[net-next,v3,0/4] openvswitch: load and reference the NAT helper

Message ID	20190417144617.14922-1-fbl@redhat.com
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Flavio Leitner <fbl@redhat.com> To: netdev@vger.kernel.org Cc: Joe Stringer <joe@ovn.org>, Pravin B Shelar <pshelar@ovn.org>, dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org> Subject: [PATCH net-next v3 0/4] openvswitch: load and reference the NAT helper Date: Wed, 17 Apr 2019 11:46:13 -0300 Message-Id: <20190417144617.14922-1-fbl@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	openvswitch: load and reference the NAT helper \| expand [net-next,v3,0/4] openvswitch: load and reference the NAT helper [net-next,v3,1/4] netfilter: use macros to create module aliases. [net-next,v3,2/4] netfilter: add API to manage NAT helpers. [net-next,v3,3/4] netfilter: nf_nat: register NAT helpers. [net-next,v3,4/4] openvswitch: load and reference the NAT helper.

Message ID

20190417144617.14922-1-fbl@redhat.com

Headers

From: Flavio Leitner <fbl@redhat.com>
To: netdev@vger.kernel.org
Cc: Joe Stringer <joe@ovn.org>, Pravin B Shelar <pshelar@ovn.org>,
	dev@openvswitch.org, netfilter-devel@vger.kernel.org,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH net-next v3 0/4] openvswitch: load and reference the NAT
	helper
Date: Wed, 17 Apr 2019 11:46:13 -0300
Message-Id: <20190417144617.14922-1-fbl@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

openvswitch: load and reference the NAT helper | expand

Message

Flavio Leitner April 17, 2019, 2:46 p.m. UTC

The request_module() is quite expensive and triggers the
usermode helper in userspace. Instead, load only if the
module is not present and keep module references to avoid
problems.

The first patch standardize the module alias which is already
there, but not in a formal way.

The second patch adds an API to point to the NAT helper.

The third patch will register each NAT helper using the
new API.

The last patch fixes openvswitch to use the new API to
load and reference the NAT helper and also report an error
if the operation fails.


Flavio Leitner (4):
  netfilter: use macros to create module aliases.
  netfilter: add API to manage NAT helpers.
  netfilter: nf_nat: register NAT helpers.
  openvswitch: load and reference the NAT helper.

 include/net/netfilter/nf_conntrack_helper.h | 24 ++++++
 net/ipv4/netfilter/nf_nat_h323.c            |  2 +-
 net/ipv4/netfilter/nf_nat_pptp.c            |  2 +-
 net/netfilter/nf_conntrack_amanda.c         |  8 +-
 net/netfilter/nf_conntrack_ftp.c            | 18 +++--
 net/netfilter/nf_conntrack_helper.c         | 86 +++++++++++++++++++++
 net/netfilter/nf_conntrack_irc.c            |  6 +-
 net/netfilter/nf_conntrack_sane.c           | 12 +--
 net/netfilter/nf_conntrack_sip.c            | 28 +++----
 net/netfilter/nf_conntrack_tftp.c           | 18 +++--
 net/netfilter/nf_nat_amanda.c               |  9 ++-
 net/netfilter/nf_nat_ftp.c                  |  9 ++-
 net/netfilter/nf_nat_irc.c                  |  9 ++-
 net/netfilter/nf_nat_sip.c                  |  9 ++-
 net/netfilter/nf_nat_tftp.c                 |  9 ++-
 net/openvswitch/conntrack.c                 | 26 +++++--
 16 files changed, 225 insertions(+), 50 deletions(-)

Comments

David Miller April 18, 2019, 6:25 a.m. UTC | #1

From: Flavio Leitner <fbl@redhat.com>
Date: Wed, 17 Apr 2019 11:46:13 -0300

> The request_module() is quite expensive and triggers the
> usermode helper in userspace. Instead, load only if the
> module is not present and keep module references to avoid
> problems.
> 
> The first patch standardize the module alias which is already
> there, but not in a formal way.
> 
> The second patch adds an API to point to the NAT helper.
> 
> The third patch will register each NAT helper using the
> new API.
> 
> The last patch fixes openvswitch to use the new API to
> load and reference the NAT helper and also report an error
> if the operation fails.

Netfilter folks, besides a review, I was wondering if you'd like
to take this series the netfilter tree since it's mostly changes
in that area?

Thanks.

Pablo Neira Ayuso April 18, 2019, 11:28 a.m. UTC | #2

On Wed, Apr 17, 2019 at 11:25:09PM -0700, David Miller wrote:
> From: Flavio Leitner <fbl@redhat.com>
> Date: Wed, 17 Apr 2019 11:46:13 -0300
> 
> > The request_module() is quite expensive and triggers the
> > usermode helper in userspace. Instead, load only if the
> > module is not present and keep module references to avoid
> > problems.
> > 
> > The first patch standardize the module alias which is already
> > there, but not in a formal way.
> > 
> > The second patch adds an API to point to the NAT helper.
> > 
> > The third patch will register each NAT helper using the
> > new API.
> > 
> > The last patch fixes openvswitch to use the new API to
> > load and reference the NAT helper and also report an error
> > if the operation fails.
> 
> Netfilter folks, besides a review, I was wondering if you'd like
> to take this series the netfilter tree since it's mostly changes
> in that area?

I'll place this in the nf-next tree, thanks.

Pablo Neira Ayuso April 30, 2019, 11:42 a.m. UTC | #3

On Wed, Apr 17, 2019 at 11:46:13AM -0300, Flavio Leitner wrote:
> The request_module() is quite expensive and triggers the
> usermode helper in userspace. Instead, load only if the
> module is not present and keep module references to avoid
> problems.
> 
> The first patch standardize the module alias which is already
> there, but not in a formal way.
> 
> The second patch adds an API to point to the NAT helper.
> 
> The third patch will register each NAT helper using the
> new API.
> 
> The last patch fixes openvswitch to use the new API to
> load and reference the NAT helper and also report an error
> if the operation fails.

Series applied. Thanks Flavio.