From patchwork Thu Nov 16 10:07:42 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joseph Zhong <zhongzh323@gmail.com>
X-Patchwork-Id: 1864762
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=DXb5pJyo;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4SWLzQ415kz1yRV
	for <incoming@patchwork.ozlabs.org>; Fri, 17 Nov 2023 00:51:14 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 7048C6FA5B;
	Thu, 16 Nov 2023 13:51:09 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7048C6FA5B
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601
 header.b=DXb5pJyo
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
	by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rUVzzW6ZSFVt; Thu, 16 Nov 2023 13:51:08 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp3.osuosl.org (Postfix) with ESMTPS id 7D35360FA9;
	Thu, 16 Nov 2023 13:51:07 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7D35360FA9
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 1B1D9C0039;
	Thu, 16 Nov 2023 13:51:07 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id C3537C0032
 for <dev@openvswitch.org>; Thu, 16 Nov 2023 10:07:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 8A52840A99
 for <dev@openvswitch.org>; Thu, 16 Nov 2023 10:07:55 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8A52840A99
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20230601 header.b=DXb5pJyo
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NXUuas0CyGi1 for <dev@openvswitch.org>;
 Thu, 16 Nov 2023 10:07:54 +0000 (UTC)
Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com
 [IPv6:2607:f8b0:4864:20::930])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 18408404F1
 for <dev@openvswitch.org>; Thu, 16 Nov 2023 10:07:54 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 18408404F1
Received: by mail-ua1-x930.google.com with SMTP id
 a1e0cc1a2514c-7bae8dd095cso247573241.3
 for <dev@openvswitch.org>; Thu, 16 Nov 2023 02:07:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1700129273; x=1700734073; darn=openvswitch.org;
 h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject
 :date:message-id:reply-to;
 bh=sevWuL7VSkjoS5I9hyKQzC4k2dQAXv1iwPGO/nIVahQ=;
 b=DXb5pJyomo93x4LrIcFns1PmW67Hx35Up0O1v/djUpjy7CjVR2SrTybZkgY/tbjuoZ
 Hr2GPQ+Z/DBpCBSUgykG0xRhy9KQL1EHohwupUHNcW2vnWDWW4BSgHBc+ESmvUhk5HVP
 bC4OWdryv3kbV75YsY3YM++TmtVcttYBiBaeqoEfQZ29i80JF3uoH0qgN0cpJfQVvfjA
 I94Xg7hWtrXOTvIgtv7KiklirWLImKtSv9yPhxhY+4tzNFXY7VQNtI6N8Uq751tNDN/m
 bSWYhqkyg1tGleyqxfVCSOe18ll01RT8XdTYWdGMg3qkykJlbNWGP2y7ul9O+kEW6Ya0
 b7fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1700129273; x=1700734073;
 h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=sevWuL7VSkjoS5I9hyKQzC4k2dQAXv1iwPGO/nIVahQ=;
 b=ViIBSiWMPPa18B201u5BNQck+5AT4H7mfEL9GWCo/cmPfLY/rYV3ycGnBVepeqQQNo
 /XYpKk1PFzNbFhsCEGK3rorfeN2jBI1uk6iYYgUNRe0BYV1nJjvQm12mDmYyLjlOKEKm
 tdsGVo++qNgqZ2T6VjMAdVCF03XaII2RBMNW2X9KvDRvAesjntjN1iOHrVnHzgIuCA4E
 Ndn6+DQLv/rvuaKg5t45oQJNYn9/+ylHJR7QOGHsgeXJFXetdz3EqcYePNfttVmCnz9t
 KF+B9Tsso4POh/ac40Lubw52lqBIAzByvhlbgSONxkjz70sAeyWUoUDArKIUQlwtAeYP
 m38g==
X-Gm-Message-State: AOJu0Yw9/A6E5i0nrALNWq6Ngy0vDDMHVfystRJiEgB/EkH1Dk8KTy44
 ig8U55eU9YU62Pv1vaVX+hsEqS/A4FOkaP9egZbSPGBs/Gn4Ng==
X-Google-Smtp-Source: 
 AGHT+IG6o5Tv/GHnLhr++NrFeAomTu3EE71JJS0sWYeX2BWOpNzWvveTCE02wKVRUQzCQXLAtOOYdS8bS0fd156j3pA=
X-Received: by 2002:a05:6122:2007:b0:4ac:22c7:89d5 with SMTP id
 l7-20020a056122200700b004ac22c789d5mr16659083vkd.2.1700129272710; Thu, 16 Nov
 2023 02:07:52 -0800 (PST)
MIME-Version: 1.0
From: Joseph Zhong <zhongzh323@gmail.com>
Date: Thu, 16 Nov 2023 18:07:42 +0800
Message-ID: 
 <CAGOK1xVJPBvw7K6DxbsDQYWgcgm6gTqEJP+hNqGC+CGdUDnbXQ@mail.gmail.com>
To: dev@openvswitch.org
X-Mailman-Approved-At: Thu, 16 Nov 2023 13:51:06 +0000
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Cc: Joseph Zhong <zhongzh323@gmail.com>
Subject: [ovs-dev] [PATCH] lib/conntrack.c:compatible with nat with no
	action(direction)
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

This patch is to avoid generating incorrect conntrack entry
In a certain use case of conntrack flow that if flow included
ct(commit, nat) action, but no detail action/direction specified,
CT will generate incorrect conntrack entry.
For example, add below flow:
ip,priority=500,in_port=1,ct_state=-trk actions=ct(table=1,nat)'
ip,priority=500,in_port=2,ct_state=-trk actions=ct(table=1,nat)'
table=1,in_port=1,ip,ct_state=+trk+new actions=ct*(commit,nat)*,2
table=1,in_port=1,ip,ct_state=-new+trk+est actions=2
table=1,in_port=2,ip,ct_state=-new+trk+est actions=1
start traffic from 192.168.2.2 to 192.168.2.7
ovs dpdk datpath generate CT entry as below:
icmp,orig=(src=192.168.2.2,dst=192.168.2.7,id=17038,type=8,code=0),
reply=(src=*0.0.0.0*,dst=192.168.2.2,id=17038,type=0,code=0)
reply key src 0.0.0.0 is generated not correct by "nat_get_unique_tuple".
but ovs kernel datapath will generate correct ct entry as below:
icmp,orig=(src=192.168.2.2,dst=192.168.2.7,id=17038,type=8,code=0),
reply=(src=192.168.2.7,dst=192.168.2.2,id=17038,type=0,code=0)

To compatible with this use case of flow, and also be consistent with
kernel datapath's behavior, this patch treat this nat without action
specified as not nat, and don't do "nat_get_unique_tuple" and malloc
a nat_conn that is attached to nc.

Signed-off-by: Zhong Zhong <zhongzh323@gmail.com>
---
 lib/conntrack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 47a443f..581b62b 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -942,7 +942,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet
*pkt,
             nc->parent_key = alg_exp->parent_key;
         }
- if (nat_action_info) {
+ if (nat_action_info && nat_action_info->nat_action) {
             nc->nat_action = nat_action_info->nat_action;
             if (alg_exp) {
--