]> git.proxmox.com Git - mirror_ovs.git/commit
projects / mirror_ovs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2fc8309) | patch
datapath: Add support for conntrack timeout policy
authorYi-Hung Wei <yihung.wei@gmail.com>
Wed, 28 Aug 2019 22:14:28 +0000 (15:14 -0700)
committerJustin Pettit <jpettit@ovn.org>
Thu, 26 Sep 2019 20:50:17 +0000 (13:50 -0700)
commitebe62ec1b9157bfdcc13288e38e67c05a41dc293
treefb0a51b583627e538a855efba14b43aa613c5d2ctree
parent2fc8309bd6f1a3f8193d4a180dbc239ae83e8933commit | diff
datapath: Add support for conntrack timeout policy

This patch adds support for specifying a timeout policy for a
connection in connection tracking system in kernel datapath.
The timeout policy will be attached to a connection when the
connection is committed to conntrack.

This patch introduces a new odp field OVS_CT_ATTR_TIMEOUT in the
ct action that specifies the timeout policy in the datapath.
In the following patch, during the upcall process, the vswitchd will use
the ct_zone to look up the corresponding timeout policy and fill
OVS_CT_ATTR_TIMEOUT if it is available.

The datapath code is from the following two net-next upstream commits.

Upstream commit:
commit 06bd2bdf19d2f3d22731625e1a47fa1dff5ac407
Author: Yi-Hung Wei <yihung.wei@gmail.com>
Date:   Tue Mar 26 11:31:14 2019 -0700

    openvswitch: Add timeout support to ct action

    Add support for fine-grain timeout support to conntrack action.
    The new OVS_CT_ATTR_TIMEOUT attribute of the conntrack action
    specifies a timeout to be associated with this connection.
    If no timeout is specified, it acts as is, that is the default
    timeout for the connection will be automatically applied.

    Example usage:
    $ nfct timeout add timeout_1 inet tcp syn_sent 100 established 200
    $ ovs-ofctl add-flow br0 in_port=1,ip,tcp,action=ct(commit,timeout=timeout_1)

CC: Pravin Shelar <pshelar@ovn.org>
CC: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 6d670497e01803b486aa72cc1a718401ab986896
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Tue Apr 2 09:53:14 2019 +0300

    openvswitch: use after free in __ovs_ct_free_action()

    We free "ct_info->ct" and then use it on the next line when we pass it
    to nf_ct_destroy_timeout().  This patch swaps the order to avoid the use
    after free.

Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
datapath/conntrack.c diff | blob | blame | history
datapath/linux/compat/include/linux/openvswitch.h diff | blob | blame | history
lib/dpif-netdev.c diff | blob | blame | history
lib/odp-util.c diff | blob | blame | history
tests/odp.at diff | blob | blame | history
openvswitch mirror