[ovs-dev,04/11] datapath: Handle NF_NAT_NEEDED replacement
diff mbox series

Message ID 1571074671-31834-5-git-send-email-yihung.wei@gmail.com
State New
Headers show
Series
  • Backport upstream conntrack related patches
Related show

Commit Message

Yi-Hung Wei Oct. 14, 2019, 5:37 p.m. UTC
Starting from the following upstream commit, NF_NAT_NEEDED is replaced
by IS_ENABLED(CONFIG_NF_NAT) in the upstream kernel. This patch makes
some changes so that our in tree ovs kernel module is compatible to
both old and new kernels.

Upstream commit:
commit 4806e975729f99c7908d1688a143f1e16d464e6c
Author: Florian Westphal <fw@strlen.de>
Date:   Wed Mar 27 09:22:26 2019 +0100

    netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)

    NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is
    enabled.  Now that the af-specific nat configuration switches have been
    removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect.

    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
---
 acinclude.m4         |  1 +
 datapath/conntrack.c | 25 +++++++++++++++++--------
 2 files changed, 18 insertions(+), 8 deletions(-)

Comments

Yifeng Sun Oct. 14, 2019, 11:35 p.m. UTC | #1
LGTM, thanks.

Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>

On Mon, Oct 14, 2019 at 10:52 AM Yi-Hung Wei <yihung.wei@gmail.com> wrote:
>
> Starting from the following upstream commit, NF_NAT_NEEDED is replaced
> by IS_ENABLED(CONFIG_NF_NAT) in the upstream kernel. This patch makes
> some changes so that our in tree ovs kernel module is compatible to
> both old and new kernels.
>
> Upstream commit:
> commit 4806e975729f99c7908d1688a143f1e16d464e6c
> Author: Florian Westphal <fw@strlen.de>
> Date:   Wed Mar 27 09:22:26 2019 +0100
>
>     netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)
>
>     NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is
>     enabled.  Now that the af-specific nat configuration switches have been
>     removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect.
>
>     Signed-off-by: Florian Westphal <fw@strlen.de>
>     Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
>
> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
> ---
>  acinclude.m4         |  1 +
>  datapath/conntrack.c | 25 +++++++++++++++++--------
>  2 files changed, 18 insertions(+), 8 deletions(-)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index cc80026f2127..dca09abefa96 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -676,6 +676,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
>    OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_ops],
>                          [owner], [OVS_DEFINE([HAVE_NF_HOOKS_OPS_OWNER])])
>    OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [NFPROTO_INET])
> +  OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [CONFIG_NF_NAT_NEEDED])
>
>
>    OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter_ipv6.h], [nf_ipv6_ops],
> diff --git a/datapath/conntrack.c b/datapath/conntrack.c
> index 1b345a03e704..010f9af5ffd2 100644
> --- a/datapath/conntrack.c
> +++ b/datapath/conntrack.c
> @@ -34,7 +34,16 @@
>  #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
>  #include <net/ipv6_frag.h>
>
> -#ifdef CONFIG_NF_NAT_NEEDED
> +/* Upstream commit 4806e975729f ("netfilter: replace NF_NAT_NEEDED with
> + * IS_ENABLED(CONFIG_NF_NAT)") replaces the config checking on NF_NAT_NEEDED
> + * with CONFIG_NF_NAT.  We will replace the checking on NF_NAT_NEEDED for the
> + * newer kernel with the marco in order to keep backward compatiblity.
> + */
> +#ifndef HAVE_CONFIG_NF_NAT_NEEDED
> +#define CONFIG_NF_NAT_NEEDED  CONFIG_NF_NAT
> +#endif
> +
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>  /* Starting from upstream commit 3bf195ae6037 ("netfilter: nat: merge
>   * nf_nat_ipv4,6 into nat core") in kernel 5.1.  nf_nat_ipv4,6 are merged
>   * into nf_nat.  In order to keep backward compatibility, we keep the config
> @@ -100,7 +109,7 @@ struct ovs_conntrack_info {
>         struct md_labels labels;
>         char timeout[CTNL_TIMEOUT_NAME_MAX];
>         struct nf_ct_timeout *nf_ct_timeout;
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>         struct nf_nat_range2 range;  /* Only present for SRC NAT and DST NAT. */
>  #endif
>  };
> @@ -786,7 +795,7 @@ static bool skb_nfct_cached(struct net *net,
>         return ct_executed;
>  }
>
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>  /* Modelled after nf_nat_ipv[46]_fn().
>   * range is only used for new, uninitialized NAT state.
>   * Returns either NF_ACCEPT or NF_DROP.
> @@ -1405,7 +1414,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
>         return 0;
>  }
>
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>  static int parse_nat(const struct nlattr *attr,
>                      struct ovs_conntrack_info *info, bool log)
>  {
> @@ -1547,7 +1556,7 @@ static const struct ovs_ct_len_tbl ovs_ct_attr_lens[OVS_CT_ATTR_MAX + 1] = {
>                                     .maxlen = sizeof(struct md_labels) },
>         [OVS_CT_ATTR_HELPER]    = { .minlen = 1,
>                                     .maxlen = NF_CT_HELPER_NAME_LEN },
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>         /* NAT length is checked when parsing the nested attributes. */
>         [OVS_CT_ATTR_NAT]       = { .minlen = 0, .maxlen = INT_MAX },
>  #endif
> @@ -1627,7 +1636,7 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info,
>                                 return -EINVAL;
>                         }
>                         break;
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>                 case OVS_CT_ATTR_NAT: {
>                         int err = parse_nat(a, info, log);
>
> @@ -1761,7 +1770,7 @@ err_free_ct:
>         return err;
>  }
>
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>  static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info,
>                                struct sk_buff *skb)
>  {
> @@ -1871,7 +1880,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info,
>                         return -EMSGSIZE;
>         }
>
> -#ifdef CONFIG_NF_NAT_NEEDED
> +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
>         if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb))
>                 return -EMSGSIZE;
>  #endif
> --
> 2.7.4
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Patch
diff mbox series

