From patchwork Tue Oct 15 17:27:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177247 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BstBtEcj"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2kZ35tvz9sP4 for ; Wed, 16 Oct 2019 04:40:06 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 3DE34EBC; Tue, 15 Oct 2019 17:39:21 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 06B84EB8 for ; Tue, 15 Oct 2019 17:39:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9AA346C5 for ; Tue, 15 Oct 2019 17:39:19 +0000 (UTC) Received: by mail-pf1-f196.google.com with SMTP id b128so12952102pfa.1 for ; Tue, 15 Oct 2019 10:39:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=h/PwRTmw5pn3GOxN5e6qVO56WLPreKSphSwiDpOF2pU=; b=BstBtEcjOwOkxuQx8Lqv5gRv+QzVDq7v+rZI7gylNbvgCL42fPcP5gazSlZtnugQb8 jjIlPPrj17my/wBY8/aacYtvIaxJfE73CnXe2KFqEBLp9HwXy2ST67VineLS/IOwDy+a DfPMrEiN+6Ep9k6iVZdTiHlgA3zX2UPYjIBVOaOPlqbXfBTOTkgSAY3ZK7r6dlUl71Pq O+bl2eEekeAqYosm1X98LDtON8xmECLYjoxrxdTEYKXN0jQXjUM46kwzu77/8pCll8XK Qiikj0xLYDX+M3CYI6SFNhc23ZeMHEPLT9MvBr373xTVO/kH05E4fVgBn9hwuIKgAcB9 HItw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=h/PwRTmw5pn3GOxN5e6qVO56WLPreKSphSwiDpOF2pU=; b=iYURzIhbgHzs+ss1YIvJEVuV9JXpa4/PLR0ieqCAuNdauheRimg9XvO3dPZITtoGLY ZBkCuJkCz8yKnJ4ithAFze1VzMO3qJZ35ObtCg6XYiF1uf22hW6R4ch4Eb4mNh8uzX/p cY39Trx0m/Tlbdmq7PdclRm0Txw1ipUW6aMHGnkEwLEzh8aH/AEYbNti819GfG8wi+Oa bKsI3C1LXQHRb1/OSYLyx9e1RbS01KtzXArcUyvbI8oCsPopvb4spQ4E2VUoe+PTpWyP UXOXUTgIq2nqC73eQQBwYF9Nm3ZKniwTFePMHZsUvknW986izGJXToMuzN2h/C0R+Wgl X2ZA== X-Gm-Message-State: APjAAAU3USsDDqtzGBYcgYVb6kqHg/xVukHsneJt+osK1kFUGwhPXilu eValy/VXl4/Dn+O0X2yF0/wwT3OK8kw= X-Google-Smtp-Source: APXvYqxpeeLtyZr8Dj1aFFg4Mg4tikML6Zvj+Hcl2lGK4wcISrq8RNiVNqSVq/JWb9UQJqdzbicZiQ== X-Received: by 2002:aa7:9295:: with SMTP id j21mr39295583pfa.87.1571161158790; Tue, 15 Oct 2019 10:39:18 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:17 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:42 -0700 Message-Id: <1571160473-46132-2-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Arnd Bergmann Subject: [ovs-dev] [PATCH v2 01/12] datapath: Fix linking without CONFIG_NF_CONNTRACK_LABELS X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Arnd Bergmann upstream commit: commit a277d516de5f498c91d91189717ef7e01102ad27 Author: Arnd Bergmann Date: Fri Nov 2 16:36:55 2018 +0100 openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS When CONFIG_CC_OPTIMIZE_FOR_DEBUGGING is enabled, the compiler fails to optimize out a dead code path, which leads to a link failure: net/openvswitch/conntrack.o: In function `ovs_ct_set_labels': conntrack.c:(.text+0x2e60): undefined reference to `nf_connlabels_replace' In this configuration, we can take a shortcut, and completely remove the contrack label code. This may also help the regular optimization. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index c6d523758ff1..e328afe1ad15 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1263,7 +1263,8 @@ static int ovs_ct_commit(struct net *net, struct sw_flow_key *key, &info->labels.mask); if (err) return err; - } else if (labels_nonzero(&info->labels.mask)) { + } else if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) && + labels_nonzero(&info->labels.mask)) { err = ovs_ct_set_labels(ct, key, &info->labels.value, &info->labels.mask); if (err) From patchwork Tue Oct 15 17:27:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177248 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="cPChJE2/"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2lF6KQkz9sP4 for ; Wed, 16 Oct 2019 04:40:41 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id D2FAEEC6; Tue, 15 Oct 2019 17:39:23 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7306EEC1 for ; Tue, 15 Oct 2019 17:39:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 19B7E6C5 for ; Tue, 15 Oct 2019 17:39:21 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id q12so12924836pff.9 for ; Tue, 15 Oct 2019 10:39:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=minFp8ybfyNhctz2c33xijxxSSdpl5KvPVobJ3Vn2cU=; b=cPChJE2/2pBilQU5KUYtiKsZb5yT+wr2jsBocCArlyCKNvp+UCO+6Y6pN1RBjE+KCH kEcYWlhQpZp1c8YzytkDx8dGDCUVT8HfWNnJn+xjMzvkLc20Nq42dEc7K+YMaVqvFCfv pQZdyolVzq5nNlAdrqMkyvkUHiDWT6I8GBqIkVrcCjMNUVrtMcQaYY4gZWgqCPT/tcL8 q09KYGlhmG8g0p4+yUNN/pa5FfwB+La/Vvll3839VrJrg4W6SOij2JUDZbDW0SEERh1q hIGTT098ojDVlBtBdzhzdXZuOeT7wmG8+2OrCmhgULsbQSn1Wcdhz8nesj8S/leYvybQ AaBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=minFp8ybfyNhctz2c33xijxxSSdpl5KvPVobJ3Vn2cU=; b=jBQn5pNR2AXmyWoy0+evhoSgH8q1xUo1Rwbu+HNX4XCmEskp6Qnj7xLh7+gM+7Fp+I VSIjiqJ0LmX6+qX7D+BvS5zNkceDrj2BjXVXJG49ke/h0PzOii2nd4/P7yTf6qjPHTEn 8xRGRa9jerDJAPlFT7RpQi1NcLKTLRFACXA3quR5axjHNQrHlVB7QtjAIUk9d3zfYiYm mGj3GoKEVP/LL+YJDE9XVcnj5d24taoIF1Rco1aJW/H4kTOjykdFkWbvwgAI2aKhSzJr XIuqUs1qB1vzAspxwBgMnHDt2LtBKJUSihE+iqOF5HKA5PsY14wbm9jVhKYxKX7Qf3Kt YDdA== X-Gm-Message-State: APjAAAV3R7Lu+7VcN5Feqamy9T6lF7FutA4Z+QaEtXMJFJnZ4yor6jvh p2kcJaf9VUQ52lIReSevgR0OlLf/GoM= X-Google-Smtp-Source: APXvYqxuxDHrvlTtoaOq5JGkix4XIyxe+lmslfpRylOIyrwXyNpnrtNYlbxMOHOt+G5c4cCST8XCTw== X-Received: by 2002:aa7:8e4b:: with SMTP id d11mr8295729pfr.79.1571161160247; Tue, 15 Oct 2019 10:39:20 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:19 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:43 -0700 Message-Id: <1571160473-46132-3-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 02/12] datapath: Replace nf_ct_invert_tuplepr() with nf_ct_invert_tuple() X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org After upstream net-next commit 303e0c558959 ("netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups") nf_ct_invert_tuplepr() is no longer available in the kernel. Ideally, we should be in sync with upstream kernel by calling nf_ct_invert_tuple() directly in conntrack.c. However, nf_ct_invert_tuple() has different function signature in older kernel, and it would be hard to replace that in the compat layer. Thus, we use rpl_nf_ct_invert_tuple() in conntrack.c and maintain compatibility in the compat layer so that ovs kernel module runs smoothly in both new and old kernel. Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 2 ++ datapath/conntrack.c | 2 +- .../linux/compat/include/net/netfilter/nf_conntrack_core.h | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/acinclude.m4 b/acinclude.m4 index b3e5f94690c8..3f63cef86696 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -697,6 +697,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [nf_ct_set]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], [nf_ct_is_untracked]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], + [nf_ct_invert_tuplepr]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], [nf_ct_zone_init]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index e328afe1ad15..afdd65b4cb7c 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -668,7 +668,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, if (natted) { struct nf_conntrack_tuple inverse; - if (!nf_ct_invert_tuplepr(&inverse, &tuple)) { + if (!rpl_nf_ct_invert_tuple(&inverse, &tuple)) { pr_debug("ovs_ct_find_existing: Inversion failed!