diff options
| author | Anand Kumar <kumaranand@vmware.com> | 2018-02-02 14:43:16 -0800 |
|---|---|---|
| committer | Alin Gabriel Serdean <aserdean@ovn.org> | 2018-02-03 00:48:52 +0200 |
| commit | 85dd5f5dfefaa0ff20657560685e48fc66275ce6 (patch) | |
| tree | 076277629b90e49afa104ab890af7f8c0bea47f0 /datapath-windows | |
| parent | e50ed58a1f4218a905cde2bcd87132c2c8e70fd3 (diff) | |
| download | openvswitch-85dd5f5dfefaa0ff20657560685e48fc66275ce6.tar.gz | |
datapath-windows: Add trace level logs in conntrack for invalid ct state.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'datapath-windows')
| -rw-r--r-- | datapath-windows/ovsext/Conntrack-icmp.c | 1 | ||||
| -rw-r--r-- | datapath-windows/ovsext/Conntrack-tcp.c | 4 | ||||
| -rw-r--r-- | datapath-windows/ovsext/Conntrack.c | 6 |
3 files changed, 11 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Conntrack-icmp.c b/datapath-windows/ovsext/Conntrack-icmp.c index 4da06659e..28fe2bff8 100644 --- a/datapath-windows/ovsext/Conntrack-icmp.c +++ b/datapath-windows/ovsext/Conntrack-icmp.c @@ -61,6 +61,7 @@ BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp) { if (!icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, header cannot be NULL"); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack-tcp.c b/datapath-windows/ovsext/Conntrack-tcp.c index f8e85a283..8cbab241b 100644 --- a/datapath-windows/ovsext/Conntrack-tcp.c +++ b/datapath-windows/ovsext/Conntrack-tcp.c @@ -444,12 +444,14 @@ BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp) { if (!tcp) { + OVS_LOG_TRACE("Invalid TCP packet detected, header cannot be NULL"); return FALSE; } UINT16 tcp_flags = ntohs(tcp->flags); if (OvsCtInvalidTcpFlags(tcp_flags)) { + OVS_LOG_TRACE("Invalid TCP packet detected, tcp_flags %hu", tcp_flags); return FALSE; } @@ -457,6 +459,8 @@ OvsConntrackValidateTcpPacket(const TCPHdr *tcp) * totally new connections (syn) or already established, not partially * open (syn+ack). */ if ((tcp_flags & TCP_SYN) && (tcp_flags & TCP_ACK)) { + OVS_LOG_TRACE("Invalid TCP packet detected, SYN+ACK flags not allowed," + "tcp_flags %hu", tcp_flags); return FALSE; } diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 43c9dd319..678bedb65 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -317,6 +317,10 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, const ICMPHdr *icmp; icmp = OvsGetIcmp(curNbl, l4Offset, &storage); if (!OvsConntrackValidateIcmpPacket(icmp)) { + if(icmp) { + OVS_LOG_TRACE("Invalid ICMP packet detected, icmp->type %u", + icmp->type); + } state = OVS_CS_F_INVALID; break; } @@ -334,6 +338,8 @@ OvsCtEntryCreate(OvsForwardingContext *fwdCtx, break; } default: + OVS_LOG_TRACE("Invalid packet detected, protocol not supported" + " ipProto %u", ipProto); state = OVS_CS_F_INVALID; break; } |