forked from luck/tmp_suning_uos_patched
openvswitch: add ct_clear action
This adds a ct_clear action for clearing conntrack state. ct_clear is currently implemented in OVS userspace, but is not backed by an action in the kernel datapath. This is useful for flows that may modify a packet tuple after a ct lookup has already occurred. Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
833e0e2f24
commit
b8226962b1
|
@ -807,6 +807,7 @@ struct ovs_action_push_eth {
|
||||||
* packet.
|
* packet.
|
||||||
* @OVS_ACTION_ATTR_POP_ETH: Pop the outermost Ethernet header off the
|
* @OVS_ACTION_ATTR_POP_ETH: Pop the outermost Ethernet header off the
|
||||||
* packet.
|
* packet.
|
||||||
|
* @OVS_ACTION_ATTR_CT_CLEAR: Clear conntrack state from the packet.
|
||||||
*
|
*
|
||||||
* Only a single header can be set with a single %OVS_ACTION_ATTR_SET. Not all
|
* Only a single header can be set with a single %OVS_ACTION_ATTR_SET. Not all
|
||||||
* fields within a header are modifiable, e.g. the IPv4 protocol and fragment
|
* fields within a header are modifiable, e.g. the IPv4 protocol and fragment
|
||||||
|
@ -836,6 +837,7 @@ enum ovs_action_attr {
|
||||||
OVS_ACTION_ATTR_TRUNC, /* u32 struct ovs_action_trunc. */
|
OVS_ACTION_ATTR_TRUNC, /* u32 struct ovs_action_trunc. */
|
||||||
OVS_ACTION_ATTR_PUSH_ETH, /* struct ovs_action_push_eth. */
|
OVS_ACTION_ATTR_PUSH_ETH, /* struct ovs_action_push_eth. */
|
||||||
OVS_ACTION_ATTR_POP_ETH, /* No argument. */
|
OVS_ACTION_ATTR_POP_ETH, /* No argument. */
|
||||||
|
OVS_ACTION_ATTR_CT_CLEAR, /* No argument. */
|
||||||
|
|
||||||
__OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted
|
__OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted
|
||||||
* from userspace. */
|
* from userspace. */
|
||||||
|
|
|
@ -1203,6 +1203,10 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
|
||||||
return err == -EINPROGRESS ? 0 : err;
|
return err == -EINPROGRESS ? 0 : err;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case OVS_ACTION_ATTR_CT_CLEAR:
|
||||||
|
err = ovs_ct_clear(skb, key);
|
||||||
|
break;
|
||||||
|
|
||||||
case OVS_ACTION_ATTR_PUSH_ETH:
|
case OVS_ACTION_ATTR_PUSH_ETH:
|
||||||
err = push_eth(skb, key, nla_data(a));
|
err = push_eth(skb, key, nla_data(a));
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -1129,6 +1129,17 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
|
||||||
|
{
|
||||||
|
if (skb_nfct(skb)) {
|
||||||
|
nf_conntrack_put(skb_nfct(skb));
|
||||||
|
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
|
||||||
|
ovs_ct_fill_key(skb, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
|
static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
|
||||||
const struct sw_flow_key *key, bool log)
|
const struct sw_flow_key *key, bool log)
|
||||||
{
|
{
|
||||||
|
|
|
@ -30,6 +30,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *, struct sk_buff *);
|
||||||
|
|
||||||
int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *,
|
int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *,
|
||||||
const struct ovs_conntrack_info *);
|
const struct ovs_conntrack_info *);
|
||||||
|
int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key);
|
||||||
|
|
||||||
void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key);
|
void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key);
|
||||||
int ovs_ct_put_key(const struct sw_flow_key *swkey,
|
int ovs_ct_put_key(const struct sw_flow_key *swkey,
|
||||||
|
@ -73,6 +74,12 @@ static inline int ovs_ct_execute(struct net *net, struct sk_buff *skb,
|
||||||
return -ENOTSUPP;
|
return -ENOTSUPP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline int ovs_ct_clear(struct sk_buff *skb,
|
||||||
|
struct sw_flow_key *key)
|
||||||
|
{
|
||||||
|
return -ENOTSUPP;
|
||||||
|
}
|
||||||
|
|
||||||
static inline void ovs_ct_fill_key(const struct sk_buff *skb,
|
static inline void ovs_ct_fill_key(const struct sk_buff *skb,
|
||||||
struct sw_flow_key *key)
|
struct sw_flow_key *key)
|
||||||
{
|
{
|
||||||
|
|
|
@ -76,6 +76,7 @@ static bool actions_may_change_flow(const struct nlattr *actions)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case OVS_ACTION_ATTR_CT:
|
case OVS_ACTION_ATTR_CT:
|
||||||
|
case OVS_ACTION_ATTR_CT_CLEAR:
|
||||||
case OVS_ACTION_ATTR_HASH:
|
case OVS_ACTION_ATTR_HASH:
|
||||||
case OVS_ACTION_ATTR_POP_ETH:
|
case OVS_ACTION_ATTR_POP_ETH:
|
||||||
case OVS_ACTION_ATTR_POP_MPLS:
|
case OVS_ACTION_ATTR_POP_MPLS:
|
||||||
|
@ -2528,6 +2529,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
|
||||||
[OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
|
[OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
|
||||||
[OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
|
[OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
|
||||||
[OVS_ACTION_ATTR_CT] = (u32)-1,
|
[OVS_ACTION_ATTR_CT] = (u32)-1,
|
||||||
|
[OVS_ACTION_ATTR_CT_CLEAR] = 0,
|
||||||
[OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
|
[OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
|
||||||
[OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
|
[OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
|
||||||
[OVS_ACTION_ATTR_POP_ETH] = 0,
|
[OVS_ACTION_ATTR_POP_ETH] = 0,
|
||||||
|
@ -2669,6 +2671,9 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
|
||||||
skip_copy = true;
|
skip_copy = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case OVS_ACTION_ATTR_CT_CLEAR:
|
||||||
|
break;
|
||||||
|
|
||||||
case OVS_ACTION_ATTR_PUSH_ETH:
|
case OVS_ACTION_ATTR_PUSH_ETH:
|
||||||
/* Disallow pushing an Ethernet header if one
|
/* Disallow pushing an Ethernet header if one
|
||||||
* is already present */
|
* is already present */
|
||||||
|
|
Loading…
Reference in New Issue
Block a user