From patchwork Wed May 8 23:59:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yifeng Sun X-Patchwork-Id: 1097287 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="f06nn23S"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44ztkN5N4rz9s9y for ; Thu, 9 May 2019 09:59:39 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DB27FEB4; Wed, 8 May 2019 23:59:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6E6FAB9E for ; Wed, 8 May 2019 23:59:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 67326196 for ; Wed, 8 May 2019 23:59:33 +0000 (UTC) Received: by mail-pl1-f195.google.com with SMTP id a5so163217pls.12 for ; Wed, 08 May 2019 16:59:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=nIPB+Gi/dFX5aAXhaUsH08YOasemOVshPS7HGDEh/SM=; b=f06nn23SNBM5yI6k/aHmA1tMH2KhVQjERNhwQ4Q7lnw7oxvujARuC4nGjL87tNUv2f SGTD3yngAqVOpztgc8UrflJtHcCRnOtAoFf9v4TaSClzaEbnd+DMUKcqFEDqdqs7zqOs IxengkJybXuPmGGDjp9O/YyPhjVMbZfi9KjG5PJtLBpeBanNWMVjkLzM5qfbJfL2PCsT R32vkgX93cSRqfYYRYbbZmrga0OBKePzEcJJDSxl32VmigozskE6iPdF5CquF/DoniJP ggaD0IfCG/30LUYuHrsMVgq5RgVyUqPm3QIfdGSbYrAJG7DImMYJFJJ4wUO6O6qUJBxC V8ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=nIPB+Gi/dFX5aAXhaUsH08YOasemOVshPS7HGDEh/SM=; b=SXiWW9KNA1xGvt1qbe8hVJEgCZt4HCE6jLoKlEd2XuBJDb9OyPucnt5PZfoMAs7gYy rRrDhSy/Jynu2tf7d6b95vHQZ/MOnYeJbsB0D3k+/2UJK7SDUluz0h7Bc86ev8i7PYto 7pJizcKErywhJKKhwn3Xi9ZQA+OUcD9K3H3clDOhY6uZl1oAWTgqXZPJmupOd/8OD9xm 3X/dPUlIOfAzNrudIT7DBR+vvZcmEgd7i12bM+2RRLSNjx5L+dB4kHXOgP1yEIVMKAzf PC5ua/9agyK7q84Tsltz+CZ7nUg3+TaeYPJ90OrvKJ/AYyQFkkSuBjVP7F7IQqzolhsK qj7A== X-Gm-Message-State: APjAAAXQqoC/KFtEuqvf6Cd4lBD5DwA3GFiLe+hxN8p+TKU+xt0l/su2 K7XcZYsydY497LkZaDYerXGr1CEC X-Google-Smtp-Source: APXvYqxEgxKtejNW7GMYSPK2SxcpvmPiop9IXvbD3rd6pyn0LxEPq6znt7E69iHXaEYjLZhQhGAMsg== X-Received: by 2002:a17:902:a506:: with SMTP id s6mr861914plq.86.1557359972573; Wed, 08 May 2019 16:59:32 -0700 (PDT) Received: from kern417.eng.vmware.com ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id a26sm488669pfl.177.2019.05.08.16.59.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 May 2019 16:59:31 -0700 (PDT) From: Yifeng Sun To: dev@openvswitch.org Date: Wed, 8 May 2019 16:59:05 -0700 Message-Id: <1557359946-29077-1-git-send-email-pkusunyifeng@gmail.com> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Florian Westphal Subject: [ovs-dev] [PATCH 2/7 v2] datapath: Pass nf_hook_state to nf_conntrack_in() X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Florian Westphal Upstream Commit: commit 93e66024b0249cec81e91328c55a754efd3192e0 Author: Florian Westphal Date: Wed Sep 12 15:19:07 2018 +0200 netfilter: conntrack: pass nf_hook_state to packet and error handlers nf_hook_state contains all the hook meta-information: netns, protocol family, hook location, and so on. Instead of only passing selected information, pass a pointer to entire structure. This will allow to merge the error and the packet handlers and remove the ->new() function in followup patches. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso This patch backports the above upstream patch to OVS and fixes compiling errors on RHEL kernels. Cc: Florian Westphal Signed-off-by: Yifeng Sun Acked-by: Yi-Hung Wei --- v1->v2: Fixed by YiHung's comments, thanks YiHung. acinclude.m4 | 5 +++++ datapath/conntrack.c | 8 ++++++-- datapath/linux/Modules.mk | 1 + datapath/linux/compat/include/linux/netfilter.h | 19 +++++++++++++++++++ .../compat/include/net/netfilter/nf_conntrack_core.h | 9 +++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 datapath/linux/compat/include/linux/netfilter.h diff --git a/acinclude.m4 b/acinclude.m4 index c9b744db0b94..372be5f4dccd 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -603,6 +603,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [ndo_change_mtu], [OVS_DEFINE([HAVE_RHEL7_MAX_MTU])]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state]) + OVS_FIND_FIELD_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hook_state], + [struct net ], [OVS_DEFINE([HAVE_NF_HOOK_STATE_NET])]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_register_net_hook]) OVS_GREP_IFELSE([$KSRC/include/linux/netfilter.h], [nf_hookfn.