net/sched: cls_flower add CT_FLAGS_INVALID flag support

This patch add the TCA_FLOWER_KEY_CT_FLAGS_INVALID flag to
match the ct_state with invalid for conntrack.

Signed-off-by: wenxu <wenxu@ucloud.cn>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Link: https://lore.kernel.org/r/1611045110-682-1-git-send-email-wenxu@ucloud.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 46f901adf1a80afc297937f2b1765c7e072f2b72..186dad231e302f81017a2ba5e0b8e21c10629eee 100644 (file)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1353,8 +1353,8 @@ void
 skb_flow_dissect_ct(const struct sk_buff *skb,
                    struct flow_dissector *flow_dissector,
                    void *target_container,
-                   u16 *ctinfo_map,
-                   size_t mapsize);
+                   u16 *ctinfo_map, size_t mapsize,
+                   bool post_ct);
 void
 skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
                             struct flow_dissector *flow_dissector,

diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 639e465a108f4476c5d9dbbf45f7b425b250ee7d..e7bee99aebce427aa839d595101f566f298aeef2 100644 (file)
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -388,6 +388,7 @@ struct qdisc_skb_cb {
 #define QDISC_CB_PRIV_LEN 20
        unsigned char           data[QDISC_CB_PRIV_LEN];
        u16                     mru;
+       bool                    post_ct;
 };
 
 typedef void tcf_chain_head_change_t(struct tcf_proto *tp_head, void *priv);

diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index ee95f42fb0ecfab10c641c7b4401ea14152ada32..709668e264b068956c08d5340e07792f771df1fc 100644 (file)
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -591,6 +591,7 @@ enum {
        TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED = 1 << 1, /* Part of an existing connection. */
        TCA_FLOWER_KEY_CT_FLAGS_RELATED = 1 << 2, /* Related to an established connection. */
        TCA_FLOWER_KEY_CT_FLAGS_TRACKED = 1 << 3, /* Conntrack has occurred. */
+       TCA_FLOWER_KEY_CT_FLAGS_INVALID = 1 << 4, /* Conntrack is invalid. */
 };
 
 enum {

diff --git a/net/core/dev.c b/net/core/dev.c
index 00f970ba0248a0aec61f4dab14885bfe31e9cefb..d9ce02e95992698a0e8ed627f6c1b037be7bb530 100644 (file)
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3878,6 +3878,7 @@ sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev)
 
        /* qdisc_skb_cb(skb)->pkt_len was already set by the caller. */
        qdisc_skb_cb(skb)->mru = 0;
+       qdisc_skb_cb(skb)->post_ct = false;
        mini_qdisc_bstats_cpu_update(miniq, skb);
 
        switch (tcf_classify(skb, miniq->filter_list, &cl_res, false)) {
@@ -4960,6 +4961,7 @@ sch_handle_ingress(struct sk_buff *skb, struct packet_type **pt_prev, int *ret,
 
        qdisc_skb_cb(skb)->pkt_len = skb->len;
        qdisc_skb_cb(skb)->mru = 0;
+       qdisc_skb_cb(skb)->post_ct = false;
        skb->tc_at_ingress = 1;
        mini_qdisc_bstats_cpu_update(miniq, skb);
 

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 2d70ded389aeb571240de6d9bf4bf6343a527513..c565c7a1709100230c0dde1e51d574b84a9a1926 100644 (file)
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -237,9 +237,8 @@ skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
 void
 skb_flow_dissect_ct(const struct sk_buff *skb,
                    struct flow_dissector *flow_dissector,
-                   void *target_container,
-                   u16 *ctinfo_map,
-                   size_t mapsize)
+                   void *target_container, u16 *ctinfo_map,
+                   size_t mapsize, bool post_ct)
 {
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
        struct flow_dissector_key_ct *key;
@@ -251,13 +250,19 @@ skb_flow_dissect_ct(const struct sk_buff *skb,
                return;
 
        ct = nf_ct_get(skb, &ctinfo);
-       if (!ct)
+       if (!ct && !post_ct)
                return;
 
        key = skb_flow_dissector_target(flow_dissector,
                                        FLOW_DISSECTOR_KEY_CT,
                                        target_container);
 
+       if (!ct) {
+               key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
+                               TCA_FLOWER_KEY_CT_FLAGS_INVALID;
+               return;
+       }
+
        if (ctinfo < mapsize)
                key->ct_state = ctinfo_map[ctinfo];
 #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 83a5c6722a06918a0e87661eee553f3963b63e1e..b3442078aabcd83b9c37930e56d2b0d9f3cca100 100644 (file)
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -1030,6 +1030,7 @@ out_push:
 
 out:
        tcf_action_update_bstats(&c->common, skb);
+       qdisc_skb_cb(skb)->post_ct = true;
        if (defrag)
                qdisc_skb_cb(skb)->pkt_len = skb->len;
        return retval;

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 84f932532db7dc39e23d946cd73e97ba042795a4..4a9297a89c7701512887c17b7d0da7c381982174 100644 (file)
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -302,6 +302,7 @@ static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
                       struct tcf_result *res)
 {
        struct cls_fl_head *head = rcu_dereference_bh(tp->root);
+       bool post_ct = qdisc_skb_cb(skb)->post_ct;
        struct fl_flow_key skb_key;
        struct fl_flow_mask *mask;
        struct cls_fl_filter *f;
@@ -318,7 +319,8 @@ static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
                skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
                skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
                                    fl_ct_info_to_flower_map,
-                                   ARRAY_SIZE(fl_ct_info_to_flower_map));
+                                   ARRAY_SIZE(fl_ct_info_to_flower_map),
+                                   post_ct);
                skb_flow_dissect_hash(skb, &mask->dissector, &skb_key);
                skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);