datapath-windows: Alg support for ftp and tftp in conntrack

This patch mainly support alg field in ct action when process ftp/tftp traffic. Tftp with alg mainly parse the tftp packet (IPv4/IPv6), extract connect info from the tftp packet and create the related connection. For ftp, previous version has supported process of ftp traffic. However, previous version regard traffic from or to port 21 as ftp traffic, this is incorrect in some scenario. This version adds alg field in ct for ftp traffic, we could use ct(alg=ftp) to process any ftp traffic from/to any port. IPv4/IPv6. Test cases: 1) ftp ipv4/ipv6 use alg field in the normal and nat scenario. 2) tftp ipv4/ipv6 use alg field in the normal and nat scenario. Signed-off-by: ldejing <ldejing@vmware.com> Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
author: ldejing <ldejing@vmware.com> 2022-09-16 15:52:51 +0800
committer: Alin-Gabriel Serdean <aserdean@ovn.org> 2022-09-20 02:27:20 +0300
commit: 54a618f0bd83431a18307a312e5b41e401538bbc (patch)
tree: 6b83b320e1b26858b8e3cadfe12f0468c3524968 /datapath-windows/ovsext/Conntrack-related.c
parent: 7a9dc1950f6a6c06f184b734a9f3a24b918088d7 (diff)
download: openvswitch-54a618f0bd83431a18307a312e5b41e401538bbc.tar.gz
1 files changed, 29 insertions, 1 deletions
diff --git a/datapath-windows/ovsext/Conntrack-related.c b/datapath-windows/ovsext/Conntrack-related.c
index f985c7631..99b1553da 100644
--- a/datapath-windows/ovsext/Conntrack-related.c
+++ b/datapath-windows/ovsext/Conntrack-related.c
@@ -40,6 +40,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey)
     /* FTP PASV - Client initiates the connection from unknown port */
     if ((incomingKey.dl_type == entryKey.dl_type) &&
         (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) &&
+        (incomingKey.nw_proto == IPPROTO_TCP) &&
         (incomingKey.dst.addr.ipv4 == entryKey.src.addr.ipv4) &&
         (incomingKey.dst.port == entryKey.src.port) &&
         (incomingKey.src.addr.ipv4 == entryKey.dst.addr.ipv4) &&
@@ -49,6 +50,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey)
 
     if ((incomingKey.dl_type == entryKey.dl_type) &&
         (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) &&
+        (incomingKey.nw_proto == IPPROTO_TCP) &&
         !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.src.addr.ipv6),
                sizeof(incomingKey.dst.addr.ipv6)) &&
         (incomingKey.dst.port == entryKey.src.port) &&
@@ -65,6 +67,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey)
      */
     if ((incomingKey.dl_type == entryKey.dl_type) &&
         (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) &&
+        (incomingKey.nw_proto == IPPROTO_TCP) &&
         (incomingKey.src.addr.ipv4 == entryKey.src.addr.ipv4) &&
         (incomingKey.dst.addr.ipv4 == entryKey.dst.addr.ipv4) &&
         (incomingKey.dst.port == entryKey.dst.port) &&
@@ -74,6 +77,7 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey)
 
     if ((incomingKey.dl_type == entryKey.dl_type) &&
         (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) &&
+        (incomingKey.nw_proto == IPPROTO_TCP) &&
         !memcmp(&(incomingKey.src.addr.ipv6), &(entryKey.src.addr.ipv6),
                sizeof(incomingKey.src.addr.ipv6)) &&
         !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.dst.addr.ipv6),
@@ -83,6 +87,31 @@ OvsCtRelatedKeyAreSame(OVS_CT_KEY incomingKey, OVS_CT_KEY entryKey)
         return TRUE;
     }
 
+    /* Tftp protocol */
+    if ((incomingKey.dl_type == entryKey.dl_type) &&
+        (incomingKey.dl_type == htons(ETH_TYPE_IPV4)) &&
+        (incomingKey.nw_proto == IPPROTO_UDP) &&
+        !memcmp(&(incomingKey.src.addr.ipv4), &(entryKey.src.addr.ipv4),
+                sizeof(incomingKey.src.addr.ipv4)) &&
+        !memcmp(&(incomingKey.dst.addr.ipv4), &(entryKey.dst.addr.ipv4),
+                sizeof(incomingKey.dst.addr.ipv4)) &&
+        (incomingKey.dst.port == entryKey.dst.port) &&
+        (incomingKey.nw_proto == entryKey.nw_proto)) {
+        return TRUE;
+    }
+
+    if ((incomingKey.dl_type == entryKey.dl_type) &&
+        (incomingKey.dl_type == htons(ETH_TYPE_IPV6)) &&
+        (incomingKey.nw_proto == IPPROTO_UDP) &&
+        !memcmp(&(incomingKey.src.addr.ipv6), &(entryKey.src.addr.ipv6),
+                sizeof(incomingKey.src.addr.ipv6)) &&
+        !memcmp(&(incomingKey.dst.addr.ipv6), &(entryKey.dst.addr.ipv6),
+                sizeof(incomingKey.dst.addr.ipv6)) &&
+        (incomingKey.dst.port == entryKey.dst.port) &&
+        (incomingKey.nw_proto == entryKey.nw_proto)) {
+        return TRUE;
+    }
+
     return FALSE;
 }
 
@@ -165,7 +194,6 @@ OvsCtRelatedEntryCreate(UINT8 ipProto,
     }
 
     UINT32 hash = OvsExtractCtRelatedKeyHash(&entry->key);
-
     NdisAcquireRWLockWrite(ovsCtRelatedLockObj, &lockState, 0);
     InsertHeadList(&ovsCtRelatedTable[hash & CT_HASH_TABLE_MASK],
                    &entry->link);
author	ldejing <ldejing@vmware.com>	2022-09-16 15:52:51 +0800
committer	Alin-Gabriel Serdean <aserdean@ovn.org>	2022-09-20 02:27:20 +0300
commit	54a618f0bd83431a18307a312e5b41e401538bbc (patch)
tree	6b83b320e1b26858b8e3cadfe12f0468c3524968 /datapath-windows/ovsext/Conntrack-related.c
parent	7a9dc1950f6a6c06f184b734a9f3a24b918088d7 (diff)
download	openvswitch-54a618f0bd83431a18307a312e5b41e401538bbc.tar.gz