| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, there is one global lock for conntrack module, which protects
conntrack entries and conntrack table. All the NAT operations are
performed holding this lock.
This becomes inefficient, as the number of conntrack entries grow.
With new implementation, we will have two PNDIS_RW_LOCK_EX locks in
conntrack.
1. ovsCtBucketLock - one rw lock per bucket of the conntrack table,
which is shared by all the ct entries that belong to the same bucket.
2. lock - a rw lock in OVS_CT_ENTRY structure that protects the members
of conntrack entry.
Also, OVS_CT_ENTRY structure will have a lock reference(bucketLockRef)
to the corresponding OvsCtBucketLock of conntrack table.
We need this reference to retrieve ovsCtBucketLock from ct entry
for delete operation.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
Currently NAT module relies on the existing conntrack lock.
This patch provides a basic lock implementation for NAT module
in conntrack.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Some of the functions and code are refactored
so that new conntrack lock can be implemented
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
When trying to compile with WDK 10, the files under
datapath-windows/ovsext/Netlink
can't see the headers from datapath-windows/ovsext.
This patch adds the project directory under the include files.
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
| |
Found while compiling with VS2017.
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Visual Studio 2017 uses `.vs` directory for temporary files.
Add the directory to gitignore.
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
To delete a conntrack entry specified by 5-tuple pass an additional
conntrack 5-tuple parameter to flush-conntrack.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The zone Netlink attribute is supposed to be in network-byte order, but
the Windows code for deleting conntrack entries was treating it as
host-byte order.
Found by inspection.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
|
|
|
|
|
|
|
|
|
| |
If we can't allocate the NBL just go to the cleanup sequence.
Found using WDK 10 static code analysis.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Check for return value when trying to initialize ovsInstanceListLock.
Also return the status back to caller of `OvsInitIpHelper`.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
| |
This fixes the static code analysis over the function
'OvsGetTcpPayloadLength'.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
|
| |
`ethHdr` cannot be NULL because we did a partial copy before it.
Add an assert to keep the static analysis happy.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The result of `RtlStringCbLengthW` is not currently checked and triggers
a warning using the WDK 8.1 static analysis.
This patch treats the result of `RtlStringCbLengthW`.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
| |
Found by inspection.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use only non-executable memory when using MmGetSystemAddressForMdlSafe.
Introduce a new function called OvsGetMdlWithLowPriority for readability.
Found using WDK 10 static code analysis.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Shashank Ram <shashank08@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Decap functions for tunneling protocols do not compute
the packet header offsets correctly when there is a VLAN
tag in the L2 header. This results in incorrect checksum
computation causing the packet to be dropped.
This patch adds support to account for the VLAN tag in the
packet if its present, and makes use of the OvsExtractLayers()
function to correctly compute the header offsets for different
layers.
Testing done:
- Tested Geneve, STT, Vxlan and Gre and verified that there
are no regressions.
- Verified that packets with VLAN tags are correctly handled
in the decap code of all tunneling protocols. Previously,
this would result in packet drops due to invalid checksums
being computed.
- Verified that non-VLAN tagged packets are handled correctly.
Signed-off-by: Shashank Ram <rams@vmware.com>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add `nologo` parameter to MSBuild to suppress the banner.
This will make tidier log messages.
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the OvsCompleteNbl to take in a PVOID and explicitly cast to
POVS_SWITCH_CONTEXT. This is useful when finding declarations in Visual
Studio. The mismatch breaks this functionality.
Found by inspection.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Shashank Ram <rams@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the OvsLookupFlow fails for the decap packet,
when the Geneve options are present in the packet as the OvsIPv4TunnelKey
flags are not set in the Geneve decap.
Set the OvsIPv4TunnelKey flags OVS_TNL_F_OAM and OVS_TNL_F_CRT_OPT
in OvsDecapGeneve based on the geneve header. Also set OVS_TNL_F_GENEVE_OPT
if the packet has geneve options.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
| |
When checksum offload is enabled, compute checksum using the
TCP pseudo header.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conntrack, Conntrack-related, Stt, and IP fragmentation
have cleaner threads that run periodically to clean
up their respective tables. During driver unload,
OvsExtDetach() calls into routines that are meant
for explicitly cleaning these tables up and freeing
the resources associated with these threads.
If during driver unload, these cleaner threads run
immediately after the resources are freed, such as locks
used by these threads, then the cleaner threads result
in a kernel crash since they try to acquire locks
that have already been freed.
For eg, OvsIpFragmentEntryCleaner() caused a kernel
crash because it tried to acquire a lock that was
already freed by OvsCleanupIpFragment().
The fix is to simply exit the cleaner thread if the
lock associated with the thread is not initialized,
because the only way the threads can run when the lock
is invalid is when the lock has been freed up during
driver unload.
Testing done:
Verified that cleaner threads run as expected without
crashing during driver unload.
Signed-off-by: Shashank Ram <rams@vmware.com>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a given packet, packet counters in conntrack should be accounted only
once, even if the packet is processed multiple times by conntrack.
When a packet is processed by conntrack, ct_state flag is set to
OVS_CS_F_TRACKED. Use this state to identify if a packet has been
processed previously by conntrack.
Also update the ct packet counters when ct entry is created.
With this patch, the conntrack's packet counters behavior is similar
to linux
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Ram Shashank Ram <rams@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Only curNbl in the forwarding context needs to be updated with
fragmented NBL.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Shashank Ram <rams@vmware.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
The current implementation lacked an upper bound of number of entries in
the system. Set the size to ~2M (2^21) for the time being.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Shashank Ram <rams@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
Moves function OvsCreateNewNBLsFromMultipleNBs() to BufferMgmt.c
to facilitate consumption from outside PacketIO.c.
Signed-off-by: Shashank Ram <rams@vmware.com>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During SNAT/DNAT, we should not be updating the port field of ct_endpoint
struct, as ICMP packets do not have port information. Since port and
icmp_id are overlapped in ct_endpoint struct, icmp_id gets changed.
As a result, NAT look up fails to find a matching entry.
This patch addresses this issue by not modifying icmp_id field during
SNAT/DNAT only for ICMP traffic
The current NAT module doesn't take the ICMP type/code into account
during the lookups. Fix this to make it similar with the other conntrack
module.
Acked-by: Shashank Ram <rams@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
- Also add some padding for the ct_endpoint's union, so that each member
of ct_endpoint's union are of same size.
Co-authored-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The conntrack table needs to be queried for entries in either directions
to determine if the packet is in forward direction or reply direction.
The current behavior ends up reversing the incoming packet's 5-Tuple for
every entry in the loop instead of doing it only once.
Testing Done:
- Verified that ICMP requests are no longer treated as replies
in Conntrack.
Co-authored-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the function would take the curNbl and nextNbl
as inputs, and modify the linked list, and merge the input
linked list with the newly generated newNbl list.
This is confusing for the caller, and the function has
unnecessary logic for merging linked lists that instead
the caller should take care of. This is because the
OvsCreateNewNBLsFromMultipleNBs() is a generic API
that can be used by other functions as well, and its
natural for different callers to have different needs.
This patch refactors the behavior of OvsCreateNewNBLsFromMultipleNBs
to take in the curNbl and lastNbl, and it returns
a linked list of NBLs and sets the HEAD and TAIL of the
new list obtained from the curNbl. If the caller wants
to chain a new linked list at the HEAD or TAIL, it
can make use of the curNbl and lastNbl to do so.
Signed-off-by: Shashank Ram <rams@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Anand Kumar <kumaranand@vmware.com>
|
|
|
|
|
|
|
|
|
| |
Instead of assigning a value directly to the variable use `InterlockedAdd`
with 0.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
| |
Make the function `OvsIpFragmentEntryCleaner` aware it is a kstart_routine.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
Make the function `OvsCtRelatedEntryCleaner` aware it is a kstart_routine.
Also, the function is not compliant with the coding standard.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
Using the shift operator in macros makes the static analyzer on WDK 8.1 confused.
Switch to multiplication when trying to get the data offset of the TCP header.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return status of `ConvertInterfaceLuidToAlias` and `RtlStringCbLengthW`
and treat them accordingly.
Also remove unneeded initialization for `interfaceName`.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
`OvsGetOrResolveIPNeigh` uses a stack over 1024 bytes.
Switch one parameter to be a pointer.
Found using WDK 8.1 static code analysis.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
| |
Add a dummy parameter when using `NotifyRouteChange2` to keep static
static analysis happy.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
| |
Suppress overflow warning to keep static code analysis happy.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
Check if the first net buffer exists before trying to copy it.
Found using WDK 10 static code analysis.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
| |
`srcNb` should never be NULL since it was copied over from another nbl.
Add an assertion just in case and to keep static analysis happy.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We can safely use function annotations to instead of defining out own macros.
Nuke implementation of `OVS_VERIFY_IRQL_LE` and OVS_VERIFY_IRQL (unused).
Add function annotations to the functions which were using OVS_VERIFY_IRQL_LE`.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
| |
Found by inspection.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
Add annotations to the function ` OvsAcquirePidHashLock`.
We make it aware that it raises the dispatch level, where it saves the
dispatch level and it acquires a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add function annotations for ` OvsReleasePidHashLock`.
We make it aware that it requires a certain dispatch level, that it
restores the dispatch level, that it requires a lock held and releases
a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add function annotations for ` OvsReleaseEventQueueLock`.
We make it aware that it requires a certain dispatch level, that it
restores the dispatch level, that it requires a lock held and releases
a lock.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it raises the dispatch level, saves the
dispatch level and acquires a lock.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it is cancel routine.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it is cancel routine.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it is cancel routine.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it requires a certain dispatch level,
restores the dispatch level, requires lock held and releases a lock.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function should be aware that it raises the dispatch level, saves the
dispatch level and acquires a lock.
This patch adds annotation for that.
Signed-off-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
|