From patchwork Fri Jun 24 19:03:24 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sairam Venugopal <vsairam@vmware.com>
X-Patchwork-Id: 640384
X-Patchwork-Delegate: guru@ovn.org
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (archives.nicira.com [96.126.127.54])
	by ozlabs.org (Postfix) with ESMTP id 3rbnnB3zpzz9s9Y
	for <incoming@patchwork.ozlabs.org>;
	Sat, 25 Jun 2016 05:04:14 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 990A110CD3;
	Fri, 24 Jun 2016 12:03:49 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx1e3.cudamail.com (mx1.cudamail.com [69.90.118.67])
	by archives.nicira.com (Postfix) with ESMTPS id 64ABF10C77
	for <dev@openvswitch.org>; Fri, 24 Jun 2016 12:03:45 -0700 (PDT)
Received: from bar5.cudamail.com (localhost [127.0.0.1])
	by mx1e3.cudamail.com (Postfix) with ESMTPS id E1B214205DA
	for <dev@openvswitch.org>; Fri, 24 Jun 2016 13:03:44 -0600 (MDT)
X-ASG-Debug-ID: 1466795024-09eadd24bd21eaa0001-byXFYA
Received: from mx3-pf1.cudamail.com ([192.168.14.2]) by bar5.cudamail.com
	with
	ESMTP id wSsEKVysjhmi7rFT (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Fri, 24 Jun 2016 13:03:44 -0600 (MDT)
X-Barracuda-Envelope-From: vsairam@vmware.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.2
Received: from unknown (HELO EX13-EDG-OU-001.vmware.com) (208.91.0.189)
	by mx3-pf1.cudamail.com with ESMTPS (AES256-SHA encrypted);
	24 Jun 2016 19:03:44 -0000
Received-SPF: unknown (mx3-pf1.cudamail.com: domain at _spf.vmwa does not
	designate permitted sender hosts)
Received: from sc9-mailhost3.vmware.com (10.113.161.73) by
	EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP
	Server id 15.0.1156.6; Fri, 24 Jun 2016 12:03:41 -0700
Received: from localhost.localdomain (htb-1s-eng-dhcp151.eng.vmware.com
	[10.33.78.151])
	by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 3F2BA405BC;
	Fri, 24 Jun 2016 12:03:43 -0700 (PDT)
X-CudaMail-Envelope-Sender: vsairam@vmware.com
From: Sairam Venugopal <vsairam@vmware.com>
To: <dev@openvswitch.org>
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-V1-623036104
X-CudaMail-DTE: 062416
X-CudaMail-Originating-IP: 208.91.0.189
Date: Fri, 24 Jun 2016 12:03:24 -0700
X-ASG-Orig-Subj: [##CM-V1-623036104##][PATCH v3 4/9] datapath-windows: Add
	support for Conntrack IPCTNL_MSG_CT_DELETE cmd in Datapath.c
Message-ID: <1466795009-5328-5-git-send-email-vsairam@vmware.com>
X-Mailer: git-send-email 2.5.0.windows.1
In-Reply-To: <1466795009-5328-1-git-send-email-vsairam@vmware.com>
References: <1466795009-5328-1-git-send-email-vsairam@vmware.com>
MIME-Version: 1.0
Received-SPF: None (EX13-EDG-OU-001.vmware.com: vsairam@vmware.com does not
	designate permitted sender hosts)
X-Barracuda-Connect: UNKNOWN[192.168.14.2]
X-Barracuda-Start-Time: 1466795024
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [PATCH v3 4/9] datapath-windows: Add support for
	Conntrack IPCTNL_MSG_CT_DELETE cmd in Datapath.c
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

Create new NETLINK_CMD and NETLINK_FAMILY to assist in flushing conntrack entries. Modify
Datapath.c to now support netfilter-netlink messages apart from the
existing netfilter-generic messages. Also hookup the command handler to
execute the OvsCtFlush in Conntrack.c

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
---
 datapath-windows/include/OvsDpInterfaceExt.h | 17 ++++++
 datapath-windows/ovsext/Datapath.c           | 82 ++++++++++++++++++++++++----
 2 files changed, 89 insertions(+), 10 deletions(-)

diff --git a/datapath-windows/include/OvsDpInterfaceExt.h b/datapath-windows/include/OvsDpInterfaceExt.h
index e235376..1044de7 100644
--- a/datapath-windows/include/OvsDpInterfaceExt.h
+++ b/datapath-windows/include/OvsDpInterfaceExt.h
@@ -17,6 +17,9 @@
 #ifndef __OVS_DP_INTERFACE_EXT_H_
 #define __OVS_DP_INTERFACE_EXT_H_ 1
 
