diff options
author | Rui Cao <rcao@vmware.com> | 2020-06-23 06:46:22 +0000 |
---|---|---|
committer | William Tu <u9012063@gmail.com> | 2020-06-27 16:49:54 -0700 |
commit | 7d68168468b1f862953d38010cbf3d1079eaf621 (patch) | |
tree | 5a8155eb2b463786e1ae77fb61426805e0f1ba0a /datapath-windows/ovsext | |
parent | 98670b77ffe8b36c9d5089022ee36680aeecc542 (diff) | |
download | openvswitch-7d68168468b1f862953d38010cbf3d1079eaf621.tar.gz |
datapath-windows, conntrack: Fix conntrack new state
On windows, if we send a connection setup packet in one direction
twice, it will make the connection to be in established state. The
same issue happened in Linux userspace conntrack module and has
been fixed.
This patch port the following previous fixes to windows datapath to
fix the issue:
- a867c010ee9183885ee9d3eb76a0005c075c4d2e
- ac23d20fc90da3b1c9b2117d1e22102e99fba006
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Rui Cao <rcao@vmware.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Diffstat (limited to 'datapath-windows/ovsext')
-rw-r--r-- | datapath-windows/ovsext/Conntrack-other.c | 4 | ||||
-rw-r--r-- | datapath-windows/ovsext/Conntrack-tcp.c | 14 | ||||
-rw-r--r-- | datapath-windows/ovsext/Conntrack.c | 3 | ||||
-rw-r--r-- | datapath-windows/ovsext/Conntrack.h | 1 |
4 files changed, 17 insertions, 5 deletions
diff --git a/datapath-windows/ovsext/Conntrack-other.c b/datapath-windows/ovsext/Conntrack-other.c index 962cc8ac6..8580415a6 100644 --- a/datapath-windows/ovsext/Conntrack-other.c +++ b/datapath-windows/ovsext/Conntrack-other.c @@ -49,17 +49,19 @@ OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_, { ASSERT(conn_); struct conn_other *conn = OvsCastConntrackEntryToOtherEntry(conn_); + enum CT_UPDATE_RES ret = CT_UPDATE_VALID; if (reply && conn->state != OTHERS_BIDIR) { conn->state = OTHERS_BIDIR; } else if (conn->state == OTHERS_FIRST) { conn->state = OTHERS_MULTIPLE; + ret = CT_UPDATE_VALID_NEW; } OvsConntrackUpdateExpiration(&conn->up, now, other_timeouts[conn->state]); - return CT_UPDATE_VALID; + return ret; } OVS_CT_ENTRY * diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index eda42ac82..a468c3e6b 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -213,11 +213,17 @@ OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_, return CT_UPDATE_INVALID; } - if (((tcp_flags & (TCP_SYN|TCP_ACK)) == TCP_SYN) - && dst->state >= CT_DPIF_TCPS_FIN_WAIT_2 + if ((tcp_flags & (TCP_SYN|TCP_ACK)) == TCP_SYN) { + if (dst->state >= CT_DPIF_TCPS_FIN_WAIT_2 && src->state >= CT_DPIF_TCPS_FIN_WAIT_2) { - src->state = dst->state = CT_DPIF_TCPS_CLOSED; - return CT_UPDATE_NEW; + src->state = dst->state = CT_DPIF_TCPS_CLOSED; + return CT_UPDATE_NEW; + } else if (src->state <= CT_DPIF_TCPS_SYN_SENT) { + src->state = CT_DPIF_TCPS_SYN_SENT; + OvsConntrackUpdateExpiration(&conn->up, now, + 30 * CT_INTERVAL_SEC); + return CT_UPDATE_VALID_NEW; + } } if (src->wscale & CT_WSCALE_FLAG diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index ba5611697..55917c43f 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -753,6 +753,9 @@ OvsProcessConntrackEntry(OvsForwardingContext *fwdCtx, return NULL; } break; + case CT_UPDATE_VALID_NEW: + state |= OVS_CS_F_NEW; + break; } } if (entry) { diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h index bc6580d70..b0932186a 100644 --- a/datapath-windows/ovsext/Conntrack.h +++ b/datapath-windows/ovsext/Conntrack.h @@ -56,6 +56,7 @@ typedef enum CT_UPDATE_RES { CT_UPDATE_INVALID, CT_UPDATE_VALID, CT_UPDATE_NEW, + CT_UPDATE_VALID_NEW, } CT_UPDATE_RES; /* Metadata mark for masked write to conntrack mark */ |