Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-07 Thread Jarno Rajahalme
> On Feb 6, 2017, at 9:07 AM, Pravin Shelar wrote: > > On Thu, Feb 2, 2017 at 5:10 PM, Jarno Rajahalme wrote: >> When looking for an existing conntrack entry, the packet 5-tuple >> must be inverted if NAT has already been applied, as the current >> packet

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-07 Thread Jarno Rajahalme
> On Feb 7, 2017, at 9:14 AM, Pravin Shelar wrote: > > On Mon, Feb 6, 2017 at 9:15 AM, David Miller wrote: >> From: Pravin Shelar >> Date: Mon, 6 Feb 2017 09:06:29 -0800 >> >>> On Sun, Feb 5, 2017 at 2:28 PM, David Miller

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-07 Thread Pravin Shelar
On Mon, Feb 6, 2017 at 9:15 AM, David Miller wrote: > From: Pravin Shelar > Date: Mon, 6 Feb 2017 09:06:29 -0800 > >> On Sun, Feb 5, 2017 at 2:28 PM, David Miller wrote: >>> From: Jarno Rajahalme >>> Date: Thu, 2 Feb

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-06 Thread Joe Stringer
On 5 February 2017 at 14:28, David Miller wrote: > From: Jarno Rajahalme > Date: Thu, 2 Feb 2017 17:10:00 -0800 > >> This does not match either of the conntrack tuples above. Normally >> this does not matter, as the conntrack lookup was already done using >>

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-06 Thread David Miller
From: Pravin Shelar Date: Mon, 6 Feb 2017 09:06:29 -0800 > On Sun, Feb 5, 2017 at 2:28 PM, David Miller wrote: >> From: Jarno Rajahalme >> Date: Thu, 2 Feb 2017 17:10:00 -0800 >> >>> This does not match either of the conntrack tuples above.

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-06 Thread Pravin Shelar
On Thu, Feb 2, 2017 at 5:10 PM, Jarno Rajahalme wrote: > When looking for an existing conntrack entry, the packet 5-tuple > must be inverted if NAT has already been applied, as the current > packet headers do not match any conntrack tuple. For > example, if a packet from private

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-06 Thread Pravin Shelar
On Sun, Feb 5, 2017 at 2:28 PM, David Miller wrote: > From: Jarno Rajahalme > Date: Thu, 2 Feb 2017 17:10:00 -0800 > >> This does not match either of the conntrack tuples above. Normally >> this does not matter, as the conntrack lookup was already done using

Re: [PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-05 Thread David Miller
From: Jarno Rajahalme Date: Thu, 2 Feb 2017 17:10:00 -0800 > This does not match either of the conntrack tuples above. Normally > this does not matter, as the conntrack lookup was already done using > the tuple (B,A), but if the current packet does not match any flow in > the

[PATCH net-next 1/7] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted.

2017-02-02 Thread Jarno Rajahalme
When looking for an existing conntrack entry, the packet 5-tuple must be inverted if NAT has already been applied, as the current packet headers do not match any conntrack tuple. For example, if a packet from private address X to a public address B is source-NATted to A, the conntrack entry will