[ovs-dev] [patch v2] conntrack-tcp: Handle tcp session reuse.

Darrell Ball dlu998 at gmail.com
Tue May 15 01:38:25 UTC 2018


Fix tcp sequence tracking for cases when picking up an existing connection.
This can happen, for example, by doing VM migration and sequence tracking
should be more permissive in these cases.  We don't differentiate picking
up an existing connection vs picking up a new connection; the added
complexity is not worth the benefit of the slightly more strictness in the
case of picking up a new connection.

Fixes: a489b16854b5 ("conntrack: New userspace connection tracker")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---

Fix needs backporting to 2.7.

 lib/conntrack-tcp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
index 04460c3..86d313d 100644
--- a/lib/conntrack-tcp.c
+++ b/lib/conntrack-tcp.c
@@ -160,7 +160,6 @@ tcp_conn_update(struct conn *conn_, struct conntrack_bucket *ctb,
     uint16_t win = ntohs(tcp->tcp_winsz);
     uint32_t ack, end, seq, orig_seq;
     uint32_t p_len = tcp_payload_length(pkt);
-    int ackskew;
 
     if (tcp_invalid_flags(tcp_flags)) {
         return CT_UPDATE_INVALID;
@@ -195,6 +194,7 @@ tcp_conn_update(struct conn *conn_, struct conntrack_bucket *ctb,
      */
 
     orig_seq = seq = ntohl(get_16aligned_be32(&tcp->tcp_seq));
+    bool check_ackskew = true;
     if (src->state < CT_DPIF_TCPS_SYN_SENT) {
         /* First packet from this end. Set its state */
 
@@ -232,6 +232,11 @@ tcp_conn_update(struct conn *conn_, struct conntrack_bucket *ctb,
         if (src->seqhi == 1
                 || SEQ_GEQ(end + MAX(1, dst->max_win << dws), src->seqhi)) {
             src->seqhi = end + MAX(1, dst->max_win << dws);
+            /* We are either picking up a new connection or a connection which
+             * was already in place.  We are more permissive in terms of
+             * ackskew checking in these cases.
+             */
+            check_ackskew = false;
         }
         if (win > src->max_win) {
             src->max_win = win;
@@ -265,7 +270,7 @@ tcp_conn_update(struct conn *conn_, struct conntrack_bucket *ctb,
         end = seq;
     }
 
-    ackskew = dst->seqlo - ack;
+    int ackskew = check_ackskew ? dst->seqlo - ack : 0;
 #define MAXACKWINDOW (0xffff + 1500)    /* 1500 is an arbitrary fudge factor */
     if (SEQ_GEQ(src->seqhi, end)
         /* Last octet inside other's window space */
-- 
1.9.1



More information about the dev mailing list