neutron

  1. Bug #1620824
  2. Comment #11

Comment 11 for bug 1620824

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/366297
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=299d08ed3f3f170a129fb2096df73fd5af7e647d
Submitter: Jenkins
Branch: master

commit 299d08ed3f3f170a129fb2096df73fd5af7e647d
Author: David Wahlstrom <email address hidden>
Date: Tue Sep 6 12:11:41 2016 -0700

    DVR: properly track SNAT traffic

    When running DVR, it's possible for traffic to get confused and sent
    through SNAT thanks to the way conntrack tracks "new" connections. This
    patch sets "nf_connctrack_tcp_loose" inside the SNAT namespace to more
    intelligently handle SNAT traffic (and ignore what should be FIP
    traffic) - basically, don't track a connection where we didn't
    see the initial SYN.

    https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt

    Change-Id: Ia5b8bd3794d22808ee1718d429f0bbdbe61e94ec
    Closes-Bug: 1620824