From patchwork Wed Jun 19 21:56:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Rose X-Patchwork-Id: 1119033 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NkiLEces"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45Tf1Y3dzRz9s7h for ; Thu, 20 Jun 2019 07:57:03 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 80FA3D1A; Wed, 19 Jun 2019 21:57:00 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6B948C97 for ; Wed, 19 Jun 2019 21:56:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0E812E6 for ; Wed, 19 Jun 2019 21:56:58 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id x15so399434pfq.0 for ; Wed, 19 Jun 2019 14:56:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=R3XMIt0Ew9ZJzcXbf1a03VOOKWgyTtgLreLlQjWRtOE=; b=NkiLEcesAJ/YmOtDPtDf2Y+utykadnyC3E9ldrTdAuZnBzeaShZgAxh+ugnqJJLgYi Bx/5KvjtfiKukNcmCSJ3FW9atJwmFDltEqZzXr9+D9D9V2YlR63g3KnvhTR667mJoQV0 0WqQoZ/x8Z4VdwJK6jKq1AKI7BSvz7ul7112VDonnBTboIZVpRGZOHwlmi7MSmiFoFLf dA7tt/2lfmQhIKyAyeOiHbQKPdvL8mPUS0Qz/bP5ymbd4sc0n+Tp7pI5kWo9S/V39ZMs H+bAGI0F9naYOCLQPHtt/wduhAl5Nl7vlWf0yuC0pl59u/NbzdYs8GIwND8FlFGCXtRo hv5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=R3XMIt0Ew9ZJzcXbf1a03VOOKWgyTtgLreLlQjWRtOE=; b=M76RfpOUEHRUOFkX0np/ZMpTXDz+Fjq9rpXgKIqb5vnHzhHw89AMRIP0gdm6hdrgle 1Iwz8tgYwHgx22yspfCetOZNUTALPchWp2xEetpt6xCoA4SGcGlAQNjtcELw/Ml9QD9x 72XutBa6dLJR336TXLYJSx31gUkkC5qoctlLHFYJnyoYoygnmk6nEjmre29V50FScjvN iWGNte0rTpHfhEqguCiH7NcRPf0mLqHWMlD5eCI/TtjV19t8J6c6FVxlYoP/O0Z+kXzQ sQZPIMLlCUfqUwNtdIOzphgpn4UaBVFfibF+XiDtubDbkDkdmMaQ7imhyc8X49SkVM3h YaYw== X-Gm-Message-State: APjAAAVvci6pZskr4rFLIbxv5OkmJF6l0Q2au6gcdYXWkBmsDdH/Uzcw wB5jvH891JrBq/WIwwJRmEPMCIS9 X-Google-Smtp-Source: APXvYqzKltGYnILYvzADE0aH4vM2galX/HguYCOgX0hs7L56hWmyAiDJaFSoSa4Xhqhz8WVBPRMUBA== X-Received: by 2002:a17:90a:2224:: with SMTP id c33mr13461868pje.22.1560981418081; Wed, 19 Jun 2019 14:56:58 -0700 (PDT) Received: from gizo.domain (97-115-113-19.ptld.qwest.net. [97.115.113.19]) by smtp.gmail.com with ESMTPSA id b37sm5436343pjc.15.2019.06.19.14.56.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jun 2019 14:56:57 -0700 (PDT) From: Greg Rose To: dev@openvswitch.org Date: Wed, 19 Jun 2019 14:56:54 -0700 Message-Id: <1560981414-6952-1-git-send-email-gvrose8192@gmail.com> X-Mailer: git-send-email 1.8.3.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH V2] Documentation: Clarify connection tracking tutorial X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org The current documentation states that "all packets entering OVS for the first time are "untracked"". However there is a minor exception to this in the case where a packet (re)enters the same datapath and the namespace has not changed. In that case there is no need to scrub the packet and in this case the connection may already be in the "tracked" state. Reported-by: Quan Tian Signed-off-by: Greg Rose --- Documentation/tutorials/ovs-conntrack.rst | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Documentation/tutorials/ovs-conntrack.rst b/Documentation/tutorials/ovs-conntrack.rst index 27d6e04..2d94054 100644 --- a/Documentation/tutorials/ovs-conntrack.rst +++ b/Documentation/tutorials/ovs-conntrack.rst @@ -308,8 +308,16 @@ Let's add that flow:: A TCP syn packet sent from "left" namespace will match flow #1 because the packet is coming to OVS from veth_l0 port and it is not being -tracked. (as the packet just entered OVS. All packets entering OVS for the -first time are "untracked") +tracked. This is because the packet just entered OVS. When a packet +enters a namespace for the first time, a new connection tracker context +is entered, hence, the packet will be initially "untracked" in that +namespace. +When a packet (re)enters the same datapath that it already belongs to +there is no need to discard the namespace and other information +associated with the conntrack flow. In this case the packet will +remain in the tracked state. If the namespace has changed then it is +discarded and a new connection tracker is created since connection +tracking information is logically separate for different namespaces. The flow will send the packet to the connection tracker due to the action "ct". Also "table=0" in the "ct" action forks the pipeline processing in two. The original instance of packet will continue processing the current action list