Florian Westphal wrote:
> Jakub Kicinski wrote:
> > On Sun, 16 Jul 2023 17:09:16 -0400 Xin Long wrote:
> > > With the OVS upcall, the original ct in the skb will be dropped, and when
> > > the skb comes back from userspace it has to create a new ct again through
> &
Jakub Kicinski wrote:
> On Sun, 16 Jul 2023 17:09:16 -0400 Xin Long wrote:
> > With the OVS upcall, the original ct in the skb will be dropped, and when
> > the skb comes back from userspace it has to create a new ct again through
> > nf_conntrack_in() in either OVS __ovs_ct_lookup() or TC
dd_helper()
>
> Hi Pablo, do you prefer to take this or should we?
Looks like Pablo is very busy atm, I have no objections
if this is applied to net-next.
You may add
Acked-by: Florian Westphal
if you like.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Eric Dumazet wrote:
> On Sun, Jun 19, 2022 at 2:39 AM Ilya Maximets wrote:
> >
> > Open vSwitch system test suite is broken due to inability to
> > load/unload netfilter modules. kworker thread is getting trapped
> > in the infinite loop while running a net cleanup inside the
> >
Ilya Maximets wrote:
> Hi, Florian.
>
> There is a problem on 5.15 longterm tree where the offending commit
> got backported, but the previous one was not, so it triggers an issue
> while loading the openvswitch module.
>
> To be more clear, v5.15.35 contains the following commit:
>
Mark Mielke wrote:
> A recent commit replaced calls to nf_conntrack_put() with calls
> to nf_ct_put(). nf_conntrack_put() permitted the caller to pass
> null without side effects, while nf_ct_put() performs WARN_ON()
> and proceeds to try and de-reference the pointer. ovs-vswitchd
> triggers the
Mark Mielke wrote:
> A recent commit replaced calls to nf_conntrack_put() with calls
> to nf_ct_put(). nf_conntrack_put() permitted the caller to pass
> null without side effects, while nf_ct_put() performs WARN_ON()
> and proceeds to try and de-reference the pointer. ovs-vswitchd
> triggers the
Its the same as nf_conntrack_put(), but without the
need for an indirect call. The downside is a module dependency on
nf_conntrack, but all of these already depend on conntrack anyway.
Cc: Paul Blakey
Cc: d...@openvswitch.org
Signed-off-by: Florian Westphal
---
net/netfilter
Flavio Leitner wrote:
>
> This email has 'To' field pointing to ovs-dev, but the patch
> seems to fix another code other than OVS.
>
> You might have realized by now, but in case you're still waiting... :)
Thanks for pointing that out, patch has been applied to conntrack-tools
repo.
> > sets this flag for both the directions of the nf_conn.
> >
> > Suggested-by: Florian Westphal
> > Signed-off-by: Numan Siddique
>
> Florian, LGTY?
Sorry, this one sailed past me.
Acked-by: Florian Westphal
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Numan Siddique wrote:
> On Tue, Nov 10, 2020 at 5:55 PM Florian Westphal wrote:
> >
> > Numan Siddique wrote:
> > > On Tue, Nov 10, 2020 at 3:06 AM Florian Westphal wrote:
> > > Thanks for the comments. I actually tried this approach first, but it
> >
Numan Siddique wrote:
> On Tue, Nov 10, 2020 at 3:06 AM Florian Westphal wrote:
> Thanks for the comments. I actually tried this approach first, but it
> doesn't seem to work.
> I noticed that for the committed connections, the ct tcp flag -
> IP_CT_TCP_FLAG_BE_LIBERAL is
use of
> tcp_in_window() check error or because it doesn't belong to an
> existing connection.
>
> An earlier attempt (see the link) tried to solve this problem for
> openvswitch in a different way. Florian Westphal instead suggested
> to be liberal in openvswitch for tcp packets.
>
Numan Siddique wrote:
> On Tue, Oct 6, 2020 at 4:46 PM Florian Westphal wrote:
> >
> > nusid...@redhat.com wrote:
> > > From: Numan Siddique
> > >
> > > For a tcp packet which is part of an existing committed connection,
> > > nf_conntr
nusid...@redhat.com wrote:
> From: Numan Siddique
>
> For a tcp packet which is part of an existing committed connection,
> nf_conntrack_in() will return err and set skb->_nfct to NULL if it is
> out of tcp window. ct action for this packet will set the ct_state
> to +inv which is as expected.
Eelco Chaudron wrote:
> On 22 Jul 2020, at 21:22, Florian Westphal wrote:
> > I see a 0 cache size is legal (turns it off) and that the allocation
> > path has a few sanity checks as well.
> >
> > Would it make sense to add min/max policy to datapath_policy[] for t
Eelco Chaudron wrote:
> This patch makes the masks cache size configurable, or with
> a size of 0, disable it.
>
> Reviewed-by: Paolo Abeni
> Signed-off-by: Eelco Chaudron
> ---
> include/uapi/linux/openvswitch.h |1
> net/openvswitch/datapath.c | 11 +
>
Geert Uytterhoeven wrote:
> Commit 4806e975729f99c7 ("netfilter: replace NF_NAT_NEEDED with
> IS_ENABLED(CONFIG_NF_NAT)") removed CONFIG_NF_NAT_NEEDED, but a new user
> popped up afterwards.
Thnaks for spotting this.
Acked-b
These versions deal with the l3proto/l4proto details internally.
It removes only caller of nf_ct_get_tuple, so make it static.
After this, l3proto->get_l4proto() can be removed in a followup patch.
Signed-off-by: Florian Westphal
---
No changes since v1.
This is a preparation patch to rem
19 matches
Mail list logo
