From: Simon Horman <horms@kernel.org>
To: Xin Long <lucien.xin@gmail.com>
Cc: network dev <netdev@vger.kernel.org>,
davem@davemloft.net, kuba@kernel.org,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jiri Pirko <jiri@resnulli.us>, Paul Blakey <paulb@mellanox.com>,
Yossi Kuperman <yossiku@mellanox.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Subject: Re: [PATCH net] sched: act_ct: add netns into the key of tcf_ct_flow_table
Date: Tue, 18 Jun 2024 10:04:25 +0100 [thread overview]
Message-ID: <20240618090425.GG8447@kernel.org> (raw)
In-Reply-To: <1db5b6cc6902c5fc6f8c6cbd85494a2008087be5.1718488050.git.lucien.xin@gmail.com>
On Sat, Jun 15, 2024 at 05:47:30PM -0400, Xin Long wrote:
> zones_ht is a global hashtable for flow_table with zone as key. However,
> it does not consider netns when getting a flow_table from zones_ht in
> tcf_ct_init(), and it means an act_ct action in netns A may get a
> flow_table that belongs to netns B if it has the same zone value.
>
> In Shuang's test with the TOPO:
>
> tcf2_c <---> tcf2_sw1 <---> tcf2_sw2 <---> tcf2_s
>
> tcf2_sw1 and tcf2_sw2 saw the same flow and used the same flow table,
> which caused their ct entries entering unexpected states and the
> TCP connection not able to end normally.
>
> This patch fixes the issue simply by adding netns into the key of
> tcf_ct_flow_table so that an act_ct action gets a flow_table that
> belongs to its own netns in tcf_ct_init().
>
> Note that for easy coding we don't use tcf_ct_flow_table.nf_ft.net,
> as the ct_ft is initialized after inserting it to the hashtable in
> tcf_ct_flow_table_get() and also it requires to implement several
> functions in rhashtable_params including hashfn, obj_hashfn and
> obj_cmpfn.
>
> Fixes: 64ff70b80fd4 ("net/sched: act_ct: Offload established connections to flow table")
> Reported-by: Shuang Li <shuali@redhat.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
next prev parent reply other threads:[~2024-06-18 9:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-15 21:47 [PATCH net] sched: act_ct: add netns into the key of tcf_ct_flow_table Xin Long
2024-06-18 9:04 ` Simon Horman [this message]
2024-06-18 13:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240618090425.GG8447@kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=paulb@mellanox.com \
--cc=xiyou.wangcong@gmail.com \
--cc=yossiku@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).