[Devel,RH7,3/4] vzprivnet: remove dst.privnet_mark usage as it is no more rtcached

Submitted by Pavel Tikhomirov on Oct. 19, 2016, 12:20 p.m.

Details

Message ID 1476879657-21581-4-git-send-email-ptikhomirov@virtuozzo.com
State New
Series "do not rely on missing rtcache in vzprivnet_hook"
Headers show

Commit Message

Pavel Tikhomirov Oct. 19, 2016, 12:20 p.m.
Rtcache for dst was removed in ms kernel 3.6, explained in:
http://vger.kernel.org/~davem/columbia2012.pdf

https://jira.sw.ru/browse/PSBM-53646

based on: Revert "vzprivnet: Cache filtering result on dst"

This reverts commit a8c588576f98ad9619770c7dfaed44ba7d915574.

Conflicts:
	net/ipv4/netfilter/ip_vzprivnet.c

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 net/core/dst.c                    |  1 -
 net/ipv4/netfilter/ip_vzprivnet.c | 50 ++++++++-------------------------------
 2 files changed, 10 insertions(+), 41 deletions(-)

Patch hide | download patch | download mbox

diff --git a/net/core/dst.c b/net/core/dst.c
index c1b0db7..530b7d6 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -195,7 +195,6 @@  void *dst_alloc(struct dst_ops *ops, struct net_device *dev,
 	atomic_set(&dst->__refcnt, initial_ref);
 	dst->__use = 0;
 	dst->lastuse = jiffies;
-	dst->privnet_mark = 0;
 	dst->flags = flags;
 	dst->pending_confirm = 0;
 	dst->next = NULL;
diff --git a/net/ipv4/netfilter/ip_vzprivnet.c b/net/ipv4/netfilter/ip_vzprivnet.c
index e37fe97..4c1601e 100644
--- a/net/ipv4/netfilter/ip_vzprivnet.c
+++ b/net/ipv4/netfilter/ip_vzprivnet.c
@@ -35,25 +35,8 @@ 
 #include <linux/vzprivnet.h>
 #define VZPRIV_PROCNAME "ip_vzprivnet"
 
-enum {
-	VZPRIV_MARK_UNKNOWN,
-	VZPRIV_MARK_ACCEPT,
-	VZPRIV_MARK_DROP,
-	VZPRIV_MARK_MAX
-};
-
 static DEFINE_PER_CPU(unsigned long, lookup_stat[2]);
 
-static inline unsigned int dst_pmark_get(struct dst_entry *dst)
-{
-	return dst->privnet_mark;
-}
-
-static inline void dst_pmark_set(struct dst_entry *dst, unsigned int mark)
-{
-	dst->privnet_mark = mark;
-}
-
 struct vzprivnet {
 	u32 nmask;
 	int weak;
@@ -225,14 +208,14 @@  static noinline unsigned int vzprivnet_classify(struct sk_buff *skb, int type)
 
 	if (p1 == p2) {
 		if ((saddr & p1->nmask) == (daddr & p1->nmask))
-			res = VZPRIV_MARK_ACCEPT;
+			res = NF_ACCEPT;
 		else
-			res = VZPRIV_MARK_DROP;
+			res = NF_DROP;
 	} else {
 		if (p1->weak + p2->weak >= 3)
-			res = VZPRIV_MARK_ACCEPT;
+			res = NF_ACCEPT;
 		else
-			res = VZPRIV_MARK_DROP;
+			res = NF_DROP;
 	}
 
 	read_unlock(&vzprivlock);
@@ -248,7 +231,6 @@  EXPORT_SYMBOL(vzpn_filter_host);
 static unsigned int vzprivnet_hook(struct sk_buff *skb, int can_be_bridge)
 {
 	struct dst_entry *dst;
-	unsigned int pmark = VZPRIV_MARK_UNKNOWN;
 	struct net *src_net;
 
 	if (WARN_ON_ONCE(!skb->dev && !skb->sk))
@@ -259,26 +241,14 @@  static unsigned int vzprivnet_hook(struct sk_buff *skb, int can_be_bridge)
 		return NF_ACCEPT;
 
 	dst = skb_dst(skb);
-	if (dst != NULL) {
-		if (can_be_bridge && dst->output != ip_output) { /* bridge */
-			if (vzpn_handle_bridged) {
-				pmark = vzprivnet_classify(skb, 1);
-				return pmark == VZPRIV_MARK_ACCEPT ?
-					NF_ACCEPT : NF_DROP;
-			} else
-				return NF_ACCEPT;
-		}
-
-		pmark = dst_pmark_get(dst);
-	}
-
-	if (unlikely(pmark == VZPRIV_MARK_UNKNOWN)) {
-		pmark = vzprivnet_classify(skb, 0);
-		if (dst != NULL)
-			dst_pmark_set(dst, pmark);
+	if (dst != NULL && can_be_bridge && dst->output != ip_output) { /* bridge */
+		if (vzpn_handle_bridged)
+			return vzprivnet_classify(skb, 1);
+		else
+			return NF_ACCEPT;
 	}
 
-	return pmark == VZPRIV_MARK_ACCEPT ? NF_ACCEPT : NF_DROP;
+	return vzprivnet_classify(skb, 0);
 }
 
 static unsigned int vzprivnet_fwd_hook(const struct nf_hook_ops *ops,