\n"); return NULL; } diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index 10158011fd4d..ad52bc9412d8 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -113,4 +113,18 @@ rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) #define nf_conntrack_in rpl_nf_conntrack_in #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ +#ifdef HAVE_NF_CT_INVERT_TUPLEPR +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig) +{ + return nf_ct_invert_tuplepr(inverse, orig); +} +#else +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig) +{ + return nf_ct_invert_tuple(inverse, orig); +} +#endif /* HAVE_NF_CT_INVERT_TUPLEPR */ + #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */ From patchwork Tue Oct 15 17:27:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177249 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="TVSh1sjs"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2lt0PsXz9sP4 for ; Wed, 16 Oct 2019 04:41:14 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 7AE8AED3; Tue, 15 Oct 2019 17:39:24 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 06A1EEC1 for ; Tue, 15 Oct 2019 17:39:23 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A327B6C5 for ; Tue, 15 Oct 2019 17:39:22 +0000 (UTC) Received: by mail-pf1-f196.google.com with SMTP id q21so12907972pfn.11 for ; Tue, 15 Oct 2019 10:39:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=iiy8aOA1fq8K72xjGR2lZoft3PbgCSQ5WguPpqEI+SE=; b=TVSh1sjsapSlrHIQN9lRlvW6N2kC9p3qK3X2fNHlX/kr4VAobxU5gHvNhvIXrrOKBr uJxK7agzD7TxXJ+QvjVJ7Iqvf2kYnZW/QFzFeHp0EC5GbsWg5TjXGS6HyKebnDFalFfb zMRPLdDFYhO0w+7GEEspeETX+qUXQfHLFXpTHqZGa4PSM10c0tAXK/8mWSEsFh+N7y6I g4j8GpPh9IMhMiiFdIxsk/bYThDhKL+UFajnh3zrjKi0qs/s1Coxa0+MkMKs9t+wLZr4 fpqh4ajvPWs8bGdQJOOWTTpjUQpx3bSlo+CorXvx2XDVddkXTJcmkNFlkXaqeduZt09U WILA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=iiy8aOA1fq8K72xjGR2lZoft3PbgCSQ5WguPpqEI+SE=; b=sNxjMZ0o1yqDLB8Tnpz6d3yiBAUIz6+PW+rGOgITyUaIsQXWFq2V0HhMTiOT7l3NIU v+4XdiMIAnEpdtrnZJdy9eSvi7W8oiqV/YFTBKkiymyttlcKodVQwqKbWnXQHx/I/TSH 5AzoXYmGWm43ulig4t0jH5KSoxR21tLxgUZKVbYrZ6tEwvsm6Ugs8MyRdOpF2L5XS2at 3VbMZRA0dif4fDCgLXvnt9OjfEdrc4yfK2fyjN/x8RLGtjT2tQUQO8mb0JIsaAoJR9mE i9KcV/YlLcIsBrU5/q13Rsf0xRrbbCdt0pYFvwKMpCUMYjwtnkegx/7n3cUHt35p7uvU WHdw== X-Gm-Message-State: APjAAAW+DOB3VdAxKEH5q/TdNC9Q9c0v+SeNz7l0DUrIjMFoHPmsb+jS ccn4PHkQkt8hBiE7HXNp57yqqjE7Rm8= X-Google-Smtp-Source: APXvYqxuVcqeqU3Fi4b5AlXrBKQlMZJDxZbGKaO2NChtwwPiZH/xyzimRKaVkG/lYjsUcMF/MNR9dA== X-Received: by 2002:a65:6492:: with SMTP id e18mr40456146pgv.111.1571161161675; Tue, 15 Oct 2019 10:39:21 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:20 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:44 -0700 Message-Id: <1571160473-46132-4-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 03/12] datapath: Detect upstream nf_nat change X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org The following two upstream commits merge nf_nat_ipv4 and nf_nat_ipv6 into nf_nat core, and move some header files around. To handle these modifications, this patch detects the upstream changes, uses the header files and config symbols properly. Ideally, we should replace CONFIG_NF_NAT_IPV4 and CONFIG_NF_NAT_IPV6 with CONFIG_NF_NAT and CONFIG_IPV6. In order to keep backward compatibility, we keep the checking of CONFIG_NF_NAT_IPV4/6 as is for the old kernel, and replace them with marco for the new kernel. upstream commits: 3bf195ae6037 ("netfilter: nat: merge nf_nat_ipv4,6 into nat core") d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h") Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 2 ++ datapath/conntrack.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/acinclude.m4 b/acinclude.m4 index 3f63cef86696..417a4504b135 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -713,6 +713,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_ct_nat_ext_add]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_nat_alloc_null_binding]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_nat_range2]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_nat_packet], + [OVS_DEFINE([HAVE_UPSTREAM_NF_NAT])]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_seqadj.h], [nf_ct_seq_adjust]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_count.h], [nf_conncount_gc_list], [OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_count.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index afdd65b4cb7c..291d4f4723d9 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -35,10 +35,21 @@ #include #ifdef CONFIG_NF_NAT_NEEDED +/* Starting from upstream commit 3bf195ae6037 ("netfilter: nat: merge + * nf_nat_ipv4,6 into nat core") in kernel 5.1. nf_nat_ipv4,6 are merged + * into nf_nat. In order to keep backward compatibility, we keep the config + * checking as is for the old kernel, and replace them with marco for the + * new kernel. */ +#ifdef HAVE_UPSTREAM_NF_NAT +#include +#define CONFIG_NF_NAT_IPV4 CONFIG_NF_NAT +#define CONFIG_NF_NAT_IPV6 CONFIG_IPV6 +#else #include #include #include -#endif +#endif /* HAVE_UPSTREAM_NF_NAT */ +#endif /* CONFIG_NF_NAT_NEEDED */ #include "datapath.h" #include "conntrack.h" From patchwork Tue Oct 15 17:27:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177250 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="dF6mhplT"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2mc4Q9Sz9sPF for ; Wed, 16 Oct 2019 04:41:52 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 4F900EE1; Tue, 15 Oct 2019 17:39:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 83D80ED6 for ; Tue, 15 Oct 2019 17:39:24 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3A5586C5 for ; Tue, 15 Oct 2019 17:39:24 +0000 (UTC) Received: by mail-pg1-f195.google.com with SMTP id p12so3233205pgn.6 for ; Tue, 15 Oct 2019 10:39:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=F8YjLLu7jH97iIH9j91rMUHNw4EW7mCrXDKWY8urhIg=; b=dF6mhplTtBI+gXsfYMmT12Q1fwIsBwpZyluJdDAqtUqEeoWEcENMHZlwljnp25YcRG FGoT26aFo8zaIAryJ1iJpG2fHMvmlYRZljaLy8sWkDpMJZvwtrwORigvKCTXnScqDGx/ /kzkkO7VD7aw7aibLq8bqe+4oddyyVHkDA7W88aKKhfcM4UOBPFGzS2XPY/g+C2hwBw6 gFBrfoXy+uyJzoqK0yINRvRwaWQX+TUZJiLUhzK0EKMZQTYEI5cCX8jz/ScrafeD1TmZ hSGb5aPNc0L3qT2Um6KVLvEY3S95D5l9foULAHtUGLVaiM/JEZKMq2cILmQjJpOJxOMf oKGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=F8YjLLu7jH97iIH9j91rMUHNw4EW7mCrXDKWY8urhIg=; b=dVxMU8DsKB/Q01rbiQIVz30jvcfTniowsP+GXk0Kb9XaRNyPoGZqiGpz/87qkRIzaf H9hkmsdi8EybS41yDIUIGEyWgmE/GpbDZQE8JbIhafqDQbwbiq0T3JNxeDqKLGKJHAk2 UUqiZs5dinAYvi13x2WomT3ZPO/ZedFeeE7j998RfggAWpUzWSp7WNuBuqRskLx3h+MC D0fsH13F5D70PRZshf0t5Dze3yq9nYxWClAL/T8TRPezsZuP6Zp7H+wbmSKYzBMcZURl aiIbXIzBeZNcULbIFxnT/wwSXDzDmZW9kUP1fUL3dPRWC+OBFdLaPga1lUhi1rRNPXTb aEQQ== X-Gm-Message-State: APjAAAVVmflx2sjK5mH/ZYcWxvoC/eXAOHSZnSxqh97nRImkLhWvFSAA Ujfg8mvt+C1owffyzoMhRObdP7tA0bs= X-Google-Smtp-Source: APXvYqzWIWLycUmg+GGMnyubdfCRh/WUoWg7K0bLvCgC9+DnnWA4EYToQiyuACiGYBlgoeCIf25SHA== X-Received: by 2002:a63:2d43:: with SMTP id t64mr39592499pgt.428.1571161163306; Tue, 15 Oct 2019 10:39:23 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:22 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:45 -0700 Message-Id: <1571160473-46132-5-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Flavio Leitner Subject: [ovs-dev] [PATCH v2 04/12] datapath: add seqadj extension when NAT is used. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Flavio Leitner upstream patch: commit fa7e428c6b7ed3281610511a2b2ec716d9894be8 Author: Flavio Leitner Date: Mon Mar 25 15:58:31 2019 -0300 openvswitch: add seqadj extension when NAT is used. When the conntrack is initialized, there is no helper attached yet so the nat info initialization (nf_nat_setup_info) skips adding the seqadj ext. A helper is attached later when the conntrack is not confirmed but is going to be committed. In this case, if NAT is needed then adds the seqadj ext as well. Fixes: 16ec3d4fbb96 ("openvswitch: Fix cached ct with helper.") Signed-off-by: Flavio Leitner Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 291d4f4723d9..1b345a03e704 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1063,6 +1063,12 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, GFP_ATOMIC); if (err) return err; + + /* helper installed, add seqadj if NAT is required */ + if (info->nat && !nfct_seqadj(ct)) { + if (!nfct_seqadj_ext_add(ct)) + return -EINVAL; + } } /* Call the helper only if: From patchwork Tue Oct 15 17:27:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177251 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="afuqkd/O"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2nF0vNBz9sP4 for ; Wed, 16 Oct 2019 04:42:25 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id E34C3EE4; Tue, 15 Oct 2019 17:39:28 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E3A50EE3 for ; Tue, 15 Oct 2019 17:39:27 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EF69E6C5 for ; Tue, 15 Oct 2019 17:39:25 +0000 (UTC) Received: by mail-pf1-f170.google.com with SMTP id q12so12924969pff.9 for ; Tue, 15 Oct 2019 10:39:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=rWM7+FQuQmGQI7VIZUf0W474tKn57Qbeb8WObB3KIng=; b=afuqkd/ON6nIDLYL7a0FcgdzrlWxA8O8q/zYjELj0OW9fFLqdL/Tn7EeRE10HT9y1I n6iUayZvkMGgoo6voaD/cOKsJvPI38TWr3jNgwesi7s/LHDZNUauCpE33p66CU37YD/1 Mlj1NfrW2KMZ7r3Ohtx4Vtj+J/5DWL4mk4sL+bDhy56+B42K/Md0syskHViItIdiJ1JZ 8qJOPqSbZABiMNZDe4l7Fz+JRKpKn2LM+YNpBbba0JLH7qyyWee22Up99FE67j/Q9vIs ssXrB/9gt95IBbP3WQArZV2N2mqBcQTg0ymmIjqZ0gmmlR8xIpk2tKIpIBM1UPwUH5LU VlHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rWM7+FQuQmGQI7VIZUf0W474tKn57Qbeb8WObB3KIng=; b=Z1apdNTjpLtNFUJugmlwWl1hIBKDUUhMcTMAWsJnid3kbfPx3QNtfnpJa+cJw8ESno CQgH8E/t4SE1aX7KhxZ/Fo9OghrhGRxxFLAmDdwqGEjckqYWYELzDbQDBd5OGzw+7ZZS QmZqKEuFEdPPNGV8yPbiyM+J/8FGwLPxHbVUgVTYmsOBhCSDpOFtVuqz1q8rXWgSfObB yKwlO4xsibVuZU1K6C3rbDKjJdsRoRcugQSu8OBbjX4HkCToQF18lHJbr0U1Cx6BZMvg Jiq88V4cpipDkWvdC0JJTYsZ3QarXUKMhpx1XwgxqmeYMEn5HPTeLaa+s4nbBIlEuvsG nclA== X-Gm-Message-State: APjAAAWep97WvUYxZ/grSBNgOSKmSVDB6cHf4dtSHEkn0/5Tnhs2Z+0A K/VJc2TUIa6IP4lqsR6DrieXu+ugSDk= X-Google-Smtp-Source: APXvYqwkMcfuy23xevNoBJsksDEGb/0AL8wqKCC03VgQdxm6Q+016iLeuJ8BSuvdbEQxxPYnXDxj1g== X-Received: by 2002:a63:e056:: with SMTP id n22mr38998560pgj.73.1571161164854; Tue, 15 Oct 2019 10:39:24 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:23 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:46 -0700 Message-Id: <1571160473-46132-6-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 05/12] datapath: Handle NF_NAT_NEEDED replacement X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Starting from the following upstream commit, NF_NAT_NEEDED is replaced by IS_ENABLED(CONFIG_NF_NAT) in the upstream kernel. This patch makes some changes so that our in tree ovs kernel module is compatible to both old and new kernels. Upstream commit: commit 4806e975729f99c7908d1688a143f1e16d464e6c Author: Florian Westphal Date: Wed Mar 27 09:22:26 2019 +0100 netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is enabled. Now that the af-specific nat configuration switches have been removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 1 + datapath/conntrack.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 417a4504b135..3b65a47db55b 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -676,6 +676,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_ops], [owner], [OVS_DEFINE([HAVE_NF_HOOKS_OPS_OWNER])]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [NFPROTO_INET]) + OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [CONFIG_NF_NAT_NEEDED]) OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter_ipv6.h], [nf_ipv6_ops], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 1b345a03e704..010f9af5ffd2 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -34,7 +34,16 @@ #include #include -#ifdef CONFIG_NF_NAT_NEEDED +/* Upstream commit 4806e975729f ("netfilter: replace NF_NAT_NEEDED with + * IS_ENABLED(CONFIG_NF_NAT)") replaces the config checking on NF_NAT_NEEDED + * with CONFIG_NF_NAT. We will replace the checking on NF_NAT_NEEDED for the + * newer kernel with the marco in order to keep backward compatiblity. + */ +#ifndef HAVE_CONFIG_NF_NAT_NEEDED +#define CONFIG_NF_NAT_NEEDED CONFIG_NF_NAT +#endif + +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) /* Starting from upstream commit 3bf195ae6037 ("netfilter: nat: merge * nf_nat_ipv4,6 into nat core") in kernel 5.1. nf_nat_ipv4,6 are merged * into nf_nat. In order to keep backward compatibility, we keep the config @@ -100,7 +109,7 @@ struct ovs_conntrack_info { struct md_labels labels; char timeout[CTNL_TIMEOUT_NAME_MAX]; struct nf_ct_timeout *nf_ct_timeout; -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ #endif }; @@ -786,7 +795,7 @@ static bool skb_nfct_cached(struct net *net, return ct_executed; } -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) /* Modelled after nf_nat_ipv[46]_fn(). * range is only used for new, uninitialized NAT state. * Returns either NF_ACCEPT or NF_DROP. @@ -1405,7 +1414,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return 0; } -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) static int parse_nat(const struct nlattr *attr, struct ovs_conntrack_info *info, bool log) { @@ -1547,7 +1556,7 @@ static const struct ovs_ct_len_tbl ovs_ct_attr_lens[OVS_CT_ATTR_MAX + 1] = { .maxlen = sizeof(struct md_labels) }, [OVS_CT_ATTR_HELPER] = { .minlen = 1, .maxlen = NF_CT_HELPER_NAME_LEN }, -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) /* NAT length is checked when parsing the nested attributes. */ [OVS_CT_ATTR_NAT] = { .minlen = 0, .maxlen = INT_MAX }, #endif @@ -1627,7 +1636,7 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, return -EINVAL; } break; -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) case OVS_CT_ATTR_NAT: { int err = parse_nat(a, info, log); @@ -1761,7 +1770,7 @@ err_free_ct: return err; } -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info, struct sk_buff *skb) { @@ -1871,7 +1880,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info, return -EMSGSIZE; } -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb)) return -EMSGSIZE; #endif From patchwork Tue Oct 15 17:27:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177252 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="G6a/zZW5"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2nk54Zfz9sP4 for ; Wed, 16 Oct 2019 04:42:50 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 897E7EF7; Tue, 15 Oct 2019 17:39:31 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0D0E6EEA for ; Tue, 15 Oct 2019 17:39:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1A4F96C5 for ; Tue, 15 Oct 2019 17:39:28 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id q21so12908123pfn.11 for ; Tue, 15 Oct 2019 10:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WAMYBoMnqwrPHpGGdMVFSax7YVO5GLr+6gpiPx2pu98=; b=G6a/zZW5MotIP9a4kC/LOv0brcKdjKwLofvH9+IZSOlxmlAXKnUmfIm/xyji+COVe9 v2prXehf7o5wIqliJ6JHOD69WPY4TbFSD1l7BqjaUenEt2aAPhBiGCSFyTSPr2KkzXTK pfOwZxUfaEvULR5S1D3Vs/j3B+hf/8C9DGgyCDzDW9G6npABXm/0QzT7Kmclfq7Ut+OJ zn2LlKvsDLLC3oN1J5e6Fdm9gQjT3RYnElkyNUNGxVFy1CzWKA5JVtNaR5FGyxjsW2Xw OE5MxUnKk4qmmmncVSsRGScEy3f9bcrfGg/qTWXuVDGSQ3Pg+RfcwBm7CnNrJQODyCjP wnJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WAMYBoMnqwrPHpGGdMVFSax7YVO5GLr+6gpiPx2pu98=; b=txoL7CpL5L3W0dR535b/VwXUAY64VLDkJsaQNIXcDwWpjqD5ZWdyE8F75hi/r4fA6U p01IqlMZkrWzYVCqc3624rVtnDW4yJkAK5EW4x7/ZAl6/mRL9Xp4J4tFHeMVddg1PWtz yhpTzB5VzIQDU5JClgXc+10wTek1PvwRIVXx7nePwcTenipS4K2vuzMvnZbsPbsOM6eB quxgKbYx71esv0tHLxzjgFXkA6/cAZ8PbkSSnnQB0klFC/n4pjMhw5/E5mi9zucar0zT ak+BtsCK6HzpAEN7ovot6HedcdyWa5Jca8qNkM47e6reMgTwosiKiejdoV79PaTlsoJL 4O6g== X-Gm-Message-State: APjAAAXXhRIiV4P5xn8gAhkeA/8cpDSe1IDHW99u5WVkbFogkWUpXnL4 Kd7nj1HYb8dqyu4+HW+sfJQx6XfE7Ww= X-Google-Smtp-Source: APXvYqz5BDwSwBTdoWwsnJlsFsVN/Yi8BpmNghY0HRHg6jaHNVdeRJTWnkXfOXjFS++GMBhmCfVIrA== X-Received: by 2002:a65:4649:: with SMTP id k9mr39296125pgr.139.1571161166836; Tue, 15 Oct 2019 10:39:26 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:25 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:47 -0700 Message-Id: <1571160473-46132-7-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 06/12] datapath: Use nla_nest_start_noflag() X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This patch backports the openvswitch changes and update the compat layer for the following upstream patch. commit ae0be8de9a53cda3505865c11826d8ff0640237c Author: Michal Kubecek Date: Fri Apr 26 11:13:06 2019 +0200 netlink: make nla_nest_start() add NLA_F_NESTED flag Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most netlink based interfaces (including recently added ones) are still not setting it in kernel generated messages. Without the flag, message parsers not