Re: [ovs-dev] [PATCH ovn] tests: Use ovn-nbctl --wait=hv sync for I-P test.
Numan Siddique wrote:
> On Thu, Oct 15, 2020 at 4:45 AM Gregory Smith wrote:
> >
> > Gregory Smith wrote:
> > > This patch makes the "controller I-P handling with monitoring disabled"
> > > testcase more determinstic, by waiting for flows to be synchronized to
> > > the hypervisor before counting them.
> > >
> > > Signed-off-by: Gregory Smith
> > > ---
> >
> > It turns out this patch is insufficient. It seems that ovn-controller
> > ACKs the nb_cfg sequence number before waiting for an OFPT_BARRIER_REPLY
> > from ovs-vswitchd. Is there a better way to synchronize?
>
> What is the issue you're seeing ? Is the test case failing in your setup ?
Yes, the test case fails intermittently in my environment, even with my
patch.
I turned on debug logging in ovs-vswitchd, and I noticed the following
interleaving:
2020-10-21T15:58:46.270Z|00089|vconn|DBG|unix#2: received: OFPT_FLOW_MOD
(OF1.5) (xid=0x1e): ADD table:33 ...
...
2020-10-21T15:58:46.282Z|00195|vconn|DBG|unix#4: received: NXST_FLOW request
(xid=0x4):
2020-10-21T15:58:46.284Z|00196|vconn|DBG|unix#4: sent (Success): NXST_FLOW
reply (xid=0x4):
...
2020-10-21T15:58:46.285Z|00202|vconn|DBG|unix#2: received: OFPT_FLOW_MOD
(OF1.5) (xid=0x87): ADD table:50 ...
2020-10-21T15:58:46.285Z|00203|vconn|DBG|unix#2: received: OFPT_BARRIER_REQUEST
(OF1.5) (xid=0x88):
2020-10-21T15:58:46.285Z|00204|vconn|DBG|unix#2: sent (Success):
OFPT_BARRIER_REPLY (OF1.5) (xid=0x88):
And indeed, from ovn-controller's perspective:
2020-10-21T15:58:46.270Z|01009|vconn|DBG|unix:/src/ovn/tests/testsuite.dir/145/hv2/br-int.mgmt:
sent (Success): OFPT_FLOW_MOD (OF1.5) (xid=0x1e): ADD table:33 ...
...
2020-10-21T15:58:46.273Z|01115|vconn|DBG|unix:/src/ovn/tests/testsuite.dir/145/hv2/br-int.mgmt:
sent (Success): OFPT_BARRIER_REQUEST (OF1.5) (xid=0x88):
...
2020-10-21T15:58:46.274Z|01170|jsonrpc|DBG|unix:/src/ovn/tests/testsuite.dir/145/ovn-sb/ovn-sb.sock:
send request, method="transact",
params=["OVN_Southbound",{"where":[["_uuid","==",["uuid","5a529d18-e8a4-418c-a906-b37e6c6ed6b9"]]],"row":{"nb_cfg":2,"nb_cfg_timestamp":1603295926273},"op":"update","table":"Chassis_Pr
ivate"},{"where":[["_uuid","==",["uuid","a228fa82-67e0-4c94-965f-7b23844e87b4"]]],"row":{"chassis_name":"hv2"},"op":"update","table":"Encap"},{"where":[["_uuid","==",["uuid","ad6484bf-0d8d-4830-8c42-37b99c10b6fe"]]],"row":{"chassis_name":"hv2"},"op":"update","table":"Encap"}],
id=18
...
2020-10-21T15:58:46.285Z|01253|vconn|DBG|unix:/src/ovn/tests/testsuite.dir/145/hv2/br-int.mgmt:
received: OFPT_BARRIER_REPLY (OF1.5) (xid=0x88):
> Maybe you can replace the below AT_CHECK with OVS_WAIT_UNTIL().
>
> *
> hv1_offlows=$(as hv1 ovs-ofctl dump-flows br-int | wc -l)
> echo "hv1 flows : $hv1_offlows"
> AT_CHECK([test $hv1_offlows -gt 0])
>
Yes, I think that would fix the test, but I wonder whether it would be
more appropriate to fix ovn-controller's behavior: it doesn't seem to
match the intended semantics for ovn-nbctl --wait=hv sync.
