* [PATCH net-next] sched/cls_flow.c
@ 2015-12-14 8:43 Igor Gavrilov
2015-12-14 19:12 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Igor Gavrilov @ 2015-12-14 8:43 UTC (permalink / raw)
To: netdev; +Cc: Jamal Hadi Salim
From: Igor Gavrilov <i.o.gavrilov@gmail.com>
Improved CTTUPLE macro with code from sched/act_connmark.c, so it be
able to get unNATed addresses from nf_conntrack on ingress interface.
Signed-off-by: Igor Gavrilov <i.o.gavrilov@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
--- net/sched/cls_flow.c.orig 2015-12-11 12:51:32.541673211 +0200
+++ net/sched/cls_flow.c 2015-12-14 12:01:50.719174387 +0200
@@ -31,6 +31,8 @@
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_zones.h>
#endif
struct flow_head {
@@ -133,16 +135,48 @@ static u32 flow_get_nfct(const struct sk
}
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-#define CTTUPLE(skb, member) \
+#define CTTUPLE(skb, direction, member)
\
({ \
enum ip_conntrack_info ctinfo; \
- const struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \
- if (ct == NULL) \
- goto fallback; \
- ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \
+ struct nf_conntrack_tuple tuple; \
+ struct nf_conntrack_zone zone; \
+ const struct nf_conntrack_tuple_hash *thash; \
+ __be32 result; \
+ int proto; \
+ struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \
+ if (ct == NULL) { \
+ switch (tc_skb_protocol(skb)) { \
+ case htons(ETH_P_IP): \
+ proto = NFPROTO_IPV4; \
+ break; \
+ case htons(ETH_P_IPV6): \
+ proto = NFPROTO_IPV6; \
+ break; \
+ default: \
+ goto fallback; \
+ } \
+ \
+ if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto,\
+ dev_net(skb->dev), &tuple)) \
+ goto fallback; \
+ zone.id = NF_CT_DEFAULT_ZONE_ID; \
+ zone.dir = NF_CT_DEFAULT_ZONE_DIR; \
+ \
+ thash = nf_conntrack_find_get(dev_net(skb->dev), &zone, \
+ &tuple); \
+ if (!thash) \
+ goto fallback; \
+ ct = nf_ct_tuplehash_to_ctrack(thash); \
+ result = ct->tuplehash[(thash->tuple.dst.dir ==
IP_CT_DIR_REPLY) ? \
+ IP_CT_DIR_ORIGINAL : IP_CT_DIR_REPLY].tuple.src.member;\
+ nf_ct_put(ct); \
+ } else { \
+ result =
ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.direction.member;\
+ } \
+ result; \
})
#else
-#define CTTUPLE(skb, member) \
+#define CTTUPLE(skb, direction, member)
\
({ \
goto fallback; \
0; \
@@ -153,9 +187,9 @@ static u32 flow_get_nfct_src(const struc
{
switch (tc_skb_protocol(skb)) {
case htons(ETH_P_IP):
- return ntohl(CTTUPLE(skb, src.u3.ip));
+ return ntohl(CTTUPLE(skb, src, u3.ip));
case htons(ETH_P_IPV6):
- return ntohl(CTTUPLE(skb, src.u3.ip6[3]));
+ return ntohl(CTTUPLE(skb, src, u3.ip6[3]));
}
fallback:
return flow_get_src(skb, flow);
@@ -165,9 +199,9 @@ static u32 flow_get_nfct_dst(const struc
{
switch (tc_skb_protocol(skb)) {
case htons(ETH_P_IP):
- return ntohl(CTTUPLE(skb, dst.u3.ip));
+ return ntohl(CTTUPLE(skb, dst, u3.ip));
case htons(ETH_P_IPV6):
- return ntohl(CTTUPLE(skb, dst.u3.ip6[3]));
+ return ntohl(CTTUPLE(skb, dst, u3.ip6[3]));
}
fallback:
return flow_get_dst(skb, flow);
@@ -175,14 +209,14 @@ fallback:
static u32 flow_get_nfct_proto_src(const struct sk_buff *skb, const
struct flow_keys *flow)
{
- return ntohs(CTTUPLE(skb, src.u.all));
+ return ntohs(CTTUPLE(skb, src, u.all));
fallback:
return flow_get_proto_src(skb, flow);
}
static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb, const
struct flow_keys *flow)
{
- return ntohs(CTTUPLE(skb, dst.u.all));
+ return ntohs(CTTUPLE(skb, dst, u.all));
fallback:
return flow_get_proto_dst(skb, flow);
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] sched/cls_flow.c
2015-12-14 8:43 [PATCH net-next] sched/cls_flow.c Igor Gavrilov
@ 2015-12-14 19:12 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2015-12-14 19:12 UTC (permalink / raw)
To: i.o.gavrilov; +Cc: netdev, jhs
From: Igor Gavrilov <i.o.gavrilov@gmail.com>
Date: Mon, 14 Dec 2015 10:43:35 +0200
> From: Igor Gavrilov <i.o.gavrilov@gmail.com>
>
> Improved CTTUPLE macro with code from sched/act_connmark.c, so it be
> able to get unNATed addresses from nf_conntrack on ingress interface.
>
> Signed-off-by: Igor Gavrilov <i.o.gavrilov@gmail.com>
> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Your patch was mangled by your email client.
Please email a test patch to yourself, and DO NOT try to resubmit this patch
to the mailing list until you can successfully apply the patch you receive
in that test email.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-14 19:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-14 8:43 [PATCH net-next] sched/cls_flow.c Igor Gavrilov
2015-12-14 19:12 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.