From patchwork Thu Jul 18 02:10:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 1961836 X-Patchwork-Delegate: horms@verge.net.au Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=nACGHWHh; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WPbqk4Q2Jz1xrQ for ; Thu, 18 Jul 2024 12:10:24 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 9A34340360; Thu, 18 Jul 2024 02:10:22 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id zhRWoDu0ySu5; Thu, 18 Jul 2024 02:10:21 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 153F8402A9 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=nACGHWHh Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 153F8402A9; Thu, 18 Jul 2024 02:10:20 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6229AC0A97; Thu, 18 Jul 2024 02:10:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id D0169C0A96; Thu, 18 Jul 2024 02:10:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id A9572402AA; Thu, 18 Jul 2024 02:10:19 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id ghO3a8-mjf7K; Thu, 18 Jul 2024 02:10:18 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::835; helo=mail-qt1-x835.google.com; envelope-from=lucien.xin@gmail.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 73215402A9 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 73215402A9 Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) by smtp4.osuosl.org (Postfix) with ESMTPS id 73215402A9; Thu, 18 Jul 2024 02:10:18 +0000 (UTC) Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-447feb144dfso1366081cf.2; Wed, 17 Jul 2024 19:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721268617; x=1721873417; darn=openvswitch.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=FUVeC7uEabBIHrV8Zthpwwrh/3SAngLdiEUX16thuiU=; b=nACGHWHhGqgQaxH0XJgZs+i5keWrqC79s2ObZTq77zjYHYe/BjCDRI/pdr7OG2CHcJ rFKBQ3EDD92av6MaRFehDIclmgH/pYrOA2AQigKwdZCIRpv7luo4fOfQ2mIlT/o8vDws vay6nYEAhf6naJMlIFLi75cgv/W5/VMrPQUMEK9gwAPt6uanje7zkRyuEWlasCPQsCc3 +8oMr7vAEh+fbcp5rX2dPMnX66ZI7XT9Fjb2WsWz9VkqaN+Rkk1PTYUoQEELa8ZN+CUe OQSfHSwjI3RfHMfXDTdFlSog8lvaa3n6/CGRti9eOAW6MbHnep8U/QzOmTGd5C62vFZH bZyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721268617; x=1721873417; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FUVeC7uEabBIHrV8Zthpwwrh/3SAngLdiEUX16thuiU=; b=OkjmWqdAUErqll2Gf5/1aLIjdS+FRtERrWObtCs1V5J7aZfTY7ZY898Ns2x9s2rbX9 WvnTzfKQ00BdswVJoLg3auRdCVrHe48s/e5/F6xsA/VmjqIFGIwtJ4LPB+jebG4yOXE0 VAiVmHADIxwRCTZcjqwo7nRNvMRnqUNd9ZJTctq00QjRJet3lgisha/KJkhRlaVq55uw /oiQ9PGNNniZ7FSlpBwGNhtpPK6mppXkYZSK/l2IRpUBV5aD9xOX3PUH6RLeNoPWt6+m dU3FKmaOkeUT3R8Wu5Zvb3Tm1PyIpFEvXR1NULxURmBbr/rH1d96I4aO9ckbq+c21zll BgAA== X-Forwarded-Encrypted: i=1; AJvYcCV8Yq8RXuyY768AmB3FhrzOZNrD6lcMFUKJPPx9NIURp7BzF7srAEACgYxxOmMH5JZ9csEcAkrqL8aKlGVcYk3oJVfXQjcQdBqvvVXjsyIvEdiXvchBKMQ3tVhGrA== X-Gm-Message-State: AOJu0YxzR+NgMZxX8lkXZzO87NVbk6su2yBIDcaaa9qBI3hHmLkLSk1e umLB7v360FwRlb2ZhXRbv96CGSOFIqMbvc/g+twkB/apHy+SXvAW X-Google-Smtp-Source: AGHT+IF8753bPoowzXSJU4Co0P6CmGmDWHJE8KdpXiP4yq8lSfHC32MzVf/gsmy+0ym0ohn1/28FDg== X-Received: by 2002:a05:622a:1482:b0:447:ea03:453e with SMTP id d75a77b69052e-44f86194c04mr34393231cf.20.1721268616763; Wed, 17 Jul 2024 19:10:16 -0700 (PDT) Received: from wsfd-netdev15.anl.eng.rdu2.dc.redhat.com ([66.187.232.140]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-44f5b7f9b4asm54980551cf.54.2024.07.17.19.10.