-
Notifications
You must be signed in to change notification settings - Fork 236
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Partially revert the following commit since it introduces a regression when we want to directly connect to a backend ip from a client outside the cluster for gw-router-port scenario. For this kind of traffic we do not commit to CT the 'original' incoming packet but we send the reply one to CT in undnat and snat stages in the router egress pipeline. Since we do not have any entry in CT table for the original traffic the reply one is marked as invalid. Even if the issue is not directly introduced by the commit below, it is not easy to fix it without committing all IP traffic to connection tracking or adding a flow per load-balancer backend. commit e3bc68c Author: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Date: Mon Mar 20 19:30:13 2023 +0100 northd: drop ct.inv packets in post snat and lb_aff_learn stages Drop ip packets with ct status set to invalid in post snat and lb_aff_learn router stages. Skip ICMPv{4,6} error messages packet in ct.inv rules in order to avoid to introduce too complicated code. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Dumitru Ceara <dceara@redhat.com>
- Loading branch information
1 parent
ce6ef8f
commit 0c71712
Showing
4 changed files
with
8 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters