Mike Pattrick
> Signed-off-by: Eelco Chaudron
> ---
Acked-by: Paolo Valerio
> lib/netdev-linux.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
> index 25349c605..eb0c5c624 100644
> --- a/lib/netdev-lin
roperly.
>
> Fixes: 07ff77ccb82a ("db-ctl-base: Make common database command code into
> library.")
> Signed-off-by: Eelco Chaudron
> ---
Acked-by: Paolo Valerio
> lib/db-ctl-base.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/db-ctl-base.c
igned-off-by: Eelco Chaudron
> ---
Acked-by: Paolo Valerio
> lib/cfm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/cfm.c b/lib/cfm.c
> index c3742f3de..7eb080157 100644
> --- a/lib/cfm.c
> +++ b/lib/cfm.c
> @@ -863,7 +863,7 @@ cfm_process_
try.")
It seems "Fixes:" slipped out here.
I guess this could be fixed while applying.
That aside,
Acked-by: Paolo Valerio
> Signed-off-by: Eelco Chaudron
> ---
> ofproto/ofproto-dpif.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a
Hi Peng,
Peng He writes:
> To seperate into N cmaps, why not use hash value divided by N?
>
FWIW, I think it makes sense to discuss the potential benefits of other
approaches as well.
They may even end up not being as performant as this one, but also some
points to consider here are:
- the
_conn introducing key
directionality.")
Reported-at: https://issues.redhat.com/browse/FDP-616
Signed-off-by: Mike Pattrick
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
lib/conntrack.c | 24 +++-
1 file changed, 15 insertions(+), 9 deletions(-)
diff -
_conn introducing key
directionality.")
Reported-at: https://issues.redhat.com/browse/FDP-616
Signed-off-by: Mike Pattrick
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
lib/conntrack.c | 24 +++-
1 file changed, 15 insertions(+), 9 deletions(-)
diff -
t initialize the ipv6 field.
>
> Reported-at: https://issues.redhat.com/browse/FDP-608
> Signed-off-by: Xavier Simonart
> ---
> v2: updated based on nit from Paolo.
> ---
Thanks Xavier.
Acked-by: Paolo Valerio
___
dev mailing list
d...
Hello Xavier,
just curious, based on your tests, is clang 18.1.1 the only
compiler/version known so far to lead to the problem, right?
Anyways, only a small cosmetic nit below. Other than that:
Acked-by: Paolo Valerio
Xavier Simonart writes:
> In the following case:
> union c
When no parameters other than the datapath are specified a segfault
occurs.
Fix it by checking the argument access is inside the bounds.
Signed-off-by: Paolo Valerio
---
lib/dpctl.c | 27 ---
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/lib/dpctl.c b
Ilya Maximets writes:
> On 3/12/24 11:02, Paolo Valerio wrote:
>> In the flush tuple code path, while populating the conn_key,
>> reverse_icmp_type() gets called for both icmp and icmpv6 cases,
>> while, depending on the proto, its respective helper should be
>>
browse/FDP-447
Signed-off-by: Paolo Valerio
---
v2 (Ilya):
- stripped down backtrace
- aligned ternary
---
lib/conntrack.c | 4 +++-
tests/system-traffic.at | 10 +-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 5786424f6.
e previous assumptions.
Fix it by creating and not advancing the first entry in SYN_SENT to
avoid early eviction.
Suggested-by: Ilya Maximets
Reported-at: https://issues.redhat.com/browse/FDP-486
Signed-off-by: Paolo Valerio
---
v2:
- replaced open-coded bytes with
'ovs-ofctl compose-packet --b
Ilya Maximets writes:
> On 3/13/24 12:08, Paolo Valerio wrote:
>> Recent kernels introduced a mechanism that allows to evict colliding
>> entries in a closing state whereas they were previously considered as
>> parts of a non-recoverable clash.
>> This new behav
e previous assumptions.
Fix it by creating and not advancing the first entry in SYN_SENT to
avoid early eviction.
