diff mbox series

[ovs-dev,ovs-dev,v7,3/3] ipf: ipf_preprocess_conntrack should also consider ipf_ctx

Message ID 20220109130217.382371-3-hepeng.0320@bytedance.com
State Superseded
Headers show
Series [ovs-dev,ovs-dev,v7,1/3] ipf: add ipf context | expand

Checks

Context Check Description
ovsrobot/apply-robot warning apply and check: warning
ovsrobot/github-robot-_Build_and_Test fail github build: failed

Commit Message

Peng He Jan. 9, 2022, 1:02 p.m. UTC 
considering a multi-thread PMD setting, when the frags are reassembled
in one PMD, another thread might call *ipf_execute_reass_pkts* and 'steal'
the reassembled packets into its ipf ctx, then this reassembled
packet will enter into another ipf context and causes errors.

This happends when there are multiple CT zones, and frags are
reassembled in ct(zone=X) might be 'stealed' into the ct(zone=Y).

Signed-off-by: Peng He <hepeng.0320@bytedance.com>
---
 lib/conntrack.c |  2 +-
 lib/ipf.c       | 10 ++++++++--
 lib/ipf.h       |  1 +
 3 files changed, 10 insertions(+), 3 deletions(-)

Comments

0-day Robot Jan. 9, 2022, 2:22 p.m. UTC | #1 
Bleep bloop.  Greetings Peng He, I am a robot and I have tried out your patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
ERROR: Author Peng He <xnhp0320@gmail.com> needs to sign off.
WARNING: Unexpected sign-offs from developers who are not authors or co-authors or committers: Peng He <hepeng.0320@bytedance.com>
Lines checked: 91, Warnings: 1, Errors: 1


Please check this out.  If you feel there has been an error, please email aconole@redhat.com

Thanks,
0-day Robot
diff mbox series

Patch

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 72999f1ae..aafa6b536 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1443,7 +1443,7 @@  conntrack_execute(struct conntrack *ct, struct dp_packet_batch *pkt_batch,
                   const struct nat_action_info_t *nat_action_info,
                   long long now, uint32_t tp_id, struct ipf_ctx *ipf_ctx)
 {
-    ipf_preprocess_conntrack(ct->ipf, pkt_batch, now, dl_type, zone,
+    ipf_preprocess_conntrack(ct->ipf, pkt_batch, ipf_ctx, now, dl_type, zone,
                              ct->hash_basis);
 
     struct dp_packet *packet;
diff --git a/lib/ipf.c b/lib/ipf.c
index 26de7bbcf..1531f9148 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -1140,7 +1140,8 @@  ipf_send_expired_frags(struct ipf *ipf, struct dp_packet_batch *pb,
 /* Adds a reassmebled packet to a packet batch to be processed by the caller.
  */
 static void
-ipf_execute_reass_pkts(struct ipf *ipf, struct dp_packet_batch *pb)
+ipf_execute_reass_pkts(struct ipf *ipf, struct dp_packet_batch *pb,
+                       struct ipf_ctx *ctx)
 {
     if (ovs_list_is_empty(&ipf->reassembled_pkt_list)) {
         return;
@@ -1150,6 +1151,10 @@  ipf_execute_reass_pkts(struct ipf *ipf, struct dp_packet_batch *pb)
     struct reassembled_pkt *rp, *next;
 
     LIST_FOR_EACH_SAFE (rp, next, rp_list_node, &ipf->reassembled_pkt_list) {
+        if (ctx && !ipf_ctx_eq(rp->list, ctx, rp->pkt)) {
+            continue;
+        }
+
         if (!rp->list->reass_execute_ctx &&
             ipf_dp_packet_batch_add(pb, rp->pkt, false)) {
             rp->list->reass_execute_ctx = rp->pkt;
@@ -1251,6 +1256,7 @@  ipf_post_execute_reass_pkts(struct ipf *ipf,
  * be added to the batch to be sent through conntrack. */
 void
 ipf_preprocess_conntrack(struct ipf *ipf, struct dp_packet_batch *pb,
+                         struct ipf_ctx *ipf_ctx,
                          long long now, ovs_be16 dl_type,
                          uint16_t zone, uint32_t hash_basis)
 {
@@ -1259,7 +1265,7 @@  ipf_preprocess_conntrack(struct ipf *ipf, struct dp_packet_batch *pb,
     }
 
     if (ipf_get_enabled(ipf) || atomic_count_get(&ipf->nfrag)) {
-        ipf_execute_reass_pkts(ipf, pb);
+        ipf_execute_reass_pkts(ipf, pb, ipf_ctx);
     }
 }
 
diff --git a/lib/ipf.h b/lib/ipf.h
index 7bbf453af..8974f15ae 100644
--- a/lib/ipf.h
+++ b/lib/ipf.h
@@ -49,6 +49,7 @@  struct ipf_ctx {
 struct ipf *ipf_init(void);
 void ipf_destroy(struct ipf *ipf);
 void ipf_preprocess_conntrack(struct ipf *ipf, struct dp_packet_batch *pb,
+                              struct ipf_ctx *ctx,
                               long long now, ovs_be16 dl_type, uint16_t zone,
                               uint32_t hash_basis);