On 5/5/24 08:42, Roi Dayan via dev wrote:
> From: Eli Britstein <[email protected]>
>
> In case of a malformed packet, its parsing fails. Instead of continuing
> and possible form a wrong flow, drop the packet.
Hi, Eli and Roi. Thanks for the patch!
But I don't think we can do that. There are few reasons why the
packets should not be dropped in the datapath:
1. OVS is a switch, the only reasons why it should drop packets are:
- User configuration
- Inability to make a forwarding decision
Both are not the case here. For example, if the packet has some
issue in the IPv4 header, we should still forward it in case we
just acting as an L2 learning switch. L2 learning switch doesn't
need any information from IPv4 header to function.
2. Datapath should not make forwarding decisions including a decision
to drop a packet. Datapath implementation should just execute
actions that OpenFlow layers tell it to execute. OpenFlow layers
should decide what to do.
Also, inability to parse certain parts of the packet is not a parsing
failure. The resulted flow structure should be valid regardless of
the packet content. Fields that were not extracted remain zero and
OpenFlow layers should correctly handle that and execute appropriate
actions, i.e. properly match on all-zero values if they were used to
make a forwarding decision.
If the wrong flow can be installed in this situation - it's a bug
somewhere in the flow translation logic that should be fixed.
Hope this makes sense.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
