Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
On 4/4/22 00:26, jan.scheur...@web.de wrote: > From: Jan Scheurich > > A packet received from a tunnel port with legacy_l3 packet-type (e.g. > lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header > for processing in an OF pipeline that is not packet-type-aware. Before > transmission of the packet to another legacy_l3 tunnel port, the dummy > Ethernet header is stripped again. > > In ofproto-xlate, wrapping in the dummy Ethernet header is done by > simply changing the packet_type to PT_ETH. The generation of the > push_eth datapath action is deferred until the packet's flow changes > need to be committed, for example at output to a normal port. The > deferred Ethernet encapsulation is marked in the pending_encap flag. > > This patch fixes a bug in the translation of the output action to a > legacy_l3 tunnel port, where the packet_type of the flow is reverted > from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to remove > its Ethernet header without clearing the pending_encap flag if it was > set. At the subsequent commit of the flow changes, the unexpected > combination of pending_encap == true with an PT_IPV4 or PT_IPV6 > packet_type hit the OVS_NOT_REACHED() abortion clause. > > The pending_encap is now cleared in this situation. > > Reported-By: Dincer Beken > Signed-off-By: Jan Scheurich > Signed-off-By: Dincer Beken > > v1->v2: > A specific test has been added to tunnel-push-pop.at to verify the > correct behavior. > --- > ofproto/ofproto-dpif-xlate.c | 4 > tests/tunnel-push-pop.at | 22 ++ > 2 files changed, 26 insertions(+) I had to slightly adjust the test case as it was failing frequently in CI on a later datapath flow check due to recirc_id mismatch. So, I filtered it out. With that, applied and backported down to 2.13. Thanks! Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Unexpected sign-offs from developers who are not authors or co-authors or committers: Dincer Beken Lines checked: 92, Warnings: 1, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
> I found this one though: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af- > 45444731-805e1f47a2a28e92=1=1fbc0307-e0af-4087-98ef- > d9dbff40359a=https%3A%2F%2Fpatchwork.ozlabs.org%2Fproject%2Fopenvs > witch%2Fpatch%2F20220403222617.31688-1-jan.scheurich%40web.de%2F > > It was held back by the mail list and appears to be better formatted. > Let's see if it works. > > P.S. I marked that email address for acceptance, so the mail list > should no longer block it. Thanks Ilya, that is a good work-around for me until I find a solution for SMTP with my Ericsson mail. Regards, Jan ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
On 4/4/22 09:56, Jan Scheurich wrote: > Hi Ilya, > > Sorry for spamming but I have problems again to send correctly formatted > patches to the ovs-dev list. My previous SMTP server for git-send email no > longer works and patches I send through my private SMTP provider do not reach > the mailing list. Resending from Outlook obviously still screws up the patch > ☹. > > Any chance that you could pick the PATCH v2 manually and feed it through the > process? I doubt that I will find a solution to my mailing issues soon. No problem. Thanks for working on the patch! I found this one though: https://patchwork.ozlabs.org/project/openvswitch/patch/20220403222617.31688-1-jan.scheur...@web.de/ It was held back by the mail list and appears to be better formatted. Let's see if it works. P.S. I marked that email address for acceptance, so the mail list should no longer block it. Best regards, Ilya Maximets. > > Thanks, Jan > >> -Original Message- >> From: 0-day Robot >> Sent: Monday, 4 April, 2022 09:56 >> To: Jan Scheurich >> Cc: d...@openvswitch.org >> Subject: Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding >> packet between legacy_l3 tunnels >> >> Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your >> patch. >> Thanks for your contribution. >> >> I encountered some error that I wasn't expecting. See the details below. >> >> >> git-am: >> error: corrupt patch at line 85 >> error: could not build fake ancestor >> hint: Use 'git am --show-current-patch' to see the failed patch Patch failed >> at >> 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 >> tunnels When you have resolved this problem, run "git am --continue". >> If you prefer to skip this patch, run "git am --skip" instead. >> To restore the original branch and stop patching, run "git am --abort". >> >> >> Patch skipped due to previous failure. >> >> Please check this out. If you feel there has been an error, please email >> acon...@redhat.com >> >> Thanks, >> 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