aware of attribute semantics (e.g. wireshark dissector or libmnl's mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display the structure of their contents. Unfortunately we cannot just add the flag everywhere as there may be userspace applications which check nlattr::nla_type directly rather than through a helper masking out the flags. Therefore the patch renames nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start() as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually are rewritten to use nla_nest_start(). Except for changes in include/net/netlink.h, the patch was generated using this semantic patch: @@ expression E1, E2; @@ -nla_nest_start(E1, E2) +nla_nest_start_noflag(E1, E2) @@ expression E1, E2; @@ -nla_nest_start_noflag(E1, E2 | NLA_F_NESTED) +nla_nest_start(E1, E2) Signed-off-by: Michal Kubecek Acked-by: Jiri Pirko Acked-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 1 + datapath/conntrack.c | 6 +++--- datapath/datapath.c | 7 +++--- datapath/flow_netlink.c | 33 +++++++++++++++-------------- datapath/linux/compat/include/net/netlink.h | 9 ++++++++ datapath/meter.c | 8 +++---- datapath/vport-vxlan.c | 2 +- datapath/vport.c | 2 +- 8 files changed, 40 insertions(+), 28 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 3b65a47db55b..f7b7c0438c16 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -844,6 +844,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/netlink.h], [nla_put_in_addr]) OVS_GREP_IFELSE([$KSRC/include/net/netlink.h], [nla_find_nested]) OVS_GREP_IFELSE([$KSRC/include/net/netlink.h], [nla_is_last]) + OVS_GREP_IFELSE([$KSRC/include/net/netlink.h], [nla_nest_start_noflag]) OVS_GREP_IFELSE([$KSRC/include/linux/netlink.h], [void.*netlink_set_err], [OVS_DEFINE([HAVE_VOID_NETLINK_SET_ERR])]) OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netlink.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 010f9af5ffd2..b11a30965147 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1776,7 +1776,7 @@ static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info, { struct nlattr *start; - start = nla_nest_start(skb, OVS_CT_ATTR_NAT); + start = nla_nest_start_noflag(skb, OVS_CT_ATTR_NAT); if (!start) return false; @@ -1847,7 +1847,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info, { struct nlattr *start; - start = nla_nest_start(skb, OVS_ACTION_ATTR_CT); + start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CT); if (!start) return -EMSGSIZE; @@ -2257,7 +2257,7 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info) if (IS_ERR(reply)) return PTR_ERR(reply); - nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); + nla_reply = nla_nest_start_noflag(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) { err = ovs_ct_limit_get_zone_limit( diff --git a/datapath/datapath.c b/datapath/datapath.c index 94e4f6ffd6e9..78e2e6310529 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -475,7 +475,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb, if (upcall_info->egress_tun_info) { - nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_EGRESS_TUN_KEY); + nla = nla_nest_start_noflag(user_skb, + OVS_PACKET_ATTR_EGRESS_TUN_KEY); if (!nla) { err = -EMSGSIZE; goto out; @@ -487,7 +488,7 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb, } if (upcall_info->actions_len) { - nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_ACTIONS); + nla = nla_nest_start_noflag(user_skb, OVS_PACKET_ATTR_ACTIONS); if (!nla) { err = -EMSGSIZE; goto out; @@ -789,7 +790,7 @@ static int ovs_flow_cmd_fill_actions(const struct sw_flow *flow, * This can only fail for dump operations because the skb is always * properly sized for single flows. */ - start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS); + start = nla_nest_start_noflag(skb, OVS_FLOW_ATTR_ACTIONS); if (start) { const struct sw_flow_actions *sf_acts; diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c index 0f7ab53fc141..35f13d753cec 100644 --- a/datapath/flow_netlink.c +++ b/datapath/flow_netlink.c @@ -839,7 +839,7 @@ static int vxlan_opt_to_nlattr(struct sk_buff *skb, const struct vxlan_metadata *opts = tun_opts; struct nlattr *nla; - nla = nla_nest_start(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS); + nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS); if (!nla) return -EMSGSIZE; @@ -926,7 +926,7 @@ static int ip_tun_to_nlattr(struct sk_buff *skb, struct nlattr *nla; int err; - nla = nla_nest_start(skb, OVS_KEY_ATTR_TUNNEL); + nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL); if (!nla) return -EMSGSIZE; @@ -1934,7 +1934,7 @@ static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask, { struct nlattr *start; - start = nla_nest_start(skb, OVS_KEY_ATTR_NSH); + start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH); if (!start) return -EMSGSIZE; @@ -2017,14 +2017,15 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) { if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask)) goto nla_put_failure; - encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); + encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP); if (!swkey->eth.vlan.tci) goto unencap; if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) { if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask)) goto nla_put_failure; - in_encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); + in_encap = nla_nest_start_noflag(skb, + OVS_KEY_ATTR_ENCAP); if (!swkey->eth.cvlan.tci) goto unencap; } @@ -2203,7 +2204,7 @@ int ovs_nla_put_key(const struct sw_flow_key *swkey, int err; struct nlattr *nla; - nla = nla_nest_start(skb, attr); + nla = nla_nest_start_noflag(skb, attr); if (!nla) return -EMSGSIZE; err = __ovs_nla_put_key(swkey, output, is_mask, skb); @@ -3234,7 +3235,7 @@ static int sample_action_to_attr(const struct nlattr *attr, const struct sample_arg *arg; struct nlattr *actions; - start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE); + start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE); if (!start) return -EMSGSIZE; @@ -3247,7 +3248,7 @@ static int sample_action_to_attr(const struct nlattr *attr, goto out; } - ac_start = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS); + ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS); if (!ac_start) { err = -EMSGSIZE; goto out; @@ -3273,7 +3274,7 @@ static int clone_action_to_attr(const struct nlattr *attr, struct nlattr *start; int err = 0, rem = nla_len(attr); - start = nla_nest_start(skb, OVS_ACTION_ATTR_CLONE); + start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE); if (!start) return -EMSGSIZE; @@ -3295,7 +3296,7 @@ static int check_pkt_len_action_to_attr(const struct nlattr *attr, const struct nlattr *a, *cpl_arg; int err = 0, rem = nla_len(attr); - start = nla_nest_start(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN); + start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN); if (!start) return -EMSGSIZE; @@ -3314,8 +3315,8 @@ static int check_pkt_len_action_to_attr(const struct nlattr *attr, * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'. */ a = nla_next(cpl_arg, &rem); - ac_start = nla_nest_start(skb, - OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL); + ac_start = nla_nest_start_noflag(skb, + OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL); if (!ac_start) { err = -EMSGSIZE; goto out; @@ -3333,8 +3334,8 @@ static int check_pkt_len_action_to_attr(const struct nlattr *attr, * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER. */ a = nla_next(a, &rem); - ac_start = nla_nest_start(skb, - OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER); + ac_start = nla_nest_start_noflag(skb, + OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER); if (!ac_start) { err = -EMSGSIZE; goto out; @@ -3368,7 +3369,7 @@ static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb) struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key); struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info; - start = nla_nest_start(skb, OVS_ACTION_ATTR_SET); + start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); if (!start) return -EMSGSIZE; @@ -3400,7 +3401,7 @@ static int masked_set_action_to_set_action_attr(const struct nlattr *a, /* Revert the conversion we did from a non-masked set action to * masked set action. */ - nla = nla_nest_start(skb, OVS_ACTION_ATTR_SET); + nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); if (!nla) return -EMSGSIZE; diff --git a/datapath/linux/compat/include/net/netlink.h b/datapath/linux/compat/include/net/netlink.h index d42bf108b417..34fc3460dc81 100644 --- a/datapath/linux/compat/include/net/netlink.h +++ b/datapath/linux/compat/include/net/netlink.h @@ -165,4 +165,13 @@ static inline int rpl_nla_parse(struct nlattr **tb, int maxtype, #define nla_parse rpl_nla_parse #endif +#ifndef HAVE_NLA_NEST_START_NOFLAG +static inline struct nlattr *rpl_nla_nest_start_noflag(struct sk_buff *skb, + int attrtype) +{ + return nla_nest_start(skb, attrtype); +} +#define nla_nest_start_noflag rpl_nla_nest_start_noflag +#endif + #endif /* net/netlink.h */ diff --git a/datapath/meter.c b/datapath/meter.c index eda14682fb96..b0a92891c7c0 100644 --- a/datapath/meter.c +++ b/datapath/meter.c @@ -129,7 +129,7 @@ static int ovs_meter_cmd_reply_stats(struct sk_buff *reply, u32 meter_id, OVS_METER_ATTR_PAD)) goto error; - nla = nla_nest_start(reply, OVS_METER_ATTR_BANDS); + nla = nla_nest_start_noflag(reply, OVS_METER_ATTR_BANDS); if (!nla) goto error; @@ -138,7 +138,7 @@ static int ovs_meter_cmd_reply_stats(struct sk_buff *reply, u32 meter_id, for (i = 0; i < meter->n_bands; ++i, ++band) { struct nlattr *band_nla; - band_nla = nla_nest_start(reply, OVS_BAND_ATTR_UNSPEC); + band_nla = nla_nest_start_noflag(reply, OVS_BAND_ATTR_UNSPEC); if (!band_nla || nla_put(reply, OVS_BAND_ATTR_STATS, sizeof(struct ovs_flow_stats), &band->stats)) @@ -168,11 +168,11 @@ static int ovs_meter_cmd_features(struct sk_buff *skb, struct genl_info *info) nla_put_u32(reply, OVS_METER_ATTR_MAX_BANDS, DP_MAX_BANDS)) goto nla_put_failure; - nla = nla_nest_start(reply, OVS_METER_ATTR_BANDS); + nla = nla_nest_start_noflag(reply, OVS_METER_ATTR_BANDS); if (!nla) goto nla_put_failure; - band_nla = nla_nest_start(reply, OVS_BAND_ATTR_UNSPEC); + band_nla = nla_nest_start_noflag(reply, OVS_BAND_ATTR_UNSPEC); if (!band_nla) goto nla_put_failure; /* Currently only DROP band type is supported. */ diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c index 05764467a687..70ed376e3869 100644 --- a/datapath/vport-vxlan.c +++ b/datapath/vport-vxlan.c @@ -47,7 +47,7 @@ static int vxlan_get_options(const struct vport *vport, struct sk_buff *skb) #endif struct nlattr *exts; - exts = nla_nest_start(skb, OVS_TUNNEL_ATTR_EXTENSION); + exts = nla_nest_start_noflag(skb, OVS_TUNNEL_ATTR_EXTENSION); if (!exts) return -EMSGSIZE; diff --git a/datapath/vport.c b/datapath/vport.c index ed7f23ec8933..f929282dcec1 100644 --- a/datapath/vport.c +++ b/datapath/vport.c @@ -408,7 +408,7 @@ int ovs_vport_get_options(const struct vport *vport, struct sk_buff *skb) if (!vport->ops->get_options) return 0; - nla = nla_nest_start(skb, OVS_VPORT_ATTR_OPTIONS); + nla = nla_nest_start_noflag(skb, OVS_VPORT_ATTR_OPTIONS); if (!nla) return -EMSGSIZE; From patchwork Tue Oct 15 17:27:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177253 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="CShwlSrn"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2pF1T1Cz9sP4 for ; Wed, 16 Oct 2019 04:43:17 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 3AC32EF8; Tue, 15 Oct 2019 17:39:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id EB191EED for ; Tue, 15 Oct 2019 17:39:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 44A866C5 for ; Tue, 15 Oct 2019 17:39:29 +0000 (UTC) Received: by mail-pg1-f196.google.com with SMTP id w3so5653270pgt.5 for ; Tue, 15 Oct 2019 10:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wqGGDXPW2PjsR6EkbXDuvYiUZzNqeL9vlQyE9XFn1zw=; b=CShwlSrnoRwefF0aXEwaqivWuUKeeBcKIps0ZYy6tGP5SQRkR83rfDRI59V6CvOFPW auA3L+TNf+8Ixz7COh3OUKo4IL0+nPSkqJDI/ajz+BcteX1e8E7x13S2KxPgSwo7VJoy HnKsJ4DIhbVYja0EzQpLA8/Oxh+dQ13MQdY6ywDd2JboHkYszSPaJ9wCsYNB0VMkcyV6 2rLGus2MP2uOuDvNUHWohdvolu+DICMlLIE+A9AYYb6SmKLbm77ko61FwruTjypWubZc jiQfBsk1b53vCJzmGuJI1KXWR2q61vwiIYCpxjqQpRhvd1/2gTOQR0FsbLJC2mFNSWb4 iJrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wqGGDXPW2PjsR6EkbXDuvYiUZzNqeL9vlQyE9XFn1zw=; b=UXOHxLNnKLDHLvrxM2e/jMUSZctebeyzwKj8pEOQCSiB9RxMY6J/ve+EJtJwXCw8I9 /9SPMZkg40fKqVBNQ7+AwVXd7UFPu89uJXM0bPVZjnq0tLCpU4b1cVKvymLDTGtnmdEd Jcbz0j+l5lacKF9JSAuT6ZN/5h2egoxT6A96v99mH2aPH/21QtQJIogCeVFaBIZsDSvK CGXH5Y5qnt1A+FO+ioHpYDYAq9gLnjgTwpcdRNPJzchKPGIMAjztUhNeqVEEoLwK+6Fo 8XiAZAfYlKgjqS9T9Ygz50hJWieslsM1nTDIz9vNXiXQB7BbzJRabODbF86ts0CL/j8y 9CUQ== X-Gm-Message-State: APjAAAVTqZwYexRIU5S9PZyTUMZbxKv2dd3jDD4DYfqEaL0AwApWZ/6x u57dMDgEK04eUZrr15Hr6zGiq6B1jmc= X-Google-Smtp-Source: APXvYqwjmDaNa7eUJJJRUe7F7P1EwUnyY/JN6vWroXjQRrnT9Fx569cXzqf9rtY5k7Yn1sKh3bZ/pQ== X-Received: by 2002:a63:c911:: with SMTP id o17mr40028961pgg.150.1571161168218; Tue, 15 Oct 2019 10:39:28 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:27 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:48 -0700 Message-Id: <1571160473-46132-8-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 07/12] datapath: genetlink: optionally validate strictly/dumps X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This patch backports the following upstream commit within the openvswitch kernel module with some checks so that it also works in the older kernel. Upstream commit: commit ef6243acb4782df587a4d7d6c310fa5b5d82684b Author: Johannes Berg Date: Fri Apr 26 14:07:31 2019 +0200 genetlink: optionally validate strictly/dumps Add options to strictly validate messages and dump messages, sometimes perhaps validating dump messages non-strictly may be required, so add an option for that as well. Since none of this can really be applied to existing commands, set the options everwhere using the following spatch: @@ identifier ops; expression X; @@ struct genl_ops ops[] = { ..., { .cmd = X, + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, ... }, ... }; For new commands one should just not copy the .validate 'opt-out' flags and thus get strict validation. Signed-off-by: Johannes Berg Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 1 + datapath/conntrack.c | 9 +++++++++ datapath/datapath.c | 39 +++++++++++++++++++++++++++++++++++++++ datapath/meter.c | 12 ++++++++++++ 4 files changed, 61 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index f7b7c0438c16..0e9ff2596608 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -817,6 +817,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/genetlink.h], [genlmsg_parse]) OVS_GREP_IFELSE([$KSRC/include/net/genetlink.h], [genl_notify.