datapath-windows: Alg support for ftp and tftp in conntrack

This patch mainly support alg field in ct action when process ftp/tftp traffic. Tftp with alg mainly parse the tftp packet (IPv4/IPv6), extract connect info from the tftp packet and create the related connection. For ftp, previous version has supported process of ftp traffic. However, previous version regard traffic from or to port 21 as ftp traffic, this is incorrect in some scenario. This version adds alg field in ct for ftp traffic, we could use ct(alg=ftp) to process any ftp traffic from/to any port. IPv4/IPv6. Test cases: 1) ftp ipv4/ipv6 use alg field in the normal and nat scenario. 2) tftp ipv4/ipv6 use alg field in the normal and nat scenario. Signed-off-by: ldejing <ldejing@vmware.com> Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
author: ldejing <ldejing@vmware.com> 2022-09-16 15:52:51 +0800
committer: Alin-Gabriel Serdean <aserdean@ovn.org> 2022-09-20 02:27:20 +0300
commit: 54a618f0bd83431a18307a312e5b41e401538bbc (patch)
tree: 6b83b320e1b26858b8e3cadfe12f0468c3524968 /datapath-windows/ovsext/Conntrack-tcp.c
parent: 7a9dc1950f6a6c06f184b734a9f3a24b918088d7 (diff)
download: openvswitch-54a618f0bd83431a18307a312e5b41e401538bbc.tar.gz
1 files changed, 53 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c
index a468c3e6b..77370531c 100644
--- a/datapath-windows/ovsext/Conntrack-tcp.c
+++ b/datapath-windows/ovsext/Conntrack-tcp.c
@@ -37,6 +37,8 @@
  */
 
 #include "Conntrack.h"
+#include "NetProto.h"
+#include "PacketParser.h"
 #include <stddef.h>
 
 struct tcp_peer {
@@ -577,3 +579,54 @@ done:
     NlMsgEndNested(nlBuf, offset);
     return status;
 }
+
+NDIS_STATUS
+OvsCtHandleTftp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key,
+                OVS_PACKET_HDR_INFO *layers, UINT64 currentTime,
+                POVS_CT_ENTRY entry)
+{
+    UDPHdr udpStorage;
+    const UDPHdr *udp = NULL;
+    struct ct_addr serverIp;
+    struct ct_addr clientIp;
+    NDIS_STATUS status = NDIS_STATUS_SUCCESS;
+
+    udp = OvsGetUdp(curNbl, layers->l4Offset, &udpStorage);
+    if (!udp) {
+        return NDIS_STATUS_INVALID_PACKET;
+    }
+
+    RtlZeroMemory(&serverIp, sizeof(serverIp));
+    RtlZeroMemory(&clientIp, sizeof(clientIp));
+
+    if (OvsCtRelatedLookup(entry->key, currentTime)) {
+        return NDIS_STATUS_SUCCESS;
+    }
+
+    if (layers->isIPv4) {
+        serverIp.ipv4 = key->ipKey.nwDst;
+        clientIp.ipv4 = key->ipKey.nwSrc;
+        status = OvsCtRelatedEntryCreate(key->ipKey.nwProto,
+                                         key->l2.dlType,
+                                         serverIp,
+                                         clientIp,
+                                         0,
+                                         udp->source,
+                                         currentTime,
+                                         entry);
+    } else {
+        serverIp.ipv6 = key->ipv6Key.ipv6Dst;
+        clientIp.ipv6 = key->ipv6Key.ipv6Src;
+        status = OvsCtRelatedEntryCreate(key->ipv6Key.nwProto,
+                                         key->l2.dlType,
+                                         serverIp,
+                                         clientIp,
+                                         0,
+                                         udp->source,
+                                         currentTime,
+                                         entry);
+    }
+
+    return status;
+}
+
author	ldejing <ldejing@vmware.com>	2022-09-16 15:52:51 +0800
committer	Alin-Gabriel Serdean <aserdean@ovn.org>	2022-09-20 02:27:20 +0300
commit	54a618f0bd83431a18307a312e5b41e401538bbc (patch)
tree	6b83b320e1b26858b8e3cadfe12f0468c3524968 /datapath-windows/ovsext/Conntrack-tcp.c
parent	7a9dc1950f6a6c06f184b734a9f3a24b918088d7 (diff)
download	openvswitch-54a618f0bd83431a18307a312e5b41e401538bbc.tar.gz