From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Guy Shattah <sguy@mellanox.com>,
Marcelo Leitner <mleitner@redhat.com>,
Aaron Conole <aconole@redhat.com>,
John Hurley <john.hurley@netronome.com>,
Simon Horman <simon.horman@netronome.com>,
Justin Pettit <jpettit@ovn.org>,
Gregory Rose <gvrose8192@gmail.com>,
Eelco Chaudron <echaudro@redhat.com>,
Flavio Leitner <fbl@redhat.com>,
Florian Westphal <fwestpha@redhat.com>,
Jiri Pirko <jiri@resnulli.us>, Rashid Khan <rkhan@redhat.com>,
Sushil Kulkarni <sukulkar@redhat.com>,
Andy Gospodarek <andrew.gospodarek@broadcom.com>,
Roi Dayan <roid@mellanox.com>,
Yossi Kuperman <yossiku@mellanox.com>,
Or Gerlitz <ogerlitz@mellanox.com>,
Rony Efraim <ronye@mellanox.com>,
"davem@davemloft.net" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: [RFC PATCH 6/6] net/sched: act_ct: allow sending a packet through conntrack multiple times
Date: Fri, 25 Jan 2019 00:32:35 -0200 [thread overview]
Message-ID: <cbc057d0e7f7cf630beb0b630faf27732ce458a5.1548285996.git.mleitner@redhat.com> (raw)
In-Reply-To: <cover.1548285996.git.mleitner@redhat.com>
The first time it may use conntrack to track the tunnel information,
then jump into another chain, and go through conntrack again so that
the inner header is tracked.
This commit clears previous conntrack info if any so that we can
submit it to conntrack again.
Header offsets are supposed to be updated by the decapsulating action.
The main difference from just adding another act_ct(clear) action is that
the clear flag also sets the UNTRACKED mark in the packet (like OvS does).
Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
---
net/sched/act_ct.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 77d55c05ed95d8abc8c35a3d19f453a586139914..6e446db3bcdda772dbe1090d5c584156f6cc59eb 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -196,16 +196,19 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
if (unlikely(action == TC_ACT_SHOT))
goto drop;
- if (flags & BIT(TC_CT_CLEAR)) {
- new_ct = nf_ct_get(skb, &ctinfo);
- if (new_ct) {
- if (nf_ct_is_confirmed(new_ct))
- nf_ct_delete(new_ct, 0, 0);
+ new_ct = nf_ct_get(skb, &ctinfo);
+ if (new_ct) {
+ if (nf_ct_is_confirmed(new_ct))
+ nf_ct_delete(new_ct, 0, 0);
- nf_conntrack_put(&new_ct->ct_general);
+ nf_conntrack_put(&new_ct->ct_general);
+
+ if (flags & BIT(TC_CT_CLEAR)) {
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
goto out;
}
+
+ nf_ct_set(skb, NULL, 0);
}
/* FIXME: For when we support cloning the packet
@@ -218,7 +221,6 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
skb_pull_rcsum(skb, nh_ofs);
/* FIXME: OvS trims the packet here. Should we? */
- /* FIXME: Need to handle multiple calls to CT action here. */
if (ct)
nf_ct_set(skb, ct, IP_CT_NEW);
--
2.20.1
next prev parent reply other threads:[~2019-01-25 2:33 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-23 11:29 [RFC] Connection Tracking Offload netdev RFC v1.0, part 1/2: command line + implementation Guy Shattah
2019-01-25 2:32 ` [RFC PATCH 0/6] Initial, PoC implementation of sw datapath of tc+CT Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 1/6] flow_dissector: add support for matching on ConnTrack Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 2/6] net/sched: flower: " Marcelo Ricardo Leitner
2019-01-25 13:37 ` Simon Horman
2019-01-26 15:52 ` Marcelo Ricardo Leitner
2019-01-28 9:44 ` Simon Horman
2019-01-28 12:55 ` Marcelo Ricardo Leitner
2019-01-28 13:02 ` Florian Westphal
2019-01-25 2:32 ` [RFC PATCH 3/6] net/sched: add CT action Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 4/6] net/sched: act_ct: add support for force flag Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 5/6] net/sched: act_ct: add support for clear flag Marcelo Ricardo Leitner
2019-01-25 2:32 ` Marcelo Ricardo Leitner [this message]
2019-01-25 2:33 ` [RFC PATCH iproute2 0/5] Initial, PoC implementation of sw datapath of tc+CT Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 1/5] flower: add support for CT fields Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 2/5] act_ct: first import Marcelo Ricardo Leitner
2019-02-05 22:56 ` Stephen Hemminger
2019-02-06 0:09 ` Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 3/5] act_ct: add support for commit flag Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 4/5] act/ct: add support for force flag Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 5/5] act/ct: add support for clear flag Marcelo Ricardo Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cbc057d0e7f7cf630beb0b630faf27732ce458a5.1548285996.git.mleitner@redhat.com \
--to=mleitner@redhat.com \
--cc=aconole@redhat.com \
--cc=andrew.gospodarek@broadcom.com \
--cc=davem@davemloft.net \
--cc=echaudro@redhat.com \
--cc=fbl@redhat.com \
--cc=fwestpha@redhat.com \
--cc=gvrose8192@gmail.com \
--cc=jiri@resnulli.us \
--cc=john.hurley@netronome.com \
--cc=jpettit@ovn.org \
--cc=netdev@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=rkhan@redhat.com \
--cc=roid@mellanox.com \
--cc=ronye@mellanox.com \
--cc=sguy@mellanox.com \
--cc=simon.horman@netronome.com \
--cc=sukulkar@redhat.com \
--cc=yossiku@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).