From patchwork Wed Jul 12 18:05:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory Rose X-Patchwork-Id: 787399 X-Patchwork-Delegate: joestringer@nicira.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3x76Lh5Yrkz9s0Z for ; Thu, 13 Jul 2017 04:05:32 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="MvSuOa6e"; dkim-atps=neutral Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 6B21D483; Wed, 12 Jul 2017 18:05:28 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 93C853EE for ; Wed, 12 Jul 2017 18:05:27 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f194.google.com (mail-pf0-f194.google.com [209.85.192.194]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2346916F for ; Wed, 12 Jul 2017 18:05:27 +0000 (UTC) Received: by mail-pf0-f194.google.com with SMTP id c24so4086260pfe.1 for ; Wed, 12 Jul 2017 11:05:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=C48x4fYZreJC+f/Sh2eOggVHEk/jZ3fCsE0V4TBQ1zs=; b=MvSuOa6emBMtf2NaKWe6cZ8SqWpKgWmWvr3+9zK1udu2dE54zlC3faAT3pKDvo1UOH JinpYhiHLlh78KuvwOVIuEBeOpBgHmi37+tP75D0ipHv53LQu8ItXoSbG59RsZR5Ivxc gLV0xbYI3um4WJTFnFdU045HAom1xsU4Cx0zIWF2jM3wIqntsLFi+Hohz2lon2su81kE tvvjWD/DAHkwoV9LjYsKHUKEOrrlPn3U1p2RbRyUu0uU38GzQ/gaOzy5blIs4iRcsml4 QJP6TYerGHjaUr8P/JPv9JLsIlGqkWLgFLvQSpW6SJHvf0U8RdR8F55PW0zHVrHQ9t9Q Pslw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=C48x4fYZreJC+f/Sh2eOggVHEk/jZ3fCsE0V4TBQ1zs=; b=rCfZ2dV9x/+q7Tr0qMwWT4y37MtT4kn/a7+DzcqJsT3wehpc2IYr2w78WO8oPqJ2/X 3zv2b8yqtPyZWpTq2B7TH2gGQNcDAvWq4G8za3u8V957fW2SgyD1ndA9dzyMnUVeLqAM T62z7Ze0s5dS+A5bcxfLTXIIVtmOY7zzYBGg5fDh4lp8aa53H8CkvMvIscva+D+4Yg3m +mEDd0hF6cWFuw64Wt7UrPd35IK/wCHhLTTpRH8W7nfRlKH/VlcIu677gR+V9i6iAsS0 Kz/eCJTjvILB+oW5vnrB1iaYIA061zn7AX6zpQCkhXT12RG7WR6aRkHjr5PuQrJBwbEZ oOSw== X-Gm-Message-State: AIVw113dr8jvpwCJiMjPTpS0kZtIhqyqebGQMRepxKVto4YdQQLH+2Va /qWReDu31goR/8bj X-Received: by 10.98.216.193 with SMTP id e184mr55947710pfg.46.1499882726349; Wed, 12 Jul 2017 11:05:26 -0700 (PDT) Received: from gizo.domain (97-120-228-229.ptld.qwest.net. [97.120.228.229]) by smtp.gmail.com with ESMTPSA id m16sm7518126pfj.130.2017.07.12.11.05.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jul 2017 11:05:25 -0700 (PDT) From: Greg Rose To: dev@openvswitch.org Date: Wed, 12 Jul 2017 11:05:20 -0700 Message-Id: <1499882720-21050-1-git-send-email-gvrose8192@gmail.com> X-Mailer: git-send-email 1.8.3.1 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH] conntrack: Fix for force/commit bug X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org When the direction is being forced key->ct_state may not have been set. Check for this condition and take action to set the state correctly so that the force direction occurs. Co-authored-by: Joe Stringer Signed-off-by: Joe Stringer Signed-off-by: Greg Rose --- datapath/conntrack.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index bf28fc0..2da0321 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -665,7 +665,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, /* Determine whether skb->_nfct is equal to the result of conntrack lookup. */ static bool skb_nfct_cached(struct net *net, - const struct sw_flow_key *key, + struct sw_flow_key *key, const struct ovs_conntrack_info *info, struct sk_buff *skb) { @@ -675,12 +675,22 @@ static bool skb_nfct_cached(struct net *net, ct = nf_ct_get(skb, &ctinfo); /* If no ct, check if we have evidence that an existing conntrack entry * might be found for this skb. This happens when we lose a skb->_nfct - * due to an upcall. If the connection was not confirmed, it is not - * cached and needs to be run through conntrack again. + * due to an upcall, or if the direction is being forced. If the + * connection was not confirmed, it is not cached and needs to be run + * through conntrack again. */ - if (!ct && key->ct_state & OVS_CS_F_TRACKED && + if ((!ct && (key->ct_state & OVS_CS_F_TRACKED && !(key->ct_state & OVS_CS_F_INVALID) && - key->ct_zone == info->zone.id) { + key->ct_zone == info->zone.id)) || + (!key->ct_state && info->force)) { + if (!key->ct_state && info->force && !info->ct) { + int result = nf_conntrack_in(net, info->family, + NF_INET_PRE_ROUTING, skb); + if (result != NF_ACCEPT) + return false; + /* Update the key, but keep the NAT flags. */ + ovs_ct_update_key(skb, info, key, true, true); + } ct = ovs_ct_find_existing(net, &info->zone, info->family, skb, !!(key->ct_state & OVS_CS_F_NAT_MASK));