| Message ID | 1571074671-31834-2-git-send-email-yihung.wei@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Backport upstream conntrack related patches | expand |
A minor issue in commit message: pl_nf_ct_invert_tuple => rpl_nf_ct_invert_tuple Other than that, LGTM, thanks. Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com> On Mon, Oct 14, 2019 at 10:50 AM Yi-Hung Wei <yihung.wei@gmail.com> wrote: > > After upstream net-next commit 303e0c558959 ("netfilter: conntrack: > avoid unneeded nf_conntrack_l4proto lookups") nf_ct_invert_tuplepr() > is no longer available in the kernel. > > Ideally, we should be in sync with upstream kernel by calling > nf_ct_invert_tuple() directly in conntrack.c. However, > nf_ct_invert_tuple() has different function signature in older kernel, > and it would be hard to replace that in the compat layer. Thus, we > use pl_nf_ct_invert_tuple() in conntrack.c and maintain compatibility > in the compat layer so that ovs kernel module runs smoothly in both > new and old kernel. > > Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> > --- > acinclude.m4 | 2 ++ > datapath/conntrack.c | 2 +- > .../linux/compat/include/net/netfilter/nf_conntrack_core.h | 14 ++++++++++++++ > 3 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/acinclude.m4 b/acinclude.m4 > index 52f92870eaaa..4072a7c8f58a 100644 > --- a/acinclude.m4 > +++ b/acinclude.m4 > @@ -697,6 +697,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ > [nf_ct_set]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], > [nf_ct_is_untracked]) > + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], > + [nf_ct_invert_tuplepr]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], > [nf_ct_zone_init]) > OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h], > diff --git a/datapath/conntrack.c b/datapath/conntrack.c > index e328afe1ad15..afdd65b4cb7c 100644 > --- a/datapath/conntrack.c > +++ b/datapath/conntrack.c > @@ -668,7 +668,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, > if (natted) { > struct nf_conntrack_tuple inverse; > > - if (!nf_ct_invert_tuplepr(&inverse, &tuple)) { > + if (!rpl_nf_ct_invert_tuple(&inverse, &tuple)) { > pr_debug("ovs_ct_find_existing: Inversion failed!\n"); > return NULL; > } > diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h > index 10158011fd4d..ad52bc9412d8 100644 > --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h > +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h > @@ -113,4 +113,18 @@ rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) > #define nf_conntrack_in rpl_nf_conntrack_in > #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ > > +#ifdef HAVE_NF_CT_INVERT_TUPLEPR > +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, > + const struct nf_conntrack_tuple *orig) > +{ > + return nf_ct_invert_tuplepr(inverse, orig); > +} > +#else > +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, > + const struct nf_conntrack_tuple *orig) > +{ > + return nf_ct_invert_tuple(inverse, orig); > +} > +#endif /* HAVE_NF_CT_INVERT_TUPLEPR */ > + > #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */ > -- > 2.7.4 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/acinclude.m4 b/acinclude.m4 index 52f92870eaaa..4072a7c8f58a 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -697,6 +697,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [nf_ct_set]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], [nf_ct_is_untracked]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], + [nf_ct_invert_tuplepr]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], [nf_ct_zone_init]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index e328afe1ad15..afdd65b4cb7c 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -668,7 +668,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone, if (natted) { struct nf_conntrack_tuple inverse; - if (!nf_ct_invert_tuplepr(&inverse, &tuple)) { + if (!rpl_nf_ct_invert_tuple(&inverse, &tuple)) { pr_debug("ovs_ct_find_existing: Inversion failed!\n"); return NULL; } diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index 10158011fd4d..ad52bc9412d8 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -113,4 +113,18 @@ rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) #define nf_conntrack_in rpl_nf_conntrack_in #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ +#ifdef HAVE_NF_CT_INVERT_TUPLEPR +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig) +{ + return nf_ct_invert_tuplepr(inverse, orig); +} +#else +static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig) +{ + return nf_ct_invert_tuple(inverse, orig); +} +#endif /* HAVE_NF_CT_INVERT_TUPLEPR */ + #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */
After upstream net-next commit 303e0c558959 ("netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups") nf_ct_invert_tuplepr() is no longer available in the kernel. Ideally, we should be in sync with upstream kernel by calling nf_ct_invert_tuple() directly in conntrack.c. However, nf_ct_invert_tuple() has different function signature in older kernel, and it would be hard to replace that in the compat layer. Thus, we use pl_nf_ct_invert_tuple() in conntrack.c and maintain compatibility in the compat layer so that ovs kernel module runs smoothly in both new and old kernel. Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> --- acinclude.m4 | 2 ++ datapath/conntrack.c | 2 +- .../linux/compat/include/net/netfilter/nf_conntrack_core.h | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-)