This series backports the support for connection tracking introduced in Linux 4.3, allowing the kernel module in the tree to support this feature on kernels 3.10 and newer.
This series applies on top of the lwtunnel backport series v3 from Pravin with some minor additional fixes. For ease of review, I have made a branch available here: https://github.com/joestringer/openvswitch/tree/submit/ct_backport_v1 Known issues: - When using ALGs, references to ALG kernel modules are leaked. For example, if the kernel module testsuite is run, then nf_conntrack_ftp will obtain several references which are never released. The module cannot be unloaded. Joe Stringer (23): compat: Backport conntrack zones headers. compat: Backport nf_ct_tmpl_alloc(). compat: Backport nf_connlabels_{get,put}(). compat: Backport 'dst' functions. compat: Backport prandom_u32_max(). compat: Backport dev_recursion_level(). compat: Backport ip_skb_dst_mtu(). compat: Wrap IPv4 fragmentation. compat: Backport IPv4 reassembly. compat: Backport IPv6 fragmentation. compat: Backport IPv6 reassembly datapath: Move MASKED* macros to datapath.h datapath: Serialize acts with original netlink len datapath: Add conntrack action datapath: Allow matching on conntrack mark datapath: Allow matching on conntrack label datapath: Allow attaching helpers to ct action datapath: Backport conntrack fixes. datapath: Scrub skb between namespaces system-traffic: Remove netcat from ICMP test. system-traffic: Add extra FTP corner case test. system-traffic: Add internal port conntrack tests. FAQ: Document kernel feature support. FAQ.md | 23 + acinclude.m4 | 16 + datapath/Modules.mk | 2 + datapath/actions.c | 255 ++++++- datapath/compat.h | 41 ++ datapath/conntrack.c | 791 +++++++++++++++++++++ datapath/conntrack.h | 94 +++ datapath/datapath.c | 95 ++- datapath/datapath.h | 12 + datapath/flow.c | 6 +- datapath/flow.h | 11 +- datapath/flow_netlink.c | 124 +++- datapath/flow_netlink.h | 13 +- datapath/linux/Modules.mk | 13 + datapath/linux/compat/include/linux/netdevice.h | 4 + .../linux/compat/include/linux/netfilter_ipv6.h | 39 + datapath/linux/compat/include/linux/openvswitch.h | 3 +- datapath/linux/compat/include/linux/percpu.h | 6 + datapath/linux/compat/include/linux/random.h | 7 + datapath/linux/compat/include/net/dst.h | 78 ++ datapath/linux/compat/include/net/inet_frag.h | 57 ++ datapath/linux/compat/include/net/inetpeer.h | 16 + datapath/linux/compat/include/net/ip.h | 106 +++ datapath/linux/compat/include/net/ip6_route.h | 17 +- datapath/linux/compat/include/net/ipv6.h | 7 + .../include/net/netfilter/ipv6/nf_defrag_ipv6.h | 32 + .../include/net/netfilter/nf_conntrack_core.h | 37 + .../include/net/netfilter/nf_conntrack_expect.h | 21 + .../include/net/netfilter/nf_conntrack_labels.h | 41 ++ .../include/net/netfilter/nf_conntrack_zones.h | 103 +++ datapath/linux/compat/include/net/vrf.h | 26 + datapath/linux/compat/inet_fragment.c | 557 +++++++++++++++ datapath/linux/compat/ip6_output.c | 461 ++++++++++++ datapath/linux/compat/ip_fragment.c | 737 +++++++++++++++++++ datapath/linux/compat/nf_conntrack_core.c | 13 + datapath/linux/compat/nf_conntrack_reasm.c | 643 +++++++++++++++++ datapath/vport.c | 10 + tests/system-common-macros.at | 12 + tests/system-traffic.at | 111 ++- 39 files changed, 4543 insertions(+), 97 deletions(-) create mode 100644 datapath/conntrack.c create mode 100644 datapath/conntrack.h create mode 100644 datapath/linux/compat/include/linux/netfilter_ipv6.h create mode 100644 datapath/linux/compat/include/net/inetpeer.h create mode 100644 datapath/linux/compat/include/net/netfilter/ipv6/nf_defrag_ipv6.h create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_expect.h create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_labels.h create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_zones.h create mode 100644 datapath/linux/compat/include/net/vrf.h create mode 100644 datapath/linux/compat/inet_fragment.c create mode 100644 datapath/linux/compat/ip6_output.c create mode 100644 datapath/linux/compat/ip_fragment.c create mode 100644 datapath/linux/compat/nf_conntrack_core.c create mode 100644 datapath/linux/compat/nf_conntrack_reasm.c -- 2.1.4 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
