From patchwork Wed Apr 19 18:40:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1770867 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HRPHOOYD; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q1qP21wsvz23tD for ; Thu, 20 Apr 2023 04:40:54 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 097EE6FE80; Wed, 19 Apr 2023 18:40:52 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 097EE6FE80 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HRPHOOYD X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dUdGdgVVhcFp; Wed, 19 Apr 2023 18:40:51 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3736E616FE; Wed, 19 Apr 2023 18:40:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3736E616FE Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0FB49C0036; Wed, 19 Apr 2023 18:40:50 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8C9FDC0036 for ; Wed, 19 Apr 2023 18:40:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 67812616F8 for ; Wed, 19 Apr 2023 18:40:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 67812616F8 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1tg-pw1dfCK for ; Wed, 19 Apr 2023 18:40:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org AC456616F3 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id AC456616F3 for ; Wed, 19 Apr 2023 18:40:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1681929646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xvppy4gQGDwZpQuWUFORtnAvYBEKZ0Vrraa0ZndWaSI=; b=HRPHOOYDVpCmph9QgXoxSuazowr0DyhwXPWR3wM/U92yfd4kb/OzjzdEe/z1Mfh3C8JHro Wql086UNL5Yg9OUSCmYT4J4I5fGUZifPSNetRYvlfKGptZGl4xPAsXm8hpx2EKt4gAcwSP zp9bOTCgpJZgz2MSe2CDrggELeaZGl8= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-451-aBrOjReCPzyCBLMzdpuRRA-1; Wed, 19 Apr 2023 14:40:45 -0400 X-MC-Unique: aBrOjReCPzyCBLMzdpuRRA-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-94eed5da59aso1211666b.1 for ; Wed, 19 Apr 2023 11:40:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681929643; x=1684521643; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=xvppy4gQGDwZpQuWUFORtnAvYBEKZ0Vrraa0ZndWaSI=; b=DBr4pMsK9VVh5hOEDBxVkySaULg8DOvvH+NdXkkLahQDwMnjiSS7GVorJ3aO2ZVp/B oB4DtmR8skTYx3H2ACfUU9sZ3PDOEm6aNMPvLIRk3S9ffA8PASWJI0DmdVdUaVynEury XF1AHDfCnAldc/xKfu6//H0SWozi38LafK9+68c3q9lcCcFr7omsKuOdMFAT8lSTvKul Cw2b6gktOOCn8h+aIPTJr+rSWhSapeVc9XrmRwc56G9VKENzEIN7GWXUxAhRKXn0+VJ5 QkcCxANB7qAxcnljAdppfQH4dOCED9gEoxywaF/6SJ5UN+SNDaMnttoH/C8cD5UCR/kw 1H+w== X-Gm-Message-State: AAQBX9eUtxbsNoSWrgy00c4XgI6gAUS6X+4gfqQKSgNcfmVhp1uIeRdG D2Zp2+APP55UoyVI9sd4lI9xQR6V3jgrirvU34KTjd11e6phO6sCjwGRySCrN+ansFalQrR9F1n YsIh2vOKEPqkk5OxHK/OE7fgaSwUb1sMY0GenGLz+6zYair0fgHerMrqc44fJuFKtxmLkU1nG+/ PhQA== X-Received: by 2002:a17:906:5d:b0:94e:d688:fc92 with SMTP id 29-20020a170906005d00b0094ed688fc92mr17141938ejg.0.1681929643445; Wed, 19 Apr 2023 11:40:43 -0700 (PDT) X-Google-Smtp-Source: AKy350aoHj11bOPsvcOU49HA0RlSz7MP+QrrZzLPzJJMsJgOiezeGYD4CDoDA0arKYUwgtZMXwV5uA== X-Received: by 2002:a17:906:5d:b0:94e:d688:fc92 with SMTP id 29-20020a170906005d00b0094ed688fc92mr17141925ejg.0.1681929643135; Wed, 19 Apr 2023 11:40:43 -0700 (PDT) Received: from localhost ([37.183.25.94]) by smtp.gmail.com with ESMTPSA id xd5-20020a170907078500b0094f9b6b2b8dsm3928408ejb.178.2023.04.19.11.40.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Apr 2023 11:40:42 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Wed, 19 Apr 2023 20:40:41 +0200 Message-ID: <168192964179.4031872.15675810711997662503.stgit@fed.void> In-Reply-To: <168192962983.4031872.17969583942132440109.stgit@fed.void> References: <168192962983.4031872.17969583942132440109.stgit@fed.void> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: i.maximets@ovn.org Subject: [ovs-dev] [PATCH 1/2] conntrack: Do not defer connection clean up. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Connections that need to be removed, e.g. while forcing a direction, were invalidated forcing them to be expired. This is not actually needed, as it's typically a one-time operation. The patch replaces a call to conn_force_expire() with a call to conn_clean(). Signed-off-by: Paolo Valerio --- lib/conntrack.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index ce8a63de5..7e1fc4b1f 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -514,12 +514,6 @@ conn_clean(struct conntrack *ct, struct conn *conn) atomic_count_dec(&ct->n_conn); } -static void -conn_force_expire(struct conn *conn) -{ - atomic_store_relaxed(&conn->expiration, 0); -} - /* Destroys the connection tracker 'ct' and frees all the allocated memory. * The caller of this function must already have shut down packet input * and PMD threads (which would have been quiesced). */ @@ -1089,7 +1083,7 @@ conn_update_state(struct conntrack *ct, struct dp_packet *pkt, break; case CT_UPDATE_NEW: if (conn_lookup(ct, &conn->key, now, NULL, NULL)) { - conn_force_expire(conn); + conn_clean(ct, conn); } create_new_conn = true; break; @@ -1299,7 +1293,7 @@ process_one(struct conntrack *ct, struct dp_packet *pkt, /* Delete found entry if in wrong direction. 'force' implies commit. */ if (OVS_UNLIKELY(force && ctx->reply && conn)) { if (conn_lookup(ct, &conn->key, now, NULL, NULL)) { - conn_force_expire(conn); + conn_clean(ct, conn); } conn = NULL; } From patchwork Wed Apr 19 18:40:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1770868 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=RsWSBpQ3; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q1qPF0xvhz23tD for ; Thu, 20 Apr 2023 04:41:05 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 53E446FEA2; Wed, 19 Apr 2023 18:41:03 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 53E446FEA2 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=RsWSBpQ3 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xo3TLnXAc5ip; Wed, 19 Apr 2023 18:41:02 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3C7726FE91; Wed, 19 Apr 2023 18:41:01 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3C7726FE91 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id EF110C0036; Wed, 19 Apr 2023 18:41:00 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3CACFC002A for ; Wed, 19 Apr 2023 18:40:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9186A6FE7A for ; Wed, 19 Apr 2023 18:40:56 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 9186A6FE7A X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lLiSJVHumRd6 for ; Wed, 19 Apr 2023 18:40:55 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org F366F6FE7F Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id F366F6FE7F for ; Wed, 19 Apr 2023 18:40:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1681929653; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=czNvnx4yMNSC/UVjOEq+RYWu3+8/7t5AEzDBaUBFVRg=; b=RsWSBpQ3jM3TIVvS2Nf1NyKNImbhxqTehRhA9aSS89RGAnZ9J4D6kvPiZqgfWkZm46RQfp sG5fOYLhAr4fcTtRoNWz+2qTTx039A8fBYOovU3vrIH9UP+PGDeReMj6+cQXzcXtjXcMhn 2WWCvCyRHIDu9QpP7vjKJLIE5za+eGQ= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-592-Ba3-nGxoOiiikFidxm9Kpw-1; Wed, 19 Apr 2023 14:40:52 -0400 X-MC-Unique: Ba3-nGxoOiiikFidxm9Kpw-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-504ed238bd9so51885a12.0 for ; Wed, 19 Apr 2023 11:40:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681929650; x=1684521650; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:cc:to:from:subject:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=czNvnx4yMNSC/UVjOEq+RYWu3+8/7t5AEzDBaUBFVRg=; b=agL5UZyiEQqLSf95x5xSMYIK8zILLdVWiHPoEdTnnJ5r/NPN9LJR1rnF9HRQVlKPsU 2OFoQUVo+Q8Z8v6M0rarskYK0PKy+nEW8UWS0AzWgJereG1rbA+5ySH2uGOq3zSuVWVf AF/l7dITtpeDjc9/50Ds9MsUhQpyvE2Wnn8iWu+qkHd5UHIp8ntAVZ6V2adJRFbYQG6M QmsA7FNmBG58RbHG6Ih8Qev7Eb5IQUgx8seQHjf0vqxLLNvsB/lsxbpPuP2Yp+whVL3y 