Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
On 4/4/22 00:26, jan.scheur...@web.de wrote: > From: Jan Scheurich > > A packet received from a tunnel port with legacy_l3 packet-type (e.g. > lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header > for processing in an OF pipeline that is not packet-type-aware. Before > transmission of the packet to another legacy_l3 tunnel port, the dummy > Ethernet header is stripped again. > > In ofproto-xlate, wrapping in the dummy Ethernet header is done by > simply changing the packet_type to PT_ETH. The generation of the > push_eth datapath action is deferred until the packet's flow changes > need to be committed, for example at output to a normal port. The > deferred Ethernet encapsulation is marked in the pending_encap flag. > > This patch fixes a bug in the translation of the output action to a > legacy_l3 tunnel port, where the packet_type of the flow is reverted > from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to remove > its Ethernet header without clearing the pending_encap flag if it was > set. At the subsequent commit of the flow changes, the unexpected > combination of pending_encap == true with an PT_IPV4 or PT_IPV6 > packet_type hit the OVS_NOT_REACHED() abortion clause. > > The pending_encap is now cleared in this situation. > > Reported-By: Dincer Beken > Signed-off-By: Jan Scheurich > Signed-off-By: Dincer Beken > > v1->v2: > A specific test has been added to tunnel-push-pop.at to verify the > correct behavior. > --- > ofproto/ofproto-dpif-xlate.c | 4 > tests/tunnel-push-pop.at | 22 ++ > 2 files changed, 26 insertions(+) I had to slightly adjust the test case as it was failing frequently in CI on a later datapath flow check due to recirc_id mismatch. So, I filtered it out. With that, applied and backported down to 2.13. Thanks! Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Unexpected sign-offs from developers who are not authors or co-authors or committers: Dincer Beken Lines checked: 92, Warnings: 1, Errors: 0 Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
> I found this one though: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af- > 45444731-805e1f47a2a28e92=1=1fbc0307-e0af-4087-98ef- > d9dbff40359a=https%3A%2F%2Fpatchwork.ozlabs.org%2Fproject%2Fopenvs > witch%2Fpatch%2F20220403222617.31688-1-jan.scheurich%40web.de%2F > > It was held back by the mail list and appears to be better formatted. > Let's see if it works. > > P.S. I marked that email address for acceptance, so the mail list > should no longer block it. Thanks Ilya, that is a good work-around for me until I find a solution for SMTP with my Ericsson mail. Regards, Jan ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
On 4/4/22 09:56, Jan Scheurich wrote: > Hi Ilya, > > Sorry for spamming but I have problems again to send correctly formatted > patches to the ovs-dev list. My previous SMTP server for git-send email no > longer works and patches I send through my private SMTP provider do not reach > the mailing list. Resending from Outlook obviously still screws up the patch > ☹. > > Any chance that you could pick the PATCH v2 manually and feed it through the > process? I doubt that I will find a solution to my mailing issues soon. No problem. Thanks for working on the patch! I found this one though: https://patchwork.ozlabs.org/project/openvswitch/patch/20220403222617.31688-1-jan.scheur...@web.de/ It was held back by the mail list and appears to be better formatted. Let's see if it works. P.S. I marked that email address for acceptance, so the mail list should no longer block it. Best regards, Ilya Maximets. > > Thanks, Jan > >> -Original Message- >> From: 0-day Robot >> Sent: Monday, 4 April, 2022 09:56 >> To: Jan Scheurich >> Cc: d...@openvswitch.org >> Subject: Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding >> packet between legacy_l3 tunnels >> >> Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your >> patch. >> Thanks for your contribution. >> >> I encountered some error that I wasn't expecting. See the details below. >> >> >> git-am: >> error: corrupt patch at line 85 >> error: could not build fake ancestor >> hint: Use 'git am --show-current-patch' to see the failed patch Patch failed >> at >> 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 >> tunnels When you have resolved this problem, run "git am --continue". >> If you prefer to skip this patch, run "git am --skip" instead. >> To restore the original branch and stop patching, run "git am --abort". >> >> >> Patch skipped due to previous failure. >> >> Please check this out. If you feel there has been an error, please email >> acon...@redhat.com >> >> Thanks, >> 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
From: Jan Scheurich
A packet received from a tunnel port with legacy_l3 packet-type (e.g.
lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header
for processing in an OF pipeline that is not packet-type-aware. Before
transmission of the packet to another legacy_l3 tunnel port, the dummy
Ethernet header is stripped again.
In ofproto-xlate, wrapping in the dummy Ethernet header is done by
simply changing the packet_type to PT_ETH. The generation of the
push_eth datapath action is deferred until the packet's flow changes
need to be committed, for example at output to a normal port. The
deferred Ethernet encapsulation is marked in the pending_encap flag.
This patch fixes a bug in the translation of the output action to a
legacy_l3 tunnel port, where the packet_type of the flow is reverted
from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to remove
its Ethernet header without clearing the pending_encap flag if it was
set. At the subsequent commit of the flow changes, the unexpected
combination of pending_encap == true with an PT_IPV4 or PT_IPV6
packet_type hit the OVS_NOT_REACHED() abortion clause.
The pending_encap is now cleared in this situation.
Reported-By: Dincer Beken
Signed-off-By: Jan Scheurich
Signed-off-By: Dincer Beken
v1->v2:
A specific test has been added to tunnel-push-pop.at to verify the
correct behavior.
---
ofproto/ofproto-dpif-xlate.c | 4
tests/tunnel-push-pop.at | 22 ++
2 files changed, 26 insertions(+)
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index cc9c1c628..1843a5d66 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -4195,6 +4195,10 @@ compose_output_action__(struct xlate_ctx *ctx,
ofp_port_t ofp_port,
if (xport->pt_mode == NETDEV_PT_LEGACY_L3) {
flow->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE,
ntohs(flow->dl_type));
+if (ctx->pending_encap) {
+/* The Ethernet header was not actually added yet. */
+ctx->pending_encap = false;
+}
}
}
diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at
index 57589758f..70462d905 100644
--- a/tests/tunnel-push-pop.at
+++ b/tests/tunnel-push-pop.at
@@ -546,6 +546,28 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port
[[37]]' | sort], [0], [dnl
port 7: rx pkts=5, bytes=434, drop=?, errs=?, frame=?, over=?, crc=?
])
+dnl Send out packets received from L3GRE tunnel back to L3GRE tunnel
+AT_CHECK([ovs-ofctl del-flows int-br])
+AT_CHECK([ovs-ofctl add-flow int-br
"in_port=7,actions=set_field:3->in_port,7"])
+AT_CHECK([ovs-vsctl -- set Interface br0 options:pcap=br0.pcap])
+
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
'aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637'])
+
+ovs-appctl time/warp 1000
+
+AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1])
+AT_CHECK([tail -6 p0.pcap.txt], [0], [dnl
+aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
+001b213cab64aa55aa55080045704000402f33aa010102580101025c280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
+aa55aa55001b213cab640800457079464000402fba630101025c01010258280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
+001b213cab64aa55aa55080045704000402f33aa010102580101025c280001c84554ba20400184861e011e024227e75400030af31955f2650100101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Hi Ilya, Sorry for spamming but I have problems again to send correctly formatted patches to the ovs-dev list. My previous SMTP server for git-send email no longer works and patches I send through my private SMTP provider do not reach the mailing list. Resending from Outlook obviously still screws up the patch ☹. Any chance that you could pick the PATCH v2 manually and feed it through the process? I doubt that I will find a solution to my mailing issues soon. Thanks, Jan > -Original Message- > From: 0-day Robot > Sent: Monday, 4 April, 2022 09:56 > To: Jan Scheurich > Cc: d...@openvswitch.org > Subject: Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding > packet between legacy_l3 tunnels > > Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your > patch. > Thanks for your contribution. > > I encountered some error that I wasn't expecting. See the details below. > > > git-am: > error: corrupt patch at line 85 > error: could not build fake ancestor > hint: Use 'git am --show-current-patch' to see the failed patch Patch failed > at > 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 > tunnels When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > > > Patch skipped due to previous failure. > > Please check this out. If you feel there has been an error, please email > acon...@redhat.com > > Thanks, > 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
Bleep bloop. Greetings Jan Scheurich, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: error: corrupt patch at line 85 error: could not build fake ancestor hint: Use 'git am --show-current-patch' to see the failed patch Patch failed at 0001 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Patch skipped due to previous failure. Please check this out. If you feel there has been an error, please email acon...@redhat.com Thanks, 0-day Robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels
From: Jan Scheurich
A packet received from a tunnel port with legacy_l3 packet-type (e.g.
lisp, L3 gre, gtpu) is conceptually wrapped in a dummy Ethernet header
for processing in an OF pipeline that is not packet-type-aware. Before
transmission of the packet to another legacy_l3 tunnel port, the dummy
Ethernet header is stripped again.
In ofproto-xlate, wrapping in the dummy Ethernet header is done by
simply changing the packet_type to PT_ETH. The generation of the
push_eth datapath action is deferred until the packet's flow changes
need to be committed, for example at output to a normal port. The
deferred Ethernet encapsulation is marked in the pending_encap flag.
This patch fixes a bug in the translation of the output action to a
legacy_l3 tunnel port, where the packet_type of the flow is reverted
from PT_ETH to PT_IPV4 or PT_IPV6 (depending on the dl_type) to
remove its Ethernet header without clearing the pending_encap flag
if it was set. At the subsequent commit of the flow changes, the
unexpected combination of pending_encap == true with an PT_IPV4
or PT_IPV6 packet_type hit the OVS_NOT_REACHED() abortion clause.
The pending_encap is now cleared in this situation.
Reported-By: Dincer Beken
Signed-off-By: Jan Scheurich
Signed-off-By: Dincer Beken
v1->v2:
A specific test has been added to tunnel-push-pop.at to verify the
correct behavior.
---
ofproto/ofproto-dpif-xlate.c | 4
tests/tunnel-push-pop.at | 22 ++
2 files changed, 26 insertions(+)
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index
cc9c1c628..1843a5d66 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -4195,6 +4195,10 @@ compose_output_action__(struct xlate_ctx *ctx,
ofp_port_t ofp_port,
if (xport->pt_mode == NETDEV_PT_LEGACY_L3) {
flow->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE,
ntohs(flow->dl_type));
+if (ctx->pending_encap) {
+/* The Ethernet header was not actually added yet. */
+ctx->pending_encap = false;
+}
}
}
diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at index
57589758f..70462d905 100644
--- a/tests/tunnel-push-pop.at
+++ b/tests/tunnel-push-pop.at
@@ -546,6 +546,28 @@ AT_CHECK([ovs-ofctl dump-ports int-br | grep 'port
[[37]]' | sort], [0], [dnl
port 7: rx pkts=5, bytes=434, drop=?, errs=?, frame=?, over=?, crc=?
])
+dnl Send out packets received from L3GRE tunnel back to L3GRE tunnel
+AT_CHECK([ovs-ofctl del-flows int-br]) AT_CHECK([ovs-ofctl add-flow
+int-br "in_port=7,actions=set_field:3->in_port,7"])
+AT_CHECK([ovs-vsctl -- set Interface br0 options:pcap=br0.pcap])
+
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
+'aa55aa55001b213cab640800457079464000402fba630101025c0101025820
+00080001c84554ba20400184861e011e024227e75400030
+af31955f2650100101112131415161718191a1b1c1d1e1f20212223
+2425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
+'aa55aa55001b213cab640800457079464000402fba630101025c0101025820
+00080001c84554ba20400184861e011e024227e75400030
+af31955f2650100101112131415161718191a1b1c1d1e1f20212223
+2425262728292a2b2c2d2e2f3031323334353637'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p0
+'aa55aa55001b213cab640800457079464000402fba630101025c0101025820
+00080001c84554ba20400184861e011e024227e75400030
+af31955f2650100101112131415161718191a1b1c1d1e1f20212223
+2425262728292a2b2c2d2e2f3031323334353637'])
+
+ovs-appctl time/warp 1000
+
+AT_CHECK([ovs-pcap p0.pcap > p0.pcap.txt 2>&1]) AT_CHECK([tail -6
+p0.pcap.txt], [0], [dnl
+aa55aa55001b213cab640800457079464000402fba630101025c01010258200
+0080001c84554ba20400184861e011e024227e75400030a
+f31955f2650100101112131415161718191a1b1c1d1e1f202122232
+425262728292a2b2c2d2e2f3031323334353637
+001b213cab64aa55aa55080045704000402f33aa010102580101025c200
+0080001c84554ba20400184861e011e024227e75400030a
+f31955f2650100101112131415161718191a1b1c1d1e1f202122232
+425262728292a2b2c2d2e2f3031323334353637
+aa55aa55001b213cab640800457079464000402fba630101025c01010258200
+0080001c84554ba20400184861e011e024227e75400030a
+f31955f2650100101112131415161718191a1b1c1d1e1f202122232
+425262728292a2b2c2d2e2f3031323334353637
+001b213cab64aa55aa55080045704000402f33aa010102580101025c200
+0080001c84554ba20400184861e011e024227e75400030a
+f31955f2650100101112131415161718191a1b1c1d1e1f202122232
+425262728292a2b2c2d2e2f3031323334353637
+aa55aa55001b213cab640800457079464000402fba630101025c01010258200