*nf_hook_ops], [OVS_DEFINE([HAVE_NF_HOOKFN_ARG_OPS])]) @@ -929,6 +931,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h], [nf_conntrack_l3proto], [OVS_DEFINE([HAVE_NF_CONNTRACK_L3PROATO_H])]) + OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_core.h], + [nf_conntrack_in], [nf_hook_state], + [OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 52208bad3029..8c1a80308d6a 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -987,6 +987,11 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, struct nf_conn *ct; if (!cached) { + struct nf_hook_state state = { + .hook = NF_INET_PRE_ROUTING, + .pf = info->family, + .net = net, + }; struct nf_conn *tmpl = info->ct; int err; @@ -998,8 +1003,7 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, nf_ct_set(skb, tmpl, IP_CT_NEW); } - err = nf_conntrack_in(net, info->family, - NF_INET_PRE_ROUTING, skb); + err = nf_conntrack_in(skb, &state); if (err != NF_ACCEPT) return -ENOENT; diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk index caa2525ff0ab..ae63e3653b41 100644 --- a/datapath/linux/Modules.mk +++ b/datapath/linux/Modules.mk @@ -114,5 +114,6 @@ openvswitch_headers += \ linux/compat/include/net/erspan.h \ linux/compat/include/uapi/linux/netfilter.h \ linux/compat/include/linux/mm.h \ + linux/compat/include/linux/netfilter.h \ linux/compat/include/linux/overflow.h EXTRA_DIST += linux/compat/build-aux/export-check-whitelist diff --git a/datapath/linux/compat/include/linux/netfilter.h b/datapath/linux/compat/include/linux/netfilter.h new file mode 100644 index 000000000000..a6ed6172d49f --- /dev/null +++ b/datapath/linux/compat/include/linux/netfilter.h @@ -0,0 +1,19 @@ +#ifndef __NETFILTER_WRAPPER_H +#define __NETFILTER_WRAPPER_H + +#include_next + +#if !defined(HAVE_NF_HOOK_STATE) || !defined(HAVE_NF_HOOK_STATE_NET) +struct rpl_nf_hook_state { + unsigned int hook; + u_int8_t pf; + struct net_device *in; + struct net_device *out; + struct sock *sk; + struct net *net; + int (*okfn)(struct net *, struct sock *, struct sk_buff *); +}; +#define nf_hook_state rpl_nf_hook_state +#endif + +#endif /* __NETFILTER_WRAPPER_H */ diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h index 7834c8c25f79..10158011fd4d 100644 --- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h +++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h @@ -104,4 +104,13 @@ static inline bool rpl_nf_ct_delete(struct nf_conn *ct, u32 portid, int report) #define nf_ct_delete rpl_nf_ct_delete #endif /* HAVE_NF_CONN_TIMER */ +#ifndef HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE +static inline unsigned int +rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) +{ + return nf_conntrack_in(state->net, state->pf, state->hook, skb); +} +#define nf_conntrack_in rpl_nf_conntrack_in +#endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */ + #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */ From patchwork Wed May 8 23:59:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yifeng Sun X-Patchwork-Id: 1097288 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NkSdSOs0"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44ztl61mXWz9s9y for ; Thu, 9 May 2019 10:00:18 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id BBBA3EE7; Wed, 8 May 2019 23:59:38 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 1CDF7EA8 for ; Wed, 8 May 2019 23:59:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5E54F1FB for ; Wed, 8 May 2019 23:59:34 +0000 (UTC) Received: by mail-pl1-f193.google.com with SMTP id y3so188189plp.0 for ; Wed, 08 May 2019 16:59:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wHDE2gr17Gg6Y2CCntXv3llojR7rIJd355G/MFTxNDA=; b=NkSdSOs0gQqFAVhoqhDRTIDLor/d1eJ1EVYp/+kRI/PxHWqeo7jVE8JHdNOEXHhPl4 McpUPJvwCj+YU8DuIYHwqz9LIY9h962SJ2JD7jbtCPPSXZ+W3/SPfqaUz06YKDxxfndR HcdTIXwA+evASeaz6rhksp/APPqIRaI6T0sRxFWHjICHsohws1wZANmKUTZGvamRRM/s mtDNUQaBTQIKGNG2PJj6dXnkfMejqYVHXgR2TvoRtmqUpwZjZV+YEgKLF3rff8fjTMCD 1wNzT42kffDtQMmLOyEbwtatCieYxH4Ls9htlIVwZgFw4nBpPeY4zogZ0l7MM0cLCAGj Yp/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wHDE2gr17Gg6Y2CCntXv3llojR7rIJd355G/MFTxNDA=; b=m65C9OZ5bEyERVgpB8yO7FgJJX6Ps/eXcg5LScv77NPw3N0EHt9twvfrWE1SfLERB2 TEfZWORzWrMxur6cC4zX3s1Lyg4y7GF402CyJRjc2wcBo+2dyDIbw8baN5CDNundRX6/ hhPlF45/sDVrh7er7PFimOkYxFVpZEs84X+8ldwIaVVPTlLoCJZao1XDfC6QirNFhDm6 2GpkgHNMjTA3Q818jMI+GAX3jWuBsicxTsNgVVwG0O2EIkhWhKD814uAuH2kAzwYt+oA u4k5JU44Tt086z+JWJuWIwkG9wlKkjTIoGOSLSqHf73H1fYtBlwkzI/YC+cvfUQ2ODyV RHSA== X-Gm-Message-State: APjAAAXJ2Ipd+v0rd8vmM/HGL9WB0Vj7qFDspB9Qj8kXF3a523vsTvvN 5z7OUvFDpuQdQY8m+BDqLgw32K1l X-Google-Smtp-Source: APXvYqwC9PuoigbpYmHp6o33ZHb/XIYtHG8AMD/ZyyC3TufJATvQDqHvKIIY77JC1Zqd/GzhqFVegg== X-Received: by 2002:a17:902:7084:: with SMTP id z4mr764802plk.259.1557359973699; Wed, 08 May 2019 16:59:33 -0700 (PDT) Received: from kern417.eng.vmware.com ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id a26sm488669pfl.177.2019.05.08.16.59.