On 1/24/23 13:57, Eelco Chaudron wrote: > tc does not support conntrack ALGs. Even worse, with tc enabled, they > should not be used/configured at all. This is because even though TC > will ignore the rules with ALG configured, i.e., they will flow through > the kernel module, return traffic might flow through a tc conntrack > rule, and it will not invoke the ALG helper. > > Signed-off-by: Eelco Chaudron <echau...@redhat.com> > Acked-by: Roi Dayan <r...@nvidia.com> > --- > Documentation/howto/tc-offload.rst | 11 +++++++++++ > lib/netdev-offload-tc.c | 4 ++++ > tests/system-offloads.at | 27 +++++++-------------------- > 3 files changed, 22 insertions(+), 20 deletions(-) > > diff --git a/Documentation/howto/tc-offload.rst > b/Documentation/howto/tc-offload.rst > index f6482c8af..63687adc9 100644 > --- a/Documentation/howto/tc-offload.rst > +++ b/Documentation/howto/tc-offload.rst > @@ -112,3 +112,14 @@ First flow packet not processed by meter > Packets that are received by ovs-vswitchd through an upcall before the actual > meter flow is installed, are not passing TC police action and therefore are > not considered for policing. > + > +Conntrack Application Layer Gateways(ALG)
Nit: a space before the '(ALG)' would be nice. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
