mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-09 14:50:19 +00:00
6f22595246
Previously, if userspace specified ct_state bits in the flow key which are currently undefined (and therefore unsupported), then they would be ignored. This could cause unexpected behaviour in future if userspace is extended to support additional bits but attempts to communicate with the current version of the kernel. This patch rectifies the situation by rejecting such ct_state bits. Fixes: 7f8a436eaa2c "openvswitch: Add conntrack action" Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
99 lines
2.7 KiB
C
99 lines
2.7 KiB
C
/*
|
|
* Copyright (c) 2015 Nicira, Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
* License as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*/
|
|
|
|
#ifndef OVS_CONNTRACK_H
|
|
#define OVS_CONNTRACK_H 1
|
|
|
|
#include "flow.h"
|
|
|
|
struct ovs_conntrack_info;
|
|
enum ovs_key_attr;
|
|
|
|
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
|
void ovs_ct_init(struct net *);
|
|
void ovs_ct_exit(struct net *);
|
|
bool ovs_ct_verify(struct net *, enum ovs_key_attr attr);
|
|
int ovs_ct_copy_action(struct net *, const struct nlattr *,
|
|
const struct sw_flow_key *, struct sw_flow_actions **,
|
|
bool log);
|
|
int ovs_ct_action_to_attr(const struct ovs_conntrack_info *, struct sk_buff *);
|
|
|
|
int ovs_ct_execute(struct net *, struct sk_buff *, struct sw_flow_key *,
|
|
const struct ovs_conntrack_info *);
|
|
|
|
void ovs_ct_fill_key(const struct sk_buff *skb, struct sw_flow_key *key);
|
|
int ovs_ct_put_key(const struct sw_flow_key *key, struct sk_buff *skb);
|
|
void ovs_ct_free_action(const struct nlattr *a);
|
|
|
|
static inline bool ovs_ct_state_supported(u8 state)
|
|
{
|
|
return !(state & ~(OVS_CS_F_NEW | OVS_CS_F_ESTABLISHED |
|
|
OVS_CS_F_RELATED | OVS_CS_F_REPLY_DIR |
|
|
OVS_CS_F_INVALID | OVS_CS_F_TRACKED));
|
|
}
|
|
#else
|
|
#include <linux/errno.h>
|
|
|
|
static inline void ovs_ct_init(struct net *net) { }
|
|
|
|
static inline void ovs_ct_exit(struct net *net) { }
|
|
|
|
static inline bool ovs_ct_verify(struct net *net, int attr)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline bool ovs_ct_state_supported(u8 state)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline int ovs_ct_copy_action(struct net *net, const struct nlattr *nla,
|
|
const struct sw_flow_key *key,
|
|
struct sw_flow_actions **acts, bool log)
|
|
{
|
|
return -ENOTSUPP;
|
|
}
|
|
|
|
static inline int ovs_ct_action_to_attr(const struct ovs_conntrack_info *info,
|
|
struct sk_buff *skb)
|
|
{
|
|
return -ENOTSUPP;
|
|
}
|
|
|
|
static inline int ovs_ct_execute(struct net *net, struct sk_buff *skb,
|
|
struct sw_flow_key *key,
|
|
const struct ovs_conntrack_info *info)
|
|
{
|
|
return -ENOTSUPP;
|
|
}
|
|
|
|
static inline void ovs_ct_fill_key(const struct sk_buff *skb,
|
|
struct sw_flow_key *key)
|
|
{
|
|
key->ct.state = 0;
|
|
key->ct.zone = 0;
|
|
key->ct.mark = 0;
|
|
memset(&key->ct.labels, 0, sizeof(key->ct.labels));
|
|
}
|
|
|
|
static inline int ovs_ct_put_key(const struct sw_flow_key *key,
|
|
struct sk_buff *skb)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ovs_ct_free_action(const struct nlattr *a) { }
|
|
#endif /* CONFIG_NF_CONNTRACK */
|
|
#endif /* ovs_conntrack.h */
|