Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states

From: Brad Cowie
Date: Thu Jan 04 2024 - 00:06:01 EST

Next message: Zack Rusin: "[PATCH v2] input/vmmouse: Fix device name copies"
Previous message: Hillf Danton: "Re: [syzbot] [net?] [nfc?] INFO: task hung in nfc_targets_found"
In reply to: Pablo Neira Ayuso: "Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Jan 2024 at 04:10, Aaron Conole <aconole@xxxxxxxxxx> wrote:

> LGTM. I guess we should try to codify the specific flows that were used
> to flag this into the ovs selftest - we clearly have a missing case
> after NAT lookup.

Thanks for the review Aaron, and the sensible suggestion to add a
test to ovs to avoid this problem occuring again in future.

I've simplified our NAT ruleset and turned it into an ovs system test,
which I've submitted as a patch [1] to ovs-dev. The test reproduces
the issue introduced by ebddb1404900 and passes when e6345d2824a3
is applied.

[1]: https://mail.openvswitch.org/pipermail/ovs-dev/2024-January/410476.html

Next message: Zack Rusin: "[PATCH v2] input/vmmouse: Fix device name copies"
Previous message: Hillf Danton: "Re: [syzbot] [net?] [nfc?] INFO: task hung in nfc_targets_found"
In reply to: Pablo Neira Ayuso: "Re: [PATCH net] netfilter: nf_nat: fix action not being set for all ct states"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]