>On 11/21/21 16:19, lic121 wrote:
>> Version 4:
>> - Cover case where tcp_hdrlen > tcp_pkt_size
>> - Other small adjustments
>>
>> ovs may install bad datapath flow when meet malformed pkts. As a
>> result, it may allows some unwanted pkt
"be:95:df:40:fb:57")
ip=IP(src="10.10.10.10",dst="20.20.20.20")
tcp=TCP(sport=100,dport=16,dataofs=1)
sendp(eth/ip/tcp)
```
This patch is to prevent from installing datapath flow if the key is
not consistant with the flow.
[1] https://github.com/openvswitch/ovs/blob/v2.16
Without this fix, flowgen.py generates bad tcp pkts.
tcpdump reports "bad hdr length 4 - too short" with the pcap
generated by flowgen.py
This patch is to correct pkt data endianness
Signed-off-by: lic121
---
tests/flowgen.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
dataofs field of tcp header indicates the tcp header len. The len
should be >= 20 bytes/4 and be <= tcp data len. This patch is to
test dataofs, and don't parse layer 4 fields when meet bad dataofs.
This behave is consistent with openvswitch kenrel module.
Signed-off-by: lic121
---
lib/
Version 4:
- Cover case where tcp_hdrlen > tcp_pkt_size
- Other small adjustments
ovs may install bad datapath flow when meet malformed pkts. As a
result, it may allows some unwanted pkts pass. This could be a point
of attack.
lic121 (3):
upcall: prevent from installing flows w
>On 11/1/21 12:03, lic121 wrote:
>> dataofs field of tcp header indicates the tcp header len. The len
>> should be >= 20 bytes/4. This patch is to test dataofs, and don't
>> parse layer 4 fields when meet ba dataofs. This behave is the consistent
>>
remove bad quotes
Signed-off-by: lic121
---
Documentation/intro/install/dpdk.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/intro/install/dpdk.rst
b/Documentation/intro/install/dpdk.rst
index 296ec4f..d554409 100644
--- a/Documentation/intro/install
ovs may install bad datapath flow when meet malformed pkts. As a
result, it may allows some unwanted pkts pass. This could be a point
of attack.
lic121 (3):
upcall: prevent from installing flows when inconsistence
tests: fix packet data endianness
upcall: considering dataofs when parsing
dataofs field of tcp header indicates the tcp header len. The len
should be >= 20 bytes/4. This patch is to test dataofs, and don't
parse layer 4 fields when meet ba dataofs. This behave is the consistent
with openvswitch kenrel module.
Signed-off-by: lic121
---
lib/flow.c|
Without this fix, flowgen.py generates bad tcp pkts.
tcpdump reports "bad hdr length 4 - too short" with the pcap
generated by flowgen.py
This patch is to correct pkt data endianness
Signed-off-by: lic121
---
tests/flowgen.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
"be:95:df:40:fb:57")
ip=IP(src="10.10.10.10",dst="20.20.20.20")
tcp=TCP(sport=100,dport=16,dataofs=1)
sendp(eth/ip/tcp)
```
This patch is to prevent from installing datapath flow if the key is
not consistant with the flow.
[1] https://github.com/openvswitch/ovs/blob/v2.16
ovsdb change or netlink notification trigger bridge_reconfigure.
In bridge_reconfigure, backer->need_revalidate flag is set if backer
revalidation is needed.
This series fix two places where need_revalidate flag is not set
correctly.
lic121 (2):
ofproto-dpif: trigger revalidation when ip
Currently, ipfix creation/delection don't trigger dpif backer
revalidation. This is not expected, as we need the revalidation
to commit ipfix into xlate. So that xlate can generate ipfix
actions.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 5 +
1 file changed, 5 insertions(+)
diff
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 1cdef18..1bc9ec7 100644
--- a/ofproto/ofproto
>
>
>On 14 Jan 2022, at 9:58, lic121 wrote:
>
>>>
>>>
>>> On 9 Jan 2022, at 14:44, lic121 wrote:
>>>
>>>> Currently, ipfix creation/delection don't trigger dpif backer
>>>> revalidation. This is not expected, as we need the
>
>
>On 9 Jan 2022, at 14:44, lic121 wrote:
>
>> Currently, ipfix creation/delection don't trigger dpif backer
>> revalidation. This is not expected, as we need the revalidation
>> to commit ipfix into xlate. So that xlate can generate ipfix
>>
>
>
>On 9 Jan 2022, at 14:44, lic121 wrote:
>
>> If lldp didn't change, we are not supposed to trigger backer
>> revalidation.
