On Thu, 9 Dec 2021, Jakub Kicinski wrote:
> On Wed, 8 Dec 2021 19:02:37 +0200 Paul Blakey wrote:
> > Currently, when a packet is marked as invalid conntrack_in in act_ct,
> > post_ct will be set, and connection info (nf_conn) will be removed
> > from the skb. Later openvswitch and flower
On Wed, 8 Dec 2021 19:02:37 +0200 Paul Blakey wrote:
> Currently, when a packet is marked as invalid conntrack_in in act_ct,
> post_ct will be set, and connection info (nf_conn) will be removed
> from the skb. Later openvswitch and flower matching will parse this
> as ct_state=+trk+inv. But
Hi,
Currently, when a packet is marked as invalid conntrack_in in act_ct,
post_ct will be set, and connection info (nf_conn) will be removed
from the skb. Later openvswitch and flower matching will parse this
as ct_state=+trk+inv. But because the connection info is missing,
there is also no zone
