From patchwork Fri Jun 24 11:09:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ldejing X-Patchwork-Id: 1647825 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=Va1IYm2J; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LTvXN1Fnlz9s0w for ; Fri, 24 Jun 2022 21:09:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4D11E4188D; Fri, 24 Jun 2022 11:09:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4D11E4188D Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key, unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=Va1IYm2J X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8DhyvVAuRvc6; Fri, 24 Jun 2022 11:09:34 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0602A417B4; Fri, 24 Jun 2022 11:09:33 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 0602A417B4 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B8936C0039; Fri, 24 Jun 2022 11:09:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E5782C002D for ; Fri, 24 Jun 2022 11:09:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id B59AC417B8 for ; Fri, 24 Jun 2022 11:09:31 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B59AC417B8 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zii033hHM9UY for ; Fri, 24 Jun 2022 11:09:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2436F417B4 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2052.outbound.protection.outlook.com [40.107.223.52]) by smtp4.osuosl.org (Postfix) with ESMTPS id 2436F417B4 for ; Fri, 24 Jun 2022 11:09:30 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VetMH1XeC6B3DzdGxpr9TZajKny9VYpI2n2HnLsWkqTHG+BCCtj2r6mIq7B050oyAuMSVL0s7I99/LvSQODdXzeUowndIUg5GcrN2wsBNTN36dkror7+1qMVtS1x3o2ddQzW6xJPshBzcp66Nbg02+jni3cutyLhbTd66ZF4eqCZEtFydiaOl45WucE73KrVwS7HgGYNZsX7i+bHDLKh4N5LdNeYrtH+dyswSUlbers0PmrXamKm+6IlqfWvVc/Hv07Pavwes16EGf0dZZ8TAtnoXonVjFpkE9DhBmZ2u1cQ7E0w6lT0ReBQmD8vkXWptj/L4tSedTc7U+uXMT2poQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iS02wOLDpEaWAuS3DK1thQVQawV4iDvschySSrcuJag=; b=faaau9HmzslwyHVSqZpG3hOB760G/xu6P6RUR4VF+zfDPo4W470ERykMhokLD5VLJmGCS0Ya7hTSB3mG11itJnfwue9H3Lj44ZpMaGZXZaRCLonSArhVWNptg3XlgaMbULYzzTcA/DfBJGD6iJgJtoLpjawOuB4ff9VdFuU8pL6BDYArFrQCLwM1AdARsPQMEYByH3S7pLI+mwlWA3bxsF0XJL7FLZlHE0pH3J5wYZ75FG2l5CmLdQzbqddJ+FZWGD8yK1rfmmcuaA60eD4jqGxm247mCwQ2kAYk7NcZh8cBmQE0tcq/epz1YVVVHCBOKSTxLymyhPGxOo/1QlGT6Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vmware.com; dmarc=pass action=none header.from=vmware.com; dkim=pass header.d=vmware.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iS02wOLDpEaWAuS3DK1thQVQawV4iDvschySSrcuJag=; b=Va1IYm2JHAUAHGTVivnVQn2ZlrsEOky0qLpHm3250kAvCkDZNM1hQu7mw+2Hp1Jq6LpCYMGEKSbQRLs+et/xq0gBDNL3O+lJ40Ktvhc+lRHsIINjAQqlntTwR0jO+ggCYmBChXcG/cWl6kIsQFV8m4e9cd7gYISBzCxQ2ftGBnA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vmware.com; Received: from SN6PR05MB5935.namprd05.prod.outlook.com (2603:10b6:805:100::18) by BL0PR05MB5505.namprd05.prod.outlook.com (2603:10b6:208:6a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15; Fri, 24 Jun 2022 11:09:27 +0000 Received: from SN6PR05MB5935.namprd05.prod.outlook.com ([fe80::c01f:f0f6:9240:911]) by SN6PR05MB5935.namprd05.prod.outlook.com ([fe80::c01f:f0f6:9240:911%3]) with mapi id 15.20.5373.015; Fri, 24 Jun 2022 11:09:27 +0000 To: dev@openvswitch.org Date: Fri, 24 Jun 2022 19:09:08 +0800 Message-Id: <20220624110909.88892-1-svc.ovs-community@vmware.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) X-ClientProxiedBy: SG2PR03CA0112.apcprd03.prod.outlook.com (2603:1096:4:91::16) To SN6PR05MB5935.namprd05.prod.outlook.com (2603:10b6:805:100::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 15bb651e-8ac3-41c1-8f21-08da55d200a3 X-MS-TrafficTypeDiagnostic: BL0PR05MB5505:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: egjDP34w82EY++cxdKivpCsLS16c8A7bdm1sv5H8yd8DUEhBDB6NfQjewMTbT+lWxUAKeVgphu8Yss4EhQvbfz7qwiCrwgwakXAhrEoq2z/XqlblyJKyLIfYO3mg1emQ2yEYMTJL8XAWPhPvKgMfKOzxcKjM0cYSUcidNQ7K8HgHmM/sDw+qT+lhoc2s/Gg5rITg2ZHleUx0RQ4CDvapEsgjlMhmaUrQLTlUOoU3uYTNW3cTAs4I4sY+es7fnhSljomHyr10kY2dKO91LaigX0O6+zCGv29jNVRsMk/mMxi86hoipb5izPFtn50L01J9dQHSRx+gETJGYabrKbXihlQcKI7ZzQAxE10JIQowUtwO2teIpmcKJmpPREyZ4/hxqknZPR++FI4X1/zHwlO7S7pcZPlbLPXp3V5kfsyKDDteNHkoLJ/C2bIzMrmCqiDpTwMu18rXOOhqDpN2/d0Gl79fmIUG/y1lMU1C+KkLaTxC+hez2LEIQVUjHT7WH89lkeGxCsjnCr5OU3vL1SEFnOwCyhQQ+mk22DuDOgIbb+pOAYz8YjWGxFoT267PKO56XyKiz2wdmwcVF+d5Xc9wBXU5oA3fUJKfY6RHrzmLa1nx5ID3ECkfsB0Cy87t2rlCCBC7bRgt/smNMTG9JfhaeRzQ/oBq0q7BuL+Zh9EwwKvwDppllaysuPK0k947d8PD1oUrQDIeSbPs7H3v1yROKxRPkZ0X+KxQbYNe0ejmqjARLYIje6biG/nIDWaz4Y3xk/q8Qcv2NENtObSaU6zVCSzcXePjccjDrZJ6ethMZ6uAvUygyP9gfCZVZvodG2TwYqUCT81YdrXnufr4yB4SFK36lfny8VwVVM4HH1gfl08= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR05MB5935.