From patchwork Sun Apr 11 11:46:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roi Dayan X-Patchwork-Id: 1464798 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=ROAcNw1f; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FJ97N5Tc1z9sVw; Sun, 11 Apr 2021 21:46:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lVYXl-0004bi-AY; Sun, 11 Apr 2021 11:46:21 +0000 Received: from mail-bn8nam12on2066.outbound.protection.outlook.com ([40.107.237.66] helo=NAM12-BN8-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lVYXf-0004X0-7T for kernel-team@lists.ubuntu.com; Sun, 11 Apr 2021 11:46:15 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kdl6CokdXa/ET7JsyOC33C6Tz8CAapDCka1Npn2+8iHDUANdkx62LGtckvgMv8kI2c0J5wEjGRTWlMb0zsCB27ylum4s++GfoV32JxghVqdkl5RrJV/6vzwcS0C4p1Pq/yNY61IrnPe6t9VRC0xXUJIDc/HewQ1wCeaIASgReF+wouFqeRq9d7FXTFJ0Cd2/WsEj70D2emQZpfpJSOIUaVJJY1KDas/O34PFAXWJfI3gcUbnX08/xVh+4YpUrZMuXJUI+ctltjnQBlsgrrTNHRMH56ThQ6N+HKvZEW34T9Nost58zp8aXvLNjojy4dH5BH/pNOBw5+AUjNaZ+ECwbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fJnojFCrf6Zy59G5pnI95DjxbxJ3+6KMGXS7/H6oZFo=; b=C/xV4G2mNpM4sroIMEsZcSRnuNS0euvuz4ec1HQYf162buly+BQpyE3eit/5hEKsdewiK4SvYsj07p0ZLFmR73YBX3saIPoYzNnf1iQ1z5YdDytxfgfJ0tNCQl63wvoRxtdCQ+WDbyQVR5cOGZbzCu7dYLRuLnrTzGIcMJIl8pJw/112mW9yX0yqcZq1MVswvLVHNUrz+lbFDNtROjS9p10q6tl8D31bsC/ZzYLpjRAF0Md1YdIyq4RgRn6/JU3Q0ot9C9jcd2IeVg2vW4MHWaZ/kUbSosTZieUCGBgYTuaLTbFiH3vYojIDF1E9RRxjjRqGkPMs3a/hFU77rR3vbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fJnojFCrf6Zy59G5pnI95DjxbxJ3+6KMGXS7/H6oZFo=; b=ROAcNw1f/cs765hwq/w4+H9QQdNnim3rB3BX1Tejzc4/g3h51pkWOZeYvNHnIkaQ6pXuXQmuySoae/bsekYJORQKvR2bCBg5b5DooM/IS5aULfyhALsjn3Vqo+bGemz+GaRaGdJ1PRGVssarG1l1637FJzHFCgKE+4BFLJxTjgA0ryCQVp809m/Omwt+t9UCrGdm4UT8U3mfnXQyhhxYm0cNMIMm52lFIju5HVSg3ifPotEaXiVRJgdEqE+w0HA/CmD9wZReZtgDzDmkNnNN4qNVUyKbd0+ZJ8i1N9YOm5WzSRB83ZrnI2I+pbDfbLncBjYjquLuCjJ1L38t95S4Aw== Received: from MWHPR03CA0020.namprd03.prod.outlook.com (2603:10b6:300:117::30) by DM6PR12MB4418.namprd12.prod.outlook.com (2603:10b6:5:28e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.21; Sun, 11 Apr 2021 11:46:12 +0000 Received: from CO1NAM11FT029.eop-nam11.prod.protection.outlook.com (2603:10b6:300:117:cafe::4d) by MWHPR03CA0020.outlook.office365.com (2603:10b6:300:117::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.21 via Frontend Transport; Sun, 11 Apr 2021 11:46:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; canonical.com; dkim=none (message not signed) header.d=none;canonical.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT029.mail.protection.outlook.com (10.13.174.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4020.17 via Frontend Transport; Sun, 11 Apr 2021 11:46:12 +0000 Received: from HQMAIL111.nvidia.com (172.20.187.18) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 11 Apr 2021 11:46:11 +0000 Received: from dev-r-vrt-138.mtr.labs.mlnx (172.20.145.6) by mail.nvidia.com (172.20.187.18) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sun, 11 Apr 2021 11:46:10 +0000 From: Roi Dayan To: Subject: [SRU][F:linux-bluefield][PATCH 3/5] net/sched: act_ct: clear post_ct if doing ct_clear Date: Sun, 11 Apr 2021 14:46:00 +0300 Message-ID: <20210411114602.2003649-4-roid@nvidia.