Re: [ovs-dev] [PATCH] datapath: Remove untracked CT on newer kernels.

Wed, 03 May 2017 16:10:59 -0700 

On 3 May 2017 at 13:25, Greg Rose <[email protected]> wrote:
> On Wed, May 3, 2017 at 11:53 AM, Joe Stringer <[email protected]> wrote:
>> Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked
>> conntrack objects") and ab8bc7ed864b ("netfilter: remove
>> nf_ct_is_untracked") removed the 'untracked' conntrack objects and
>> functions. The latter commit removes the usage of nf_ct_is_untracked()
>> from OVS. However, older kernels still have a representation of
>> 'untracked' CT objects so the code needs to remain until the kernel
>> support is bumped to Linux 4.12 or newer. Introduce a macro to detect
>> this symbol and wrap these lines in the macro check.
>>
>> Signed-off-by: Joe Stringer <[email protected]>
>> ---
>>  acinclude.m4         | 2 ++
>>  datapath/conntrack.c | 2 ++
>>  2 files changed, 4 insertions(+)
>>
>> diff --git a/acinclude.m4 b/acinclude.m4
>> index dbe03bc83e43..d9a8a58372f0 100644
>> --- a/acinclude.m4
>> +++ b/acinclude.m4
>> @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
>>                    [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])])
>>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
>>                    [nf_ct_set])
>> +  OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
>> +                  [nf_ct_is_untracked])
>>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h],
>>                    [nf_ct_zone_init])
>>    OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h],
>> diff --git a/datapath/conntrack.c b/datapath/conntrack.c
>> index 64ad0657241b..bf28fc071929 100644
>> --- a/datapath/conntrack.c
>> +++ b/datapath/conntrack.c
>> @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct 
>> sw_flow_key *key,
>>         enum nf_nat_manip_type maniptype;
>>         int err;
>>
>> +#ifdef HAVE_NF_CT_IS_UNTRACKED
>>         if (nf_ct_is_untracked(ct)) {
>>                 /* A NAT action may only be performed on tracked packets. */
>>                 return NF_ACCEPT;
>>         }
>> +#endif /* HAVE_NF_CT_IS_UNTRACKED */
>>
>>         /* Add NAT extension if not confirmed yet. */
>>         if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
>> --
>
> LGTM
>
> Acked-by: Greg Rose <[email protected]>

Thanks, applied.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to