56Cs/TpmZWY8nKmNTFoGOr7p2QjtKnIDOE/bFZi4xE5wPPgzIafW0DPnn1cnb+drTvTc OugQ== X-Gm-Message-State: AAQBX9eB2RqmKzInWAyf9Lph/ksy9NQp8I9QcRKZV0E2V/hYvujdc+61 iLYwKoIWQC6Nu0SM5IPNUDQ1rdWz4dapOMKXxoS2dqt93lEi2kD3YDLaTvNqTR+m4zQhjWHDlFc wxq2sw9sDSWC/imzXh+VdZQ9YTdJQkqO5E4U2PaPCCTX2hjEJsdhWiL9xcmTSUY/oyUiSLeZvH7 72cA== X-Received: by 2002:a17:906:77d8:b0:930:7f40:c1bb with SMTP id m24-20020a17090677d800b009307f40c1bbmr15930071ejn.4.1681929650046; Wed, 19 Apr 2023 11:40:50 -0700 (PDT) X-Google-Smtp-Source: AKy350az3VpuEVdXA7L3w3ZC1x3Wrx5uJvlVJwAGEDPUL+gs6qdzmLlb0LEQ22z9iQO1R/QoK5VSyQ== X-Received: by 2002:a17:906:77d8:b0:930:7f40:c1bb with SMTP id m24-20020a17090677d800b009307f40c1bbmr15930047ejn.4.1681929649647; Wed, 19 Apr 2023 11:40:49 -0700 (PDT) Received: from localhost ([37.183.25.94]) by smtp.gmail.com with ESMTPSA id qx11-20020a170906fccb00b0094f499257f7sm5641533ejb.151.2023.04.19.11.40.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Apr 2023 11:40:48 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Wed, 19 Apr 2023 20:40:48 +0200 Message-ID: <168192964823.4031872.3228556334798413886.stgit@fed.void> In-Reply-To: <168192962983.4031872.17969583942132440109.stgit@fed.void> References: <168192962983.4031872.17969583942132440109.stgit@fed.void> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: i.maximets@ovn.org Subject: [ovs-dev] [PATCH 2/2] conntrack: Release nat_conn in case both keys have the same hash. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" During the creation of a new connection, there's a chance both key and rev_key end up having the same hash. This is more common in the case of all-zero snat with no collisions. In that case, once the connection is expired, but not cleaned up, if a new packet with the same 5-tuple is received, an assertion failure gets triggered in conn_update_state() because of a previous failure of retrieving a CT_CONN_TYPE_DEFAULT connection. Fix it by releasing the nat_conn during the connection creation in the case of same hash for both key and rev_key. Reported-by: Michael Plato Fixes: 61e48c2d1db2 ("conntrack: Handle SNAT with all-zero IP address.") Signed-off-by: Paolo Valerio --- In this thread [0] there are some more details. A similar approach here could be to avoid to add the nat_conn to the cmap and letting the sweeper release the memory for nat_conn once the whole connection gets freed. That approach could still be ok, but the drawback is that it could require a different patch for older branches that don't include 3d9c1b855a5f ("conntrack: Replace timeout based expiration lists with rculists."). It still worth to be considered. [0] https://mail.openvswitch.org/pipermail/ovs-discuss/2023-April/052339.html --- lib/conntrack.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 7e1fc4b1f..d2ee127d9 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1007,14 +1007,19 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, } nat_packet(pkt, nc, false, ctx->icmp_related); - memcpy(&nat_conn->key, &nc->rev_key, sizeof nat_conn->key); - memcpy(&nat_conn->rev_key, &nc->key, sizeof nat_conn->rev_key); - nat_conn->conn_type = CT_CONN_TYPE_UN_NAT; - nat_conn->nat_action = 0; - nat_conn->alg = NULL; - nat_conn->nat_conn = NULL; - uint32_t nat_hash = conn_key_hash(&nat_conn->key, ct->hash_basis); - cmap_insert(&ct->conns, &nat_conn->cm_node, nat_hash); + uint32_t nat_hash = conn_key_hash(&nc->rev_key, ct->hash_basis); + if (nat_hash != ctx->hash) { + memcpy(&nat_conn->key, &nc->rev_key, sizeof nat_conn->key); + memcpy(&nat_conn->rev_key, &nc->key, sizeof nat_conn->rev_key); + nat_conn->conn_type = CT_CONN_TYPE_UN_NAT; + nat_conn->nat_action = 0; + nat_conn->alg = NULL; + nat_conn->nat_conn = NULL; + cmap_insert(&ct->conns, &nat_conn->cm_node, nat_hash); + } else { + free(nat_conn); + nat_conn = NULL; + } } nc->nat_conn = nat_conn;