>>
>> Signed-off-by: lic121
>> ---
>> ofproto/ofproto-dpif.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 d
>Problem Statement:
>OVS flushes and subsequently repopulates its route
>cache whenever it receives a netlink notification
>about kernel interface change. At the same time the
>port addition triggers a revalidation of all
>datapath flow cache entries. The revalidation of
>egress tunnel flows
cases for lldp
ovsdb change or netlink notification trigger bridge_reconfigure.
In bridge_reconfigure, backer->need_revalidate flag is set if backer
revalidation is needed.
This series fix two places where need_revalidate flag is not set
correctly.
lic121 (2):
ofproto-dpif: trigger revalidat
ipfix option changes.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 8143dd9..ced67b0 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2371,6 +2371,12
o free the memory, but it doesn't.
Signed-off-by: lic121
Signed-off-by: Eelco Chaudron
Co-authored-by: Eelco Chaudron
---
lib/lldp/lldpd.c | 10 +++---
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofproto/ofproto-dpif.c | 7 +--
tests/ofproto-dpif.at
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Without this patch, bridge_reconfigure() always trigger udpif
revalidator because of lldp.
Signed-off-by: lic121
Signed-off-by: Eelco Chaudron
Co-authored-by: Eelco Chaudron
---
lib/ovs-lldp.c | 8
lldp_create() malloc memory for lldp->lldpd->g_hardware. lldp_unref
is supposed to free the memory, but it doesn't.
Signed-off-by: lic121
---
lib/lldp/lldpd.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/lib/lldp/lldpd.c b/lib/lldp/lldpd.c
index a
>On 6 Feb 2022, at 4:58, lic121 wrote:
>
>>> If lldp didn't change, we are not supposed to trigger backer
>>> revalidation.
>>>
>>> Without this patch, bridge_reconfigure() always trigger udpif
>>> revalidator because of lldp.
>>>
&
bridge_reconfigure.
In bridge_reconfigure, backer->need_revalidate flag is set if backer
revalidation is needed.
This series fix two places where need_revalidate flag is not set
correctly.
lic121 (3):
ofproto-dpif: trigger revalidation when ipfix config set
lldp: fix memory leak
ofproto-dpif: av
ipfix option changes.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 8143dd9..ced67b0 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2371,6 +2371,12
This series fix two revalidation triggers:
- trigger revalidation if ct_zone timeout policy changes
- avoid revalidation if lldp config doesn't change
The second patch relies on the first one because of ct test cases
lic121 (2):
ofproto-dpif: trigger revalidate if ct tp changes
ofproto
o free the memory, but it doesn't.
Signed-off-by: lic121
Signed-off-by: Eelco Chaudron
Co-authored-by: Eelco Chaudron
---
lib/lldp/lldpd.c | 10 +++---
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofproto/ofproto-dpif.c | 7 +--
tests/ofproto-dpif.at
Once ct_zone timeout policy changes, revalidator is supposed to be
triggered.
Fixes: 993cae678bca ("ofproto-dpif: Consume CT_Zone, and CT_Timeout_Policy
tables")
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ofproto/ofprot
>On 4 Feb 2022, at 15:25, lic121 wrote:
>
>>> On 28 Jan 2022, at 7:40, lic121 wrote:
>>>
>>>> Currently, ipfix conf creation/deletion don't trigger dpif backer
>>>> revalidation. This is not expected, as we need the revalidation
>>>>
ker
revalidation is needed.
This series fix two places where need_revalidate flag is not set
correctly.
lic121 (2):
ofproto-dpif: trigger revalidation when ipfix config set
ofproto-dpif: avoid unneccesary backer revalidation
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofpr
ipfix option changes.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 8143dd9..ced67b0 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2371,6 +2371,12
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Without this patch, bridge_reconfigure() always trigger udpif
revalidator because of lldp.
Signed-off-by: lic121
Co-authored-by: Eelco Chaudron
---
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1
>On 28 Jan 2022, at 7:41, lic121 wrote:
>
>> If lldp didn't change, we are not supposed to trigger backer
>> revalidation.
>>
>> Without this patch, bridge_reconfigure() always trigger udpif
>> revalidator because of lldp.
>>
>> Signed-off-by
>On 28 Jan 2022, at 7:40, lic121 wrote:
>
>> Currently, ipfix conf creation/deletion don't trigger dpif backer
>> revalidation. This is not expected, as we need the revalidation
>> to commit ipfix into xlate. So that xlate can generate ipfix
>> actions.
