From 662975e43c3f65b52d32e12cdff3d9796c9f138b Mon Sep 17 00:00:00 2001
From: Sairam Venugopal <vsairam@vmware.com>
Date: Tue, 1 Aug 2017 15:01:44 -0700
Subject: [PATCH] datapath-windows: Fix conntrack lookups for reversed keys

The conntrack table needs to be queried for entries in either directions
to determine if the packet is in forward direction or reply direction.

The current behavior ends up reversing the incoming packet's 5-Tuple for
every entry in the loop instead of doing it only once.

Testing Done:
- Verified that ICMP requests are no longer treated as replies
in Conntrack.

Co-authored-by: Sairam Venugopal <vsairam@vmware.com>
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
---
 datapath-windows/ovsext/Conntrack.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index 8ea1e6590..917ebee98 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -401,7 +401,14 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx)
     POVS_CT_ENTRY entry;
     BOOLEAN reply = FALSE;
     POVS_CT_ENTRY found = NULL;
-    OVS_CT_KEY key = ctx->key;
+
+    /* Reverse NAT must be performed before OvsCtLookup, so here
+     * we simply need to flip the src and dst in key and compare
+     * they are equal. Note that flipped key is not equal to
+     * rev_key due to NAT effect.
+     */
+    OVS_CT_KEY revCtxKey = ctx->key;
+    OvsCtKeyReverse(&revCtxKey);
 
     if (!ctTotalEntries) {
         return found;
@@ -410,19 +417,13 @@ OvsCtLookup(OvsConntrackKeyLookupCtx *ctx)
     LIST_FORALL(&ovsConntrackTable[ctx->hash & CT_HASH_TABLE_MASK], link) {
         entry = CONTAINING_RECORD(link, OVS_CT_ENTRY, link);
 
-        if (OvsCtKeyAreSame(key,entry->key)) {
+        if (OvsCtKeyAreSame(ctx->key, entry->key)) {
             found = entry;
             reply = FALSE;
             break;
         }
 
-        /* Reverse NAT must be performed before OvsCtLookup, so here
-         * we simply need to flip the src and dst in key and compare
-         * they are equal. Note that flipped key is not equal to
-         * rev_key due to NAT effect.
-         */
-        OvsCtKeyReverse(&key);
-        if (OvsCtKeyAreSame(key, entry->key)) {
+        if (OvsCtKeyAreSame(revCtxKey, entry->key)) {
             found = entry;
             reply = TRUE;
             break;
-- 
2.39.2