Thanks,
Greg
>
> Thanks
> Numan
>
>
>
>
> >
> > Regards,
> > Greg
> >
> > > tests/ovn.at | 8 ++--
> > > 1 file changed, 6 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/tests/ovn.at b/tests/ovn.at
> > > index 488fd119b..ba83dc1bf 100644
> > > --- a/tests/ovn.at
> > > +++ b/tests/ovn.at
> > > @@ -21083,6 +21083,7 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \
> > > ofport-request=1
> > >
> > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup])
> > > +ovn-nbctl --wait=hv sync
> > >
> > > # Get the number of OF flows in hv1 and hv2
> > > hv1_offlows=$(as hv1 ovs-ofctl dump-flows br-int | wc -l)
> > > @@ -21097,6 +21098,7 @@ ovs-vsctl -- add-port br-int hv2-vif1 -- \
> > > ofport-request=1
> > >
> > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xup])
> > > +ovn-nbctl --wait=hv sync
> > >
> > > hv2_offlows=$(as hv2 ovs-ofctl dump-flows br-int | wc -l)
> > > echo "hv2 flows : $hv2_offlows"
> > > @@ -21135,10 +21137,11 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \
> > > ofport-request=1
> > >
> > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup])
> > > +ovn-nbctl --wait=hv sync
> > >
Re: [ovs-dev] [PATCH ovn] tests: Use ovn-nbctl --wait=hv sync for I-P test.
Gregory Smith wrote: > This patch makes the "controller I-P handling with monitoring disabled" > testcase more determinstic, by waiting for flows to be synchronized to > the hypervisor before counting them. > > Signed-off-by: Gregory Smith > --- It turns out this patch is insufficient. It seems that ovn-controller ACKs the nb_cfg sequence number before waiting for an OFPT_BARRIER_REPLY from ovs-vswitchd. Is there a better way to synchronize? Regards, Greg > tests/ovn.at | 8 ++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/tests/ovn.at b/tests/ovn.at > index 488fd119b..ba83dc1bf 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -21083,6 +21083,7 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \ > ofport-request=1 > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) > +ovn-nbctl --wait=hv sync > > # Get the number of OF flows in hv1 and hv2 > hv1_offlows=$(as hv1 ovs-ofctl dump-flows br-int | wc -l) > @@ -21097,6 +21098,7 @@ ovs-vsctl -- add-port br-int hv2-vif1 -- \ > ofport-request=1 > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xup]) > +ovn-nbctl --wait=hv sync > > hv2_offlows=$(as hv2 ovs-ofctl dump-flows br-int | wc -l) > echo "hv2 flows : $hv2_offlows" > @@ -21135,10 +21137,11 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \ > ofport-request=1 > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) > +ovn-nbctl --wait=hv sync > > # Get the number of OF flows in hv1 and hv2 > hv1_offlows_mon=$(as hv1 ovs-ofctl dump-flows br-int | wc -l) > -echo "hv1 flows after monitor-all=true : $hv1_offlows" > +echo "hv1 flows after monitor-all=true : $hv1_offlows_mon" > AT_CHECK([test "$hv1_offlows" = "$hv1_offlows_mon"]) > > as hv2 > @@ -21149,9 +21152,10 @@ ovs-vsctl -- add-port br-int hv2-vif1 -- \ > ofport-request=1 > > OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xup]) > +ovn-nbctl --wait=hv sync > > hv2_offlows_mon=$(as hv2 ovs-ofctl dump-flows br-int | wc -l) > -echo "hv2 flows after monitor-all=true : $hv2_offlows" > +echo "hv2 flows after monitor-all=true : $hv2_offlows_mon" > AT_CHECK([test "$hv2_offlows" = "$hv2_offlows_mon"]) > > OVN_CLEANUP([hv1], [hv2]) > -- > 2.28.0 > > ___ > dev mailing list > d...@openvswitch.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev=DwICAg=s883GpUCOChKOHiocYtGcg=0HZBgQW39TLbzbCyTLQNu1VE33o6KzimT1AMqSUuNEk=J-m0jQ4DaLzjS_gzKLFTe8sCyojKk5qTRxVcgc5_2Yw=R5k-jJh8wMVT0j9_M8ZuxGrJXgfmM4fzahFmboB0BYw= > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] tests: Use ovn-nbctl --wait=hv sync for I-P test.
