From: Thomas Graf <tgraf@suug.ch>
To: Joe Stringer <joestringer@nicira.com>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
Pravin Shelar <pshelar@nicira.com>
Subject: Re: [PATCHv2 net 2/3] openvswitch: Treat IP_CT_RELATED as new
Date: Mon, 19 Oct 2015 11:03:32 +0200 [thread overview]
Message-ID: <20151019090332.GA7104@pox.localdomain> (raw)
In-Reply-To: <CANr6G5xmO6D0Yu0VXeaJLbO1aK2tQ5_vHUNRkawK1zNFMJz=aw@mail.gmail.com>
On 10/19/15 at 12:07am, Joe Stringer wrote:
> > I'm probably missing something obvious. Why is the reply direction
> > not considered NEW? Wouldn't this consider an ICMPv6 as related+new
> > depending on simply the direction?
>
> My thoughts were along the lines "If something is a reply, that
> implies that state is held, and therefore it cannot be NEW (where NEW
> means no state is available)". However, if you consider that the
> 'related' connection is an independent connection with its own state,
> but the 'reply' bit refers to the original connection, my original
> premise breaks. Furthermore, looking at how it's used in netfilter
> core and the ICMP proto handler, it looks like both of these cases
> should be considered NEW. I can respin.
>
> Do you have a specific case in mind here? It would be useful for
> extending the OVS testsuite.
It's tricky. A typical use case would be an active FTP connection
where the data connection is established in the reply direction
and marked related if I'm not mistaken.
OTOH, an ICMP sent in response should not be considered NEW. It
really depends on our definition of NEW towards the user.
next prev parent reply other threads:[~2015-10-19 9:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-16 18:08 [PATCHv2 net] openvswitch: Scrub skb between namespaces Joe Stringer
2015-10-16 18:08 ` [PATCHv2 net 1/3] openvswitch: Reject ct_state masks for unknown bits Joe Stringer
2015-10-17 7:46 ` Thomas Graf
2015-10-16 18:08 ` [PATCHv2 net 2/3] openvswitch: Treat IP_CT_RELATED as new Joe Stringer
2015-10-17 7:52 ` Thomas Graf
2015-10-19 7:07 ` Joe Stringer
2015-10-19 9:03 ` Thomas Graf [this message]
2015-10-19 23:13 ` Joe Stringer
2015-10-20 0:25 ` Thomas Graf
2015-10-16 18:08 ` [PATCHv2 net 3/3] openvswitch: Serialize nested ct actions if provided Joe Stringer
2015-10-16 19:03 ` Pravin Shelar
2015-10-17 7:54 ` Thomas Graf
2015-10-16 18:47 ` [PATCHv2 net] openvswitch: Scrub skb between namespaces Pravin Shelar
2015-10-17 7:55 ` Thomas Graf
2015-10-19 5:25 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151019090332.GA7104@pox.localdomain \
--to=tgraf@suug.ch \
--cc=joestringer@nicira.com \
--cc=netdev@vger.kernel.org \
--cc=pshelar@nicira.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).