Re: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state.
Applied on master. Ty!
-Mesaj original-
De la: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-boun...@openvswitch.org]
În numele aserd...@ovn.org
Trimis: Saturday, February 3, 2018 12:48 AM
Către: 'Anand Kumar' ; d...@openvswitch.org
Subiect: Re: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in
conntrack for invalid ct state.
Much better 😊
Acked-by: Alin Gabriel Serdean
-Mesaj original-
De la: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-boun...@openvswitch.org]
În numele Anand Kumar
Trimis: Saturday, February 3, 2018 12:43 AM
Către: d...@openvswitch.org
Subiect: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in
conntrack for invalid ct state.
Signed-off-by: Anand Kumar
---
datapath-windows/ovsext/Conntrack-icmp.c | 1 +
datapath-windows/ovsext/Conntrack-tcp.c | 4
datapath-windows/ovsext/Conntrack.c | 6 ++
3 files changed, 11 insertions(+)
diff --git a/datapath-windows/ovsext/Conntrack-icmp.c
b/datapath-windows/ovsext/Conntrack-icmp.c
index 4da0665..28fe2bf 100644
--- a/datapath-windows/ovsext/Conntrack-icmp.c
+++ b/datapath-windows/ovsext/Conntrack-icmp.c
@@ -61,6 +61,7 @@ BOOLEAN
OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) {
if (!icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be
+ NULL");
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c
b/datapath-windows/ovsext/Conntrack-tcp.c
index f8e85a2..8cbab24 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -444,12 +444,14 @@ BOOLEAN
OvsConntrackValidateTcpPacket(const TCPHdr *tcp) {
if (!tcp) {
+OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be
+ NULL");
return FALSE;
}
UINT16 tcp_flags = ntohs(tcp->flags);
if (OvsCtInvalidTcpFlags(tcp_flags)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu",
+ tcp_flags);
return FALSE;
}
@@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
* totally new connections (syn) or already established, not partially
* open (syn+ack). */
if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed,"
+ "tcp_flags %hu", tcp_flags);
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack.c
b/datapath-windows/ovsext/Conntrack.c
index 43c9dd3..678bedb 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
const ICMPHdr *icmp;
icmp = OvsGetIcmp(curNbl, l4Offset, &storage);
if (!OvsConntrackValidateIcmpPacket(icmp)) {
+if(icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u",
+ icmp->type);
+}
state = OVS_CS_F_INVALID;
break;
}
@@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
break;
}
default:
+OVS_LOG_TRACE("Invalid packet detected, protocol not supported"
+ " ipProto %u", ipProto);
state = OVS_CS_F_INVALID;
break;
}
--
2.9.3.windows.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state.
Much better 😊
Acked-by: Alin Gabriel Serdean
-Mesaj original-
De la: ovs-dev-boun...@openvswitch.org [mailto:ovs-dev-boun...@openvswitch.org]
În numele Anand Kumar
Trimis: Saturday, February 3, 2018 12:43 AM
Către: d...@openvswitch.org
Subiect: [ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in
conntrack for invalid ct state.
Signed-off-by: Anand Kumar
---
datapath-windows/ovsext/Conntrack-icmp.c | 1 +
datapath-windows/ovsext/Conntrack-tcp.c | 4
datapath-windows/ovsext/Conntrack.c | 6 ++
3 files changed, 11 insertions(+)
diff --git a/datapath-windows/ovsext/Conntrack-icmp.c
b/datapath-windows/ovsext/Conntrack-icmp.c
index 4da0665..28fe2bf 100644
--- a/datapath-windows/ovsext/Conntrack-icmp.c
+++ b/datapath-windows/ovsext/Conntrack-icmp.c
@@ -61,6 +61,7 @@ BOOLEAN
OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) {
if (!icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be
+ NULL");
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c
b/datapath-windows/ovsext/Conntrack-tcp.c
index f8e85a2..8cbab24 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -444,12 +444,14 @@ BOOLEAN
OvsConntrackValidateTcpPacket(const TCPHdr *tcp) {
if (!tcp) {
+OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be
+ NULL");
return FALSE;
}
UINT16 tcp_flags = ntohs(tcp->flags);
if (OvsCtInvalidTcpFlags(tcp_flags)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu",
+ tcp_flags);
return FALSE;
}
@@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
* totally new connections (syn) or already established, not partially
* open (syn+ack). */
if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed,"
+ "tcp_flags %hu", tcp_flags);
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack.c
b/datapath-windows/ovsext/Conntrack.c
index 43c9dd3..678bedb 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
const ICMPHdr *icmp;
icmp = OvsGetIcmp(curNbl, l4Offset, &storage);
if (!OvsConntrackValidateIcmpPacket(icmp)) {
+if(icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u",
+ icmp->type);
+}
state = OVS_CS_F_INVALID;
break;
}
@@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
break;
}
default:
+OVS_LOG_TRACE("Invalid packet detected, protocol not supported"
+ " ipProto %u", ipProto);
state = OVS_CS_F_INVALID;
break;
}
--
2.9.3.windows.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] datapath-windows: Add trace level logs in conntrack for invalid ct state.
Signed-off-by: Anand Kumar
---
datapath-windows/ovsext/Conntrack-icmp.c | 1 +
datapath-windows/ovsext/Conntrack-tcp.c | 4
datapath-windows/ovsext/Conntrack.c | 6 ++
3 files changed, 11 insertions(+)
diff --git a/datapath-windows/ovsext/Conntrack-icmp.c
b/datapath-windows/ovsext/Conntrack-icmp.c
index 4da0665..28fe2bf 100644
--- a/datapath-windows/ovsext/Conntrack-icmp.c
+++ b/datapath-windows/ovsext/Conntrack-icmp.c
@@ -61,6 +61,7 @@ BOOLEAN
OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp)
{
if (!icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be NULL");
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c
b/datapath-windows/ovsext/Conntrack-tcp.c
index f8e85a2..8cbab24 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -444,12 +444,14 @@ BOOLEAN
OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
{
if (!tcp) {
+OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be NULL");
return FALSE;
}
UINT16 tcp_flags = ntohs(tcp->flags);
if (OvsCtInvalidTcpFlags(tcp_flags)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", tcp_flags);
return FALSE;
}
@@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp)
* totally new connections (syn) or already established, not partially
* open (syn+ack). */
if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) {
+OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed,"
+ "tcp_flags %hu", tcp_flags);
return FALSE;
}
diff --git a/datapath-windows/ovsext/Conntrack.c
b/datapath-windows/ovsext/Conntrack.c
index 43c9dd3..678bedb 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
const ICMPHdr *icmp;
icmp = OvsGetIcmp(curNbl, l4Offset, &storage);
if (!OvsConntrackValidateIcmpPacket(icmp)) {
+if(icmp) {
+OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u",
+ icmp->type);
+}
state = OVS_CS_F_INVALID;
break;
}
@@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx,
break;
}
default:
+OVS_LOG_TRACE("Invalid packet detected, protocol not supported"
+ " ipProto %u", ipProto);
state = OVS_CS_F_INVALID;
break;
}
--
2.9.3.windows.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