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(186003)(1076003)(8676002)(6486002)(86362001)(38100700002)(4326008)(41300700001)(52116002)(6666004)(107886003)(2616005)(26005)(38350700002)(83380400001)(478600001)(36756003)(6506007)(2906002)(8936002)(6916009)(66946007)(316002)(5660300002)(66476007)(66556008)(6512007)(43062005); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: quTNTCe6T4lU6SxS2cuRcuRQQ8f0Oy0xLmTHxEC+hA71Dkc1dJ9BFxf88hfqa9hrL/dSWLlRzHu1JZMkaxNuOu6Ts/nv0Bn5x1/6qZWTn7nka8w1Cmsdzk5F1RC06LyVvKkpFCdSKHkZcUwm1IQZZBkcmH3mJc7aDZZNoNEmMYUtm1CZR0450SqgUPuCZ19rnCjHxx9SP1aTz1gOVNtzKUrTa1payHMZ96jJ2BUCpDZUisby94PXAUQQra9yy7sHcMg+RSaVBB+QXxxU73YhcHtgNxjMXyUdoY1yHIqGTCH1sAki19RDLnA8oMaBvLdWlb39YA2d1emUl+F/R/COKBq/8/sDsb9J/aUZSAvvIELgj8Wpdw4EKVXMGoME35pKW1APVU5U8OLg4+RLHCbDlAHKbezQCnm6o59sVu4RKT7Sx85AQO6riIDFx4hxwEqLPXnsCboQ2IalXcbqemjM8tjVbLarTNFIVTER7gyt2eaY2gnwfsF3Sl8D/pP/+Mwj8rZyTV5RniESqU4jYE0CfoD8i1xVzJO6E7wShWcvV/UI1oQucBANf2dcmYzXhJNp2ssSYWGljWeJVNCdXsWXctpBh8wAqhTZJAFHbyQ4C3ad9EIHwXRg5lP6hKU+2qhQ0AIcxAix7FVS+LY4pjfmXcf0ljHZugsQnyPtFpAfDzg/RN7gbGoSzPbWTpWWItgch9FxHaI9L8h8kTvxx1FnfWgBEUbG8oS0WRq6uYEtd8B7VMR9xfboqGBJzfPkAeqGxc8ZukBOSozzhRwlXcWRySGZgeTE08d/1wKLf6ANNLWFup9B+aO6H4hYGrRNn5YOYSzUmZszC4ZMjThhG8QrKhliflXGZ7NSCulXtiB1W4I2IjG326VcsQFD+R2wkWaWS/e2Vl0jpVNGeBY74/NOlWwfDMsDuIs8Y8ZEqG76KkqBKEzTk9CBVihfHaflAya4R8a/2i0YqVkvf5Zg8OeGChcao24VKmenu/ZlMIK6tRFXMIyWepfrlkh/Brn7VVwSOnQEmAoVW4qrJ8r9CnxSOUg70EuvHf8LVdVXTo2omL5XJ6m9On4pM5LdWqv9ekdbIHXVkpGY+JZMZZA9DiQTRnxr5tkAhbZhom9MeaGsoP8TYN/J8YW3wEBR4u3hskdKSDDFTre08skuPeEEwnz+aecZ+Tnb0hy5q/lsf0IcYrfIuS16xReRoogVH/Lw0pZGRRIVMJG2hvEjbJtgD8TWWLuC/dZa8aLo41mf/7oXuXlMWL1iAMm4EWgGDbASWi9/b75wIx+ZLGDF/0G2dgB4cSb+sER74FsM/gcZMzOEwackhzmdRF+akU+nw3+8AB0jY1br/pSnOxpBaZbA7xRUcwISyNxFlkmxLIEvfKw5mF0PfTg8DDp6U7Dog3ZZcnfocI3y2vrh712a34tRKrgsTbhNNn17yR/ga8gJbk/90PtUaM43c/J2xnUqDojF2DdxhTA/RsqcklC86nbILKSI3iiWLF1UvXbRA6hY3vjfl/pVKguVCnub3oYblX9UZH/9pSc1XfCZgAEfh08582QIecZJl3he7g6eny5poNhrNosMBSWzWz5xTJqyLR9qZ3OhsyCBC5nf5pWgp6lZZaDGmg== X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15bb651e-8ac3-41c1-8f21-08da55d200a3 X-MS-Exchange-CrossTenant-AuthSource: SN6PR05MB5935.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2022 11:09:27.2620 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XDlmdzt2QYH+r3dweG55il08iuRun+8ry99a9i6RyDFhVRPlAOy37SDnjK/S7wCd2ZTIG0S95ZYj4o4AW4c02WdYpeNvl9c6rbMbsSjsguE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5505 Cc: ldejing Subject: [ovs-dev] [PATCH v1 1/2] datapath-windows:Fix icmp related error code. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: ldejing via dev From: ldejing Reply-To: ldejing Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: ldejing When icmp error code send back to sender, currently ovs ct can't create conntrack for the error code properly, this patch mainly fix the bug. icmp error code test case: 1) packet too big. 2) network unreachable 3) parameter problem Signed-off-by: ldejing Signed-off-by: ldejing --- datapath-windows/ovsext/Conntrack-icmp.c | 6 +++++- datapath-windows/ovsext/Conntrack.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c index 9221f8518..081eb73d9 100644 --- a/datapath-windows/ovsext/Conntrack-icmp.c +++ b/datapath-windows/ovsext/Conntrack-icmp.c @@ -78,7 +78,11 @@ OvsConntrackValidateIcmp6Packet(const ICMPHdr *icmp) return FALSE; } - return icmp->type == ICMP6_ECHO_REQUEST; + return icmp->type == ICMP6_ECHO_REQUEST || + icmp->type == ICMP6_PACKET_TOO_BIG || + icmp->type == ICMP6_DST_UNREACH || + icmp->type == ICMP6_TIME_EXCEEDED || + icmp->type == ICMP6_PARAM_PROB; } OVS_CT_ENTRY * diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 471bf961b..f56349640 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -356,8 +356,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, const ICMPHdr *icmp; icmp = OvsGetIcmp(curNbl, layers->l4Offset, &storage); if (!OvsConntrackValidateIcmp6Packet(icmp)) { - if(icmp) { - OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u", + if (icmp) { + OVS_LOG_TRACE("Invalid ICMP6 packet detected, icmp->type %u", icmp->type); } state = OVS_CS_F_INVALID; From patchwork Fri Jun 24 11:09:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ldejing X-Patchwork-Id: 1647826 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=uSc2NIXm; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LTvY4663Yz9s0w for ; Fri, 24 Jun 2022 21:10:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 905B9425D3; Fri, 24 Jun 2022 11:10:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 905B9425D3 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key, unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=uSc2NIXm X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f50YUKcF9cAo; Fri, 24 Jun 2022 11:10:12 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0D234425CE; Fri, 24 Jun 2022 11:10:10 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 0D234425CE Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D3FCFC0039; Fri, 24 Jun 2022 11:10:10 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 14BB3C002D for ; Fri, 24 Jun 2022 11:10:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id F254A40605 for ; Fri, 24 Jun 2022 11:10:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org F254A40605 Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=vmware.com header.i=@vmware.com header.a=rsa-sha256 header.s=selector2 header.b=uSc2NIXm X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPrQDpkGd__5 for ; Fri, 24 Jun 2022 11:10:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org C921C405D4 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1anam02on2066.outbound.protection.outlook.com [40.107.96.66]) by smtp2.osuosl.org (Postfix) with ESMTPS id C921C405D4 for ; Fri, 24 Jun 2022 11:10:06 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UWju4A/rpKzdyTvoKHoD7G6eVOHT5gSNoAK0qSqPNBOW6OhxNqf5WrLd4gsR7ic0uwL+HGNb63hsUD8/OhQgLzEMXTssmBYW2RWDAOjvSMpFddaSz7iZlDL4j+Dog+aQhoRG7HToHWNQSkc0tGzTbCw4qS9jISFXxHHKtLY4T1S8OQ3c4QwRKaFWq5qTOlnfuEOFMNHzxt90ELAzk7lSOWkrJc6+da6D6l8Fu/I6h8+RkHUnHV2kfkzRBah0G/iE9M2xxFEC17f5JWT2ct0Ya5COFxfAMQgpbhwdqhQQPJlqgFjFb1zFICsQ1YiE065nx+rYcCXqzXajQhkM6JtByg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qFVWnW8SCv+Lyhrdfd7Abm/i517C+cVsauCbcFAil8E=; b=agPhSaOkFna8iA19Njc1Nt7vE8CIfGFhrXMAQmj++zL/VWa7vxRpLAqaEhggbkJrYllBDVOvY5pCXx29vtkhCgT43txmvDVh527d9r8qPkn62UIPSZ6+H9JIRZxq2kyw788mXVXZMHPIg6dJSGwBXld+8C/nR7Wu+/thDxPViDJS+/EPf8unjpVU8s1u6H4UGUdRXkOZwiosuNq4X3guEbITMUzktGU3hVrOrbE+TakvD/Yav+x2HtpYw38+iZeTANWqr/G0GdfAG5mS/JOWeC/ip8S7/4L2wzAi48GvSRSl1e08j/ADEUXp9Uwsah+9m/3pU7J8YSli/JyLMLhyxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vmware.com; dmarc=pass action=none header.from=vmware.com; dkim=pass header.d=vmware.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qFVWnW8SCv+Lyhrdfd7Abm/i517C+cVsauCbcFAil8E=; b=uSc2NIXm7sh4tbke7PJLNfobR8n9kLibKgbcfKb6Mw2BpEbdD9WGZZgxPDmmemH/y9AxcQTmS5ntpftc0daWUGbjQR3gOsNMu0xhbZNk37tJ0KTLYp8m89ZBrWlmJk1TWzg3/IqQDm9mRSCavEF7zrfOK1vbbv3hkjHE0GHVRO4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vmware.com; Received: from SN6PR05MB5935.namprd05.prod.outlook.com (2603:10b6:805:100::18) by BL0PR05MB5505.namprd05.prod.outlook.com (2603:10b6:208:6a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15; Fri, 24 Jun 2022 11:10:04 +0000 Received: from SN6PR05MB5935.namprd05.prod.outlook.com ([fe80::c01f:f0f6:9240:911]) by SN6PR05MB5935.namprd05.prod.outlook.com ([fe80::c01f:f0f6:9240:911%3]) with mapi id 15.20.5373.015; Fri, 24 Jun 2022 11:10:04 +0000 To: dev@openvswitch.org Date: Fri, 24 Jun 2022 19:09:09 +0800 Message-Id: <20220624110909.88892-2-svc.ovs-community@vmware.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20220624110909.88892-1-svc.ovs-community@vmware.com> References: <20220624110909.88892-1-svc.ovs-community@vmware.com> X-ClientProxiedBy: SG2PR03CA0112.apcprd03.prod.outlook.com (2603:1096:4:91::16) To SN6PR05MB5935.namprd05.prod.outlook.com (2603:10b6:805:100::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: abef9767-18d0-4195-287b-08da55d216ac X-MS-TrafficTypeDiagnostic: BL0PR05MB5505:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cB3YBFAadsw+HOf+X2GoObBFzBJsxv8+OsI4RB+XcYM4gZURZEobGnqUOKRbRn01mssQJhj8SSEC/Q5Pw5y/S8qYReXwMJsTEYpJfNUPS5YTJ7NN7CHFXRjPgx2ls1T2ovQxc06QaGQz9kS0YYMvUDbGQs/fc/cQkhq0bYcnsMycfNnC5zuAa5dWUFYSaFB97eDnA6mTGzYzIH7A5LRYpG26n39AHitwcHnGTlJ+AS9VB3YhVV5eGsoqLaO/2gBeDR8X6oQKzwH8gji4eigxxPBLH9ao2I+BGKS60PkyMhhnintfBBlZ6Vo+EnRzi2wyaRvt4PHNs7FU3Xq1LSrUIBgd8KeshoJqWu/PaJFWvJ/g1hYXxIil7+09Xr6rXTXMlJj0m5CNWlvctOpvN4EJP+XwWhCt89creosVspxL2uZhBrN3p9Gc2T9PX+2XRsYgp697gKX1+8LR3a0yGydZezBb8kNajWOfQcZbrVk8zGbHnMeJvNaEMQsCDsgObSIirbFk5h353Kmay81XeHsNBhtnB/zA6o8kHyOQXMzaZIWi2rltqCVTGGLrAhTZ63D3mAQVL69d4B7dRnRd5TV1E8DDjuXAIPaA4uof27RFipefzwbhMXblxi8Z0UwLLfs4b3s2ka9NJxaCW9DqyawA/I1mdte0MgsG4wWXnl2WTm3dAOlxcOCZAipRv6JSIANFh+JPbIxPz0jNaB/ssesjvkGvQIVehxx4g4lNaS+dA0uXtdYNICV2dDpb18aKB2j/jydgLI9NbKGebXUe4jxbeLNXgOrkm9VUDV22xh7tT466fV/LtrjfeYVBP65wC32qzJ8wUSXVIddti3qAPT5XmuNNYS+sq73jf5/Bfnw5I9mjYpwsuQ1FlN7TH5C46jaJZIrf5mQZKXBOUaLEnNDg59U8KS1FJ3auuKV52zCszYdrh6zXQHhgwqOQg/O+WEgT X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR05MB5935.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(186003)(1076003)(8676002)(6486002)(86362001)(38100700002)(4326008)(41300700001)(52116002)(107886003)(2616005)(26005)(38350700002)(30864003)(19627235002)(83380400001)(478600001)(36756003)(6506007)(2906002)(8936002)(6916009)(66946007)(316002)(5660300002)(66476007)(966005)(66556008)(6512007)(43062005); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hM6kMyVlkwSon3kHZX3KIzLgzDzJmqD1kk/Kp4FQURg56m7FBNe4hlu3NeJXItZdxGaDidhA0j4TNdV9/EaxRyty9ro4cWL2VLBLcotcN1LD7BHrn7QtuoU15OaNtEZj8sQTkgZGcELONde13O40xL6P3qUpMy6hAK+Z8psdhkRBIlGl8nA8PciM8o0G4Il5cw6TzUm3to+lsjzct7h/XeDxtpdCjt6Jb80nr0loPBYuEBAeIYAZkPRcGvuw5hMUDzhmwWmOt/YZS2lm7tq74X4p+NmS8OqhHHkjzqVzKKonnpdtWGhbRXlgnrXgh2l5qRoZAlMu6H+A5IQQmeaif+tqC7an1HkBVOsLGfdqqOYX/sYt0W7CtTx1duasUNC0NFKxxE99euNIK5j7u/nnw9/V9nXFNY4+NfH/qL4lzzOQKcFk+4+L/uBCgUb7zjgjO5dM8LoOs7WfLaykCjG0gRN4CtKgpkBwK4GxQx4nUQXS5JETtN1W4saUkYDU+o5eKlLl+FHGW/h9Qdyl1Q2dZqu7CUBpq5MwlGSrSWWstlV9XyOhCxDGvNGCzCJiwXAuryrTIwrB9isVCA5JBRJhuHFU+p7gH6pKCmCCUK9wI3VcR7VYrPMBExHUMLQG6Xo9/1101ECbocxER5Ymg5TderkDBKJyZ2c+foFnUBghWlPopgJPyheYEseXc2XHkBNNcH2EQMoiUQrGzqN+sDfyhPAjCbvg6XaK0mJ/lpTSYJGt7cER8KLGS02omgfI9UzxPfEhbpj/58Ar9Q+FzQsIROgqOZGQyuyT+ER5gQjWDQMjeqQrNvOiARjSRkHNBVwQl0tRMDD2ICFPUo6BlW98BpI9aNvMsQA2CbRUJp4A7i3bok6WWxN+kTy6cJbXYLeyXud1mONRmOnOOba2HZe9VpvLEkvT1CqwaOmDef8htx8ifRgX6dJOPicPveyhsX8KWmgC3HDSZChrYAyah/81UmdUshdYG9D9A5W38zFwkX53lMXudgzD25ufzw+O+JgGk7MOE1bdm1nsVOuFYbikno4UwCGp5iHBSpSHogpbsVaLF0zXBCAgYPDnr2T82h9LxMtqti0ENtdg/883fTFlCTRbMy2wClV8t8r58hFp0nKCpGgAd4c2JborR2aoh7Oaf1nBXPW48ZePpmBTsspZqN/N96keUDUNm+34zyUuE5OCaaUcZhd/bHnemFfN1PnEO7RLwiEVcatLnMBt1Z2qaIIV4cze99lRIWIhYZtt8bgdAVU2BpTO5yYdVo+pJnX7OeQ7VrZ7gaE2myvU9QJFuCdlrkDwVYLLyka3iVYzDBiBnIFfAmSD2W4M9g4f0S0q6LaDOpC4GaD9ci1n5w5MjLK88JPudnc8g0rlafc3Xx51o6amEQSvzwYzshsVee6Kglb5kFScAV3n71S7C9Qw1LuW4pzT40KK2PT7aR8cbysxpYmT6F1LRi8U3HLnyyeAZi9AAQvoB+tgQxvD2ESGCTZtyLFWmk+SSJBVUxUPJsGGc6Cd1UgCsrCP8OVr6kZG5C2ECvV0VNhQYgoLNQe9OqE12WWbTOydmkrtI7vQiZgX8NyyDmkfMG3JtVVCTmuoOgMmJtMgVJEszGbKuFEPfw== X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: abef9767-18d0-4195-287b-08da55d216ac X-MS-Exchange-CrossTenant-AuthSource: SN6PR05MB5935.