Acked-by: Alin Gabriel Serdean <[email protected]>
> -----Original Message----- > From: [email protected] [mailto:ovs-dev- > [email protected]] On Behalf Of Shashank Ram > Sent: Wednesday, August 2, 2017 1:08 AM > To: Anand Kumar <[email protected]>; [email protected] > Subject: Re: [ovs-dev] [PATCH] datapath-windows: Fix conntrack lookups for > reversed keys > > > > > ________________________________________ > From: [email protected] <ovs-dev- > [email protected]> on behalf of Anand Kumar > <[email protected]> > Sent: Tuesday, August 1, 2017 3:01 PM > To: [email protected] > Subject: [ovs-dev] [PATCH] datapath-windows: Fix conntrack lookups for > reversed keys > > From: Sairam Venugopal <[email protected]> > > The conntrack table needs to be queried for entries in either directions to > determine if the packet is in forward direction or reply direction. > > The current behavior ends up reversing the incoming packet's 5-Tuple for > every entry in the loop instead of doing it only once. > > Testing Done: > - Verified that ICMP requests are no longer treated as replies in Conntrack. > > Change-Id: I826a164cfb9137e2167c404ff5c9bfd9dfaa33ad > Co-authored-by: Sairam Venugopal <[email protected]> > Signed-off-by: Anand Kumar <[email protected]> > --- > datapath-windows/ovsext/Conntrack.c | 19 ++++++++++--------- > 1 file changed, 10 insertions(+), 9 deletions(-) > > diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath- > windows/ovsext/Conntrack.c > index 8ea1e65..917ebee 100644 > --- a/datapath-windows/ovsext/Conntrack.c > +++ b/datapath-windows/ovsext/Conntrack.c > @@ -401,7 +401,14 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx) > POVS_CT_ENTRY entry; > BOOLEAN reply = FALSE; > POVS_CT_ENTRY found = NULL; > - OVS_CT_KEY key = ctx->key; > + > + /* Reverse NAT must be performed before OvsCtLookup, so here > + * we simply need to flip the src and dst in key and compare > + * they are equal. Note that flipped key is not equal to > + * rev_key due to NAT effect. > + */ > + OVS_CT_KEY revCtxKey = ctx->key; > + OvsCtKeyReverse(&revCtxKey); > > if (!ctTotalEntries) { > return found; > @@ -410,19 +417,13 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx) > LIST_FORALL(&ovsConntrackTable[ctx->hash & CT_HASH_TABLE_MASK], > link) { > entry = CONTAINING_RECORD(link, OVS_CT_ENTRY, link); > > - if (OvsCtKeyAreSame(key,entry->key)) { > + if (OvsCtKeyAreSame(ctx->key, entry->key)) { > found = entry; > reply = FALSE; > break; > } > > - /* Reverse NAT must be performed before OvsCtLookup, so here > - * we simply need to flip the src and dst in key and compare > - * they are equal. Note that flipped key is not equal to > - * rev_key due to NAT effect. > - */ > - OvsCtKeyReverse(&key); > - if (OvsCtKeyAreSame(key, entry->key)) { > + if (OvsCtKeyAreSame(revCtxKey, entry->key)) { > found = entry; > reply = TRUE; > break; > -- > 2.9.3.windows.1 > > _______________________________________________ > > Acked-by: Shashank Ram <[email protected]> > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
