From patchwork Sat Nov 7 00:06:06 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarno Rajahalme X-Patchwork-Id: 541167 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 36EB91402D4 for ; Sat, 7 Nov 2015 11:06:28 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=neZEiKLA; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1033260AbbKGAGY (ORCPT ); Fri, 6 Nov 2015 19:06:24 -0500 Received: from mail-pa0-f45.google.com ([209.85.220.45]:36479 "EHLO mail-pa0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757826AbbKGAGV (ORCPT ); Fri, 6 Nov 2015 19:06:21 -0500 Received: by pacdm15 with SMTP id dm15so112938181pac.3 for ; Fri, 06 Nov 2015 16:06:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bpaRTjOhc5VBFg+Nohxa4SpSxYCfh5kFhPGpN5065Z0=; b=neZEiKLA+QsxJsT5vxspARu3By/kTGwi50I7ibuCUp2fdE/1qejf/QaXRus1P5La9R g9yVvuqUB/PrN4+cSodiAeq/m8CMXn+J3m/JT1FjxtfAL/hyns4slyrzRK2toNLRX8fu TiQ0Nss2VfNEf77rAN5wY5UiUazdaUM9iTIR4DDrSTAldyrX12Bb3WX5qCOm86Tdn3kA MVnhoVtghHl2rkw98txumSYEASaiKfbrTkswDXqFIxsDq5lUxJPOsh3QZRdK1PGlgDi5 JbxFZsNOGtwthMhhAPZbjFmTVZCEm5bh1tS00RBRyo1c/7kDgF1jNE/JNVtze3gvkwiq P/+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bpaRTjOhc5VBFg+Nohxa4SpSxYCfh5kFhPGpN5065Z0=; b=WqIWEeoHUhf8ji9d1aCVmBBx2QGlsz5mqhhS8fs3HhtUoluFg0sdmmV/svI30r8amx 7+YI6oceHLy5pcomCr1Dyx2Qry3cFKwS2CtPoD////nKUwJk40NUUpiuLqpyfXk03+2P ukNuEUiD1J6iDOnpopxsvoVgZPxDSiXj6OgYt9Dh4omzH/5VHsu+fijfuqcBRCEWP4A8 AyUBukk4Tqw1/YodlCPF9iyMjCC0eNs6zLokX7KahEMRTf3P1PlKnmVwvV79y6/k1sxx luPyeRSDk/WV1vzHaszaaUnlAdZC2NxMLGXYUUY6O9rZ/h3leX3j9ErtSx/8CjbkgdEo +Aeg== X-Gm-Message-State: ALoCoQkE4KxCileNnIhUuMchf5Piuejr1me9ajmL0yo4GWoEASp/Rcy4y2fXY33hcYt1pt2IL0rt X-Received: by 10.66.194.16 with SMTP id hs16mr21172705pac.93.1446854781113; Fri, 06 Nov 2015 16:06:21 -0800 (PST) Received: from sc9-mailhost3.vmware.com ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id l16sm2160090pbq.22.2015.11.06.16.06.20 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 06 Nov 2015 16:06:20 -0800 (PST) From: Jarno Rajahalme To: netdev@vger.kernel.org Cc: netfilter-devel@vger.kernel.org, dev@openvswitch.org, jrajahalme@nicira.com Subject: [RFC PATCH net-next v2 6/8] openvswitch: Handle NF_REPEAT in conntrack action. Date: Fri, 6 Nov 2015 16:06:06 -0800 Message-Id: <1446854768-38299-7-git-send-email-jrajahalme@nicira.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1446854768-38299-1-git-send-email-jrajahalme@nicira.com> References: <1446854768-38299-1-git-send-email-jrajahalme@nicira.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Repeat the nf_conntrack_in() call when it returns NF_REPEAT. This avoids dropping a SYN packet re-opening an existing TCP connection. Signed-off-by: Jarno Rajahalme --- net/openvswitch/conntrack.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 0c371d0..7aa38fa 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -470,6 +470,7 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, */ if (!skb_nfct_cached(net, key, info, skb)) { struct nf_conn *tmpl = info->ct; + int err; /* Associate skb with specified zone. */ if (tmpl) { @@ -480,8 +481,13 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, skb->nfctinfo = IP_CT_NEW; } - if (nf_conntrack_in(net, info->family, NF_INET_PRE_ROUTING, - skb) != NF_ACCEPT) + /* Repeat if requested, see nf_iterate(). */ + do { + err = nf_conntrack_in(net, info->family, + NF_INET_PRE_ROUTING, skb); + } while (err == NF_REPEAT); + + if (err != NF_ACCEPT) return -ENOENT; ovs_ct_update_key(skb, key, true);