Okay, I think the high level point is we should expose malformed packets and let others decide how to handle it. Can someone review this patch before I push?
Regards KK On 14 January 2011 01:25, Rob Sherwood <rob.sherw...@stanford.edu> wrote: > Fwiw, I agree with what both Masa and KK. > > Masa's point: OFPP_TABLE shouldn't be a special case: i.e., it should > be able to generate packet_in's on the second pss > > KK's point: this should be more explicitly called out in the spec. > > I think if you were to suggest a specific wording in the next week, > this could still make it into the 1.1 spec. > > - Rob > . > > > > On Thu, Jan 13, 2011 at 7:06 PM, Masayoshi Kobayashi > <mkoba...@stanford.edu> wrote: >> KK, >> >> I think the implementer will read the spec the other way around. >> Spec requires nothing special about OFPP_TABLE action (it does not say >> "don't generate pkt_in, if there is no match"). So the switch >> just follows the default behavior, i.e., pkt_in will be generated. >> >> I would expect the reference design also does the same. >> >> Masa >> >> On 01/13/2011 06:38 PM, kk yap wrote: >>>> >>>> Because the action of pkt_out is "OFPP_TABLE". >>>> (the packet in pkt_out does not match to the entry that is installed by >>>> flow_mod, since the matching entry says nw_proto=0). >>> >>> Is there anything in the spec that says that the switch should send >>> another packet-in if there is no matching entry for a OFPP_TABLE? I >>> am failing to find that. Can someone point to why this behavior is >>> specified by the spec? >>> >>> Regards >>> KK >>> >>> On 13 January 2011 18:28, Masayoshi Kobayashi<mkoba...@stanford.edu> >>> wrote: >>>> >>>> KK, >>>> >>>>> I thought about it a little. Why is the switch doing step 7? >>>> >>>> Because the action of pkt_out is "OFPP_TABLE". >>>> (the packet in pkt_out does not match to the entry that is installed by >>>> flow_mod, since the matching entry says nw_proto=0). >>>> >>>> Masa >>>> >>>> On 01/13/2011 06:06 PM, kk yap wrote: >>>>> >>>>> Hi Srini, >>>>> >>>>> I thought about it a little. Why is the switch doing step 7? >>>>> >>>>> Anyway, I do agree that NOX is not handling malformed packets right. >>>>> I have included an invalid field in the struct flow, and created a >>>>> component that ignore invalid packets. If anyone will double-check >>>>> and test the patches attached, I will push it. >>>>> >>>>> Regards >>>>> KK >>>>> >>>>> On 13 January 2011 16:13, Srini Seetharaman<seeth...@stanford.edu> >>>>> wrote: >>>>>> >>>>>> I explained this to KK in person. For others, here is the sequence of >>>>>> events: >>>>>> >>>>>> 1. Packet arrives with (nw_proto=6, tp_src=0, tp_dst=0). Store in bufid >>>>>> 'X' >>>>>> 2. flow.cc identifies that the arrived TCP packet is corrupted, and >>>>>> generates >>>>>> pkt_in event with flow structure having (nw_proto=0, tp_src=0, >>>>>> tp_dst=0) >>>>>> 3. Authenticator generates a flow_in with flow_in.flow being same as >>>>>> above >>>>>> 3. routing.cc generates a flow_mod for the flow_in with the match >>>>>> pattern >>>>>> defined using the fields of the flow_in.flow >>>>>> 4. Switch inserts a flow table entry for matching (nw_proto=0, >>>>>> tp_src=0, tp_dst=0) >>>>>> 5. routing.cc generates a pkt_out for the bufid 'X' with action = >>>>>> OFPP_TABLE >>>>>> 6. Switch notices that the packet in bufid 'X' has no matching flow >>>>>> table >>>>>> entry, >>>>>> because there is a mismatch on the nw_proto field >>>>>> 7. Switch generates a new pkt_in event >>>>>> 8. Go to step (2) >>>>>> >>>>>> This is the infinite loop. >>>>>> >>>>>> Srini. >>>>>> >>>>>> On Thu, Jan 13, 2011 at 1:08 PM, kk yap<yap...@stanford.edu> wrote: >>>>>>> >>>>>>> Hi Srini, >>>>>>> >>>>>>> I think you are fixing this in the wrong place. Putting nw_proto=0 >>>>>>> does not cause an infinite loop. Where is the loop happening? Can >>>>>>> you provide more detailed NOX output so that we can even start looking >>>>>>> at this. >>>>>>> >>>>>>> Regards >>>>>>> KK >>>>>>> >>>>>>> On 13 January 2011 11:02, Srini Seetharaman<seeth...@stanford.edu> >>>>>>> wrote: >>>>>>>> >>>>>>>> We don't know who sent it, but it came from outside our network. If >>>>>>>> it >>>>>>>> is easy to take down a network by just sending 1 invalid packet, I'd >>>>>>>> be worried! >>>>>>>> >>>>>>>> On Thu, Jan 13, 2011 at 10:59 AM, kk yap<yap...@stanford.edu> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi Srini, >>>>>>>>> >>>>>>>>> What is this packet? The length of TCP is zero?!?! I wish to >>>>>>>>> understand the circumstance for which we are getting the packet >>>>>>>>> before >>>>>>>>> commenting on the right way to handle this. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> KK >>>>>>>>> >>>>>>>>> >>>>>>>>> On 13 January 2011 10:38, Srini Seetharaman<seeth...@stanford.edu> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> When someone sends the attached packet to a switch, it generates an >>>>>>>>>> infinite loop of packet_ins in our production network. This is >>>>>>>>>> because >>>>>>>>>> this incoming tcp packet has nw_proto=6 and tcp port numbers of >>>>>>>>>> "0", >>>>>>>>>> but outgoing flow_mod has nw_proto of "0" and tcp port numbers of >>>>>>>>>> "0". >>>>>>>>>> So, the packet_out generates a new packet_in and this loop >>>>>>>>>> continues >>>>>>>>>> forever. >>>>>>>>>> >>>>>>>>>> I see the following code in src/lib/flow.cc (both in NOX-Zaku and >>>>>>>>>> SNAC). I believe this is what is causing the nw_proto to be "0" in >>>>>>>>>> the >>>>>>>>>> flow_mod. I'm not sure who wrote that piece of code. This is not >>>>>>>>>> handling corrupted packets well and rejecting this packet as a >>>>>>>>>> invalid >>>>>>>>>> TCP packet. Does anyone see problems with removing the "else" >>>>>>>>>> clause? >>>>>>>>>> >>>>>>>>>> if (nw_proto == ip_::proto::TCP) { >>>>>>>>>> const tcp_header *tcp = pull_tcp(b); >>>>>>>>>> if (tcp) { >>>>>>>>>> tp_src = tcp->tcp_src; >>>>>>>>>> tp_dst = tcp->tcp_dst; >>>>>>>>>> } else { >>>>>>>>>> /* Avoid tricking other code into thinking that >>>>>>>>>> * this packet has an L4 header. */ >>>>>>>>>> nw_proto = 0; >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> FYI, pull_tcp is defined as below: >>>>>>>>>> static const tcp_header * pull_tcp(Buffer& b) >>>>>>>>>> { >>>>>>>>>> if (const tcp_header *tcp = b.try_at<tcp_header>(0)) { >>>>>>>>>> int tcp_len = TCP_OFFSET(tcp->tcp_ctl) * 4; >>>>>>>>>> if (tcp_len>= sizeof *tcp) { >>>>>>>>>> return reinterpret_cast<const >>>>>>>>>> tcp_header*>(b.try_pull(tcp_len)); >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> return 0; >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> nox-dev mailing list >>>>>>>>>> nox-dev@noxrepo.org >>>>>>>>>> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> nox-dev mailing list >>>>>> nox-dev@noxrepo.org >>>>>> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org >>>> >>>> -- >>>> Masayoshi Kobayashi >>>> Visiting Scholar at Stanford University >>>> System Platform Research Labs, NEC Corporation. >>>> T/M: 650-714-3154 >>>> >>>> _______________________________________________ >>>> nox-dev mailing list >>>> nox-dev@noxrepo.org >>>> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org >>>> >> >> -- >> Masayoshi Kobayashi >> Visiting Scholar at Stanford University >> System Platform Research Labs, NEC Corporation. >> T/M: 650-714-3154 >> >> _______________________________________________ >> nox-dev mailing list >> nox-dev@noxrepo.org >> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org >> >
0001-State-invalid-packets.patch
Description: Binary data
_______________________________________________ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org