[ovs-dev] [PATCH v8 2/5] datapath-windows: Added Ipv4 fragments support in Conntrack

Anand Kumar kumaranand at vmware.com
Thu May 4 22:12:51 UTC 2017 

This patch adds support for tracking Ipv4 fragments in conntrack module.
Individual fragments are not tracked and are consumed by the
fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked and
treated as a single ct entry.

Signed-off-by: Anand Kumar <kumaranand at vmware.com>
---
v7->v8: No change
v6->v7: Made changes to use FowardingCtx and initialize forwarding ctx 
		for the reassembled packet
v5->v6: No Change
v4->v5:
	- Removed MRU argument from function declarations as MRU is now retained
	in _OVS_BUFFER_CONTEXT.
v3->v4: No Change
v2->v3:
	- Updated log messages and fixed alignment.
v1->v2: No change
---
 datapath-windows/ovsext/Actions.c   | 21 +++++++++++++++++++--
 datapath-windows/ovsext/Conntrack.c | 23 ++++++++++++++++-------
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c
index 3bd00a7..b5c13c7 100644
--- a/datapath-windows/ovsext/Actions.c
+++ b/datapath-windows/ovsext/Actions.c
@@ -1975,12 +1975,29 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext,
                 }
             }
 
+            PNET_BUFFER_LIST oldNbl = ovsFwdCtx.curNbl;
             status = OvsExecuteConntrackAction(&ovsFwdCtx, key,
                                                (const PNL_ATTR)a);
             if (status != NDIS_STATUS_SUCCESS) {
-                OVS_LOG_ERROR("CT Action failed");
-                dropReason = L"OVS-conntrack action failed";
+                /* Pending NBLs are consumed by Defragmentation. */
+                if (status != NDIS_STATUS_PENDING) {
+                    OVS_LOG_ERROR("CT Action failed");
+                    dropReason = L"OVS-conntrack action failed";
+                }
                 goto dropit;
+            } else if (oldNbl != ovsFwdCtx.curNbl) {
+               /*
+                * OvsIpv4Reassemble consumes the original NBL and creates a
+                * new one and assigns it to the curNbl of ovsFwdCtx.
+                */
+               OvsInitForwardingCtx(&ovsFwdCtx,
+                                    ovsFwdCtx.switchContext,
+                                    ovsFwdCtx.curNbl,
+                                    ovsFwdCtx.srcVportNo,
+                                    ovsFwdCtx.sendFlags,
+                                    NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(ovsFwdCtx.curNbl),
+                                    ovsFwdCtx.completionList,
+                                    &ovsFwdCtx.layers, FALSE);
             }
             break;
         }
diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index 8658910..dce0c1b 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -15,6 +15,7 @@
  */
 
 #include "Conntrack.h"
+#include "IpFragment.h"
 #include "Jhash.h"
 #include "PacketParser.h"
 #include "Event.h"
@@ -317,13 +318,20 @@ OvsCtEntryExpired(POVS_CT_ENTRY entry)
 }
 
 static __inline NDIS_STATUS
-OvsDetectCtPacket(OvsFlowKey *key)
+OvsDetectCtPacket(OvsForwardingContext *fwdCtx,
+                  OvsFlowKey *key,
+                  PNET_BUFFER_LIST *newNbl)
 {
     /* Currently we support only Unfragmented TCP packets */
     switch (ntohs(key->l2.dlType)) {
     case ETH_TYPE_IPV4:
         if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) {
-            return NDIS_STATUS_NOT_SUPPORTED;
+            return OvsProcessIpv4Fragment(fwdCtx->switchContext,
+                                          &fwdCtx->curNbl,
+                                          fwdCtx->completionList,
+                                          fwdCtx->fwdDetail->SourcePortId,
+                                          key->tunKey.tunnelId,
+                                          newNbl);
         }
         if (key->ipKey.nwProto == IPPROTO_TCP
             || key->ipKey.nwProto == IPPROTO_UDP
@@ -707,6 +715,7 @@ OvsCtExecute_(PNET_BUFFER_LIST curNbl,
  *---------------------------------------------------------------------------
  * OvsExecuteConntrackAction
  *     Executes Conntrack actions XXX - Add more
+ *     For the Ipv4 fragments, consume the orginal fragment NBL
  *---------------------------------------------------------------------------
  */
 NDIS_STATUS
@@ -723,10 +732,10 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
     PCHAR helper = NULL;
     PNET_BUFFER_LIST curNbl = fwdCtx->curNbl;
     OVS_PACKET_HDR_INFO *layers = &fwdCtx->layers;
-
+    PNET_BUFFER_LIST newNbl = NULL;
     NDIS_STATUS status;
 
-    status = OvsDetectCtPacket(key);
+    status = OvsDetectCtPacket(fwdCtx, key, &newNbl);
     if (status != NDIS_STATUS_SUCCESS) {
         return status;
     }
@@ -765,9 +774,9 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
         /* Force implicitly means commit */
         commit = TRUE;
     }
-
-    status = OvsCtExecute_(curNbl, key, layers, commit, force,
-                           zone, mark, labels, helper);
+    /* If newNbl is not allocated, use the current Nbl*/
+    status = OvsCtExecute_(newNbl != NULL ? newNbl : curNbl, key, layers,
+                           commit, force, zone, mark, labels, helper);
     return status;
 }
 
-- 
2.9.3.windows.1

More information about the dev mailing list