From patchwork Fri May 29 04:07:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 218250 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29360C433DF for ; Fri, 29 May 2020 04:18:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E1F56207D3 for ; Fri, 29 May 2020 04:18:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728683AbgE2ESt (ORCPT ); Fri, 29 May 2020 00:18:49 -0400 Received: from m9785.mail.qiye.163.com ([220.181.97.85]:45169 "EHLO m9785.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725795AbgE2ESs (ORCPT ); Fri, 29 May 2020 00:18:48 -0400 X-Greylist: delayed 659 seconds by postgrey-1.27 at vger.kernel.org; Fri, 29 May 2020 00:18:47 EDT Received: from localhost.localdomain (unknown [123.59.132.129]) by m9785.mail.qiye.163.com (Hmail) with ESMTPA id 093115C1E27; Fri, 29 May 2020 12:07:46 +0800 (CST) From: wenxu@ucloud.cn To: paulb@mellanox.com Cc: netdev@vger.kernel.org, davem@davemloft.net Subject: [PATCH] net/sched: act_ct: add nat mangle action only for NAT-conntrack Date: Fri, 29 May 2020 12:07:45 +0800 Message-Id: <1590725265-17136-1-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZSVVJQ01LS0tLSkhITkpPT1lXWShZQU lCN1dZLVlBSVdZDwkaFQgSH1lBWR0iNQs4HDkzMxMeKBIPOR4DQ0sPOhxWVlVJTUwoSVlXWQkOFx 4IWUFZNTQpNjo3JCkuNz5ZV1kWGg8SFR0UWUFZNDBZBg++ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Nkk6KSo5Ojg0Mzg8DQEdOS4W OChPCTRVSlVKTkJLTElOSU1NSkNKVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUlPSE03Bg++ X-HM-Tid: 0a725e9d4a882087kuqy093115c1e27 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: wenxu Currently add nat mangle action with comparing invert and ori tuple. It is better to check IPS_NAT_MASK flags first to avoid non necessary memcmp for non-NAT conntrack. Signed-off-by: wenxu --- net/sched/act_ct.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index c50a86a..d621152 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -198,18 +198,21 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net, struct flow_action *action) { const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; + bool nat = ct->status & IPS_NAT_MASK; struct nf_conntrack_tuple target; nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple); switch (tuple->src.l3num) { case NFPROTO_IPV4: - tcf_ct_flow_table_add_action_nat_ipv4(tuple, target, - action); + if (nat) + tcf_ct_flow_table_add_action_nat_ipv4(tuple, target, + action); break; case NFPROTO_IPV6: - tcf_ct_flow_table_add_action_nat_ipv6(tuple, target, - action); + if (nat) + tcf_ct_flow_table_add_action_nat_ipv6(tuple, target, + action); break; default: return -EOPNOTSUPP; @@ -217,10 +220,14 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net, switch (nf_ct_protonum(ct)) { case IPPROTO_TCP: - tcf_ct_flow_table_add_action_nat_tcp(tuple, target, action); + if (nat) + tcf_ct_flow_table_add_action_nat_tcp(tuple, target, + action); break; case IPPROTO_UDP: - tcf_ct_flow_table_add_action_nat_udp(tuple, target, action); + if (nat) + tcf_ct_flow_table_add_action_nat_udp(tuple, target, + action); break; default: return -EOPNOTSUPP;