This patch makes the "controller I-P handling with monitoring disabled" testcase more determinstic, by waiting for flows to be synchronized to the hypervisor before counting them. Signed-off-by: Gregory Smith --- tests/ovn.at | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/ovn.at b/tests/ovn.at index 488fd119b..ba83dc1bf 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -21083,6 +21083,7 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \ ofport-request=1 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) +ovn-nbctl --wait=hv sync # Get the number of OF flows in hv1 and hv2 hv1_offlows=$(as hv1 ovs-ofctl dump-flows br-int | wc -l) @@ -21097,6 +21098,7 @@ ovs-vsctl -- add-port br-int hv2-vif1 -- \ ofport-request=1 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xup]) +ovn-nbctl --wait=hv sync hv2_offlows=$(as hv2 ovs-ofctl dump-flows br-int | wc -l) echo "hv2 flows : $hv2_offlows" @@ -21135,10 +21137,11 @@ ovs-vsctl -- add-port br-int hv1-vif1 -- \ ofport-request=1 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) +ovn-nbctl --wait=hv sync # Get the number of OF flows in hv1 and hv2 hv1_offlows_mon=$(as hv1 ovs-ofctl dump-flows br-int | wc -l) -echo "hv1 flows after monitor-all=true : $hv1_offlows" +echo "hv1 flows after monitor-all=true : $hv1_offlows_mon" AT_CHECK([test "$hv1_offlows" = "$hv1_offlows_mon"]) as hv2 @@ -21149,9 +21152,10 @@ ovs-vsctl -- add-port br-int hv2-vif1 -- \ ofport-request=1 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xup]) +ovn-nbctl --wait=hv sync hv2_offlows_mon=$(as hv2 ovs-ofctl dump-flows br-int | wc -l) -echo "hv2 flows after monitor-all=true : $hv2_offlows" +echo "hv2 flows after monitor-all=true : $hv2_offlows_mon" AT_CHECK([test "$hv2_offlows" = "$hv2_offlows_mon"]) OVN_CLEANUP([hv1], [hv2]) -- 2.28.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] tests: Only use POSIX-compliant comm flags.
Fixes: ba40e1c5 ("Support logical switches with multiple localnet ports")
Signed-off-by: Gregory Smith
---
tests/ovn.at | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 488fd119b..540e77d11 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -50,7 +50,7 @@ m4_define([OVN_CHECK_PACKETS_REMOVE_BROADCAST],
m4_define([OVN_CHECK_PACKETS_CONTAIN],
[ovn_check_packets__ "$1" "$2"
- AT_CHECK([sort $rcv_text | comm --nocheck-order -2 -3 expout -], [0], [])])
+ AT_CHECK([sort $rcv_text | comm -2 -3 expout -], [0], [])])
AT_BANNER([OVN components])
--
2.28.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] tests: Only use POSIX-compliant comm flags.
Fixes: ba40e1c5 ("Support logical switches with multiple localnet ports")
Signed-off-by: Gregory Smith
---
tests/ovn.at | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 488fd119b..540e77d11 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -50,7 +50,7 @@ m4_define([OVN_CHECK_PACKETS_REMOVE_BROADCAST],
m4_define([OVN_CHECK_PACKETS_CONTAIN],
[ovn_check_packets__ "$1" "$2"
- AT_CHECK([sort $rcv_text | comm --nocheck-order -2 -3 expout -], [0], [])])
+ AT_CHECK([sort $rcv_text | comm -2 -3 expout -], [0], [])])
AT_BANNER([OVN components])
--
2.28.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] tests: Use ovn-nbctl --wait=hv for DHCP option tests.
This patch makes the "dhcpv4 : 1 HV, 2 LS, 2 LSPs/LS" testcase more
deterministic, by waiting for updates to DHCP options to take effect on
the hypervisor, before sending a DHCP request.
