]> git.proxmox.com Git - mirror_ovs.git/blob - datapath-windows/ovsext/Conntrack.h
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
datapath-windows, conntrack: Fix conntrack new state
[mirror_ovs.git] / datapath-windows / ovsext / Conntrack.h
1 /*
2 * Copyright (c) 2015, 2016 VMware, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef __OVS_CONNTRACK_H_
18 #define __OVS_CONNTRACK_H_ 1
19
20 #include "precomp.h"
21 #include "Actions.h"
22 #include "Debug.h"
23 #include "Flow.h"
24 #include <stddef.h>
25
26 #ifdef OVS_DBG_MOD
27 #undef OVS_DBG_MOD
28 #endif
29 #define OVS_DBG_MOD OVS_DBG_CONTRK
30
31 struct ct_addr {
32 union {
33 ovs_be32 ipv4;
34 struct in6_addr ipv6;
35 uint32_t ipv4_aligned;
36 struct in6_addr ipv6_aligned;
37 };
38 };
39
40 struct ct_endpoint {
41 struct ct_addr addr;
42 union {
43 struct {
44 ovs_be16 port;
45 uint16 pad_port;
46 };
47 struct {
48 ovs_be16 icmp_id;
49 uint8_t icmp_type;
50 uint8_t icmp_code;
51 };
52 };
53 };
54
55 typedef enum CT_UPDATE_RES {
56 CT_UPDATE_INVALID,
57 CT_UPDATE_VALID,
58 CT_UPDATE_NEW,
59 CT_UPDATE_VALID_NEW,
60 } CT_UPDATE_RES;
61
62 /* Metadata mark for masked write to conntrack mark */
63 typedef struct MD_MARK {
64 UINT32 value;
65 UINT32 mask;
66 } MD_MARK;
67
68 /* Metadata label for masked write to conntrack label. */
69 typedef struct MD_LABELS {
70 struct ovs_key_ct_labels value;
71 struct ovs_key_ct_labels mask;
72 } MD_LABELS;
73
74 typedef enum _NAT_ACTION {
75 NAT_ACTION_NONE = 0,
76 NAT_ACTION_REVERSE = 1 << 0,
77 NAT_ACTION_SRC = 1 << 1,
78 NAT_ACTION_SRC_PORT = 1 << 2,
79 NAT_ACTION_DST = 1 << 3,
80 NAT_ACTION_DST_PORT = 1 << 4,
81 } NAT_ACTION;
82
83 typedef struct _OVS_CT_KEY {
84 struct ct_endpoint src;
85 struct ct_endpoint dst;
86 UINT16 dl_type;
87 UINT8 nw_proto;
88 UINT16 zone;
89 UINT64 packetCount;
90 UINT64 byteCount;
91 } OVS_CT_KEY, *POVS_CT_KEY;
92
93 typedef struct _NAT_ACTION_INFO {
94 struct ct_addr minAddr;
95 struct ct_addr maxAddr;
96 uint16_t minPort;
97 uint16_t maxPort;
98 uint16_t natAction;
99 } NAT_ACTION_INFO, *PNAT_ACTION_INFO;
100
101 typedef struct OVS_CT_ENTRY {
102 NDIS_SPIN_LOCK lock; /* Protects OVS_CT_ENTRY. */
103 OVS_CT_KEY key;
104 OVS_CT_KEY rev_key;
105 UINT64 expiration;
106 LIST_ENTRY link;
107 UINT32 mark;
108 UINT64 timestampStart;
109 struct ovs_key_ct_labels labels;
110 NAT_ACTION_INFO natInfo;
111 PVOID parent; /* Points to main connection */
112 } OVS_CT_ENTRY, *POVS_CT_ENTRY;
113
114 typedef struct OVS_CT_REL_ENTRY {
115 OVS_CT_KEY key;
116 POVS_CT_ENTRY parent;
117 UINT64 expiration;
118 LIST_ENTRY link;
119 } OVS_CT_REL_ENTRY, *POVS_CT_REL_ENTRY;
120
121 typedef struct _OVS_CT_THREAD_CTX {
122 KEVENT event;
123 PVOID threadObject;
124 UINT32 exit;
125 } OVS_CT_THREAD_CTX, *POVS_CT_THREAD_CTX;
126
127 typedef struct OvsConntrackKeyLookupCtx {
128 OVS_CT_KEY key;
129 POVS_CT_ENTRY entry;
130 UINT32 hash;
131 BOOLEAN reply;
132 BOOLEAN related;
133 } OvsConntrackKeyLookupCtx;
134
135 /* Per zone strucuture. */
136 typedef struct _OVS_CT_ZONE_INFO {
137 ULONG limit;
138 ULONG entries;
139 } OVS_CT_ZONE_INFO, *POVS_CT_ZONE_INFO;
140
141 typedef struct _OVS_CT_ZONE_LIMIT {
142 int zone_id;
143 ULONG limit;
144 ULONG count;
145 } OVS_CT_ZONE_LIMIT, *POVS_CT_ZONE_LIMIT;
146
147 #define CT_MAX_ENTRIES 1 << 21
148 #define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