From: Jan Scheurich A packet received from a tunnel port with legacy_l3 packet-type (e.g. lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header for processing in an OF pipeline that is not packet-type-aware. Before transmission of the packet to another legacy_l3 tunnel port, the dummy Ethernet header is stripped again. In ofproto-xlate, wrapping in the dummy Ethernet header is done by simply changing the packet_type to PT_ETH. The generation of the push_eth datapath action is deferred until the packet's flow changes need to be committed, for example at output to a normal port. The deferred Ethernet encapsulation is marked in the pending_encap flag. This patch fixes a bug in the translation of the output action to a legacy_l3 tunnel port, where the packet_type of the flow is reverted from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to remove its Ethernet header without clearing the pending_encap flag if it was set. At the subsequent commit of the flow changes, the unexpected combination of pending_encap == true with an PT_IPV4 or PT_IPV6 packet_type hit the OVS_NOT_REACHED() abortion clause. The pending_encap is now cleared in this situation. Reported-By: Dincer Beken Signed-off-By: Jan Scheurich Signed-off-By: Dincer Beken v1->v2: A specific test has been added to tunnel-push-pop.at to verify the correct behavior. --- ofproto/ofproto-dpif-xlate.c | 4 tests/tunnel-push-pop.at | 22 ++ 2 files changed, 26 insertions(+) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index cc9c1c628..1843a5d66 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4195,6 +4195,10 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port, if (xport->pt_mode == NETDEV_PT_LEGACY_L3) { flow->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE, ntohs(flow->dl_type)); +if (ctx->pending_encap) { +/* The Ethernet header was not actually added yet. */ +ctx->pending_encap = false; +} } } diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at index 57589758f..70462d905 100644 --- a/tests/tunnel-push-pop.at +++ b/tests/tunnel-push-pop.at @@ -546,6 +546,28 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port [[37]]' | sort], [0], [dnl port 7: rx pkts=5, bytes=434, drop=?, errs=?, frame=?, over=?, crc=? ]) +dnl Send out packets received from L3GRE tunnel back to L3GRE tunnel +AT_CHECK([ovs-ofctl del-flows int-br]) +AT_CHECK([ovs-ofctl add-flow int-br "in_port=7,actions=set_field:3->in_port,7"]) +AT_CHECK([ovs-vsctl -- set Interface br0 options:pcap=br0.pcap]) + +AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637']) +AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637']) +AT_CHECK([ovs-appctl netdev-dummy/receive p0 'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637']) + +ovs-appctl time/warp 1000 + +AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1]) +AT_CHECK([tail -6 p0.pcap.txt], [0], [dnl +aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637 +001b213cab64aa55aa55080045704000402f33aa010102580101025c280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637 +aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637 +001b213cab64aa55aa55080045704000402f33aa010102580101025c280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Hi Ilya, Sorry for spamming but I have problems again to send correctly formatted patches to the ovs-dev list. My previous SMTP server for git-send email no longer works and patches I send through my private SMTP provider do not reach the mailing list. Resending from Outlook obviously still screws up the patch ☹. Any chance that you could pick the PATCH v2 manually and feed it through the process? I doubt that I will find a solution to my mailing issues soon. Thanks, Jan > -Original Message- > From: 0-day Robot > Sent: Monday, 4 April, 2022 09:56 > To: Jan Scheurich > Cc: d...@openvswitch.org > Subject: Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding > packet between legacy_l3 tunnels > > Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your > patch. > Thanks for your contribution. > > I encountered some error that I wasn't expecting. See the details below. > > > git-am: > error: corrupt patch at line 85 > error: could not build fake ancestor > hint: Use 'git am --show-current-patch' to see the failed patch Patch failed > at > 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 > tunnels When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > > > Patch skipped due to previous failure. > > Please check this out. If you feel there has been an error, please email > acon...@redhat.com > > Thanks, > 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: error: corrupt patch at line 85 error: could not build fake ancestor hint: Use 'git am --show-current-patch' to see the failed patch Patch failed at 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Patch skipped due to previous failure. Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
