datapath: add ct_clear action

Upstream commit:
    commit b8226962b1c49c784aeddb9d2fafbf53dfdc2190
    Author: Eric Garver <e@erig.me>
    Date:   Tue Oct 10 16:54:44 2017 -0400

    openvswitch: add ct_clear action

    This adds a ct_clear action for clearing conntrack state. ct_clear is
    currently implemented in OVS userspace, but is not backed by an action
    in the kernel datapath. This is useful for flows that may modify a
    packet tuple after a ct lookup has already occurred.

    Signed-off-by: Eric Garver <e@erig.me>
    Acked-by: Pravin B Shelar <pshelar@ovn.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Notes:
   - hunk from include/uapi/linux/openvswitch.h is missing because it
     was added with userspace support in 1fe178d251c8 ("dpif: Add support
     for OVS_ACTION_ATTR_CT_CLEAR")
   - if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set()
     calls do. Since we're setting ct to NULL this is okay.

Signed-off-by: Eric Garver <e@erig.me>
Acked-by: Pravin B Shelar <pshelar@ovn.org>

diff --git a/datapath/actions.c b/datapath/actions.c
index ad18c2cc768a12d44ce05bab5ee5e5d90da1785f..1840fe556baf2c3c4360bd5c5ecfeb67c603f93a 100644 (file)
--- a/datapath/actions.c
+++ b/datapath/actions.c
@@ -1214,6 +1214,10 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
                                return err == -EINPROGRESS ? 0 : err;
                        break;
 
+               case OVS_ACTION_ATTR_CT_CLEAR:
+                       err = ovs_ct_clear(skb, key);
+                       break;
+
                case OVS_ACTION_ATTR_PUSH_ETH:
                        err = push_eth(skb, key, nla_data(a));
                        break;

diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index d517a87b047432f90e7b6b82a8631bb133c22590..3f7943370fb3cff6b7129f21e6683aa2d0d98dd5 100644 (file)
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -1170,6 +1170,21 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
        return err;
 }
 
+int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
+{
+       if (skb_nfct(skb)) {
+               nf_conntrack_put(skb_nfct(skb));
+#ifdef HAVE_IP_CT_UNTRACKED
+               nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
+#else
+               nf_ct_set(skb, NULL, 0);
+#endif
+               ovs_ct_fill_key(skb, key);
+       }
+
+       return 0;
+}
+
 static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
                             const struct sw_flow_key *key, bool log)
 {

diff --git a/datapath/conntrack.h b/datapath/conntrack.h
index 69ceb80e5a7384e0577c3a9fd172a7ee62ed90e1..0c3964f5bcaf9dc085b450830f889b00f3fe0ab5 100644 (file)
--- a/datapath/conntrack.h
+++ b/datapath/conntrack.h
@@ -31,6 +31,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *, struct sk_buff *);
 
 int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *,
                   const struct ovs_conntrack_info *);
+int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key);
 
 void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key);
 int ovs_ct_put_key(const struct sw_flow_key *swkey,
@@ -74,6 +75,12 @@ static inline int ovs_ct_execute(struct net *net, struct sk_buff *skb,
        return -ENOTSUPP;
 }
 
+static inline int ovs_ct_clear(struct sk_buff *skb,
+                              struct sw_flow_key *key)
+{
+       return -ENOTSUPP;
+}
+
 static inline void ovs_ct_fill_key(const struct sk_buff *skb,
                                   struct sw_flow_key *key)
 {

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index b3b209269dcc8e563b8d6fa19261f6c93c615083..303337c4e99f7feb7021762974317666c372de50 100644 (file)
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -77,6 +77,7 @@ static bool actions_may_change_flow(const struct nlattr *actions)
                        break;
 
                case OVS_ACTION_ATTR_CT:
+               case OVS_ACTION_ATTR_CT_CLEAR:
                case OVS_ACTION_ATTR_HASH:
                case OVS_ACTION_ATTR_POP_ETH:
                case OVS_ACTION_ATTR_POP_MPLS:
@@ -2487,6 +2488,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
                        [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
                        [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
                        [OVS_ACTION_ATTR_CT] = (u32)-1,
+                       [OVS_ACTION_ATTR_CT_CLEAR] = 0,
                        [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
                        [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
                        [OVS_ACTION_ATTR_POP_ETH] = 0,
@@ -2628,6 +2630,9 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
                        skip_copy = true;
                        break;
 
+               case OVS_ACTION_ATTR_CT_CLEAR:
+                       break;
+
                case OVS_ACTION_ATTR_PUSH_ETH:
                        /* Disallow pushing an Ethernet header if one
                         * is already present */