[ovs-dev] [PATCH] datapath: Remove untracked CT on newer kernels.

Greg Rose gvrose8192 at gmail.com
Wed May 3 20:25:48 UTC 2017 

On Wed, May 3, 2017 at 11:53 AM, Joe Stringer <joe at ovn.org> wrote:
> Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked
> conntrack objects") and ab8bc7ed864b ("netfilter: remove
> nf_ct_is_untracked") removed the 'untracked' conntrack objects and
> functions. The latter commit removes the usage of nf_ct_is_untracked()
> from OVS. However, older kernels still have a representation of
> 'untracked' CT objects so the code needs to remain until the kernel
> support is bumped to Linux 4.12 or newer. Introduce a macro to detect
> this symbol and wrap these lines in the macro check.
>
> Signed-off-by: Joe Stringer <joe at ovn.org>
> ---
>  acinclude.m4         | 2 ++
>  datapath/conntrack.c | 2 ++
>  2 files changed, 4 insertions(+)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index dbe03bc83e43..d9a8a58372f0 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
>                    [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])])
>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
>                    [nf_ct_set])
> +  OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
> +                  [nf_ct_is_untracked])
>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h],
>                    [nf_ct_zone_init])
>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h],
> diff --git a/datapath/conntrack.c b/datapath/conntrack.c
> index 64ad0657241b..bf28fc071929 100644
> --- a/datapath/conntrack.c
> +++ b/datapath/conntrack.c
> @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key,
>         enum nf_nat_manip_type maniptype;
>         int err;
>
> +#ifdef HAVE_NF_CT_IS_UNTRACKED
>         if (nf_ct_is_untracked(ct)) {
>                 /* A NAT action may only be performed on tracked packets. */
>                 return NF_ACCEPT;
>         }
> +#endif /* HAVE_NF_CT_IS_UNTRACKED */
>
>         /* Add NAT extension if not confirmed yet. */
>         if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
> --

LGTM

Acked-by: Greg Rose <gvrose8192 at gmail.com>


> 2.12.0
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

More information about the dev mailing list