| Message ID | 20180202224316.4828-1-kumaranand@vmware.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev,v2] datapath-windows: Add trace level logs in conntrack for invalid ct state. | expand |
Much better 😊 Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> -----Mesaj original----- De la: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev-bounces@openvswitch.org] În numele Anand Kumar Trimis: Saturday, February 3, 2018 12:43 AM Către: dev@openvswitch.org Subiect: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state. Signed-off-by: Anand Kumar <kumaranand@vmware.com> --- datapath-windows/ovsext/Conntrack-icmp.c | 1 + datapath-windows/ovsext/Conntrack-tcp.c | 4 ++++ datapath-windows/ovsext/Conntrack.c | 6 ++++++ 3 files changed, 11 insertions(+) diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c index 4da0665..28fe2bf 100644 --- a/datapath-windows/ovsext/Conntrack-icmp.c +++ b/datapath-windows/ovsext/Conntrack-icmp.c @@ -61,6 +61,7 @@ BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) { if (!icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be + NULL"); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index f8e85a2..8cbab24 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -444,12 +444,14 @@ BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp) { if (!tcp) { + OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be + NULL"); return FALSE; } UINT16 tcp_flags = ntohs(tcp->flags); if (OvsCtInvalidTcpFlags(tcp_flags)) { + OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", + tcp_flags); return FALSE; } @@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp) * totally new connections (syn) or already established, not partially * open (syn+ack). */ if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) { + OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed," + "tcp_flags %hu", tcp_flags); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 43c9dd3..678bedb 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, const ICMPHdr *icmp; icmp = OvsGetIcmp(curNbl, l4Offset, &storage); if (!OvsConntrackValidateIcmpPacket(icmp)) { + if(icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u", + icmp->type); + } state = OVS_CS_F_INVALID; break; } @@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, break; } default: + OVS_LOG_TRACE("Invalid packet detected, protocol not supported" + " ipProto %u", ipProto); state = OVS_CS_F_INVALID; break; } -- 2.9.3.windows.1
Applied on master. Ty! -----Mesaj original----- De la: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev-bounces@openvswitch.org] În numele aserdean@ovn.org Trimis: Saturday, February 3, 2018 12:48 AM Către: 'Anand Kumar' <kumaranand@vmware.com>; dev@openvswitch.org Subiect: Re: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state. Much better 😊 Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> -----Mesaj original----- De la: ovs-dev-bounces@openvswitch.org [mailto:ovs-dev-bounces@openvswitch.org] În numele Anand Kumar Trimis: Saturday, February 3, 2018 12:43 AM Către: dev@openvswitch.org Subiect: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state. Signed-off-by: Anand Kumar <kumaranand@vmware.com> --- datapath-windows/ovsext/Conntrack-icmp.c | 1 + datapath-windows/ovsext/Conntrack-tcp.c | 4 ++++ datapath-windows/ovsext/Conntrack.c | 6 ++++++ 3 files changed, 11 insertions(+) diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c index 4da0665..28fe2bf 100644 --- a/datapath-windows/ovsext/Conntrack-icmp.c +++ b/datapath-windows/ovsext/Conntrack-icmp.c @@ -61,6 +61,7 @@ BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) { if (!icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be + NULL"); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index f8e85a2..8cbab24 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -444,12 +444,14 @@ BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp) { if (!tcp) { + OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be + NULL"); return FALSE; } UINT16 tcp_flags = ntohs(tcp->flags); if (OvsCtInvalidTcpFlags(tcp_flags)) { + OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", + tcp_flags); return FALSE; } @@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp) * totally new connections (syn) or already established, not partially * open (syn+ack). */ if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) { + OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed," + "tcp_flags %hu", tcp_flags); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 43c9dd3..678bedb 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, const ICMPHdr *icmp; icmp = OvsGetIcmp(curNbl, l4Offset, &storage); if (!OvsConntrackValidateIcmpPacket(icmp)) { + if(icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u", + icmp->type); + } state = OVS_CS_F_INVALID; break; } @@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, break; } default: + OVS_LOG_TRACE("Invalid packet detected, protocol not supported" + " ipProto %u", ipProto); state = OVS_CS_F_INVALID; break; } -- 2.9.3.windows.1 _______________________________________________ dev mailing list dev@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list dev@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c index 4da0665..28fe2bf 100644 --- a/datapath-windows/ovsext/Conntrack-icmp.c +++ b/datapath-windows/ovsext/Conntrack-icmp.c @@ -61,6 +61,7 @@ BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) { if (!icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be NULL"); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index f8e85a2..8cbab24 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -444,12 +444,14 @@ BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp) { if (!tcp) { + OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be NULL"); return FALSE; } UINT16 tcp_flags = ntohs(tcp->flags); if (OvsCtInvalidTcpFlags(tcp_flags)) { + OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", tcp_flags); return FALSE; } @@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp) * totally new connections (syn) or already established, not partially * open (syn+ack). */ if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) { + OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed," + "tcp_flags %hu", tcp_flags); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 43c9dd3..678bedb 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, const ICMPHdr *icmp; icmp = OvsGetIcmp(curNbl, l4Offset, &storage); if (!OvsConntrackValidateIcmpPacket(icmp)) { + if(icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u", + icmp->type); + } state = OVS_CS_F_INVALID; break; } @@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, break; } default: + OVS_LOG_TRACE("Invalid packet detected, protocol not supported" + " ipProto %u", ipProto); state = OVS_CS_F_INVALID; break; }
Signed-off-by: Anand Kumar <kumaranand@vmware.com> --- datapath-windows/ovsext/Conntrack-icmp.c | 1 + datapath-windows/ovsext/Conntrack-tcp.c | 4 ++++ datapath-windows/ovsext/Conntrack.c | 6 ++++++ 3 files changed, 11 insertions(+)