diff options
| author | Anand Kumar <kumaranand@vmware.com> | 2018-06-22 10:09:26 -0700 |
|---|---|---|
| committer | Alin Gabriel Serdean <aserdean@ovn.org> | 2018-06-24 23:58:16 +0300 |
| commit | 9726a016d9d6b2a8616fb407ce7df632c352cc66 (patch) | |
| tree | 37bdfc02813b6ff636be9441d2e22d8f1e5763e8 /datapath-windows/ovsext/Conntrack.h | |
| parent | 9d7c8de9fe557efa9c55bfe4fe8947785f252c3a (diff) | |
| download | openvswitch-9726a016d9d6b2a8616fb407ce7df632c352cc66.tar.gz | |
datapath-windows: Implement locking in conntrack NAT.
This patch primarily replaces existing ndis RWlock based implementaion
for NAT in conntrack with a spinlock based implementation inside NAT,
module along with some conntrack optimization.
- The 'ovsNatTable' and 'ovsUnNatTable' tables are shared
between cleanup threads and packet processing thread.
In order to protect these two tables use a spinlock.
Also introduce counters to track number of nat entries.
- Introduce a new function OvsGetTcpHeader() to retrieve TCP header
and payload length, to optimize for TCP traffic.
- Optimize conntrack look up.
- Remove 'bucketlockRef' member from conntrack entry structure.
Testing:
Verified loading/unloading the driver with driver verified enabled.
Ran TCP/UDP and ICMP traffic.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'datapath-windows/ovsext/Conntrack.h')
| -rw-r--r-- | datapath-windows/ovsext/Conntrack.h | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h index 7dc92a19c..7a80eea73 100644 --- a/datapath-windows/ovsext/Conntrack.h +++ b/datapath-windows/ovsext/Conntrack.h @@ -99,8 +99,6 @@ typedef struct _NAT_ACTION_INFO { } NAT_ACTION_INFO, *PNAT_ACTION_INFO; typedef struct OVS_CT_ENTRY { - /* Reference to ovsCtBucketLock of ovsConntrackTable.*/ - PNDIS_RW_LOCK_EX bucketLockRef; NDIS_SPIN_LOCK lock; /* Protects OVS_CT_ENTRY. */ OVS_CT_KEY key; OVS_CT_KEY rev_key; @@ -156,23 +154,33 @@ OvsConntrackUpdateExpiration(OVS_CT_ENTRY *ctEntry, ctEntry->expiration = now + interval; } -static __inline UINT32 -OvsGetTcpPayloadLength(PNET_BUFFER_LIST nbl) +static const TCPHdr* +OvsGetTcpHeader(PNET_BUFFER_LIST nbl, + OVS_PACKET_HDR_INFO *layers, + VOID *storage, + UINT32 *tcpPayloadLen) { IPHdr *ipHdr; TCPHdr *tcp; - char *ipBuf[sizeof(EthHdr) + sizeof(IPHdr) + sizeof(TCPHdr)]; + VOID *dest = storage; - ipHdr = NdisGetDataBuffer(NET_BUFFER_LIST_FIRST_NB(nbl), sizeof *ipBuf, - (PVOID)&ipBuf, 1 /*no align*/, 0); + ipHdr = NdisGetDataBuffer(NET_BUFFER_LIST_FIRST_NB(nbl), + layers->l4Offset + sizeof(TCPHdr), + NULL, 1 /*no align*/, 0); if (ipHdr == NULL) { - return 0; + return NULL; } - ipHdr = (IPHdr *)((PCHAR)ipHdr + sizeof(EthHdr)); + ipHdr = (IPHdr *)((PCHAR)ipHdr + layers->l3Offset); tcp = (TCPHdr *)((PCHAR)ipHdr + ipHdr->ihl * 4); + if (tcp->doff * 4 >= sizeof *tcp) { + NdisMoveMemory(dest, tcp, sizeof(TCPHdr)); + *tcpPayloadLen = ntohs((ipHdr->tot_len) - (ipHdr->ihl * 4) - + (TCP_HDR_LEN(tcp))); + return storage; + } - return (ntohs(ipHdr->tot_len) - (ipHdr->ihl * 4) - (TCP_HDR_LEN(tcp))); + return NULL; } VOID OvsCleanupConntrack(VOID); @@ -184,17 +192,17 @@ NDIS_STATUS OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx, BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp); BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp); OVS_CT_ENTRY * OvsConntrackCreateTcpEntry(const TCPHdr *tcp, - PNET_BUFFER_LIST nbl, - UINT64 now); + UINT64 now, + UINT32 tcpPayloadLen); NDIS_STATUS OvsCtMapTcpProtoInfoToNl(PNL_BUFFER nlBuf, OVS_CT_ENTRY *conn_); OVS_CT_ENTRY * OvsConntrackCreateOtherEntry(UINT64 now); OVS_CT_ENTRY * OvsConntrackCreateIcmpEntry(UINT64 now); enum CT_UPDATE_RES OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_, const TCPHdr *tcp, - PNET_BUFFER_LIST nbl, BOOLEAN reply, - UINT64 now); + UINT64 now, + UINT32 tcpPayloadLen); enum CT_UPDATE_RES OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_, BOOLEAN reply, UINT64 now); |