forked from openvswitch/ovs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ct-dpif.c
408 lines (363 loc) · 12.3 KB
/
ct-dpif.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
/*
* Copyright (c) 2015 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <config.h>
#include <errno.h>
#include "ct-dpif.h"
#include "dpif-provider.h"
/* Declarations for conntrack entry formatting. */
struct flags {
uint32_t flag;
const char *name;
};
static void ct_dpif_format_ipproto(struct ds *, uint16_t ipproto);
static void ct_dpif_format_counters(struct ds *,
const struct ct_dpif_counters *);
static void ct_dpif_format_timestamp(struct ds *,
const struct ct_dpif_timestamp *);
static void ct_dpif_format_flags(struct ds *, const char *title,
uint32_t flags, const struct flags *);
static void ct_dpif_format_protoinfo(struct ds *, const char *title,
const struct ct_dpif_protoinfo *,
bool verbose);
static void ct_dpif_format_helper(struct ds *, const char *title,
const struct ct_dpif_helper *);
static const struct flags ct_dpif_status_flags[] = {
#define CT_DPIF_STATUS_FLAG(FLAG) { CT_DPIF_STATUS_##FLAG, #FLAG },
CT_DPIF_STATUS_FLAGS
#undef CT_DPIF_STATUS_FLAG
{ 0, NULL } /* End marker. */
};
/* Dumping */
/* Start dumping the entries from the connection tracker used by 'dpif'.
*
* 'dump' must be the address of a pointer to a struct ct_dpif_dump_state,
* which should be passed (unaltered) to ct_dpif_dump_{next,done}().
*
* If 'zone' is not NULL, it should point to an integer identifing a
* conntrack zone to which the dump will be limited. If it is NULL,
* conntrack entries from all zones will be dumped.
*
* If there has been a problem the function returns a non-zero value
* that represents the error. Otherwise it returns zero. */
int
ct_dpif_dump_start(struct dpif *dpif, struct ct_dpif_dump_state **dump,
const uint16_t *zone)
{
int err;
err = (dpif->dpif_class->ct_dump_start
? dpif->dpif_class->ct_dump_start(dpif, dump, zone)
: EOPNOTSUPP);
if (!err) {
(*dump)->dpif = dpif;
}
return err;
}
/* Dump one connection from a tracker, and put it in 'entry'.
*
* 'dump' should have been initialized by ct_dpif_dump_start().
*
* The function returns 0, if an entry has been dumped succesfully.
* Otherwise it returns a non-zero value which can be:
* - EOF: meaning that there are no more entries to dump.
* - an error value.
* In both cases, the user should call ct_dpif_dump_done(). */
int
ct_dpif_dump_next(struct ct_dpif_dump_state *dump, struct ct_dpif_entry *entry)
{
struct dpif *dpif = dump->dpif;
return (dpif->dpif_class->ct_dump_next
? dpif->dpif_class->ct_dump_next(dpif, dump, entry)
: EOPNOTSUPP);
}
/* Free resources used by 'dump' */
int
ct_dpif_dump_done(struct ct_dpif_dump_state *dump)
{
struct dpif *dpif = dump->dpif;
return (dpif->dpif_class->ct_dump_done
? dpif->dpif_class->ct_dump_done(dpif, dump)
: EOPNOTSUPP);
}
/* Flush the entries in the connection tracker used by 'dpif'.
*
* If 'zone' is not NULL, flush only the entries in '*zone'. */
int
ct_dpif_flush(struct dpif *dpif, const uint16_t *zone)
{
return (dpif->dpif_class->ct_flush
? dpif->dpif_class->ct_flush(dpif, zone)
: EOPNOTSUPP);
}
void
ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
{
if (entry) {
if (entry->helper.name) {
free(entry->helper.name);
}
}
}
void
ct_dpif_format_entry(const struct ct_dpif_entry *entry, struct ds *ds,
bool verbose, bool print_stats)
{
ct_dpif_format_ipproto(ds, entry->tuple_orig.ip_proto);
ds_put_cstr(ds, ",orig=(");
ct_dpif_format_tuple(ds, &entry->tuple_orig, verbose);
if (print_stats) {
ct_dpif_format_counters(ds, &entry->counters_orig);
}
ds_put_cstr(ds, ")");
ds_put_cstr(ds, ",reply=(");
ct_dpif_format_tuple(ds, &entry->tuple_reply, verbose);
if (print_stats) {
ct_dpif_format_counters(ds, &entry->counters_reply);
}
ds_put_cstr(ds, ")");
if (print_stats) {
ct_dpif_format_timestamp(ds, &entry->timestamp);
}
if (verbose) {
ds_put_format(ds, ",id=%"PRIu32, entry->id);
}
if (entry->zone) {
ds_put_format(ds, ",zone=%"PRIu16, entry->zone);
}
if (verbose) {
ct_dpif_format_flags(ds, ",status=", entry->status,
ct_dpif_status_flags);
}
if (print_stats) {
ds_put_format(ds, ",timeout=%"PRIu32, entry->timeout);
}
if (entry->mark) {
ds_put_format(ds, ",mark=%"PRIu32, entry->mark);
}
if (!ovs_u128_is_zero(&entry->labels)) {
ovs_be128 value;
ds_put_cstr(ds, ",labels=");
value = hton128(entry->labels);
ds_put_hex(ds, &value, sizeof value);
}
ct_dpif_format_protoinfo(ds, ",protoinfo=", &entry->protoinfo, verbose);
ct_dpif_format_helper(ds, ",helper=", &entry->helper);
if (verbose && entry->tuple_master.l3_type != 0) {
ds_put_cstr(ds, ",master=(");
ct_dpif_format_tuple(ds, &entry->tuple_master, verbose);
ds_put_cstr(ds, ")");
}
}
static void
ct_dpif_format_ipproto(struct ds *ds, uint16_t ipproto)
{
const char *name;
name = (ipproto == IPPROTO_ICMP) ? "icmp"
: (ipproto == IPPROTO_ICMPV6) ? "icmpv6"
: (ipproto == IPPROTO_TCP) ? "tcp"
: (ipproto == IPPROTO_UDP) ? "udp"
: (ipproto == IPPROTO_SCTP) ? "sctp"
: NULL;
if (name) {
ds_put_cstr(ds, name);
} else {
ds_put_format(ds, "%u", ipproto);
}
}
static void
ct_dpif_format_counters(struct ds *ds, const struct ct_dpif_counters *counters)
{
if (counters->packets || counters->bytes) {
ds_put_format(ds, ",packets=%"PRIu64",bytes=%"PRIu64,
counters->packets, counters->bytes);
}
}
static void
ct_dpif_format_timestamp(struct ds *ds,
const struct ct_dpif_timestamp *timestamp)
{
if (timestamp->start || timestamp->stop) {
ds_put_strftime_msec(ds, ",start=%Y-%m-%dT%H:%M:%S.###",
timestamp->start / UINT64_C(1000000), false);
if (timestamp->stop) {
ds_put_strftime_msec(ds, ",stop=%Y-%m-%dT%H:%M:%S.###",
timestamp->stop / UINT64_C(1000000), false);
}
}
}
static void
ct_dpif_format_tuple_icmp(struct ds *ds, const struct ct_dpif_tuple *tuple,
bool verbose)
{
if (verbose) {
ds_put_format(ds, ",id=%u,type=%u,code=%u",
ntohs(tuple->icmp_id),
tuple->icmp_type,
tuple->icmp_code);
} else {
ds_put_format(ds, ",id=%u", ntohs(tuple->icmp_id));
}
}
static void
ct_dpif_format_tuple_tp(struct ds *ds, const struct ct_dpif_tuple *tuple)
{
ds_put_format(ds, ",sport=%u,dport=%u",
ntohs(tuple->src_port), ntohs(tuple->dst_port));
}
void
ct_dpif_format_tuple(struct ds *ds, const struct ct_dpif_tuple *tuple,
bool verbose)
{
if (tuple->l3_type == AF_INET) {
ds_put_format(ds, "src="IP_FMT",dst="IP_FMT,
IP_ARGS(tuple->src.ip), IP_ARGS(tuple->dst.ip));
} else if (tuple->l3_type == AF_INET6) {
ds_put_cstr(ds, "src=");
ipv6_format_addr(&tuple->src.in6, ds);
ds_put_cstr(ds, ",dst=");
ipv6_format_addr(&tuple->dst.in6, ds);
} else {
ds_put_format(ds, "Unsupported address family: %u. HEX:\n",
tuple->l3_type);
ds_put_hex_dump(ds, tuple, sizeof *tuple, 0, false);
return;
}
if (tuple->ip_proto == IPPROTO_ICMP
|| tuple->ip_proto == IPPROTO_ICMPV6) {
ct_dpif_format_tuple_icmp(ds, tuple, verbose);
} else {
ct_dpif_format_tuple_tp(ds, tuple);
}
}
static void
ct_dpif_format_flags(struct ds *ds, const char *title, uint32_t flags,
const struct flags *table)
{
if (title) {
ds_put_cstr(ds, title);
}
for (; table->name; table++) {
if (flags & table->flag) {
ds_put_format(ds, "%s|", table->name);
}
}
ds_chomp(ds, '|');
}
static const struct flags tcp_flags[] = {
#define CT_DPIF_TCP_FLAG(FLAG) { CT_DPIF_TCPF_##FLAG, #FLAG },
CT_DPIF_TCP_FLAGS
#undef CT_DPIF_TCP_FLAG
{ 0, NULL } /* End marker. */
};
const char *ct_dpif_tcp_state_string[] = {
#define CT_DPIF_TCP_STATE(STATE) [CT_DPIF_TCPS_##STATE] = #STATE,
CT_DPIF_TCP_STATES
#undef CT_DPIF_TCP_STATE
};
static void
ct_dpif_format_enum__(struct ds *ds, const char *title, unsigned int state,
const char *names[], unsigned int max)
{
if (title) {
ds_put_cstr(ds, title);
}
if (state < max) {
ds_put_cstr(ds, names[state]);
} else {
ds_put_format(ds, "[%u]", state);
}
}
#define ct_dpif_format_enum(DS, TITLE, STATE, NAMES) \
ct_dpif_format_enum__((DS), (TITLE), (STATE), (NAMES), ARRAY_SIZE(NAMES))
static uint8_t
coalesce_tcp_state(uint8_t state)
{
/* The Linux kernel connection tracker and the userspace view the
* tcp states differently in some situations. If we're formatting
* the entry without being verbose, it is worth to adjust the
* differences, to ease writing testcases. */
switch (state) {
case CT_DPIF_TCPS_FIN_WAIT_2:
return CT_DPIF_TCPS_TIME_WAIT;
case CT_DPIF_TCPS_SYN_RECV:
return CT_DPIF_TCPS_ESTABLISHED;
default:
return state;
}
}
static void
ct_dpif_format_protoinfo_tcp(struct ds *ds,
const struct ct_dpif_protoinfo *protoinfo)
{
uint8_t tcp_state;
/* We keep two separate tcp states, but we print just one. The Linux
* kernel connection tracker internally keeps only one state, so
* 'state_orig' and 'state_reply', will be the same. */
tcp_state = MAX(protoinfo->tcp.state_orig, protoinfo->tcp.state_reply);
tcp_state = coalesce_tcp_state(tcp_state);
ct_dpif_format_enum(ds, "state=", tcp_state, ct_dpif_tcp_state_string);
}
static void
ct_dpif_format_protoinfo_tcp_verbose(struct ds *ds,
const struct ct_dpif_protoinfo *protoinfo)
{
ct_dpif_format_enum(ds, "state_orig=", protoinfo->tcp.state_orig,
ct_dpif_tcp_state_string);
ct_dpif_format_enum(ds, ",state_reply=", protoinfo->tcp.state_reply,
ct_dpif_tcp_state_string);
if (protoinfo->tcp.wscale_orig || protoinfo->tcp.wscale_reply) {
ds_put_format(ds, ",wscale_orig=%u,wscale_reply=%u",
protoinfo->tcp.wscale_orig,
protoinfo->tcp.wscale_reply);
}
ct_dpif_format_flags(ds, ",flags_orig=", protoinfo->tcp.flags_orig,
tcp_flags);
ct_dpif_format_flags(ds, ",flags_reply=", protoinfo->tcp.flags_reply,
tcp_flags);
}
static void
ct_dpif_format_protoinfo(struct ds *ds, const char *title,
const struct ct_dpif_protoinfo *protoinfo,
bool verbose)
{
if (protoinfo->proto != 0) {
if (title) {
ds_put_format(ds, "%s(", title);
}
switch (protoinfo->proto) {
case IPPROTO_TCP:
if (verbose) {
ct_dpif_format_protoinfo_tcp_verbose(ds, protoinfo);
} else {
ct_dpif_format_protoinfo_tcp(ds, protoinfo);
}
break;
}
if (title) {
ds_put_cstr(ds, ")");
}
}
}
static void
ct_dpif_format_helper(struct ds *ds, const char *title,
const struct ct_dpif_helper *helper)
{
if (helper->name) {
if (title) {
ds_put_cstr(ds, title);
}
ds_put_cstr(ds, helper->name);
}
}