>>
&g
two places where need_revalidate flag is not set
correctly.
lic121 (2):
ofproto-dpif: trigger revalidation when ipfix config set
ofproto-dpif: avoid unneccesary backer revalidation
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofproto/ofproto-dpif.c |
ipfix option changes.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index bc3df8e..5737615 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -2333,6 +2333,12
two places where need_revalidate flag is not set
correctly.
lic121 (2):
ofproto-dpif: trigger revalidation when ipfix config set
ofproto-dpif: avoid unneccesary backer revalidation
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofproto/ofproto-dpif.c |
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Without this patch, bridge_reconfigure() always trigger udpif
revalidator because of lldp.
Signed-off-by: lic121
---
lib/ovs-lldp.c | 8
lib/ovs-lldp.h | 1 +
ofproto/ofproto-dpif.c | 5
>If lldp didn't change, we are not supposed to trigger backer
>revalidation.
>
>Without this patch, bridge_reconfigure() always trigger udpif
>revalidator because of lldp.
>
>Signed-off-by: lic121
>Co-authored-by: Eelco Chaudron
>---
> lib/ovs-lldp.c
>
>
>On 14 Jan 2022, at 10:38, lic121 wrote:
>
>>>
>>>
>>> On 14 Jan 2022, at 9:58, lic121 wrote:
>>>
>>>>>
>>>>>
>>>>> On 9 Jan 2022, at 14:44, lic121 wrote:
>>>>>
>>>&g
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Signed-off-by: lic121
---
ofproto/ofproto-dpif.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index bc3df8e..eb0e412 100644
--- a/ofproto/ofproto
During the revalidation, mirror could be removed. Instead of crash
the process, we can simply skip the deleted mirror.
Fixes: ec7ceaed4f3e ("ofproto-dpif: Modularize mirror code.")
Signed-off-by: lic121
---
ofproto/ofproto-dpif-xlate.c | 10 +++---
1 file changed, 7 insert
ipfix cfg creation/deleting triggers revalidation. But this does
not cover the case where ipfix options changes, which also suppose
to trigger revalidation.
Fixes: a9f5ee1199e1 ("ofproto-dpif: Trigger revalidation when ipfix config
set.")
Signed-off-by: lic121
---
ofproto/ofproto-dp
Max allowed conntrack entries is configurable with
'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
this configuration is expected to survive from host reboot.
Signed-off-by: lic121
---
lib/dpctl.man | 3 ++-
lib/dpif-netdev.c | 10 ++
tests/system
On Fri, Apr 22, 2022 at 11:41:25AM +0200, Eelco Chaudron wrote:
>
>
> On 16 Apr 2022, at 13:09, lic121 wrote:
>
> > ipfix cfg creation/deleting triggers revalidation. But this does
> > not cover the case where ipfix options changes, which also suppose
> > to t
On Tue, May 17, 2022 at 09:06:24AM -0400, Aaron Conole wrote:
> lic121 writes:
>
> > Max allowed userspace dp conntrack entries is configurable with
> > 'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
> > this configuration is expected to survive from h
Max allowed userspace dp conntrack entries is configurable with
'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
this configuration is expected to survive from host reboot, from
ovs service restart.
Signed-off-by: lic121
---
Notes:
v4:
- add '\n' for warning msg
v3
If lldp didn't change, we are not supposed to trigger backer
revalidation.
Without this patch, bridge_reconfigure() always trigger udpif
revalidator because of lldp.
Signed-off-by: lic121
Signed-off-by: Eelco Chaudron
Co-authored-by: Eelco Chaudron
---
lib/ovs-lldp.c | 8
v2:
- split lldp patch into two
This series fix revalidation trigger:
- avoid revalidation if lldp config doesn't change
I have these two patch in one series because the second patch may fails
without the first one.
lic121 (2):
lldp: fix lldp memory leak
ofproto-dpif: avoid
lldp_create() malloc memory for lldp->lldpd->g_hardware. lldp_unref
is supposed to free the memory regardless of hw->h_flags.
Signed-off-by: lic121
Acked-by: Eelco Chaudron
---
lib/lldp/lldpd.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/lib/lldp/
On Thu, May 26, 2022 at 11:51:31AM +0200, Ilya Maximets wrote:
> On 4/5/22 12:16, lic121 wrote:
> > If lldp didn't change, we are not supposed to trigger backer
> > revalidation.
> > Without this patch, bridge_reconfigure() always trigger udpif
> > revalidator because o
Max allowed userspace dp conntrack entries is configurable with
'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
this configuration is expected to survive from host reboot, from
ovs service restart.
