From patchwork Mon Jan 22 19:10:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Garver X-Patchwork-Id: 864352 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zQLc65X0Vz9s7M for ; Tue, 23 Jan 2018 06:10:30 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 7844B1124; Mon, 22 Jan 2018 19:10:00 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9CDFC1111 for ; Mon, 22 Jan 2018 19:09:58 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2F58B284 for ; Mon, 22 Jan 2018 19:09:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1597C058EB0 for ; Mon, 22 Jan 2018 19:09:57 +0000 (UTC) Received: from dev-rhel7.localdomain (wsfd-netdev-vmhost.ntdv.lab.eng.bos.redhat.com [10.19.188.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id 655CD60606 for ; Mon, 22 Jan 2018 19:09:57 +0000 (UTC) From: Eric Garver To: dev@openvswitch.org Date: Mon, 22 Jan 2018 14:10:04 -0500 Message-Id: <20180122191005.14376-2-e@erig.me> In-Reply-To: <20180122191005.14376-1-e@erig.me> References: <20180122191005.14376-1-e@erig.me> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 22 Jan 2018 19:09:57 +0000 (UTC) X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 1/2] acinclude: check for IP_CT_UNTRACKED X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org IP_CT_UNTRACKED is fairly new, but used by the kernel datapath ct_clear action. Signed-off-by: Eric Garver --- acinclude.m4 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index 16a57a341b7d..c04c2c65bcdb 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -793,6 +793,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_ops], [list], [OVS_DEFINE([HAVE_LIST_IN_NF_HOOK_OPS])]) + OVS_GREP_IFELSE([$KSRC/include/uapi/linux/netfilter/nf_conntrack_common.h], + [IP_CT_UNTRACKED]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then From patchwork Mon Jan 22 19:10:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Garver X-Patchwork-Id: 864353 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zQLck5xgCz9sRm for ; Tue, 23 Jan 2018 06:11:02 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 72D6A1142; Mon, 22 Jan 2018 19:10:02 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 54E511114 for ; Mon, 22 Jan 2018 19:09:59 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9308AFC for ; Mon, 22 Jan 2018 19:09:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23D716911 for ; Mon, 22 Jan 2018 19:09:58 +0000 (UTC) Received: from dev-rhel7.localdomain (wsfd-netdev-vmhost.ntdv.lab.eng.bos.redhat.com [10.19.188.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id D185160606 for ; Mon, 22 Jan 2018 19:09:57 +0000 (UTC) From: Eric Garver To: dev@openvswitch.org Date: Mon, 22 Jan 2018 14:10:05 -0500 Message-Id: <20180122191005.14376-3-e@erig.me> In-Reply-To: <20180122191005.14376-1-e@erig.me> References: <20180122191005.14376-1-e@erig.me> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 22 Jan 2018 19:09:58 +0000 (UTC) X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 2/2] datapath: add ct_clear action X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Upstream commit: commit b8226962b1c49c784aeddb9d2fafbf53dfdc2190 Author: Eric Garver Date: Tue Oct 10 16:54:44 2017 -0400 openvswitch: add ct_clear action This adds a ct_clear action for clearing conntrack state. ct_clear is currently implemented in OVS userspace, but is not backed by an action in the kernel datapath. This is useful for flows that may modify a packet tuple after a ct lookup has already occurred. Signed-off-by: Eric Garver Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Notes: - hunk from include/uapi/linux/openvswitch.h is missing because it was added with userspace support in 1fe178d251c8 ("dpif: Add support for OVS_ACTION_ATTR_CT_CLEAR") - if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set() calls do. Since we're setting ct to NULL this is okay. Signed-off-by: Eric Garver Acked-by: Pravin B Shelar --- datapath/actions.c | 4 ++++ datapath/conntrack.c | 15 +++++++++++++++ datapath/conntrack.h | 7 +++++++ datapath/flow_netlink.c | 5 +++++ 4 files changed, 31 insertions(+) diff --git a/datapath/actions.c b/datapath/actions.c index ad18c2cc768a..1840fe556baf 100644 --- a/datapath/actions.c +++ b/datapath/actions.c @@ -1214,6 +1214,10 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, return err == -EINPROGRESS ? 0 : err; break; + case OVS_ACTION_ATTR_CT_CLEAR: + err = ovs_ct_clear(skb, key); + break; + case OVS_ACTION_ATTR_PUSH_ETH: err = push_eth(skb, key, nla_data(a)); break; diff --git a/datapath/conntrack.c b/datapath/conntrack.c index d517a87b0474..3f7943370fb3 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1170,6 +1170,21 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb, return err; } +int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key) +{ + if (skb_nfct(skb)) { + nf_conntrack_put(skb_nfct(skb)); +#ifdef HAVE_IP_CT_UNTRACKED + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); +#else + nf_ct_set(skb, NULL, 0); +#endif + ovs_ct_fill_key(skb, key); + } + + return 0; +} + static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, const struct sw_flow_key *key, bool log) { diff --git a/datapath/conntrack.h b/datapath/conntrack.h index 69ceb80e5a73..0c3964f5bcaf 100644 --- a/datapath/conntrack.h +++ b/datapath/conntrack.h @@ -31,6 +31,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *, struct sk_buff *); int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *, const struct ovs_conntrack_info *); +int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key); void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key); int ovs_ct_put_key(const struct sw_flow_key *swkey, @@ -74,6 +75,12 @@ static inline int ovs_ct_execute(struct net *net, struct sk_buff *skb, return -ENOTSUPP; } +static inline int ovs_ct_clear(struct sk_buff *skb, + struct sw_flow_key *key) +{ + return -ENOTSUPP; +} + static inline void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key) { diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c index b3b209269dcc..303337c4e99f 100644 --- a/datapath/flow_netlink.c +++ b/datapath/flow_netlink.c @@ -77,6 +77,7 @@ static bool actions_may_change_flow(const struct nlattr *actions) break; case OVS_ACTION_ATTR_CT: + case OVS_ACTION_ATTR_CT_CLEAR: case OVS_ACTION_ATTR_HASH: case OVS_ACTION_ATTR_POP_ETH: case OVS_ACTION_ATTR_POP_MPLS: @@ -2487,6 +2488,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, [OVS_ACTION_ATTR_SAMPLE] = (u32)-1, [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash), [OVS_ACTION_ATTR_CT] = (u32)-1, + [OVS_ACTION_ATTR_CT_CLEAR] = 0, [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc), [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth), [OVS_ACTION_ATTR_POP_ETH] = 0, @@ -2628,6 +2630,9 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, skip_copy = true; break; + case OVS_ACTION_ATTR_CT_CLEAR: + break; + case OVS_ACTION_ATTR_PUSH_ETH: /* Disallow pushing an Ethernet header if one * is already present */