From: Jan Scheurich A packet received from a tunnel port with legacy_l3 packet-type (e.g. lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header for processing in an OF pipeline that is not packet-type-aware. Before transmission of the packet to another legacy_l3 tunnel port, the dummy Ethernet header is stripped again. In ofproto-xlate, wrapping in the dummy Ethernet header is done by simply changing the packet_type to PT_ETH. The generation of the push_eth datapath action is deferred until the packet's flow changes need to be committed, for example at output to a normal port. The deferred Ethernet encapsulation is marked in the pending_encap flag. This patch fixes a bug in the translation of the output action to a legacy_l3 tunnel port, where the packet_type of the flow is reverted from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to remove its Ethernet header without clearing the pending_encap flag if it was set. At the subsequent commit of the flow changes, the unexpected combination of pending_encap == true with an PT_IPV4 or PT_IPV6 packet_type hit the OVS_NOT_REACHED() abortion clause. The pending_encap is now cleared in this situation. Reported-By: Dincer Beken Signed-off-By: Jan Scheurich Signed-off-By: Dincer Beken v1->v2: A specific test has been added to tunnel-push-pop.at to verify the correct behavior. --- ofproto/ofproto-dpif-xlate.c | 4 tests/tunnel-push-pop.at | 22 ++ 2 files changed, 26 insertions(+) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index cc9c1c628..1843a5d66 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4195,6 +4195,10 @@ compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port, if (xport->pt_mode == NETDEV_PT_LEGACY_L3) { flow->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE, ntohs(flow->dl_type)); +if (ctx->pending_encap) { +/* The Ethernet header was not actually added yet. */ +ctx->pending_encap = false; +} } } diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at index 57589758f..70462d905 100644 --- a/tests/tunnel-push-pop.at +++ b/tests/tunnel-push-pop.at @@ -546,6 +546,28 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port [[37]]' | sort], [0], [dnl port 7: rx pkts=5, bytes=434, drop=?, errs=?, frame=?, over=?, crc=? ]) +dnl Send out packets received from L3GRE tunnel back to L3GRE tunnel +AT_CHECK([ovs-ofctl del-flows int-br]) AT_CHECK([ovs-ofctl add-flow +int-br "in_port=7,actions=set_field:3->in_port,7"]) +AT_CHECK([ovs-vsctl -- set Interface br0 options:pcap=br0.pcap]) + +AT_CHECK([ovs-appctl netdev-dummy/receive p0 +'aa55aa55001b213cab640800457079464000402fba630101025c0101025820 +00080001c84554ba20400184861e011e024227e75400030 +af31955f2650100101112131415161718191a1b1c1d1e1f20212223 +2425262728292a2b2c2d2e2f3031323334353637']) +AT_CHECK([ovs-appctl netdev-dummy/receive p0 +'aa55aa55001b213cab640800457079464000402fba630101025c0101025820 +00080001c84554ba20400184861e011e024227e75400030 +af31955f2650100101112131415161718191a1b1c1d1e1f20212223 +2425262728292a2b2c2d2e2f3031323334353637']) +AT_CHECK([ovs-appctl netdev-dummy/receive p0 +'aa55aa55001b213cab640800457079464000402fba630101025c0101025820 +00080001c84554ba20400184861e011e024227e75400030 +af31955f2650100101112131415161718191a1b1c1d1e1f20212223 +2425262728292a2b2c2d2e2f3031323334353637']) + +ovs-appctl time/warp 1000 + +AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1]) AT_CHECK([tail -6 +p0.pcap.txt], [0], [dnl +aa55aa55001b213cab640800457079464000402fba630101025c01010258200 +0080001c84554ba20400184861e011e024227e75400030a +f31955f2650100101112131415161718191a1b1c1d1e1f202122232 +425262728292a2b2c2d2e2f3031323334353637 +001b213cab64aa55aa55080045704000402f33aa010102580101025c200 +0080001c84554ba20400184861e011e024227e75400030a +f31955f2650100101112131415161718191a1b1c1d1e1f202122232 +425262728292a2b2c2d2e2f3031323334353637 +aa55aa55001b213cab640800457079464000402fba630101025c01010258200 +0080001c84554ba20400184861e011e024227e75400030a +f31955f2650100101112131415161718191a1b1c1d1e1f202122232 +425262728292a2b2c2d2e2f3031323334353637 +001b213cab64aa55aa55080045704000402f33aa010102580101025c200 +0080001c84554ba20400184861e011e024227e75400030a +f31955f2650100101112131415161718191a1b1c1d1e1f202122232 +425262728292a2b2c2d2e2f3031323334353637 +aa55aa55001b213cab640800457079464000402fba630101025c01010258200