Fixes: b06319993deb ("Fix the data type for DHCP option tftp_server (66)")
Fixes: d79bb92c4b49 ("Add support for DHCP domain search option (119)")
Signed-off-by: Gregory Smith
---
tests/ovn.at | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 6f1ab5926..488fd119b 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -5815,7 +5815,7 @@ rm -f 2.expected
# Set tftp server option (IPv4 address) for ls1
echo "-- Set tftp server (IPv4 address) "
-ovn-nbctl dhcp-options-set-options $d1 server_id=10.0.0.1 \
+ovn-nbctl --wait=hv dhcp-options-set-options $d1 server_id=10.0.0.1 \
server_mac=ff:10:00:00:00:01 lease_time=3600 router=10.0.0.1 \
tftp_server=10.10.10.10
echo "--"
@@ -5846,7 +5846,7 @@ rm -f 2.expected
# Set tftp server option (Hostname) for ls1
echo "-- Set tftp server (hostname) "
-ovn-nbctl dhcp-options-set-options $d1 server_id=10.0.0.1 \
+ovn-nbctl --wait=hv dhcp-options-set-options $d1 server_id=10.0.0.1 \
server_mac=ff:10:00:00:00:01 lease_time=3600 router=10.0.0.1 \
tftp_server=\"test_tftp_server\"
echo "--"
@@ -5877,7 +5877,7 @@ rm -f 2.expected
# Set domain search list option for ls1
echo "-- Set domain search list "
-ovn-nbctl dhcp-options-set-options $d1 server_id=10.0.0.1 \
+ovn-nbctl --wait=hv dhcp-options-set-options $d1 server_id=10.0.0.1 \
server_mac=ff:10:00:00:00:01 lease_time=3600 router=10.0.0.1 \
domain_search_list=\"test1.com,test2.com\"
echo "--"
--
2.28.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Your help
May the peace of God be with you and your family.I know it will be a great surprise reading from me today but consider this a divine intervention as a pastor explained to my understanding. My name is Mrs. Elizabeth Smith .G, a widow from Oklahoma USA and am writing you from my sick bed because i have been fighting cancer and the doctors says i have only few weeks left. I want to entrust my money ($8.5 million USD) to your care for charity purposes to help the less privileged as my late husbands relatives want me dead so that they will claim all my late husband and i worked for. I will tell you more about myself and what you need to do with the money once your receive it.Please write me soon as my health is pretty bad and my doctors says i will be moved to the intensive care unit anytime soon.Have a blessed day and please do pray for me.God bless you. Yours Mrs. Elizabeth Smith .G Email: ( owor...@yahoo.com) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] test: Fix "ovn-nbctl - daemon retry connection" on musl
From: Gregory Smith
On musl libc, signal_name() returns "signal 15", not "Terminated".
Fixes: 530a1c18f ("ovn-nbctl: Daemon mode should retry when IDL...")
Signed-off-by: Gregory Smith
---
tests/ovn-nbctl.at | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 39189fd84..0f98c70d0 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -1892,5 +1892,5 @@ OVN_NBCTL_TEST_START daemon
AT_CHECK([kill `cat ovsdb-server.pid`])
AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file
--remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db], [0], [], [stderr])
AT_CHECK([ovn-nbctl show], [0], [ignore])
-OVN_NBCTL_TEST_STOP /Terminated/d
+OVN_NBCTL_TEST_STOP "/terminating with signal 15/d"
AT_CLEANUP
--
2.25.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] test: Fix "ovn-nbctl - daemon retry connection" on musl
On musl libc, signal_name() returns "signal 15", not "Terminated".
Fixes: 530a1c18f ("ovn-nbctl: Daemon mode should retry when IDL...")
