From patchwork Wed Feb  7 16:28:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1896215
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=jILQ9VW0;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TVQY13RSmz23gM
	for <incoming@patchwork.ozlabs.org>; Thu,  8 Feb 2024 03:28:53 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id BE7BD6144C;
	Wed,  7 Feb 2024 16:28:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
	by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8-sZf6k9qq-7; Wed,  7 Feb 2024 16:28:50 +0000 (UTC)
X-Comment: SPF check N/A for local connections -
 client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org AFD4D6143B
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=jILQ9VW0
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp3.osuosl.org (Postfix) with ESMTPS id AFD4D6143B;
	Wed,  7 Feb 2024 16:28:50 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 7B76CC0077;
	Wed,  7 Feb 2024 16:28:50 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 56144C0037
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 4548340179
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id O2XfBvedT4FJ for <ovs-dev@openvswitch.org>;
 Wed,  7 Feb 2024 16:28:48 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org F1E2F400CB
Authentication-Results: smtp2.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org F1E2F400CB
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=jILQ9VW0
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp2.osuosl.org (Postfix) with ESMTPS id F1E2F400CB
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1707323326;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=Z32er1/iyMdnUWgdND6kNRF2yjmjGX6apWtj622fA88=;
 b=jILQ9VW0YCw3DkkOd2N2zkOB1rGS469R8eT/Yw9YLQz0kIPwBpZl/myhm/qUEfDGG1Xjsk
 rcVoekiOCWfD+CTm6D6zaNKRaK4qH0783HgsXANCC8Nqc/JXA2FJ/I8Ir87kVN51WohDm6
 t7UYhr1fUsVlA9gGGMHw26CVuP0Y/ro=
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-642-946NtRU-OR66pnWUUehm-Q-1; Wed, 07 Feb 2024 11:28:45 -0500
X-MC-Unique: 946NtRU-OR66pnWUUehm-Q-1
Received: by mail-ej1-f71.google.com with SMTP id
 a640c23a62f3a-a2777fdf6d4so25106466b.0
 for <ovs-dev@openvswitch.org>; Wed, 07 Feb 2024 08:28:45 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1707323323; x=1707928123;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=Z32er1/iyMdnUWgdND6kNRF2yjmjGX6apWtj622fA88=;
 b=nSOudAg36BToPgss5+DpaPJy7U640YWgKZehuMJl2neoGaOLAi4DCOghNmeprXpGcK
 TWKmhDoxN0vTxjjFkEIhRtMO2zQ+wf9HnCvfOVoDtYBzdYEzzyTTw+bSmiDKMpfmvphq
 VxB8GgatkkvxCu8903D/0BqUA93NO42KTa2p6QE8mI3SFEsv2Vvot4OjnVI6IVlr6anc
 WA0XtifHZF3WRuUEXu+YqGCRrNwmG8yrdFuTGIiaobyYOcfXzHUkU3GtzYb7LJG6sKxm
 1RBeJhS38ogqoazbMfmOmiig0mVzuyXht9xjQaE8R2t/Bm72VLn7hXJ3SQmpfndwUG5j
 iUSA==
X-Gm-Message-State: AOJu0YwnnSS85u66zwuJ5aeBAUL2jufPrsymR/US2SiwjNBWOiA5WgLE
 WXFezj6SM+WvHJvKKjB/WjyCBjb4/I/GFqhwMdCSS2rRn4uIEsoVZ94Lffgbtvm0+xM9mXiKxet
 F+nckL0SOi6TbaRBLZNG9QcxC6yU52xsVJft7/6znxobPkgnkkX0gmuAJ7WWMS/7vveT2QKT9cL
 P4Mjz52kZdPdjuG+T5S3wY9moQPnOYx84ChcNYtLY=
X-Received: by 2002:a17:907:7e9b:b0:a38:4eae:b129 with SMTP id
 qb27-20020a1709077e9b00b00a384eaeb129mr3579576ejc.3.1707323323383;
 Wed, 07 Feb 2024 08:28:43 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEEm29yEqhsxhL1OPwMh3hvGjhanPDjuAT0BRxBKTY42r517ohqVJQfccAqANRD9kqXAtgKUQ==
X-Received: by 2002:a17:907:7e9b:b0:a38:4eae:b129 with SMTP id
 qb27-20020a1709077e9b00b00a384eaeb129mr3579562ejc.3.1707323322983;
 Wed, 07 Feb 2024 08:28:42 -0800 (PST)
Received: from localhost ([37.183.153.57]) by smtp.gmail.com with ESMTPSA id
 vu6-20020a170907a64600b00a389d9101c6sm214536ejc.224.2024.02.07.08.28.42
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Feb 2024 08:28:42 -0800 (PST)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Wed,  7 Feb 2024 17:28:31 +0100
Message-ID: <20240207162833.1408714-1-pvalerio@redhat.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 1/2] conntrack: Handle random selection for port
	ranges.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The userspace conntrack only supported hash for port selection.
With the patch, both userspace and kernel datapath support the random
flag.

