Message ID | 20170503185329.24021-1-joe@ovn.org |
---|---|
State | Accepted |
Headers | show |
On Wed, May 3, 2017 at 11:53 AM, Joe Stringer <joe@ovn.org> wrote: > Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked > conntrack objects") and ab8bc7ed864b ("netfilter: remove > nf_ct_is_untracked") removed the 'untracked' conntrack objects and > functions. The latter commit removes the usage of nf_ct_is_untracked() > from OVS. However, older kernels still have a representation of > 'untracked' CT objects so the code needs to remain until the kernel > support is bumped to Linux 4.12 or newer. Introduce a macro to detect > this symbol and wrap these lines in the macro check. > > Signed-off-by: Joe Stringer <joe@ovn.org> > --- > acinclude.m4 | 2 ++ > datapath/conntrack.c | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/acinclude.m4 b/acinclude.m4 > index dbe03bc83e43..d9a8a58372f0 100644 > --- a/acinclude.m4 > +++ b/acinclude.m4 > @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ > [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], > [nf_ct_set]) > + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], > + [nf_ct_is_untracked]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], > [nf_ct_zone_init]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h], > diff --git a/datapath/conntrack.c b/datapath/conntrack.c > index 64ad0657241b..bf28fc071929 100644 > --- a/datapath/conntrack.c > +++ b/datapath/conntrack.c > @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, > enum nf_nat_manip_type maniptype; > int err; > > +#ifdef HAVE_NF_CT_IS_UNTRACKED > if (nf_ct_is_untracked(ct)) { > /* A NAT action may only be performed on tracked packets. */ > return NF_ACCEPT; > } > +#endif /* HAVE_NF_CT_IS_UNTRACKED */ > > /* Add NAT extension if not confirmed yet. */ > if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) > -- LGTM Acked-by: Greg Rose <gvrose8192@gmail.com> > 2.12.0 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
On 3 May 2017 at 13:25, Greg Rose <gvrose8192@gmail.com> wrote: > On Wed, May 3, 2017 at 11:53 AM, Joe Stringer <joe@ovn.org> wrote: >> Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked >> conntrack objects") and ab8bc7ed864b ("netfilter: remove >> nf_ct_is_untracked") removed the 'untracked' conntrack objects and >> functions. The latter commit removes the usage of nf_ct_is_untracked() >> from OVS. However, older kernels still have a representation of >> 'untracked' CT objects so the code needs to remain until the kernel >> support is bumped to Linux 4.12 or newer. Introduce a macro to detect >> this symbol and wrap these lines in the macro check. >> >> Signed-off-by: Joe Stringer <joe@ovn.org> >> --- >> acinclude.m4 | 2 ++ >> datapath/conntrack.c | 2 ++ >> 2 files changed, 4 insertions(+) >> >> diff --git a/acinclude.m4 b/acinclude.m4 >> index dbe03bc83e43..d9a8a58372f0 100644 >> --- a/acinclude.m4 >> +++ b/acinclude.m4 >> @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ >> [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])]) >> OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], >> [nf_ct_set]) >> + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], >> + [nf_ct_is_untracked]) >> OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], >> [nf_ct_zone_init]) >> OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h], >> diff --git a/datapath/conntrack.c b/datapath/conntrack.c >> index 64ad0657241b..bf28fc071929 100644 >> --- a/datapath/conntrack.c >> +++ b/datapath/conntrack.c >> @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, >> enum nf_nat_manip_type maniptype; >> int err; >> >> +#ifdef HAVE_NF_CT_IS_UNTRACKED >> if (nf_ct_is_untracked(ct)) { >> /* A NAT action may only be performed on tracked packets. */ >> return NF_ACCEPT; >> } >> +#endif /* HAVE_NF_CT_IS_UNTRACKED */ >> >> /* Add NAT extension if not confirmed yet. */ >> if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) >> -- > > LGTM > > Acked-by: Greg Rose <gvrose8192@gmail.com> Thanks, applied.
diff --git a/acinclude.m4 b/acinclude.m4 index dbe03bc83e43..d9a8a58372f0 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], [nf_ct_set]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], + [nf_ct_is_untracked]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], [nf_ct_zone_init]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 64ad0657241b..bf28fc071929 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, enum nf_nat_manip_type maniptype; int err; +#ifdef HAVE_NF_CT_IS_UNTRACKED if (nf_ct_is_untracked(ct)) { /* A NAT action may only be performed on tracked packets. */ return NF_ACCEPT; } +#endif /* HAVE_NF_CT_IS_UNTRACKED */ /* Add NAT extension if not confirmed yet. */ if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked conntrack objects") and ab8bc7ed864b ("netfilter: remove nf_ct_is_untracked") removed the 'untracked' conntrack objects and functions. The latter commit removes the usage of nf_ct_is_untracked() from OVS. However, older kernels still have a representation of 'untracked' CT objects so the code needs to remain until the kernel support is bumped to Linux 4.12 or newer. Introduce a macro to detect this symbol and wrap these lines in the macro check. Signed-off-by: Joe Stringer <joe@ovn.org> --- acinclude.m4 | 2 ++ datapath/conntrack.c | 2 ++ 2 files changed, 4 insertions(+)