[ovs-dev] [PATCH 2/2] datapath: add ct_clear action

Eric Garver e at erig.me
Mon Jan 22 23:23:54 UTC 2018 

On Mon, Jan 22, 2018 at 02:38:07PM -0800, Pravin Shelar wrote:
> On Mon, Jan 22, 2018 at 11:10 AM, Eric Garver <e at erig.me> wrote:
> > Upstream commit:
> >     commit b8226962b1c49c784aeddb9d2fafbf53dfdc2190
> >     Author: Eric Garver <e at erig.me>
> >     Date:   Tue Oct 10 16:54:44 2017 -0400
> >
> >     openvswitch: add ct_clear action
> >
> >     This adds a ct_clear action for clearing conntrack state. ct_clear is
> >     currently implemented in OVS userspace, but is not backed by an action
> >     in the kernel datapath. This is useful for flows that may modify a
> >     packet tuple after a ct lookup has already occurred.
> >
> >     Signed-off-by: Eric Garver <e at erig.me>
> >     Acked-by: Pravin B Shelar <pshelar at ovn.org>
> >     Signed-off-by: David S. Miller <davem at davemloft.net>
> >
> > Notes:
> >    - hunk from include/uapi/linux/openvswitch.h is missing because it
> >      was added with userspace support in 1fe178d251c8 ("dpif: Add support
> >      for OVS_ACTION_ATTR_CT_CLEAR")
> >    - if IP_CT_UNTRACKED is not available use 0 as other nf_ct_set()
> >      calls do. Since we're setting ct to NULL this is okay.
> >
> > Signed-off-by: Eric Garver <e at erig.me>
> > ---
> >  datapath/actions.c      |  4 ++++
> >  datapath/conntrack.c    | 15 +++++++++++++++
> >  datapath/conntrack.h    |  7 +++++++
> >  datapath/flow_netlink.c |  5 +++++
> >  4 files changed, 31 insertions(+)
> >
> > diff --git a/datapath/actions.c b/datapath/actions.c
> > index ad18c2cc768a..1840fe556baf 100644
> > --- a/datapath/actions.c
> > +++ b/datapath/actions.c
> > @@ -1214,6 +1214,10 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
> >                                 return err == -EINPROGRESS ? 0 : err;
> >                         break;
> >
> > +               case OVS_ACTION_ATTR_CT_CLEAR:
> > +                       err = ovs_ct_clear(skb, key);
> > +                       break;
> > +
> >                 case OVS_ACTION_ATTR_PUSH_ETH:
> >                         err = push_eth(skb, key, nla_data(a));
> >                         break;
> > diff --git a/datapath/conntrack.c b/datapath/conntrack.c
> > index d517a87b0474..3f7943370fb3 100644
> > --- a/datapath/conntrack.c
> > +++ b/datapath/conntrack.c
> > @@ -1170,6 +1170,21 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
> >         return err;
> >  }
> >
> > +int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
> > +{
> > +       if (skb_nfct(skb)) {
> > +               nf_conntrack_put(skb_nfct(skb));
> > +#ifdef HAVE_IP_CT_UNTRACKED
> 
> I just noticed, there is no code to define symbol
> HAVE_IP_CT_UNTRACKED. Can you add it to acinclude.m4 ?

That's patch 01. Macro OVS_GREP_IFELSE() creates the define by default if $3 is
empty.

acinclude.m4:

	[..snip..]
	dnl OVS_GREP_IFELSE(FILE, REGEX, [IF-MATCH], [IF-NO-MATCH])
	dnl
	dnl Greps FILE for REGEX.  If it matches, runs IF-MATCH, otherwise IF-NO-MATCH.
	dnl If IF-MATCH is empty then it defines to OVS_DEFINE(HAVE_<REGEX>), with
	dnl <REGEX> translated to uppercase.
	AC_DEFUN([OVS_GREP_IFELSE], [
	[..snip..]

More information about the dev mailing list