From patchwork Sat Apr 13 23:17:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085253 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44hW3M5cS3z9s55 for ; Sun, 14 Apr 2019 09:21:03 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 3D0F8CAA; Sat, 13 Apr 2019 23:17:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0F267BA4 for ; Sat, 13 Apr 2019 23:17:51 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f193.google.com (mail-qt1-f193.google.com [209.85.160.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A1E047FB for ; Sat, 13 Apr 2019 23:17:50 +0000 (UTC) Received: by mail-qt1-f193.google.com with SMTP id d13so15359428qth.5 for ; Sat, 13 Apr 2019 16:17:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WrUAfwxZ2mJ3qV2MjFj4BVzVMvakjdsw0TP7GyHfTqY=; b=tb9etOzGOD0sRVjpKRv6ZNpDatxcXHNg7rPIRcyOPF2ultA3f/XR4vjIu0ATnYQJUY DjHiUC9OFmifih7EfQnZ1RwQQhiK8Ql7X75RbjwO2iPJsfEfYiJHDfrJGA2GHyOzojZU +OB5aXCqadQIjsKAK7cXEh4bacv6uPFTGfMSDyaWofpbjwLscuHeiCmo9YMgWDaLm2qg GlUt1by7u0wK8qUuc/O9Pqn3P4GZvJPYINjGTKfIJScHmZ+Re56XNcdOHHsqtTfYym54 iOy29lMh3OYJ7WEGSK0/0ky8vMtm5SNP84iO906zBIoZTUav4B78bdGliynihFO1tqVL NrSw== X-Gm-Message-State: APjAAAVOHCiHkB0A0aBobPeaBIj7yJvXShOJcguQzkNiuX7gbJTfYDse X1UO7veOHW3PanvCPk5GXpX9DA== X-Google-Smtp-Source: APXvYqyLpkvsK4sYukxC4AYYUI8gERR+poKeVwALp3lQkI13iE5IPUi6VZYF+GFvAU+EiuH24/Lp1g== X-Received: by 2002:ac8:75ca:: with SMTP id z10mr53782084qtq.224.1555197469793; Sat, 13 Apr 2019 16:17:49 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id q75sm25732439qke.17.2019.04.13.16.17.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:49 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Date: Sat, 13 Apr 2019 20:17:16 -0300 Message-Id: <20190413231716.28711-9-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [ovs-dev] [PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This improves the original commit 17c357efe5ec ("openvswitch: load NAT helper") where it unconditionally tries to load the module for every flow using NAT, so not efficient when loading multiple flows. It also doesn't hold any references to the NAT module while the flow is active. This change fixes those problems. It will try to load the module only if it's not present. It grabs a reference to the NAT module and holds it while the flow is active. Finally, an error message shows up if either actions above fails. Fixes: 17c357efe5ec ("openvswitch: load NAT helper") Signed-off-by: Flavio Leitner --- net/openvswitch/conntrack.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) V2 - updated with new functions names. diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 0be3ab5bde26..c4dad6d8869b 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -1307,6 +1307,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, { struct nf_conntrack_helper *helper; struct nf_conn_help *help; + int ret = 0; helper = nf_conntrack_helper_try_module_get(name, info->family, key->ip.proto); @@ -1321,13 +1322,21 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return -ENOMEM; } +#ifdef CONFIG_NF_NAT_NEEDED + if (info->nat) { + ret = nf_nat_helper_try_module_get(name, info->family, + key->ip.proto); + if (ret) { + nf_conntrack_helper_put(helper); + OVS_NLERR(log, "Failed to load \"%s\" NAT helper, err: %d", + name, ret); + return ret; + } + } +#endif rcu_assign_pointer(help->helper, helper); info->helper = helper; - - if (info->nat) - request_module("ip_nat_%s", name); - - return 0; + return ret; } #ifdef CONFIG_NF_NAT_NEEDED @@ -1801,8 +1810,13 @@ void ovs_ct_free_action(const struct nlattr *a) static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { - if (ct_info->helper) + if (ct_info->helper) { +#ifdef CONFIG_NF_NAT_NEEDED + if (ct_info->nat) + nf_nat_helper_put(ct_info->helper); +#endif nf_conntrack_helper_put(ct_info->helper); + } if (ct_info->ct) { if (ct_info->timeout[0]) nf_ct_destroy_timeout(ct_info->ct);