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 May 2019 16:59:32 -0700 (PDT) From: Yifeng Sun To: dev@openvswitch.org Date: Wed, 8 May 2019 16:59:06 -0700 Message-Id: <1557359946-29077-2-git-send-email-pkusunyifeng@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1557359946-29077-1-git-send-email-pkusunyifeng@gmail.com> References: <1557359946-29077-1-git-send-email-pkusunyifeng@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Florian Westphal Subject: [ovs-dev] [PATCH 3/7 v2] datapath: Use new header file net/ipv6_frag.h X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Florian Westphal Upstream commit: commit 70b095c84326640eeacfd69a411db8fc36e8ab1a Author: Florian Westphal Date: Sat Jul 14 01:14:01 2018 +0200 ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module IPV6=m DEFRAG_IPV6=m CONNTRACK=y yields: net/netfilter/nf_conntrack_proto.o: In function `nf_ct_netns_do_get': net/netfilter/nf_conntrack_proto.c:802: undefined reference to `nf_defrag_ipv6_enable' net/netfilter/nf_conntrack_proto.o:(.rodata+0x640): undefined reference to `nf_conntrack_l4proto_icmpv6' Setting DEFRAG_IPV6=y causes undefined references to ip6_rhash_params ip6_frag_init and ip6_expire_frag_queue so it would be needed to force IPV6=y too. This patch gets rid of the 'followup linker error' by removing the dependency of ipv6.ko symbols from netfilter ipv6 defrag. Shared code is placed into a header, then used from both. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso This patch backports the above upstream patch to OVS. Cc: Florian Westphal Signed-off-by: Yifeng Sun Acked-by: Yi-Hung Wei --- v1->v2: Fixed by YiHung's comments, thanks YiHung! acinclude.m4 | 2 ++ datapath/conntrack.c | 1 + datapath/linux/Modules.mk | 1 + datapath/linux/compat/include/net/ipv6_frag.h | 8 ++++++++ 4 files changed, 12 insertions(+) create mode 100644 datapath/linux/compat/include/net/ipv6_frag.h diff --git a/acinclude.m4 b/acinclude.m4 index 372be5f4dccd..4f9aebc325ba 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -934,6 +934,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ OVS_FIND_PARAM_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_core.h], [nf_conntrack_in], [nf_hook_state], [OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])]) + OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN], + [OVS_DEFINE([HAVE_IPV6_FRAG_H])]) if cmp -s datapath/linux/kcompat.h.new \ datapath/linux/kcompat.h >/dev/null 2>&1; then diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 8c1a80308d6a..52825a6b20fb 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -31,6 +31,7 @@ #include #include #include +#include #ifdef CONFIG_NF_NAT_NEEDED #include diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk index ae63e3653b41..cbb29f1c69d0 100644 --- a/datapath/linux/Modules.mk +++ b/datapath/linux/Modules.mk @@ -86,6 +86,7 @@ openvswitch_headers += \ linux/compat/include/net/ip6_route.h \ linux/compat/include/net/ip6_tunnel.h \ linux/compat/include/net/ipv6.h \ + linux/compat/include/net/ipv6_frag.h \ linux/compat/include/net/mpls.h \ linux/compat/include/net/net_namespace.h \ linux/compat/include/net/netlink.h \ diff --git a/datapath/linux/compat/include/net/ipv6_frag.h b/datapath/linux/compat/include/net/ipv6_frag.h new file mode 100644 index 000000000000..5d1cc901bec1 --- /dev/null +++ b/datapath/linux/compat/include/net/ipv6_frag.h @@ -0,0 +1,8 @@ +#ifndef __NET_IPV6_FRAG_WRAPPER_H +#define __NET_IPV6_FRAG_WRAPPER_H + +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) && defined(HAVE_IPV6_FRAG_H) +#include_next +#endif + +#endif /* __NET_IPV6_FRAG_WRAPPER_H */