+#include "include/windows/linux/netfilter/nfnetlink.h"
+#include "include/windows/linux/netfilter/nfnetlink_conntrack.h"
+
 /* Windows kernel datapath extensions to the standard datapath interface. */
 
 /* Version number of the datapath interface extensions. */
@@ -65,6 +68,7 @@
 #define OVS_WIN_NL_VPORT_FAMILY_ID           (NLMSG_MIN_TYPE + 4)
 #define OVS_WIN_NL_FLOW_FAMILY_ID            (NLMSG_MIN_TYPE + 5)
 #define OVS_WIN_NL_NETDEV_FAMILY_ID          (NLMSG_MIN_TYPE + 6)
+#define OVS_WIN_NL_CT_FAMILY_ID              (NLMSG_MIN_TYPE + 7)
 
 #define OVS_WIN_NL_INVALID_MCGRP_ID          0
 #define OVS_WIN_NL_MCGRP_START_ID            100
@@ -156,4 +160,17 @@ enum ovs_win_netdev_attr {
 typedef struct ovs_dp_stats OVS_DP_STATS;
 typedef enum ovs_vport_type OVS_VPORT_TYPE;
 
+/* Conntrack Netlink */
+#define NFNL_TYPE_CT_GET (NFNL_SUBSYS_CTNETLINK << 8 | IPCTNL_MSG_CT_GET)
+#define NFNL_TYPE_CT_DEL (NFNL_SUBSYS_CTNETLINK << 8 | IPCTNL_MSG_CT_DELETE)
+#define NFNL_SUBSYSTEM_TYPE(nlmsgType) (nlmsgType >> 8)
+#define NFNL_CT_CMD(nlmsgType) (nlmsgType & 0xff)
+#define IS_NFNL_CMD(nlmsgType) ((nlmsgType == NFNL_TYPE_CT_GET) || (nlmsgType == NFNL_TYPE_CT_DEL))
+#define OVS_NL_CT_ATTR_MAX (IPCTNL_MSG_MAX - 1)
+
+#define OVS_CT_FAMILY  "ovs_ct"
+#define OVS_CT_MCGROUP "ovs_ct"
+#define OVS_CT_VERSION 1
+
+
 #endif /* __OVS_DP_INTERFACE_EXT_H_ */
diff --git a/datapath-windows/ovsext/Datapath.c b/datapath-windows/ovsext/Datapath.c
index b2c7020..7cc8390 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
@@ -103,7 +103,8 @@ NetlinkCmdHandler        OvsGetNetdevCmdHandler,
                          OvsDeleteVportCmdHandler,
                          OvsPendPacketCmdHandler,
                          OvsSubscribePacketCmdHandler,
-                         OvsReadPacketCmdHandler;
+                         OvsReadPacketCmdHandler,
+                         OvsCtDeleteCmdHandler;
 
 static NTSTATUS HandleGetDpTransaction(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
                                        UINT32 *replyLen);
@@ -282,6 +283,24 @@ NETLINK_FAMILY nlFLowFamilyOps = {
     .opsCount = ARRAY_SIZE(nlFlowFamilyCmdOps)
 };
 
+/* Netlink Ct family. */
+NETLINK_CMD nlCtFamilyCmdOps[] = {
+    { .cmd              = IPCTNL_MSG_CT_DELETE,
+      .handler          = OvsCtDeleteCmdHandler,
+      .supportedDevOp   = OVS_TRANSACTION_DEV_OP,
+      .validateDpIndex  = TRUE
+    }
+};
+
+NETLINK_FAMILY nlCtFamilyOps = {
+    .name     = OVS_CT_FAMILY, /* Keep this for consistency*/
+    .id       = OVS_WIN_NL_CT_FAMILY_ID, /* Keep this for consistency*/
+    .version  = OVS_CT_VERSION, /* Keep this for consistency*/
+    .maxAttr  = OVS_NL_CT_ATTR_MAX,
+    .cmds     = nlCtFamilyCmdOps,
+    .opsCount = ARRAY_SIZE(nlCtFamilyCmdOps)
+};
+
 /* Netlink netdev family. */
 NETLINK_CMD nlNetdevFamilyCmdOps[] = {
     { .cmd = OVS_WIN_NETDEV_CMD_GET,
@@ -885,6 +904,9 @@ OvsDeviceControl(PDEVICE_OBJECT deviceObject,
 
