git.proxmox.com Git - mirror

author	aaron conole <aconole@redhat.com>
	Mon, 12 Oct 2020 20:25:05 +0000 (13:25 -0700)
committer	Ilya Maximets <i.maximets@ovn.org>
	Sat, 17 Oct 2020 15:32:06 +0000 (17:32 +0200)
commit	6a101a6c8372570a30e0f8edb558c8a69cc80e7d
tree	c27d09d8bedbb5319edc63c9d3a04bc8cd433d2c	tree
parent	096043f436f831581aa8264cafbac3d7fc899d96	commit \| diff

datapath: support asymmetric conntrack

Upstream commit:
    commit 5d50aa83e2c8e91ced2cca77c198b468ca9210f4
    author: aaron conole <aconole@redhat.com>
    date:   tue dec 3 16:34:13 2019 -0500

    openvswitch: support asymmetric conntrack

    the openvswitch module shares a common conntrack and nat infrastructure
    exposed via netfilter.  it's possible that a packet needs both snat and
    dnat manipulation, due to e.g. tuple collision.  netfilter can support
    this because it runs through the nat table twice - once on ingress and
    again after egress.  the openvswitch module doesn't have such capability.

    like netfilter hook infrastructure, we should run through nat twice to
    keep the symmetry.

    fixes: 05752523e565 ("openvswitch: interface with nat.")
    signed-off-by: aaron conole <aconole@redhat.com>
    signed-off-by: david s. miller <davem@davemloft.net>

Fixes: c5f6c06b58d6 ("datapath: Interface with NAT.")
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>