Suggested-by: Ilya Maximets
Reported-at: https://issues.redhat.com/browse/FDP-486
Signed-off-by: Paolo Valerio
---
tests/system-traffic.at | 21 ++---
1 file changed, 14 insert
() when needed.
Furthermore, self tests have been modified in order to exercise and
check this behavior.
Fixes: 271e48a0e244 ("conntrack: Support conntrack flush by ct 5-tuple")
Reported-at: https://issues.redhat.com/browse/FDP-447
Signed-off-by: Paolo Valerio
---
lib/conntrack.c
tion in the conntrack at any single moment in time, so
> there is seemingly no issue with the NAT, but the behavior
> is unexpected and the test fails.
>
> Disable the test in CI until we figure out how to fix the
> kernel (if it is a kernel bug) or the t
Simon Horman writes:
> On Wed, Feb 07, 2024 at 06:38:08PM +0100, Paolo Valerio wrote:
>> The patch, when 'persistent' flag is specified, makes the IP selection
>> in a range persistent across reboots.
>>
>> Signed-off-by: Paolo Valerio
>
> Hi Paolo,
>
> I
The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.
Signed-off-by: Paolo Valerio
Acked-by: Simon Horman
---
v3:
- rearranged branches in nat_get_unique_tuple() (Simon)
---
NEWS | 3 ++-
lib/conntrack.c | 25
The userspace conntrack only supported hash for port selection.
With the patch, both userspace and kernel datapath support the random
flag.
The default behavior remains the same, that is, if no flags are
specified, hash is selected.
Signed-off-by: Paolo Valerio
Acked-by: Simon Horman
The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.
Signed-off-by: Paolo Valerio
---
NEWS | 3 ++-
lib/conntrack.c | 27 +--
lib/conntrack.h | 1 +
lib/dpif-netdev.c | 2 ++
4 files changed, 26
The userspace conntrack only supported hash for port selection.
With the patch, both userspace and kernel datapath support the random
flag.
The default behavior remains the same, that is, if no flags are
specified, hash is selected.
Signed-off-by: Paolo Valerio
---
Documentation/ref/ovs
Paolo Valerio writes:
> The patch, when 'persistent' flag is specified, makes the IP selection
> in a range persistent across reboots.
>
> Signed-off-by: Paolo Valerio
> ---
> NEWS | 3 ++-
> lib/conntrack.c | 26 ++
> lib/con
The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.
Signed-off-by: Paolo Valerio
---
NEWS | 3 ++-
lib/conntrack.c | 26 ++
lib/conntrack.h | 1 +
lib/dpif-netdev.c | 2 ++
4 files changed, 27
The userspace conntrack only supported hash for port selection.
With the patch, both userspace and kernel datapath support the random
flag.
The default behavior remains the same, that is, if no flags are
specified, hash is selected.
Signed-off-by: Paolo Valerio
---
Documentation/ref/ovs
David Marchand writes:
> Capitalize comments and end them with a . when needed.
>
> Signed-off-by: David Marchand
> ---
> tests/mcast-snooping.at | 16
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
Ac
pping the Report
> -> forwarding report to mcast flagged port
>
> Add relevant cleanup and update unit tests.
>
> Fixes: 4fbbf8624868 ("mcast-snooping: Flush ports mdb when VLAN configuration
> changed.")
> Signed-off-by: David Marchand
> ---
> C
d-off-by: David Marchand
> ---
Thanks David.
The patch lgtm.
Acked-by: Paolo Valerio
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
David Marchand writes:
> On Thu, Nov 9, 2023 at 4:33 PM Paolo Valerio wrote:
>>
>> David Marchand writes:
>>
>> > When multicast snooping is enabled and a reporter is known, it is still
>> > possible to flood associated packets to some other port v
David Marchand writes:
> When multicast snooping is enabled and a reporter is known, it is still
> possible to flood associated packets to some other port via the
> mcast-snooping-flood option.
>
> Test this combination.
>
> Signed-off-by: David Marchand
> ---
> tests/mcast-snooping.at | 88
in
> production use for the past week, being exposed to real world traffic.
> No side effects or incidents to report.
>
> Tested-by: Frode Nordahl
>
Thanks Frode, Aaron and Simon.
