From patchwork Mon Feb 25 23:59:17 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Darrell Ball <dlu998@gmail.com>
X-Patchwork-Id: 1048026
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="XQPVMQAw"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 447fKj1FZXz9s2R
	for <incoming@patchwork.ozlabs.org>;
	Tue, 26 Feb 2019 11:08:25 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 725B56BC1;
	Tue, 26 Feb 2019 00:08:01 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 9B48C647C
	for <dev@openvswitch.org>; Mon, 25 Feb 2019 23:59:29 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com
	[209.85.215.194])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3B16BA9
	for <dev@openvswitch.org>; Mon, 25 Feb 2019 23:59:29 +0000 (UTC)
Received: by mail-pg1-f194.google.com with SMTP id 196so5237792pgf.13
	for <dev@openvswitch.org>; Mon, 25 Feb 2019 15:59:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id;
	bh=hGUTtlUJxFuOgadm+9FU+CQTHOlD9PAyZJUNPwzs8TQ=;
	b=XQPVMQAwKS8sTTVvKmREMAzdY4d84dsTAC50lHlGh5N+kkvN7dEoixIaYePhPZCOMB
	O0faxNFV2jkOGzFVUdXDqiPeVG2nPyKME236blByGsq0jYyBYSL2rmPv1OlUw3X8Aoch
	+0R3nLLPAn2p6x4vrx2eTlMeGvViPgoq6vSaDZTew/PKbxS56B9BxozunLPn5i43Dooz
	+r9+JlqKv8N5iHIa4UaSpzbFwCHhdujcJK2tYZKv0VmBU/Q1t+iQXugz4JVMsWLFdIbB
	M/JSQ+tkJKX1ucqCqUdOfTq3uw7LMYAiJ4ns2ZCNod40d6mgmUetbMo49yDU9yQNl2GO
	AHCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=hGUTtlUJxFuOgadm+9FU+CQTHOlD9PAyZJUNPwzs8TQ=;
	b=kKKuecAtcT+KXvrC/MzzPxexJKKo/vTakKZW3AGsYGQgzp08oc0Na0kSL5z3gX1iZT
	FyKiuNZTp0qo27x+tBN5pzsJBqx/b2cx3Hla+b8m1b+wGBoAdlpIFA8OWTlJNg6LdvzA
	12G2032pnMTRFLcRk9mz607gHQgdWOeh2m+5nY5f9zf377EkDv1m9hECG8g2MFQ8Lee1
	8ohpz1bJl12AxtF8gDtFP0sLn3FqsnNNYGJQFAntiJgTLvCoYd9CYdjUJjrmeAa9nYyh
	HJNlT0RPkd1Nw75hXN+izNEm6QzGrTDxFe7YB3YDRZhZcRU7RltRqiseGNmk21jDgwBR
	lwSg==
X-Gm-Message-State: AHQUAuZJbubrEyFJGXUha59zAX3gr1eNJKtry9EQxmX/3Zn0NL9AY5a5
	GAN3yp1uDg7SQdsHYwolXas=
X-Google-Smtp-Source: 
 AHgI3IbGolp7s3qaWRn4MErwjB+u3cWyAg4ywlMVzAtSxzk7vsfDWgevBWbU5XLOM2kugZEoFrAPHQ==
X-Received: by 2002:a63:e451:: with SMTP id
	i17mr21553016pgk.413.1551139168725;
	Mon, 25 Feb 2019 15:59:28 -0800 (PST)
Received: from ubuntu.localdomain (c-76-102-76-212.hsd1.ca.comcast.net.
	[76.102.76.212]) by smtp.gmail.com with ESMTPSA id
	b70sm17896781pfm.6.2019.02.25.15.59.27
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 25 Feb 2019 15:59:28 -0800 (PST)
From: Darrell Ball <dlu998@gmail.com>
To: dlu998@gmail.com,
	dev@openvswitch.org
Date: Mon, 25 Feb 2019 15:59:17 -0800
Message-Id: <1551139158-58309-1-git-send-email-dlu998@gmail.com>
X-Mailer: git-send-email 1.9.1
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [patch v2 1/2] conntrack: Fix wasted work for ICMP NAT.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

ICMPv4 and ICMPv6 are not subject to port address translation (PAT),
however, a loop increments a local variable unnecessarily for
ephemeral ports, resulting in wasted work for ICMPv4 and ICMPv6 packets
subject to NAT.  Fix this by checking for PAT being enabled before
incrementing the local port variable and bail out otherwise.

Signed-off-by: Darrell Ball <dlu998@gmail.com>
---

v2: Consolidate two selection statements.

 lib/conntrack.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 4028ba9..5f143e0 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2179,20 +2179,16 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
     bool ephemeral_ports_tried = conn->nat_info->nat_action & NAT_ACTION_DST
                                  ? true : false;
     union ct_addr first_addr = ct_addr;
+    bool pat_enabled = conn->key.nw_proto != IPPROTO_ICMP &&
+                       conn->key.nw_proto != IPPROTO_ICMPV6;
 
     while (true) {
+
         if (conn->nat_info->nat_action & NAT_ACTION_SRC) {
             nat_conn->rev_key.dst.addr = ct_addr;
-        } else {
-            nat_conn->rev_key.src.addr = ct_addr;
-        }
-
-        if ((conn->key.nw_proto == IPPROTO_ICMP) ||
-            (conn->key.nw_proto == IPPROTO_ICMPV6)) {
-            all_ports_tried = true;
-        } else if (conn->nat_info->nat_action & NAT_ACTION_SRC) {
             nat_conn->rev_key.dst.port = htons(port);
         } else {
+            nat_conn->rev_key.src.addr = ct_addr;
             nat_conn->rev_key.src.port = htons(port);
         }
 
@@ -2200,7 +2196,7 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
                                                ct->hash_basis);
         if (new_insert) {
             return true;
-        } else if (!all_ports_tried) {
+        } else if (pat_enabled && !all_ports_tried) {
             if (min_port == max_port) {
                 all_ports_tried = true;
             } else if (port == max_port) {
@@ -2222,7 +2218,7 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn,
                 ct_addr = conn->nat_info->min_addr;
             }
             if (!memcmp(&ct_addr, &first_addr, sizeof ct_addr)) {
-                if (!ephemeral_ports_tried) {
+                if (pat_enabled && !ephemeral_ports_tried) {
                     ephemeral_ports_tried = true;
                     ct_addr = conn->nat_info->min_addr;
                     first_addr = ct_addr;