diff mbox series

[ovs-dev,PATCHv4,1/2] conntrack: Fix icmp conntrack state.

Message ID 1588002150-9823-1-git-send-email-u9012063@gmail.com
State Accepted
Commit d93c3111ccbf738c4b463d5c0892e981851d55ad
Headers show
Series [ovs-dev,PATCHv4,1/2] conntrack: Fix icmp conntrack state. | expand

Commit Message

William Tu April 27, 2020, 3:42 p.m. UTC 
ICMP conntrack state should be ICMPS_REPLY after seeing both
side of ICMP traffic.

Signed-off-by: William Tu <u9012063@gmail.com>
---
 lib/conntrack-icmp.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Yi-Hung Wei April 28, 2020, 6:07 p.m. UTC | #1 
On Mon, Apr 27, 2020 at 8:42 AM William Tu <u9012063@gmail.com> wrote:
>
> ICMP conntrack state should be ICMPS_REPLY after seeing both
> side of ICMP traffic.
>
> Signed-off-by: William Tu <u9012063@gmail.com>
> ---
>  lib/conntrack-icmp.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/lib/conntrack-icmp.c b/lib/conntrack-icmp.c
> index 63246f0124d0..6cbf9656dd93 100644
> --- a/lib/conntrack-icmp.c
> +++ b/lib/conntrack-icmp.c
> @@ -50,9 +50,12 @@ icmp_conn_update(struct conntrack *ct, struct conn *conn_,
>                   struct dp_packet *pkt OVS_UNUSED, bool reply, long long now)
>  {
>      struct conn_icmp *conn = conn_icmp_cast(conn_);
> -    conn->state = reply ? ICMPS_REPLY : ICMPS_FIRST;
> -    conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
>
> +    if (reply && conn->state == ICMPS_FIRST) {
> +       conn->state = ICMPS_REPLY;
> +    }
> +
> +    conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
>      return CT_UPDATE_VALID;
>  }
>
> --

Thanks for the patch.  Looks good to me.

Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
diff mbox series

Patch

diff --git a/lib/conntrack-icmp.c b/lib/conntrack-icmp.c
index 63246f0124d0..6cbf9656dd93 100644
--- a/lib/conntrack-icmp.c
+++ b/lib/conntrack-icmp.c
@@ -50,9 +50,12 @@  icmp_conn_update(struct conntrack *ct, struct conn *conn_,
                  struct dp_packet *pkt OVS_UNUSED, bool reply, long long now)
 {
     struct conn_icmp *conn = conn_icmp_cast(conn_);
-    conn->state = reply ? ICMPS_REPLY : ICMPS_FIRST;
-    conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
 
+    if (reply && conn->state == ICMPS_FIRST) {
+       conn->state = ICMPS_REPLY;
+    }
+
+    conn_update_expiration(ct, &conn->up, icmp_timeouts[conn->state], now);
     return CT_UPDATE_VALID;
 }