summaryrefslogtreecommitdiff
path: root/net/openvswitch
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2019-05-05 21:35:08 -0700
committerDavid S. Miller <davem@davemloft.net>2019-05-05 21:35:08 -0700
commit1ffad6d1af7a9e69f99d5df4335015271e27d564 (patch)
tree7609d0440bd185cee82a9b2bd676562cee23c1d3 /net/openvswitch
parent19ab5f40235538fc04d77e0fdb708436b0471f01 (diff)
parent522e4077e8dcdfc5b8e96469d3bc2324bc5d6466 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: =================== Netfilter updates for net-next The following batch contains Netfilter updates for net-next, they are: 1) Move nft_expr_clone() to nft_dynset, from Paul Gortmaker. 2) Do not include module.h from net/netfilter/nf_tables.h, also from Paul. 3) Restrict conntrack sysctl entries to boolean, from Tonghao Zhang. 4) Several patches to add infrastructure to autoload NAT helper modules from their respective conntrack helper, this also includes the first client of this code in OVS, patches from Flavio Leitner. 5) Add support to match for conntrack ID, from Brett Mastbergen. 6) Spelling fix in connlabel, from Colin Ian King. 7) Use struct_size() from hashlimit, from Gustavo A. R. Silva. 8) Add optimized version of nf_inet_addr_mask(), from Li RongQing. =================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/openvswitch')
-rw-r--r--net/openvswitch/conntrack.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index caeabf5215e8..333ec5f298fe 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -1307,6 +1307,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
{
struct nf_conntrack_helper *helper;
struct nf_conn_help *help;
+ int ret = 0;
helper = nf_conntrack_helper_try_module_get(name, info->family,
key->ip.proto);
@@ -1321,13 +1322,21 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name,
return -ENOMEM;
}
+#ifdef CONFIG_NF_NAT_NEEDED
+ if (info->nat) {
+ ret = nf_nat_helper_try_module_get(name, info->family,
+ key->ip.proto);
+ if (ret) {
+ nf_conntrack_helper_put(helper);
+ OVS_NLERR(log, "Failed to load \"%s\" NAT helper, error: %d",
+ name, ret);
+ return ret;
+ }
+ }
+#endif
rcu_assign_pointer(help->helper, helper);
info->helper = helper;
-
- if (info->nat)
- request_module("ip_nat_%s", name);
-
- return 0;
+ return ret;
}
#if IS_ENABLED(CONFIG_NF_NAT)
@@ -1801,8 +1810,13 @@ void ovs_ct_free_action(const struct nlattr *a)
static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info)
{
- if (ct_info->helper)
+ if (ct_info->helper) {
+#ifdef CONFIG_NF_NAT_NEEDED
+ if (ct_info->nat)
+ nf_nat_helper_put(ct_info->helper);
+#endif
nf_conntrack_helper_put(ct_info->helper);
+ }
if (ct_info->ct) {
if (ct_info->timeout[0])
nf_ct_destroy_timeout(ct_info->ct);