Re: [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Applied, thanks.

Please, send your patches to netfilter-devel@xxxxxxxxxxxxxxx next
time.

One comment below.

On Tue, Aug 17, 2021 at 01:31:25PM -0700, Adam Casella wrote:
> In some use-cases, zone is used to differetiate conntrack state.  This preserves that uniqueness by adding zone into the cache in addtion to 5-tuple data
> This preserves external-cache uniqueness per zone when synced.
> 
> Follow up fix to: https://git.netfilter.org/conntrack-tools/commit/?id=a08af5d26297eb85218a3c3a9e0991001a88cf10
> 
> Signed-off-by: Adam Casella <adam.casella1984@xxxxxxxxx>
> ---
>  src/cache-ct.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/src/cache-ct.c b/src/cache-ct.c
> index abcfde4..7e788d2 100644
> --- a/src/cache-ct.c
> +++ b/src/cache-ct.c
> @@ -41,7 +41,8 @@ cache_hash4_ct(const struct nf_conntrack *ct, const struct hashtable *table)
>  			  nfct_get_attr_u8(ct, ATTR_L4PROTO),
>  		[3]	= nfct_get_attr_u16(ct, ATTR_PORT_SRC) << 16 |
>  			  nfct_get_attr_u16(ct, ATTR_PORT_DST),
> -	};
> +                [4]     = nfct_get_attr_u16(ct, ATTR_ZONE),

This array has a size of 4 slots, you forgot to update it, in case you
are using this patch in production already.

I have fixed it here before applying.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux