From patchwork Sat Apr 13 23:17:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085244 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzj3KJzz9s55 for ; Sun, 14 Apr 2019 09:17:53 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727314AbfDMXRw (ORCPT ); Sat, 13 Apr 2019 19:17:52 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:45976 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727298AbfDMXRu (ORCPT ); Sat, 13 Apr 2019 19:17:50 -0400 Received: by mail-qt1-f194.google.com with SMTP id v20so15299369qtv.12 for ; Sat, 13 Apr 2019 16:17:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WrUAfwxZ2mJ3qV2MjFj4BVzVMvakjdsw0TP7GyHfTqY=; b=RP1yZ4NpFsEzdESCKhjlPjrkvu7F+sTgjJLdBaoCsHd6B9Ft/Ce0p5u4LViuLP8cEX tQY8kfoIdysAxpr5reOlgoAFSI+TsDdYo0Iu2rIVyBqTITogFMDKrj79612tiIjwD+8t /xPCpcy0KX9z5ZKpiNE16VxsiiUizoxfp4uSqc1hbm8Ridbfhp/S2QBUlhuQ9TZ9hx8Y ELV17M0rc29cCpJzIeTw/UowQV/Wfp57Ati9X8lTEzz/4GR77Baa+DpgBwvZjZPvMI5m teKL5tJ/aEA/MWT5apWJlUcM9eix4oOyLmuIOzRAgJM1ffVNih/DgjKsSoEsZertMnyV YpeA== X-Gm-Message-State: APjAAAXYVNxwRmeQrn6JUOXHyP8N/lKCC4O10L9chFGqAck2DnPvoCrU 2NFsAVJPy+i1TzNnidlZiTNotM+JXlU= X-Google-Smtp-Source: APXvYqyLpkvsK4sYukxC4AYYUI8gERR+poKeVwALp3lQkI13iE5IPUi6VZYF+GFvAU+EiuH24/Lp1g== X-Received: by 2002:ac8:75ca:: with SMTP id z10mr53782084qtq.224.1555197469793; Sat, 13 Apr 2019 16:17:49 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id q75sm25732439qke.17.2019.04.13.16.17.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:49 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper. Date: Sat, 13 Apr 2019 20:17:16 -0300 Message-Id: <20190413231716.28711-9-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This improves the original commit 17c357efe5ec ("openvswitch: load NAT helper") where it unconditionally tries to load the module for every flow using NAT, so not efficient when loading multiple flows. It also doesn't hold any references to the NAT module while the flow is active. This change fixes those problems. It will try to load the module only if it's not present. It grabs a reference to the NAT module and holds it while the flow is active. Finally, an error message shows up if either actions above fails. Fixes: 17c357efe5ec ("openvswitch: load NAT helper") Signed-off-by: Flavio Leitner --- net/openvswitch/conntrack.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) V2 - updated with new functions names. diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 0be3ab5bde26..c4dad6d8869b 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -1307,6 +1307,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, { struct nf_conntrack_helper *helper; struct nf_conn_help *help; + int ret = 0; helper = nf_conntrack_helper_try_module_get(name, info->family, key->ip.proto); @@ -1321,13 +1322,21 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return -ENOMEM; } +#ifdef CONFIG_NF_NAT_NEEDED + if (info->nat) { + ret = nf_nat_helper_try_module_get(name, info->family, + key->ip.proto); + if (ret) { + nf_conntrack_helper_put(helper); + OVS_NLERR(log, "Failed to load \"%s\" NAT helper, err: %d", + name, ret); + return ret; + } + } +#endif rcu_assign_pointer(help->helper, helper); info->helper = helper; - - if (info->nat) - request_module("ip_nat_%s", name); - - return 0; + return ret; } #ifdef CONFIG_NF_NAT_NEEDED @@ -1801,8 +1810,13 @@ void ovs_ct_free_action(const struct nlattr *a) static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { - if (ct_info->helper) + if (ct_info->helper) { +#ifdef CONFIG_NF_NAT_NEEDED + if (ct_info->nat) + nf_nat_helper_put(ct_info->helper); +#endif nf_conntrack_helper_put(ct_info->helper); + } if (ct_info->ct) { if (ct_info->timeout[0]) nf_ct_destroy_timeout(ct_info->ct);