diff options
author | ldejing <ldejing@vmware.com> | 2022-09-16 15:52:51 +0800 |
---|---|---|
committer | Alin-Gabriel Serdean <aserdean@ovn.org> | 2022-09-20 02:27:20 +0300 |
commit | 54a618f0bd83431a18307a312e5b41e401538bbc (patch) | |
tree | 6b83b320e1b26858b8e3cadfe12f0468c3524968 /datapath-windows/ovsext/Conntrack-tcp.c | |
parent | 7a9dc1950f6a6c06f184b734a9f3a24b918088d7 (diff) | |
download | openvswitch-54a618f0bd83431a18307a312e5b41e401538bbc.tar.gz |
datapath-windows: Alg support for ftp and tftp in conntrack
This patch mainly support alg field in ct action when process
ftp/tftp traffic. Tftp with alg mainly parse the tftp packet
(IPv4/IPv6), extract connect info from the tftp packet and
create the related connection. For ftp, previous version has
supported process of ftp traffic. However, previous version
regard traffic from or to port 21 as ftp traffic, this is
incorrect in some scenario. This version adds alg field in ct for
ftp traffic, we could use ct(alg=ftp) to process any ftp traffic
from/to any port.
IPv4/IPv6.
Test cases:
1) ftp ipv4/ipv6 use alg field in the normal and nat scenario.
2) tftp ipv4/ipv6 use alg field in the normal and nat scenario.
Signed-off-by: ldejing <ldejing@vmware.com>
Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'datapath-windows/ovsext/Conntrack-tcp.c')
-rw-r--r-- | datapath-windows/ovsext/Conntrack-tcp.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index a468c3e6b..77370531c 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -37,6 +37,8 @@ */ #include "Conntrack.h" +#include "NetProto.h" +#include "PacketParser.h" #include <stddef.h> struct tcp_peer { @@ -577,3 +579,54 @@ done: NlMsgEndNested(nlBuf, offset); return status; } + +NDIS_STATUS +OvsCtHandleTftp(PNET_BUFFER_LIST curNbl, OvsFlowKey *key, + OVS_PACKET_HDR_INFO *layers, UINT64 currentTime, + POVS_CT_ENTRY entry) +{ + UDPHdr udpStorage; + const UDPHdr *udp = NULL; + struct ct_addr serverIp; + struct ct_addr clientIp; + NDIS_STATUS status = NDIS_STATUS_SUCCESS; + + udp = OvsGetUdp(curNbl, layers->l4Offset, &udpStorage); + if (!udp) { + return NDIS_STATUS_INVALID_PACKET; + } + + RtlZeroMemory(&serverIp, sizeof(serverIp)); + RtlZeroMemory(&clientIp, sizeof(clientIp)); + + if (OvsCtRelatedLookup(entry->key, currentTime)) { + return NDIS_STATUS_SUCCESS; + } + + if (layers->isIPv4) { + serverIp.ipv4 = key->ipKey.nwDst; + clientIp.ipv4 = key->ipKey.nwSrc; + status = OvsCtRelatedEntryCreate(key->ipKey.nwProto, + key->l2.dlType, + serverIp, + clientIp, + 0, + udp->source, + currentTime, + entry); + } else { + serverIp.ipv6 = key->ipv6Key.ipv6Dst; + clientIp.ipv6 = key->ipv6Key.ipv6Src; + status = OvsCtRelatedEntryCreate(key->ipv6Key.nwProto, + key->l2.dlType, + serverIp, + clientIp, + 0, + udp->source, + currentTime, + entry); + } + + return status; +} + |