# Be quite and do not echo the cmd Q = @ # GCC related stuff LD = $(Q)echo -e " LD\t$@" && $(CCACHE) $(CROSS_COMPILE)gcc CCNQ = $(CCACHE) $(CROSS_COMPILE)gcc CC = $(Q)echo -e " CC\t$<" && $(CCNQ) ifeq ($(DEBUG), 1) STRIP = $(Q)true else STRIP = $(Q)echo -e " STRIP\t$@" && $(CROSS_COMPILE)strip endif # Flex/bison related LEX = $(Q)echo -e " LEX\t$<" && flex YAAC = $(Q)echo -e " YAAC\t$<" && bison # Installation related INST = echo -e " INST\t$(1)" && install -d $(2) && \ install --mode=644 -DC $(1) $(2)/$(shell basename $(1)) ifeq ("$(origin PREFIX)", "command line") INSTX = echo -e " INST\t$(1)" && install -d $(2) && \ install -C $(1) $(2)/$(shell basename $(1)) else INSTX = echo -e " INST\t$(1)" && install -C $(1) $(2)/$(shell basename $(1)) endif RM = echo -e " RM\t$(1)" && rm -rf $(1) RMDIR = echo -e " RM\t$(1)" && rmdir --ignore-fail-on-non-empty $(1) 2> /dev/null || true GZIP = gzip --best -c # Git related GIT_ARCHIVE = git archive --prefix=netsniff-ng-$(VERSION_SHORT)/ v$(VERSION_SHORT) | \ $(1) > ../netsniff-ng-$(VERSION_SHORT).tar.$(2) GIT_TAG = git tag -a v$(VERSION_SHORT) -s -m "$(VERSION_SHORT) release" GIT_LOG = git shortlog -n $(shell git tag | tail -n2 | head -n1)..HEAD GIT_REM = git ls-files -o | xargs rm -rf GIT_PEOPLE = git log --no-merges $(shell git tag | tail -n2 | head -n1)..HEAD | grep Author: | cut -d: -f2 | \ cut -d\< -f1 | sort | uniq -c | sort -nr t'>Tobias Klauser
summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorJarno Rajahalme <jarno@ovn.org>2017-02-09 11:22:00 -0800
committerDavid S. Miller <davem@davemloft.net>2017-02-09 22:59:34 -0500
commitdd41d33f0b033885211a5d6f3ee19e73238aa9ee (patch)
tree4d2e3e68f09ad6177c220448ef006fd2af30c131 /net
parent9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc (diff)
openvswitch: Add force commit.
Stateful network admission policy may allow connections to one direction and reject connections initiated in the other direction. After policy change it is possible that for a new connection an overlapping conntrack entry already exists, where the original direction of the existing connection is opposed to the new connection's initial packet. Most importantly, conntrack state relating to the current packet gets the "reply" designation based on whether the original direction tuple or the reply direction tuple matched. If this "directionality" is wrong w.r.t. to the stateful network admission policy it may happen that packets in neither direction are correctly admitted. This patch adds a new "force commit" option to the OVS conntrack action that checks the original direction of an existing conntrack entry. If that direction is opposed to the current packet, the existing conntrack entry is deleted and a new one is subsequently created in the correct direction. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Joe Stringer <joe@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/openvswitch/conntrack.c26
1 files changed, 24 insertions, 2 deletions
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c