From: Peng He <xnhp0...@gmail.com>
considering a multi-thread PMD setting, when the frags are reassembled
in one PMD, another thread might call *ipf_execute_reass_pkts* and 'steal'
the reassembled packets into its ipf ctx, then this reassembled
packet will enter into another ipf context and causes errors.
This happends when there are multiple CT zones, and frags are
reassembled in ct(zone=X) might be 'stealed' into the ct(zone=Y).
Signed-off-by: Peng He <hepeng.0...@bytedance.com>
Acked-by: Mike Pattrick <m...@redhat.com>
Signed-off-by: Aaron Conole <acon...@redhat.com>
---
lib/conntrack.c | 2 +-
lib/ipf.c | 10 ++++++++--
lib/ipf.h | 1 +
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 72999f1aed..aafa6b536c 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1443,7 +1443,7 @@ conntrack_execute(struct conntrack *ct, struct
dp_packet_batch *pkt_batch,
const struct nat_action_info_t *nat_action_info,
long long now, uint32_t tp_id, struct ipf_ctx *ipf_ctx)
{
- ipf_preprocess_conntrack(ct->ipf, pkt_batch, now, dl_type, zone,
+ ipf_preprocess_conntrack(ct->ipf, pkt_batch, ipf_ctx, now, dl_type, zone,
ct->hash_basis);
struct dp_packet *packet;
diff --git a/lib/ipf.c b/lib/ipf.c
index 2ff04c6156..031164bb1f 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -1135,7 +1135,8 @@ ipf_send_expired_frags(struct ipf *ipf, struct
dp_packet_batch *pb,
/* Adds a reassmebled packet to a packet batch to be processed by the caller.
*/
static void
-ipf_execute_reass_pkts(struct ipf *ipf, struct dp_packet_batch *pb)
+ipf_execute_reass_pkts(struct ipf *ipf, struct dp_packet_batch *pb,
+ struct ipf_ctx *ctx)
{
if (ovs_list_is_empty(&ipf->reassembled_pkt_list)) {
return;
@@ -1145,6 +1146,10 @@ ipf_execute_reass_pkts(struct ipf *ipf, struct
dp_packet_batch *pb)
struct reassembled_pkt *rp, *next;
LIST_FOR_EACH_SAFE (rp, next, rp_list_node, &ipf->reassembled_pkt_list) {
+ if (ctx && !ipf_ctx_eq(rp->list, ctx, rp->pkt)) {
+ continue;
+ }
+
if (!rp->list->reass_execute_ctx &&
ipf_dp_packet_batch_add(pb, rp->pkt, false)) {
rp->list->reass_execute_ctx = rp->pkt;
@@ -1246,6 +1251,7 @@ ipf_post_execute_reass_pkts(struct ipf *ipf,
* be added to the batch to be sent through conntrack. */
void
ipf_preprocess_conntrack(struct ipf *ipf, struct dp_packet_batch *pb,
+ struct ipf_ctx *ipf_ctx,
long long now, ovs_be16 dl_type,
uint16_t zone, uint32_t hash_basis)
{
@@ -1254,7 +1260,7 @@ ipf_preprocess_conntrack(struct ipf *ipf, struct
dp_packet_batch *pb,
}
if (ipf_get_enabled(ipf) || atomic_count_get(&ipf->nfrag)) {
- ipf_execute_reass_pkts(ipf, pb);
+ ipf_execute_reass_pkts(ipf, pb, ipf_ctx);
}
}
diff --git a/lib/ipf.h b/lib/ipf.h
index 7bbf453afe..8974f15aeb 100644
--- a/lib/ipf.h
+++ b/lib/ipf.h
@@ -49,6 +49,7 @@ struct ipf_ctx {
struct ipf *ipf_init(void);
void ipf_destroy(struct ipf *ipf);
void ipf_preprocess_conntrack(struct ipf *ipf, struct dp_packet_batch *pb,
+ struct ipf_ctx *ctx,
long long now, ovs_be16 dl_type, uint16_t zone,
uint32_t hash_basis);
--
2.31.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
