Thanks Anand, Shashank, Alin. I applied this to master.
On Thu, Aug 03, 2017 at 05:11:36PM +0000, Alin Serdean wrote: > Acked-by: Alin Gabriel Serdean <[email protected]> > > > > -----Original Message----- > > From: [email protected] [mailto:ovs-dev- > > [email protected]] On Behalf Of Shashank Ram > > Sent: Wednesday, August 2, 2017 1:08 AM > > To: Anand Kumar <[email protected]>; [email protected] > > Subject: Re: [ovs-dev] [PATCH] datapath-windows: Fix conntrack lookups for > > reversed keys > > > > > > > > > > ________________________________________ > > From: [email protected] <ovs-dev- > > [email protected]> on behalf of Anand Kumar > > <[email protected]> > > Sent: Tuesday, August 1, 2017 3:01 PM > > To: [email protected] > > Subject: [ovs-dev] [PATCH] datapath-windows: Fix conntrack lookups for > > reversed keys > > > > From: Sairam Venugopal <[email protected]> > > > > The conntrack table needs to be queried for entries in either directions to > > determine if the packet is in forward direction or reply direction. > > > > The current behavior ends up reversing the incoming packet's 5-Tuple for > > every entry in the loop instead of doing it only once. > > > > Testing Done: > > - Verified that ICMP requests are no longer treated as replies in Conntrack. > > > > Change-Id: I826a164cfb9137e2167c404ff5c9bfd9dfaa33ad > > Co-authored-by: Sairam Venugopal <[email protected]> > > Signed-off-by: Anand Kumar <[email protected]> > > --- > > datapath-windows/ovsext/Conntrack.c | 19 ++++++++++--------- > > 1 file changed, 10 insertions(+), 9 deletions(-) > > > > diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath- > > windows/ovsext/Conntrack.c > > index 8ea1e65..917ebee 100644 > > --- a/datapath-windows/ovsext/Conntrack.c > > +++ b/datapath-windows/ovsext/Conntrack.c > > @@ -401,7 +401,14 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx) > > POVS_CT_ENTRY entry; > > BOOLEAN reply = FALSE; > > POVS_CT_ENTRY found = NULL; > > - OVS_CT_KEY key = ctx->key; > > + > > + /* Reverse NAT must be performed before OvsCtLookup, so here > > + * we simply need to flip the src and dst in key and compare > > + * they are equal. Note that flipped key is not equal to > > + * rev_key due to NAT effect. > > + */ > > + OVS_CT_KEY revCtxKey = ctx->key; > > + OvsCtKeyReverse(&revCtxKey); > > > > if (!ctTotalEntries) { > > return found; > > @@ -410,19 +417,13 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx) > > LIST_FORALL(&ovsConntrackTable[ctx->hash & CT_HASH_TABLE_MASK], > > link) { > > entry = CONTAINING_RECORD(link, OVS_CT_ENTRY, link); > > > > - if (OvsCtKeyAreSame(key,entry->key)) { > > + if (OvsCtKeyAreSame(ctx->key, entry->key)) { > > found = entry; > > reply = FALSE; > > break; > > } > > > > - /* Reverse NAT must be performed before OvsCtLookup, so here > > - * we simply need to flip the src and dst in key and compare > > - * they are equal. Note that flipped key is not equal to > > - * rev_key due to NAT effect. > > - */ > > - OvsCtKeyReverse(&key); > > - if (OvsCtKeyAreSame(key, entry->key)) { > > + if (OvsCtKeyAreSame(revCtxKey, entry->key)) { > > found = entry; > > reply = TRUE; > > break; > > -- > > 2.9.3.windows.1 > > > > _______________________________________________ > > > > Acked-by: Shashank Ram <[email protected]> > > _______________________________________________ > > dev mailing list > > [email protected] > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
