On Tue, Oct 04, 2022 at 09:19:56PM -0400, Xin Long wrote:
[...]
> @@ -1119,6 +1135,22 @@ static int tcf_ct_act(struct sk_buff *skb, const
> struct tc_action *a,
> if (err != NF_ACCEPT)
> goto drop;
>
> + if (commit && p->helper && !nfct_help(ct)) {
> + err = __nf_ct_try_assign_helper(ct, p->tmpl, GFP_ATOMIC);
> + if (err)
> + goto drop;
> + add_helper = true;
> + if (p->ct_action & TCA_CT_ACT_NAT && !nfct_seqadj(ct)) {
> + if (!nfct_seqadj_ext_add(ct))
You can only add ct extensions if ct is !nf_ct_is_confirmed(ct)), is
this guaranteed in this codepath?
> + return -EINVAL;
> + }
> + }
> +
> + if (nf_ct_is_confirmed(ct) ? ((!cached && !skip_add) || add_helper) :
> commit) {
> + if (nf_ct_helper(skb, family) != NF_ACCEPT)
> + goto drop;
> + }
> +
> if (commit) {
> tcf_ct_act_set_mark(ct, p->mark, p->mark_mask);
> tcf_ct_act_set_labels(ct, p->labels, p->labels_mask);
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
