From patchwork Fri Jun 14 20:44:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Rose X-Patchwork-Id: 1116272 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="VEu2xMdo"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45QXfL1t0hz9sNT for ; Sat, 15 Jun 2019 06:44:41 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 8CBE21032; Fri, 14 Jun 2019 20:44:38 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B50BF1026 for ; Fri, 14 Jun 2019 20:44:36 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6A4E8E5 for ; Fri, 14 Jun 2019 20:44:36 +0000 (UTC) Received: by mail-pl1-f195.google.com with SMTP id b7so1457018pls.6 for ; Fri, 14 Jun 2019 13:44:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Owvx9Is+QBxhB3vpWfjeJfzy7fhqi6U6zSDt5bOWZCE=; b=VEu2xMdockk2ZkNAGY6uYuCn1cQuFQaLOJticMkmm3ZtVTVTsDqIxvrX+hQKSQEpB2 cRjz/YbrUrphN7GzmLt8KILfjLOfkD3TMxlKM9MN/u1zecNihKtTRqu4aAG1SMCYe+RE c9ZO2vKJ472GGtFtsb5OLBm3fPXLNufTsqcvoO74wFGuCaklqlUrIMVrj041WtIn6hwU lT35viSTbBRuqbarj405Bk6MUxPchr5IQgb54re2pvpPkd9575FBPwiXLqqptuLw08fV N2pnvIXF5nxOGLkh4rR7TaOTI+BTN6Y3IR3tHqNx3J7x00heobg917TvSWITWRM81EBv Vi5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Owvx9Is+QBxhB3vpWfjeJfzy7fhqi6U6zSDt5bOWZCE=; b=fG4uCdgyJgZL2wiHscsDA72LeQRhKHcGHPEWnmzaQg8c+bfq+LRXqxgBkk0Ld0XRYJ 26GqBJy8djKeMnfdFoe4ypyqcuGutAoc4X1m1f1B4+qFouxXfwbc5k1Gh6tJXysVQkKY gdOAoXQChm3nChIcoW5dy9zzAngOoD/39t/FcHKXYTFIQr7bHQIULI2T4CTX3uArHP++ Cxalst/+QbkpN6B7GTHBX5g86o17IHoPwmrrY05Sr3XJbe6VZXekMgLv7krxB1nIuCTZ jZDdkw32diz8dsLkGxKF0SdMR/EOrWnZaEOGdI1nAv9+Znu7uGbl3yimQmgbmZ5lwDGX 2Tog== X-Gm-Message-State: APjAAAVTciYTKyQ0kAKzJbcvufEaivTjhMGKDGYfdJ8tLitG6BW7KRcu ZZ5szc8DgvgdsT+c2yPHMYyUMRxh X-Google-Smtp-Source: APXvYqw5f3yAN7vpujmOY9rlLzayai/kgW1z3VEFB3Xd89IL9aC1AJ8oXOeeQ2Kr4IGfeGpw8gDYPw== X-Received: by 2002:a17:902:2aab:: with SMTP id j40mr53702377plb.76.1560545075672; Fri, 14 Jun 2019 13:44:35 -0700 (PDT) Received: from gizo.domain (97-115-113-19.ptld.qwest.net. [97.115.113.19]) by smtp.gmail.com with ESMTPSA id w66sm3949605pfb.47.2019.06.14.13.44.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Jun 2019 13:44:34 -0700 (PDT) From: Greg Rose To: dev@openvswitch.org Date: Fri, 14 Jun 2019 13:44:26 -0700 Message-Id: <1560545066-15722-1-git-send-email-gvrose8192@gmail.com> X-Mailer: git-send-email 1.8.3.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH] Documentation: Clarify connection tracking tutorial X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org The current documentation states that "all packets entering OVS for the first time are "untracked"". However there is a minor exception to this in the case where a packet (re)enters the same datapath and the namespace has not changed. In that case there is no need to scrub the packet and in this case the connection may already be in the "tracked" state. Reported-by: Quan Tian Signed-off-by: Greg Rose Reviewed-by: Yifeng Sun --- Documentation/tutorials/ovs-conntrack.rst | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Documentation/tutorials/ovs-conntrack.rst b/Documentation/tutorials/ovs-conntrack.rst index 27d6e04..5daffb6 100644 --- a/Documentation/tutorials/ovs-conntrack.rst +++ b/Documentation/tutorials/ovs-conntrack.rst @@ -308,8 +308,14 @@ Let's add that flow:: A TCP syn packet sent from "left" namespace will match flow #1 because the packet is coming to OVS from veth_l0 port and it is not being -tracked. (as the packet just entered OVS. All packets entering OVS for the -first time are "untracked") +tracked. This is because the packet just entered OVS. All packets entering +OVS for the first time are "untracked" with a minor exception being +when a packet (re)enters the same datapath that it already belongs to +there is no need to discard the namespace and other information. In this +case the connection will remain in the tracked state. If the namespace +has changed then it is discarded and a new connection tracker is +created since connection tracking information is logically separate +for different namespaces. The flow will send the packet to the connection tracker due to the action "ct". Also "table=0" in the "ct" action forks the pipeline processing in two. The original instance of packet will continue processing the current action list