diff mbox

[ovs-dev,v4,05/11] datapath-windows: Add support for Conntrack IPCTNL_MSG_CT_DELETE cmd in Datapath.c

Message ID 1467245333-8112-6-git-send-email-vsairam@vmware.com
State Superseded
Delegated to: Guru Shetty
Headers show

Commit Message

Sairam Venugopal June 30, 2016, 12:08 a.m. UTC 
Create new NETLINK_CMD and NETLINK_FAMILY to assist in flushing conntrack entries. Modify
Datapath.c to now support netfilter-netlink messages apart from the
existing netfilter-generic messages. Also hookup the command handler to
execute the OvsCtFlush in Conntrack.c

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com>
---
 datapath-windows/include/OvsDpInterfaceExt.h |  5 +++
 datapath-windows/ovsext/Datapath.c           | 63 ++++++++++++++++++++++++++--
 2 files changed, 64 insertions(+), 4 deletions(-)

Comments

Nithin Raju July 1, 2016, 2:14 a.m. UTC | #1 
Acked-by: Nithin Raju <nithin@vmware.com>

>+
> /* Windows kernel datapath extensions to the standard datapath
>interface. */
> 
> /* Version number of the datapath interface extensions. */
>@@ -65,6 +68,8 @@
> #define OVS_WIN_NL_VPORT_FAMILY_ID           (NLMSG_MIN_TYPE + 4)
> #define OVS_WIN_NL_FLOW_FAMILY_ID            (NLMSG_MIN_TYPE + 5)
> #define OVS_WIN_NL_NETDEV_FAMILY_ID          (NLMSG_MIN_TYPE + 6)
>+/* Conntrack Family is defined in OvsDpInterfaceCtExt.h */
>+#define OVS_WIN_NL_CT_FAMILY_ID              (NLMSG_MIN_TYPE + 7)

Also, pls. add a comment that ŒOVS_WIN_NL_CT_FAMILY_ID¹ is not used in the
messages per-se but is used internally in the kernel. We define it here as
a placeholder since we handle the CT family of commands.
diff mbox

Patch

diff --git a/datapath-windows/include/OvsDpInterfaceExt.h b/datapath-windows/include/OvsDpInterfaceExt.h
index e235376..eef470e 100644
--- a/datapath-windows/include/OvsDpInterfaceExt.h
+++ b/datapath-windows/include/OvsDpInterfaceExt.h
@@ -17,6 +17,9 @@ 
 #ifndef __OVS_DP_INTERFACE_EXT_H_
 #define __OVS_DP_INTERFACE_EXT_H_ 1
 
+#include "include/windows/linux/netfilter/nfnetlink.h"
+#include "include/windows/linux/netfilter/nfnetlink_conntrack.h"
+
 /* Windows kernel datapath extensions to the standard datapath interface. */
 
 /* Version number of the datapath interface extensions. */
@@ -65,6 +68,8 @@ 
 #define OVS_WIN_NL_VPORT_FAMILY_ID           (NLMSG_MIN_TYPE + 4)
 #define OVS_WIN_NL_FLOW_FAMILY_ID            (NLMSG_MIN_TYPE + 5)
 #define OVS_WIN_NL_NETDEV_FAMILY_ID          (NLMSG_MIN_TYPE + 6)
+/* Conntrack Family is defined in OvsDpInterfaceCtExt.h */
+#define OVS_WIN_NL_CT_FAMILY_ID              (NLMSG_MIN_TYPE + 7)
 
 #define OVS_WIN_NL_INVALID_MCGRP_ID          0
 #define OVS_WIN_NL_MCGRP_START_ID            100
diff --git a/datapath-windows/ovsext/Datapath.c b/datapath-windows/ovsext/Datapath.c
index b2c7020..c9e3709 100644
--- a/datapath-windows/ovsext/Datapath.c
+++ b/datapath-windows/ovsext/Datapath.c
@@ -103,7 +103,8 @@  NetlinkCmdHandler        OvsGetNetdevCmdHandler,
                          OvsDeleteVportCmdHandler,
                          OvsPendPacketCmdHandler,
                          OvsSubscribePacketCmdHandler,
-                         OvsReadPacketCmdHandler;
+                         OvsReadPacketCmdHandler,
+                         OvsCtDeleteCmdHandler;
 
 static NTSTATUS HandleGetDpTransaction(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
                                        UINT32 *replyLen);
@@ -282,6 +283,24 @@  NETLINK_FAMILY nlFLowFamilyOps = {
     .opsCount = ARRAY_SIZE(nlFlowFamilyCmdOps)
 };
 
