[ovs-dev] [PATCH] conntrack: extract l4 information for SCTP
Gaëtan Rivet
grive at u256.net
Tue Aug 3 23:15:05 UTC 2021
On Tue, Jul 13, 2021, at 22:59, Paolo Valerio wrote:
> since a27d70a89 ("conntrack: add generic IP protocol support") all
> the unrecognized IP protocols get handled using ct_proto_other ops
> and are managed as L3 using 3 tuples.
>
> This patch stores L4 information for SCTP in the conn_key so that
> multiple conn instances, instead of one with ports zeroed, will be
> created when there are multiple SCTP connections between two hosts.
> It also performs crc32c check when not offloaded, and adds SCTP to
> pat_enabled.
>
> With this patch, given two SCTP association between two hosts, and
> given for example the following rules:
>
> in_port=tap0,ip,action=ct(commit,zone=1,nat(src=10.1.1.240:12345-12346)),tap1
> in_port=tap1,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)
> in_port=tap1,ct_state=+trk,ct_zone=1,ip,action=tap0
>
> the following entries will be created:
>
> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=55884,dport=5201),reply=(src=10.1.1.1,dst=10.1.1.240,sport=5201,dport=12345),zone=1
> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=59874,dport=5202),reply=(src=10.1.1.1,dst=10.1.1.240,sport=5202,dport=12346),zone=1
>
> instead of:
>
> sctp,orig=(src=192.168.100.100,dst=10.1.1.1,sport=0,dport=0),reply=(src=10.1.1.1,dst=10.1.1.240,sport=0,dport=0),zone=1
>
> Signed-off-by: Paolo Valerio <pvalerio at redhat.com>
> ---
> lib/conntrack.c | 94 ++++++++++++++++++++++++++++++++++++++
> lib/packets.h | 18 +++++++
> tests/system-kmod-macros.at | 11 ++++
> tests/system-traffic.at | 80 ++++++++++++++++++++++++++++++++
> tests/system-userspace-macros.at | 7 +++
> 5 files changed, 209 insertions(+), 1 deletion(-)
>
> diff --git a/lib/conntrack.c b/lib/conntrack.c
> index 551c2061a..9c628c052 100644
> --- a/lib/conntrack.c
> +++ b/lib/conntrack.c
> @@ -28,8 +28,10 @@
> #include "conntrack-tp.h"
> #include "coverage.h"
> #include "csum.h"
> +#include "crc32c.h"
> #include "ct-dpif.h"
> #include "dp-packet.h"
> +#include "unaligned.h"
Hello Paolo,
The code looks good to me and the test runs properly.
I have only a small question. The "unaligned.h" include above is
not sorted alphabetically. Is there a reason for this that forces
to put it here?
With either a comment explaining this constraint or the include line moved,
Acked-by: Gaetan Rivet <grive at u256.net>
Thanks!
--
Gaetan Rivet
More information about the dev
mailing list