openvswitch: add ct_clear action

This adds a ct_clear action for clearing conntrack state. ct_clear is currently implemented in OVS userspace, but is not backed by an action in the kernel datapath. This is useful for flows that may modify a packet tuple after a ct lookup has already occurred. Signed-off-by: Eric Garver <e@erig.me> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Garver <e@erig.me> 2017-10-10 16:54:44 -0400
committer: David S. Miller <davem@davemloft.net> 2017-10-10 16:38:34 -0700
commit: b8226962b1c49c784aeddb9d2fafbf53dfdc2190 (patch)
tree: 838a6a361a81ff5f613371bcdfcd2113270b0fab /net/openvswitch/conntrack.c
parent: 833e0e2f24fd0525090878f71e129a8a4cb8bf78 (diff)
download: lwn-b8226962b1c49c784aeddb9d2fafbf53dfdc2190.tar.gz
lwn-b8226962b1c49c784aeddb9d2fafbf53dfdc2190.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index d558e882ca0c..fe861e2f0deb 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -1129,6 +1129,17 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb,
 	return err;
 }
 
+int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
+{
+	if (skb_nfct(skb)) {
+		nf_conntrack_put(skb_nfct(skb));
+		nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
+		ovs_ct_fill_key(skb, key);
+	}
+
+	return 0;
+}
+
 static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
 			     const struct sw_flow_key *key, bool log)
 {
author	Eric Garver <e@erig.me>	2017-10-10 16:54:44 -0400
committer	David S. Miller <davem@davemloft.net>	2017-10-10 16:38:34 -0700
commit	b8226962b1c49c784aeddb9d2fafbf53dfdc2190 (patch)
tree	838a6a361a81ff5f613371bcdfcd2113270b0fab /net/openvswitch/conntrack.c
parent	833e0e2f24fd0525090878f71e129a8a4cb8bf78 (diff)
download	lwn-b8226962b1c49c784aeddb9d2fafbf53dfdc2190.tar.gz lwn-b8226962b1c49c784aeddb9d2fafbf53dfdc2190.zip