[Kernel-packages] [Bug 1873961] Re: tc filter show tcp_flags wrong mask value

Tue, 04 Aug 2020 01:22:05 -0700 

** Changed in: ubuntu-power-systems
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1873961

Title:
  tc filter show tcp_flags wrong mask value

Status in The Ubuntu-power-systems project:
  Fix Released
Status in iproute2 package in Ubuntu:
  Fix Released
Status in iproute2 source package in Bionic:
  Fix Released

Bug description:
  [SRU Justification]

  Impact: The tc command does not show the correct values for tcp_flags
  (and ip_tos) on filter rules. This might break other scripts parsing
  that output but at least confuses users.

  Fix: Backport of "tc: fix bugs for tcp_flags and ip_attr hex output"
  from upstream iproute2.

  Testcase:
  tc qdisc add dev lo ingress
  tc filter add dev lo parent ffff: prio 3 proto ip flower ip_tos 0x8/32
  tc filter add dev lo parent ffff: prio 5 proto ip flower ip_proto tcp \
       tcp_flags 0x909/f00

  tc filter show dev lo parent ffff:

  filter protocol ip pref 3 flower chain 0
  filter protocol ip pref 3 flower chain 0 handle 0x1
    eth_type ipv4
    ip_tos a9606c10 <-- bad, should be 0x8/32
    not_in_hw
  filter protocol ip pref 5 flower chain 0
  filter protocol ip pref 5 flower chain 0 handle 0x1
    eth_type ipv4
    ip_proto tcp
    tcp_flags 909909 <-- bad, should be 0x909/f00
    not_in_hw

  Note that the ip_tos value in the -j[son] output is correct, while the 
tcp_flags value is
  is incorrect in both cases.

  Risk of Regression:
  Low: Usually scripts would use the json output and that has at least the ip 
output correct. And the values shown in the bad case seem to be little useful. 
So it seems unlikely anybody relied on them. But cannot completely be ruled out.

  === Original description ===

  ---Problem Description---
  Problem Descriptions
  "tc" utility does not show correct TC rule's tcp_flags mask correctly in 
current "iproute2" package shipped on Genesis.
  # dpkg -l |grep iproute2
  ii  iproute2  4.15.0-2ubuntu1  ppc64el      networking and traffic control 
tools

  ---Steps to Reproduce---
   Steps to reproduce the problem:
  1) Add a tc rule to the testing VF (i.e. p0v2_r):
  # tc filter add dev p0v2 protocol ip parent ffff: pref 5 chain 1 handle 0x1  
flower src_mac 00:00:00:00:4e:2f/00:00:00:ff:ff:ff ip_proto tcp tcp_flags 2  
skip_sw action mirred egress redirect dev p0v0_r

  2) Validate the added TC rule:
  # tc filter show dev p0v2_r root
  filter protocol ip pref 5 flower chain 1
  filter protocol ip pref 5 flower chain 1 handle 0x1
    src_mac 00:00:00:00:4e:2f/00:00:00:ff:ff:ff
    eth_type ipv4
    ip_proto tcp
    tcp_flags 22   /* <--- Wrong */
    skip_sw
    in_hw
          action order 1: mirred (Egress Redirect to device p0v0_r) stolen

  3) If we add the tcp_flags using explicit mask 0x7:
  # tc filter add dev p0v2 protocol ip parent ffff: pref 5 chain 1 handle 0x1  
flower src_mac 00:00:00:00:4e:2f/00:00:00:ff:ff:ff ip_proto tcp tcp_flags 0x2/7 
 skip_sw action mirred egress redirect dev p0v0_r

  After that, using "tc filter show dev p0v2_r root" to verify, we still
  see the same output (tcp_flags 22) as shown in 2) above, which is
  wrong.

  Userspace tool common name: tc

  The userspace tool has the following bit modes: 64-bit

  Userspace package: iproute2

  ==
  Fixes:
  There are 2 patches to fix the issue:
  patch 1:
  commit b85076cd74e77538918d35992b1a9cd17ff86af8
  Author: Stephen Hemminger <step...@networkplumber.org>
  Date:   Tue Sep 11 08:29:33 2018 -0700
      lib: introduce print_nl
      Common pattern in iproute commands is to print a line seperator
      in non-json mode. Make that a simple function.
  /* This patch declares global variable "const char *_SL_ = "\n";" in 
lib/utils.c to be used by 2nd patch */

  patch 2:
  commit e8bd395508cead5a81c2bebd9d3705a9e41ea8bc
  Author: Keara Leibovitz <kl...@mojatatu.com>
  Date:   Thu Jul 26 09:45:30 2018 -0400
      tc: fix bugs for tcp_flags and ip_attr hex output
      Fix hex output for both the ip_attr and tcp_flags print functions.

  With the above 2 patches pull in, the new "tc" utility will show the correct 
tcp_flags mask:
  # tc filter show dev p0v2 root
  filter protocol ip pref 5 flower chain 1
  filter protocol ip pref 5 flower chain 1 handle 0x1
    src_mac 00:00:00:00:4e:2f/00:00:00:ff:ff:ff
    eth_type ipv4
    ip_proto tcp
    tcp_flags 0x2/7   /* <--- Correct */
    skip_sw
    in_hw
          action order 1: mirred (Egress Redirect to device p0v0_r) stolen

  ====
  This bug affects tc in Ubuntu 18.04.1 stock image.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1873961/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to