[ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state.

Anand Kumar kumaranand at vmware.com
Fri Feb 2 22:43:16 UTC 2018


Signed-off-by: Anand Kumar <kumaranand at vmware.com>
---
 datapath-windows/ovsext/Conntrack-icmp.c | 1 +
 datapath-windows/ovsext/Conntrack-tcp.c  | 4 ++++
 datapath-windows/ovsext/Conntrack.c      | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c
index 4da0665..28fe2bf 100644
--- a/datapath-windows/ovsext/Conntrack-icmp.c
+++ b/datapath-windows/ovsext/Conntrack-icmp.c
@@ -61,6 +61,7 @@ BOOLEAN
 OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp)
 {
     if (!icmp) {
+        OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be NULL");
         return FALSE;
     }
 
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c
index f8e85a2..8cbab24 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -444,12 +444,14 @@ BOOLEAN
 OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
 {
     if (!tcp) {
+        OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be NULL");
         return FALSE;
     }
 
     UINT16 tcp_flags = ntohs(tcp->flags);
 
     if (OvsCtInvalidTcpFlags(tcp_flags)) {
+        OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", tcp_flags);
         return FALSE;
     }
 
@@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
      * totally new connections (syn) or already established, not partially
      * open (syn+ack). */
     if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) {
+        OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed,"
+                      "tcp_flags %hu", tcp_flags);
         return FALSE;
     }
 
diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index 43c9dd3..678bedb 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
         const ICMPHdr *icmp;
         icmp = OvsGetIcmp(curNbl, l4Offset, &storage);
         if (!OvsConntrackValidateIcmpPacket(icmp)) {
+            if(icmp) {
+                OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u",
+                              icmp->type);
+            }
             state = OVS_CS_F_INVALID;
             break;
         }
@@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
         break;
     }
     default:
+        OVS_LOG_TRACE("Invalid packet detected, protocol not supported"
+                      " ipProto %u", ipProto);
         state = OVS_CS_F_INVALID;
         break;
     }
-- 
2.9.3.windows.1



More information about the dev mailing list