[ovs-dev] [PATCH 5/5] datapath: compat: drop bridge nf reset from nf_reset

Greg Rose gvrose8192 at gmail.com
Wed Oct 9 21:22:14 UTC 2019

Upstream commmit:
    commit 895b5c9f206eb7d25dc1360a8ccfc5958895eb89
    Author: Florian Westphal <fw at strlen.de>
    Date:   Sun Sep 29 20:54:03 2019 +0200

    netfilter: drop bridge nf reset from nf_reset

    commit 174e23810cd31
    ("sk_buff: drop all skb extensions on free and skb scrubbing") made napi
    recycle always drop skb extensions.  The additional skb_ext_del() that is
    performed via nf_reset on napi skb recycle is not needed anymore.

    Most nf_reset() calls in the stack are there so queued skb won't block
    'rmmod nf_conntrack' indefinitely.

    This removes the skb_ext_del from nf_reset, and renames it to a more
    fitting nf_reset_ct().

    In a few selected places, add a call to skb_ext_reset to make sure that
    no active extensions remain.

    I am submitting this for "net", because we're still early in the release
    cycle.  The patch applies to net-next too, but I think the rename causes
    needless divergence between those trees.

    Suggested-by: Eric Dumazet <edumazet at google.com>
    Signed-off-by: Florian Westphal <fw at strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

Added some compat layer fixups for nf_reset_ct.  This is just a portion
of the upstream commit that applies to openvswitch.

Cc: Florian Westphal <fw at strlen.de>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
 acinclude.m4                                 | 1 +
 datapath/linux/compat/include/linux/skbuff.h | 4 ++++
 datapath/vport-internal_dev.c                | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/acinclude.m4 b/acinclude.m4
index c729266..b1de8c9 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -740,6 +740,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
                         [rtnl_create_link], [extack],
+  OVS_GREP_IFELSE([$KSRC/include/linux/skbuff.h], [nf_reset_ct])
   # Check for the proto_data_valid member in struct sk_buff.  The [^@]
   # is necessary because some versions of this header remove the
diff --git a/datapath/linux/compat/include/linux/skbuff.h b/datapath/linux/compat/include/linux/skbuff.h
index 4a6ac23..6397289 100644
--- a/datapath/linux/compat/include/linux/skbuff.h
+++ b/datapath/linux/compat/include/linux/skbuff.h
@@ -452,4 +452,8 @@ static inline void skb_set_inner_ipproto(struct sk_buff *skb,
+#define nf_reset_ct nf_reset
diff --git a/datapath/vport-internal_dev.c b/datapath/vport-internal_dev.c
index 0318f58..dbc2002 100644
--- a/datapath/vport-internal_dev.c
+++ b/datapath/vport-internal_dev.c
@@ -281,7 +281,7 @@ static netdev_tx_t internal_dev_recv(struct sk_buff *skb)
-	nf_reset(skb);
+	nf_reset_ct(skb);
 	skb->pkt_type = PACKET_HOST;

