From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E515BC43381 for ; Fri, 22 Mar 2019 17:41:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B573821925 for ; Fri, 22 Mar 2019 17:41:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HdyHvD2/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728865AbfCVRlo (ORCPT ); Fri, 22 Mar 2019 13:41:44 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:33464 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727693AbfCVRlo (ORCPT ); Fri, 22 Mar 2019 13:41:44 -0400 Received: by mail-wr1-f67.google.com with SMTP id q1so3292854wrp.0 for ; Fri, 22 Mar 2019 10:41:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WntBNEiaIPpBR/elfG8W4WRN81cCrUDW7hE9Ty2fCqY=; b=HdyHvD2/CmGbl+FnuFyyVZUXCAn0ZaqoCqgGJNk4YBWA/v1UC7uQzl6IgGOvrH2KOO kOvzPht+zKPyoV/+ja2BgRxnfL/vdFBp0MoI1NcE2SQ9sY0dRRpZX9XdWBUD6eklHweH 88EpRfLZGz0c2tSuOg9vux0LtN2WLeGlVdXs42XHIET3m82yxZR5k1vXDjvHN91rWPCH TPqIXYiAN7BMiGIhYMKDxXzh4IXfDGxJ4SwY9gF19uuZV+6mlLjG3flOIvkENMGI6iYl z1XoQJGVbXtilsq1BS5RCpXHIt6CWI2qYts+QxWSfOIbBuLu7ME2uZFZ1ai3aXygyWo8 +YEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WntBNEiaIPpBR/elfG8W4WRN81cCrUDW7hE9Ty2fCqY=; b=W3hDczN1mGT0YQjQQsumG0fCYs+rsiOOQ8MoNyLv7w/not3P2BOSUQOoYk72AFUKno HR83l6BMCqNVRBGk01l9Q/g4TSU32jRgI93TZjH5RlYjHbHorfKf2H+AFXI8qTk8sYN0 IYVt8ownAIQum2l5UVmniHTH+LqmWB+p0uxrduAjiYVqaWeSv1Hmrk4ugF2KXmdsQx/c Jz/sCxiIqqsddEAEM8NpJSGvvrnpjs+s94M+5v9GRia2FqlZXqBg5lTKxd66Ho7dMSXG jDPeH2lw+otpGnj1M+4D6vZfv7x/kJAV9tsX1Cib85FxE6AHSrSABx66ArlYO2w4r9tw cnEw== X-Gm-Message-State: APjAAAW9WGTplsKmIosU9KaRkl7lIJ8FGGWC5dhQcQCHGgQhjZKwfmbN nfVjiuZkrE96vv6J3k0IHmocS3kY X-Google-Smtp-Source: APXvYqxiCWUddGj0HUZjlDwir8rj01LVJbiacOH/MboFBUPBY7Z/uqUSpbFdhnz5NVW7itOOQCWyBA== X-Received: by 2002:a5d:6207:: with SMTP id y7mr7035704wru.60.1553276501895; Fri, 22 Mar 2019 10:41:41 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id b16sm7477609wrq.41.2019.03.22.10.41.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 22 Mar 2019 10:41:41 -0700 (PDT) From: Yi-Hung Wei To: netdev@vger.kernel.org Cc: Yi-Hung Wei , Pravin Shelar Subject: [PATCH 2/2] openvswitch: Add timeout support to ct action Date: Fri, 22 Mar 2019 10:33:29 -0700 Message-Id: <1553276009-39311-2-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1553276009-39311-1-git-send-email-yihung.wei@gmail.com> References: <1553276009-39311-1-git-send-email-yihung.wei@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add support for fine-grain timeout support to conntrack action. The new OVS_CT_ATTR_TIMEOUT attribute of the conntrack action specifies a timeout to be associated with this connection. If no timeout is specified, it acts as is, that is the default timeout for the connection will be automatically applied. Example usage: $ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200 $ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1) CC: Pravin Shelar Signed-off-by: Yi-Hung Wei --- include/uapi/linux/openvswitch.h | 3 +++ net/openvswitch/conntrack.c | 30 +++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h index dbe0cbe4f1b7..00ec98836cf3 100644 --- a/include/uapi/linux/openvswitch.h +++ b/include/uapi/linux/openvswitch.h @@ -734,6 +734,7 @@ struct ovs_action_hash { * be received on NFNLGRP_CONNTRACK_NEW and NFNLGRP_CONNTRACK_DESTROY groups, * respectively. Remaining bits control the changes for which an event is * delivered on the NFNLGRP_CONNTRACK_UPDATE group. + * @OVS_CT_ATTR_TIMEOUT: Variable length string defining conntrack timeout. */ enum ovs_ct_attr { OVS_CT_ATTR_UNSPEC, @@ -746,6 +747,8 @@ enum ovs_ct_attr { OVS_CT_ATTR_NAT, /* Nested OVS_NAT_ATTR_* */ OVS_CT_ATTR_FORCE_COMMIT, /* No argument */ OVS_CT_ATTR_EVENTMASK, /* u32 mask of IPCT_* events. */ + OVS_CT_ATTR_TIMEOUT, /* Associate timeout with this connection for + * fine-grain timeout tuning. */ __OVS_CT_ATTR_MAX }; diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 1b6896896fff..ce2e148711de 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -73,6 +74,7 @@ struct ovs_conntrack_info { u32 eventmask; /* Mask of 1 << IPCT_*. */ struct md_mark mark; struct md_labels labels; + char timeout[CTNL_TIMEOUT_NAME_MAX]; #ifdef CONFIG_NF_NAT_NEEDED struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ #endif @@ -1465,6 +1467,8 @@ static const struct ovs_ct_len_tbl ovs_ct_attr_lens[OVS_CT_ATTR_MAX + 1] = { #endif [OVS_CT_ATTR_EVENTMASK] = { .minlen = sizeof(u32), .maxlen = sizeof(u32) }, + [OVS_CT_ATTR_TIMEOUT] = { .minlen = 1, + .maxlen = CTNL_TIMEOUT_NAME_MAX }, }; static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, @@ -1550,6 +1554,15 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, info->have_eventmask = true; info->eventmask = nla_get_u32(a); break; +#ifdef CONFIG_NF_CONNTRACK_TIMEOUT + case OVS_CT_ATTR_TIMEOUT: + memcpy(info->timeout, nla_data(a), nla_len(a)); + if (!memchr(info->timeout, '\0', nla_len(a))) { + OVS_NLERR(log, "Invalid conntrack helper"); + return -EINVAL; + } + break; +#endif default: OVS_NLERR(log, "Unknown conntrack attr (%d)", @@ -1631,6 +1644,14 @@ int ovs_ct_copy_action(struct net *net, const struct nlattr *attr, OVS_NLERR(log, "Failed to allocate conntrack template"); return -ENOMEM; } + + if (ct_info.timeout[0]) { + if (nf_ct_set_timeout(net, ct_info.ct, family, key->ip.proto, + ct_info.timeout)) + pr_info_ratelimited("Failed to associated timeout " + "policy `%s'\n", ct_info.timeout); + } + if (helper) { err = ovs_ct_add_helper(&ct_info, helper, key, log); if (err) @@ -1751,6 +1772,10 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info, if (ct_info->have_eventmask && nla_put_u32(skb, OVS_CT_ATTR_EVENTMASK, ct_info->eventmask)) return -EMSGSIZE; + if (ct_info->timeout[0]) { + if (nla_put_string(skb, OVS_CT_ATTR_TIMEOUT, ct_info->timeout)) + return -EMSGSIZE; + } #ifdef CONFIG_NF_NAT_NEEDED if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb)) @@ -1772,8 +1797,11 @@ static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { if (ct_info->helper) nf_conntrack_helper_put(ct_info->helper); - if (ct_info->ct) + if (ct_info->ct) { nf_ct_tmpl_free(ct_info->ct); + if (ct_info->timeout[0]) + nf_ct_destroy_timeout(ct_info->ct); + } } #if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT) -- 2.7.4