On my side, I don't see any issues with the series, both patches look
good to me.
> --
>
node
and at the same type in_port refers to the patch port.
The patch, in the case of zeroed uuid, checks that in_port belongs to
the bridge and returns the related ofproto.
Signed-off-by: Paolo Valerio
---
ofproto/ofproto-dpif-xlate.c | 12 +++-
tests/ofproto-dpif.at| 34
-by: Peng He
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
v3:
- resolved a potentially UB with offsetof() and integer constant
expression (Ilya)
- int to bool assignment (Ilya)
- check the direction early in conntrack_dump_next() to avoid
unneeded operations (Ilya
Ilya Maximets writes:
> On 8/23/23 14:53, Paolo Valerio wrote:
>> From: hepeng
>>
>> The patch avoids the extra allocation for nat_conn.
>> Currently, when doing NAT, the userspace conntrack will use an extra
>> conn for the two directions in a flow. However,
-by: Peng He
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
v2:
- use enum value instead of bool (Aaron).
- s/conn_for_expectation/conn_for_exp/ in process_ftp_ctl_v6()
to avoid long line.
- removed CT_CONN_TYPE_* reference in two comments.
---
lib/conntrack-private.h
://patchwork.ozlabs.org/project/openvswitch/list/?series=351579=*
Signed-off-by: Peng He
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
lib/conntrack-private.h | 19 ++-
lib/conntrack-tp.c |6 +
lib/conntrack.c | 339
c=10.1.1.1,dst=10.1.1.2,sport=0,dport=0),zone=1
Signed-off-by: Paolo Valerio
---
v4
- rebased on top of current master
- test: turned graceful termination into ABORT.
The graceful shutdown sequence could lead to failures because of a
very small default timeout set for SHUTDOWN_SENT state.
The patch introduces a new commands ovs-appctl dpctl/dump-conntrack-exp
that allows to dump the existing expectations for the userspace ct.
Signed-off-by: Paolo Valerio
---
NEWS |2 +
lib/conntrack.c | 66 +
lib
Ilya Maximets writes:
> On 6/16/23 14:56, Aaron Conole wrote:
>> Ilya Maximets writes:
>>
>>> On 6/15/23 19:49, Paolo Valerio wrote:
>>>> Ilya Maximets writes:
>>>>
>>>>> On 6/14/23 21:08, Ilya Maximets wrote:
>>>
Ilya Maximets writes:
> On 6/14/23 21:08, Ilya Maximets wrote:
>> On 6/14/23 20:11, Paolo Valerio wrote:
>>> Ilya Maximets writes:
>>>
>>>> On 6/12/23 16:57, Aaron Conole wrote:
>>>>> Paolo Valerio writes:
>>>>>
>
Ilya Maximets writes:
> On 6/12/23 16:57, Aaron Conole wrote:
>> Paolo Valerio writes:
>>
>>> since a27d70a89 ("conntrack: add generic IP protocol support") all
>>> the unrecognized IP protocols get handled using ct_proto_other ops
>>> and
Brian Haley writes:
> Hi Paolo,
>
> On 4/19/23 2:40 PM, Paolo Valerio wrote:
>> During the creation of a new connection, there's a chance both key and
>> rev_key end up having the same hash. This is more common in the case
>> of all-zero snat with no col
c=10.1.1.1,dst=10.1.1.2,sport=0,dport=0),zone=1
Signed-off-by: Paolo Valerio
---
v3:
- rebased on top of current master
- minor adjustments: commit message, comments
v2:
- ordered includes
- while at it, slightly modified the commit subject (capital letter
and period)
---
lib/c
Ilya Maximets writes:
> On 5/15/23 17:22, Paolo Valerio wrote:
>> If a packet originating from the controller recirculates after going
>> through a patch port, it gets dropped with the following message:
>>
>> ofproto_dpif_upcall(handler8)|INFO|received packet on unas
node
and at the same type in_port refers to the patch port.
The patch, in the case of zeroed uuid, retrieves the xport starting
from the ofproto_uuid stored in the recirc node.