*family], [OVS_DEFINE([HAVE_GENL_NOTIFY_TAKES_FAMILY])]) + OVS_GREP_IFELSE([$KSRC/include/net/genetlink.h], [genl_validate_flags]) OVS_FIND_PARAM_IFELSE([$KSRC/include/net/genetlink.h], [genl_notify], [net], [OVS_DEFINE([HAVE_GENL_NOTIFY_TAKES_NET])]) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index b11a30965147..0c0d43bec2e5 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -2283,18 +2283,27 @@ exit_err: static struct genl_ops ct_limit_genl_ops[] = { { .cmd = OVS_CT_LIMIT_CMD_SET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN * privilege. */ .policy = ct_limit_policy, .doit = ovs_ct_limit_cmd_set, }, { .cmd = OVS_CT_LIMIT_CMD_DEL, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN * privilege. */ .policy = ct_limit_policy, .doit = ovs_ct_limit_cmd_del, }, { .cmd = OVS_CT_LIMIT_CMD_GET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = ct_limit_policy, .doit = ovs_ct_limit_cmd_get, diff --git a/datapath/datapath.c b/datapath/datapath.c index 78e2e6310529..f4244ea09869 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -652,6 +652,9 @@ static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = { static struct genl_ops dp_packet_genl_ops[] = { { .cmd = OVS_PACKET_CMD_EXECUTE, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = packet_policy, .doit = ovs_packet_cmd_execute @@ -1440,22 +1443,34 @@ static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = { static struct genl_ops dp_flow_genl_ops[] = { { .cmd = OVS_FLOW_CMD_NEW, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = flow_policy, .doit = ovs_flow_cmd_new }, { .cmd = OVS_FLOW_CMD_DEL, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = flow_policy, .doit = ovs_flow_cmd_del }, { .cmd = OVS_FLOW_CMD_GET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = flow_policy, .doit = ovs_flow_cmd_get, .dumpit = ovs_flow_cmd_dump }, { .cmd = OVS_FLOW_CMD_SET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = flow_policy, .doit = ovs_flow_cmd_set, @@ -1832,22 +1847,34 @@ static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = { static struct genl_ops dp_datapath_genl_ops[] = { { .cmd = OVS_DP_CMD_NEW, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = datapath_policy, .doit = ovs_dp_cmd_new }, { .cmd = OVS_DP_CMD_DEL, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = datapath_policy, .doit = ovs_dp_cmd_del }, { .cmd = OVS_DP_CMD_GET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = datapath_policy, .doit = ovs_dp_cmd_get, .dumpit = ovs_dp_cmd_dump }, { .cmd = OVS_DP_CMD_SET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = datapath_policy, .doit = ovs_dp_cmd_set, @@ -2277,22 +2304,34 @@ static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = { static struct genl_ops dp_vport_genl_ops[] = { { .cmd = OVS_VPORT_CMD_NEW, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = vport_policy, .doit = ovs_vport_cmd_new }, { .cmd = OVS_VPORT_CMD_DEL, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = vport_policy, .doit = ovs_vport_cmd_del }, { .cmd = OVS_VPORT_CMD_GET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = vport_policy, .doit = ovs_vport_cmd_get, .dumpit = ovs_vport_cmd_dump }, { .cmd = OVS_VPORT_CMD_SET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */ .policy = vport_policy, .doit = ovs_vport_cmd_set, diff --git a/datapath/meter.c b/datapath/meter.c index b0a92891c7c0..7d8f51a8fcd1 100644 --- a/datapath/meter.c +++ b/datapath/meter.c @@ -538,11 +538,17 @@ bool ovs_meter_execute(struct datapath *dp, struct sk_buff *skb, static struct genl_ops dp_meter_genl_ops[] = { { .cmd = OVS_METER_CMD_FEATURES, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = meter_policy, .doit = ovs_meter_cmd_features }, { .cmd = OVS_METER_CMD_SET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN * privilege. */ @@ -550,11 +556,17 @@ static struct genl_ops dp_meter_genl_ops[] = { .doit = ovs_meter_cmd_set, }, { .cmd = OVS_METER_CMD_GET, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = 0, /* OK for unprivileged users. */ .policy = meter_policy, .doit = ovs_meter_cmd_get, }, { .cmd = OVS_METER_CMD_DEL, +#ifdef HAVE_GENL_VALIDATE_FLAGS + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, +#endif .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN * privilege. */ From patchwork Tue Oct 15 17:27:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177254 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="JSjqRvH3"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2pv45r6z9sP4 for ; Wed, 16 Oct 2019 04:43:51 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 228BBF0C; Tue, 15 Oct 2019 17:39:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 97DC9EE6 for ; Tue, 15 Oct 2019 17:39:31 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 08737887 for ; Tue, 15 Oct 2019 17:39:31 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id h195so12933139pfe.5 for ; Tue, 15 Oct 2019 10:39:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dM3r9QDuRG4A5i3L2mx/iPveD5J6MTf5N1B88OMF3ow=; b=JSjqRvH3WxuoOPXzY9gcnH1MlmvtTPm4MxR2lgoTYT4uuMkPl07i9cwNtAsiQSNl0f rqsxMdmkViwmBzc8jGa+yXMtvTIAEh+nCZqxv7ODf5l9I5rB6S4XdKrNtkIHgFXh2YwZ DpSr2ZIMBuLnmJTD2CDGkb//jjTemYhPGmwrq32eVe2VzrXheKtJr+e2VYWBnxO7jh34 pqy3J0Ojdv/JziROfenngHX5ODo9OdA0GIBo5Z8a3KqyTEhGKqMcntjYqRwvfk1DTPPO WCtrdFaqU1WwHaa6waB3IkROoCJfCxTKNdVBTXrKmiUeWoOfbKu0+IbNbJoQDxzMBrrS A7Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dM3r9QDuRG4A5i3L2mx/iPveD5J6MTf5N1B88OMF3ow=; b=LSj3MK14n3pSHrOHsEN87ejgGtri0EHU61npdurSHP7imz7ln5PF6LsnFYCoOs1Owg qoNndodxWa+WHXMi0kLDu3K4G//HCb8iAVFQoex4jzXnRYsaCGi55HyUuer082wNcoxF HFkEKaAHwLy7waFPjm10whXyF7Ds6/vkIy+UIgKElXJ9XaA28D9PbGyk8qsU+uY9AAv2 zIn9LWe+HKptH/pWFTlPQjxrFy7y3mwxBsJJN7PnuWEb0YYfDPI0a4WmlhDPz7tjN+/X sYCisiQMdBPL/pBIXfktXsJhIUkwJE3rIWVaaJy4pcoquEWqpx8uHcZYk4/lkvZX4V+i KDtw== X-Gm-Message-State: APjAAAWLNfNLFC8LCpyoiaqHBkssK3sCJl9qyrvfRMAtJSno8pG76bdS j7tGyvPyDrvsLiDfG9E4UPhHpYYhSnI= X-Google-Smtp-Source: APXvYqwFEgIOsfwygN8/qjXQvsogmZNUDc0QRDzXaqn3H2k/+AUqBKMnsF8FP+InEfZnEylAMs56Aw== X-Received: by 2002:aa7:8691:: with SMTP id d17mr40460108pfo.152.1571161170043; Tue, 15 Oct 2019 10:39:30 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:28 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:49 -0700 Message-Id: <1571160473-46132-9-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 08/12] datapath: Load and reference the NAT helper. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This commit backports the following upstream commit, and two functions in nf_conntrack_helper.h. Upstream commit: commit fec9c271b8f1bde1086be5aa415cdb586e0dc800 Author: Flavio Leitner Date: Wed Apr 17 11:46:17 2019 -0300 openvswitch: load and reference the NAT helper. This improves the original commit 17c357efe5ec ("openvswitch: load NAT helper") where it unconditionally tries to load the module for every flow using NAT, so not efficient when loading multiple flows. It also doesn't hold any references to the NAT module while the flow is active. This change fixes those problems. It will try to load the module only if it's not present. It grabs a reference to the NAT module and holds it while the flow is active. Finally, an error message shows up if either actions above fails. Fixes: 17c357efe5ec ("openvswitch: load NAT helper") Signed-off-by: Flavio Leitner Signed-off-by: Pablo Neira Ayuso Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- acinclude.m4 | 4 ++++ datapath/conntrack.c | 27 +++++++++++++++++----- .../include/net/netfilter/nf_conntrack_helper.h | 17 ++++++++++++++ 3 files changed, 42 insertions(+), 6 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 0e9ff2596608..2f1d30f334cb 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -902,6 +902,10 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_helper.h], [nf_conntrack_helper_put], [OVS_DEFINE(HAVE_NF_CONNTRACK_HELPER_PUT)]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_helper.h], + [nf_nat_helper_try_module_get]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_helper.h], + [nf_nat_helper_put]) OVS_GREP_IFELSE([$KSRC/include/linux/skbuff.h],[[[[:space:]]]SKB_GSO_UDP[[[:space:]]]], [OVS_DEFINE([HAVE_SKB_GSO_UDP])]) OVS_GREP_IFELSE([$KSRC/include/net/dst.h],[DST_NOCACHE], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 0c0d43bec2e5..9a7eab655142 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1391,6 +1391,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, { struct nf_conntrack_helper *helper; struct nf_conn_help *help; + int ret = 0; helper = nf_conntrack_helper_try_module_get(name, info->family, key->ip.proto); @@ -1405,13 +1406,22 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return -ENOMEM; } +#ifdef CONFIG_NF_NAT_NEEDED + if (info->nat) { + ret = nf_nat_helper_try_module_get(name, info->family, + key->ip.proto); + if (ret) { + nf_conntrack_helper_put(helper); + OVS_NLERR(log, "Failed to load \"%s\" NAT helper, error: %d", + name, ret); + return ret; + } + } +#endif + rcu_assign_pointer(help->helper, helper); info->helper = helper; - - if (info->nat) - request_module("ip_nat_%s", name); - - return 0; + return ret; } #if