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2022 11:10:04.1501 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SE9QObbOxMJaMJvuoog7U5doJ1N7E0WH6J8YFx+ipSvitpAD0RTsGgvLz/go7FOelxSInCXI0ieYyM/iUki/G3td9qi4HZCx7dAHuihb4O4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5505 Cc: ldejing Subject: [ovs-dev] [PATCH v1 2/2] datapath-windows: Alg support for ftp and tftp in conntrack X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: ldejing via dev From: ldejing Reply-To: ldejing Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: ldejing This patch mainly support alg field in ct action when process ftp/tftp traffic. Tftp with alg mainly parse the tftp packet (IPv4/IPv6), extract connect info from the tftp packet and create the related connection. For ftp, previous version has supported process of ftp traffic. However, previous version regard traffic from or to port 21 as ftp traffic, this is incorrect in some scenario. This version adds alg field in ct for ftp traffic, we could use ct(alg=ftp) to process any ftp traffic from/to any port. IPv4/IPv6. Test cases: 1) ftp ipv4/ipv6 use alg field in the normal and nat scenario. 2) tftp ipv4/ipv6 use alg field in the normal and nat scenario. Signed-off-by: ldejing --- Documentation/intro/install/windows.rst | 186 ++++++++++++++------ datapath-windows/ovsext/Actions.c | 1 - datapath-windows/ovsext/Conntrack-ftp.c | 109 ++++++------ datapath-windows/ovsext/Conntrack-related.c | 30 +++- datapath-windows/ovsext/Conntrack-tcp.c | 53 ++++++ datapath-windows/ovsext/Conntrack.c | 77 ++++++-- datapath-windows/ovsext/Conntrack.h | 19 +- include/windows/netinet/in.h | 1 + 8 files changed, 348 insertions(+), 128 deletions(-) diff --git a/Documentation/intro/install/windows.rst b/Documentation/intro/install/windows.rst index 0a392d781..303e22ee6 100644 --- a/Documentation/intro/install/windows.rst +++ b/Documentation/intro/install/windows.rst @@ -852,78 +852,164 @@ related state. normal scenario Vif38(20::1, ofport:2)->Vif40(20:2, ofport:3) - Vif38Name="podvif38" - Vif40Name="podvif40" + Vif38Name="podvif70" + Vif40Name="Ethernet1" Vif38Port=2 - Vif38Address="20::1" - Vif38MacAddressCli="00-15-5D-F0-01-0b" + Vif38Address="20::88" Vif40Port=3 - Vif40Address="20::2" - Vif40MacAddressCli="00-15-5D-F0-01-0C" + Vif40Address="20::45" + Vif40MacAddressCli="00-50-56-98-9d-97" + Vif38MacAddressCli="00-15-5D-F0-01-0B" Protocol="tcp6" - > netsh int ipv6 set neighbors $Vif38Name $Vif40Address \ - $Vif40MacAddressCli - > netsh int ipv6 set neighbors $Vif40Name $Vif38Address \ - $Vif38MacAddressCli - > ovs-ofctl del-flows br-int --strict "table=0,priority=0" - > ovs-ofctl add-flow br-int "table=0,priority=1,$Protocol \ + > netsh int ipv6 set neighbors $Vif38Name $Vif40Address $Vif40MacAddressCli + > netsh int ipv6 set neighbors $Vif42Name $Vif38Ip $Vif38MacAddressCli + > ovs-ofctl del-flows br-test --strict "table=0,priority=0" + > ovs-ofctl add-flow br-test "table=0,priority=1,$Protocol actions=ct(table=1)" - > ovs-ofctl add-flow br-int "table=1,priority=1,ct_state=+new+trk-est, \ + > ovs-ofctl add-flow br-test "table=1,priority=1,tp_dst=21, $Protocol,\ + actions=ct(commit,table=2,alg=ftp)" + > ovs-ofctl add-flow br-test "table=1,priority=1,tp_src=21, $Protocol,\ + actions=ct(commit,table=2,alg=ftp)" + > ovs-ofctl add-flow br-test "table=1,priority=1, ct_state=+new+trk+rel,\ $Protocol,actions=ct(commit,table=2)" - > ovs-ofctl add-flow br-int "table=1,priority=1, \ - ct_state=-new+trk+est-rel, $Protocol,actions=ct(commit,table=2)" - > ovs-ofctl add-flow br-int "table=1,priority=1, \ - ct_state=-new+trk+est+rel, $Protocol,actions=ct(commit,table=2)" - > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \ + > ovs-ofctl add-flow br-test "table=1,priority=1, \ + ct_state=-new+trk+est+rel,$Protocol,actions=ct(commit,table=2)" + > ovs-ofctl add-flow br-test "table=2,priority=1,ip6,\ ipv6_dst=$Vif38Address,$Protocol,actions=output:$Vif38Port" - > ovs-ofctl add-flow br-int "table=2,priority=1,ip6, \ + > ovs-ofctl add-flow br-test "table=2,priority=1,ip6,\ ipv6_dst=$Vif40Address,$Protocol,actions=output:$Vif40Port" + :: nat scenario Vif38(20::1, ofport:2) -> nat address(20::9) -> Vif42(21::3, ofport:4) Due to not construct flow to return neighbor mac address, we set the neighbor mac address manually + Vif38Name="podvif70" + Vif42Name="Ethernet1" + Vif38Ip="20::88" Vif38Port=2 - Vif42Port=4 - Vif38Name="podvif38" - Vif42Name="podvif42" + Vif42Port=3 NatAddress="20::9" NatMacAddress="aa:bb:cc:dd:ee:ff" NatMacAddressForCli="aa-bb-cc-dd-ee-ff" Vif42Ip="21::3" - Vif38MacAddress="00:15:5D:F0:01:0B" - Vif42MacAddress="00:15:5D:F0:01:0D" + Vif38MacAddress="00:15:5D:F0:01:14" + Vif38MacAddressCli="00-15-5D-F0-01-14" + Vif42MacAddress="00:50:56:98:9d:97" Protocol="tcp6" - > netsh int ipv6 set neighbors $Vif38Name $NatAddress \ - $NatMacAddressForCli - > netsh int ipv6 set neighbors $Vif42Name $NatAddress \ - $NatMacAddressForCli - > ovs-ofctl del-flows br-int --strict "table=0,priority=0" - > ovs-ofctl add-flow br-int "table=0,priority=2,ipv6, \ - dl_dst=$NatMacAddress,ct_state=-trk,$Protocol \ - actions=ct(table=1,zone=456,nat)" - > ovs-ofctl add-flow br-int "table=0,priority=1,ipv6, \ - ct_state=-trk,ip6,$Protocol actions=ct(nat, zone=456,table=1)" - > ovs-ofctl add-flow br-int "table=1,ipv6,in_port=$Vif38Port, \ - ipv6_dst=$NatAddress,ct_state=+trk+new,$Protocol \ - actions=ct(commit,nat(dst=$Vif42Ip),zone=456, \ - exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress, \ - mod_dl_dst=$Vif42MacAddress,output:$Vif42Port" - > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+dnat,$Protocol, \ - action=resubmit(,2)" - > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+trk+snat, \ - $Protocol,action=resubmit(,2)" - > ovs-ofctl add-flow br-int "table=1,ipv6,ct_state=+trk+rel,$Protocol, \ - action=resubmit(,2)" - > ovs-ofctl add-flow br-int "table=2,ipv6,in_port=$Vif38Port, \ - ipv6_dst=$Vif42Ip,$Protocol, actions=mod_dl_src=$NatMacAddress, \ + netsh int ipv6 set neighbors $Vif38Name $NatAddress $NatMacAddressForCli + netsh int ipv6 set neighbors $Vif42Name $Vif38Ip $Vif38MacAddressCli + > ovs-ofctl del-flows br-test --strict "table=0,priority=0" + > ovs-ofctl add-flow br-test "table=0,priority=2,ipv6,ipv6_dst=$NatAddress,\ + ct_state=-trk,$Protocol actions=ct(table=1,zone=456)" + > ovs-ofctl add-flow br-test "table=0,priority=1,ipv6,ipv6_dst=$Vif38Ip,\ + ct_state=-trk,ip6,$Protocol actions=ct(zone=456,table=1)" + > ovs-ofctl add-flow br-test "table=1,priority=2,ipv6,in_port=$Vif38Port,\ + ipv6_dst=$NatAddress,ct_state=+trk-rel,tp_dst=21,$Protocol \ + actions=ct(commit,alg=ftp,nat(dst=$Vif42Ip),zone=456, \ + exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress,\ mod_dl_dst=$Vif42MacAddress,output:$Vif42Port" - > ovs-ofctl add-flow br-int "table=2,ipv6,in_port=$Vif42Port, \ - ct_state=-new+est,ct_mark=1,ct_zone=456,$Protocol, \ - actions=mod_dl_src=$NatMacAddress,mod_dl_dst=$Vif38MacAddress, \ + > ovs-ofctl add-flow br-test "table=1,priority=1,ipv6,ct_state=+trk-rel,\ + ipv6_dst=$Vif38Ip,$Protocol,action=ct(nat,alg=ftp,zone=456,table=2)" + > ovs-ofctl add-flow br-test "table=1,ipv6,ct_state=+trk+rel,\ + ipv6_dst=$NatAddress,$Protocol,\ + action=ct(table=2,commit,nat(dst=$Vif42Ip),\ + zone=456, exec(set_field:1->ct_mark))" + > ovs-ofctl add-flow br-test "table=1,ipv6,ct_state=+trk+rel,$Protocol,\ + ipv6_dst=$Vif38Ip, action=ct(nat,zone=456,table=2)" + > ovs-ofctl add-flow br-test "table=2,ipv6,ipv6_dst=$Vif42Ip,$Protocol,\ + actions=mod_dl_src=$NatMacAddress, mod_dl_dst=$Vif42MacAddress,\ + output:$Vif42Port" + > ovs-ofctl add-flow br-test "table=2,ipv6,ipv6_dst=$Vif38Ip,\ + ct_state=-new+est,ct_mark=1,ct_zone=456,$Protocol,\ + actions=mod_dl_src=$NatMacAddress,mod_dl_dst=$Vif38MacAddress,\ output:$Vif38Port" + > ovs-ofctl add-flow br-test "table=2,ipv6,ipv6_dst=$Vif38Ip,\ + ct_state=+new,ct_mark=1,ct_zone=456,$Protocol,\ + actions=mod_dl_src=$NatMacAddress,\ + mod_dl_dst=$Vif38MacAddress, output:$Vif38Port" + +Tftp same with ftp, it also contains a related connection, we could use +following follow test the tftp connection. + +:: + + normal scenario + Vif38Name="podvif70" + Vif40Name="Ethernet1" + Vif38Port=2 + Vif38Address="20::88" + Vif40Port=3 + Vif40Address="20::45" + Vif40MacAddressCli="00-50-56-98-9d-97" + Vif38MacAddressCli="00-15-5D-F0-01-14" + Protocol="udp6" + netsh int ipv6 set neighbors $Vif38Name $Vif40Address $Vif40MacAddressCli + netsh int ipv6 set neighbors $Vif40Name $Vif38Address $Vif38MacAddressCli + > ovs-ofctl del-flows br-test --strict "table=0,priority=0" + > ovs-ofctl add-flow br-test "table=0,priority=1,$Protocol, + ipv6_src=$Vif38Address actions=ct(table=1)" + > ovs-ofctl add-flow br-test "table=0,priority=1,$Protocol, + ipv6_src=$Vif40Address actions=ct(table=1)" + > ovs-ofctl add-flow br-test "table=1,priority=1,ct_state=+new+trk-est, + tp_dst=69,$Protocol,udp6 actions=ct(commit,alg=tftp,table=2)" + > ovs-ofctl add-flow br-test "table=1,priority=1,ct_state=-new+trk+est-rel,\ + udp6 $Protocol,actions=ct(commit,table=2)" + > ovs-ofctl add-flow br-test "table=1,priority=1,ct_state=-new+trk+est+rel,\ + $Protocol,actions=ct(commit,table=2)" + > ovs-ofctl add-flow br-test "table=1,priority=1,ct_state=+new+trk+rel,\ + $Protocol,actions=ct(commit,table=2)" + > ovs-ofctl add-flow br-test "table=2,priority=1,ip6,\ + ipv6_dst=$Vif38Address,$Protocol,actions=output:$Vif38Port" + > ovs-ofctl add-flow br-test "table=2,priority=1,ip6,\ + ipv6_dst=$Vif40Address,$Protocol,actions=output:$Vif40Port" + +:: + + nat scenario + Vif38Name="podvif70" + Vif42Name="Ethernet1" + Vif38Ip="20::88" + Vif38Port=2 + Vif42Port=3 + NatAddress="20::9" + NatMacAddress="aa:bb:cc:dd:ee:ff" + NatMacAddressForCli="aa-bb-cc-dd-ee-ff" + Vif42Ip="21::3" + Vif38MacAddress="00:15:5D:F0:01:14" + Vif38MacAddressCli="00-15-5D-F0-01-14" + Vif42MacAddress="00:50:56:98:9d:97" + Protocol="ip6" + netsh int ipv6 set neighbors $Vif38Name $NatAddress $NatMacAddressForCli + netsh int ipv6 set neighbors $Vif42Name $Vif38Ip $Vif38MacAddressCli + > ovs-ofctl del-flows br-test --strict "table=0,priority=0" + > ovs-ofctl add-flow br-test "table=0,priority=2,ipv6,\ + dl_dst=$NatMacAddress,ct_state=-trk,$Protocol \ + actions=ct(table=1,zone=456)" + > ovs-ofctl add-flow br-test "table=0,priority=1,ipv6,ct_state=-trk,ip6,\ + $Protocol actions=ct(table=1,zone=456)" + > ovs-ofctl add-flow br-test "table=1,in_port=$Vif38Port,\ + ipv6_dst=$NatAddress,ct_state=+trk+new-rel,$Protocol,udp6\ + actions=ct(commit,alg=tftp,nat(dst=$Vif42Ip),zone=456,\ + exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress,\ + mod_dl_dst=$Vif42MacAddress,output:$Vif42Port" + > ovs-ofctl add-flow br-test "table=1,ipv6,in_port=$Vif42Port,\ + ipv6_dst=$Vif38Ip,ct_state=+trk+rel-rpl,$Protocol\ + actions=ct(commit,nat(src=$NatAddress),zone=456,\ + exec(set_field:1->ct_mark)),mod_dl_src=$NatMacAddress,\ + mod_dl_dst=$Vif38MacAddress,output:$Vif38Port" + > ovs-ofctl add-flow br-test "table=1,ipv6,ct_state=+trk+rel+est+rpl,\ + $Protocol,action=ct(nat,table=2,zone=456)" + > ovs-ofctl