[ovs-dev] [PATCH v8 2/5] datapath-windows: Added Ipv4 fragments support in Conntrack
Anand Kumar
kumaranand at vmware.com
Thu May 4 22:12:51 UTC 2017
This patch adds support for tracking Ipv4 fragments in conntrack module.
Individual fragments are not tracked and are consumed by the
fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked and
treated as a single ct entry.
Signed-off-by: Anand Kumar <kumaranand at vmware.com>
---
v7->v8: No change
v6->v7: Made changes to use FowardingCtx and initialize forwarding ctx
for the reassembled packet
v5->v6: No Change
v4->v5:
- Removed MRU argument from function declarations as MRU is now retained
in _OVS_BUFFER_CONTEXT.
v3->v4: No Change
v2->v3:
- Updated log messages and fixed alignment.
v1->v2: No change
---
datapath-windows/ovsext/Actions.c | 21 +++++++++++++++++++--
datapath-windows/ovsext/Conntrack.c | 23 ++++++++++++++++-------
2 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c
index 3bd00a7..b5c13c7 100644
--- a/datapath-windows/ovsext/Actions.c
+++ b/datapath-windows/ovsext/Actions.c
@@ -1975,12 +1975,29 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext,
}
}
+ PNET_BUFFER_LIST oldNbl = ovsFwdCtx.curNbl;
status = OvsExecuteConntrackAction(&ovsFwdCtx, key,
(const PNL_ATTR)a);
if (status != NDIS_STATUS_SUCCESS) {
- OVS_LOG_ERROR("CT Action failed");
- dropReason = L"OVS-conntrack action failed";
+ /* Pending NBLs are consumed by Defragmentation. */
+ if (status != NDIS_STATUS_PENDING) {
+ OVS_LOG_ERROR("CT Action failed");
+ dropReason = L"OVS-conntrack action failed";
+ }
goto dropit;
+ } else if (oldNbl != ovsFwdCtx.curNbl) {
+ /*
+ * OvsIpv4Reassemble consumes the original NBL and creates a
+ * new one and assigns it to the curNbl of ovsFwdCtx.
+ */
+ OvsInitForwardingCtx(&ovsFwdCtx,
+ ovsFwdCtx.switchContext,
+ ovsFwdCtx.curNbl,
+ ovsFwdCtx.srcVportNo,
+ ovsFwdCtx.sendFlags,
+ NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(ovsFwdCtx.curNbl),
+ ovsFwdCtx.completionList,
+ &ovsFwdCtx.layers, FALSE);
}
break;
}
diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index 8658910..dce0c1b 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -15,6 +15,7 @@
*/
#include "Conntrack.h"
+#include "IpFragment.h"
#include "Jhash.h"
#include "PacketParser.h"
#include "Event.h"
@@ -317,13 +318,20 @@ OvsCtEntryExpired(POVS_CT_ENTRY entry)
}
static __inline NDIS_STATUS
-OvsDetectCtPacket(OvsFlowKey *key)
+OvsDetectCtPacket(OvsForwardingContext *fwdCtx,
+ OvsFlowKey *key,
+ PNET_BUFFER_LIST *newNbl)
{
/* Currently we support only Unfragmented TCP packets */
switch (ntohs(key->l2.dlType)) {
case ETH_TYPE_IPV4:
if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) {
- return NDIS_STATUS_NOT_SUPPORTED;
+ return OvsProcessIpv4Fragment(fwdCtx->switchContext,
+ &fwdCtx->curNbl,
+ fwdCtx->completionList,
+ fwdCtx->fwdDetail->SourcePortId,
+ key->tunKey.tunnelId,
+ newNbl);
}
if (key->ipKey.nwProto == IPPROTO_TCP
|| key->ipKey.nwProto == IPPROTO_UDP
@@ -707,6 +715,7 @@ OvsCtExecute_(PNET_BUFFER_LIST curNbl,
*---------------------------------------------------------------------------
* OvsExecuteConntrackAction
* Executes Conntrack actions XXX - Add more
+ * For the Ipv4 fragments, consume the orginal fragment NBL
*---------------------------------------------------------------------------
*/
NDIS_STATUS
@@ -723,10 +732,10 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
PCHAR helper = NULL;
PNET_BUFFER_LIST curNbl = fwdCtx->curNbl;
OVS_PACKET_HDR_INFO *layers = &fwdCtx->layers;
-
+ PNET_BUFFER_LIST newNbl = NULL;
NDIS_STATUS status;
- status = OvsDetectCtPacket(key);
+ status = OvsDetectCtPacket(fwdCtx, key, &newNbl);
if (status != NDIS_STATUS_SUCCESS) {
return status;
}
@@ -765,9 +774,9 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
/* Force implicitly means commit */
commit = TRUE;
}
-
- status = OvsCtExecute_(curNbl, key, layers, commit, force,
- zone, mark, labels, helper);
+ /* If newNbl is not allocated, use the current Nbl*/
+ status = OvsCtExecute_(newNbl != NULL ? newNbl : curNbl, key, layers,
+ commit, force, zone, mark, labels, helper);
return status;
}
--
2.9.3.windows.1
More information about the dev
mailing list