From patchwork Tue Aug  1 22:01:44 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anand Kumar <kumaranand@vmware.com>
X-Patchwork-Id: 796402
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3xMVfL4x2xz9s81
	for <incoming@patchwork.ozlabs.org>;
	Wed,  2 Aug 2017 08:02:01 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 45E86B0A;
	Tue,  1 Aug 2017 22:01:57 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 51EEAB09
	for <dev@openvswitch.org>; Tue,  1 Aug 2017 22:01:56 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from EX13-EDG-OU-002.vmware.com (ex13-edg-ou-002.vmware.com
	[208.91.0.190])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3DB4A1CE
	for <dev@openvswitch.org>; Tue,  1 Aug 2017 22:01:55 +0000 (UTC)
Received: from sc9-mailhost3.vmware.com (10.113.161.73) by
	EX13-EDG-OU-002.vmware.com (10.113.208.156) with Microsoft SMTP
	Server id 15.0.1156.6; Tue, 1 Aug 2017 15:01:22 -0700
Received: from localhost.localdomain (htb-1s-eng-dhcp106.eng.vmware.com
	[10.33.78.106])
	by sc9-mailhost3.vmware.com (Postfix) with ESMTP id D1ED04054A;
	Tue,  1 Aug 2017 15:01:52 -0700 (PDT)
From: Anand Kumar <kumaranand@vmware.com>
To: <dev@openvswitch.org>
Date: Tue, 1 Aug 2017 15:01:44 -0700
Message-ID: <20170801220144.5760-1-kumaranand@vmware.com>
X-Mailer: git-send-email 2.9.3.windows.1
MIME-Version: 1.0
Received-SPF: None (EX13-EDG-OU-002.vmware.com: kumaranand@vmware.com does
	not designate permitted sender hosts)
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH] datapath-windows: Fix conntrack lookups for
	reversed keys
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

From: Sairam Venugopal <vsairam@vmware.com>

The conntrack table needs to be queried for entries in either directions
to determine if the packet is in forward direction or reply direction.

The current behavior ends up reversing the incoming packet's 5-Tuple for
every entry in the loop instead of doing it only once.

Testing Done:
- Verified that ICMP requests are no longer treated as replies
in Conntrack.

Change-Id: I826a164cfb9137e2167c404ff5c9bfd9dfaa33ad
Co-authored-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
---
 datapath-windows/ovsext/Conntrack.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index 8ea1e65..917ebee 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -401,7 +401,14 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx)
     POVS_CT_ENTRY entry;
     BOOLEAN reply = FALSE;
     POVS_CT_ENTRY found = NULL;
-    OVS_CT_KEY key = ctx->key;
+
+    /* Reverse NAT must be performed before OvsCtLookup, so here
+     * we simply need to flip the src and dst in key and compare
+     * they are equal. Note that flipped key is not equal to
+     * rev_key due to NAT effect.
+     */
+    OVS_CT_KEY revCtxKey = ctx->key;
+    OvsCtKeyReverse(&revCtxKey);
 
     if (!ctTotalEntries) {
         return found;
@@ -410,19 +417,13 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx)
     LIST_FORALL(&ovsConntrackTable[ctx->hash & CT_HASH_TABLE_MASK], link) {
         entry = CONTAINING_RECORD(link, OVS_CT_ENTRY, link);
 
-        if (OvsCtKeyAreSame(key,entry->key)) {
+        if (OvsCtKeyAreSame(ctx->key, entry->key)) {
             found = entry;
             reply = FALSE;
             break;
         }
 
-        /* Reverse NAT must be performed before OvsCtLookup, so here
-         * we simply need to flip the src and dst in key and compare
-         * they are equal. Note that flipped key is not equal to
-         * rev_key due to NAT effect.
-         */
-        OvsCtKeyReverse(&key);
-        if (OvsCtKeyAreSame(key, entry->key)) {
+        if (OvsCtKeyAreSame(revCtxKey, entry->key)) {
             found = entry;
             reply = TRUE;
             break;