| Message ID | 41f1f2b95985ef29f5440d717dc9007b71495d42.1670518439.git.lucien.xin@gmail.com |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | net: eliminate the duplicate code in the ct nat functions of ovs and tc | expand |
Xin Long <lucien.xin@gmail.com> writes: > When it fails to allocate nat ext, the packet should be dropped, like > the memory allocation failures in other places in ovs_ct_nat(). > > This patch changes to return NF_DROP when fails to add nat ext before > doing NAT in ovs_ct_nat(), also it would keep consistent with tc > action ct' processing in tcf_ct_act_nat(). > > Signed-off-by: Xin Long <lucien.xin@gmail.com> > --- LGTM. Acked-by: Aaron Conole <aconole@redhat.com>
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 5ea74270da46..58c9f0edc3c4 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -821,7 +821,7 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, /* Add NAT extension if not confirmed yet. */ if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) - return NF_ACCEPT; /* Can't NAT. */ + return NF_DROP; /* Can't NAT. */ /* Determine NAT type. * Check if the NAT type can be deduced from the tracked connection.
When it fails to allocate nat ext, the packet should be dropped, like the memory allocation failures in other places in ovs_ct_nat(). This patch changes to return NF_DROP when fails to add nat ext before doing NAT in ovs_ct_nat(), also it would keep consistent with tc action ct' processing in tcf_ct_act_nat(). Signed-off-by: Xin Long <lucien.xin@gmail.com> --- net/openvswitch/conntrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)