diff mbox series

[ovs-dev,v3,2/2] conntrack: Handle persistent selection for IP addresses.

Message ID 20240216171914.2651243-2-pvalerio@redhat.com
State Accepted
Delegated to: Simon Horman
Headers show
Series [ovs-dev,v3,1/2] conntrack: Handle random selection for port ranges. | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation success test: success

Commit Message

Paolo Valerio Feb. 16, 2024, 5:19 p.m. UTC 
The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Acked-by: Simon Horman <horms@ovn.org>
---
v3:
- rearranged branches in nat_get_unique_tuple() (Simon)
---
 NEWS              |  3 ++-
 lib/conntrack.c   | 25 +++++++++++++++++++------
 lib/conntrack.h   |  1 +
 lib/dpif-netdev.c |  2 ++
 4 files changed, 24 insertions(+), 7 deletions(-)

Comments

Simon Horman Feb. 19, 2024, 1:27 p.m. UTC | #1 
On Fri, Feb 16, 2024 at 06:19:14PM +0100, Paolo Valerio wrote:
> The patch, when 'persistent' flag is specified, makes the IP selection
> in a range persistent across reboots.
> 
> Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
> Acked-by: Simon Horman <horms@ovn.org>
> ---
> v3:
> - rearranged branches in nat_get_unique_tuple() (Simon)

Thanks Paolo,

For the record I'm (still) happy with this patch.

I'll plan to apply this series unless there is feedback
to the contrary in the next few days.

...
Aaron Conole Feb. 19, 2024, 6:49 p.m. UTC | #2 
Paolo Valerio <pvalerio@redhat.com> writes:

> The patch, when 'persistent' flag is specified, makes the IP selection
> in a range persistent across reboots.
>
> Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
> Acked-by: Simon Horman <horms@ovn.org>
> ---

Acked-by: Aaron Conole <aconole@redhat.com>
Simon Horman Feb. 21, 2024, 10:18 a.m. UTC | #3 
On Mon, Feb 19, 2024 at 01:27:23PM +0000, Simon Horman wrote:
> On Fri, Feb 16, 2024 at 06:19:14PM +0100, Paolo Valerio wrote:
> > The patch, when 'persistent' flag is specified, makes the IP selection
> > in a range persistent across reboots.
> > 
> > Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
> > Acked-by: Simon Horman <horms@ovn.org>
> > ---
> > v3:
> > - rearranged branches in nat_get_unique_tuple() (Simon)
> 
> Thanks Paolo,
> 
> For the record I'm (still) happy with this patch.
> 
> I'll plan to apply this series unless there is feedback
> to the contrary in the next few days.

Thanks Paolo and Aaron,

Applied with Aaron's Acks.

- conntrack: Handle persistent selection for IP addresses.
  https://github.com/openvswitch/ovs/commit/afdc1171a8f1
- conntrack: Handle random selection for port ranges.
  https://github.com/openvswitch/ovs/commit/99413ec2610f
diff mbox series

Patch

diff --git a/NEWS b/NEWS
index 93046b963..0c86bba81 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@  Post-v3.3.0
 --------------------
    - Userspace datapath:
      * Conntrack now supports 'random' flag for selecting ports in a range
-       while natting.
+       while natting and 'persistent' flag for selection of the IP address
+       from a range.
 
 
 v3.3.0 - xx xxx xxxx
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e09ecdf33..8a7056bac 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2202,17 +2202,21 @@  nat_range_hash(const struct conn_key *key, uint32_t basis,
 {
     uint32_t hash = basis;
 
+    if (!basis) {
+        hash = ct_addr_hash_add(hash, &key->src.addr);
+    } else {
+        hash = ct_endpoint_hash_add(hash, &key->src);
+        hash = ct_endpoint_hash_add(hash, &key->dst);
+    }
+
     hash = ct_addr_hash_add(hash, &nat_info->min_addr);
     hash = ct_addr_hash_add(hash, &nat_info->max_addr);
     hash = hash_add(hash,
                     ((uint32_t) nat_info->max_port << 16)
                     | nat_info->min_port);
-    hash = ct_endpoint_hash_add(hash, &key->src);
-    hash = ct_endpoint_hash_add(hash, &key->dst);
     hash = hash_add(hash, (OVS_FORCE uint32_t) key->dl_type);
     hash = hash_add(hash, key->nw_proto);
     hash = hash_add(hash, key->zone);
-
     /* The purpose of the second parameter is to distinguish hashes of data of
      * different length; our data always has the same length so there is no
      * value in counting. */
@@ -2388,10 +2392,19 @@  nat_get_unique_tuple(struct conntrack *ct, struct conn *conn,
                      fwd_key->nw_proto == IPPROTO_SCTP;
     uint16_t min_dport, max_dport, curr_dport;
     uint16_t min_sport, max_sport, curr_sport;
-    uint32_t hash, port_off;
+    uint32_t hash, port_off, basis;
+
+    basis = (nat_info->nat_flags & NAT_PERSISTENT) ? 0 : ct->hash_basis;
+    hash = nat_range_hash(fwd_key, basis, nat_info);
+
+    if (nat_info->nat_flags & NAT_RANGE_RANDOM) {
+        port_off = random_uint32();
+    } else if (basis) {
+        port_off = hash;
+    } else {
+        port_off = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
+    }
 
-    hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
-    port_off = nat_info->nat_flags & NAT_RANGE_RANDOM ? random_uint32() : hash;
     min_addr = nat_info->min_addr;
     max_addr = nat_info->max_addr;
 
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 9b0c6aa88..ee7da099e 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -79,6 +79,7 @@  enum nat_action_e {
 
 enum nat_flags_e {
     NAT_RANGE_RANDOM = 1 << 0,
+    NAT_PERSISTENT = 1 << 1,
 };
 
 struct nat_action_info_t {
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c3334c667..fbf7ccabd 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -9413,6 +9413,8 @@  dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
                         nat_action_info.nat_flags |= NAT_RANGE_RANDOM;
                         break;
                     case OVS_NAT_ATTR_PERSISTENT:
+                        nat_action_info.nat_flags |= NAT_PERSISTENT;
+                        break;
                     case OVS_NAT_ATTR_PROTO_HASH:
                         break;
                     case OVS_NAT_ATTR_UNSPEC: