Commit d29334c1 authored by wenxu's avatar wenxu Committed by David S. Miller

net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct

When openvswitch conntrack offload with act_ct action. The first rule
do conntrack in the act_ct in tc subsystem. And miss the next rule in
the tc and fallback to the ovs datapath but miss set post_ct flag
which will lead the ct_state_key with -trk flag.

Fixes: 7baf2429 ("net/sched: cls_flower add CT_FLAGS_INVALID flag support")
Signed-off-by: default avatarwenxu <wenxu@ucloud.cn>
Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ce225298
...@@ -285,6 +285,7 @@ struct nf_bridge_info { ...@@ -285,6 +285,7 @@ struct nf_bridge_info {
struct tc_skb_ext { struct tc_skb_ext {
__u32 chain; __u32 chain;
__u16 mru; __u16 mru;
bool post_ct;
}; };
#endif #endif
......
...@@ -271,9 +271,11 @@ static void ovs_ct_update_key(const struct sk_buff *skb, ...@@ -271,9 +271,11 @@ static void ovs_ct_update_key(const struct sk_buff *skb,
/* This is called to initialize CT key fields possibly coming in from the local /* This is called to initialize CT key fields possibly coming in from the local
* stack. * stack.
*/ */
void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key) void ovs_ct_fill_key(const struct sk_buff *skb,
struct sw_flow_key *key,
bool post_ct)
{ {
ovs_ct_update_key(skb, NULL, key, false, false); ovs_ct_update_key(skb, NULL, key, post_ct, false);
} }
int ovs_ct_put_key(const struct sw_flow_key *swkey, int ovs_ct_put_key(const struct sw_flow_key *swkey,
...@@ -1332,7 +1334,7 @@ int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key) ...@@ -1332,7 +1334,7 @@ int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
if (skb_nfct(skb)) { if (skb_nfct(skb)) {
nf_conntrack_put(skb_nfct(skb)); nf_conntrack_put(skb_nfct(skb));
nf_ct_set(skb, NULL, IP_CT_UNTRACKED); nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
ovs_ct_fill_key(skb, key); ovs_ct_fill_key(skb, key, false);
} }
return 0; return 0;
......
...@@ -25,7 +25,8 @@ int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *, ...@@ -25,7 +25,8 @@ int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *,
const struct ovs_conntrack_info *); const struct ovs_conntrack_info *);
int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key); int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key);
void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key); void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key,
bool post_ct);
int ovs_ct_put_key(const struct sw_flow_key *swkey, int ovs_ct_put_key(const struct sw_flow_key *swkey,
const struct sw_flow_key *output, struct sk_buff *skb); const struct sw_flow_key *output, struct sk_buff *skb);
void ovs_ct_free_action(const struct nlattr *a); void ovs_ct_free_action(const struct nlattr *a);
...@@ -74,7 +75,8 @@ static inline int ovs_ct_clear(struct sk_buff *skb, ...@@ -74,7 +75,8 @@ static inline int ovs_ct_clear(struct sk_buff *skb,
} }
static inline void ovs_ct_fill_key(const struct sk_buff *skb, static inline void ovs_ct_fill_key(const struct sk_buff *skb,
struct sw_flow_key *key) struct sw_flow_key *key,
bool post_ct)
{ {
key->ct_state = 0; key->ct_state = 0;
key->ct_zone = 0; key->ct_zone = 0;
......
...@@ -857,6 +857,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, ...@@ -857,6 +857,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
#if IS_ENABLED(CONFIG_NET_TC_SKB_EXT) #if IS_ENABLED(CONFIG_NET_TC_SKB_EXT)
struct tc_skb_ext *tc_ext; struct tc_skb_ext *tc_ext;
#endif #endif
bool post_ct = false;
int res, err; int res, err;
/* Extract metadata from packet. */ /* Extract metadata from packet. */
...@@ -895,6 +896,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, ...@@ -895,6 +896,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
tc_ext = skb_ext_find(skb, TC_SKB_EXT); tc_ext = skb_ext_find(skb, TC_SKB_EXT);
key->recirc_id = tc_ext ? tc_ext->chain : 0; key->recirc_id = tc_ext ? tc_ext->chain : 0;
OVS_CB(skb)->mru = tc_ext ? tc_ext->mru : 0; OVS_CB(skb)->mru = tc_ext ? tc_ext->mru : 0;
post_ct = tc_ext ? tc_ext->post_ct : false;
} else { } else {
key->recirc_id = 0; key->recirc_id = 0;
} }
...@@ -904,7 +906,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, ...@@ -904,7 +906,7 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
err = key_extract(skb, key); err = key_extract(skb, key);
if (!err) if (!err)
ovs_ct_fill_key(skb, key); /* Must be after key_extract(). */ ovs_ct_fill_key(skb, key, post_ct); /* Must be after key_extract(). */
return err; return err;
} }
......
...@@ -1629,6 +1629,7 @@ int tcf_classify_ingress(struct sk_buff *skb, ...@@ -1629,6 +1629,7 @@ int tcf_classify_ingress(struct sk_buff *skb,
return TC_ACT_SHOT; return TC_ACT_SHOT;
ext->chain = last_executed_chain; ext->chain = last_executed_chain;
ext->mru = qdisc_skb_cb(skb)->mru; ext->mru = qdisc_skb_cb(skb)->mru;
ext->post_ct = qdisc_skb_cb(skb)->post_ct;
} }
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment