From 43763b76b258920cac69a18d6f494971bb738b6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jarom=C3=ADr=20Smr=C4=8Dek?= <4plague@gmail.com> Date: Tue, 10 Dec 2024 15:32:49 +0100 Subject: [PATCH] Match exact flags in TCP state machine --- include/dp_util.h | 9 +++++++++ src/dp_cntrack.c | 6 +++--- src/nodes/virtsvc_node.c | 6 +++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/dp_util.h b/include/dp_util.h index 966171dc..086f3b69 100644 --- a/include/dp_util.h +++ b/include/dp_util.h @@ -38,6 +38,15 @@ extern "C" { #define DP_TCP_PKT_FLAG_SYNACK(FLAGS) \ (((FLAGS) & (RTE_TCP_SYN_FLAG|RTE_TCP_ACK_FLAG)) == (RTE_TCP_SYN_FLAG|RTE_TCP_ACK_FLAG)) +#define DP_TCP_PKT_FLAG_EXACT(FLAGS, REQUIRED) \ + (((FLAGS) & 0xFF) == (REQUIRED)) +#define DP_TCP_PKT_FLAG_ONLY_SYN(FLAGS) \ + DP_TCP_PKT_FLAG_EXACT((FLAGS), RTE_TCP_SYN_FLAG) +#define DP_TCP_PKT_FLAG_ONLY_ACK(FLAGS) \ + DP_TCP_PKT_FLAG_EXACT((FLAGS), RTE_TCP_ACK_FLAG) +#define DP_TCP_PKT_FLAG_ONLY_SYNACK(FLAGS) \ + DP_TCP_PKT_FLAG_EXACT((FLAGS), (RTE_TCP_SYN_FLAG | RTE_TCP_ACK_FLAG)) + int dp_get_dev_info(uint16_t port_id, struct rte_eth_dev_info *dev_info, char ifname[IF_NAMESIZE]); diff --git a/src/dp_cntrack.c b/src/dp_cntrack.c index b8702b4f..b26c5fe0 100644 --- a/src/dp_cntrack.c +++ b/src/dp_cntrack.c @@ -59,15 +59,15 @@ static __rte_always_inline void dp_cntrack_tcp_state(struct flow_value *flow_val switch (flow_val->l4_state.tcp_state) { case DP_FLOW_TCP_STATE_NONE: case DP_FLOW_TCP_STATE_RST_FIN: - if (DP_TCP_PKT_FLAG_SYN(tcp_flags) && df->flow_dir == DP_FLOW_DIR_ORG) + if (DP_TCP_PKT_FLAG_ONLY_SYN(tcp_flags) && df->flow_dir == DP_FLOW_DIR_ORG) flow_val->l4_state.tcp_state = DP_FLOW_TCP_STATE_NEW_SYN; break; case DP_FLOW_TCP_STATE_NEW_SYN: - if (DP_TCP_PKT_FLAG_SYNACK(tcp_flags) && df->flow_dir == DP_FLOW_DIR_REPLY) + if (DP_TCP_PKT_FLAG_ONLY_SYNACK(tcp_flags) && df->flow_dir == DP_FLOW_DIR_REPLY) flow_val->l4_state.tcp_state = DP_FLOW_TCP_STATE_NEW_SYNACK; break; case DP_FLOW_TCP_STATE_NEW_SYNACK: - if (DP_TCP_PKT_FLAG_ACK(tcp_flags) && df->flow_dir == DP_FLOW_DIR_ORG) + if (DP_TCP_PKT_FLAG_ONLY_ACK(tcp_flags) && df->flow_dir == DP_FLOW_DIR_ORG) flow_val->l4_state.tcp_state = DP_FLOW_TCP_STATE_ESTABLISHED; break; default: diff --git a/src/nodes/virtsvc_node.c b/src/nodes/virtsvc_node.c index 7cf46867..a615cbcc 100644 --- a/src/nodes/virtsvc_node.c +++ b/src/nodes/virtsvc_node.c @@ -34,15 +34,15 @@ static __rte_always_inline void virtsvc_tcp_state_change(struct dp_virtsvc_conn } else { switch (conn->state) { case DP_VIRTSVC_CONN_TRANSIENT: - if (DP_TCP_PKT_FLAG_SYN(tcp_flags)) + if (DP_TCP_PKT_FLAG_ONLY_SYN(tcp_flags)) conn->state = DP_VIRTSVC_CONN_TRANSIENT_SYN; break; case DP_VIRTSVC_CONN_TRANSIENT_SYN: - if (DP_TCP_PKT_FLAG_SYNACK(tcp_flags)) + if (DP_TCP_PKT_FLAG_ONLY_SYNACK(tcp_flags)) conn->state = DP_VIRTSVC_CONN_TRANSIENT_SYNACK; break; case DP_VIRTSVC_CONN_TRANSIENT_SYNACK: - if (DP_TCP_PKT_FLAG_ACK(tcp_flags)) + if (DP_TCP_PKT_FLAG_ONLY_ACK(tcp_flags)) conn->state = DP_VIRTSVC_CONN_ESTABLISHED; break; case DP_VIRTSVC_CONN_ESTABLISHED: