[ovs-dev] [OVN coredump with ssl-ciphers args]

Mon, 08 Jan 2024 15:35:47 -0800 

Hi:

When setting extra args like ssl-cipers for ovn-controller, it results in
coredump on branch 23.09
compiled with  --with-ovs-source and  --with-ovs-build option, OVS
(branch-3.2)

dump:
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `ovn-controller
--ssl-ciphers=HIGH:!aNULL:!MD5:@SECLEVEL=1 unix:/var/run/openvsw'
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fb13d7cf859 in __GI_abort () at abort.c:79
#2  0x0000563257fac75c in main (argc=<optimized out>, argv=<optimized out>)
at controller/ovn-controller.c:6019
(gdb) frame 2
#2  0x0000563257fac75c in main (argc=<optimized out>, argv=<optimized out>)
at controller/ovn-controller.c:6019
6019            OVS_NOT_REACHED();
(gdb) quit

##ovn-controller --version
ovn-controller 23.09.1
Open vSwitch Library 3.2.2
OpenFlow versions 0x6:0x6
SB DB Schema 20.29.0

##Same happens even on trying with any ovn-* commands
ovn-nbctl --ssl-ciphers='xx'
Aborted (core dumped)
ovn-nbctl --version
ovn-nbctl 23.09.1
Open vSwitch Library 3.2.2
DB Schema 7.1.0

## back trace for ovn-nbctl
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) frame 2
#2  0x0000562c759485aa in apply_options_direct
(local_options=0x7ffcaa25fbb0, n=1, parsed_options=<optimized out>,
    dbctl_options=0x7ffcaa25fc40) at utilities/ovn-dbctl.c:621
621            OVS_NOT_REACHED();

--ssl-ciphers works fine when using ovn 20.03 ; directly using ovn debian
ovn-controller 20.03.2
Open vSwitch Library 2.13.8
OpenFlow versions 0x4:0x4
SB DB Schema 2.7.0

## underlying ovs
~/ovn# ovs-vsctl --version
ovs-vsctl (Open vSwitch) 2.16.8
DB Schema 8.3.0

#Kernel/distio:
5.4.0-167-generic/Ubuntu 20.04.6 LTS


To avoid invalidating certs on already running computes setup with old  ovs
pki infra, setting ciphers to HIGH:!aNULL:!MD5:@SECLEVEL=1 works fine part
of bumping  to newer 20.x and avoid connectivity failures to control plane
due mostly due to below error.
SSL_connect: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed while
connecting to control plane.


Not sure if it's a known issue with newer OVS stream-ssl. Core file
attached.


Regards,
Ali
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to