Hello All, I'm part of a team of academic researchers working on automatically testing SDN systems (the combination of switches and controllers) to find malicious attacks. Using the system we have developed, which focuses primarily on malicious manipulations of the OpenFlow protocol, we tested Ryu 3.27 and found a couple of serious bugs that either hang or crash the controller. Both of these bugs appear to still affect the current Ryu 4.5 code. More information on the bugs is below:
1) When an OpenFlow message with a header whose length field is zero is
received, Ryu hangs and becomes unresponsive. The problem appears to be
an infinite loop in _recv_loop() in controller.py. The header length
field is taken to be the OpenFlow message without any validation (<8 is
invalid). As a result, no data is removed from the buffer being
processed and the controller loops infinitely trying to process this
same header. Inspection of the current 4.5 code suggests that this bug
is still present.
2)When an OpenFlow packet_in message is received containing zero bytes
of the triggering packet (switches can be configured to send only the
first X bytes of a packet in the packet_in message), Ryu crashes with
the following trace:
hub: uncaught exception: Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/ryu/lib/hub.py", line
52, in _launch
func(*args, **kwargs)
File
"/usr/local/lib/python2.7/dist-packages/ryu/base/app_manager.py", line
276, in _event_loop
handler(ev)
File "/root/ryu/ryu/app/simple_switch.py", line 61, in
_packet_in_handler
if eth.ethertype == ether_types.ETH_TYPE_LLDP:
AttributeError: 'NoneType' object has no attribute 'ethertype'
The problem appears to be that the simple_switch app, and probably
others, assumes that there is at least an Ethernet header present, which
may be an inaccurate assumption. Inspection of the current 4.5 code
suggests that this code is unchanged and still contains this bug.
--Samuel
--
Samuel Jero
Doctoral Student
Computer Science
Dependable and Secure Distributed Systems Lab
Purdue University
sj...@purdue.edu
http://www.sjero.net
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev
_______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