Signed-off-by: Paolo Valerio
---
ofproto/ofproto-dpif-xlate.c | 11 +--
tests/ofproto-dpif.at| 34
node
and at the same type in_port refers to the patch port.
The patch, in the case of zeroed uuid, retrieves the xport starting
from the ofproto_uuid stored in the recirc node.
Signed-off-by: Paolo Valerio
---
ofproto/ofproto-dpif-xlate.c | 11 +--
tests/ofproto-dpif.at| 34
Ilya Maximets writes:
> On 5/4/23 19:21, Paolo Valerio wrote:
>> Ilya Maximets writes:
>>
>>> On 4/19/23 20:40, Paolo Valerio wrote:
>>>> During the creation of a new connection, there's a chance both key and
>>>> rev_key end up having the same h
Ilya Maximets writes:
> On 4/19/23 20:40, Paolo Valerio wrote:
>> During the creation of a new connection, there's a chance both key and
>> rev_key end up having the same hash. This is more common in the case
>> of all-zero snat with no collisions. In that case, once the
>
Aaron Conole writes:
> Paolo Valerio writes:
>
>> Connections that need to be removed, e.g. while forcing a direction,
>> were invalidated forcing them to be expired.
>> This is not actually needed, as it's typically a one-time
>> operation.
>> The patch
("conntrack: Handle SNAT with all-zero IP address.")
Signed-off-by: Paolo Valerio
---
In this thread [0] there are some more details. A similar
approach here could be to avoid to add the nat_conn to the cmap and
letting the sweeper release the memory for nat_conn once the whole
connection
Connections that need to be removed, e.g. while forcing a direction,
were invalidated forcing them to be expired.
This is not actually needed, as it's typically a one-time
operation.
The patch replaces a call to conn_force_expire() with a call to
conn_clean().
Signed-off-by: Paolo Valerio
/pipermail/ovs-discuss/2023-April/052328.html
Paolo Valerio (2):
conntrack: Do not defer connection clean up.
conntrack: Release nat_conn in case both keys have the same hash.
lib/conntrack.c | 31 +++
1 file changed, 15 insertions(+), 16 deletions
oduces new commands allowing to get and set the sweep
interval in ms.
Signed-off-by: Paolo Valerio
---
v3:
- rebased on top of the current master
- renamed commands to dpctl/ct-[sg]et-sweep-interval (Ilya)
- added simple get/set test in ofproto-dpif.at (Ilya)
v2:
- resolved conflict in NEWS
- add
Ilya Maximets writes:
> On 2/27/23 13:30, Paolo Valerio wrote:
>> Since 3d9c1b855a5f ("conntrack: Replace timeout based expiration lists
>> with rculists.") the sweep interval changed as well as the constraints
>> related to the sweeper.
>> Being able to c
Ilya Maximets writes:
> On 2/27/23 12:08, Paolo Valerio wrote:
>> The two tests verify, for both icmp and icmpv6, that the correct port
>> translation happen in the inner packet in the case an error is
>> received in the reply direction.
>>
>> Signed-off-by
The two tests verify, for both icmp and icmpv6, that the correct port
translation happen in the inner packet in the case an error is
received in the reply direction.
Signed-off-by: Paolo Valerio
---
v2:
- added missing OVS_WAIT_UNTIL for tcpdump
- removed nc dependency and replaced with packet
oduces new commands allowing to get and set the sweep
next run in ms.
Signed-off-by: Paolo Valerio
---
v2:
- resolved conflict in NEWS
- added missing comment
- added missing '\' in dpctl.man
---
NEWS|4 +++
lib/conntrack-private.h |1 +
lib/conntrack.c
Sorry for the noise, but this local test got sent unintentionally.
Please, ignore it.
Paolo Valerio writes:
> Signed-off-by: Paolo Valerio
> ---
> src/cli/cli.rs |1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/cli/cli.rs b/src/cli/cli.rs
> index a5
Signed-off-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
src/main.rs |1 +
1 file changed, 1 insertion(+)
diff --git a/src/main.rs b/src/main.rs
index c922fae..c28a07f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,6 +2,7 @@ use anyhow::Result;
use log::error;
use simplelog
Signed-off-by: Paolo Valerio
---
src/cli/cli.rs |1 +
1 file changed, 1 insertion(+)
diff --git a/src/cli/cli.rs b/src/cli/cli.rs
index a5b08e6..f8593e1 100644
--- a/src/cli/cli.rs
+++ b/src/cli/cli.rs
@@ -73,6 +73,7 @@ impl Debug for dyn SubCommand {
///
/// packet-tracer is a tool
oduces new commands allowing to get and set the sweep
next run in ms.
Signed-off-by: Paolo Valerio
---
NEWS|4 +++
lib/conntrack-private.h |1 +
lib/conntrack.c | 18 +-
lib/conntrack.h |2 ++
lib/ct-dpif.c | 14 +
The two tests verify, for both icmp and icmpv6, that the correct port
translation happen in the inner packet in the case an error is
received in the reply direction.
Signed-off-by: Paolo Valerio
---
tests/system-traffic.at | 72 +++
1 file changed
he change looks good to me.
Thanks for fixing this:
Acked-by: Paolo Valerio
> Fixes: 3d9c1b855a5f ("conntrack: Replace timeout based expiration lists with
> rculists.")
> Signed-off-by: Liang Mancang
> ---
> lib/conntrack.c | 4 ++--
> 1 file changed, 2 insert
Liang Mancang writes:
> On Mon, Feb 20, 2023 at 07:38:39PM +0100, Paolo Valerio wrote:
>> Paolo Valerio writes:
>>
>> > Hello Liang,
>> >
>> > Liang Mancang writes:
>> >
>> >> when a exp_list contains more than the clean_end's num
Paolo Valerio writes:
> Hello Liang,
>
> Liang Mancang writes:
>
>> when a exp_list contains more than the clean_end's number of nodes,
>> and these nodes will not expire immediately. Then, every times we
>> call conntrack_clean, it use the same next_swe
Hello Liang,
Liang Mancang writes:
> when a exp_list contains more than the clean_end's number of nodes,
> and these nodes will not expire immediately. Then, every times we
> call conntrack_clean, it use the same next_sweep to get exp_list.
>
Yes, in general, if the previous count exceeds the
Hi Ales,
I just have two small nits, but other than that the patch LGTM.
Acked-by: Paolo Valerio
Ales Musil writes:
> The inner header was not handled properly.
> Simplify the code which allows proper handling
> of the inner headers.
>
> Reported-at: https://bugzilla.red
Ales Musil writes:
> On Sun, Feb 5, 2023 at 7:17 PM Paolo Valerio wrote:
>
> Ales Musil writes:
>
> > The inner header was not handled properly.
> > Simplify the code which allows proper handling
> > of the inner headers.
> >
> >
Ales Musil writes:
> The inner header was not handled properly.
> Simplify the code which allows proper handling
> of the inner headers.
>
> Reported-at: https://bugzilla.redhat.com/2137754
> Signed-off-by: Ales Musil
> ---
> v5: Rebase on top of current master.
> Address comments from
ugzilla.redhat.com/2120546
> Signed-off-by: Ales Musil
> ---
> v5: Add missing usage and man for ovs-ofctl command.
> v4: Allow ovs-ofctl flush/conntrack without any zone/tuple.
> v3: Rebase on top of master.
> v2: Rebase on top of master.
> Use suggestion from Ilya.
>
Ales Musil writes:
> Add extension that allows to flush connections from CT
> by specifying fields that the connections should be
> matched against. This allows to match only some fields
> of the connection e.g. source address for orig direrction.
>
> Reported-at:
p and after a
quick discussion offline things LGTM
Acked-by: Paolo Valerio
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
ugzilla.redhat.com/2120546
> Signed-off-by: Ales Musil
> ---
> v3: Rebase on top of master.
> v2: Rebase on top of master.
> Use suggestion from Ilya.
