Hey Ilya, Aaron, Thanks for this, I have added those extra checks to the CI script so hopefully that will stop patches being tested unecessarily. I will keep an eye on the situation anyway.
Thanks, Michael. > -----Original Message----- > From: Aaron Conole <acon...@redhat.com> > Sent: Monday 29 August 2022 19:36 > To: Ilya Maximets <i.maxim...@ovn.org> > Cc: Phelan, Michael <michael.phe...@intel.com>; ovs-dev <ovs- > d...@openvswitch.org> > Subject: Re: [ovs-dev] [PATCH nf] netfilter: remove nf_conntrack_helper > sysctl toggle > > Ilya Maximets <i.maxim...@ovn.org> writes: > > > On 8/26/22 09:06, Pablo Neira Ayuso wrote: > >> __nf_ct_try_assign_helper() remains in place but it now requires a > >> template to configure the helper. > >> > >> A toggle to disable automatic helper assignment was added by: > >> > >> a9006892643a ("netfilter: nf_ct_helper: allow to disable automatic > >> helper assignment") > >> > >> in 2012 to address the issues described in "Secure use of iptables > >> and connection tracking helpers". Automatic conntrack helper > >> assignment was disabled by: > >> > >> 3bb398d925ec ("netfilter: nf_ct_helper: disable automatic helper > >> assignment") > >> > >> back in 2016. > >> > >> This patch removes the sysctl toggle, users now have to rely on > >> explicit conntrack helper configuration via ruleset. > >> > >> Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org> > >> --- > >> include/net/netfilter/nf_conntrack.h | 2 - > >> include/net/netns/conntrack.h | 1 - > >> net/netfilter/nf_conntrack_core.c | 5 -- > >> net/netfilter/nf_conntrack_helper.c | 80 ++++--------------------- > >> net/netfilter/nf_conntrack_netlink.c | 5 -- > >> net/netfilter/nf_conntrack_standalone.c | 10 ---- > >> net/netfilter/nft_ct.c | 3 - > >> 7 files changed, 10 insertions(+), 96 deletions(-) > > > > Hey, Michael. > > > > This one ('nf') should be another filter to add for CI runs. > > Sometimes ovs-dev gets CC-ed on netfilter patches, which are related. > > > > Aaron, maybe you have a complete list of filters that ovsrobot is using? > > Or is it checks in some other way? > > The robot also looks at the patch that comes in for the following file > list: > > net/* > include/net/* > include/uapi/* > > Those files indicate that the patch is intended to land on a linux tree. > > Maybe that will help to suppress false-positives > > > Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev