On Mon, Jan 22, 2018 at 02:38:07PM -0800, Pravin Shelar wrote: > On Mon, Jan 22, 2018 at 11:10 AM, Eric Garver <e...@erig.me> wrote: > > Upstream commit: > > commit b8226962b1c49c784aeddb9d2fafbf53dfdc2190 > > Author: Eric Garver <e...@erig.me> > > Date: Tue Oct 10 16:54:44 2017 -0400 > > > > openvswitch: add ct_clear action > > > > This adds a ct_clear action for clearing conntrack state. ct_clear is > > currently implemented in OVS userspace, but is not backed by an action > > in the kernel datapath. This is useful for flows that may modify a > > packet tuple after a ct lookup has already occurred. > > > > Signed-off-by: Eric Garver <e...@erig.me> > > Acked-by: Pravin B Shelar <pshe...@ovn.org> > > Signed-off-by: David S. Miller <da...@davemloft.net> > > > > Notes: > > - hunk from include/uapi/linux/openvswitch.h is missing because it > > was added with userspace support in 1fe178d251c8 ("dpif: Add support > > for OVS_ACTION_ATTR_CT_CLEAR") > > - if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set() > > calls do. Since we're setting ct to NULL this is okay. > > > > Signed-off-by: Eric Garver <e...@erig.me> > > --- > > datapath/actions.c | 4 ++++ > > datapath/conntrack.c | 15 +++++++++++++++ > > datapath/conntrack.h | 7 +++++++ > > datapath/flow_netlink.c | 5 +++++ > > 4 files changed, 31 insertions(+) > > > > diff --git a/datapath/actions.c b/datapath/actions.c > > index ad18c2cc768a..1840fe556baf 100644 > > --- a/datapath/actions.c > > +++ b/datapath/actions.c > > @@ -1214,6 +1214,10 @@ static int do_execute_actions(struct datapath *dp, > > struct sk_buff *skb, > > return err == -EINPROGRESS ? 0 : err; > > break; > > > > + case OVS_ACTION_ATTR_CT_CLEAR: > > + err = ovs_ct_clear(skb, key); > > + break; > > + > > case OVS_ACTION_ATTR_PUSH_ETH: > > err = push_eth(skb, key, nla_data(a)); > > break; > > diff --git a/datapath/conntrack.c b/datapath/conntrack.c > > index d517a87b0474..3f7943370fb3 100644 > > --- a/datapath/conntrack.c > > +++ b/datapath/conntrack.c > > @@ -1170,6 +1170,21 @@ int ovs_ct_execute(struct net *net, struct sk_buff > > *skb, > > return err; > > } > > > > +int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key) > > +{ > > + if (skb_nfct(skb)) { > > + nf_conntrack_put(skb_nfct(skb)); > > +#ifdef HAVE_IP_CT_UNTRACKED > > I just noticed, there is no code to define symbol > HAVE_IP_CT_UNTRACKED. Can you add it to acinclude.m4 ?
That's patch 01. Macro OVS_GREP_IFELSE() creates the define by default if $3 is empty. acinclude.m4: [..snip..] dnl OVS_GREP_IFELSE(FILE, REGEX, [IF-MATCH], [IF-NO-MATCH]) dnl dnl Greps FILE for REGEX. If it matches, runs IF-MATCH, otherwise IF-NO-MATCH. dnl If IF-MATCH is empty then it defines to OVS_DEFINE(HAVE_<REGEX>), with dnl <REGEX> translated to uppercase. AC_DEFUN([OVS_GREP_IFELSE], [ [..snip..] _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev