Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for deleting conntrack entry by 5-tuple.

2017-11-29 Thread Ben Pfaff 
Sure, no problem at all.  Mostly I wanted to make sure that you hadn't
forgotten you can apply patches yourself ;-)

On Wed, Nov 29, 2017 at 08:19:29PM +0200, aserd...@ovn.org wrote:
> I wanted to give it a few days to see if another review pops up.
> 
> Mind if I wait until tomorrow?
> 
> Thanks,
> Alin.
> 
> > -Original Message-
> > From: Ben Pfaff [mailto:b...@ovn.org]
> > Sent: Wednesday, November 29, 2017 7:44 PM
> > To: Alin Serdean <aserd...@cloudbasesolutions.com>
> > Cc: Anand Kumar <kumaran...@vmware.com>; d...@openvswitch.org
> > Subject: Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for
> > deleting conntrack entry by 5-tuple.
> > 
> > Alin, do you plan to apply this?
> > 
> > On Tue, Nov 28, 2017 at 12:54:48PM +, Alin Serdean wrote:
> > > Acked-by: Alin Gabriel Serdean <aserd...@ovn.org>
> > >
> > > > -Original Message-
> > > > From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-
> > > > boun...@openvswitch.org] On Behalf Of Anand Kumar
> > > > Sent: Wednesday, November 22, 2017 2:47 AM
> > > > To: d...@openvswitch.org
> > > > Subject: [ovs-dev] [PATCH v1] datapath-windows: Add support for
> > > > deleting conntrack entry by 5-tuple.
> > > >
> > > > To delete a conntrack entry specified by 5-tuple pass an additional
> > > > conntrack 5-tuple parameter to flush-conntrack.
> > > >
> > > > Signed-off-by: Anand Kumar <kumaran...@vmware.com>
> > > > ---
> > > >  datapath-windows/ovsext/Conntrack.c | 146
> > > > +---
> > > >  1 file changed, 134 insertions(+), 12 deletions(-)
> > > >
> > > ___
> > > dev mailing list
> > > d...@openvswitch.org
> > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for deleting conntrack entry by 5-tuple.

2017-11-29 Thread Yi-Hung Wei 
Hi Anand and Alin,

I have some updates about supporting delete conntrack entry by 5-tuple on
my v2 patch series (
https://mail.openvswitch.org/pipermail/ovs-dev/2017-November/341140.html ).

In the v2 series, I made some changes on the dpif-netlink implementation (
https://mail.openvswitch.org/pipermail/ovs-dev/2017-November/341142.html ),
and I am not sure if it will affect the windows datapath implementation.

Given that the dpif-netlink implementation is still under review, if it
will affect the windows datapath implementation, do you mind if we wait a
bit till the dpif-netlink implementation is upstream?

Thanks,

-Yi-Hung

On Wed, Nov 29, 2017 at 10:19 AM,  wrote:

> I wanted to give it a few days to see if another review pops up.
>
> Mind if I wait until tomorrow?
>
> Thanks,
> Alin.
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for deleting conntrack entry by 5-tuple.

2017-11-29 Thread aserdean 
I wanted to give it a few days to see if another review pops up.

Mind if I wait until tomorrow?

Thanks,
Alin.

> -Original Message-
> From: Ben Pfaff [mailto:b...@ovn.org]
> Sent: Wednesday, November 29, 2017 7:44 PM
> To: Alin Serdean <aserd...@cloudbasesolutions.com>
> Cc: Anand Kumar <kumaran...@vmware.com>; d...@openvswitch.org
> Subject: Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for
> deleting conntrack entry by 5-tuple.
> 
> Alin, do you plan to apply this?
> 
> On Tue, Nov 28, 2017 at 12:54:48PM +, Alin Serdean wrote:
> > Acked-by: Alin Gabriel Serdean <aserd...@ovn.org>
> >
> > > -Original Message-
> > > From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-
> > > boun...@openvswitch.org] On Behalf Of Anand Kumar
> > > Sent: Wednesday, November 22, 2017 2:47 AM
> > > To: d...@openvswitch.org
> > > Subject: [ovs-dev] [PATCH v1] datapath-windows: Add support for
> > > deleting conntrack entry by 5-tuple.
> > >
> > > To delete a conntrack entry specified by 5-tuple pass an additional
> > > conntrack 5-tuple parameter to flush-conntrack.
> > >
> > > Signed-off-by: Anand Kumar <kumaran...@vmware.com>
> > > ---
> > >  datapath-windows/ovsext/Conntrack.c | 146
> > > +---
> > >  1 file changed, 134 insertions(+), 12 deletions(-)
> > >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1] datapath-windows: Add support for deleting conntrack entry by 5-tuple.

2017-11-29 Thread Ben Pfaff 
Alin, do you plan to apply this?

On Tue, Nov 28, 2017 at 12:54:48PM +, Alin Serdean wrote:
> Acked-by: Alin Gabriel Serdean <aserd...@ovn.org>
> 
> > -Original Message-
> > From: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-
> > boun...@openvswitch.org] On Behalf Of Anand Kumar
> > Sent: Wednesday, November 22, 2017 2:47 AM
> > To: d...@openvswitch.org
> > Subject: [ovs-dev] [PATCH v1] datapath-windows: Add support for deleting
> > conntrack entry by 5-tuple.
> > 
> > To delete a conntrack entry specified by 5-tuple pass an additional 
> > conntrack
> > 5-tuple parameter to flush-conntrack.
> > 
> > Signed-off-by: Anand Kumar <kumaran...@vmware.com>
> > ---
> >  datapath-windows/ovsext/Conntrack.c | 146
> > +---
> >  1 file changed, 134 insertions(+), 12 deletions(-)
> > 
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v1] datapath-windows: Add support for deleting conntrack entry by 5-tuple.

2017-11-21 Thread Anand Kumar 
To delete a conntrack entry specified by 5-tuple pass an additional
conntrack 5-tuple parameter to flush-conntrack.

Signed-off-by: Anand Kumar 
---
 datapath-windows/ovsext/Conntrack.c | 146 +---
 1 file changed, 134 insertions(+), 12 deletions(-)

diff --git a/datapath-windows/ovsext/Conntrack.c 
b/datapath-windows/ovsext/Conntrack.c
index 3203411..dc268b3 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -35,8 +35,10 @@ static PNDIS_RW_LOCK_EX ovsConntrackLockObj;
 extern POVS_SWITCH_CONTEXT gOvsSwitchContext;
 static UINT64 ctTotalEntries;
 
-static __inline NDIS_STATUS OvsCtFlush(UINT16 zone);
-
+static __inline OvsCtFlush(UINT16 zone, struct ovs_key_ct_tuple_ipv4 *tuple);
+static __inline NDIS_STATUS
+MapNlToCtTuple(POVS_MESSAGE msgIn, PNL_ATTR attr,
+   struct ovs_key_ct_tuple_ipv4 *ct_tuple);
 /*
  *
  * OvsInitConntrack
@@ -120,7 +122,7 @@ OvsCleanupConntrack(VOID)
 ObDereferenceObject(ctThreadCtx.threadObject);
 
 /* Force flush all entries before removing */
-OvsCtFlush(0);
+OvsCtFlush(0, NULL);
 
 if (ovsConntrackTable) {
 OvsFreeMemoryWithTag(ovsConntrackTable, OVS_CT_POOL_TAG);
@@ -1018,11 +1020,11 @@ OvsConntrackEntryCleaner(PVOID data)
 /*
  *
  * OvsCtFlush
- * Flushes out all Conntrack Entries that match the given zone
+ * Flushes out all Conntrack Entries that match any of the arguments
  *
  */
 static __inline NDIS_STATUS
-OvsCtFlush(UINT16 zone)
+OvsCtFlush(UINT16 zone, struct ovs_key_ct_tuple_ipv4 *tuple)
 {
 PLIST_ENTRY link, next;
 POVS_CT_ENTRY entry;
@@ -1034,9 +1036,26 @@ OvsCtFlush(UINT16 zone)
 for (int i = 0; i < CT_HASH_TABLE_SIZE; i++) {
 LIST_FORALL_SAFE([i], link, next) {
 entry = CONTAINING_RECORD(link, OVS_CT_ENTRY, link);
-/* zone is a non-zero value */
-if (!zone || zone == entry->key.zone)
+if (tuple) {
+if (tuple->ipv4_proto != IPPROTO_ICMP &&
+tuple->ipv4_src == entry->key.src.addr.ipv4_aligned &&
+tuple->ipv4_dst == entry->key.dst.addr.ipv4_aligned &&
+tuple->ipv4_proto == entry->key.nw_proto &&
+tuple->src_port == entry->key.src.port &&
+tuple->dst_port == entry->key.dst.port &&
+(zone ? entry->key.zone == zone: TRUE)) {
+OvsCtEntryDelete(entry);
+} else if (tuple->ipv4_src == 
entry->key.src.addr.ipv4_aligned &&
+tuple->ipv4_dst == entry->key.dst.addr.ipv4_aligned &&
+tuple->ipv4_proto == entry->key.nw_proto &&
+tuple->src_port == entry->key.src.icmp_type &&
+tuple->dst_port == entry->key.src.icmp_code &&
+(zone ? entry->key.zone == zone: TRUE)) {
+OvsCtEntryDelete(entry);
+}
+} else if (!zone || zone == entry->key.zone) {
 OvsCtEntryDelete(entry);
+}
 }
 }
 }
@@ -1058,19 +1077,21 @@ OvsCtDeleteCmdHandler(POVS_USER_PARAMS_CONTEXT 
usrParamsCtx,
 NL_ERROR nlError = NL_ERROR_SUCCESS;
 NTSTATUS status;
 UINT16 zone = 0;
+struct ovs_key_ct_tuple_ipv4 *ct_tuple = NULL;
 NL_BUFFER nlBuf;
 UINT16 nlmsgType;
 PNL_MSG_HDR nlMsg;
 
-static const NL_POLICY ctZonePolicy[] = {
-[CTA_ZONE] = { .type = NL_A_BE16, .optional = TRUE },
+static const NL_POLICY ctAttrPolicy[] = {
+[CTA_TUPLE_ORIG] = {.type = NL_A_NESTED, .optional = TRUE},
+[CTA_ZONE] = {.type = NL_A_BE16, .optional = TRUE },
 };
 
 if ((NlAttrParse(nlMsgHdr, attrOffset, NlNfMsgAttrsLen(nlMsgHdr),
-ctZonePolicy, ARRAY_SIZE(ctZonePolicy),
+ctAttrPolicy, ARRAY_SIZE(ctAttrPolicy),
 ctAttrs, ARRAY_SIZE(ctAttrs)))
 != TRUE) {
-OVS_LOG_ERROR("Zone attr parsing failed for msg: %p", nlMsgHdr);
+OVS_LOG_ERROR("Ct attr parsing failed for msg: %p", nlMsgHdr);
 status = STATUS_INVALID_PARAMETER;
 goto done;
 }
@@ -1079,7 +1100,21 @@ OvsCtDeleteCmdHandler(POVS_USER_PARAMS_CONTEXT 
usrParamsCtx,
 zone = NlAttrGetU16(ctAttrs[CTA_ZONE]);
 }
 
-status = OvsCtFlush(zone);
+if (ctAttrs[CTA_TUPLE_ORIG]) {
+ct_tuple = OvsAllocateMemoryWithTag(sizeof(struct 
ovs_key_ct_tuple_ipv4),
+OVS_CT_POOL_TAG);
+if (ct_tuple == NULL) {
+status = STATUS_INSUFFICIENT_RESOURCES;
+goto done;
+}
+/*