@@ -1975,12 +1975,29 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext,
}
}
+ PNET_BUFFER_LIST oldNbl = ovsFwdCtx.curNbl;
status = OvsExecuteConntrackAction(&ovsFwdCtx, key,
(const PNL_ATTR)a);
if (status != NDIS_STATUS_SUCCESS) {
- OVS_LOG_ERROR("CT Action failed");
- dropReason = L"OVS-conntrack action failed";
+ /* Pending NBLs are consumed by Defragmentation. */
+ if (status != NDIS_STATUS_PENDING) {
+ OVS_LOG_ERROR("CT Action failed");
+ dropReason = L"OVS-conntrack action failed";
+ }
goto dropit;
+ } else if (oldNbl != ovsFwdCtx.curNbl) {
+ /*
+ * OvsIpv4Reassemble consumes the original NBL and creates a
+ * new one and assigns it to the curNbl of ovsFwdCtx.
+ */
+ OvsInitForwardingCtx(&ovsFwdCtx,
+ ovsFwdCtx.switchContext,
+ ovsFwdCtx.curNbl,
+ ovsFwdCtx.srcVportNo,
+ ovsFwdCtx.sendFlags,
+ NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL(ovsFwdCtx.curNbl),
+ ovsFwdCtx.completionList,
+ &ovsFwdCtx.layers, FALSE);
}
break;
}
@@ -15,6 +15,7 @@
*/
#include "Conntrack.h"
+#include "IpFragment.h"
#include "Jhash.h"
#include "PacketParser.h"
#include "Event.h"
@@ -317,13 +318,20 @@ OvsCtEntryExpired(POVS_CT_ENTRY entry)
}
static __inline NDIS_STATUS
-OvsDetectCtPacket(OvsFlowKey *key)
+OvsDetectCtPacket(OvsForwardingContext *fwdCtx,
+ OvsFlowKey *key,
+ PNET_BUFFER_LIST *newNbl)
{
/* Currently we support only Unfragmented TCP packets */
switch (ntohs(key->l2.dlType)) {
case ETH_TYPE_IPV4:
if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) {
- return NDIS_STATUS_NOT_SUPPORTED;
+ return OvsProcessIpv4Fragment(fwdCtx->switchContext,
+ &fwdCtx->curNbl,
+ fwdCtx->completionList,
+ fwdCtx->fwdDetail->SourcePortId,
+ key->tunKey.tunnelId,
+ newNbl);
}
if (key->ipKey.nwProto == IPPROTO_TCP
|| key->ipKey.nwProto == IPPROTO_UDP
@@ -707,6 +715,7 @@ OvsCtExecute_(PNET_BUFFER_LIST curNbl,
*---------------------------------------------------------------------------
* OvsExecuteConntrackAction
* Executes Conntrack actions XXX - Add more
+ * For the Ipv4 fragments, consume the orginal fragment NBL
*---------------------------------------------------------------------------
*/
NDIS_STATUS
@@ -723,10 +732,10 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
PCHAR helper = NULL;
PNET_BUFFER_LIST curNbl = fwdCtx->curNbl;
OVS_PACKET_HDR_INFO *layers = &fwdCtx->layers;
-
+ PNET_BUFFER_LIST newNbl = NULL;
NDIS_STATUS status;
- status = OvsDetectCtPacket(key);
+ status = OvsDetectCtPacket(fwdCtx, key, &newNbl);
if (status != NDIS_STATUS_SUCCESS) {
return status;
}
@@ -765,9 +774,9 @@ OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
/* Force implicitly means commit */
commit = TRUE;
}
-
- status = OvsCtExecute_(curNbl, key, layers, commit, force,
- zone, mark, labels, helper);
+ /* If newNbl is not allocated, use the current Nbl*/
+ status = OvsCtExecute_(newNbl != NULL ? newNbl : curNbl, key, layers,
+ commit, force, zone, mark, labels, helper);
return status;
}
This patch adds support for tracking Ipv4 fragments in conntrack module. Individual fragments are not tracked and are consumed by the fragmentation/reassembly. Only the reassembled Ipv4 datagram is tracked and treated as a single ct entry. Signed-off-by: Anand Kumar <kumaranand@vmware.com> --- v6->v7: Made changes to use FowardingCtx and initialize forwarding ctx for the reassembled packet v5->v6: No Change v4->v5: - Removed MRU argument from function declarations as MRU is now retained in _OVS_BUFFER_CONTEXT. v3->v4: No Change v2->v3: - Updated log messages and fixed alignment. v1->v2: No change --- datapath-windows/ovsext/Actions.c | 21 +++++++++++++++++++-- datapath-windows/ovsext/Conntrack.c | 23 ++++++++++++++++------- 2 files changed, 35 insertions(+), 9 deletions(-)