diff options
| author | Aaron Conole <[email protected]> | 2019-12-03 21:34:14 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2019-12-05 00:31:15 +0000 |
| commit | 95219afbb980f10934de9f23a3e199be69c5ed09 (patch) | |
| tree | 462552dd01b320e2441b4fa36aa31d95b752956b /tools/testing/selftests/bpf/test_cpp.cpp | |
| parent | openvswitch: support asymmetric conntrack (diff) | |
| download | kernel-95219afbb980f10934de9f23a3e199be69c5ed09.tar.gz kernel-95219afbb980f10934de9f23a3e199be69c5ed09.zip | |
act_ct: support asymmetric conntrack
The act_ct TC module shares a common conntrack and NAT infrastructure
exposed via netfilter. It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision. Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egress. The act_ct action doesn't have such capability.
Like netfilter hook infrastructure, we should run through NAT twice to
keep the symmetry.
Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: Aaron Conole <[email protected]>
Acked-by: Marcelo Ricardo Leitner <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'tools/testing/selftests/bpf/test_cpp.cpp')
0 files changed, 0 insertions, 0 deletions