From patchwork Fri Jan 25 02:32:35 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marcelo Leitner <mleitner@redhat.com>
X-Patchwork-Id: 1030782
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43m33n587hz9s7h
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 25 Jan 2019 13:33:25 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728697AbfAYCdO (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 24 Jan 2019 21:33:14 -0500
Received: from mx1.redhat.com ([209.132.183.28]:41326 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728575AbfAYCdM (ORCPT <rfc822;netdev@vger.kernel.org>);
	Thu, 24 Jan 2019 21:33:12 -0500
Received: from smtp.corp.redhat.com
	(int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 548EFC7C1A;
	Fri, 25 Jan 2019 02:33:12 +0000 (UTC)
Received: from localhost.localdomain (ovpn-116-7.gru2.redhat.com
	[10.97.116.7])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 589654C5;
	Fri, 25 Jan 2019 02:33:09 +0000 (UTC)
Received: by localhost.localdomain (Postfix, from userid 1000)
	id 1EFD2180CFC; Fri, 25 Jan 2019 00:33:03 -0200 (-02)
From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Guy Shattah <sguy@mellanox.com>, Marcelo Leitner <mleitner@redhat.com>,
	Aaron Conole <aconole@redhat.com>,
	John Hurley <john.hurley@netronome.com>,
	Simon Horman <simon.horman@netronome.com>,
	Justin Pettit <jpettit@ovn.org>, Gregory Rose <gvrose8192@gmail.com>,
	Eelco Chaudron <echaudro@redhat.com>, Flavio Leitner <fbl@redhat.com>,
	Florian Westphal <fwestpha@redhat.com>,
	Jiri Pirko <jiri@resnulli.us>, Rashid Khan <rkhan@redhat.com>,
	Sushil Kulkarni <sukulkar@redhat.com>,
	Andy Gospodarek <andrew.gospodarek@broadcom.com>,
	Roi Dayan <roid@mellanox.com>, Yossi Kuperman <yossiku@mellanox.com>,
	Or Gerlitz <ogerlitz@mellanox.com>, Rony Efraim <ronye@mellanox.com>,
	"davem@davemloft.net" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: [RFC PATCH 6/6] net/sched: act_ct: allow sending a packet through
	conntrack multiple times
Date: Fri, 25 Jan 2019 00:32:35 -0200
Message-Id: 
 <cbc057d0e7f7cf630beb0b630faf27732ce458a5.1548285996.git.mleitner@redhat.com>
In-Reply-To: <cover.1548285996.git.mleitner@redhat.com>
References: <cover.1548285996.git.mleitner@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.39]);
	Fri, 25 Jan 2019 02:33:12 +0000 (UTC)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The first time it may use conntrack to track the tunnel information,
then jump into another chain, and go through conntrack again so that
the inner header is tracked.

This commit clears previous conntrack info if any so that we can
submit it to conntrack again.

Header offsets are supposed to be updated by the decapsulating action.

The main difference from just adding another act_ct(clear) action is that
the clear flag also sets the UNTRACKED mark in the packet (like OvS does).

Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
---
 net/sched/act_ct.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 77d55c05ed95d8abc8c35a3d19f453a586139914..6e446db3bcdda772dbe1090d5c584156f6cc59eb 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -196,16 +196,19 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	if (unlikely(action == TC_ACT_SHOT))
 		goto drop;
 
-	if (flags & BIT(TC_CT_CLEAR)) {
-		new_ct = nf_ct_get(skb, &ctinfo);
-		if (new_ct) {
-			if (nf_ct_is_confirmed(new_ct))
-				nf_ct_delete(new_ct, 0, 0);
+	new_ct = nf_ct_get(skb, &ctinfo);
+	if (new_ct) {
+		if (nf_ct_is_confirmed(new_ct))
+			nf_ct_delete(new_ct, 0, 0);
 
-			nf_conntrack_put(&new_ct->ct_general);
+		nf_conntrack_put(&new_ct->ct_general);
+
+		if (flags & BIT(TC_CT_CLEAR)) {
 			nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
 			goto out;
 		}
+
+		nf_ct_set(skb, NULL, 0);
 	}
 
 	/* FIXME: For when we support cloning the packet
@@ -218,7 +221,6 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	skb_pull_rcsum(skb, nh_ofs);
 	/* FIXME: OvS trims the packet here. Should we? */
 
-	/* FIXME: Need to handle multiple calls to CT action here. */
 	if (ct)
 		nf_ct_set(skb, ct, IP_CT_NEW);