149 #define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
150 #define CT_INTERVAL_SEC 10000000LL //1s
151 #define CT_ENTRY_TIMEOUT (2 * 60 * CT_INTERVAL_SEC) // 2m
152 #define CT_CLEANUP_INTERVAL (2 * 60 * CT_INTERVAL_SEC) // 2m
153
154
155 /* Given POINTER, the address of the given MEMBER in a STRUCT object, returns
156 the STRUCT object. */
157 #define CONTAINER_OF(POINTER, STRUCT, MEMBER) \
158 ((STRUCT *) (void *) ((char *) (POINTER) - \
159 offsetof (STRUCT, MEMBER)))
160
161 static __inline void
162 OvsConntrackUpdateExpiration(OVS_CT_ENTRY *ctEntry,
163 long long now,
164 long long interval)
165 {
166 ctEntry->expiration = now + interval;
167 }
168
169 static const TCPHdr*
170 OvsGetTcpHeader(PNET_BUFFER_LIST nbl,
171 OVS_PACKET_HDR_INFO *layers,
172 VOID *storage,
173 UINT32 *tcpPayloadLen)
174 {
175 IPHdr *ipHdr;
176 TCPHdr *tcp;
177 VOID *dest = storage;
178
179 ipHdr = NdisGetDataBuffer(NET_BUFFER_LIST_FIRST_NB(nbl),
180 layers->l4Offset + sizeof(TCPHdr),
181 NULL, 1 /*no align*/, 0);
182 if (ipHdr == NULL) {
183 return NULL;
184 }
185
186 ipHdr = (IPHdr *)((PCHAR)ipHdr + layers->l3Offset);
187 tcp = (TCPHdr *)((PCHAR)ipHdr + ipHdr->ihl * 4);
188 if (tcp->doff * 4 >= sizeof *tcp) {
189 NdisMoveMemory(dest, tcp, sizeof(TCPHdr));
190 *tcpPayloadLen = TCP_DATA_LENGTH(ipHdr, tcp);
191 return storage;
192 }
193
194 return NULL;
195 }
196
197 VOID OvsCleanupConntrack(VOID);
198 NTSTATUS OvsInitConntrack(POVS_SWITCH_CONTEXT context);
199
200 NDIS_STATUS OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
201 OvsFlowKey *key,
202 const PNL_ATTR a);
203 BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp);
204 BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp);
205 OVS_CT_ENTRY * OvsConntrackCreateTcpEntry(const TCPHdr *tcp,
206 UINT64 now,
207 UINT32 tcpPayloadLen);
208 NDIS_STATUS OvsCtMapTcpProtoInfoToNl(PNL_BUFFER nlBuf,
209 OVS_CT_ENTRY *conn_);
210 OVS_CT_ENTRY * OvsConntrackCreateOtherEntry(UINT64 now);
211 OVS_CT_ENTRY * OvsConntrackCreateIcmpEntry(UINT64 now);
212 enum CT_UPDATE_RES OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_,
213 const TCPHdr *tcp,
214 BOOLEAN reply,
215 UINT64 now,
216 UINT32 tcpPayloadLen);
217 enum CT_UPDATE_RES OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_,
218 BOOLEAN reply,
219 UINT64 now);
220 enum CT_UPDATE_RES OvsConntrackUpdateIcmpEntry(OVS_CT_ENTRY* conn_,
221 BOOLEAN reply,
222 UINT64 now);
223 NTSTATUS OvsCreateNlMsgFromCtEntry(POVS_CT_ENTRY entry,
224 PVOID outBuffer,
225 UINT32 outBufLen,
226 UINT8 eventType,
227 UINT32 nlmsgSeq,
228 UINT32 nlmsgPid,
229 UINT8 nfGenVersion,
230 UINT32 dpIfIndex);
231
232 /* Tracking related connections */
233 NTSTATUS OvsInitCtRelated(POVS_SWITCH_CONTEXT context);
234 VOID OvsCleanupCtRelated(VOID);
235 NDIS_STATUS OvsCtRelatedEntryCreate(UINT8 ipProto,
236 UINT16 dl_type,
237 UINT32 serverIp,
238 UINT32 clientIp,
239 UINT16 serverPort,
240 UINT16 clientPort,
241 UINT64 currentTime,
242 POVS_CT_ENTRY parent);
243 POVS_CT_ENTRY OvsCtRelatedLookup(OVS_CT_KEY key, UINT64 currentTime);
244
245 NDIS_STATUS OvsCtHandleFtp(PNET_BUFFER_LIST curNbl,
246 OvsFlowKey *key,
247 OVS_PACKET_HDR_INFO *layers,
248 UINT64 currentTime,
249 POVS_CT_ENTRY entry,
250 BOOLEAN request);
251 #endif /* __OVS_CONNTRACK_H_ */
openvswitch mirror