This series adds the conntrack NAT integration upstreamed in Linux 4.6
to the OVS tree kernel module. Main code is the same as upstream
net-next, backports are provided for Linux kernels 3.10 - 4.6. Code
compiles on each Linux version on this range, except for Linux 4.4 -
4.6, which fail to compile due to reasons unrelated to NAT and/or
conntrack.
The backports are tested on linux-stable versions 4.3 and 4.1, and
Ubuntu 14.04 with kernels 3.16.0-71-generic and 3.19.0-59-generic.
While testing I observed kernel crashes from 'expiry' tests in
tests/system-traffic.at. I was able to reproduce these crashes on OVS
master with various Linux kernel versions, and did not experience any
crashes when running only the NAT test cases with the backports in
this series. This tells me that the problem is not related to the NAT
backports.
The patch that adds GCC 5 support for older kernels was used for
compile-only testing.
v2: Backport all upstream commits in the original order and reference
them properly in the commit messages.
Arnd Bergmann (1):
datapath: call only into reachable nf-nat code
Haishuang Yan (1):
datapath: Use proper buffer size in nla_memcpy
Jarno Rajahalme (12):
datapath: Allow compiling older kernels with GCC 5.
acinclude: Add OVS_FIND_PARAM_IFELSE.
datapath: compat for NAT.
datapath: Remove NF_CT_NEW_REPLY
datapath: Add commentary to conntrack.c
datapath: Update the CT state key only after nf_conntrack_in().
datapath: Find existing conntrack entry after upcall.
datapath: Handle NF_REPEAT in conntrack action.
datapath: Delay conntrack helper call for new connections.
datapath: Interface with NAT.
datapath: Fix checking for new expected connections.
datapath: change nf_connlabels_get bit arg to 'highest used'
Joe Stringer (1):
datapath: Fix cached ct with helper.
Pablo Neira Ayuso (1):
datapath: __nf_ct_l{3,4}proto_find() always return a valid pointer
acinclude.m4 | 51 +-
datapath/conntrack.c | 669 +++++++++++++++++++--
datapath/conntrack.h | 3 +-
datapath/linux/Modules.mk | 5 +
.../linux/compat/include/linux/compiler-gcc5.h | 71 +++
.../linux/compat/include/linux/netfilter/nf_nat.h | 15 +
.../include/net/netfilter/nf_conntrack_core.h | 28 +-
.../include/net/netfilter/nf_conntrack_labels.h | 25 +-
.../include/net/netfilter/nf_conntrack_seqadj.h | 30 +
.../linux/compat/include/net/netfilter/nf_nat.h | 44 ++
.../compat/include/net/netfilter/nf_nat_core.h | 88 +++
11 files changed, 976 insertions(+), 53 deletions(-)
create mode 100644 datapath/linux/compat/include/linux/compiler-gcc5.h
create mode 100644 datapath/linux/compat/include/linux/netfilter/nf_nat.h
create mode 100644
datapath/linux/compat/include/net/netfilter/nf_conntrack_seqadj.h
create mode 100644 datapath/linux/compat/include/net/netfilter/nf_nat.h
create mode 100644 datapath/linux/compat/include/net/netfilter/nf_nat_core.h
--
2.1.4
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
