On Wed, Sep 7, 2016 at 5:18 PM, Joe Stringer <j...@ovn.org> wrote: > On 1 September 2016 at 18:08, Jesse Gross <je...@kernel.org> wrote: >> On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer <j...@ovn.org> wrote: >>> The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in() >>> call, which does deeper (eg l4proto) validation. It was previously >>> thought that using the NF_INET_ROUTING hook for this function on older >>> kernels would trigger kernel panics due to a dependency on the >>> unpopulated skb->dev, however during recent testing on a variety of >>> platforms (Centos7.[12], Ubuntu 1[46].04, Fedora23) using the latest >>> distribution kernels and the OVS kernel module testsuite, no such kernel >>> panics were observed. Therefore it appears to be safe to bring this in >>> line with upstream without any other workarounds. >>> >>> Reported-by: Jesse Gross <je...@kernel.org> >>> Signed-off-by: Joe Stringer <j...@ovn.org> >> >> If you are confident that it doesn't cause problems on older kernels, >> the change looks obviously correct to me relative to upstream. > > Unfortunately I don't have concrete details of the original issue, so I > can't say this with strong confidence. > > I don't think it was ever a problem upstream, (ie 4.3+), so we /could/ > keep it as NF_INET_FORWARD on kernels older than that..
I think if you've tested it on the major distribution kernels then it's unlikely we'll see problems in practice. It's probably not worth retaining the old symbol based on an issue that we don't even know the details of, so I would just go ahead with this patch. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
