Upstream commit:
netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple
As gre does not have the srckey in the packet gre_pkt_to_tuple
needs to perform a lookup in it's per network namespace tables.
Pass in the proper network namespace to all pkt_to_tuple
implementations to ensure gre (and any similar protocols) can get this
right.
Signed-off-by: "Eric W. Biederman" <ebied...@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
Upstream: a31f1adc0948 ("netfilter: nf_conntrack: Add a struct net
parameter to l4_pkt_to_tuple")
Signed-off-by: Joe Stringer <j...@ovn.org>
---
v2: Initial Post.
---
acinclude.m4 | 3 +++
datapath/conntrack.c | 2 +-
datapath/linux/Modules.mk | 1 +
.../linux/compat/include/net/netfilter/nf_conntrack.h | 17 +++++++++++++++++
4 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack.h
diff --git a/acinclude.m4 b/acinclude.m4
index acd7ce7c13cc..398205673951 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -426,6 +426,9 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
[tmpl_alloc.*conntrack_zone],
[OVS_DEFINE([HAVE_NF_CT_TMPL_ALLOC_TAKES_STRUCT_ZONE])])
+ OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h],
+ [l3num.*struct.net],
+ [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])])
OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h],
[nf_ct_zone_init])
OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h],
diff --git a/datapath/conntrack.c b/datapath/conntrack.c
index 0338f9f0c930..c365e2e205a7 100644
--- a/datapath/conntrack.c
+++ b/datapath/conntrack.c
@@ -373,7 +373,7 @@ ovs_ct_expect_find(struct net *net, const struct
nf_conntrack_zone *zone,
{
struct nf_conntrack_tuple tuple;
- if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto, &tuple))
+ if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto, net,
&tuple))
return NULL;
return __nf_ct_expect_find(net, zone, &tuple);
}
diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
index 6ab52a76ceff..7e334cbf030a 100644
--- a/datapath/linux/Modules.mk
+++ b/datapath/linux/Modules.mk
@@ -99,6 +99,7 @@ openvswitch_headers += \
linux/compat/include/net/stt.h \
linux/compat/include/net/vrf.h \
linux/compat/include/net/vxlan.h \
+ linux/compat/include/net/netfilter/nf_conntrack.h \
linux/compat/include/net/netfilter/nf_conntrack_core.h \
linux/compat/include/net/netfilter/nf_conntrack_expect.h \
linux/compat/include/net/netfilter/nf_conntrack_labels.h \
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack.h
b/datapath/linux/compat/include/net/netfilter/nf_conntrack.h
new file mode 100644
index 000000000000..e02e20b28baf
--- /dev/null
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack.h
@@ -0,0 +1,17 @@
+#ifndef _NF_CONNTRACK_WRAPPER_H
+#define _NF_CONNTRACK_WRAPPER_H
+
+#include_next <net/netfilter/nf_conntrack.h>
+
+#ifndef HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET
+static inline bool rpl_nf_ct_get_tuplepr(const struct sk_buff *skb,
+ unsigned int nhoff,
+ u_int16_t l3num, struct net *net,
+ struct nf_conntrack_tuple *tuple)
+{
+ return nf_ct_get_tuplepr(skb, nhoff, l3num, tuple);
+}
+#define nf_ct_get_tuplepr rpl_nf_ct_get_tuplepr
+#endif
+
+#endif /* _NF_CONNTRACK_WRAPPER_H */
--
2.1.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
