openvswitch: Set mark and labels before confirming.

Set conntrack mark and labels right before committing so that the initial conntrack NEW event has the mark and labels. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jarno Rajahalme <jarno@ovn.org> 2016-06-21 17:59:37 -0400
committer: David S. Miller <davem@davemloft.net> 2016-06-25 11:55:51 -0400
commit: 1c1779fa54b2a9d4e1de990095d790d64b9e00a1 (patch)
tree: c22f72ba1b163237a9d4d1d01ce68fb66a5b9f3c /net/openvswitch
parent: fad09c73c27020001cd472343efdacf60a93f8ea (diff)
1 files changed, 14 insertions, 19 deletions
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 3d5feede962d..23fd4fbd11e2 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -824,23 +824,6 @@ static int ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
        return 0;
 }
-/* Lookup connection and confirm if unconfirmed. */
-static int ovs_ct_commit(struct net *net, struct sw_flow_key *key,
-                         const struct ovs_conntrack_info *info,
-                         struct sk_buff *skb)
-{
-        int err;
-        err = __ovs_ct_lookup(net, key, info, skb);
-        if (err)
-                return err;
-        /* This is a no-op if the connection has already been confirmed. */
-        if (nf_conntrack_confirm(skb) != NF_ACCEPT)
-                return -EINVAL;
-        return 0;
-}
 static bool labels_nonzero(const struct ovs_key_ct_labels *labels)
 {
        size_t i;
@@ -873,21 +856,33 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
        }
        if (info->commit)
-                err = ovs_ct_commit(net, key, info, skb);
+                err = __ovs_ct_lookup(net, key, info, skb);
        else
                err = ovs_ct_lookup(net, key, info, skb);
        if (err)
                goto err;
+        /* Apply changes before confirming the connection so that the initial
+         * conntrack NEW netlink event carries the values given in the CT
+         * action.
+         */
        if (info->mark.mask) {
                err = ovs_ct_set_mark(skb, key, info->mark.value,
                                      info->mark.mask);
                if (err)
                        goto err;
        }
-        if (labels_nonzero(&info->labels.mask))
+        if (labels_nonzero(&info->labels.mask)) {
                err = ovs_ct_set_labels(skb, key, &info->labels.value,
                                        &info->labels.mask);
+                if (err)
+                        goto err;
+        }
+        /* This will take care of sending queued events even if the connection
+         * is already confirmed.
+         */
+        if (info->commit && nf_conntrack_confirm(skb) != NF_ACCEPT)
+                err = -EINVAL;
 err:
        skb_push(skb, nh_ofs);
        if (err)
author	Jarno Rajahalme <jarno@ovn.org>	2016-06-21 17:59:37 -0400
committer	David S. Miller <davem@davemloft.net>	2016-06-25 11:55:51 -0400
commit	1c1779fa54b2a9d4e1de990095d790d64b9e00a1 (patch)
tree	c22f72ba1b163237a9d4d1d01ce68fb66a5b9f3c /net/openvswitch
parent	fad09c73c27020001cd472343efdacf60a93f8ea (diff)