Signed-off-by: lic121
---
Notes:
v3:
- add a warning
On Wed, Jun 22, 2022 at 09:32:29AM +, Anurag Agarwal wrote:
> Thanks for your feedback. Please find my comments inline.
>
> Regards,
> Anurag
>
> > -Original Message-
> > From: lic...@chinatelecom.cn
> > Sent: Friday, June 17, 2022 2:29 PM
> > To: Anurag Agarwal
> > Cc:
On Wed, Jun 08, 2022 at 03:58:31PM +0530, Anurag Agarwal wrote:
> From: Jan Scheurich
>
> Today dpif-netdev considers PMD threads on a non-local NUMA node for automatic
> assignment of the rxqs of a port only if there are no local,non-isolated PMDs.
>
> On typical servers with both physical
On Mon, Apr 25, 2022 at 08:47:32AM -0400, Aaron Conole wrote:
> lic121 writes:
>
> > Max allowed conntrack entries is configurable with
> > 'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
> > this configuration is expected to survive from host reboot.
>
ipfix cfg creation/deleting triggers revalidation. But this does
not cover the case where ipfix options changes, which also suppose
to trigger revalidation.
Fixes: a9f5ee1199e1 ("ofproto-dpif: Trigger revalidation when ipfix config
set.")
Signed-off-by: lic121
---
ofproto/ofproto-dp
On Thu, Apr 28, 2022 at 10:04:17AM -0400, Aaron Conole wrote:
> lic121 writes:
>
> > On Mon, Apr 25, 2022 at 08:47:32AM -0400, Aaron Conole wrote:
> >> lic121 writes:
> >>
> >> > Max allowed conntrack entries is configurable with
> >> &g
On Wed, Apr 27, 2022 at 01:36:48PM +0200, Adrian Moreno wrote:
>
>
> On 4/7/22 15:53, lic121 wrote:
> >During the revalidation, mirror could be removed. Instead of crash
> >the process, we can simply skip the deleted mirror.
> >
> >Fixes: ec7ceaed4f3e (&quo
(0x0800),ipv4(dst=192.168.124.33,proto=17,frag=no),udp(dst=8472),
packets:1, bytes:148, used:0.637s, actions:tnl_pop(2),tnl_pop(2)
```
[1] (d584bb2b6a1 "ofproto-dpif-xlate: Terminate native tunnels only on ports
with IP addresses.")
Signed-off-by: lic121
---
ofproto/ofproto-dpif-xl
>
> The correct solution would be to add an output port match to
> the classifier, but clasifier is not designed to do that and
> 'struct match' doesn't have an appropriate field. It shoudl
> be a separate classifier per ipdev, or something like that.
>
> Thoughts?
>
&g
On Wed, May 04, 2022 at 12:53:34PM +0200, Ilya Maximets wrote:
> On 5/4/22 05:23, lic121 wrote:
> > On Tue, May 03, 2022 at 10:18:18PM +0200, Ilya Maximets wrote:
> >> On 5/3/22 15:31, Peng He wrote:
> >>> Hi,
> >>> this issue has been fou
Max allowed userspace dp conntrack entries is configurable with
'ovs-appctl dpctl/ct-set-maxconns' command. In real scenarios,
this configuration is expected to survive from host reboot, from
ovs service restart.
Signed-off-by: lic121
---
Notes:
v2:
- rename "ct-max
During the revalidation/upcall, mirror could be removed. Instead of crash
the process, we can simply skip the deleted mirror.
The issue had been triggered multiple times by ovs-tcpdump in my test.
Fixes: ec7ceaed4f3e ("ofproto-dpif: Modularize mirror code.")
Signed-off-by: lic1
On Thu, Aug 25, 2022 at 12:29:36PM +0200, Ilya Maximets wrote:
> On 8/24/22 21:29, Aaron Conole wrote:
> > lic121 writes:
> >
> >> Support running a list of scripts after vswitchd start, so that we can
> >> make some runtime config persistence across ovs rest
Support running a list of scripts after vswitchd start, so that we can
make some runtime config persistence across ovs restart. For example,
the config that `ovs-appctl dpctl` makes.
Signed-off-by: lic121
---
Documentation/ref/ovs-ctl.8.rst | 9 +
NEWS| 2
mode "group", ovs always pick the lowest load pmd. If we
have too many(let's say 100) no-packet rxqs, these rxqs will be
asigned to the same pmd. Because no load increase when a no-packet
rxq to pmd.
To avoid this, this patch count cycles for no-packet rxq as well.
Signed-off-by: lic121
67 matches
Mail list logo