60 	struct nf_conn *ct;  member
150 static u32 ovs_ct_get_mark(const struct nf_conn *ct)  in ovs_ct_get_mark()  argument
153 	return ct ? ct->mark : 0;  in ovs_ct_get_mark()
164 static void ovs_ct_get_labels(const struct nf_conn *ct,  in ovs_ct_get_labels()  argument
167 	struct nf_conn_labels *cl = ct ? nf_ct_labels_find(ct) : NULL;  in ovs_ct_get_labels()
181 		key->ct.orig_tp.src = htons(orig->dst.u.icmp.type);  in __ovs_ct_update_key_orig_tp()
182 		key->ct.orig_tp.dst = htons(orig->dst.u.icmp.code);  in __ovs_ct_update_key_orig_tp()
184 		key->ct.orig_tp.src = orig->src.u.all;  in __ovs_ct_update_key_orig_tp()
185 		key->ct.orig_tp.dst = orig->dst.u.all;  in __ovs_ct_update_key_orig_tp()
191 				const struct nf_conn *ct)  in __ovs_ct_update_key()  argument
195 	key->ct.mark = ovs_ct_get_mark(ct);  in __ovs_ct_update_key()
196 	ovs_ct_get_labels(ct, &key->ct.labels);  in __ovs_ct_update_key()
198 	if (ct) {  in __ovs_ct_update_key()
202 		if (ct->master)  in __ovs_ct_update_key()
203 			ct = ct->master;  in __ovs_ct_update_key()
204 		orig = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;  in __ovs_ct_update_key()
208 		    nf_ct_l3num(ct) == NFPROTO_IPV4) {  in __ovs_ct_update_key()
215 			   nf_ct_l3num(ct) == NFPROTO_IPV6) {  in __ovs_ct_update_key()
240 	struct nf_conn *ct;  in ovs_ct_update_key()  local
243 	ct = nf_ct_get(skb, &ctinfo);  in ovs_ct_update_key()
244 	if (ct) {  in ovs_ct_update_key()
247 		if (!nf_ct_is_confirmed(ct))  in ovs_ct_update_key()
252 		if (ct->master)  in ovs_ct_update_key()
257 			if (ct->status & IPS_SRC_NAT)  in ovs_ct_update_key()
259 			if (ct->status & IPS_DST_NAT)  in ovs_ct_update_key()
262 		zone = nf_ct_zone(ct);  in ovs_ct_update_key()
268 	__ovs_ct_update_key(key, state, zone, ct);  in ovs_ct_update_key()
294 	    nla_put_u32(skb, OVS_KEY_ATTR_CT_MARK, output->ct.mark))  in ovs_ct_put_key()
298 	    nla_put(skb, OVS_KEY_ATTR_CT_LABELS, sizeof(output->ct.labels),  in ovs_ct_put_key()
299 		    &output->ct.labels))  in ovs_ct_put_key()
307 				output->ct.orig_tp.src,  in ovs_ct_put_key()
308 				output->ct.orig_tp.dst,  in ovs_ct_put_key()
318 				output->ct.orig_tp.src,  in ovs_ct_put_key()
319 				output->ct.orig_tp.dst,  in ovs_ct_put_key()
331 static int ovs_ct_set_mark(struct nf_conn *ct, struct sw_flow_key *key,  in ovs_ct_set_mark()  argument
337 	new_mark = ct_mark | (ct->mark & ~(mask));  in ovs_ct_set_mark()
338 	if (ct->mark != new_mark) {  in ovs_ct_set_mark()
339 		ct->mark = new_mark;  in ovs_ct_set_mark()
340 		if (nf_ct_is_confirmed(ct))  in ovs_ct_set_mark()
341 			nf_conntrack_event_cache(IPCT_MARK, ct);  in ovs_ct_set_mark()
342 		key->ct.mark = new_mark;  in ovs_ct_set_mark()
351 static struct nf_conn_labels *ovs_ct_get_conn_labels(struct nf_conn *ct)  in ovs_ct_get_conn_labels()  argument
355 	cl = nf_ct_labels_find(ct);  in ovs_ct_get_conn_labels()
357 		nf_ct_labels_ext_add(ct);  in ovs_ct_get_conn_labels()
358 		cl = nf_ct_labels_find(ct);  in ovs_ct_get_conn_labels()
368 static int ovs_ct_init_labels(struct nf_conn *ct, struct sw_flow_key *key,  in ovs_ct_init_labels()  argument
376 	master_cl = ct->master ? nf_ct_labels_find(ct->master) : NULL;  in ovs_ct_init_labels()
381 	cl = ovs_ct_get_conn_labels(ct);  in ovs_ct_init_labels()
402 	nf_conntrack_event_cache(IPCT_LABEL, ct);  in ovs_ct_init_labels()
404 	memcpy(&key->ct.labels, cl->bits, OVS_CT_LABELS_LEN);  in ovs_ct_init_labels()
409 static int ovs_ct_set_labels(struct nf_conn *ct, struct sw_flow_key *key,  in ovs_ct_set_labels()  argument
416 	cl = ovs_ct_get_conn_labels(ct);  in ovs_ct_set_labels()
420 	err = nf_connlabels_replace(ct, labels->ct_labels_32,  in ovs_ct_set_labels()
426 	memcpy(&key->ct.labels, cl->bits, OVS_CT_LABELS_LEN);  in ovs_ct_set_labels()
438 	struct nf_conn *ct;  in ovs_ct_helper()  local
441 	ct = nf_ct_get(skb, &ctinfo);  in ovs_ct_helper()
442 	if (!ct || ctinfo == IP_CT_RELATED_REPLY)  in ovs_ct_helper()
445 	help = nfct_help(ct);  in ovs_ct_helper()
476 	err = helper->help(skb, protoff, ct, ctinfo);  in ovs_ct_helper()
484 	if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) &&  in ovs_ct_helper()
485 	    !nf_ct_seq_adjust(skb, ct, ctinfo, protoff))  in ovs_ct_helper()
570 			struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h);  in ovs_ct_expect_find()  local
572 			nf_ct_delete(ct, 0, 0);  in ovs_ct_expect_find()
573 			nf_conntrack_put(&ct->ct_general);  in ovs_ct_expect_find()
584 	const struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h);  in ovs_ct_get_info()  local
589 	if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status))  in ovs_ct_get_info()
591 	if (test_bit(IPS_EXPECTED_BIT, &ct->status))  in ovs_ct_get_info()
611 	struct nf_conn *ct;  in ovs_ct_find_existing()  local
635 	ct = nf_ct_tuplehash_to_ctrack(h);  in ovs_ct_find_existing()
642 		h = &ct->tuplehash[!h->tuple.dst.dir];  in ovs_ct_find_existing()
644 	nf_ct_set(skb, ct, ovs_ct_get_info(h));  in ovs_ct_find_existing()
645 	return ct;  in ovs_ct_find_existing()
655 	struct nf_conn *ct = NULL;  in ovs_ct_executed()  local
668 		ct = ovs_ct_find_existing(net, &info->zone, info->family, skb,  in ovs_ct_executed()
673 	return ct;  in ovs_ct_executed()
683 	struct nf_conn *ct;  in skb_nfct_cached()  local
686 	ct = nf_ct_get(skb, &ctinfo);  in skb_nfct_cached()
687 	if (!ct)  in skb_nfct_cached()
688 		ct = ovs_ct_executed(net, key, info, skb, &ct_executed);  in skb_nfct_cached()
690 	if (ct)  in skb_nfct_cached()
695 	if (!net_eq(net, read_pnet(&ct->ct_net)))  in skb_nfct_cached()
697 	if (!nf_ct_zone_equal_any(info->ct, nf_ct_zone(ct)))  in skb_nfct_cached()
702 		help = nf_ct_ext_find(ct, NF_CT_EXT_HELPER);  in skb_nfct_cached()
709 		timeout_ext = nf_ct_timeout_find(ct);  in skb_nfct_cached()
719 		if (nf_ct_is_confirmed(ct))  in skb_nfct_cached()
720 			nf_ct_delete(ct, 0, 0);  in skb_nfct_cached()
722 		nf_conntrack_put(&ct->ct_general);  in skb_nfct_cached()
735 static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,  in ovs_ct_nat_execute()  argument
757 			if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,  in ovs_ct_nat_execute()
770 				if (!nf_nat_icmpv6_reply_translation(skb, ct,  in ovs_ct_nat_execute()
784 		if (!nf_nat_initialized(ct, maniptype)) {  in ovs_ct_nat_execute()
