xref: /kernel/linux/linux-5.10/net/openvswitch/conntrack.c

105 static u16 key_to_nfproto(const struct sw_flow_key *key)
107 	switch (ntohs(key->eth.type)) {
175 static void __ovs_ct_update_key_orig_tp(struct sw_flow_key *key,
179 	key->ct_orig_proto = orig->dst.protonum;
181 		key->ct.orig_tp.src = htons(orig->dst.u.icmp.type);
182 		key->ct.orig_tp.dst = htons(orig->dst.u.icmp.code);
184 		key->ct.orig_tp.src = orig->src.u.all;
185 		key->ct.orig_tp.dst = orig->dst.u.all;
189 static void __ovs_ct_update_key(struct sw_flow_key *key, u8 state,
193 	key->ct_state = state;
194 	key->ct_zone = zone->id;
195 	key->ct.mark = ovs_ct_get_mark(ct);
196 	ovs_ct_get_labels(ct, &key->ct.labels);
207 		if (key->eth.type == htons(ETH_P_IP) &&
209 			key->ipv4.ct_orig.src = orig->src.u3.ip;
210 			key->ipv4.ct_orig.dst = orig->dst.u3.ip;
211 			__ovs_ct_update_key_orig_tp(key, orig, IPPROTO_ICMP);
213 		} else if (key->eth.type == htons(ETH_P_IPV6) &&
214 			   !sw_flow_key_is_nd(key) &&
216 			key->ipv6.ct_orig.src = orig->src.u3.in6;
217 			key->ipv6.ct_orig.dst = orig->dst.u3.in6;
218 			__ovs_ct_update_key_orig_tp(key, orig, NEXTHDR_ICMP);
223 	 * original direction key fields.
225 	key->ct_orig_proto = 0;
228 /* Update 'key' based on skb->_nfct.  If 'post_ct' is true, then OVS has
235 			      struct sw_flow_key *key, bool post_ct,
255 			state |= key->ct_state & OVS_CS_F_NAT_MASK;
268 	__ovs_ct_update_key(key, state, zone, ct);
271 /* This is called to initialize CT key fields possibly coming in from the local
274 void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key)
276 	ovs_ct_update_key(skb, NULL, key, false, false);
333 static int ovs_ct_set_mark(struct nf_conn *ct, struct sw_flow_key *key,
344 		key->ct.mark = new_mark;
370 static int ovs_ct_init_labels(struct nf_conn *ct, struct sw_flow_key *key,
406 	memcpy(&key->ct.labels, cl->bits, OVS_CT_LABELS_LEN);
411 static int ovs_ct_set_labels(struct nf_conn *ct, struct sw_flow_key *key,
428 	memcpy(&key->ct.labels, cl->bits, OVS_CT_LABELS_LEN);
495 static int handle_fragments(struct net *net, struct sw_flow_key *key,
501 	if (key->eth.type == htons(ETH_P_IP)) {
511 	} else if (key->eth.type == htons(ETH_P_IPV6)) {
522 		key->ip.proto = ipv6_hdr(skb)->nexthdr;
530 	/* The key extracted from the fragment that completed this datagram
533 	ovs_flow_key_update_l3l4(skb, key);
535 	key->ip.frag = OVS_FRAG_TYPE_NONE;
652 				const struct sw_flow_key *key,
665 	*ct_executed = (key->ct_state & OVS_CS_F_TRACKED) &&
666 		       !(key->ct_state & OVS_CS_F_INVALID) &&
667 		       (key->ct_zone == info->zone.id);
669 	if (*ct_executed || (!key->ct_state && info->force)) {
671 					  !!(key->ct_state &
680 			    const struct sw_flow_key *key,
690 		ct = ovs_ct_executed(net, key, info, skb, &ct_executed);
733 static void ovs_nat_update_key(struct sw_flow_key *key,
740 		key->ct_state |= OVS_CS_F_SRC_NAT;
741 		if (key->eth.type == htons(ETH_P_IP))
742 			key->ipv4.addr.src = ip_hdr(skb)->saddr;
743 		else if (key->eth.type == htons(ETH_P_IPV6))
744 			memcpy(&key->ipv6.addr.src, &ipv6_hdr(skb)->saddr,
745 			       sizeof(key->ipv6.addr.src));
749 		if (key->ip.proto == IPPROTO_UDP)
751 		else if (key->ip.proto == IPPROTO_TCP)
753 		else if (key->ip.proto == IPPROTO_SCTP)
758 		key->tp.src = src;
762 		key->ct_state |= OVS_CS_F_DST_NAT;
763 		if (key->eth.type == htons(ETH_P_IP))
764 			key->ipv4.addr.dst = ip_hdr(skb)->daddr;
765 		else if (key->eth.type == htons(ETH_P_IPV6))
766 			memcpy(&key->ipv6.addr.dst, &ipv6_hdr(skb)->daddr,
767 			       sizeof(key->ipv6.addr.dst));
771 		if (key->ip.proto == IPPROTO_UDP)
773 		else if (key->ip.proto == IPPROTO_TCP)
775 		else if (key->ip.proto == IPPROTO_SCTP)
780 		key->tp.dst = dst;
791 			      enum nf_nat_manip_type maniptype, struct sw_flow_key *key)
864 	/* Update the flow key if NAT successful. */
866 		ovs_nat_update_key(key, skb, maniptype);
872 static int ovs_ct_nat(struct net *net, struct sw_flow_key *key,
910 	err = ovs_ct_nat_execute(skb, ct, ctinfo, &info->range, maniptype, key);
920 						 maniptype, key);
923 						 NF_NAT_MANIP_SRC, key);
930 static int ovs_ct_nat(struct net *net, struct sw_flow_key *key,
940  * not done already.  Update key with new CT state after passing the packet
945 static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
954 	bool cached = skb_nfct_cached(net, key, info, skb);
983 		key->ct_state = 0;
985 		/* Update the key, but keep the NAT flags. */
986 		ovs_ct_update_key(skb, info, key, true, true);
1001 		 * the key->ct_state.
1003 		if (info->nat && !(key->ct_state & OVS_CS_F_NAT_MASK) &&
1005 		    ovs_ct_nat(net, key, info, skb, ct, ctinfo) != NF_ACCEPT) {
1045 /* Lookup connection and read fields into key. */
1046 static int ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
1067 		__ovs_ct_update_key(key, state, &info->zone, exp->master);
1072 		err = __ovs_ct_lookup(net, key, info, skb);
1179 static int ovs_ct_commit(struct net *net, struct sw_flow_key *key,
1187 	err = __ovs_ct_lookup(net, key, info, skb);
1230 		err = ovs_ct_set_mark(ct, key, info->mark.value,
1236 		err = ovs_ct_init_labels(ct, key, &info->labels.value,
1242 		err = ovs_ct_set_labels(ct, key, &info->labels.value,
1290 		   struct sw_flow_key *key,
1304 	if (key->ip.frag != OVS_FRAG_TYPE_NONE) {
1305 		err = handle_fragments(net, key, info->zone.id, skb);
1311 		err = ovs_ct_commit(net, key, info, skb);
1313 		err = ovs_ct_lookup(net, key, info, skb);
1322 int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
1327 		if (key)
1328 			ovs_ct_fill_key(skb, key);
1335 			     const struct sw_flow_key *key, bool log)
1342 						    key->ip.proto);
1357 						   key->ip.proto);
1661 		       const struct sw_flow_key *key,
1669 	family = key_to_nfproto(key);
1693 		if (nf_ct_set_timeout(net, ct_info.ct, family, key->ip.proto,
1704 		err = ovs_ct_add_helper(&ct_info, helper, key, log);

Indexes created Thu Nov 07 10:32:03 CST 2024