nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

net/sched: cls_flower add CT_FLAGS_INVALID flag support

Browse source 
This patch add the TCA_FLOWER_KEY_CT_FLAGS_INVALID flag to
match the ct_state with invalid for conntrack.

Signed-off-by: wenxu <wenxu@ucloud.cn>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Link: https://lore.kernel.org/r/1611045110-682-1-git-send-email-wenxu@ucloud.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
wenxu 2021-01-19 16:31:50 +08:00 committed by Jakub Kicinski
parent d29aee6062
commit 7baf2429a1
7 changed files with 19 additions and 7 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

4
include/linux/skbuff.h
View file

@ -1353,8 +1353,8 @@ void
skb_flow_dissect_ct(const struct sk_buff *skb, skb_flow_dissect_ct(const struct sk_buff *skb,
struct flow_dissector *flow_dissector, struct flow_dissector *flow_dissector,
void *target_container, void *target_container,
u16 *ctinfo_map, u16 *ctinfo_map, size_t mapsize,
size_t mapsize); bool post_ct);
void void
skb_flow_dissect_tunnel_info(const struct sk_buff *skb, skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
struct flow_dissector *flow_dissector, struct flow_dissector *flow_dissector,

1
include/net/sch_generic.h
View file

@ -388,6 +388,7 @@ struct qdisc_skb_cb {
#define QDISC_CB_PRIV_LEN 20 #define QDISC_CB_PRIV_LEN 20
unsigned char data[QDISC_CB_PRIV_LEN]; unsigned char data[QDISC_CB_PRIV_LEN];
u16 mru; u16 mru;
bool post_ct;
}; };
typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv); typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv);

1
include/uapi/linux/pkt_cls.h
View file

@ -591,6 +591,7 @@ enum {
TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED = 1 << 1, /* Part of an existing connection. */ TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED = 1 << 1, /* Part of an existing connection. */
TCA_FLOWER_KEY_CT_FLAGS_RELATED = 1 << 2, /* Related to an established connection. */ TCA_FLOWER_KEY_CT_FLAGS_RELATED = 1 << 2, /* Related to an established connection. */
TCA_FLOWER_KEY_CT_FLAGS_TRACKED = 1 << 3, /* Conntrack has occurred. */ TCA_FLOWER_KEY_CT_FLAGS_TRACKED = 1 << 3, /* Conntrack has occurred. */
TCA_FLOWER_KEY_CT_FLAGS_INVALID = 1 << 4, /* Conntrack is invalid. */
}; };
enum { enum {

2
net/core/dev.c
View file

@ -3878,6 +3878,7 @@ sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev)
/* qdisc_skb_cb(skb)->pkt_len was already set by the caller. */ /* qdisc_skb_cb(skb)->pkt_len was already set by the caller. */
qdisc_skb_cb(skb)->mru = 0; qdisc_skb_cb(skb)->mru = 0;
qdisc_skb_cb(skb)->post_ct = false;
mini_qdisc_bstats_cpu_update(miniq, skb); mini_qdisc_bstats_cpu_update(miniq, skb);
switch (tcf_classify(skb, miniq->filter_list, &cl_res, false)) { switch (tcf_classify(skb, miniq->filter_list, &cl_res, false)) {
@ -4960,6 +4961,7 @@ sch_handle_ingress(struct sk_buff *skb, struct packet_type **pt_prev, int *ret,
qdisc_skb_cb(skb)->pkt_len = skb->len; qdisc_skb_cb(skb)->pkt_len = skb->len;
qdisc_skb_cb(skb)->mru = 0; qdisc_skb_cb(skb)->mru = 0;
qdisc_skb_cb(skb)->post_ct = false;
skb->tc_at_ingress = 1; skb->tc_at_ingress = 1;
mini_qdisc_bstats_cpu_update(miniq, skb); mini_qdisc_bstats_cpu_update(miniq, skb);

13
net/core/flow_dissector.c
View file

@ -237,9 +237,8 @@ skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
void void
skb_flow_dissect_ct(const struct sk_buff *skb, skb_flow_dissect_ct(const struct sk_buff *skb,
struct flow_dissector *flow_dissector, struct flow_dissector *flow_dissector,
void *target_container, void *target_container, u16 *ctinfo_map,
u16 *ctinfo_map, size_t mapsize, bool post_ct)
size_t mapsize)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK) #if IS_ENABLED(CONFIG_NF_CONNTRACK)
struct flow_dissector_key_ct *key; struct flow_dissector_key_ct *key;
@ -251,13 +250,19 @@ skb_flow_dissect_ct(const struct sk_buff *skb,
return; return;
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (!ct) if (!ct && !post_ct)
return; return;
key = skb_flow_dissector_target(flow_dissector, key = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_CT, FLOW_DISSECTOR_KEY_CT,
target_container); target_container);
if (!ct) {
key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
TCA_FLOWER_KEY_CT_FLAGS_INVALID;
return;
}
if (ctinfo < mapsize) if (ctinfo < mapsize)
key->ct_state = ctinfo_map[ctinfo]; key->ct_state = ctinfo_map[ctinfo];
#if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)

1
net/sched/act_ct.c
View file

@ -1030,6 +1030,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
out: out:
tcf_action_update_bstats(&c->common, skb); tcf_action_update_bstats(&c->common, skb);
qdisc_skb_cb(skb)->post_ct = true;
if (defrag) if (defrag)
qdisc_skb_cb(skb)->pkt_len = skb->len; qdisc_skb_cb(skb)->pkt_len = skb->len;
return retval; return retval;

4
net/sched/cls_flower.c
View file

@ -302,6 +302,7 @@ static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
struct tcf_result *res) struct tcf_result *res)
{ {
struct cls_fl_head *head = rcu_dereference_bh(tp->root); struct cls_fl_head *head = rcu_dereference_bh(tp->root);
bool post_ct = qdisc_skb_cb(skb)->post_ct;
struct fl_flow_key skb_key; struct fl_flow_key skb_key;
struct fl_flow_mask *mask; struct fl_flow_mask *mask;
struct cls_fl_filter *f; struct cls_fl_filter *f;
@ -318,7 +319,8 @@ static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key); skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
skb_flow_dissect_ct(skb, &mask->dissector, &skb_key, skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
fl_ct_info_to_flower_map, fl_ct_info_to_flower_map,
ARRAY_SIZE(fl_ct_info_to_flower_map)); ARRAY_SIZE(fl_ct_info_to_flower_map),
post_ct);
skb_flow_dissect_hash(skb, &mask->dissector, &skb_key); skb_flow_dissect_hash(skb, &mask->dissector, &skb_key);
skb_flow_dissect(skb, &mask->dissector, &skb_key, 0); skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);