Re: [ovs-dev] [PATCH 2/2] datapath: add ct_clear action

Mon, 22 Jan 2018 14:38:35 -0800 

On Mon, Jan 22, 2018 at 11:10 AM, Eric Garver <[email protected]> wrote:
> Upstream commit:
>     commit b8226962b1c49c784aeddb9d2fafbf53dfdc2190
>     Author: Eric Garver <[email protected]>
>     Date:   Tue Oct 10 16:54:44 2017 -0400
>
>     openvswitch: add ct_clear action
>
>     This adds a ct_clear action for clearing conntrack state. ct_clear is
>     currently implemented in OVS userspace, but is not backed by an action
>     in the kernel datapath. This is useful for flows that may modify a
>     packet tuple after a ct lookup has already occurred.
>
>     Signed-off-by: Eric Garver <[email protected]>
>     Acked-by: Pravin B Shelar <[email protected]>
>     Signed-off-by: David S. Miller <[email protected]>
>
> Notes:
>    - hunk from include/uapi/linux/openvswitch.h is missing because it
>      was added with userspace support in 1fe178d251c8 ("dpif: Add support
>      for OVS_ACTION_ATTR_CT_CLEAR")
>    - if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set()
>      calls do. Since we're setting ct to NULL this is okay.
>
> Signed-off-by: Eric Garver <[email protected]>
> ---
>  datapath/actions.c      |  4 ++++
>  datapath/conntrack.c    | 15 +++++++++++++++
>  datapath/conntrack.h    |  7 +++++++
>  datapath/flow_netlink.c |  5 +++++
>  4 files changed, 31 insertions(+)
>
> diff --git a/datapath/actions.c b/datapath/actions.c
> index ad18c2cc768a..1840fe556baf 100644
> --- a/datapath/actions.c
> +++ b/datapath/actions.c
> @@ -1214,6 +1214,10 @@ static int do_execute_actions(struct datapath *dp, 
> struct sk_buff *skb,
>                                 return err == -EINPROGRESS ? 0 : err;
>                         break;
>
> +               case OVS_ACTION_ATTR_CT_CLEAR:
> +                       err = ovs_ct_clear(skb, key);
> +                       break;
> +
>                 case OVS_ACTION_ATTR_PUSH_ETH:
>                         err = push_eth(skb, key, nla_data(a));
>                         break;
> diff --git a/datapath/conntrack.c b/datapath/conntrack.c
> index d517a87b0474..3f7943370fb3 100644
> --- a/datapath/conntrack.c
> +++ b/datapath/conntrack.c
> @@ -1170,6 +1170,21 @@ int ovs_ct_execute(struct net *net, struct sk_buff 
> *skb,
>         return err;
>  }
>
> +int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
> +{
> +       if (skb_nfct(skb)) {
> +               nf_conntrack_put(skb_nfct(skb));
> +#ifdef HAVE_IP_CT_UNTRACKED

I just noticed, there is no code to define symbol
HAVE_IP_CT_UNTRACKED. Can you add it to acinclude.m4 ?
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to