From patchwork Sat Jul 15 17:22:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 788934 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3x8xGg1GLnz9s81 for ; Sun, 16 Jul 2017 03:23:23 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="QuWmCoRD"; dkim-atps=neutral Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DA9A398A; Sat, 15 Jul 2017 17:22:42 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D0B8A8E3 for ; Sat, 15 Jul 2017 17:22:40 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f66.google.com (mail-pg0-f66.google.com [74.125.83.66]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 49963167 for ; Sat, 15 Jul 2017 17:22:40 +0000 (UTC) Received: by mail-pg0-f66.google.com with SMTP id d193so14280310pgc.2 for ; Sat, 15 Jul 2017 10:22:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=1/3r66Cc4JgbX+uUae+5qzqkCHknhM+xnjRTUuxOYEQ=; b=QuWmCoRDh2IaqOoLx0VNbp5OJtGvmX2ErO702h+D2THOJ3EDnWMcje6cmkSWiTPu4P 2MxSvj6syv4b9SJYkCLgbhsVqJ7T+XIZVrGQ/Q+/6KR6ve/WBAVKY2symiNb151Y4iHT Cw3Yunu42CQsZTDQc6Ty3CVuAXBSmVbiHivueSBbAeo75vVj094ftKsWBaq3nS9IEfI0 /E/OvVSuyjmSWmWwVHz8Ul2ulYrq8FY08ndJLACVJq1bvlLA3eUPiXIRlwIFEuYD6o2Q gEnQEL44DKTWE8aoq06uUn7n0ONLvZRDbqCpS7BC3ZsTqOYw2eEgafMraYfs1F1tKr7h D5mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=1/3r66Cc4JgbX+uUae+5qzqkCHknhM+xnjRTUuxOYEQ=; b=lb1EoqoRi2sVbf+v5o5NtAmxw2n2ih0TgBgU3XvJpF54G9BD9bIRnWdEyIuCqiUmRy wh5KrhUbh1XWO3J7P9wNAm2oPfomRezEtTMXRfkYZ3U3KfzPJLdkZiTiA7cfc7eYH117 OVRAdWkRwSHgW6kUZYBRQdP0aRdsk8IX1wUG5PzrgOF9LFZSsOJc+6A2QIcCZv1D0ztm aeGuUUF3uyymyVUxpyNT54sZ0gO8YddIpWAF9xzDDAI0XuRXQvX1UVBVxGwW/Z89Nxs6 FHEXYYERNdjEBr4aQvGAVOB6DHutRUvIcKi+CdY457CvaxwpwX5/ZYkeU65kwp68uHO1 BEdg== X-Gm-Message-State: AIVw113WvHO7PnCQlCUjd9MXdkqMFX1XFHpaFWNL9erMZLTWNMMrw8Fs 2FDtDkv0QGhjz1Wm X-Received: by 10.99.63.206 with SMTP id m197mr20475146pga.170.1500139359901; Sat, 15 Jul 2017 10:22:39 -0700 (PDT) Received: from localhost.localdomain (c-73-162-236-45.hsd1.ca.comcast.net. [73.162.236.45]) by smtp.gmail.com with ESMTPSA id x23sm3580319pfk.102.2017.07.15.10.22.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 15 Jul 2017 10:22:39 -0700 (PDT) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Sat, 15 Jul 2017 10:22:22 -0700 Message-Id: <1500139345-54041-3-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500139345-54041-1-git-send-email-dlu998@gmail.com> References: <1500139345-54041-1-git-send-email-dlu998@gmail.com> X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch_v5 2/5] Userspace Datapath: Add TFTP support. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Both ipv4 and ipv6 are supported. Also, NAT support is included. Signed-off-by: Darrell Ball --- include/sparse/netinet/in.h | 1 + lib/conntrack.c | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/include/sparse/netinet/in.h b/include/sparse/netinet/in.h index 8a5b887..6dba458 100644 --- a/include/sparse/netinet/in.h +++ b/include/sparse/netinet/in.h @@ -75,6 +75,7 @@ struct sockaddr_in6 { #define IPPROTO_SCTP 132 #define IPPORT_FTP 21 +#define IPPORT_TFTP 69 /* All the IP options documented in Linux ip(7). */ #define IP_ADD_MEMBERSHIP 35 diff --git a/lib/conntrack.c b/lib/conntrack.c index 533009a..b45b06f 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -62,6 +62,7 @@ enum ftp_ctl_pkt { enum ct_alg_mode { CT_FTP_MODE_ACTIVE, CT_FTP_MODE_PASSIVE, + CT_TFTP_MODE, }; static bool conn_key_extract(struct conntrack *, struct dp_packet *, @@ -140,6 +141,11 @@ handle_ftp_ctl(struct conntrack *ct, const struct conn_lookup_ctx *ctx, const struct conn *conn_for_expectation, long long now, enum ftp_ctl_pkt ftp_ctl, bool nat); +static void +handle_tftp_ctl(struct conntrack *ct, + const struct conn *conn_for_expectation, + long long now); + static struct ct_l4_proto *l4_protos[] = { [IPPROTO_TCP] = &ct_proto_tcp, [IPPROTO_UDP] = &ct_proto_other, @@ -360,6 +366,21 @@ is_ftp_ctl(const struct dp_packet *pkt) } +static bool +is_tftp_ctl(const struct dp_packet *pkt) +{ + uint8_t ip_proto = get_ip_proto(pkt); + struct udp_header *uh = dp_packet_l4(pkt); + + /* CT_IPPORT_TFTP is used because IPPORT_TFTP in not defined in OSX, + * at least in in.h. Since this value will never change, remove + * the external dependency. */ +#define CT_IPPORT_TFTP 69 + return (ip_proto == IPPROTO_UDP && + uh->udp_dst == htons(CT_IPPORT_TFTP)); + +} + static void alg_exp_init_expiration(struct conntrack *ct, struct alg_exp_node *alg_exp_node, @@ -1056,8 +1077,9 @@ process_one(struct conntrack *ct, struct dp_packet *pkt, set_label(pkt, conn, &setlabel[0], &setlabel[1]); } + bool tftp_ctl = is_tftp_ctl(pkt); struct conn conn_for_expectation; - if (conn && ftp_ctl) { + if (conn && (ftp_ctl || tftp_ctl)) { conn_for_expectation = *conn; } @@ -1071,6 +1093,8 @@ process_one(struct conntrack *ct, struct dp_packet *pkt, if (OVS_UNLIKELY(conn && ftp_ctl)) { handle_ftp_ctl(ct, ctx, pkt, &conn_for_expectation, now, CT_FTP_CTL_INTEREST, !!nat_action_info); + } else if (OVS_UNLIKELY(conn && tftp_ctl)) { + handle_tftp_ctl(ct, &conn_for_expectation, now); } } @@ -2360,6 +2384,7 @@ expectation_create(struct conntrack *ct, switch (mode) { case CT_FTP_MODE_ACTIVE: + case CT_TFTP_MODE: src_addr = master_conn->rev_key.src.addr; dst_addr = master_conn->rev_key.dst.addr; alg_nat_repl_addr = master_conn->key.src.addr; @@ -2654,6 +2679,7 @@ process_ftp_ctl_v4(struct conntrack *ct, *v4_addr_rep = conn_for_expectation->key.dst.addr.ipv4_aligned; conn_ipv4_addr = conn_for_expectation->rev_key.src.addr.ipv4_aligned; break; + case CT_TFTP_MODE: default: OVS_NOT_REACHED(); } @@ -2765,6 +2791,7 @@ process_ftp_ctl_v6(struct conntrack *ct, case CT_FTP_MODE_PASSIVE: *v6_addr_rep = conn_for_expectation->key.dst.addr; break; + case CT_TFTP_MODE: default: OVS_NOT_REACHED(); } @@ -2942,3 +2969,13 @@ handle_ftp_ctl(struct conntrack *ct, const struct conn_lookup_ctx *ctx, csum_continue(tcp_csum, th, tail - (char *) th - pad)); return; } + +static void +handle_tftp_ctl(struct conntrack *ct, + const struct conn *conn_for_expectation, + long long now) +{ + expectation_create(ct, conn_for_expectation->key.src.port, now, + CT_TFTP_MODE, conn_for_expectation); + return; +}