790 				? nf_nat_setup_info(ct, range, maniptype)  in ovs_ct_nat_execute()
791 				: nf_nat_alloc_null_binding(ct, hooknum);  in ovs_ct_nat_execute()
806 	err = nf_nat_packet(ct, ctinfo, hooknum, skb);  in ovs_ct_nat_execute()
868 		      struct sk_buff *skb, struct nf_conn *ct,  in ovs_ct_nat()  argument
875 	if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))  in ovs_ct_nat()
884 	    ct->status & IPS_NAT_MASK &&  in ovs_ct_nat()
892 			maniptype = ct->status & IPS_SRC_NAT  in ovs_ct_nat()
895 			maniptype = ct->status & IPS_SRC_NAT  in ovs_ct_nat()
904 	err = ovs_ct_nat_execute(skb, ct, ctinfo, &info->range, maniptype);  in ovs_ct_nat()
915 		      struct sk_buff *skb, struct nf_conn *ct,  in ovs_ct_nat()  argument
939 	struct nf_conn *ct;  in __ovs_ct_lookup()  local
947 		struct nf_conn *tmpl = info->ct;  in __ovs_ct_lookup()
972 	ct = nf_ct_get(skb, &ctinfo);  in __ovs_ct_lookup()
973 	if (ct) {  in __ovs_ct_lookup()
985 		    (nf_ct_is_confirmed(ct) || info->commit) &&  in __ovs_ct_lookup()
986 		    ovs_ct_nat(net, key, info, skb, ct, ctinfo) != NF_ACCEPT) {  in __ovs_ct_lookup()
995 		if (!nf_ct_is_confirmed(ct) && info->commit &&  in __ovs_ct_lookup()
996 		    info->helper && !nfct_help(ct)) {  in __ovs_ct_lookup()
997 			int err = __nf_ct_try_assign_helper(ct, info->ct,  in __ovs_ct_lookup()
1003 			if (info->nat && !nfct_seqadj(ct)) {  in __ovs_ct_lookup()
1004 				if (!nfct_seqadj_ext_add(ct))  in __ovs_ct_lookup()
1014 		if ((nf_ct_is_confirmed(ct) ? !cached : info->commit) &&  in __ovs_ct_lookup()
1047 		struct nf_conn *ct;  in ovs_ct_lookup()  local
1054 		ct = (struct nf_conn *)skb_nfct(skb);  in ovs_ct_lookup()
1055 		if (ct)  in ovs_ct_lookup()
1056 			nf_ct_deliver_cached_events(ct);  in ovs_ct_lookup()
1162 	struct nf_conn *ct;  in ovs_ct_commit()  local
1170 	ct = nf_ct_get(skb, &ctinfo);  in ovs_ct_commit()
1171 	if (!ct)  in ovs_ct_commit()
1176 		if (!nf_ct_is_confirmed(ct)) {  in ovs_ct_commit()
1178 				&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);  in ovs_ct_commit()
1197 		struct nf_conntrack_ecache *cache = nf_ct_ecache_find(ct);  in ovs_ct_commit()
1208 		err = ovs_ct_set_mark(ct, key, info->mark.value,  in ovs_ct_commit()
1213 	if (!nf_ct_is_confirmed(ct)) {  in ovs_ct_commit()
1214 		err = ovs_ct_init_labels(ct, key, &info->labels.value,  in ovs_ct_commit()
1220 		err = ovs_ct_set_labels(ct, key, &info->labels.value,  in ovs_ct_commit()
1325 	help = nf_ct_helper_ext_add(info->ct, GFP_KERNEL);  in ovs_ct_add_helper()
1663 	ct_info.ct = nf_ct_tmpl_alloc(net, &ct_info.zone, GFP_KERNEL);  in ovs_ct_copy_action()
1664 	if (!ct_info.ct) {  in ovs_ct_copy_action()
1670 		if (nf_ct_set_timeout(net, ct_info.ct, family, key->ip.proto,  in ovs_ct_copy_action()
1676 				nf_ct_timeout_find(ct_info.ct)->timeout);  in ovs_ct_copy_action()
1691 	__set_bit(IPS_CONFIRMED_BIT, &ct_info.ct->status);  in ovs_ct_copy_action()
1692 	nf_conntrack_get(&ct_info.ct->ct_general);  in ovs_ct_copy_action()
1830 	if (ct_info->ct) {  in __ovs_ct_free_action()
1832 			nf_ct_destroy_timeout(ct_info->ct);  in __ovs_ct_free_action()
1833 		nf_ct_tmpl_free(ct_info->ct);  in __ovs_ct_free_action()