> ---
Although a second opinion would be nice to have here,
the patch LGTM and the tests succeeded
Ales Musil writes:
> On Thu, Dec 15, 2022 at 4:28 PM Paolo Valerio wrote:
>
> Ales Musil writes:
>
> > Currently, the CT can be flushed by dpctl only be specifying
> > the whole 5-tuple. This is not very convenient when there are
> > only some
tl_params *dpctl_p)
> {
> struct dpif *dpif = NULL;
> -struct ct_dpif_tuple tuple, *ptuple = NULL;
> -struct ds ds = DS_EMPTY_INITIALIZER;
> -uint16_t zone, *pzone = NULL;
> -int error;
> +struct ofputil_ct_match match = {0};
> +uint16_t zone
Hi Ales,
the patch lgtm, and works as expected.
There are some nit/remarks below, but other than that, I'm ok with the
change.
Ales Musil writes:
> Currently, the CT can be flushed by dpctl only be specifying
> the whole 5-tuple. This is not very convenient when there are
> only some fields
Similarly to what happens when CTA_TUPLE_MASTER is present in a ct
netlink dump, add the ability to print out the parent key to the
userspace implementation as well.
Signed-off-by: Paolo Valerio
---
lib/conntrack.c |4
1 file changed, 4 insertions(+)
diff --git a/lib/conntrack.c b/lib
Ales Musil writes:
> On Thu, Oct 27, 2022 at 11:14 AM Ales Musil wrote:
>
> In order to support NAT of inner packet
> for ICMP related traffic refactor the nat
> functions. This fixes the issue that the
> NAT was not performed on inner header in orig
> direction and avoids
Ilya Maximets writes:
> On 10/21/22 15:22, Paolo Valerio wrote:
>> If OVS_CT_ATTR_TIMEOUT is included, the resulting output is
>> the following:
>>
>> actions:ct(commit,timeout=1nat(src=10.1.1.240))
>>
>> Fix it by trivially adding a trailing ',' to timeo
If OVS_CT_ATTR_TIMEOUT is included, the resulting output is
the following:
actions:ct(commit,timeout=1nat(src=10.1.1.240))
Fix it by trivially adding a trailing ',' to timeout as well.
Signed-off-by: Paolo Valerio
---
v2: added test case in odp.at
---
lib/odp-util.c |2 +-
tests/odp.at
If OVS_CT_ATTR_TIMEOUT is included, the resulting output is
the following:
actions:ct(commit,timeout=1nat(src=10.1.1.240))
Fix it by trivially adding a trailing ',' to timeout as well.
Signed-off-by: Paolo Valerio
---
lib/odp-util.c |2 +-
1 file changed, 1 insertion(+), 1 deletion
Hello Ales,
overall the approach is ok, the only concern is that, unless I'm missing
something, in case of many connections, the exact match deletion could
potentially take a while, whereas in the previous case the cost
was basically a lookup (constant time) and of course the remaining
deletion
rotoinfo=(state_orig=SYN_SENT,state_reply=SYN_SENT,wscale_orig=7,
wscale_reply=0,flags_orig=WINDOW_SCALE|SACK_PERM,flags_reply=0)
Signed-off-by: Paolo Valerio
---
v2:
- updated commit message (was "ct-dpif: Do not show flag key if empty.")
- instead of hiding the key, ct_dp
Hello Han,
"Han Ding" writes:
> Commit ba07cf222a add the feature "Handle gratuitous ARP requests and
> replies in tnl_arp_snoop()". But commit 83c2757bd1 just allow the ARP whitch
> the destination address of the ARP is matched against the known xbridge
> addresses.
> So the modification of
Ilya Maximets writes:
> On 8/4/22 18:07, Paolo Valerio wrote:
>> This patch avoids to show flags_orig/flags_reply key if they have no value.
>> E.g., the following:
>>
>> NEW tcp,orig=([...]),reply=([...]),id=1800618864,
>> status=CONFIRMED|SRC_NAT_DONE|DST_N
Ilya Maximets writes:
> On 8/5/22 23:49, Paolo Valerio wrote:
>> Ilya Maximets writes:
>>
>>> On 8/5/22 17:08, Paolo Valerio wrote:
>>>> The following test sequence:
>>>>
>>>> conntrack - IPv4 fragmentation incomplete reassembl
Ilya Maximets writes:
> On 8/5/22 17:08, Paolo Valerio wrote:
>> The following test sequence:
>>
>> conntrack - IPv4 fragmentation incomplete reassembled packet
>> conntrack - IPv4 fragmentation with fragments specified
>>
>> leads to a systematic f
IPv4
fragmentation incomplete reassembled packet", once the checks are
done.
