From patchwork Fri Feb 16 17:19:14 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1900197
X-Patchwork-Delegate: horms@verge.net.au
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=EvzJUm64;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TbzFh59vQz23hy
	for <incoming@patchwork.ozlabs.org>; Sat, 17 Feb 2024 04:19:52 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 666D66128B;
	Fri, 16 Feb 2024 17:19:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
	by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ok5Rup9_fLGS; Fri, 16 Feb 2024 17:19:49 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5C35C6069B
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=EvzJUm64
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp3.osuosl.org (Postfix) with ESMTPS id 5C35C6069B;
	Fri, 16 Feb 2024 17:19:49 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 3578FC0077;
	Fri, 16 Feb 2024 17:19:49 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 2A42AC0077
 for <ovs-dev@openvswitch.org>; Fri, 16 Feb 2024 17:19:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id ECC4C41C3D
 for <ovs-dev@openvswitch.org>; Fri, 16 Feb 2024 17:19:47 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9JRpq9vJ_1Yg for <ovs-dev@openvswitch.org>;
 Fri, 16 Feb 2024 17:19:46 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org AEEB940414
Authentication-Results: smtp2.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org AEEB940414
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=EvzJUm64
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp2.osuosl.org (Postfix) with ESMTPS id AEEB940414
 for <ovs-dev@openvswitch.org>; Fri, 16 Feb 2024 17:19:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1708103985;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=o+i9jinJA7xR89ZxM7OoBJXqkeP5YiZ/Num5aTFgB48=;
 b=EvzJUm64i0kJDQaLEmYPTGeXcKGPRstVJAptyLRTVyOljttJu6Nps033KlIccyuIQ++Ghb
 1gk3Mg3scP5Vvw6rHsyZ4i3f+HqrIj9+N7tYg4GKM21wMvQbAaNClMH9Qhxid7fEkNkdsS
 8Kt8qBVHcW9Veopz90Z/+B5uILRpoyI=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-557-CVmLee9KOoqrLUtUVK7fBQ-1; Fri, 16 Feb 2024 12:19:43 -0500
X-MC-Unique: CVmLee9KOoqrLUtUVK7fBQ-1
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-40e354aaf56so5105065e9.1
 for <ovs-dev@openvswitch.org>; Fri, 16 Feb 2024 09:19:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1708103981; x=1708708781;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=o+i9jinJA7xR89ZxM7OoBJXqkeP5YiZ/Num5aTFgB48=;
 b=jdpzh7CfEmFFAzgD1xKXlYvf/8U3CCStgNHLirRtWgJ1R/1+197saPrfD10dWD/XaX
 cksmZtL9YUxrJTY/nBOu/BrW13Lp6KSRBYIQEFFoj/TbMkczOpC9A6djQyW1e2zUBHAu
 QZtM2x0einLEIEtBFjls55+37hfhGy82+9BXm3JxVDzUIlIctdJISgnXaqLEVB3LKVKB
 kuLJMHaXOYW2Dhvr71Kh1hs+SuUrugs36sahTJbaiOt4X8VLrGdzLO6R8eVYLy2VDvw3
 GDKTEVjpkZ6/8E72ChyXTPBO/VRnmKkoKNaL2QmciidJIXGd9bGeJtD1pYx9U19HmJUG
 4/QQ==
X-Gm-Message-State: AOJu0YxhXUm2CBilntXXjXHIjsKMYkdGerzTeN16FY0jnx/14MuRRFN2
 LkhZLZXv4BrpZL+/gU/GDG44nwjEtmbLpbQS5oQoFvo6FOVRgig7FYE2SbagChVaMqSTU9SlHXH
 nNGZCXMyoSR2oSAmmQR8J32F3x4kF+BsBwz7UBsCkjiXYi/u2e5PqmoIiRgN9t3JPq3tWf23iR4
 DqNXGqpbrG5qrntM2Rf3mHxbA4ns40Vh9/3PJBWKk=
X-Received: by 2002:a05:600c:5d1:b0:412:1eb7:f8f8 with SMTP id
 p17-20020a05600c05d100b004121eb7f8f8mr3493351wmd.0.1708103981743;
 Fri, 16 Feb 2024 09:19:41 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFmL9m6NKpNjfbi14ekaNYEOweel515OTDddEHJmBUlUv3PMYgjk3BTj4ffS/FTYam0QX2UPA==
X-Received: by 2002:a05:600c:5d1:b0:412:1eb7:f8f8 with SMTP id
 p17-20020a05600c05d100b004121eb7f8f8mr3493334wmd.0.1708103981317;
 Fri, 16 Feb 2024 09:19:41 -0800 (PST)
Received: from localhost (net-37-116-222-217.cust.vodafonedsl.it.
 [37.116.222.217]) by smtp.gmail.com with ESMTPSA id
 f19-20020a05600c155300b00411ff030f06sm3066180wmg.9.2024.02.16.09.19.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 16 Feb 2024 09:19:40 -0800 (PST)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Fri, 16 Feb 2024 18:19:14 +0100
Message-ID: <20240216171914.2651243-2-pvalerio@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240216171914.2651243-1-pvalerio@redhat.com>
References: <20240216171914.2651243-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH v3 2/2] conntrack: Handle persistent selection for
	IP addresses.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Acked-by: Simon Horman <horms@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
---
v3:
- rearranged branches in nat_get_unique_tuple() (Simon)
---
 NEWS              |  3 ++-
 lib/conntrack.c   | 25 +++++++++++++++++++------
 lib/conntrack.h   |  1 +
 lib/dpif-netdev.c |  2 ++
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index 93046b963..0c86bba81 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ Post-v3.3.0
 --------------------
    - Userspace datapath:
      * Conntrack now supports 'random' flag for selecting ports in a range
-       while natting.
+       while natting and 'persistent' flag for selection of the IP address
+       from a range.
 
