[ovs-dev] [patch_v5 0/5] Userspace Datapath: Add ALG support.

Darrell Ball dball at vmware.com
Sat Jul 15 19:50:52 UTC 2017 

V5 is superceded; I sent a V6.
I inadvertently removed an include, noticeable in the Travis OSX build,
which was recently otherwise broken.

With Takashi’s fix folded in, I was able to detect the other problem.
https://patchwork.ozlabs.org/patch/788919/

Thanks Darrell


On 7/15/17, 10:22 AM, "ovs-dev-bounces at openvswitch.org on behalf of Darrell Ball" <ovs-dev-bounces at openvswitch.org on behalf of dlu998 at gmail.com> wrote:

    ALG infra is added with support for FTP and TFTP.
    Both V4 and V6 are supported.  Also, NAT is supported.
    
    Three passive ftp system tests are added to complete testing
    coverage of ftp for the userspace datapath, as the existing
    coverage of passive ftp was limited to one part of one test
    for V4 only.
    Another system test is added covering tftp with NAT which
    was not previously exercised.
    
    v4->v5: Address Ben's code review comments.
            Fix one system test race.
            First 3 patches were committed.
    
    v3->v4: Fix tftp with NAT.
            Add a system test covering tftp with NAT.
    
    v2->v3: Fix v4 passive ftp with NAT.
            Fix V6 passive ftp; parse check was broken.
            Add 3 tests covering v4/v6 passive ftp to
            complete ALG coverage in the system tests.
            
            Code review caught a memory leak of the alg
            string such as "ftp" that could occurs during
            nat tuple exhaustion. This is a pathological
            user error case whose fix was tested by
            instrumentated simulation.
            Code review also pointed out that a connection
            context copy was unclear; this was moved to the
            caller where all allocation and error cleanup is
            done.
            Added several lock annotations that were missing 
            from the original conntrack code and nat code.
            Other review comments were fixed.
    
    v1->v2:
            Mostly the addition of V6 FTP and TFTP support.
    
            Removed define for unused FTP server port 20.
    
            Add overflow checks for port numbers.
            
            Instead of bypassing FTP bounce exploit with
            auto-correct, explicitly flag packet as invalid.
    
            Seq number overflow and underflow checks added.
    
    Darrell Ball (5):
      Userspace Datapath: Add ALG infra and FTP.
      Userspace Datapath: Add TFTP support.
      System tests: Enable ALGs for userspace.
      System tests: Add 4 new ftp and tftp tests.
      NEWS: Announce userspace datapath ALG support.
    
     NEWS                             |    1 +
     include/sparse/netinet/in.h      |    1 +
     lib/conntrack-private.h          |   35 +-
     lib/conntrack.c                  | 1089 +++++++++++++++++++++++++++++++++++---
     lib/conntrack.h                  |   10 +-
     tests/system-traffic.at          |  237 +++++++++
     tests/system-userspace-macros.at |    7 +-
     7 files changed, 1301 insertions(+), 79 deletions(-)
    
    -- 
    1.9.1
    
    _______________________________________________
    dev mailing list
    dev at openvswitch.org
    https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=miJSjlcHum54cJT5IyD3EjHfppit-gNjm35BY0CXI7w&s=zACbbbDZcvAs3p06TnQMemh-PMGsObvWhIYTvJCRBm8&e=

More information about the dev mailing list