compat: Backport conntrack zones headers.

Loosely based upon Linux commit 308ac9143ee2 "netfilter: nf_conntrack:
push zone object into functions".

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

4 files changed, 140 insertions, 0 deletions

diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
index 7e66e14a5..63179655c 100644
--- a/datapath/linux/Modules.mk
+++ b/datapath/linux/Modules.mk
@@ -13,6 +13,7 @@ openvswitch_sources += \
 	linux/compat/lisp.c \
 	linux/compat/netdevice.c \
 	linux/compat/net_namespace.c \
+	linux/compat/nf_conntrack_core.c \
 	linux/compat/reciprocal_div.c \
 	linux/compat/skbuff-openvswitch.c \
 	linux/compat/socket.c \
@@ -90,5 +91,7 @@ openvswitch_headers += \
 	linux/compat/include/net/sock.h \
 	linux/compat/include/net/stt.h \
 	linux/compat/include/net/vxlan.h \
+	linux/compat/include/net/netfilter/nf_conntrack_expect.h \
+	linux/compat/include/net/netfilter/nf_conntrack_zones.h \
 	linux/compat/include/net/sctp/checksum.h
 EXTRA_DIST += linux/compat/build-aux/export-check-whitelist
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_expect.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_expect.h
new file mode 100644
index 000000000..98c6d6b4c
--- /dev/null
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_expect.h
@@ -0,0 +1,21 @@
+#ifndef _NF_CONNTRACK_EXPECT_WRAPPER_H
+#define _NF_CONNTRACK_EXPECT_WRAPPER_H
+
+#include_next <net/netfilter/nf_conntrack_expect.h>
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0)
+
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_zones.h>
+
+static inline struct nf_conntrack_expect *
+rpl___nf_ct_expect_find(struct net *net,
+			const struct nf_conntrack_zone *zone,
+			const struct nf_conntrack_tuple *tuple)
+{
+	return __nf_ct_expect_find(net, zone->id, tuple);
+}
+#define __nf_ct_expect_find rpl___nf_ct_expect_find
+
+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0) */
+#endif /* _NF_CONNTRACK_EXPECT_WRAPPER_H */
diff --git a/datapath/linux/compat/include/net/netfilter/nf_conntrack_zones.h b/datapath/linux/compat/include/net/netfilter/nf_conntrack_zones.h
new file mode 100644
index 000000000..3c5e3979c
--- /dev/null
+++ b/datapath/linux/compat/include/net/netfilter/nf_conntrack_zones.h
@@ -0,0 +1,103 @@
+#ifndef _NF_CONNTRACK_ZONES_WRAPPER_H
+#define _NF_CONNTRACK_ZONES_WRAPPER_H
+
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,34)
+#include_next <net/netfilter/nf_conntrack_zones.h>
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0)
+
+#include <linux/kconfig.h>
+#include <linux/types.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+
+#define NF_CT_DEFAULT_ZONE_ID   0
+
+#define NF_CT_ZONE_DIR_ORIG     (1 << IP_CT_DIR_ORIGINAL)
+#define NF_CT_ZONE_DIR_REPL     (1 << IP_CT_DIR_REPLY)
+
+#define NF_CT_DEFAULT_ZONE_DIR  (NF_CT_ZONE_DIR_ORIG | NF_CT_ZONE_DIR_REPL)
+
+#define NF_CT_FLAG_MARK	 1
+
+struct rpl_nf_conntrack_zone {
+	u16     id;
+	u8      flags;
+	u8      dir;
+};
+#define nf_conntrack_zone rpl_nf_conntrack_zone
+
+extern const struct nf_conntrack_zone nf_ct_zone_dflt;
+
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+#include <net/netfilter/nf_conntrack_extend.h>
+
+static inline const struct nf_conntrack_zone *
+rpl_nf_ct_zone(const struct nf_conn *ct)
+{
+	const struct nf_conntrack_zone *nf_ct_zone = NULL;
+
+#ifdef CONFIG_NF_CONNTRACK_ZONES
+	nf_ct_zone = nf_ct_ext_find(ct, NF_CT_EXT_ZONE);
+#endif
+	return nf_ct_zone ? nf_ct_zone : &nf_ct_zone_dflt;
+}
+#define nf_ct_zone rpl_nf_ct_zone
+
+static inline const struct nf_conntrack_zone *
+nf_ct_zone_init(struct nf_conntrack_zone *zone, u16 id, u8 dir, u8 flags)
+{
+	zone->id = id;
+	zone->flags = flags;
+	zone->dir = dir;
+
+	return zone;
+}
+
+static inline int nf_ct_zone_add(struct nf_conn *ct, gfp_t flags,
+				 const struct nf_conntrack_zone *info)
+{
+#ifdef CONFIG_NF_CONNTRACK_ZONES
+	struct nf_conntrack_zone *nf_ct_zone;
+
+	nf_ct_zone = nf_ct_ext_add(ct, NF_CT_EXT_ZONE, flags);
+	if (!nf_ct_zone)
+		return -ENOMEM;
+
+	nf_ct_zone_init(nf_ct_zone, info->id, info->dir,
+			info->flags);
+#endif
+	return 0;
+}
+
+static inline bool nf_ct_zone_matches_dir(const struct nf_conntrack_zone *zone,
+					  enum ip_conntrack_dir dir)
+{
+	return zone->dir & (1 << dir);
+}
+
+static inline u16 nf_ct_zone_id(const struct nf_conntrack_zone *zone,
+				enum ip_conntrack_dir dir)
+{
+	return nf_ct_zone_matches_dir(zone, dir) ?
+	       zone->id : NF_CT_DEFAULT_ZONE_ID;
+}
+
+static inline bool nf_ct_zone_equal(const struct nf_conn *a,
+				    const struct nf_conntrack_zone *b,
+				    enum ip_conntrack_dir dir)
+{
+	return nf_ct_zone_id(nf_ct_zone(a), dir) ==
+	       nf_ct_zone_id(b, dir);
+}
+
+static inline bool nf_ct_zone_equal_any(const struct nf_conn *a,
+					const struct nf_conntrack_zone *b)
+{
+	return nf_ct_zone(a)->id == b->id;
+}
+#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK) */
+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0) */
+#endif /* _NF_CONNTRACK_ZONES_WRAPPER_H */
diff --git a/datapath/linux/compat/nf_conntrack_core.c b/datapath/linux/compat/nf_conntrack_core.c
new file mode 100644
index 000000000..a26620809
--- /dev/null
+++ b/datapath/linux/compat/nf_conntrack_core.c
@@ -0,0 +1,13 @@
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0)
+
+#include <net/netfilter/nf_conntrack_zones.h>
+
+/* Built-in default zone used e.g. by modules. */
+const struct nf_conntrack_zone nf_ct_zone_dflt = {
+	.id	= NF_CT_DEFAULT_ZONE_ID,
+	.dir	= NF_CT_DEFAULT_ZONE_DIR,
+};
+
+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0) */