Signed-off-by: Gregory Smith
---
tests/ovn-nbctl.at | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 39189fd84..0f98c70d0 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -1892,5 +1892,5 @@ OVN_NBCTL_TEST_START daemon
AT_CHECK([kill `cat ovsdb-server.pid`])
AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file
--remote=punix:$OVS_RUNDIR/ovnnb_db.sock ovn-nb.db], [0], [], [stderr])
AT_CHECK([ovn-nbctl show], [0], [ignore])
-OVN_NBCTL_TEST_STOP /Terminated/d
+OVN_NBCTL_TEST_STOP "/terminating with signal 15/d"
AT_CLEANUP
--
2.25.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Investment Seed Capital
Attn:CEO I have an investor looking to invest in entrepreneurial teams with big ideas and a need for Seed Capital to turn their business or ideas into great Companies. He has funds available for Investment and want them invested under you or your Company strict guidance. For more details, please reply to this email so we can discuss further. Yours faithfully. Kyle Smith Mobile Whatsapp + 1 (646) 441 8989 (USA) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Investment Seed Capital
Attn:CEO I have an investor looking to invest in entrepreneurial teams with big ideas and a need for Seed Capital to turn their business or ideas into great Companies. He has funds available for Investment and want them invested under you or your Company strict guidance. For more details, please reply to this email so we can discuss further. Yours faithfully. Kyle Smith Mobile Whatsapp + 1 (646) 441 8989 (USA) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Investment Project
Attn:CEO I have an investor looking to invest in entrepreneurial teams with big ideas and a need for Seed Capital to turn their business or ideas into great Companies. He has funds available for Investment and want them invested under you or your Company strict guidance. For more details, please reply to this email so we can discuss further. Yours faithfully. Kyle Smith Mobile Whatsapp + 1 (646) 441 8989 (USA) ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Loan Available.
Dear Sir, We work with a reliable and efficient company in England that specialized on bank loan at a very reasonable rate of 4% per-annul which are far much better than securing financial instrument such as Bank Guarantee (BG) or Standby Letter of Credit (SBLC). The whole process from signing of contract and the application process and approval of loan can be completed as early as ten (10) banking days or less. Contact me for further directives / information. Sincerely. Mr. Harry Smith Email: harrysmith1...@yahoo.com ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v6] pinctrl: Check requested IP in DHCPREQUEST messages
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
Signed-off-by: Gregory Smith
---
v5 -> v6
* Use get_unaligned_be32() for unaligned access.
v4 -> v5
* Fixed clang cast alignment warnings.
v3 -> v4
* Reworked the option-parsing while loop.
v2 -> v3
* Fixed long line.
v1 -> v2
* Refactored DHCP option parsing and packet boundary checks.
lib/dhcp.h | 3 +
ovn/controller/pinctrl.c | 131 ++---
ovn/lib/ovn-l7.h | 9 +++
tests/ovn.at | 188 +--
4 files changed, 266 insertions(+), 65 deletions(-)
diff --git a/lib/dhcp.h b/lib/dhcp.h
index 271e0a5..73f593a 100644
--- a/lib/dhcp.h
+++ b/lib/dhcp.h
@@ -54,7 +54,10 @@ BUILD_ASSERT_DECL(DHCP_HEADER_LEN == sizeof(struct
dhcp_header));
#define DHCP_MSG_OFFER 2
#define DHCP_MSG_REQUEST 3
#define DHCP_MSG_ACK 5
+#define DHCP_MSG_NAK 6
+#define DHCP_OPT_PAD 0
+#define DHCP_OPT_REQ_IP50
#define DHCP_OPT_MSG_TYPE 53
#define DHCP_OPT_END 255
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 56539a8..bc71220 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -608,14 +608,23 @@ pinctrl_handle_put_dhcp_opts(
*| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var
len)|
*
*/
-if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN +
-sizeof (struct dhcp_header) + sizeof(uint32_t) + 3)) {
+
+const char *end = (char *)dp_packet_l4(pkt_in) + dp_packet_l4_size(pkt_in);
+const char *in_dhcp_ptr = dp_packet_get_udp_payload(pkt_in);
+if (!in_dhcp_ptr) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
goto exit;
}
-struct dhcp_header const *in_dhcp_data = dp_packet_get_udp_payload(pkt_in);
+const struct dhcp_header *in_dhcp_data =
+ALIGNED_CAST(const struct dhcp_header *, in_dhcp_ptr);
+in_dhcp_ptr += sizeof *in_dhcp_data;
+if (in_dhcp_ptr > end) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
+goto exit;
+}
if (in_dhcp_data->op != DHCP_OP_REQUEST) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid opcode in the DHCP packet : %d",
@@ -626,41 +635,103 @@ pinctrl_handle_put_dhcp_opts(
/* DHCP options follow the DHCP header. The first 4 bytes of the DHCP
* options is the DHCP magic cookie followed by the actual DHCP options.
