| Message ID | 1587066893-108405-1-git-send-email-u9012063@gmail.com |
|---|---|
| State | Accepted |
| Commit | 38c69ccf8e294109326d6c1d38a300175d6d370f |
| Headers | show |
| Series | [ovs-dev,PATCHv2] conntrack: Add coverage count for l4csum error. | expand |
On Thu, Apr 16, 2020 at 12:55 PM William Tu <u9012063@gmail.com> wrote: > > Add a coverage counter when userspace conntrack receives a packet > with invalid l4 checksum. When using veth for testing, users > often forget to turn off the tx offload on the other side of the > namespace, causing l4 checksum not calculated in packet header, > and at conntrack, return invalid conntrack state. > > Suggested-by: Yi-Hung Wei <yihung.wei@gmail.com> > Signed-off-by: William Tu <u9012063@gmail.com> > --- LGTM. Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
On Fri, Apr 17, 2020 at 09:21:55AM -0700, Yi-Hung Wei wrote: > On Thu, Apr 16, 2020 at 12:55 PM William Tu <u9012063@gmail.com> wrote: > > > > Add a coverage counter when userspace conntrack receives a packet > > with invalid l4 checksum. When using veth for testing, users > > often forget to turn off the tx offload on the other side of the > > namespace, causing l4 checksum not calculated in packet header, > > and at conntrack, return invalid conntrack state. > > > > Suggested-by: Yi-Hung Wei <yihung.wei@gmail.com> > > Signed-off-by: William Tu <u9012063@gmail.com> > > --- > LGTM. > > Acked-by: Yi-Hung Wei <yihung.wei@gmail.com> Applied, thanks
diff --git a/lib/conntrack.c b/lib/conntrack.c index 0cbc8f6d2b25..95d48c5eecae 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -44,6 +44,7 @@ VLOG_DEFINE_THIS_MODULE(conntrack); COVERAGE_DEFINE(conntrack_full); COVERAGE_DEFINE(conntrack_long_cleanup); +COVERAGE_DEFINE(conntrack_l4csum_err); struct conn_lookup_ctx { struct conn_key key; @@ -1661,6 +1662,7 @@ checksum_valid(const struct conn_key *key, const void *data, size_t size, } else if (key->dl_type == htons(ETH_TYPE_IPV6)) { return packet_csum_upperlayer6(l3, data, key->nw_proto, size) == 0; } else { + COVERAGE_INC(conntrack_l4csum_err); return false; } } @@ -1704,7 +1706,12 @@ check_l4_udp(const struct conn_key *key, const void *data, size_t size, static inline bool check_l4_icmp(const void *data, size_t size, bool validate_checksum) { - return validate_checksum ? csum(data, size) == 0 : true; + if (validate_checksum && csum(data, size) != 0) { + COVERAGE_INC(conntrack_l4csum_err); + return false; + } else { + return true; + } } static inline bool
Add a coverage counter when userspace conntrack receives a packet with invalid l4 checksum. When using veth for testing, users often forget to turn off the tx offload on the other side of the namespace, causing l4 checksum not calculated in packet header, and at conntrack, return invalid conntrack state. Suggested-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: William Tu <u9012063@gmail.com> --- v2: add also icmp csum error --- lib/conntrack.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)