On 30 July 2015 at 11:40, Thomas Graf <tg...@suug.ch> wrote:
> On 07/30/15 at 11:12am, Joe Stringer wrote:
>> Signed-off-by: Joe Stringer <joestrin...@nicira.com>
>
> Can you write a few lines on why this is needed? I have flows which
> use the mark to communicate with netfilter through internal ports.
The problem I was seeing is when packets come from a different
namespace on the localhost, they still have conntrack data associated.
This doesn't make sense, so the intention is to perform nf_reset().
However, it seems like we should actually be doing a bit more - at
least the skb_dst_drop() and perhaps some of the other stuff in
skb_scrub_packet().
Do you want to retain the mark when transitioning between namespaces?
Perhaps something like the below incremental would be sufficient:
diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
index 8a63df6..82844e6 100644
--- a/net/openvswitch/vport.c
+++ b/net/openvswitch/vport.c
@@ -475,7 +475,9 @@ void ovs_vport_receive(struct vport *vport, struct
sk_buff *skb,
struct sw_flow_key key;
int error;
- if (!skb->sk || (sock_net(skb->sk) != read_pnet(&vport->dp->net)))
+ if (!skb->sk)
+ skb_scrub_packet(skb, false);
+ else if (sock_net(skb->sk) != read_pnet(&vport->dp->net))
skb_scrub_packet(skb, true);
stats = this_cpu_ptr(vport->percpu_stats);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