     ASSERT(ovsMsg);
     switch (ovsMsg->nlMsg.nlmsgType) {
+    case NFNL_TYPE_CT_DEL:
+        nlFamilyOps = &nlCtFamilyOps;
+        break;
     case OVS_WIN_NL_CTRL_FAMILY_ID:
         nlFamilyOps = &nlControlFamilyOps;
         break;
@@ -961,6 +983,30 @@ ValidateNetlinkCmd(UINT32 devOp,
         goto done;
     }
 
+    /*
+        Verify if the Netlink message is part of Netfilter Netlink
+        This is currently used by Conntrack
+    */
+    if (IS_NFNL_CMD(ovsMsg->nlMsg.nlmsgType)) {
+
+        /* Validate Netfilter Netlink version is 0 */
+        if (ovsMsg->nfGenMsg.version != NFNETLINK_V0) {
+            status = STATUS_INVALID_PARAMETER;
+            goto done;
+        }
+
+        /* Validate Netfilter Netlink Subsystem */
+        if (NFNL_SUBSYSTEM_TYPE(ovsMsg->nlMsg.nlmsgType)
+            != NFNL_SUBSYS_CTNETLINK) {
+            status = STATUS_INVALID_PARAMETER;
+            goto done;
+        }
+
+        /* Exit the function because there aren't any other validations */
+        status = STATUS_SUCCESS;
+        goto done;
+    }
+
     for (i = 0; i < nlFamilyOps->opsCount; i++) {
         if (nlFamilyOps->cmds[i].cmd == ovsMsg->genlMsg.cmd) {
             /* Validate if the command is valid for the device operation. */
@@ -1022,14 +1068,29 @@ InvokeNetlinkCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
     NTSTATUS status = STATUS_INVALID_PARAMETER;
     UINT16 i;
 
-    for (i = 0; i < nlFamilyOps->opsCount; i++) {
-        if (nlFamilyOps->cmds[i].cmd == usrParamsCtx->ovsMsg->genlMsg.cmd) {
-            NetlinkCmdHandler *handler = nlFamilyOps->cmds[i].handler;
-            ASSERT(handler);
-            if (handler) {
-                status = handler(usrParamsCtx, replyLen);
+    if (IS_NFNL_CMD(usrParamsCtx->ovsMsg->nlMsg.nlmsgType)) {
+        /* If nlMsg is of type Netfilter-Netlink parse the Cmd accordingly */
+        UINT8 cmd = NFNL_CT_CMD(usrParamsCtx->ovsMsg->nlMsg.nlmsgType);
+        for (i = 0; i < nlFamilyOps->opsCount; i++) {
+            if (nlFamilyOps->cmds[i].cmd == cmd) {
+                NetlinkCmdHandler *handler = nlFamilyOps->cmds[i].handler;
+                ASSERT(handler);
+                if (handler) {
+                    status = handler(usrParamsCtx, replyLen);
+                }
+                break;
+            }
+        }
+    } else {
+        for (i = 0; i < nlFamilyOps->opsCount; i++) {
+            if (nlFamilyOps->cmds[i].cmd == usrParamsCtx->ovsMsg->genlMsg.cmd) {
+                NetlinkCmdHandler *handler = nlFamilyOps->cmds[i].handler;
+                ASSERT(handler);
+                if (handler) {
+                    status = handler(usrParamsCtx, replyLen);
+                }
+                break;
             }
-            break;
         }
     }
 
@@ -1055,8 +1116,9 @@ InvokeNetlinkCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
             POVS_MESSAGE_ERROR msgError = (POVS_MESSAGE_ERROR)
                 usrParamsCtx->outputBuffer;
 
-            if (usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_EVENT_NOTIFY ||
-                usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_READ_NOTIFY) {
+            if (!IS_NFNL_CMD(usrParamsCtx->ovsMsg->nlMsg.nlmsgType) &&
+                (usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_EVENT_NOTIFY ||
+                 usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_READ_NOTIFY)) {
                 /* There's no input buffer associated with such requests. */
                 NL_BUFFER nlBuffer;
                 msgIn = &msgInTmp;