Skip to content

Commit

Permalink
datapath-windows: Reset flow key after Ipv4 fragments are reassembled
Browse files Browse the repository at this point in the history 
While testing OVS-windows flows for the Ip fragments, the traffic will be dropped
As it may match incorrect OVS flow.  From the code, after the Ipv4 fragments are
Reassembled, it willl still use the flow key of the last Ipv4 fragments to match
CT causing match error.

Reported-at:openvswitch/ovs-issues#232
Signed-off-by: Wilson Peng <pweisong@vmware.com>
Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
  • Loading branch information
@pweisong @aserdean
pweisong authored and aserdean committed Nov 15, 2021
1 parent e329f28 commit d43c150
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion datapath-windows/ovsext/Conntrack.c
View file
Expand Up @@ -493,15 +493,32 @@ static __inline NDIS_STATUS
OvsDetectCtPacket(OvsForwardingContext *fwdCtx,
OvsFlowKey *key)
{
NDIS_STATUS status = NDIS_STATUS_SUCCESS;
OvsFlowKey newFlowKey = { 0 };

switch (ntohs(key->l2.dlType)) {
case ETH_TYPE_IPV4:
if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) {
return OvsProcessIpv4Fragment(fwdCtx->switchContext,
status = OvsProcessIpv4Fragment(fwdCtx->switchContext,
&fwdCtx->curNbl,
fwdCtx->completionList,
fwdCtx->fwdDetail->SourcePortId,
&fwdCtx->layers,
key->tunKey.tunnelId);
if (status == NDIS_STATUS_SUCCESS) {
/* After the Ipv4 Fragment is reassembled, update flow key as
L3 and L4 headers are not correct */
status =
OvsExtractFlow(fwdCtx->curNbl, fwdCtx->srcVportNo,
&newFlowKey, &fwdCtx->layers,
fwdCtx->tunKey.dst != 0 ? &fwdCtx->tunKey : NULL);
if (status != NDIS_STATUS_SUCCESS) {
OVS_LOG_ERROR("Extract flow failed Nbl %p", fwdCtx->curNbl);
return status;
}
*key = newFlowKey;
}
return status;
}
if (key->ipKey.nwProto == IPPROTO_TCP
|| key->ipKey.nwProto == IPPROTO_UDP
Expand Down

0 comments on commit d43c150

Please sign in to comment.