From patchwork Tue Dec 6 23:31:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 1712966 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=FUNeQB69; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NRcBF1CYfz23ns for ; Wed, 7 Dec 2022 10:31:32 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 0226640AA5; Tue, 6 Dec 2022 23:31:30 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 0226640AA5 Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=FUNeQB69 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8fwDNlNVQDTJ; Tue, 6 Dec 2022 23:31:30 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id C535F40AB6; Tue, 6 Dec 2022 23:31:28 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org C535F40AB6 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B00DFC0085; Tue, 6 Dec 2022 23:31:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9DC84C0032 for ; Tue, 6 Dec 2022 23:31:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 796DA6104B for ; Tue, 6 Dec 2022 23:31:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 796DA6104B Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=FUNeQB69 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmAXc6nwknJc for ; Tue, 6 Dec 2022 23:31:24 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org C704F60FA9 Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) by smtp3.osuosl.org (Postfix) with ESMTPS id C704F60FA9 for ; Tue, 6 Dec 2022 23:31:23 +0000 (UTC) Received: by mail-qk1-x736.google.com with SMTP id v8so8819449qkg.12 for ; Tue, 06 Dec 2022 15:31:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0rll4DxwcXBCHbVSIxpnJnXVQqgF+A4qtdFp6rMMijg=; b=FUNeQB69EPIQZlQRzjHTKl7k99O9Yo6XlcLhoMJaLk4uH937Itx1apZebp3Kv/VWrw M/XMySqD49TuomQ/aa1N9hGFpB8N25TnJPrBOOh+Tx1C3CZRJm4E1JylcrIes7iJlwf9 V8ZzRAHXhviKQcIDarFOzzlxuznudxwzKOsgwBktIOFq5amGvT1M2Gi9FWZnVJ7uINbg Mg9+rJU/O/YCr2RRz2u3VV1N+qLkCARMgkoGAj2uLaasgGz8//6cm2mqLuuUgVrvin+7 WlGhQLhRFBL59zfZR7iEz+O0e5GtU7hfmUK/xI/dBzKlPuontK4gRzCm5rk4uMd7t58s ArRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0rll4DxwcXBCHbVSIxpnJnXVQqgF+A4qtdFp6rMMijg=; b=EJou3JBTNoDIL+qpGCkQEID9jKfNPdjSmu56AFOi/EsnBk4D9FLIExy65hLQRAUJMo /Hy6qSZNh2YTjeT4JGJsK0lU9hZJuJ9gCMrxBweb3Uc+FC4s//4S70nCHxS46EePQUm+ Zs6JeGICC34VNii+nV3b4cqW7ZO3lQlnXPfLS4GvOytFaXFcJnPh1h5aYstgo9lIOaMi aVzmL9pWTG+fjF4/qRPCnKuO18flVhURcaSs9L8WqHqpO2ITJkT6cUcYzlReHvi4RH1T 5fn+bBlEHON1TjFR9231hyZ0EPgQKtZIPPaDzAayhAfQj/2IcWAF72/rPOLT7Uo4/c9X It9g== X-Gm-Message-State: ANoB5plAFCl38pdDhChA6pKI28vGjNj8aWhcFUienJ7g4st04GuAKdmS HpW77EXKhgix/WCp5SpHElo= X-Google-Smtp-Source: AA0mqf73/qlXmkyEkMspUUHLDtshd3u1a1+OtppBvVnHFrS23ETuW7KWlrn3CgvJoN9heZr4cCCnOQ== X-Received: by 2002:a05:620a:15d4:b0:6fc:a7df:5f41 with SMTP id o20-20020a05620a15d400b006fca7df5f41mr21170679qkm.694.1670369482496; Tue, 06 Dec 2022 15:31:22 -0800 (PST) Received: from wsfd-netdev15.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id i21-20020a05620a405500b006f8665f483fsm16590231qko.85.2022.12.06.15.31.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Dec 2022 15:31:22 -0800 (PST) From: Xin Long To: network dev , dev@openvswitch.org Date: Tue, 6 Dec 2022 18:31:14 -0500 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Cc: Marcelo Ricardo Leitner , Jiri Pirko , Paul Blakey , Davide Caratti , Florian Westphal , Jamal Hadi Salim , Ilya Maximets , Saeed Mahameed , Eric Dumazet , Cong Wang , kuba@kernel.org, Paolo Abeni , davem@davemloft.net, Pablo Neira Ayuso Subject: [ovs-dev] [PATCHv3 net-next 3/5] openvswitch: return NF_DROP when fails to add nat ext in ovs_ct_nat X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When it fails to allocate nat ext, the packet should be dropped, like the memory allocation failures in other places in ovs_ct_nat(). This patch changes to return NF_DROP when fails to add nat ext before doing NAT in ovs_ct_nat(), also it would keep consistent with tc action ct' processing in tcf_ct_act_nat(). Signed-off-by: Xin Long --- net/openvswitch/conntrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 5ea74270da46..58c9f0edc3c4 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -821,7 +821,7 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, /* Add NAT extension if not confirmed yet. */ if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) - return NF_ACCEPT; /* Can't NAT. */ + return NF_DROP; /* Can't NAT. */ /* Determine NAT type. * Check if the NAT type can be deduced from the tracked connection.