+/* Netlink Ct family. */
+NETLINK_CMD nlCtFamilyCmdOps[] = {
+    { .cmd              = IPCTNL_MSG_CT_DELETE,
+      .handler          = OvsCtDeleteCmdHandler,
+      .supportedDevOp   = OVS_TRANSACTION_DEV_OP,
+      .validateDpIndex  = TRUE
+    }
+};
+
+NETLINK_FAMILY nlCtFamilyOps = {
+    .name     = OVS_CT_FAMILY, /* Keep this for consistency*/
+    .id       = OVS_WIN_NL_CT_FAMILY_ID, /* Keep this for consistency*/
+    .version  = OVS_CT_VERSION, /* Keep this for consistency*/
+    .maxAttr  = OVS_NL_CT_ATTR_MAX,
+    .cmds     = nlCtFamilyCmdOps,
+    .opsCount = ARRAY_SIZE(nlCtFamilyCmdOps)
+};
+
 /* Netlink netdev family. */
 NETLINK_CMD nlNetdevFamilyCmdOps[] = {
     { .cmd = OVS_WIN_NETDEV_CMD_GET,
@@ -885,6 +904,9 @@  OvsDeviceControl(PDEVICE_OBJECT deviceObject,
 
     ASSERT(ovsMsg);
     switch (ovsMsg->nlMsg.nlmsgType) {
+    case NFNL_TYPE_CT_DEL:
+        nlFamilyOps = &nlCtFamilyOps;
+        break;
     case OVS_WIN_NL_CTRL_FAMILY_ID:
         nlFamilyOps = &nlControlFamilyOps;
         break;
@@ -961,6 +983,30 @@  ValidateNetlinkCmd(UINT32 devOp,
         goto done;
     }
 
+    /*
+     *  Verify if the Netlink message is part of Netfilter Netlink
+     *  This is currently used by Conntrack
+     */
+    if (IS_NFNL_CMD(ovsMsg->nlMsg.nlmsgType)) {
+
+        /* Validate Netfilter Netlink version is 0 */
+        if (ovsMsg->nfGenMsg.version != NFNETLINK_V0) {
+            status = STATUS_INVALID_PARAMETER;
+            goto done;
+        }
+
+        /* Validate Netfilter Netlink Subsystem */
+        if (NFNL_SUBSYS_ID(ovsMsg->nlMsg.nlmsgType)
+            != NFNL_SUBSYS_CTNETLINK) {
+            status = STATUS_INVALID_PARAMETER;
+            goto done;
+        }
+
+        /* Exit the function because there aren't any other validations */
+        status = STATUS_SUCCESS;
+        goto done;
+    }
+
     for (i = 0; i < nlFamilyOps->opsCount; i++) {
         if (nlFamilyOps->cmds[i].cmd == ovsMsg->genlMsg.cmd) {
             /* Validate if the command is valid for the device operation. */
@@ -1021,9 +1067,17 @@  InvokeNetlinkCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
 {
     NTSTATUS status = STATUS_INVALID_PARAMETER;
     UINT16 i;
+    UINT8 cmd;
+
+    if (IS_NFNL_CMD(usrParamsCtx->ovsMsg->nlMsg.nlmsgType)) {
+        /* If nlMsg is of type Netfilter-Netlink parse the Cmd accordingly */
+        cmd = NFNL_MSG_TYPE(usrParamsCtx->ovsMsg->nlMsg.nlmsgType);
+    } else {
+        cmd = usrParamsCtx->ovsMsg->genlMsg.cmd;
+    }
 
     for (i = 0; i < nlFamilyOps->opsCount; i++) {
-        if (nlFamilyOps->cmds[i].cmd == usrParamsCtx->ovsMsg->genlMsg.cmd) {
+        if (nlFamilyOps->cmds[i].cmd == cmd) {
             NetlinkCmdHandler *handler = nlFamilyOps->cmds[i].handler;
             ASSERT(handler);
             if (handler) {
@@ -1055,8 +1109,9 @@  InvokeNetlinkCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
             POVS_MESSAGE_ERROR msgError = (POVS_MESSAGE_ERROR)
                 usrParamsCtx->outputBuffer;
 
-            if (usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_EVENT_NOTIFY ||
-                usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_READ_NOTIFY) {
+            if (!IS_NFNL_CMD(usrParamsCtx->ovsMsg->nlMsg.nlmsgType) &&
+                (usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_EVENT_NOTIFY ||
+                 usrParamsCtx->ovsMsg->genlMsg.cmd == OVS_CTRL_CMD_READ_NOTIFY)) {
                 /* There's no input buffer associated with such requests. */
                 NL_BUFFER nlBuffer;
                 msgIn = &msgInTmp;