[PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Flavio Leitner <fbl@redhat.com>
To: netdev@vger.kernel.org
Cc: Joe Stringer <joe@ovn.org>, Pravin B Shelar <pshelar@ovn.org>,
	dev@openvswitch.org, netfilter-devel@vger.kernel.org,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper.
Date: Sat, 13 Apr 2019 20:17:16 -0300	[thread overview]
Message-ID: <20190413231716.28711-9-fbl@redhat.com> (raw)
In-Reply-To: <20190413231716.28711-1-fbl@redhat.com>

This improves the original commit 17c357efe5ec ("openvswitch: load
NAT helper") where it unconditionally tries to load the module for
every flow using NAT, so not efficient when loading multiple flows.
It also doesn't hold any references to the NAT module while the
flow is active.

This change fixes those problems. It will try to load the module
only if it's not present. It grabs a reference to the NAT module
and holds it while the flow is active. Finally, an error message
shows up if either actions above fails.

Fixes: 17c357efe5ec ("openvswitch: load NAT helper")
Signed-off-by: Flavio Leitner <fbl@redhat.com>
---
 net/openvswitch/conntrack.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

 V2
   - updated with new functions names.

diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 0be3ab5bde26..c4dad6d8869b 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -1307,6 +1307,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
 {
 	struct nf_conntrack_helper *helper;
 	struct nf_conn_help *help;
+	int ret = 0;
 
 	helper = nf_conntrack_helper_try_module_get(name, info->family,
 						    key->ip.proto);
@@ -1321,13 +1322,21 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
 		return -ENOMEM;
 	}
 
+#ifdef CONFIG_NF_NAT_NEEDED
+	if (info->nat) {
+		ret = nf_nat_helper_try_module_get(name, info->family,
+						   key->ip.proto);
+		if (ret) {
+			nf_conntrack_helper_put(helper);
+			OVS_NLERR(log, "Failed to load \"%s\" NAT helper, err: %d",
+				  name, ret);
+			return ret;
+		}
+	}
+#endif
 	rcu_assign_pointer(help->helper, helper);
 	info->helper = helper;
-
-	if (info->nat)
-		request_module("ip_nat_%s", name);
-
-	return 0;
+	return ret;
 }
 
 #ifdef CONFIG_NF_NAT_NEEDED
@@ -1801,8 +1810,13 @@ void ovs_ct_free_action(const struct nlattr *a)
 
 static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info)
 {
-	if (ct_info->helper)
+	if (ct_info->helper) {
+#ifdef CONFIG_NF_NAT_NEEDED
+		if (ct_info->nat)
+			nf_nat_helper_put(ct_info->helper);
+#endif
 		nf_conntrack_helper_put(ct_info->helper);
+	}
 	if (ct_info->ct) {
 		if (ct_info->timeout[0])
 			nf_ct_destroy_timeout(ct_info->ct);
-- 
2.20.1

     prev parent reply	other threads:[~2019-04-13 23:17 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-13 23:17 [PATCH net-next v2 0/8] openvswitch: load and reference the NAT helper Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 1/8] netfilter: use macros to create module aliases Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 2/8] netfilter: add API to manage NAT helpers Flavio Leitner
2019-04-15  5:48   ` Pablo Neira Ayuso
2019-04-15 14:04     ` Flavio Leitner
2019-04-15  5:50   ` Pablo Neira Ayuso
2019-04-15 14:05     ` Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 3/8] netfilter: nf_nat: register amanda NAT helper Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 4/8] netfilter: nf_nat: register ftp " Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 5/8] netfilter: nf_nat: register irc " Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 6/8] netfilter: nf_nat: register sip " Flavio Leitner
2019-04-13 23:17 ` [PATCH net-next v2 7/8] netfilter: nf_nat: register tftp " Flavio Leitner
2019-04-13 23:17 ` Flavio Leitner [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0be3ab5bde2 dfblob:c4dad6d8869 )
 OR (
bs:"[PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190413231716.28711-9-fbl@redhat.com \
    --to=fbl@redhat.com \
    --cc=dev@openvswitch.org \
    --cc=joe@ovn.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=pshelar@ovn.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).