add-flow br-test "table=2,ipv6,in_port=$Vif38Port,\ + ct_state=+rel+dnat,ipv6_dst=$Vif42Ip,$Protocol,\ + actions=mod_dl_src=$NatMacAddress,mod_dl_dst=$Vif42MacAddress,\ + output:$Vif42Port" + > ovs-ofctl add-flow br-test "table=2,ipv6,in_port=$Vif42Port,\ + ct_state=-new+est,$Protocol,actions=mod_dl_src=$NatMacAddress,\ + mod_dl_dst=$Vif38MacAddress,output:$Vif38Port" + .. note:: diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 20de4db4c..3100532e1 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -2378,7 +2378,6 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext, } OvsExecuteHash(key, (const PNL_ATTR)a); - break; } diff --git a/datapath-windows/ovsext/Conntrack-ftp.c b/datapath-windows/ovsext/Conntrack-ftp.c index 066723685..6775496cf 100644 --- a/datapath-windows/ovsext/Conntrack-ftp.c +++ b/datapath-windows/ovsext/Conntrack-ftp.c @@ -122,12 +122,9 @@ OvsCtExtractNumbers(char *buf, *---------------------------------------------------------------------------- */ NDIS_STATUS -OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, - OvsFlowKey *key, - OVS_PACKET_HDR_INFO *layers, - UINT64 currentTime, - POVS_CT_ENTRY entry, - BOOLEAN request) +OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key, + OVS_PACKET_HDR_INFO *layers, UINT64 currentTime, + POVS_CT_ENTRY entry) { NDIS_STATUS status = NDIS_STATUS_SUCCESS; FTP_TYPE ftpType = 0; @@ -157,52 +154,51 @@ OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, OvsStrlcpy((char *)ftpMsg, (char *)buf, min(len, sizeof(ftpMsg))); char *req = NULL; - if (request) { - if ((len >= 5) && (OvsStrncmp("PORT", ftpMsg, 4) == 0)) { - ftpType = FTP_TYPE_ACTIVE; - req = ftpMsg + 4; - } else if ((len >= 5) && (OvsStrncmp("EPRT", ftpMsg, 4) == 0)) { - ftpType = FTP_EXTEND_TYPE_ACTIVE; - req = ftpMsg + 4; + if ((len >= 5) && (OvsStrncmp("PORT", ftpMsg, 4) == 0)) { + ftpType = FTP_TYPE_ACTIVE; + req = ftpMsg + 4; + } else if ((len >= 5) && (OvsStrncmp("EPRT", ftpMsg, 4) == 0)) { + ftpType = FTP_EXTEND_TYPE_ACTIVE; + req = ftpMsg + 4; + } + + if ((len >= 4) && (OvsStrncmp(FTP_PASV_RSP_PREFIX, ftpMsg, 3) == 0)) { + ftpType = FTP_TYPE_PASV; + /* There are various formats for PASV command. We try to support + * some of them. This has been addressed by RFC 2428 - EPSV. + * Eg: + * 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). + * 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2 + * 227 Entering Passive Mode. h1,h2,h3,h4,p1,p2 + * 227 =h1,h2,h3,h4,p1,p2 + */ + char *paren; + paren = strchr(ftpMsg, '('); + if (paren) { + req = paren + 1; + } else { + /* PASV command without ( */ + req = ftpMsg + 3; + } + } else if ((len >= 4) && ( + OvsStrncmp(FTP_EXTEND_PASV_RSP_PREFIX, ftpMsg, 3) == 0)) { + ftpType = FTP_EXTEND_TYPE_PASV; + /* The ftp extended passive mode only contain port info, ip address + * is same with the network protocol used by control connection. + * 229 Entering Extended Passive Mode (|||port|) + * */ + char *paren; + paren = strchr(ftpMsg, '|'); + if (paren) { + req = paren + 3; + } else { + /* Not a valid EPSV packet. */ + return NDIS_STATUS_INVALID_PACKET; } - } else { - if ((len >= 4) && (OvsStrncmp(FTP_PASV_RSP_PREFIX, ftpMsg, 3) == 0)) { - ftpType = FTP_TYPE_PASV; - /* There are various formats for PASV command. We try to support - * some of them. This has been addressed by RFC 2428 - EPSV. - * Eg: - * 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). - * 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2 - * 227 Entering Passive Mode. h1,h2,h3,h4,p1,p2 - * 227 =h1,h2,h3,h4,p1,p2 - */ - char *paren; - paren = strchr(ftpMsg, '('); - if (paren) { - req = paren + 1; - } else { - /* PASV command without ( */ - req = ftpMsg + 3; - } - } else if ((len >= 4) && (OvsStrncmp(FTP_EXTEND_PASV_RSP_PREFIX, ftpMsg, 3) == 0)) { - ftpType = FTP_EXTEND_TYPE_PASV; - /* The ftp extended passive mode only contain port info, ip address - * is same with the network protocol used by control connection. - * 229 Entering Extended Passive Mode (|||port|) - * */ - char *paren; - paren = strchr(ftpMsg, '|'); - if (paren) { - req = paren + 3; - } else { - /* Not a valid EPSV packet. */ - return NDIS_STATUS_INVALID_PACKET; - } - if (!(*req > '0' && * req < '9')) { - /* Not a valid port number. */ - return NDIS_STATUS_INVALID_PACKET; - } + if (!(*req > '0' && * req < '9')) { + /* Not a valid port number. */ + return NDIS_STATUS_INVALID_PACKET; } } @@ -226,8 +222,15 @@ OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, (arr[2] << 8) | arr[3]); port = ntohs(((arr[4] << 8) | arr[5])); - serverIp.ipv4 = ip; - clientIp.ipv4 = key->ipKey.nwDst; + if (ftpType == FTP_TYPE_ACTIVE) { + serverIp.ipv4 = key->ipKey.nwDst; + clientIp.ipv4 = ip; + } + + if (ftpType == FTP_TYPE_PASV) { + serverIp.ipv4 = ip; + clientIp.ipv4 = key->ipKey.nwDst; + } } else { if (ftpType == FTP_EXTEND_TYPE_ACTIVE) { /** In ftp active mode, we need to parse string like below: @@ -239,7 +242,7 @@ OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, char *nextHdr = NULL; int index = 0; int isIpv6AddressFamily = 0; - char ftpStr[1024] = {0x00}; + char ftpStr[512] = {0x00}; RtlCopyMemory(ftpStr, req, strlen(req)); for (curHdr = ftpStr; *curHdr != '|'; curHdr++); diff --git a/datapath-windows/ovsext/Conntrack-related.c b/datapath-windows/ovsext/Conntrack-related.c index f985c7631..99b1553da 100644 --- a/datapath-windows/ovsext/Conntrack-related.c +++ b/datapath-windows/ovsext/Conntrack-related.c @@ -40,6 +40,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey) /* FTP PASV - Client initiates the connection from unknown port */ if ((incomingKey.dl_type == entryKey.dl_type) && (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) && + (incomingKey.nw_proto == IPPROTO_TCP) && (incomingKey.dst.addr.ipv4 == entryKey.src.addr.ipv4) && (incomingKey.dst.port == entryKey.src.port) && (incomingKey.src.addr.ipv4 == entryKey.dst.addr.ipv4) && @@ -49,6 +50,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey) if ((incomingKey.dl_type == entryKey.dl_type) && (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) && + (incomingKey.nw_proto == IPPROTO_TCP) && !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.src.addr.ipv6), sizeof(incomingKey.dst.addr.ipv6)) && (incomingKey.dst.port == entryKey.src.port) && @@ -65,6 +67,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey) */ if ((incomingKey.dl_type == entryKey.dl_type) && (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) && + (incomingKey.nw_proto == IPPROTO_TCP) && (incomingKey.src.addr.ipv4 == entryKey.src.addr.ipv4) && (incomingKey.dst.addr.ipv4 == entryKey.dst.addr.ipv4) && (incomingKey.dst.port == entryKey.dst.port) && @@ -74,6 +77,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey) if ((incomingKey.dl_type == entryKey.dl_type) && (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) && + (incomingKey.nw_proto == IPPROTO_TCP) && !memcmp(&(incomingKey.src.addr.ipv6), &(entryKey.src.addr.ipv6), sizeof(incomingKey.src.addr.ipv6)) && !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.dst.addr.ipv6), @@ -83,6 +87,31 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey) return TRUE; } + /* Tftp protocol */ + if ((incomingKey.dl_type == entryKey.dl_type) && + (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) && + (incomingKey.nw_proto == IPPROTO_UDP) && + !memcmp(&(incomingKey.src.addr.ipv4), &(entryKey.src.addr.ipv4), + sizeof(incomingKey.src.addr.ipv4)) && + !memcmp(&(incomingKey.dst.addr.ipv4), &(entryKey.dst.addr.ipv4), + sizeof(incomingKey.dst.addr.ipv4)) && + (incomingKey.dst.port == entryKey.dst.port) && + (incomingKey.nw_proto == entryKey.nw_proto)) { + return TRUE; + } + + if ((incomingKey.dl_type == entryKey.dl_type) && + (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) && + (incomingKey.nw_proto == IPPROTO_UDP) && + !memcmp(&(incomingKey.src.addr.ipv6), &(entryKey.src.addr.ipv6), + sizeof(incomingKey.src.addr.ipv6)) && + !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.dst.addr.ipv6), + sizeof(incomingKey.dst.addr.ipv6)) && + (incomingKey.dst.port == entryKey.dst.port) && + (incomingKey.nw_proto == entryKey.nw_proto)) { + return TRUE; + } + return FALSE; } @@ -165,7 +194,6 @@ OvsCtRelatedEntryCreate(UINT8 ipProto, } UINT32 hash = OvsExtractCtRelatedKeyHash(&entry->key); - NdisAcquireRWLockWrite(ovsCtRelatedLockObj, &lockState, 0); InsertHeadList(&ovsCtRelatedTable[hash & CT_HASH_TABLE_MASK], &entry->link); diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index a468c3e6b..77370531c 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -37,6 +37,8 @@ */ #include "Conntrack.h" +#include "NetProto.h" +#include "PacketParser.h" #include struct tcp_peer { @@ -577,3 +579,54 @@ done: NlMsgEndNested(nlBuf, offset); return status; } + +NDIS_STATUS +OvsCtHandleTftp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key, + OVS_PACKET_HDR_INFO *layers, UINT64 currentTime, + POVS_CT_ENTRY entry) +{ + UDPHdr udpStorage; + const UDPHdr *udp = NULL; + struct ct_addr serverIp; + struct ct_addr clientIp; + NDIS_STATUS status = NDIS_STATUS_SUCCESS; + + udp = OvsGetUdp(curNbl, layers->l4Offset, &udpStorage); + if (!udp) { + return NDIS_STATUS_INVALID_PACKET; + } + + RtlZeroMemory(&serverIp, sizeof(serverIp)); + RtlZeroMemory(&clientIp, sizeof(clientIp)); + + if (OvsCtRelatedLookup(entry->key, currentTime)) { + return NDIS_STATUS_SUCCESS; + } + + if (layers->isIPv4) { + serverIp.ipv4 = key->ipKey.nwDst; + clientIp.ipv4 = key->ipKey.nwSrc; + status = OvsCtRelatedEntryCreate(key->ipKey.nwProto, + key->l2.dlType, + serverIp, + clientIp, + 0, + udp->source, + currentTime, + entry); + } else { + serverIp.ipv6 = key->ipv6Key.ipv6Dst; + clientIp.ipv6 = key->ipv6Key.ipv6Src; + status = OvsCtRelatedEntryCreate(key->ipv6Key.nwProto, + key->l2.dlType, + serverIp, + clientIp, + 0, + udp->source, + currentTime, + entry); + } + + return status; +} + diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index f56349640..cec010f28 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -874,13 +874,25 @@ OvsCtSetupLookupCtx(OvsFlowKey *flowKey, return NDIS_STATUS_INVALID_PACKET; } + /* It's only designed for unNat traffic, when reverse traffic comes, + * find the unNat table, if found the nat entry, based on the nat entry + * restore the conntrack, it will be stored in the ctx->key and then use the + * ctx->key lookup the conntrack table to find the corresponded + * entry with the traffic.*/ natEntry = OvsNatLookup(&ctx->key, TRUE); if (natEntry) { - /* Translate address first for reverse NAT */ + /* initial direction 20::1 -> 20::9, reverse direction 21::3 -> 20::1 + * 20::9 could be regarded as nat ip, before convert, ctx->key value + * is "21::3 -> 20::1", after convert, ctx->key value is + * "20::9->20::1" */ ctx->key = natEntry->ctEntry->key; OvsCtKeyReverse(&ctx->key); } else { - if (flowKey->l2.dlType == htons(ETH_TYPE_IPV4)) { + if (OvsNatLookup(&ctx->key, FALSE)) { + /* Do nothing here, this branch here used to exclude traffic + * described in https://github.com/openvswitch/ovs-issues/issues/237 + * */ + } else if (flowKey->l2.dlType == htons(ETH_TYPE_IPV4)) { OvsPickupCtTupleAsLookupKey(&(ctx->key), zone, flowKey); } } @@ -903,6 +915,18 @@ OvsDetectFtp6Packet(OvsFlowKey *key) { ntohs(key->ipv6Key.l4.tpSrc) == IPPORT_FTP)); } +static __inline BOOLEAN +OvsDetectTftpPacket(OvsFlowKey *key) { + return (key->ipKey.nwProto == IPPROTO_UDP && + (ntohs(key->ipKey.l4.tpDst) == IPPORT_TFTP)); +} + +static __inline BOOLEAN +OvsDetectTftp6Packet(OvsFlowKey *key) { + return (key->ipv6Key.nwProto == IPPROTO_UDP && + (ntohs(key->ipv6Key.l4.tpDst) == IPPORT_TFTP)); +} + /* *---------------------------------------------------------------------------- * OvsProcessConntrackEntry @@ -989,7 +1013,9 @@ OvsProcessConntrackEntry(OvsForwardingContext *fwdCtx, if (entry) { NdisAcquireSpinLock(&(entry->lock)); if ((layers->isIPv6 && key->ipv6Key.nwProto == IPPROTO_TCP) || - (!(layers->isIPv6) && key->ipKey.nwProto == IPPROTO_TCP)) { + (!(layers->isIPv6) && key->ipKey.nwProto == IPPROTO_TCP) || + (layers->isIPv6 && key->ipv6Key.nwProto == IPPROTO_UDP) || + (!(layers->isIPv6) && key->ipKey.nwProto == IPPROTO_UDP)) { /* Update the related bit if there is a parent */ if (entry->parent) { state |= OVS_CS_F_RELATED; @@ -1156,12 +1182,11 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx, NDIS_STATUS status = NDIS_STATUS_SUCCESS; BOOLEAN triggerUpdateEvent = FALSE; BOOLEAN entryCreated = FALSE; - BOOLEAN isFtpPacket = FALSE; - BOOLEAN isFtpRequestDirection = FALSE; POVS_CT_ENTRY entry = NULL; POVS_CT_ENTRY parent = NULL; PNET_BUFFER_LIST curNbl = fwdCtx->curNbl; OvsConntrackKeyLookupCtx ctx = { 0 }; + CT_HELPER_METHOD helpMethod = CT_HELPER_NONE; LOCK_STATE_EX lockStateTable; UINT64 currentTime; NdisGetCurrentSystemTime((LARGE_INTEGER *) ¤tTime); @@ -1241,32 +1266,52 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx, OvsCtSetMarkLabel(key, entry, mark, labels, &triggerUpdateEvent); + if (helper && RtlEqualMemory(helper, "ftp", sizeof("ftp"))) { + helpMethod = CT_HELPER_FTP; + } else if (helper && RtlEqualMemory(helper, "tftp", sizeof("tftp"))) { + helpMethod = CT_HELPER_TFTP; + } + + /* This code section was added to compatible with the old version, + * because old version regard all traffic to port 21 as ftp traffic, + * no need to add alg field in ct. Thus, the code was added to keep the + * same behavior for ftp and tftp.*/ if (layers->isIPv6) { - isFtpPacket = OvsDetectFtp6Packet(key); - if (ntohs(key->ipv6Key.l4.tpDst) == IPPORT_FTP) { - isFtpRequestDirection = TRUE; + if (OvsDetectFtp6Packet(key)) { + helpMethod = CT_HELPER_FTP; + } + + if (OvsDetectTftp6Packet(key)) { + helpMethod = CT_HELPER_TFTP; } } else { - isFtpPacket = OvsDetectFtpPacket(key); - if (ntohs(key->ipKey.l4.tpDst) == IPPORT_FTP) { - isFtpRequestDirection = TRUE; + if (OvsDetectFtpPacket(key)) { + helpMethod = CT_HELPER_FTP; + } + + if (OvsDetectTftpPacket(key)) { + helpMethod = CT_HELPER_TFTP; } } - if (isFtpPacket) { - /* FTP parser will always be loaded */ - status = OvsCtHandleFtp(curNbl, key, layers, currentTime, entry, - isFtpRequestDirection); + if (helpMethod == CT_HELPER_FTP) { + status = OvsCtHandleFtp(curNbl, key, layers, currentTime, entry); if (status != NDIS_STATUS_SUCCESS) { OVS_LOG_ERROR("Error while parsing the FTP packet"); } } + if (helpMethod == CT_HELPER_TFTP) { + status = OvsCtHandleTftp(curNbl, key, layers, currentTime, entry); + if (status != NDIS_STATUS_SUCCESS) { + OVS_LOG_ERROR("Error while parsing the TFTP packet"); + } + } + parent = entry->parent; /* The entry should have the same helper name with parent's */ if (!entry->helper_name && (helper || (parent && parent->helper_name))) { - helper = helper ? helper : parent->helper_name; entry->helper_name = OvsAllocateMemoryWithTag(strlen(helper) + 1, OVS_CT_POOL_TAG); diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h index b68a54f30..deb51c0bc 100644 --- a/datapath-windows/ovsext/Conntrack.h +++ b/datapath-windows/ovsext/Conntrack.h @@ -80,6 +80,12 @@ typedef enum _NAT_ACTION { NAT_ACTION_DST_PORT = 1 << 4, } NAT_ACTION; +typedef enum _CT_HELPER_METHOD { + CT_HELPER_NONE = 0, + CT_HELPER_FTP = 1, + CT_HELPER_TFTP = 2, +} CT_HELPER_METHOD; + typedef struct _OVS_CT_KEY { struct ct_endpoint src; struct ct_endpoint dst; @@ -218,11 +224,10 @@ NDIS_STATUS OvsCtRelatedEntryCreate(UINT8 ipProto, UINT64 currentTime, POVS_CT_ENTRY parent); POVS_CT_ENTRY OvsCtRelatedLookup(OVS_CT_KEY key, UINT64 currentTime); - -NDIS_STATUS OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, - OvsFlowKey *key, - OVS_PACKET_HDR_INFO *layers, - UINT64 currentTime, - POVS_CT_ENTRY entry, - BOOLEAN request); +NDIS_STATUS OvsCtHandleFtp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key, + OVS_PACKET_HDR_INFO *layers, UINT64 currentTime, + POVS_CT_ENTRY entry); +NDIS_STATUS OvsCtHandleTftp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key, + OVS_PACKET_HDR_INFO *layers, UINT64 currentTime, + POVS_CT_ENTRY entry); #endif /* __OVS_CONNTRACK_H_ */ diff --git a/include/windows/netinet/in.h b/include/windows/netinet/in.h index e4169994b..bae9f8cee 100644 --- a/include/windows/netinet/in.h +++ b/include/windows/netinet/in.h @@ -19,5 +19,6 @@ #define IPPROTO_GRE 47 #define IPPORT_FTP 21 +#define IPPORT_TFTP 69 #endif /* netinet/in.h */