 
 v3.3.0 - xx xxx xxxx
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e09ecdf33..8a7056bac 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2202,17 +2202,21 @@ nat_range_hash(const struct conn_key *key, uint32_t basis,
 {
     uint32_t hash = basis;
 
+    if (!basis) {
+        hash = ct_addr_hash_add(hash, &key->src.addr);
+    } else {
+        hash = ct_endpoint_hash_add(hash, &key->src);
+        hash = ct_endpoint_hash_add(hash, &key->dst);
+    }
+
     hash = ct_addr_hash_add(hash, &nat_info->min_addr);
     hash = ct_addr_hash_add(hash, &nat_info->max_addr);
     hash = hash_add(hash,
                     ((uint32_t) nat_info->max_port << 16)
                     | nat_info->min_port);
-    hash = ct_endpoint_hash_add(hash, &key->src);
-    hash = ct_endpoint_hash_add(hash, &key->dst);
     hash = hash_add(hash, (OVS_FORCE uint32_t) key->dl_type);
     hash = hash_add(hash, key->nw_proto);
     hash = hash_add(hash, key->zone);
-
     /* The purpose of the second parameter is to distinguish hashes of data of
      * different length; our data always has the same length so there is no
      * value in counting. */
@@ -2388,10 +2392,19 @@ nat_get_unique_tuple(struct conntrack *ct, struct conn *conn,
                      fwd_key->nw_proto == IPPROTO_SCTP;
     uint16_t min_dport, max_dport, curr_dport;
     uint16_t min_sport, max_sport, curr_sport;
-    uint32_t hash, port_off;
+    uint32_t hash, port_off, basis;
+
+    basis = (nat_info->nat_flags & NAT_PERSISTENT) ? 0 : ct->hash_basis;
+    hash = nat_range_hash(fwd_key, basis, nat_info);
+
+    if (nat_info->nat_flags & NAT_RANGE_RANDOM) {
+        port_off = random_uint32();
+    } else if (basis) {
+        port_off = hash;
+    } else {
+        port_off = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
+    }
 
-    hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
-    port_off = nat_info->nat_flags & NAT_RANGE_RANDOM ? random_uint32() : hash;
     min_addr = nat_info->min_addr;
     max_addr = nat_info->max_addr;
 
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 9b0c6aa88..ee7da099e 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -79,6 +79,7 @@ enum nat_action_e {
 
 enum nat_flags_e {
     NAT_RANGE_RANDOM = 1 << 0,
+    NAT_PERSISTENT = 1 << 1,
 };
 
 struct nat_action_info_t {
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c3334c667..fbf7ccabd 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -9413,6 +9413,8 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
                         nat_action_info.nat_flags |= NAT_RANGE_RANDOM;
                         break;
                     case OVS_NAT_ATTR_PERSISTENT:
+                        nat_action_info.nat_flags |= NAT_PERSISTENT;
+                        break;
                     case OVS_NAT_ATTR_PROTO_HASH:
                         break;
                     case OVS_NAT_ATTR_UNSPEC: