Message ID | 20170504221254.7896-3-kumaranand@vmware.com |
---|---|
State | Accepted |
Headers | show |
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> > -----Original Message----- > From: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev- > bounces@openvswitch.org] On Behalf Of Anand Kumar > Sent: Friday, May 5, 2017 1:13 AM > To: dev@openvswitch.org > Subject: [ovs-dev] [PATCH v8 2/5] datapath-windows: Added Ipv4 fragments > support in Conntrack > > This patch adds support for tracking Ipv4 fragments in conntrack module. > Individual fragments are not tracked and are consumed by the > fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked > and treated as a single ct entry. > > Signed-off-by: Anand Kumar <kumaranand@vmware.com> > --- > v7->v8: No change > v6->v7: Made changes to use FowardingCtx and initialize forwarding ctx > for the reassembled packet > v5->v6: No Change > v4->v5: > - Removed MRU argument from function declarations as MRU is now > retained > in _OVS_BUFFER_CONTEXT. > v3->v4: No Change > v2->v3: > - Updated log messages and fixed alignment. > v1->v2: No change > --- > datapath-windows/ovsext/Actions.c | 21 +++++++++++++++++++-- > datapath-windows/ovsext/Conntrack.c | 23 ++++++++++++++++------- > 2 files changed, 35 insertions(+), 9 deletions(-) > > diff --git a/datapath-windows/ovsext/Actions.c b/datapath- > windows/ovsext/Actions.c > index 3bd00a7..b5c13c7 100644 > --- a/datapath-windows/ovsext/Actions.c > +++ b/datapath-windows/ovsext/Actions.c > @@ -1975,12 +1975,29 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT > switchContext, > } > } > > + PNET_BUFFER_LIST oldNbl = ovsFwdCtx.curNbl; > status = OvsExecuteConntrackAction(&ovsFwdCtx, key, > (const PNL_ATTR)a); > if (status != NDIS_STATUS_SUCCESS) { > - OVS_LOG_ERROR("CT Action failed"); > - dropReason = L"OVS-conntrack action failed"; > + /* Pending NBLs are consumed by Defragmentation. */ > + if (status != NDIS_STATUS_PENDING) { > + OVS_LOG_ERROR("CT Action failed"); > + dropReason = L"OVS-conntrack action failed"; > + } > goto dropit; > + } else if (oldNbl != ovsFwdCtx.curNbl) { > + /* > + * OvsIpv4Reassemble consumes the original NBL and creates a > + * new one and assigns it to the curNbl of ovsFwdCtx. > + */ > + OvsInitForwardingCtx(&ovsFwdCtx, > + ovsFwdCtx.switchContext, > + ovsFwdCtx.curNbl, > + ovsFwdCtx.srcVportNo, > + ovsFwdCtx.sendFlags, > + > NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(ovsFwdCtx.curNbl), > + ovsFwdCtx.completionList, > + &ovsFwdCtx.layers, FALSE); > } > break; > } > diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath- > windows/ovsext/Conntrack.c > index 8658910..dce0c1b 100644 > --- a/datapath-windows/ovsext/Conntrack.c > +++ b/datapath-windows/ovsext/Conntrack.c > @@ -15,6 +15,7 @@ > */ > > #include "Conntrack.h" > +#include "IpFragment.h" > #include "Jhash.h" > #include "PacketParser.h" > #include "Event.h" > @@ -317,13 +318,20 @@ OvsCtEntryExpired(POVS_CT_ENTRY entry) } > > static __inline NDIS_STATUS > -OvsDetectCtPacket(OvsFlowKey *key) > +OvsDetectCtPacket(OvsForwardingContext *fwdCtx, > + OvsFlowKey *key, > + PNET_BUFFER_LIST *newNbl) > { > /* Currently we support only Unfragmented TCP packets */ > switch (ntohs(key->l2.dlType)) { > case ETH_TYPE_IPV4: > if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) { > - return NDIS_STATUS_NOT_SUPPORTED; > + return OvsProcessIpv4Fragment(fwdCtx->switchContext, > + &fwdCtx->curNbl, > + fwdCtx->completionList, > + fwdCtx->fwdDetail->SourcePortId, > + key->tunKey.tunnelId, > + newNbl); > } > if (key->ipKey.nwProto == IPPROTO_TCP > || key->ipKey.nwProto == IPPROTO_UDP @@ -707,6 +715,7 @@ > OvsCtExecute_(PNET_BUFFER_LIST curNbl, > *--------------------------------------------------------------------------- > * OvsExecuteConntrackAction > * Executes Conntrack actions XXX - Add more > + * For the Ipv4 fragments, consume the orginal fragment NBL > *--------------------------------------------------------------------------- > */ > NDIS_STATUS > @@ -723,10 +732,10 @@ > OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx, > PCHAR helper = NULL; > PNET_BUFFER_LIST curNbl = fwdCtx->curNbl; > OVS_PACKET_HDR_INFO *layers = &fwdCtx->layers; > - > + PNET_BUFFER_LIST newNbl = NULL; > NDIS_STATUS status; > > - status = OvsDetectCtPacket(key); > + status = OvsDetectCtPacket(fwdCtx, key, &newNbl); > if (status != NDIS_STATUS_SUCCESS) { > return status; > } > @@ -765,9 +774,9 @@ OvsExecuteConntrackAction(OvsForwardingContext > *fwdCtx, > /* Force implicitly means commit */ > commit = TRUE; > } > - > - status = OvsCtExecute_(curNbl, key, layers, commit, force, > - zone, mark, labels, helper); > + /* If newNbl is not allocated, use the current Nbl*/ > + status = OvsCtExecute_(newNbl != NULL ? newNbl : curNbl, key, layers, > + commit, force, zone, mark, labels, helper); > return status; > } > > -- > 2.9.3.windows.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 3bd00a7..b5c13c7 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -1975,12 +1975,29 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext, } } + PNET_BUFFER_LIST oldNbl = ovsFwdCtx.curNbl; status = OvsExecuteConntrackAction(&ovsFwdCtx, key, (const PNL_ATTR)a); if (status != NDIS_STATUS_SUCCESS) { - OVS_LOG_ERROR("CT Action failed"); - dropReason = L"OVS-conntrack action failed"; + /* Pending NBLs are consumed by Defragmentation. */ + if (status != NDIS_STATUS_PENDING) { + OVS_LOG_ERROR("CT Action failed"); + dropReason = L"OVS-conntrack action failed"; + } goto dropit; + } else if (oldNbl != ovsFwdCtx.curNbl) { + /* + * OvsIpv4Reassemble consumes the original NBL and creates a + * new one and assigns it to the curNbl of ovsFwdCtx. + */ + OvsInitForwardingCtx(&ovsFwdCtx, + ovsFwdCtx.switchContext, + ovsFwdCtx.curNbl, + ovsFwdCtx.srcVportNo, + ovsFwdCtx.sendFlags, + NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(ovsFwdCtx.curNbl), + ovsFwdCtx.completionList, + &ovsFwdCtx.layers, FALSE); } break; } diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 8658910..dce0c1b 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -15,6 +15,7 @@ */ #include "Conntrack.h" +#include "IpFragment.h" #include "Jhash.h" #include "PacketParser.h" #include "Event.h" @@ -317,13 +318,20 @@ OvsCtEntryExpired(POVS_CT_ENTRY entry) } static __inline NDIS_STATUS -OvsDetectCtPacket(OvsFlowKey *key) +OvsDetectCtPacket(OvsForwardingContext *fwdCtx, + OvsFlowKey *key, + PNET_BUFFER_LIST *newNbl) { /* Currently we support only Unfragmented TCP packets */ switch (ntohs(key->l2.dlType)) { case ETH_TYPE_IPV4: if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) { - return NDIS_STATUS_NOT_SUPPORTED; + return OvsProcessIpv4Fragment(fwdCtx->switchContext, + &fwdCtx->curNbl, + fwdCtx->completionList, + fwdCtx->fwdDetail->SourcePortId, + key->tunKey.tunnelId, + newNbl); } if (key->ipKey.nwProto == IPPROTO_TCP || key->ipKey.nwProto == IPPROTO_UDP @@ -707,6 +715,7 @@ OvsCtExecute_(PNET_BUFFER_LIST curNbl, *--------------------------------------------------------------------------- * OvsExecuteConntrackAction * Executes Conntrack actions XXX - Add more + * For the Ipv4 fragments, consume the orginal fragment NBL *--------------------------------------------------------------------------- */ NDIS_STATUS @@ -723,10 +732,10 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx, PCHAR helper = NULL; PNET_BUFFER_LIST curNbl = fwdCtx->curNbl; OVS_PACKET_HDR_INFO *layers = &fwdCtx->layers; - + PNET_BUFFER_LIST newNbl = NULL; NDIS_STATUS status; - status = OvsDetectCtPacket(key); + status = OvsDetectCtPacket(fwdCtx, key, &newNbl); if (status != NDIS_STATUS_SUCCESS) { return status; } @@ -765,9 +774,9 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx, /* Force implicitly means commit */ commit = TRUE; } - - status = OvsCtExecute_(curNbl, key, layers, commit, force, - zone, mark, labels, helper); + /* If newNbl is not allocated, use the current Nbl*/ + status = OvsCtExecute_(newNbl != NULL ? newNbl : curNbl, key, layers, + commit, force, zone, mark, labels, helper); return status; }
This patch adds support for tracking Ipv4 fragments in conntrack module. Individual fragments are not tracked and are consumed by the fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked and treated as a single ct entry. Signed-off-by: Anand Kumar <kumaranand@vmware.com> --- v7->v8: No change v6->v7: Made changes to use FowardingCtx and initialize forwarding ctx for the reassembled packet v5->v6: No Change v4->v5: - Removed MRU argument from function declarations as MRU is now retained in _OVS_BUFFER_CONTEXT. v3->v4: No Change v2->v3: - Updated log messages and fixed alignment. v1->v2: No change --- datapath-windows/ovsext/Actions.c | 21 +++++++++++++++++++-- datapath-windows/ovsext/Conntrack.c | 23 ++++++++++++++++------- 2 files changed, 35 insertions(+), 9 deletions(-)