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jul 2024 19:10:16 -0700 (PDT) From: Xin Long To: network dev , dev@openvswitch.org, ovs-dev@openvswitch.org Date: Wed, 17 Jul 2024 22:10:15 -0400 Message-ID: X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH net-next] openvswitch: switch to per-action label counting in conntrack X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Westphal , Ilya Maximets , Eric Dumazet , kuba@kernel.org, Paolo Abeni , davem@davemloft.net Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Similar to commit 70f06c115bcc ("sched: act_ct: switch to per-action label counting"), we should also switch to per-action label counting in openvswitch conntrack, as Florian suggested. The difference is that nf_connlabels_get() is called unconditionally when creating an ct action in ovs_ct_copy_action(). As with these flows: table=0,ip,actions=ct(commit,table=1) table=1,ip,actions=ct(commit,exec(set_field:0xac->ct_label),table=2) it needs to make sure the label ext is created in the 1st flow before the ct is committed in ovs_ct_commit(). Otherwise, the warning in nf_ct_ext_add() when creating the label ext in the 2nd flow will be triggered: WARN_ON(nf_ct_is_confirmed(ct)); Signed-off-by: Xin Long --- net/openvswitch/conntrack.c | 28 +++++++++++----------------- net/openvswitch/datapath.h | 3 --- 2 files changed, 11 insertions(+), 20 deletions(-) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 8eb1d644b741..2cc38faab682 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -1368,11 +1368,8 @@ bool ovs_ct_verify(struct net *net, enum ovs_key_attr attr) attr == OVS_KEY_ATTR_CT_MARK) return true; if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) && - attr == OVS_KEY_ATTR_CT_LABELS) { - struct ovs_net *ovs_net = net_generic(net, ovs_net_id); - - return ovs_net->xt_label; - } + attr == OVS_KEY_ATTR_CT_LABELS) + return true; return false; } @@ -1381,6 +1378,7 @@ int ovs_ct_copy_action(struct net *net, const struct nlattr *attr, const struct sw_flow_key *key, struct sw_flow_actions **sfa, bool log) { + unsigned int n_bits = sizeof(struct ovs_key_ct_labels) * BITS_PER_BYTE; struct ovs_conntrack_info ct_info; const char *helper = NULL; u16 family; @@ -1409,6 +1407,12 @@ int ovs_ct_copy_action(struct net *net, const struct nlattr *attr, return -ENOMEM; } + if (nf_connlabels_get(net, n_bits - 1)) { + nf_ct_tmpl_free(ct_info.ct); + OVS_NLERR(log, "Failed to set connlabel length"); + return -EOPNOTSUPP; + } + if (ct_info.timeout[0]) { if (nf_ct_set_timeout(net, ct_info.ct, family, key->ip.proto, ct_info.timeout)) @@ -1577,6 +1581,7 @@ static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) if (ct_info->ct) { if (ct_info->timeout[0]) nf_ct_destroy_timeout(ct_info->ct); + nf_connlabels_put(nf_ct_net(ct_info->ct)); nf_ct_tmpl_free(ct_info->ct); } } @@ -2002,17 +2007,9 @@ struct genl_family dp_ct_limit_genl_family __ro_after_init = { int ovs_ct_init(struct net *net) { - unsigned int n_bits = sizeof(struct ovs_key_ct_labels) * BITS_PER_BYTE; +#if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT) struct ovs_net *ovs_net = net_generic(net, ovs_net_id); - if (nf_connlabels_get(net, n_bits - 1)) { - ovs_net->xt_label = false; - OVS_NLERR(true, "Failed to set connlabel length"); - } else { - ovs_net->xt_label = true; - } - -#if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT) return ovs_ct_limit_init(net, ovs_net); #else return 0; @@ -2026,7 +2023,4 @@ void ovs_ct_exit(struct net *net) #if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT) ovs_ct_limit_exit(net, ovs_net); #endif - - if (ovs_net->xt_label) - nf_connlabels_put(net); } diff --git a/net/openvswitch/datapath.h b/net/openvswitch/datapath.h index 9ca6231ea647..365b9bb7f546 100644 --- a/net/openvswitch/datapath.h +++ b/net/openvswitch/datapath.h @@ -160,9 +160,6 @@ struct ovs_net { #if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT) struct ovs_ct_limit_info *ct_limit_info; #endif - - /* Module reference for configuring conntrack. */ - bool xt_label; }; /**