IS_ENABLED(CONFIG_NF_NAT_NEEDED) @@ -1898,8 +1908,13 @@ void ovs_ct_free_action(const struct nlattr *a) static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { - if (ct_info->helper) + if (ct_info->helper) { +#ifdef CONFIG_NF_NAT_NEEDED + if (ct_info->nat) + nf_nat_helper_put(ct_info->helper); +#endif nf_conntrack_helper_put(ct_info->helper); + } if (ct_info->ct) { if (ct_info->timeout[0]) nf_ct_destroy_timeout(ct_info->ct); diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h index b6a3d0bf75b3..78f97375b66e 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_helper.h @@ -19,4 +19,21 @@ rpl_nf_ct_helper_ext_add(struct nf_conn *ct, #define nf_ct_helper_ext_add rpl_nf_ct_helper_ext_add #endif /* HAVE_NF_CT_HELPER_EXT_ADD_TAKES_HELPER */ +#ifndef HAVE_NF_NAT_HELPER_TRY_MODULE_GET +static inline int rpl_nf_nat_helper_try_module_get(const char *name, u16 l3num, + u8 protonum) +{ + request_module("ip_nat_%s", name); + return 0; +} +#define nf_nat_helper_try_module_get rpl_nf_nat_helper_try_module_get +#endif /* HAVE_NF_NAT_HELPER_TRY_MODULE_GET */ + +#ifndef HAVE_NF_NAT_HELPER_PUT +void rpl_nf_nat_helper_put(struct nf_conntrack_helper *helper) +{ +} +#define nf_nat_helper_put rpl_nf_nat_helper_put +#endif /* HAVE_NF_NAT_HELPER_PUT */ + #endif /* _NF_CONNTRACK_HELPER_WRAPPER_H */ From patchwork Tue Oct 15 17:27:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177255 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="csLdxofZ"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2qP0g1Xz9sP4 for ; Wed, 16 Oct 2019 04:44:17 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id B97C0F11; Tue, 15 Oct 2019 17:39:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CF73BF03 for ; Tue, 15 Oct 2019 17:39:32 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7EE356CE for ; Tue, 15 Oct 2019 17:39:32 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id p12so3233420pgn.6 for ; Tue, 15 Oct 2019 10:39:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=LaiEPuHB/6ynzcnwty2bxImwXeNrZj5BWXcmG9RRzqo=; b=csLdxofZwL+U+rGXO+Tgck9ZthNsfMwJLPNLXp1NHq1o2Lc19wPZkhTZWgq63N9Jfd Mn7N8Kan8oDkA7/JH99/LqfIhfv068h6d7Zpjzz5BF1VSDCUNdlZhD5eWqcBXjHweZAg g25QnACn6t6KFANQmIC8qD69g1K00nAxIk8x9HlkJg+xzOXipgpFeAm3YBJ6vE4ay13D qzuu28aiSYLuX7/jbFHBcsV5IBdc/RNNJPFUoZRWp8HBt3sAOlgmiY4PR8Bf2ifqGOkv GNvMGLOgFdCznJmF4Mde9/hD2m4jUInOeinuMGG/sP27JEgGxTnoXMBUxJKNJLYhyO/O XBMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LaiEPuHB/6ynzcnwty2bxImwXeNrZj5BWXcmG9RRzqo=; b=mb0uptpkChmxkC5FbYtRJ2HUpGiUXj8idVkJAA9xs3IiyutCoRPa31cirJdYYhUGwN uBmi2gQLt5BPWY62LAi4NrBYFZr3TeiQnVByEzWQMX2X1E9bTmE5Y5fzC52eSEYswOel JMPt2aX8n008hXJYwFh/jJyQ0naUUIz+b7w0tzN5tKgjSR5R75CW07+C9A7xwQITUs6d Iq4ZibGi9hb5S+rcszG4OJgcJMXvlcSTtE8it+anQtE1XH13TZU89UiY5B6jsfX5jexH lAhxZYnJKyJNLZNqrDjQGpw1hXniiA/wSQQX+vLwEfMo4Bqu0yv4/Pwzn3mIQSO1zbZx pyMg== X-Gm-Message-State: APjAAAXKqH5VbFKJvyJ7OCO3aMbapxNN565bCEG5GrjlJ5scYF30TMIQ VfGae73eBQJvAc2QWX8mXQFZ6fL2kso= X-Google-Smtp-Source: APXvYqwZoN6smRSguLgVzrWDijK8ObLg/UegIb5MI7NniDAW9/ue0TSx75qpP4rVXshiVqPc2kuxwA== X-Received: by 2002:a62:e807:: with SMTP id c7mr39272137pfi.18.1571161171686; Tue, 15 Oct 2019 10:39:31 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:30 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:50 -0700 Message-Id: <1571160473-46132-10-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Colin Ian King Subject: [ovs-dev] [PATCH v2 09/12] datapath: Check for null pointer return from nla_nest_start_noflag X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Colin Ian King upstream commit: commit ca96534630e2edfd73121c487c957b17eca3b7d7 Author: Colin Ian King Date: Wed May 1 14:41:58 2019 +0100 openvswitch: check for null pointer return from nla_nest_start_noflag The call to nla_nest_start_noflag can return null in the unlikely event that nla_put returns -EMSGSIZE. Check for this condition to avoid a null pointer dereference on pointer nla_reply. Addresses-Coverity: ("Dereference null return value") Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit") Signed-off-by: Colin Ian King Acked-by: Yi-Hung Wei Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 9a7eab655142..86e7dd24bb9b 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -2273,6 +2273,10 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info) return PTR_ERR(reply); nla_reply = nla_nest_start_noflag(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); + if (!nla_reply) { + err = -EMSGSIZE; + goto exit_err; + } if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) { err = ovs_ct_limit_get_zone_limit( From patchwork Tue Oct 15 17:27:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177256 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="rWxhRoP0"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2qv5wjCz9sP4 for ; Wed, 16 Oct 2019 04:44:43 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 590D6F1D; Tue, 15 Oct 2019 17:39:37 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 87714EFA for ; Tue, 15 Oct 2019 17:39:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 257F66C5 for ; Tue, 15 Oct 2019 17:39:34 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id t10so9922279plr.8 for ; Tue, 15 Oct 2019 10:39:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=K5p+OJfzV2PYUiGCgrl4R60t1HI/BJQ7kZcFANtHg+4=; b=rWxhRoP0Cb7AWdTKvaqkMsjCXICK9NUGlSFiiuWQrv7IdeWafRfHJ61eS16xgdHg6c KlDqub/WJmkZPcstSipkn4qhJ7Q36T71GuvLntW6lAI4c/VOAoyBLzRytkxepDMsSOLy cRIfNaczb6VyQt3NhQlREog/oE56bG4QnJB4r3I2vZpWP/t4mZfmrXWxEJy0wl8uQMPz cpYveEkXivAdygZdbA8EmM0WZi0AskgsZupHHDCkPrNZga2/4ecKaO5IXTLIPU2iRCVK oDEQ01D4scMzkBCPwsGask7huzROTp4kN5HmmIrepNpXIt2URWvp6xKvbJ6ExiVxKg8R bygQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=K5p+OJfzV2PYUiGCgrl4R60t1HI/BJQ7kZcFANtHg+4=; b=dIAYLulU6WwhEvc+JJVCrIvbBoYZaDM0RYupMmsoQUe5TMi1Mc48VQmPP8LspMmgZy bvr1KUpwMXbq9VIHbTTHghnrNBNwRoqajGBmJsP8HkVrrQqGnFzwtcU6bf8YTn/ERtF5 KFrV0YZNMlwdcmNTyVj2iO+2cq0dZBw+zmjzMeL13E71pzTCNyNl5fX/beMu0TAGOd+r bpGCv7kHEYGumieEepBdv5MG+MoAPWtHnVtanNjpLKQMRq/QV4o71WMN6Puq5IYofsXu N9L1N6L0AEYw0oaHAXSgl7akXtA1q4SHZcz1XYW7bIimavwQ9oqPWe7X1PPpcgAz7hGZ xYgQ== X-Gm-Message-State: APjAAAVsHptVZo6e0KBJMbIibT0813QZuTOU5lWjId5BCvqJ/lhU5eAB DwVm23oRrRnFSU2JC4UIcbmio1oPDQ4= X-Google-Smtp-Source: APXvYqzEih5DRWFkk2AKkD1zLoQVXGSlZsS8/2LQgBs12if/zCJhmyU5Cu4FzcVJ9wSl8D//gTROAg== X-Received: by 2002:a17:902:8689:: with SMTP id g9mr36312908plo.131.1571161173354; Tue, 15 Oct 2019 10:39:33 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:32 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:51 -0700 Message-Id: <1571160473-46132-11-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 10/12] datapath: Replace removed NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Backports the following upstream commit with some backward compatibility change. commit f319ca6557c10a711facc4dd60197470796d3ec1 Author: Geert Uytterhoeven Date: Wed May 8 08:52:32 2019 +0200 openvswitch: Replace removed NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) Commit 4806e975729f99c7 ("netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)") removed CONFIG_NF_NAT_NEEDED, but a new user popped up afterwards. Fixes: fec9c271b8f1bde1 ("openvswitch: load and reference the NAT helper.") Signed-off-by: Geert Uytterhoeven Acked-by: Florian Westphal Acked-by: Flavio Leitner Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 86e7dd24bb9b..ba73962b2214 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1406,7 +1406,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return -ENOMEM; } -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) if (info->nat) { ret = nf_nat_helper_try_module_get(name, info->family, key->ip.proto); @@ -1909,7 +1909,7 @@ void ovs_ct_free_action(const struct nlattr *a) static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { if (ct_info->helper) { -#ifdef CONFIG_NF_NAT_NEEDED +#if IS_ENABLED(CONFIG_NF_NAT_NEEDED) if (ct_info->nat) nf_nat_helper_put(ct_info->helper); #endif From