From patchwork Wed Feb 7 17:38:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1896249 X-Patchwork-Delegate: horms@verge.net.au Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BxWPr8en; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TVS5F2nX5z23gM for ; Thu, 8 Feb 2024 04:38:23 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 79BFD40207; Wed, 7 Feb 2024 17:38:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xx4tDsGWe2QP; Wed, 7 Feb 2024 17:38:20 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 611D14020C Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BxWPr8en Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 611D14020C; Wed, 7 Feb 2024 17:38:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3B53FC0072; Wed, 7 Feb 2024 17:38:20 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id ACFFDC007C for ; Wed, 7 Feb 2024 17:38:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 88C7360DC2 for ; Wed, 7 Feb 2024 17:38:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKF_vcTjxOUl for ; Wed, 7 Feb 2024 17:38:18 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 3942E60B44 Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3942E60B44 Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BxWPr8en Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3942E60B44 for ; Wed, 7 Feb 2024 17:38:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707327497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xlEvGHYVXBaNrS8NcnpuRkCXCXKzOICWBww5QWwpy9c=; b=BxWPr8enWhnzB3SzTrnJ7I9mgfIFR4tpkj7lfOvnI+roisI4X0nxUkFaC32eEq0inlM6WY VyC4h9yqESuSvdIPNKHAmRdXLniEKDaFrkFyTjLJ5TzUKKNrPClFSHr6Miwxtqkqj75Cc/ pGr1Blt7OlIrbzs7j6cU/JuyuSJrrdY= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-688-EcG5KR06Oi2EQFK0XtZcvQ-1; Wed, 07 Feb 2024 12:38:16 -0500 X-MC-Unique: EcG5KR06Oi2EQFK0XtZcvQ-1 Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2d0c8552901so707401fa.1 for ; Wed, 07 Feb 2024 09:38:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707327493; x=1707932293; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xlEvGHYVXBaNrS8NcnpuRkCXCXKzOICWBww5QWwpy9c=; b=DLOAVZAiSWjK4GKXeIR0O8pbXOvdIMRoruDWe0P+suoEIn0cTLyWz3tKnBmIT5DSoX uZQ0S2pWXhRkTet2lsxDeVCSNE5D69BpbMhYkeGBIVY0ZQrkENoXcCyPd3DgYoFBQHSL 7p8eY0QNWAhfXv2ZaUdcSBJxVabW8EScY3Tys9Vql8wZOpReLtajNQxw5W6ONSiZoktv 33REoUu1juNEg9jCO7AcbP72UaEhalxWAVZHSLKTJVF86TDb8+GknruG21FbQ02Z/BZA bise/to9q82hOk6mZWJTD2zxhxjZUaMsMfWw+w4Cond4y8nU1jPuokfsg1Df0Dd8wkfi 04yQ== X-Gm-Message-State: AOJu0YxG6tCIByalcaNTeCpqxKqF6edGF7eynOEScQA2ysymhHWO6ZrW C1WyTSI/stgF+9/Xhmvn7XbnwPn10ae08ES4qrtQqjdL4oCiaV9m5oNkK5+EVxQEKHLfkL6dwxX d1g3zyxs5AUtB6f8Avb6O/6gO/jFZSx7rbiBTPiOye1ltv9AG30e4f7M6K4449vz/Z+XyqJwVFX ROAy1RjR5MNrEWcqwMHrU6itwsJMXR8A0U7zt69fY= X-Received: by 2002:a2e:910d:0:b0:2cd:1ca5:282c with SMTP id m13-20020a2e910d000000b002cd1ca5282cmr4124711ljg.5.1707327493527; Wed, 07 Feb 2024 09:38:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IF/Rmei1ondm9oH0+BTfLOUjzinEpE/dMHZvBwpoOMfgeLoakpYewhonGBAF+kip3Rkkx169g== X-Received: by 2002:a2e:910d:0:b0:2cd:1ca5:282c with SMTP id m13-20020a2e910d000000b002cd1ca5282cmr4124705ljg.5.1707327493150; Wed, 07 Feb 2024 09:38:13 -0800 (PST) Received: from localhost ([37.183.153.57]) by smtp.gmail.com with ESMTPSA id eh19-20020a0564020f9300b0055ffe74e39dsm871963edb.85.2024.02.07.09.38.