On 10 May 2016 at 16:55, Jarno Rajahalme <ja...@ovn.org> wrote: > This would result in inconsistent helper assignment if a first CT action > assigns a helper and a further CT action tries to assign a different helper; > Typically the second helper assignment would be ignored, but if the > unconfirmed conntrack entry is lost due to an upcall the second helper > assignment would be successful. This is best resolved by allowing helper > assignment by a committing CT action only by testing the 'info->commit' flag > in addition to the conditions you have there already. It may also be helpful > to fail helper assignment without the commit flag in parse_ct().
Strictly speaking I think that skb_nfct_cached() handles at least some of those cases but I agree it should be more explicit here. I'll send a v2. We can follow up separately on net-next to improve the parsing/make that more user-friendly.
