From patchwork Mon May 6 21:56:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yifeng Sun X-Patchwork-Id: 1096065 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="B4V2mAZf"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44yc8c2ldKz9s00 for ; Tue, 7 May 2019 07:59:28 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id B80E52898; Mon, 6 May 2019 21:57:04 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A77DA5433 for ; Mon, 6 May 2019 21:57:01 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 016277DB for ; Mon, 6 May 2019 21:57:00 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id cb4so3111914plb.3 for ; Mon, 06 May 2019 14:57:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SvIu8EEI+pfTCqg2e/Vd5WtRkHCY5Uje/2rFEtBJZ54=; b=B4V2mAZfUPpUFHNLDkcJ+MMN6qUwTT9OLbQ1AL0CdedMZ3Yg3WVLRUHKAxxbBFskav hV423PxN0mFgSE6N3NPBCD5D3oBQjB7sm6bq2twyRV3B2ney38m0a9t5T9fe4e90zv07 wGIqz5gXsSFN7R0Zi1zB6719mak4VtM3PLj7hK4w2SEIBpIzWKGheefrGrWwJBFBFAgz ayu/LT5qY3Cf4E/hjvYAqOC5iRsZIZkrFc0E267iqqGeY2TWGjFDgRVTuoup//zESGmi znYkkTV1uConuc60rRK5KKL7ck3xp5xgon8H0kgsq5PvZrD8wf5nowcafbcTsYNN4aNr Qlmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SvIu8EEI+pfTCqg2e/Vd5WtRkHCY5Uje/2rFEtBJZ54=; b=fs0QQxgbyzj4+iZ5J7odpH9QPMjdYNQxFi1eLjAYlsiXYJ+N6A7i5+RmU5lLR1VYcQ f59dUt0evomDqQsutyLXSs9Q2m2972JbPnVvmDdz65wiX4eLM9U5N7SDciQmpQ0InHHC EYiK06+wzRmuR67GPpEcMsIgAgXAJT8ZBuuEDfIsmeng6xLIFaJAKmnz4P/El1X/Ydlc EVjrJr3yO59PbTcxoT4y87ATvH6Gj9e0JsYhYV61WXmAN0riY+BFyOKkH/EOoit3YzCL 1debKkbT9pxLnWtrINUAObh1dqBZf7+7HsKbcnN29tPqsGYiRQoi4mdYO9wDzHwDj2Ru 1jwg== X-Gm-Message-State: APjAAAUcefDdUYGW+NKVZz01IrybUlxb2dFfmbgMOAK7hWQOmGvl4Ec/ Zt92RukaeYgDuw8nh/kTZ4sdWcjd X-Google-Smtp-Source: APXvYqyV0QRpuJ+er0fF0lQaTxzT7KeTOncbqgbbH3B2PbY0SVpGzGEKJ/Gcgq460p7HBprKFx5YtA== X-Received: by 2002:a17:902:6843:: with SMTP id f3mr35309967pln.218.1557179820325; Mon, 06 May 2019 14:57:00 -0700 (PDT) Received: from kern417.eng.vmware.com ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id b9sm6799202pgj.94.2019.05.06.14.56.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 May 2019 14:56:59 -0700 (PDT) From: Yifeng Sun To: dev@openvswitch.org Date: Mon, 6 May 2019 14:56:46 -0700 Message-Id: <1557179808-27283-6-git-send-email-pkusunyifeng@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1557179808-27283-1-git-send-email-pkusunyifeng@gmail.com> References: <1557179808-27283-1-git-send-email-pkusunyifeng@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Florian Westphal Subject: [ovs-dev] [PATCH 5/7] openvswitch: use nf_ct_get_tuplepr, invert_tuplepr X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Florian Westphal Upstream commit: commit 60e3be94e6a1c5162a0763c9aafb5190b2b1fdce Author: Florian Westphal Date: Mon Jun 25 17:55:32 2018 +0200 openvswitch: use nf_ct_get_tuplepr, invert_tuplepr These versions deal with the l3proto/l4proto details internally. It removes only caller of nf_ct_get_tuple, so make it static. After this, l3proto->get_l4proto() can be removed in a followup patch. Signed-off-by: Florian Westphal Acked-by: Pravin B Shelar Signed-off-by: Pablo Neira Ayuso This patch backports the above upstream kernel patch to OVS. Cc: Florian Westphal Signed-off-by: Yifeng Sun --- acinclude.m4 | 2 ++ datapath/conntrack.c | 17 +++-------------- .../include/net/netfilter/nf_conntrack_core.h | 19 +++++++++++++++++++ datapath/linux/compat/nf_conntrack_core.c | 21 +++++++++++++++++++++ 4 files changed, 45 insertions(+), 14 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index 4f9aebc325ba..4c533bb98949 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -936,6 +936,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])]) OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN], [OVS_DEFINE([HAVE_IPV6_FRAG_H])]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], + [nf_ct_invert_tuplepr]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 52825a6b20fb..391755c25cb0 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -646,23 +646,12 @@ static struct nf_conn * ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, u8 l3num, struct sk_buff *skb, bool natted) { - const struct nf_conntrack_l3proto *l3proto; - const struct nf_conntrack_l4proto *l4proto; struct nf_conntrack_tuple tuple; struct nf_conntrack_tuple_hash *h; struct nf_conn *ct; - unsigned int dataoff; - u8 protonum; - l3proto = __nf_ct_l3proto_find(l3num); - if (l3proto->get_l4proto(skb, skb_network_offset(skb), &dataoff, - &protonum) <= 0) { - pr_debug("ovs_ct_find_existing: Can't get protonum\n"); - return NULL; - } - l4proto = __nf_ct_l4proto_find(l3num, protonum); - if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, - protonum, net, &tuple, l3proto, l4proto)) { + if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), l3num, + net, &tuple)) { pr_debug("ovs_ct_find_existing: Can't get tuple\n"); return NULL; } @@ -671,7 +660,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, if (natted) { struct nf_conntrack_tuple inverse; - if (!nf_ct_invert_tuple(&inverse, &tuple, l3proto, l4proto)) { + if (!nf_ct_invert_tuplepr(&inverse, &tuple, l3num, skb)) { pr_debug("ovs_ct_find_existing: Inversion failed!\n"); return NULL; } diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index d0e9aadcba76..8eba1242042b 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -3,6 +3,25 @@ #include_next +#ifdef HAVE_NF_CT_INVERT_TUPLEPR + +#include + +static inline bool +rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig, + u8 l3num, struct sk_buff *skb) +{ + return nf_ct_invert_tuplepr(inverse, orig); +} +#else +bool +rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig, + u8 l3num, struct sk_buff *skb); +#endif /* HAVE_NF_CT_INVERT_TUPLEPR */ +#define nf_ct_invert_tuplepr rpl_nf_ct_invert_tuplepr + #ifndef HAVE_NF_CT_TMPL_ALLOC_TAKES_STRUCT_ZONE #include diff --git a/datapath/linux/compat/nf_conntrack_core.c b/datapath/linux/compat/nf_conntrack_core.c index a7d3d4331e4a..397a5f69ffe9 100644 --- a/datapath/linux/compat/nf_conntrack_core.c +++ b/datapath/linux/compat/nf_conntrack_core.c @@ -11,3 +11,24 @@ const struct nf_conntrack_zone nf_ct_zone_dflt = { }; #endif /* HAVE_NF_CT_ZONE_INIT */ + +#ifndef HAVE_NF_CT_INVERT_TUPLEPR +bool +rpl_nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig, + u8 l3num, struct sk_buff *skb) +{ + const struct nf_conntrack_l3proto *l3proto; + const struct nf_conntrack_l4proto *l4proto; + u8 protonum; + + l3proto = __nf_ct_l3proto_find(l3num); + if (l3proto->get_l4proto(skb, skb_network_offset(skb), &dataoff, + &protonum) <= 0) { + pr_debug("ovs_ct_find_existing: Can't get protonum\n"); + return false; + } + l4proto = __nf_ct_l4proto_find(l3num, protonum); + return nf_ct_invert_tuple(&inverse, &tuple, l3proto, l4proto); +} +#endif /* HAVE_NF_CT_INVERT_TUPLEPR */