diff --git a/acinclude.m4 b/acinclude.m4
index cc80026f2127..dca09abefa96 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -676,6 +676,7 @@  AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
   OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_ops],
                         [owner], [OVS_DEFINE([HAVE_NF_HOOKS_OPS_OWNER])])
   OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [NFPROTO_INET])
+  OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [CONFIG_NF_NAT_NEEDED])
 
 
   OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter_ipv6.h], [nf_ipv6_ops],
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 1b345a03e704..010f9af5ffd2 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -34,7 +34,16 @@ 
 #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
 #include <net/ipv6_frag.h>
 
-#ifdef CONFIG_NF_NAT_NEEDED
+/* Upstream commit 4806e975729f ("netfilter: replace NF_NAT_NEEDED with
+ * IS_ENABLED(CONFIG_NF_NAT)") replaces the config checking on NF_NAT_NEEDED
+ * with CONFIG_NF_NAT.  We will replace the checking on NF_NAT_NEEDED for the
+ * newer kernel with the marco in order to keep backward compatiblity.
+ */
+#ifndef HAVE_CONFIG_NF_NAT_NEEDED
+#define CONFIG_NF_NAT_NEEDED  CONFIG_NF_NAT
+#endif
+
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 /* Starting from upstream commit 3bf195ae6037 ("netfilter: nat: merge
  * nf_nat_ipv4,6 into nat core") in kernel 5.1.  nf_nat_ipv4,6 are merged
  * into nf_nat.  In order to keep backward compatibility, we keep the config
@@ -100,7 +109,7 @@  struct ovs_conntrack_info {
 	struct md_labels labels;
 	char timeout[CTNL_TIMEOUT_NAME_MAX];
 	struct nf_ct_timeout *nf_ct_timeout;
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 	struct nf_nat_range2 range;  /* Only present for SRC NAT and DST NAT. */
 #endif
 };
@@ -786,7 +795,7 @@  static bool skb_nfct_cached(struct net *net,
 	return ct_executed;
 }
 
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 /* Modelled after nf_nat_ipv[46]_fn().
  * range is only used for new, uninitialized NAT state.
  * Returns either NF_ACCEPT or NF_DROP.
@@ -1405,7 +1414,7 @@  static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
 	return 0;
 }
 
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 static int parse_nat(const struct nlattr *attr,
 		     struct ovs_conntrack_info *info, bool log)
 {
@@ -1547,7 +1556,7 @@  static const struct ovs_ct_len_tbl ovs_ct_attr_lens[OVS_CT_ATTR_MAX + 1] = {
 				    .maxlen = sizeof(struct md_labels) },
 	[OVS_CT_ATTR_HELPER]	= { .minlen = 1,
 				    .maxlen = NF_CT_HELPER_NAME_LEN },
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 	/* NAT length is checked when parsing the nested attributes. */
 	[OVS_CT_ATTR_NAT]	= { .minlen = 0, .maxlen = INT_MAX },
 #endif
@@ -1627,7 +1636,7 @@  static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info,
 				return -EINVAL;
 			}
 			break;
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 		case OVS_CT_ATTR_NAT: {
 			int err = parse_nat(a, info, log);
 
@@ -1761,7 +1770,7 @@  err_free_ct:
 	return err;
 }
 
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info,
 			       struct sk_buff *skb)
 {
@@ -1871,7 +1880,7 @@  int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info,
 			return -EMSGSIZE;
 	}
 
-#ifdef CONFIG_NF_NAT_NEEDED
+#if IS_ENABLED(CONFIG_NF_NAT_NEEDED)
 	if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb))
 		return -EMSGSIZE;
 #endif