conntrack: Fix TCP conntrack state

If a TCP connection is in SYN_SENT state, receiving another SYN packet would just renew the timeout of that conntrack entry rather than create a new one. Thus, tcp_conn_update() should return CT_UPDATE_VALID_NEW. This also fixes regressions of a couple of OVN system tests. Fixes: a867c01 ("conntrack: Fix conntrack new state") Reported-by: Dumitru Ceara <dceara@redhat.com> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Tested-by: Dumitru Ceara <dceara@redhat.com> Signed-off-by: William Tu <u9012063@gmail.com>
openvswitch · Feb 18, 2020 · ac23d20 · ac23d20
1 parent 486139d
commit ac23d20
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
@@ -189,7 +189,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
         } else if (src->state <= CT_DPIF_TCPS_SYN_SENT) {
             src->state = CT_DPIF_TCPS_SYN_SENT;
             conn_update_expiration(ct, &conn->up, CT_TM_TCP_FIRST_PACKET, now);
-            return CT_UPDATE_NEW;
+            return CT_UPDATE_VALID_NEW;
         }
     }