IPv6 tests are not affected as the defrag kernel code path pretends to
add the duplicate fragment to the queue returning -EINPROGRESS, when a
duplicate is detected.
Signed-off-by: Paolo Valerio
---
tests/system-traffic
to parse with the message
above.
Fix it by turning the relevant attributes to optional.
Signed-off-by: Paolo Valerio
---
- [1] is the related piece of code that skips flags and wscale for the
destroy evts.
[1]
https://github.com/torvalds/linux/blob/master/net/netfilter
-off-by: Paolo Valerio
---
lib/ct-dpif.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index cfc2315e3..f1a375523 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -512,10 +512,16 @@ ct_dpif_format_protoinfo_tcp_verbose(struct ds
it: I guess "[1]" could be removed from the
description. "The cited commit" seems enough.
In any case,
Acked-by: Paolo Valerio
> Fixes: a867c010ee91 ("conntrack: Fix conntrack new state")
> Signed-off-by: Eli Britstein
> ---
> lib/conntrack-other.c | 7 ++
From: Ilya Maximets
This could save some costly key comparison miss, especially in the
case there are many expired connections waiting for the sweeper to
evict them.
Signed-off-by: Ilya Maximets
Signed-off-by: Paolo Valerio
---
lib/conntrack.c |7 +--
1 file changed, 5 insertions
are consistent and reads are not undefined
behaviour. Reading an atomic is however less costly than taking and
releasing a lock.
Signed-off-by: Gaetan Rivet
Signed-off-by: Paolo Valerio
---
v6:
- A couple of hunks slipped away from the stg refresh before sending
v5.
---
lib/conntrack-private.h
by the pushback performed at every packet
update, also solving the issue related to zones and timeout policies.
Signed-off-by: Gaetan Rivet
Co-authored-by: Paolo Valerio
Signed-off-by: Paolo Valerio
---
v7:
- renamed EXP_LISTS -> N_EXP_LISTS; ct_next_list -> next_list (turned
to non
in
the connection insertion path.
Signed-off-by: Gaetan Rivet
Reviewed-by: Eli Britstein
Acked-by: William Tu
Signed-off-by: Paolo Valerio
---
lib/conntrack-private.h |2 +-
lib/conntrack-tp.c | 54 ++-
lib/conntrack.c |9
'ct_lock', thus reducing contention.
Signed-off-by: Gaetan Rivet
Reviewed-by: Eli Britstein
Signed-off-by: Paolo Valerio
---
lib/conntrack-private.h |2 +
lib/conntrack.c | 70 ---
lib/conntrack.h |2 +
lib/dpif-netdev.c
This series aims to address the issues present in the previous versions.
The end result is a different approach, using different data structure,
but it solves the multiple issues observed in v4 and the problems that
affected the baseline.
The tests (similar to the ones previously performed by
Paolo Valerio writes:
> From: Gaetan Rivet
>
> This patch aims to replace the expiration lists as, due to the way
> they are used, besides being a source of contention, they have a known
> issue when used with non-default policies for different zones that
> could lead to
Aaron Conole writes:
> Paolo Valerio writes:
>
>> Paolo Valerio writes:
>>
>>> Ilya Maximets writes:
>>>
>>>> On 6/20/22 23:57, Paolo Valerio wrote:
>>>>> Ilya Maximets writes:
>>>>>
>>>>>>
wenxu writes:
> At 2022-07-04 16:43:20, "Paolo Valerio" wrote:
>>Hello wenxu,
>>
>>thanks for having a look at it.
>>
>>wenxu writes:
>>
>>> Hi Paolo,
>>>
>>> There are two small question.
>>>
1 - 100 of 338 matches
Mail list logo
