All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jarno Rajahalme <jarno@ovn.org>
To: netdev@vger.kernel.org
Cc: jarno@ovn.org
Subject: [PATCH v2 net-next 4/9] openvswitch: Do not trigger events for unconfirmed connections.
Date: Wed,  8 Feb 2017 11:32:05 -0800	[thread overview]
Message-ID: <1486582330-31152-5-git-send-email-jarno@ovn.org> (raw)
In-Reply-To: <1486582330-31152-1-git-send-email-jarno@ovn.org>

Receiving change events before the 'new' event for the connection has
been received can be confusing.  Avoid triggering change events for
setting conntrack mark or labels before the conntrack entry has been
confirmed.

Fixes: 182e3042e15d ("openvswitch: Allow matching on conntrack mark")
Fixes: c2ac66735870 ("openvswitch: Allow matching on conntrack label")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
---
 net/openvswitch/conntrack.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index a07e5cd..6e3e5e7 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -245,7 +245,8 @@ static int ovs_ct_set_mark(struct sk_buff *skb, struct sw_flow_key *key,
 	new_mark = ct_mark | (ct->mark & ~(mask));
 	if (ct->mark != new_mark) {
 		ct->mark = new_mark;
-		nf_conntrack_event_cache(IPCT_MARK, ct);
+		if (nf_ct_is_confirmed(ct))
+			nf_conntrack_event_cache(IPCT_MARK, ct);
 		key->ct.mark = new_mark;
 	}
 
@@ -262,7 +263,6 @@ static int ovs_ct_set_labels(struct sk_buff *skb, struct sw_flow_key *key,
 	enum ip_conntrack_info ctinfo;
 	struct nf_conn_labels *cl;
 	struct nf_conn *ct;
-	int err;
 
 	/* The connection could be invalid, in which case set_label is no-op.*/
 	ct = nf_ct_get(skb, &ctinfo);
@@ -277,11 +277,27 @@ static int ovs_ct_set_labels(struct sk_buff *skb, struct sw_flow_key *key,
 	if (!cl)
 		return -ENOSPC;
 
-	err = nf_connlabels_replace(ct, labels->ct_labels_32,
-				    mask->ct_labels_32,
-				    OVS_CT_LABELS_LEN_32);
-	if (err)
-		return err;
+	if (nf_ct_is_confirmed(ct)) {
+		/* Triggers a change event, which makes sense only for
+		 * confirmed connections.
+		 */
+		int err = nf_connlabels_replace(ct, labels->ct_labels_32,
+						mask->ct_labels_32,
+						OVS_CT_LABELS_LEN_32);
+		if (err)
+			return err;
+	} else {
+		u32 *dst = (u32 *)cl->bits;
+		int i;
+
+		/* No-one else has access to the non-confirmed entry, copy
+		 * labels over, keeping any bits we are not explicitly setting.
+		 */
+		for (i = 0; i < OVS_CT_LABELS_LEN_32; i++)
+			dst[i] = (dst[i] & ~mask->ct_labels_32[i]) |
+				(labels->ct_labels_32[i] &
+				 mask->ct_labels_32[i]);
+	}
 
 	ovs_ct_get_labels(ct, &key->ct.labels);
 	return 0;
-- 
2.1.4

  parent reply	other threads:[~2017-02-08 19:34 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-08 19:32 [PATCH v2 net-next 0/9] openvswitch: Conntrack integration improvements Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 1/9] openvswitch: Use inverted tuple in ovs_ct_find_existing() if NATted Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 2/9] openvswitch: Unionize ovs_key_ct_label with a u32 array Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 3/9] openvswitch: Simplify labels length logic Jarno Rajahalme
2017-02-08 22:47   ` Joe Stringer
2017-02-09 19:39     ` Jarno Rajahalme
2017-02-08 19:32 ` Jarno Rajahalme [this message]
2017-02-08 19:32 ` [PATCH v2 net-next 5/9] openvswitch: Refactor labels initialization Jarno Rajahalme
2017-02-08 23:06   ` Joe Stringer
2017-02-09 19:04     ` Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 6/9] openvswitch: Inherit master's labels Jarno Rajahalme
2017-02-08 23:25   ` Joe Stringer
2017-02-09 19:04     ` Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 7/9] openvswitch: Add original direction conntrack tuple to sw_flow_key Jarno Rajahalme
2017-02-08 23:42   ` Joe Stringer
2017-02-08 19:32 ` [PATCH v2 net-next 8/9] openvswitch: Add force commit Jarno Rajahalme
2017-02-08 23:53   ` Joe Stringer
2017-02-09 19:39     ` Jarno Rajahalme
2017-02-08 19:32 ` [PATCH v2 net-next 9/9] openvswitch: Pack struct sw_flow_key Jarno Rajahalme
2017-02-08 23:54 ` [PATCH v2 net-next 0/9] openvswitch: Conntrack integration improvements Joe Stringer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1486582330-31152-5-git-send-email-jarno@ovn.org \
    --to=jarno@ovn.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.