From f19c223fb35b958c37241d0ebf70bacec056b306 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Fri, 3 May 2019 12:41:58 +0100 Subject: [PATCH 2/2] refactor conntrack lookup In the original code we use the conntrack info contained in the skb to lookup the conntrack entry for 'internal' ip addresses. For egress this works fine as the skb conntrack entry will be filled in. Ingress is harder in that the skb ct details aren't filled in, so we have to look ourselves into the the conntrack table deep abyss. This lookup was referred to by me as 'the reverse', which I think led to the original 'rev' boolean, which isn't really required. The 'rev' boolean also controlled which 'side' of the ct tuples we looked at to obtain IP addresses. The harder tuple lookup used tuple = nf_ct_tuple(ct, !hash->tuple.dst.dir) which if looked at carefully inverts the direction of the ct tuple lookup. This got me thinking "why are we inverting the lookup to then re-invert it later with our 'rev' boolean based address selection. We can eliminate the 'rev' boolean using hash !NULL as the equivalent, also if we don't invert our ct tuple lookup we can eliminate the address swapping. Signed-off-by: Kevin Darbyshire-Bryant --- sch_cake.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sch_cake.c b/sch_cake.c index f0d651e..12c641a 100644 --- a/sch_cake.c +++ b/sch_cake.c @@ -661,26 +661,26 @@ static void cake_update_flowkeys(struct flow_keys *keys, return; ct = nf_ct_tuplehash_to_ctrack(hash); - tuple = nf_ct_tuple(ct, !hash->tuple.dst.dir); + tuple = nf_ct_tuple(ct, hash->tuple.dst.dir); } #if KERNEL_VERSION(4, 2, 0) > LINUX_VERSION_CODE - keys->src = hash ? tuple->dst.u3.ip : tuple->src.u3.ip; - keys->dst = hash ? tuple->src.u3.ip : tuple->dst.u3.ip; + keys->src = tuple->src.u3.ip; + keys->dst = tuple->dst.u3.ip; #else - keys->addrs.v4addrs.src = hash ? tuple->dst.u3.ip : tuple->src.u3.ip; - keys->addrs.v4addrs.dst = hash ? tuple->src.u3.ip : tuple->dst.u3.ip; + keys->addrs.v4addrs.src = tuple->src.u3.ip; + keys->addrs.v4addrs.dst = tuple->dst.u3.ip; #endif #if KERNEL_VERSION(4, 2, 0) > LINUX_VERSION_CODE if (keys->ports) { - keys->port16[0] = hash ? tuple->dst.u.all : tuple->src.u.all; - keys->port16[1] = hash ? tuple->src.u.all : tuple->dst.u.all; + keys->port16[0] = tuple->src.u.all; + keys->port16[1] = tuple->dst.u.all; } #else if (keys->ports.ports) { - keys->ports.src = hash ? tuple->dst.u.all : tuple->src.u.all; - keys->ports.dst = hash ? tuple->src.u.all : tuple->dst.u.all; + keys->ports.src = tuple->src.u.all; + keys->ports.dst = tuple->dst.u.all; } #endif if (hash) -- 2.20.1 (Apple Git-117)