Added checksum for PacketOut to avoid invalid packet (#967)

pkg/agent/controller/traceflow/traceflow_controller.go

@@ -41,6 +41,9 @@ import (
 	"github.com/vmware-tanzu/antrea/pkg/ovs/ovsconfig"
 )
 
+type icmpType uint8
+type icmpCode uint8
+
 const (
 	controllerName = "AntreaAgentTraceflowController"
 	// Set resyncPeriod to 0 to disable resyncing.
@@ -53,6 +56,9 @@ const (
 	// Seconds delay before injecting packet into OVS. The time of different nodes may not be completely
 	// synchronized, which requires a delay before inject packet.
 	injectPacketDelay = 5
+	// ICMP Echo Request type and code.
+	icmpEchoRequestType icmpType = 8
+	icmpEchoRequestCode icmpCode = 0
 )
 
 // Controller is responsible for setting up Openflow entries and injecting traceflow packet into
@@ -341,8 +347,8 @@ func (c *Controller) injectPacket(tf *opsv1alpha1.Traceflow) error {
 		TCPFlags,
 		UDPSrcPort,
 		UDPDstPort,
-		0,
-		0,
+		uint8(icmpEchoRequestType),
+		uint8(icmpEchoRequestCode),
 		ICMPID,
 		ICMPSequence,
 		uint32(podInterfaces[0].OFPort),

pkg/ovs/openflow/ofctrl_packetout.go

@@ -201,13 +201,17 @@ func (b *ofPacketOutBuilder) AddLoadAction(name string, data uint64, rng Range)
 func (b *ofPacketOutBuilder) Done() *ofctrl.PacketOut {
 	if b.pktOut.ICMPHeader != nil {
 		b.setICMPData()
+		b.pktOut.ICMPHeader.Checksum = b.icmpHeaderChecksum()
 		b.pktOut.IPHeader.Length = 20 + b.pktOut.ICMPHeader.Len()
 	} else if b.pktOut.TCPHeader != nil {
 		b.pktOut.TCPHeader.HdrLen = 5
 		b.pktOut.TCPHeader.SeqNum = rand.Uint32()
 		b.pktOut.TCPHeader.AckNum = rand.Uint32()
+		b.pktOut.TCPHeader.Checksum = b.tcpHeaderChecksum()
 		b.pktOut.IPHeader.Length = 20 + b.pktOut.TCPHeader.Len()
 	} else if b.pktOut.UDPHeader != nil {
+		b.pktOut.UDPHeader.Length = b.pktOut.UDPHeader.Len()
+		b.pktOut.UDPHeader.Checksum = b.udpHeaderChecksum()
 		b.pktOut.IPHeader.Length = 20 + b.pktOut.UDPHeader.Len()
 	}
 	b.pktOut.IPHeader.Id = uint16(rand.Uint32())
@@ -217,6 +221,7 @@ func (b *ofPacketOutBuilder) Done() *ofctrl.PacketOut {
 	} else {
 		b.pktOut.IPHeader.Version = 0x6
 	}
+	b.pktOut.IPHeader.Checksum = b.ipHeaderChecksum()
 	return b.pktOut
 }
 
@@ -230,3 +235,60 @@ func (b *ofPacketOutBuilder) setICMPData() {
 	}
 	b.pktOut.ICMPHeader.Data = data
 }
+
+func (b *ofPacketOutBuilder) ipHeaderChecksum() uint16 {
+	ipHeader := *b.pktOut.IPHeader
+	ipHeader.Checksum = 0
+	ipHeader.Data = nil
+	data, _ := ipHeader.MarshalBinary()
+	return checksum(data)
+}
+
+func (b *ofPacketOutBuilder) icmpHeaderChecksum() uint16 {
+	icmpHeader := *b.pktOut.ICMPHeader
+	icmpHeader.Checksum = 0
+	data, _ := icmpHeader.MarshalBinary()
+	return checksum(data)
+}
+
+func (b *ofPacketOutBuilder) tcpHeaderChecksum() uint16 {
+	tcpHeader := *b.pktOut.TCPHeader
+	tcpHeader.Checksum = 0
+	data, _ := tcpHeader.MarshalBinary()
+	checksumData := append(b.generatePseudoHeader(uint16(len(data))), data...)
+	return checksum(checksumData)
+}
+
+func (b *ofPacketOutBuilder) udpHeaderChecksum() uint16 {
+	udpHeader := *b.pktOut.UDPHeader
+	udpHeader.Checksum = 0
+	data, _ := udpHeader.MarshalBinary()
+	checksumData := append(b.generatePseudoHeader(uint16(len(data))), data...)
+	return checksum(checksumData)
+}
+
+func (b *ofPacketOutBuilder) generatePseudoHeader(length uint16) []byte {
+	pseudoHeader := make([]byte, 12)
+	copy(pseudoHeader[0:4], b.pktOut.IPHeader.NWSrc.To4())
+	copy(pseudoHeader[4:8], b.pktOut.IPHeader.NWDst.To4())
+	pseudoHeader[8] = 0x0
+	pseudoHeader[9] = b.pktOut.IPHeader.Protocol
+	binary.BigEndian.PutUint16(pseudoHeader[10:12], length)
+	return pseudoHeader
+}
+
+func checksum(data []byte) uint16 {
+	var sum uint32
+	var index int
+	length := len(data)
+	for length > 1 {
+		sum += uint32(data[index])<<8 + uint32(data[index+1])
+		index += 2
+		length -= 2
+	}
+	if length > 0 {
+		sum += uint32(data[index])
+	}
+	sum += (sum >> 16)
+	return uint16(^sum)
+}