6f99afcc24
[ Upstream commit 5d50aa83e2c8e91ced2cca77c198b468ca9210f4 ]
The openvswitch module shares a common conntrack and NAT infrastructure
exposed via netfilter. It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision. Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egress. The openvswitch module doesn't have such capability.
Like netfilter hook infrastructure, we should run through NAT twice to
keep the symmetry.
Fixes:
|
||
---|---|---|
.. | ||
actions.c | ||
conntrack.c | ||
conntrack.h | ||
datapath.c | ||
datapath.h | ||
dp_notify.c | ||
flow.c | ||
flow.h | ||
flow_netlink.c | ||
flow_netlink.h | ||
flow_table.c | ||
flow_table.h | ||
Kconfig | ||
Makefile | ||
meter.c | ||
meter.h | ||
vport-geneve.c | ||
vport-gre.c | ||
vport-internal_dev.c | ||
vport-internal_dev.h | ||
vport-netdev.c | ||
vport-netdev.h | ||
vport-vxlan.c | ||
vport.c | ||
vport.h |