From patchwork Fri Jan 25 02:32:33 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marcelo Leitner <mleitner@redhat.com>
X-Patchwork-Id: 1030783
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43m33w0Zw0z9s7T
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 25 Jan 2019 13:33:32 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728199AbfAYCdJ (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 24 Jan 2019 21:33:09 -0500
Received: from mx1.redhat.com ([209.132.183.28]:36550 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728371AbfAYCdI (ORCPT <rfc822;netdev@vger.kernel.org>);
	Thu, 24 Jan 2019 21:33:08 -0500
Received: from smtp.corp.redhat.com
	(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 134FC89C44;
	Fri, 25 Jan 2019 02:33:07 +0000 (UTC)
Received: from localhost.localdomain (ovpn-116-7.gru2.redhat.com
	[10.97.116.7])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BCCEE5EDE1;
	Fri, 25 Jan 2019 02:33:04 +0000 (UTC)
Received: by localhost.localdomain (Postfix, from userid 1000)
	id 0C5E9180CF6; Fri, 25 Jan 2019 00:33:03 -0200 (-02)
From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Guy Shattah <sguy@mellanox.com>, Marcelo Leitner <mleitner@redhat.com>,
	Aaron Conole <aconole@redhat.com>,
	John Hurley <john.hurley@netronome.com>,
	Simon Horman <simon.horman@netronome.com>,
	Justin Pettit <jpettit@ovn.org>, Gregory Rose <gvrose8192@gmail.com>,
	Eelco Chaudron <echaudro@redhat.com>, Flavio Leitner <fbl@redhat.com>,
	Florian Westphal <fwestpha@redhat.com>,
	Jiri Pirko <jiri@resnulli.us>, Rashid Khan <rkhan@redhat.com>,
	Sushil Kulkarni <sukulkar@redhat.com>,
	Andy Gospodarek <andrew.gospodarek@broadcom.com>,
	Roi Dayan <roid@mellanox.com>, Yossi Kuperman <yossiku@mellanox.com>,
	Or Gerlitz <ogerlitz@mellanox.com>, Rony Efraim <ronye@mellanox.com>,
	"davem@davemloft.net" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: [RFC PATCH 4/6] net/sched: act_ct: add support for force flag
Date: Fri, 25 Jan 2019 00:32:33 -0200
Message-Id: 
 <b12a84a87b983d2bdbe710147f5aef5c98ed54db.1548285996.git.mleitner@redhat.com>
In-Reply-To: <cover.1548285996.git.mleitner@redhat.com>
References: <cover.1548285996.git.mleitner@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.27]);
	Fri, 25 Jan 2019 02:33:08 +0000 (UTC)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

OvS ct action has this 'force' flag, which basically forces ConnTrack to
consider that this packet, this specific direction, is the original one.

Implement that similarly: if the ct entry is there and the direction is not
the expected one, destroy it and create a new one.

Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
---
 include/uapi/linux/tc_act/tc_ct.h |  1 +
 net/sched/act_ct.c                | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/include/uapi/linux/tc_act/tc_ct.h b/include/uapi/linux/tc_act/tc_ct.h
index 37b95cda1dedd283b0244a03a20860ba22966dfa..009e53ee83fb3125bc5c4ca86954af3bf6a0287a 100644
--- a/include/uapi/linux/tc_act/tc_ct.h
+++ b/include/uapi/linux/tc_act/tc_ct.h
@@ -25,6 +25,7 @@ enum {
 
 enum {
 	TC_CT_COMMIT,
+	TC_CT_FORCE,
 	__TC_CT_MAX
 };
 #define TC_CT_MAX (__TC_CT_MAX - 1)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index f69509954149a0c8be710916a5289a4448049b5d..8a1b5d6a7cd8360c50011d992368464db213a020 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -165,6 +165,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 		      struct tcf_result *res)
 {
 	struct tcf_ct *p = to_tcf_ct(a);
+	enum ip_conntrack_info ctinfo;
 	struct nf_hook_state state = {
 		.hook = NF_INET_PRE_ROUTING,
 	};
@@ -173,6 +174,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	int action, err;
 	int nh_ofs;
 
+	/* Again needs to be here because we need a new ref on the ct. */
+again:
 	spin_lock(&p->tcf_lock);
 
 	tcf_lastuse_update(&p->tcf_tm);
@@ -218,8 +221,19 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	if (err != NF_ACCEPT)
 		goto drop;
 
-	new_ct = (struct nf_conn *)skb_nfct(skb);
+	new_ct = nf_ct_get(skb, &ctinfo);
 	if (new_ct) {
+		/* Force conntrack entry direction. */
+		if (flags & BIT(TC_CT_FORCE) &&
+		    CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) {
+			if (nf_ct_is_confirmed(new_ct))
+				nf_ct_delete(new_ct, 0, 0);
+
+			nf_conntrack_put(&new_ct->ct_general);
+			nf_ct_set(skb, NULL, 0);
+			goto again;
+		}
+
 		if (mark_mask) {
 			new_ct->mark = (new_ct->mark &~ mark_mask) | (mark & mark_mask);
 			if (nf_ct_is_confirmed(new_ct))