conntrack: Use helpers from committed connections.

When a packet hits a flow rule without an explicitly specified helper, OvS has to rely on automatic application layer gateway detection to find related connections. This works as long as services are running on their standard ports, e.g. when FTP servers use TCP port 21. However, sometimes it's necessary to run services on non-standard ports. In that case, there is no way for OvS to guess which protocol is used within a given flow. Of course, this means that no related connections can be recognized. When a connection is committed with a particular helper, it's reasonable to assume this helper will be used in subsequent CT actions, as long as they don't override it. Achieve this behaviour by using the committed connection's helper when a flow rule does not specify one. Signed-off-by: Viacheslav Galaktionov <viacheslav.galaktionov@arknetworks.am> Acked-by: Ivan Malov <ivan.malov@arknetworks.am> Signed-off-by: Aaron Conole <aconole@redhat.com>
2025-08-31 14:25:26 +00:00 · 2023-12-11 12:51:02 +02:00
parent 14ef8b451f
commit 8abe32f957
3 changed files with 13 additions and 0 deletions
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -140,6 +140,7 @@ Q: Are all features available with all datapaths?
    Conntrack Zone Limit            4.18           2.10         2.13     YES
    Conntrack NAT                   4.6            2.6          2.8      YES
    Conntrack NAT6                  4.6            2.6          2.8      3.0
+    Conntrack Helper Persist.       YES            YES          3.2      NO
    Tunnel - LISP                   NO             2.11         NO       NO
    Tunnel - STT                    NO             2.4          NO       YES
    Tunnel - GRE                    3.11           1.0          2.4      YES