Skip to content

Commit

Permalink
datapath-windows: Reset flow key after Ipv4 fragments are reassembled
Browse files Browse the repository at this point in the history 
While testing OVS-windows flows for the Ip fragments, the traffic will be dropped
As it may match incorrect OVS flow.  From the code, after the Ipv4 fragments are
Reassembled, it willl still use the flow key of the last Ipv4 fragments to match
CT causing match error.

Reported-at:openvswitch/ovs-issues#232
Signed-off-by: Wilson Peng <[email protected]>
Signed-off-by: Alin-Gabriel Serdean <[email protected]>
  • Loading branch information
@pweisong
pweisong authored and Alin-Gabriel Serdean committed Nov 15, 2021
1 parent 04b017e commit 71eb2ec
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion datapath-windows/ovsext/Conntrack.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,15 +493,32 @@ static __inline NDIS_STATUS
OvsDetectCtPacket(OvsForwardingContext *fwdCtx,
OvsFlowKey *key)
{
NDIS_STATUS status = NDIS_STATUS_SUCCESS;
OvsFlowKey newFlowKey = { 0 };

switch (ntohs(key->l2.dlType)) {
case ETH_TYPE_IPV4:
if (key->ipKey.nwFrag != OVS_FRAG_TYPE_NONE) {
return OvsProcessIpv4Fragment(fwdCtx->switchContext,
status = OvsProcessIpv4Fragment(fwdCtx->switchContext,
&fwdCtx->curNbl,
fwdCtx->completionList,
fwdCtx->fwdDetail->SourcePortId,
&fwdCtx->layers,
key->tunKey.tunnelId);
if (status == NDIS_STATUS_SUCCESS) {
/* After the Ipv4 Fragment is reassembled, update flow key as
L3 and L4 headers are not correct */
status =
OvsExtractFlow(fwdCtx->curNbl, fwdCtx->srcVportNo,
&newFlowKey, &fwdCtx->layers,
fwdCtx->tunKey.dst != 0 ? &fwdCtx->tunKey : NULL);
if (status != NDIS_STATUS_SUCCESS) {
OVS_LOG_ERROR("Extract flow failed Nbl %p", fwdCtx->curNbl);
return status;
}
*key = newFlowKey;
}
return status;
}
if (key->ipKey.nwProto == IPPROTO_TCP
|| key->ipKey.nwProto == IPPROTO_UDP
Expand Down

0 comments on commit 71eb2ec

Please sign in to comment.