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 09:38:12 -0800 (PST) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Wed, 7 Feb 2024 18:38:08 +0100 Message-ID: <20240207173808.1475540-2-pvalerio@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207173808.1475540-1-pvalerio@redhat.com> References: <20240207173808.1475540-1-pvalerio@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v2 2/2] conntrack: Handle persistent selection for IP addresses. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The patch, when 'persistent' flag is specified, makes the IP selection in a range persistent across reboots. Signed-off-by: Paolo Valerio Acked-by: Simon Horman --- NEWS | 3 ++- lib/conntrack.c | 27 +++++++++++++++++++++------ lib/conntrack.h | 1 + lib/dpif-netdev.c | 2 ++ 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 93046b963..0c86bba81 100644 --- a/NEWS +++ b/NEWS @@ -2,7 +2,8 @@ Post-v3.3.0 -------------------- - Userspace datapath: * Conntrack now supports 'random' flag for selecting ports in a range - while natting. + while natting and 'persistent' flag for selection of the IP address + from a range. v3.3.0 - xx xxx xxxx diff --git a/lib/conntrack.c b/lib/conntrack.c index e09ecdf33..7868a67f7 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2202,17 +2202,21 @@ nat_range_hash(const struct conn_key *key, uint32_t basis, { uint32_t hash = basis; + if (!basis) { + hash = ct_addr_hash_add(hash, &key->src.addr); + } else { + hash = ct_endpoint_hash_add(hash, &key->src); + hash = ct_endpoint_hash_add(hash, &key->dst); + } + hash = ct_addr_hash_add(hash, &nat_info->min_addr); hash = ct_addr_hash_add(hash, &nat_info->max_addr); hash = hash_add(hash, ((uint32_t) nat_info->max_port << 16) | nat_info->min_port); - hash = ct_endpoint_hash_add(hash, &key->src); - hash = ct_endpoint_hash_add(hash, &key->dst); hash = hash_add(hash, (OVS_FORCE uint32_t) key->dl_type); hash = hash_add(hash, key->nw_proto); hash = hash_add(hash, key->zone); - /* The purpose of the second parameter is to distinguish hashes of data of * different length; our data always has the same length so there is no * value in counting. */ @@ -2386,12 +2390,23 @@ nat_get_unique_tuple(struct conntrack *ct, struct conn *conn, bool pat_proto = fwd_key->nw_proto == IPPROTO_TCP || fwd_key->nw_proto == IPPROTO_UDP || fwd_key->nw_proto == IPPROTO_SCTP; + uint32_t hash, port_off, basis = ct->hash_basis; uint16_t min_dport, max_dport, curr_dport; uint16_t min_sport, max_sport, curr_sport; - uint32_t hash, port_off; - hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info); - port_off = nat_info->nat_flags & NAT_RANGE_RANDOM ? random_uint32() : hash; + if (nat_info->nat_flags & NAT_PERSISTENT) { + basis = 0; + } + + hash = nat_range_hash(fwd_key, basis, nat_info); + + if (nat_info->nat_flags & NAT_RANGE_RANDOM) { + port_off = random_uint32(); + } else { + port_off = + basis ? hash : nat_range_hash(fwd_key, ct->hash_basis, nat_info); + } + min_addr = nat_info->min_addr; max_addr = nat_info->max_addr; diff --git a/lib/conntrack.h b/lib/conntrack.h index 9b0c6aa88..ee7da099e 100644 --- a/lib/conntrack.h +++ b/lib/conntrack.h @@ -79,6 +79,7 @@ enum nat_action_e { enum nat_flags_e { NAT_RANGE_RANDOM = 1 << 0, + NAT_PERSISTENT = 1 << 1, }; struct nat_action_info_t { diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index c3334c667..fbf7ccabd 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -9413,6 +9413,8 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_, nat_action_info.nat_flags |= NAT_RANGE_RANDOM; break; case OVS_NAT_ATTR_PERSISTENT: + nat_action_info.nat_flags |= NAT_PERSISTENT; + break; case OVS_NAT_ATTR_PROTO_HASH: break; case OVS_NAT_ATTR_UNSPEC: