On 06/05/2024 14:05, Ilya Maximets wrote:
> On 5/5/24 08:42, Roi Dayan via dev wrote:
>> From: Eli Britstein <[email protected]>
>>
>> In case of a malformed packet, its parsing fails. Instead of continuing
>> and possible form a wrong flow, drop the packet.
>
> Hi, Eli and Roi. Thanks for the patch!
>
> But I don't think we can do that. There are few reasons why the
> packets should not be dropped in the datapath:
>
> 1. OVS is a switch, the only reasons why it should drop packets are:
> - User configuration
> - Inability to make a forwarding decision
> Both are not the case here. For example, if the packet has some
> issue in the IPv4 header, we should still forward it in case we
> just acting as an L2 learning switch. L2 learning switch doesn't
> need any information from IPv4 header to function.
>
> 2. Datapath should not make forwarding decisions including a decision
> to drop a packet. Datapath implementation should just execute
> actions that OpenFlow layers tell it to execute. OpenFlow layers
> should decide what to do.
>
> Also, inability to parse certain parts of the packet is not a parsing
> failure. The resulted flow structure should be valid regardless of
> the packet content. Fields that were not extracted remain zero and
> OpenFlow layers should correctly handle that and execute appropriate
> actions, i.e. properly match on all-zero values if they were used to
> make a forwarding decision.
>
> If the wrong flow can be installed in this situation - it's a bug
> somewhere in the flow translation logic that should be fixed.
>
> Hope this makes sense.
>
> Best regards, Ilya Maximets.
thanks Ilya for the explanation.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