The default behavior remains the same, that is, if no flags are
specified, hash is selected.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 Documentation/ref/ovs-actions.7.rst |  3 +--
 NEWS                                |  3 +++
 lib/conntrack.c                     | 15 ++++++++-------
 lib/conntrack.h                     |  5 +++++
 lib/dpif-netdev.c                   |  4 +++-
 5 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/Documentation/ref/ovs-actions.7.rst b/Documentation/ref/ovs-actions.7.rst
index 36adcc5db..80acd9070 100644
--- a/Documentation/ref/ovs-actions.7.rst
+++ b/Documentation/ref/ovs-actions.7.rst
@@ -1551,8 +1551,7 @@ following arguments:
         should be selected. When a port range is specified, fallback to
         ephemeral ports does not happen, else, it will.  The port number
         selection can be informed by the optional ``random`` and ``hash`` flags
-        described below.  The userspace datapath only supports the ``hash``
-        behavior.
+        described below.
 
     The optional *flags* are:
 
diff --git a/NEWS b/NEWS
index a6617546c..93046b963 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
 Post-v3.3.0
 --------------------
+   - Userspace datapath:
+     * Conntrack now supports 'random' flag for selecting ports in a range
+       while natting.
 
 
 v3.3.0 - xx xxx xxxx
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 013709bd6..e09ecdf33 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2222,7 +2222,7 @@ nat_range_hash(const struct conn_key *key, uint32_t basis,
 /* Ports are stored in host byte order for convenience. */
 static void
 set_sport_range(const struct nat_action_info_t *ni, const struct conn_key *k,
-                uint32_t hash, uint16_t *curr, uint16_t *min,
+                uint32_t off, uint16_t *curr, uint16_t *min,
                 uint16_t *max)
 {
     if (((ni->nat_action & NAT_ACTION_SNAT_ALL) == NAT_ACTION_SRC) ||
@@ -2241,19 +2241,19 @@ set_sport_range(const struct nat_action_info_t *ni, const struct conn_key *k,
     } else {
         *min = ni->min_port;
         *max = ni->max_port;
-        *curr = *min + (hash % ((*max - *min) + 1));
+        *curr =  *min + (off % ((*max - *min) + 1));
     }
 }
 
 static void
 set_dport_range(const struct nat_action_info_t *ni, const struct conn_key *k,
-                uint32_t hash, uint16_t *curr, uint16_t *min,
+                uint32_t off, uint16_t *curr, uint16_t *min,
                 uint16_t *max)
 {
     if (ni->nat_action & NAT_ACTION_DST_PORT) {
         *min = ni->min_port;
         *max = ni->max_port;
-        *curr = *min + (hash % ((*max - *min) + 1));
+        *curr = *min + (off % ((*max - *min) + 1));
     } else {
         *curr = ntohs(k->dst.port);
         *min = *max = *curr;
@@ -2388,18 +2388,19 @@ nat_get_unique_tuple(struct conntrack *ct, struct conn *conn,
                      fwd_key->nw_proto == IPPROTO_SCTP;
     uint16_t min_dport, max_dport, curr_dport;
     uint16_t min_sport, max_sport, curr_sport;
-    uint32_t hash;
+    uint32_t hash, port_off;
 
     hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
+    port_off = nat_info->nat_flags & NAT_RANGE_RANDOM ? random_uint32() : hash;
     min_addr = nat_info->min_addr;
     max_addr = nat_info->max_addr;
 
     find_addr(fwd_key, &min_addr, &max_addr, &addr, hash,
               (fwd_key->dl_type == htons(ETH_TYPE_IP)), nat_info);
 
-    set_sport_range(nat_info, fwd_key, hash, &curr_sport,
+    set_sport_range(nat_info, fwd_key, port_off, &curr_sport,
                     &min_sport, &max_sport);
-    set_dport_range(nat_info, fwd_key, hash, &curr_dport,
+    set_dport_range(nat_info, fwd_key, port_off, &curr_dport,
                     &min_dport, &max_dport);
 
     if (pat_proto) {
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 0a888be45..9b0c6aa88 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -77,12 +77,17 @@ enum nat_action_e {
     NAT_ACTION_DST_PORT = 1 << 3,
 };
 
+enum nat_flags_e {
+    NAT_RANGE_RANDOM = 1 << 0,
+};
+
 struct nat_action_info_t {
     union ct_addr min_addr;
     union ct_addr max_addr;
     uint16_t min_port;
     uint16_t max_port;
     uint16_t nat_action;
+    uint16_t nat_flags;
 };
 
 struct conntrack *conntrack_init(void);
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c1981137f..c3334c667 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -9409,9 +9409,11 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
                             nl_attr_get_u16(b_nest);
                         proto_num_max_specified = true;
                         break;
+                    case OVS_NAT_ATTR_PROTO_RANDOM:
+                        nat_action_info.nat_flags |= NAT_RANGE_RANDOM;
+                        break;
                     case OVS_NAT_ATTR_PERSISTENT:
                     case OVS_NAT_ATTR_PROTO_HASH:
-                    case OVS_NAT_ATTR_PROTO_RANDOM:
                         break;
                     case OVS_NAT_ATTR_UNSPEC:
                     case __OVS_NAT_ATTR_MAX:

From patchwork Wed Feb  7 16:28:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1896216
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=YyTSE6Pk;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TVQY408Qbz23gM
	for <incoming@patchwork.ozlabs.org>; Thu,  8 Feb 2024 03:28:55 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id D55A141D9E;
	Wed,  7 Feb 2024 16:28:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
	by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id V1Acb-eZOemJ; Wed,  7 Feb 2024 16:28:52 +0000 (UTC)
X-Comment: SPF check N/A for local connections -
 client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7BF494021B
Authentication-Results: smtp4.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=YyTSE6Pk
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp4.osuosl.org (Postfix) with ESMTPS id 7BF494021B;
	Wed,  7 Feb 2024 16:28:52 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 50CD4C0077;
	Wed,  7 Feb 2024 16:28:52 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id F3CF6C0077
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id CE9E340179
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1YUI86sd9ZLz for <ovs-dev@openvswitch.org>;
 Wed,  7 Feb 2024 16:28:49 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org A62ED400CB
Authentication-Results: smtp2.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org A62ED400CB
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=YyTSE6Pk
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by smtp2.osuosl.org (Postfix) with ESMTPS id A62ED400CB
 for <ovs-dev@openvswitch.org>; Wed,  7 Feb 2024 16:28:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1707323328;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=cxELZJbgv3TIIWSNlgGrwOurkJmtaOHKCJ8tdeFsEFw=;
 b=YyTSE6Pkhsan5OoqQM/7tA4UWVoU2TEd0yphzhpfexUJVg5ZTJwUO5Lfn7NyJn60TwUYFz
 uLH/l/5Mvykq910KFtOjaSL5AcAh35VUoGgsFPGJBw5q6mT8ljn1PJQUAo7gOoIHPcNK4t
 aLIuDCRN75EAGB2+kjahgzUEWbt9+n0=
Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com
 [209.85.208.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-124-sdUZGVPGMludFrkHHMapIw-1; Wed, 07 Feb 2024 11:28:47 -0500
X-MC-Unique: sdUZGVPGMludFrkHHMapIw-1
Received: by mail-lj1-f198.google.com with SMTP id
 38308e7fff4ca-2d0ab1576d6so2151751fa.1
 for <ovs-dev@openvswitch.org>; Wed, 07 Feb 2024 08:28:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1707323325; x=1707928125;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=cxELZJbgv3TIIWSNlgGrwOurkJmtaOHKCJ8tdeFsEFw=;
 b=JFuZGHjdTPMan+Ebl3fxTHrOr6Q91uT/eS6nAM8cvA23mlkwzcgbnGuNfdJHOo7Zlh
 +Xof3PLkUYY++38UK+yuSXhRl28UfMBcJ7H9NdH7areoJAO18Z90nuQmhxt5nBibC7EG
 s1dZrRI6B5G4V8owuqTobHEr/qCpngVBTOK4a8EbIvKRWJ8afr2BEnsaNY7iEDtFP6pW
 nbJYyZnDlblR6NGyjl0/XL9l2B+vOG4tbeaHLwnu7/BTfoMsnb5E6wlsXeCM1GMdYsxr
 hZWIKO6UHiOjaHAhO5axhvPo9z0lOeVTYynf7LGX7dzJ1oJGsiDIkDKIVWw7YMyXhZ+E
 Qx1g==
X-Gm-Message-State: AOJu0YwW6Vq8kslSRfc2HMvst8RYgkQzsPY9lxzZHfn0hF0feOr/HC30
 a9uIZiUa3pj/gwEBCkHp7i9+hlJTbFljE5kCIxFb42zc7DTW6+fMN5Fzo70t/ENW0d+xL+dFbs+
 5QCMbAuBELjFR2XQ+PIxa0ZlcimFmcQi5rqeaohDpRaPPHX1yTnQYsGnAAGYkKVdK3DB3un7AtR
 SRoOlXrX7nskUHN8Sgxv7TYkOzJUtmcFwuEAJqr0M=
X-Received: by 2002:a2e:9784:0:b0:2d0:953f:f317 with SMTP id
 y4-20020a2e9784000000b002d0953ff317mr4148876lji.3.1707323325682;
 Wed, 07 Feb 2024 08:28:45 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEutzCfKAiJE1+6M2S16y0EVmnrpv27ZBWqSC8krlkEqoJFyI7sCTKUVif0jbH+CaODRHRbBQ==
X-Received: by 2002:a2e:9784:0:b0:2d0:953f:f317 with SMTP id
 y4-20020a2e9784000000b002d0953ff317mr4148857lji.3.1707323325282;
 Wed, 07 Feb 2024 08:28:45 -0800 (PST)
Received: from localhost ([37.183.153.57]) by smtp.gmail.com with ESMTPSA id
 a1-20020a508581000000b0056039d9f8cesm803850edh.21.2024.02.07.08.28.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Feb 2024 08:28:44 -0800 (PST)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Wed,  7 Feb 2024 17:28:32 +0100
Message-ID: <20240207162833.1408714-2-pvalerio@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240207162833.1408714-1-pvalerio@redhat.com>
References: <20240207162833.1408714-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH 2/2] conntrack: Handle persistent selection for IP
	addresses.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The patch, when 'persistent' flag is specified, makes the IP selection
in a range persistent across reboots.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 NEWS              |  3 ++-
 lib/conntrack.c   | 26 ++++++++++++++++++++++----
 lib/conntrack.h   |  1 +
 lib/dpif-netdev.c |  2 ++
 4 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 93046b963..0c86bba81 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ Post-v3.3.0
 --------------------
    - Userspace datapath:
      * Conntrack now supports 'random' flag for selecting ports in a range
-       while natting.
+       while natting and 'persistent' flag for selection of the IP address
+       from a range.
 
 
 v3.3.0 - xx xxx xxxx
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e09ecdf33..e085ddee9 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2202,17 +2202,21 @@ nat_range_hash(const struct conn_key *key, uint32_t basis,
 {
     uint32_t hash = basis;
 
+    if (!basis) {
+        hash = ct_addr_hash_add(hash, &key->src.addr);
+    } else {
+        hash = ct_endpoint_hash_add(hash, &key->src);
+        hash = ct_endpoint_hash_add(hash, &key->dst);
+    }
+
     hash = ct_addr_hash_add(hash, &nat_info->min_addr);
     hash = ct_addr_hash_add(hash, &nat_info->max_addr);
     hash = hash_add(hash,
                     ((uint32_t) nat_info->max_port << 16)
                     | nat_info->min_port);
-    hash = ct_endpoint_hash_add(hash, &key->src);
-    hash = ct_endpoint_hash_add(hash, &key->dst);
     hash = hash_add(hash, (OVS_FORCE uint32_t) key->dl_type);
     hash = hash_add(hash, key->nw_proto);
     hash = hash_add(hash, key->zone);
-
     /* The purpose of the second parameter is to distinguish hashes of data of
      * different length; our data always has the same length so there is no
      * value in counting. */
@@ -2386,12 +2390,26 @@ nat_get_unique_tuple(struct conntrack *ct, struct conn *conn,
     bool pat_proto = fwd_key->nw_proto == IPPROTO_TCP ||
                      fwd_key->nw_proto == IPPROTO_UDP ||
                      fwd_key->nw_proto == IPPROTO_SCTP;
+    uint32_t hash, port_off, basis = ct->hash_basis;
     uint16_t min_dport, max_dport, curr_dport;
     uint16_t min_sport, max_sport, curr_sport;
-    uint32_t hash, port_off;
 
     hash = nat_range_hash(fwd_key, ct->hash_basis, nat_info);
     port_off = nat_info->nat_flags & NAT_RANGE_RANDOM ? random_uint32() : hash;
+
+    if (nat_info->nat_flags & NAT_PERSISTENT) {
+        basis = 0;
+    }
+
+    hash = nat_range_hash(fwd_key, basis, nat_info);
+
+    if (nat_info->nat_flags & NAT_RANGE_RANDOM) {
+        port_off = random_uint16();
+    } else {
+        port_off =
+            basis ? hash : nat_range_hash(fwd_key, ct->hash_basis, nat_info);
+    }
+
     min_addr = nat_info->min_addr;
     max_addr = nat_info->max_addr;
 
diff --git a/lib/conntrack.h b/lib/conntrack.h
index 9b0c6aa88..ee7da099e 100644
--- a/lib/conntrack.h
+++ b/lib/conntrack.h
@@ -79,6 +79,7 @@ enum nat_action_e {
 
 enum nat_flags_e {
     NAT_RANGE_RANDOM = 1 << 0,
+    NAT_PERSISTENT = 1 << 1,
 };
 
 struct nat_action_info_t {
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c3334c667..fbf7ccabd 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -9413,6 +9413,8 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
                         nat_action_info.nat_flags |= NAT_RANGE_RANDOM;
                         break;
                     case OVS_NAT_ATTR_PERSISTENT:
+                        nat_action_info.nat_flags |= NAT_PERSISTENT;
+                        break;
                     case OVS_NAT_ATTR_PROTO_HASH:
                         break;
                     case OVS_NAT_ATTR_UNSPEC: