[ovs-dev] [PATCH 01/11] datapath: Replace nf_ct_invert_tuplepr() with nf_ct_invert_tuple()

Yi-Hung Wei yihung.wei at gmail.com
Mon Oct 14 17:37:41 UTC 2019


After upstream net-next commit 303e0c558959 ("netfilter: conntrack:
avoid unneeded nf_conntrack_l4proto lookups") nf_ct_invert_tuplepr()
is no longer available in the kernel.

Ideally, we should be in sync with upstream kernel by calling
nf_ct_invert_tuple() directly in conntrack.c.  However,
nf_ct_invert_tuple() has different function signature in older kernel,
and it would be hard to replace that in the compat layer. Thus, we
use pl_nf_ct_invert_tuple() in conntrack.c and maintain compatibility
in the compat layer so that ovs kernel module runs smoothly in both
new and old kernel.

Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
---
 acinclude.m4                                               |  2 ++
 datapath/conntrack.c                                       |  2 +-
 .../linux/compat/include/net/netfilter/nf_conntrack_core.h | 14 ++++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/acinclude.m4 b/acinclude.m4
index 52f92870eaaa..4072a7c8f58a 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -697,6 +697,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
                   [nf_ct_set])
   OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
                   [nf_ct_is_untracked])
+  OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
+                  [nf_ct_invert_tuplepr])
   OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h],
                   [nf_ct_zone_init])
   OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_l3proto.h],
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index e328afe1ad15..afdd65b4cb7c 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -668,7 +668,7 @@ ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone,
 	if (natted) {
 		struct nf_conntrack_tuple inverse;
 
-		if (!nf_ct_invert_tuplepr(&inverse, &tuple)) {
+		if (!rpl_nf_ct_invert_tuple(&inverse, &tuple)) {
 			pr_debug("ovs_ct_find_existing: Inversion failed!\n");
 			return NULL;
 		}
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
index 10158011fd4d..ad52bc9412d8 100644
--- a/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h
@@ -113,4 +113,18 @@ rpl_nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state)
 #define nf_conntrack_in rpl_nf_conntrack_in
 #endif /* HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE */
 
+#ifdef HAVE_NF_CT_INVERT_TUPLEPR
+static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
+	const struct nf_conntrack_tuple *orig)
+{
+	return nf_ct_invert_tuplepr(inverse, orig);
+}
+#else
+static inline bool rpl_nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
+	const struct nf_conntrack_tuple *orig)
+{
+	return nf_ct_invert_tuple(inverse, orig);
+}
+#endif /* HAVE_NF_CT_INVERT_TUPLEPR */
+
 #endif /* _NF_CONNTRACK_CORE_WRAPPER_H */
-- 
2.7.4



More information about the dev mailing list