patchwork Tue Oct 15 17:27:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177257 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="q7F42flb"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2rM6B82z9sP4 for ; Wed, 16 Oct 2019 04:45:07 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id ECF8AF25; Tue, 15 Oct 2019 17:39:37 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 57CC7F08 for ; Tue, 15 Oct 2019 17:39:36 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EC75C6C5 for ; Tue, 15 Oct 2019 17:39:35 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id b128so12952523pfa.1 for ; Tue, 15 Oct 2019 10:39:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=g/ow9Jv1aAq/eE1Nh9ICzA36egVAcoLOMRko6R8miqs=; b=q7F42flb+aSE8c2wkyCWZTBsAAQvJnq47NxTVezNXZbnN42uCxbzdlwbU+aDc3qh0T xak+RMCJjhTiChoG3Q2shwC4Vf2TtSbkTr4pPJ521MjypbFj13GGwwQGar40De3jPhEX 2ReLeTpFEh87ZYch/ELsKEgRQ23ieoXhW8iDxqGyw36WWLL0HDkH07DNUm5DPAu61tDX 9eiWopM0A3FpPs4/NXWf3w11m72IlMdnholrnG9B/QBHNI3wzeATEkcjPm8JRmb0i5d9 /hY76nGZlNqiX5eQzg6ovBW8vcDAzwEMv0LvPwVgU5CvnZbb9S7O33c/NQgVQQRsUQp2 2Ewg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=g/ow9Jv1aAq/eE1Nh9ICzA36egVAcoLOMRko6R8miqs=; b=L80qmh3YEfh4KAxtIrVXnBq1e1RNEL5ClCCr37hr85IBbbiJIoeWcsGgZcGocZsCpU DGix8rpkq4fmcIOEfxlPoD6XTFss0CPK7PH0AH7X/wO74XXw5cx451yCOGIQlGvmLMfr vupeo2tIkqwXJw/S7DKVL85ONiaEProbUmnXeIkgRqJqy5mI3fK5Nj53oUOQgjREYPwU Fer9nQcO5HBdntW5vWkYa+M6ywTB5r6SFRH/WsT8BNA2NKecx0b82aiwywtIOVdCLsc/ vY/IRYVq96/17LGDhb/IEppbF08nxuwBBrYYAneUAzcgbbIVwD2Fhn7iwYJSC2aEaa5Z QadQ== X-Gm-Message-State: APjAAAUDBXB3dUWkZBLshtl2bDH2NAgO8iW9sZCCtNeIZaX+L0IW0nOo yDMkyrMjEpElM18DeE2Z5b22uGqEYlA= X-Google-Smtp-Source: APXvYqxFkZh5NwWYZKyhY6d3EV+jcW4eglFcUwfGdD/uzOrtOh2b+i6MVM5XSiXSX6JZYcaa95n87Q== X-Received: by 2002:a17:90a:a00c:: with SMTP id q12mr44484629pjp.102.1571161175110; Tue, 15 Oct 2019 10:39:35 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:33 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:52 -0700 Message-Id: <1571160473-46132-12-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 11/12] datapath: Fix log message in ovs conntrack X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Upstream commit: commit 12c6bc38f99bb168b7f16bdb5e855a51a23ee9ec Author: Yi-Hung Wei Date: Wed Aug 21 17:16:10 2019 -0700 openvswitch: Fix log message in ovs conntrack Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action") Signed-off-by: Yi-Hung Wei Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index ba73962b2214..f6e9386f4707 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1663,7 +1663,7 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, case OVS_CT_ATTR_TIMEOUT: memcpy(info->timeout, nla_data(a), nla_len(a)); if (!memchr(info->timeout, '\0', nla_len(a))) { - OVS_NLERR(log, "Invalid conntrack helper"); + OVS_NLERR(log, "Invalid conntrack timeout"); return -EINVAL; } break; From patchwork Tue Oct 15 17:27:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1177258 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="EMQqIpKc"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46t2rq4dR1z9sPF for ; Wed, 16 Oct 2019 04:45:31 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 9CD3FF29; Tue, 15 Oct 2019 17:39:40 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 45A13EB6 for ; Tue, 15 Oct 2019 17:39:38 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D75E36CE for ; Tue, 15 Oct 2019 17:39:37 +0000 (UTC) Received: by mail-pg1-f195.google.com with SMTP id k20so5214660pgi.1 for ; Tue, 15 Oct 2019 10:39:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qbYiYCZ5NCZRy37oEe+ew0/Us0Bkl/uDAyzggh3G+2E=; b=EMQqIpKcnq7Z3xpYE6hAobEG73HHi0+EI3GV+e6rdXVgtH6r2LMk4HfF7F8QWkb2Se rW2IZsh2dhxr1nnMwWmyHP4WEt+AThX6Vl8Cb9gImAZk3yBFQhK4K7IsOcuashvcD58M 1Gpn8HLrZmT1OkJKMJ+m6Hh5jg1bZqoCyZHTUTtdfBKx0JvWbMf19wDUAo9nbWoOMHOo vEH/DZ5XLKSBIQMqMWav/JE1qoJ+SFy5AhQfDZGzPYmEtNMqaID+AOrLUna7AIuzBXQu hun9amr6+XVX4i1xG49zegE8MzmXiAzFNjgxOwI7+4LVjZS0YpFMwkg/6V2DZyrnck+k 0MCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qbYiYCZ5NCZRy37oEe+ew0/Us0Bkl/uDAyzggh3G+2E=; b=EVDV653avDYPhDYkvPKLZ9V4ay6uvYSywfEdJ8XxwqReIQ1Pzu3QKfOrznYDsxWkos Ui08TvEDMP0l1JZjU8vkg5/ApK40TWiVG4LaIgzd7jejVht086sAtNc8HuTq7SvZddhm WOCh+gN9PVvnfYluMA56H5B1CqZWbO4HY2pw/kg5e6nkwVcQYl694sT8s+fMRxc7zsD5 3LNcc4TfBdrvfl0mlzgXQ1p5CzdaXFdAtEoeI9aqWgrYcrgAC245u19IpBX7g8odYU8a Z/dGbYX6BM2tgwOIT5Cilno8oG1oOJ0E4dcQoZka75F7dme8ZnOFbhqSVZDgbf86ZfOK iD2w== X-Gm-Message-State: APjAAAUdsdn+GZKQ8X8d6VIK4eHfZKfxCw2JjdWtsVNG5b6CoHm/tV8H 4nKHfnJ1kaSFINcRQtb/mT0FwSBg3JQ= X-Google-Smtp-Source: APXvYqzfvLCzUrz8oJyXCmf4A4nXUBaOASyWQY3SlGM9PDzYQggx3jHfcezjA1qrM6PucI11aEp/Gg== X-Received: by 2002:a17:90a:ba86:: with SMTP id t6mr29977798pjr.56.1571161176729; Tue, 15 Oct 2019 10:39:36 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id q204sm25590311pfc.11.2019.10.15.10.39.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Oct 2019 10:39:35 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Tue, 15 Oct 2019 10:27:53 -0700 Message-Id: <1571160473-46132-13-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> References: <1571160473-46132-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v2 12/12] datapath: Allow attaching helper in later commit X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Upstream commit: commit 248d45f1e1934f7849fbdc35ef1e57151cf063eb Author: Yi-Hung Wei Date: Fri Oct 4 09:26:44 2019 -0700 openvswitch: Allow attaching helper in later commit This patch allows to attach conntrack helper to a confirmed conntrack entry. Currently, we can only attach alg helper to a conntrack entry when it is in the unconfirmed state. This patch enables an use case that we can firstly commit a conntrack entry after it passed some initial conditions. After that the processing pipeline will further check a couple of packets to determine if the connection belongs to a particular application, and attach alg helper to the connection in a later stage. Signed-off-by: Yi-Hung Wei Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Yifeng Sun --- datapath/conntrack.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index f6e9386f4707..838cf63c908f 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1045,6 +1045,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, ct = nf_ct_get(skb, &ctinfo); if (ct) { + bool add_helper = false; + /* Packets starting a new connection must be NATted before the * helper, so that the helper knows about the NAT. We enforce * this by delaying both NAT and helper calls for unconfirmed @@ -1062,16 +1064,17 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, } /* Userspace may decide to perform a ct lookup without a helper - * specified followed by a (recirculate and) commit with one. - * Therefore, for unconfirmed connections which we will commit, - * we need to attach the helper here. + * specified followed by a (recirculate and) commit with one, + * or attach a helper in a later commit. Therefore, for + * connections which we will commit, we may need to attach + * the helper here. */ - if (!nf_ct_is_confirmed(ct) && info->commit && - info->helper && !nfct_help(ct)) { + if (info->commit && info->helper && !nfct_help(ct)) { int err = __nf_ct_try_assign_helper(ct, info->ct, GFP_ATOMIC); if (err) return err; + add_helper = true; /* helper installed, add seqadj if NAT is required */ if (info->nat && !nfct_seqadj(ct)) { @@ -1081,11 +1084,13 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, } /* Call the helper only if: - * - nf_conntrack_in() was executed above ("!cached") for a - * confirmed connection, or + * - nf_conntrack_in() was executed above ("!cached") or a + * helper was just attached ("add_helper") for a confirmed + * connection, or * - When committing an unconfirmed connection. */ - if ((nf_ct_is_confirmed(ct) ? !cached : info->commit) && + if ((nf_ct_is_confirmed(ct) ? !cached || add_helper : + info->commit) && ovs_ct_helper(skb, info->family) != NF_ACCEPT) { return -EINVAL; }