Viacheslav Galaktionov <[email protected]> writes:
> On 11/27/23 19:33, Aaron Conole wrote: >> Viacheslav Galaktionov <[email protected]> writes: >> >>> On 11/22/23 16:14, Aaron Conole wrote: >>>>> Viacheslav Galaktionov writes: >>>>> >>>>> When a packet hits a flow rule without an explicitly specified helper, >>>>> OvS has to rely on automatic application layer gateway detection to >>>>> find related connections. This works as long as services are running on >>>>> their standard ports, e.g. when FTP servers use TCP port 21. >>>>> >>>>> However, sometimes it's necessary to run services on non-standard ports. >>>>> In that case, there is no way for OvS to guess which protocol is used >>>>> within a given flow. Of course, this means that no related connections >>>>> can be recognized. >>>>> >>>>> When a connection is committed with a particular helper, it's reasonable >>>>> to assume this helper will be used in subsequent CT actions, as long as >>>>> they don't override it. Achieve this behaviour by using the committed >>>>> connection's helper when a flow rule does not specify one. >>>>> >>>>> Signed-off-by: Viacheslav Galaktionov >>>>> <[email protected]> >>>>> Acked-by: Ivan Malov <[email protected]> >>>>> --- >>>>> lib/conntrack.c | 9 +++++++++ >>>>> 1 file changed, 9 insertions(+) >>>> Hi Viacheslav, >>>> >>>> Do you plan to send a v4 which has news and faq updated? >>> Hi Aaron! >>> >>> I was actually waiting for your comments, so I could address them and >>> update the NEWS and FAQ at the same time. I can send a v4 in the next >>> couple of days if you want. >> Sorry - that's my mistake. Please send the v4. >> > Hi Aaron, > > Sorry, I've only just now taken a proper look at the FAQ, and I don't > see what > I should change there. There doesn't seem to be any mention of this subject > in the file and my patches actually make netdev datapaths behave in the same > manner as system datapaths when it comes to conntrack helpers, so there's > probably no point describing a difference that's no longer there. I was thinking that it would make sense to update the following from Documentation/faq/releases.rst: > Q: Are all features available with all datapaths? > > A: Open vSwitch supports different datapaths on different platforms. > Each > datapath has a different feature set: the following tables try to > summarize > the status. There is a table there where we try to list any compatibility or differences. Helper behavior here is a difference in older versions so we could put something like: Conntrack Helper Assign. YES YES 3.2 Maybe it would introduce more confusion that it removes? But since it is a behavior change which aligns the datapaths, it would be good to document it and that question does deal with some of it. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
