From patchwork Wed May 8 23:59:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yifeng Sun X-Patchwork-Id: 1097287 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="f06nn23S"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44ztkN5N4rz9s9y for ; Thu, 9 May 2019 09:59:39 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DB27FEB4; Wed, 8 May 2019 23:59:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6E6FAB9E for ; Wed, 8 May 2019 23:59:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 67326196 for ; Wed, 8 May 2019 23:59:33 +0000 (UTC) Received: by mail-pl1-f195.google.com with SMTP id a5so163217pls.12 for ; Wed, 08 May 2019 16:59:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=nIPB+Gi/dFX5aAXhaUsH08YOasemOVshPS7HGDEh/SM=; b=f06nn23SNBM5yI6k/aHmA1tMH2KhVQjERNhwQ4Q7lnw7oxvujARuC4nGjL87tNUv2f SGTD3yngAqVOpztgc8UrflJtHcCRnOtAoFf9v4TaSClzaEbnd+DMUKcqFEDqdqs7zqOs IxengkJybXuPmGGDjp9O/YyPhjVMbZfi9KjG5PJtLBpeBanNWMVjkLzM5qfbJfL2PCsT R32vkgX93cSRqfYYRYbbZmrga0OBKePzEcJJDSxl32VmigozskE6iPdF5CquF/DoniJP ggaD0IfCG/30LUYuHrsMVgq5RgVyUqPm3QIfdGSbYrAJG7DImMYJFJJ4wUO6O6qUJBxC V8ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=nIPB+Gi/dFX5aAXhaUsH08YOasemOVshPS7HGDEh/SM=; b=SXiWW9KNA1xGvt1qbe8hVJEgCZt4HCE6jLoKlEd2XuBJDb9OyPucnt5PZfoMAs7gYy rRrDhSy/Jynu2tf7d6b95vHQZ/MOnYeJbsB0D3k+/2UJK7SDUluz0h7Bc86ev8i7PYto 7pJizcKErywhJKKhwn3Xi9ZQA+OUcD9K3H3clDOhY6uZl1oAWTgqXZPJmupOd/8OD9xm 3X/dPUlIOfAzNrudIT7DBR+vvZcmEgd7i12bM+2RRLSNjx5L+dB4kHXOgP1yEIVMKAzf PC5ua/9agyK7q84Tsltz+CZ7nUg3+TaeYPJ90OrvKJ/AYyQFkkSuBjVP7F7IQqzolhsK qj7A== X-Gm-Message-State: APjAAAXQqoC/KFtEuqvf6Cd4lBD5DwA3GFiLe+hxN8p+TKU+xt0l/su2 K7XcZYsydY497LkZaDYerXGr1CEC X-Google-Smtp-Source: APXvYqxEgxKtejNW7GMYSPK2SxcpvmPiop9IXvbD3rd6pyn0LxEPq6znt7E69iHXaEYjLZhQhGAMsg== X-Received: by 2002:a17:902:a506:: with SMTP id s6mr861914plq.86.1557359972573; Wed, 08 May 2019 16:59:32 -0700 (PDT) Received: from kern417.eng.vmware.com ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id a26sm488669pfl.177.2019.05.08.16.59.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 May 2019 16:59:31 -0700 (PDT) From: Yifeng Sun To: dev@openvswitch.org Date: Wed, 8 May 2019 16:59:05 -0700 Message-Id: <1557359946-29077-1-git-send-email-pkusunyifeng@gmail.com> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Florian Westphal Subject: [ovs-dev] [PATCH 2/7 v2] datapath: Pass nf_hook_state to nf_conntrack_in() X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Florian Westphal Upstream Commit: commit 93e66024b0249cec81e91328c55a754efd3192e0 Author: Florian Westphal Date: Wed Sep 12 15:19:07 2018 +0200 netfilter: conntrack: pass nf_hook_state to packet and error handlers nf_hook_state contains all the hook meta-information: netns, protocol family, hook location, and so on. Instead of only passing selected information, pass a pointer to entire structure. This will allow to merge the error and the packet handlers and remove the ->new() function in followup patches. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso This patch backports the above upstream patch to OVS and fixes compiling errors on RHEL kernels. Cc: Florian Westphal Signed-off-by: Yifeng Sun Acked-by: Yi-Hung Wei --- v1->v2: Fixed by YiHung's comments, thanks YiHung. acinclude.m4 | 5 +++++ datapath/conntrack.c | 8 ++++++-- datapath/linux/Modules.mk | 1 + datapath/linux/compat/include/linux/netfilter.h | 19 +++++++++++++++++++ .../compat/include/net/netfilter/nf_conntrack_core.h | 9 +++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 datapath/linux/compat/include/linux/netfilter.h diff --git a/acinclude.m4 b/acinclude.m4 index c9b744db0b94..372be5f4dccd 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -603,6 +603,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [ndo_change_mtu], [OVS_DEFINE([HAVE_RHEL7_MAX_MTU])]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state]) + OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state], + [struct net ], [OVS_DEFINE([HAVE_NF_HOOK_STATE_NET])]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_register_net_hook]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hookfn.*nf_hook_ops], [OVS_DEFINE([HAVE_NF_HOOKFN_ARG_OPS])]) @@ -929,6 +931,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h], [nf_conntrack_l3proto], [OVS_DEFINE([HAVE_NF_CONNTRACK_L3PROATO_H])]) + OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_core.h], + [nf_conntrack_in], [nf_hook_state], + [OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 52208bad3029..8c1a80308d6a 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -987,6 +987,11 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, struct nf_conn *ct; if (!cached) { + struct nf_hook_state state = { + .hook = NF_INET_PRE_ROUTING, + .pf = info->family, + .net = net, + }; struct nf_conn *tmpl = info->ct; int err; @@ -998,8 +1003,7 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, nf_ct_set(skb, tmpl, IP_CT_NEW); } - err = nf_conntrack_in(net, info->family, - NF_INET_PRE_ROUTING, skb); + err = nf_conntrack_in(skb, &state); if (err != NF_ACCEPT) return -ENOENT; diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk index caa2525ff0ab..ae63e3653b41 100644 --- a/datapath/linux/Modules.mk +++ b/datapath/linux/Modules.mk @@ -114,5 +114,6 @@ openvswitch_headers += \ linux/compat/include/net/erspan.h \ linux/compat/include/uapi/linux/netfilter.h \ linux/compat/include/linux/mm.h \ + linux/compat/include/linux/netfilter.h \ linux/compat/include/linux/overflow.h EXTRA_DIST += linux/compat/build-aux/export-check-whitelist diff --git a/datapath/linux/compat/include/linux/netfilter.h b/datapath/linux/compat/include/linux/netfilter.h new file mode 100644 index 000000000000..a6ed6172d49f --- /dev/null +++ b/datapath/linux/compat/include/linux/netfilter.h @@ -0,0 +1,19 @@ +#ifndef __NETFILTER_WRAPPER_H +#define __NETFILTER_WRAPPER_H + +#include_next + +#if !defined(HAVE_NF_HOOK_STATE) || !defined(HAVE_NF_HOOK_STATE_NET) +struct rpl_nf_hook_state { + unsigned int hook; + u_int8_t pf; + struct net_device *in; + struct net_device *out; + struct sock *sk; + struct net *net; + int (*okfn)(struct net *, struct sock *, struct sk_buff *); +}; +#define nf_hook_state rpl_nf_hook_state +#endif + +#endif /* __NETFILTER_WRAPPER_H */ diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index 7834c8c25f79..10158011fd4d 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -104,4 +104,13 @@ static inline bool rpl_nf_ct_delete(struct nf_conn *ct, u32 portid, int report) #define nf_ct_delete rpl_nf_ct_delete #endif /* HAVE_NF_CONN_TIMER */ +#ifndef HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE +static inline unsigned int +rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) +{ + return nf_conntrack_in(state->net, state->pf, state->hook, skb); +} +#define nf_conntrack_in rpl_nf_conntrack_in +#endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ + #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */