conntrack_l4csum_err gets incremented only when corrupted icmp pass through conntrack. Increase it for the remaining bad checksum cases including when checksum is offloaded.
Signed-off-by: Paolo Valerio <[email protected]> --- lib/conntrack.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 99198a601..30277f6fd 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1669,15 +1669,22 @@ static inline bool checksum_valid(const struct conn_key *key, const void *data, size_t size, const void *l3) { + bool valid; + if (key->dl_type == htons(ETH_TYPE_IP)) { uint32_t csum = packet_csum_pseudoheader(l3); - return csum_finish(csum_continue(csum, data, size)) == 0; + valid = (csum_finish(csum_continue(csum, data, size)) == 0); } else if (key->dl_type == htons(ETH_TYPE_IPV6)) { - return packet_csum_upperlayer6(l3, data, key->nw_proto, size) == 0; + valid = (packet_csum_upperlayer6(l3, data, key->nw_proto, size) == 0); } else { + valid = false; + } + + if (!valid) { COVERAGE_INC(conntrack_l4csum_err); - return false; } + + return valid; } static inline bool @@ -2076,6 +2083,8 @@ conn_key_extract(struct conntrack *ct, struct dp_packet *pkt, ovs_be16 dl_type, ctx->hash = conn_key_hash(&ctx->key, ct->hash_basis); return true; } + } else { + COVERAGE_INC(conntrack_l4csum_err); } } _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
