Re: [PATCH 2/2] act_ct: support asymmetric conntrack

From: David Miller
Date: Wed Dec 04 2019 - 19:33:51 EST


From: Aaron Conole <aconole@xxxxxxxxxx>
Date: Tue, 3 Dec 2019 16:34:14 -0500

> The act_ct TC module shares a common conntrack and NAT infrastructure
> exposed via netfilter. It's possible that a packet needs both SNAT and
> DNAT manipulation, due to e.g. tuple collision. Netfilter can support
> this because it runs through the NAT table twice - once on ingress and
> again after egress. The act_ct action doesn't have such capability.
>
> Like netfilter hook infrastructure, we should run through NAT twice to
> keep the symmetry.
>
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
>
> Signed-off-by: Aaron Conole <aconole@xxxxxxxxxx>
> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
> ---
> NOTE: this is a repost to see if the email client issues go away.

Applied and queued up for -stable.

Next time, please:

1) Provide an introductory posting ala "[PATCH net 0/N] ..." describing
what the patch series does on a high level, how it is doing it, and
why it is doing it that way.

This allows people to understand what they are about to read, and it
gives me a single mail to respon to when I apply your entire series.

2) Always clearly indicate the target GIT tree in your Subject line,
in these cases it should have been "[PATCH net N/M]"

Thank you.