was lost and this caused problems on old RHEL kernels with the tcp SYN loss on a connection with same 5-tuple, which ran in last nf_conntrack_tcp_timeout_time_wait. The connection could be initiated on a tcp SYN retry after one second. 1: https://github.com/openvswitch/ovs/commit/4fdec8986a203b0dc9d9c183c932826967572e0f 2: https://github.com/openvswitch/ovs/commit/e9b33ad780f3bc712a5de6be9e1e0803fadcd249 Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2021-September/387623.html Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2021-October/388424.html Signed-off-by: Vladislav Odintsov <odiv...@gmail.com> --- .../compat/include/net/netfilter/nf_conntrack_core.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index 4cce92f66..bc18c56b8 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -108,7 +108,14 @@ static inline bool rpl_nf_ct_delete(struct nf_conn *ct, u32 portid, int report) static inline unsigned int rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) { - return nf_conntrack_in(state->net, state->pf, state->hook, skb); + int err; + + /* Repeat if requested, see nf_iterate(). */ + do { + err = nf_conntrack_in(state->net, state->pf, state->hook, skb); + } while (err == NF_REPEAT); + + return err; } #define nf_conntrack_in rpl_nf_conntrack_in #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ -- 2.30.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