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210411114602.2003649-1-roid@nvidia.com> References: <20210411114602.2003649-1-roid@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bcb2930b-d013-4af9-707b-08d8fcdf67cc X-MS-TrafficTypeDiagnostic: DM6PR12MB4418: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2089; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7sYn652zYgy1BiHLtzugTk535zRwCfnCDsVmyqY3n7D6uyZnOcUaXrUyuihssHyQGKZutLTZ1YXaUsMxZ9ElpFnilM86RYp9B6uWilw0FM3RG5RfM6yxCkmyIIlHZKciB9daETUKHgIwY3E108Bo0R9DsPofSZjS3FN2HEJBLFPS2Q0IFzfhFQA1uECXubH5Eo1+0s/GwKMJvPv6Jf6YLhSq6g1ta7lI9bHxwavxFbq8oddRbiR8i98ZC065FRQ/XTVvcXiCqxkJ6503mWPJjTUMx8ekI14UEhoSla1gE3OMvuCjfHajdAGcFIZjhxECbKbM0AgHTqAGip+Y/t7sOPp0wSyN+X2iGTbspKXhIz1WN2JZ/MCrX2tXSPnf6T+8ASUptGDpBHH47MC40s+OSqAB16OMlcBEXEw2UrZDkVoughsWKiEpCEYD8ACLrTJLc9RrjFeXbICbgKFgje29OjFLEBn5tfNZAzdkkhKYId2vbChi0XX40jehobEJ3iq6FfPVvcMYRF3+MAz9CNYsWQTBCNIp2eU4cU4WcQIaekAv9nfi3mFLYkgxeBreIXNStfNwTotdDuFNLSA97HsHrRjHXURDzaC2tuTfIQlwtlFNPGC6LIEkPfVzFD8s6wvZDVv1CpG0YnwCRjb30n1e7dR6LEs27FJyWI22fR6N8Nq2fSwFGWPLzN8FWXrgrUOA3uNfhLCyrC4yN41PVIVGTf/7yijcfr3xbs2V7keHqdU= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(39860400002)(136003)(46966006)(36840700001)(47076005)(54906003)(1076003)(5660300002)(83380400001)(2616005)(4326008)(36756003)(26005)(356005)(7636003)(336012)(186003)(86362001)(36906005)(6916009)(426003)(966005)(36860700001)(70586007)(316002)(8676002)(82310400003)(82740400003)(70206006)(2906002)(8936002)(478600001)(6666004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2021 11:46:12.1193 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bcb2930b-d013-4af9-707b-08d8fcdf67cc X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT029.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4418 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Vladimir Sokolovsky , Daniel Jurgens Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Marcelo Ricardo Leitner BugLink: https://bugs.launchpad.net/bugs/1922682 Invalid detection works with two distinct moments: act_ct tries to find a conntrack entry and set post_ct true, indicating that that was attempted. Then, when flow dissector tries to dissect CT info and no entry is there, it knows that it was tried and no entry was found, and synthesizes/sets key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | TCA_FLOWER_KEY_CT_FLAGS_INVALID; mimicing what OVS does. OVS has this a bit more streamlined, as it recomputes the key after trying to find a conntrack entry for it. Issue here is, when we have 'tc action ct clear', it didn't clear post_ct, causing a subsequent match on 'ct_state -trk' to fail, due to the above. The fix, thus, is to clear it. Reproducer rules: tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 0 \ protocol ip flower ip_proto tcp ct_state -trk \ action ct zone 1 pipe \ action goto chain 2 tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 2 \ protocol ip flower \ action ct clear pipe \ action goto chain 4 tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 4 \ protocol ip flower ct_state -trk \ action mirred egress redirect dev enp130s0f1np1_0 With the fix, the 3rd rule matches, like it does with OVS kernel datapath. Fixes: 7baf2429a1a9 ("net/sched: cls_flower add CT_FLAGS_INVALID flag support") Signed-off-by: Marcelo Ricardo Leitner Reviewed-by: wenxu Signed-off-by: David S. Miller (backported from commit 8ca1b090e5c9a71abeea1dda8757f4ec3811f06e) Signed-off-by: Roi Dayan --- net/sched/act_ct.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index a117beaf063e..fe132943eac2 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -926,13 +926,14 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, tmpl = p->tmpl; if (clear) { + qdisc_skb_cb(skb)->post_ct = false; ct = nf_ct_get(skb, &ctinfo); if (ct) { nf_conntrack_put(&ct->ct_general); nf_ct_set(skb, NULL, IP_CT_UNTRACKED); } - goto out; + goto out_clear; } family = tcf_ct_skb_nf_family(skb); @@ -1011,8 +1012,9 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, skb_push_rcsum(skb, nh_ofs); out: - tcf_action_update_bstats(&c->common, skb); qdisc_skb_cb(skb)->post_ct = true; +out_clear: + tcf_action_update_bstats(&c->common, skb); return retval; drop: