diff options
Diffstat (limited to 'net/openvswitch/conntrack.c')
| -rw-r--r-- | net/openvswitch/conntrack.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 848c6eb55064..d8da6477d6be 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c | |||
| @@ -67,6 +67,7 @@ struct ovs_conntrack_info { | |||
| 67 | struct md_mark mark; | 67 | struct md_mark mark; |
| 68 | struct md_labels labels; | 68 | struct md_labels labels; |
| 69 | char timeout[CTNL_TIMEOUT_NAME_MAX]; | 69 | char timeout[CTNL_TIMEOUT_NAME_MAX]; |
| 70 | struct nf_ct_timeout *nf_ct_timeout; | ||
| 70 | #if IS_ENABLED(CONFIG_NF_NAT) | 71 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 71 | struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ | 72 | struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ |
| 72 | #endif | 73 | #endif |
| @@ -697,6 +698,14 @@ static bool skb_nfct_cached(struct net *net, | |||
| 697 | if (help && rcu_access_pointer(help->helper) != info->helper) | 698 | if (help && rcu_access_pointer(help->helper) != info->helper) |
| 698 | return false; | 699 | return false; |
| 699 | } | 700 | } |
| 701 | if (info->nf_ct_timeout) { | ||
| 702 | struct nf_conn_timeout *timeout_ext; | ||
| 703 | |||
| 704 | timeout_ext = nf_ct_timeout_find(ct); | ||
| 705 | if (!timeout_ext || info->nf_ct_timeout != | ||
| 706 | rcu_dereference(timeout_ext->timeout)) | ||
| 707 | return false; | ||
| 708 | } | ||
| 700 | /* Force conntrack entry direction to the current packet? */ | 709 | /* Force conntrack entry direction to the current packet? */ |
| 701 | if (info->force && CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) { | 710 | if (info->force && CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) { |
| 702 | /* Delete the conntrack entry if confirmed, else just release | 711 | /* Delete the conntrack entry if confirmed, else just release |
| @@ -1565,7 +1574,7 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, | |||
| 1565 | case OVS_CT_ATTR_TIMEOUT: | 1574 | case OVS_CT_ATTR_TIMEOUT: |
| 1566 | memcpy(info->timeout, nla_data(a), nla_len(a)); | 1575 | memcpy(info->timeout, nla_data(a), nla_len(a)); |
| 1567 | if (!memchr(info->timeout, '\0', nla_len(a))) { | 1576 | if (!memchr(info->timeout, '\0', nla_len(a))) { |
| 1568 | OVS_NLERR(log, "Invalid conntrack helper"); | 1577 | OVS_NLERR(log, "Invalid conntrack timeout"); |
| 1569 | return -EINVAL; | 1578 | return -EINVAL; |
| 1570 | } | 1579 | } |
| 1571 | break; | 1580 | break; |
| @@ -1657,6 +1666,10 @@ int ovs_ct_copy_action(struct net *net, const struct nlattr *attr, | |||
| 1657 | ct_info.timeout)) | 1666 | ct_info.timeout)) |
| 1658 | pr_info_ratelimited("Failed to associated timeout " | 1667 | pr_info_ratelimited("Failed to associated timeout " |
| 1659 | "policy `%s'\n", ct_info.timeout); | 1668 | "policy `%s'\n", ct_info.timeout); |
| 1669 | else | ||
| 1670 | ct_info.nf_ct_timeout = rcu_dereference( | ||
| 1671 | nf_ct_timeout_find(ct_info.ct)->timeout); | ||
| 1672 | |||
| 1660 | } | 1673 | } |
| 1661 | 1674 | ||
| 1662 | if (helper) { | 1675 | if (helper) { |