*/
-const uint8_t *in_dhcp_opt =
-(const uint8_t *)dp_packet_get_udp_payload(pkt_in) +
-sizeof (struct dhcp_header);
-
ovs_be32 magic_cookie = htonl(DHCP_MAGIC_COOKIE);
-if (memcmp(in_dhcp_opt, _cookie, sizeof(ovs_be32))) {
+const ovs_be32 *in_dhcp_cookie =
+ALIGNED_CAST(const ovs_be32 *, in_dhcp_ptr);
+in_dhcp_ptr += sizeof magic_cookie;
+if (in_dhcp_ptr > end ||
+get_unaligned_be32(in_dhcp_cookie) != magic_cookie) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "DHCP magic cookie not present in the DHCP packet");
goto exit;
}
-in_dhcp_opt += 4;
+const uint8_t *in_dhcp_msg_type = NULL;
+const ovs_be32 *in_dhcp_request_ip = NULL;
+while (in_dhcp_ptr < end) {
+const struct dhcp_opt_header *in_dhcp_opt =
+(const struct dhcp_opt_header *)in_dhcp_ptr;
+if (in_dhcp_opt->code == DHCP_OPT_END) {
+break;
+}
+if (in_dhcp_opt->code == DHCP_OPT_PAD) {
+in_dhcp_ptr += 1;
+continue;
+}
+in_dhcp_ptr += sizeof *in_dhcp_opt;
+if (in_dhcp_ptr > end) {
+break;
+}
+in_dhcp_ptr += in_dhcp_opt->len;
+if (in_dhcp_ptr > end) {
+break;
+}
+
+switch (in_dhcp_opt->code) {
+case DHCP_OPT_MSG_TYPE:
+if (in_dhcp_opt->len == 1) {
+in_dhcp_msg_type = (const uint8_t *)_dhcp_opt[1];
+}
+break;
+case DHCP_OPT_REQ_IP:
+if (in_dhcp_opt->len == 4) {
+in_dhcp_request_ip =
+ALIGNED_CAST(const ovs_be32 *, _dhcp_opt[1]);
+}
+break;
+default:
+break;
+}
+
+if (in_dhcp_msg_typ
Re: [ovs-dev] [PATCH v5] pinctrl: Check requested IP in DHCPREQUEST messages
Hi Ben,
Thanks for taking a look.
Ben Pfaff wrote:
> This code looks pretty optimistic about things that I'm not sure it
> should depend on. It uses ALIGNED_CAST in multiple places although I
> don't see a reason to assume that the data in question is actually
> aligned.
Right. I should've spent a little more time thinking this through before
submitting the revision. I've apparently rotted my brain on x86
development...
As for the fix: are the get_unaligned_xxx() functions the right tool to
use? I looked through pinctrl.c for other examples of unaligned access
to mimic, and I was suprised not to find any special handling (e.g., the
extraction of the 4-byte iaid in pinctrl_handle_put_dhcpv6_opts(), or
the 2-byte query_type in pinctrl_handle_dns_lookup()).
Out of curiosity, do we have any test coverage for CPU architectures
that are sensitive to alignment?
> It also appears to read out the DHCP magic cookie before it checks
> whether the packet is long enough to contain it.
I think this part was actually correct; the patch advances in_dhcp_ptr
and does a bounds check before derefercing in_dhcp_cookie.
>> +const ovs_be32 *in_dhcp_cookie =
>> +ALIGNED_CAST(const ovs_be32 *, in_dhcp_ptr);
>> +in_dhcp_ptr += sizeof *in_dhcp_cookie;
>> +if (in_dhcp_ptr > end || *in_dhcp_cookie != magic_cookie) {
Thanks,
Greg
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v5] pinctrl: Check requested IP in DHCPREQUEST messages
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
Signed-off-by: Gregory Smith
---
v4 -> v5
* Fixed clang cast alignment warnings.
v3 -> v4
* Reworked the option-parsing while loop.
v2 -> v3
* Fixed long line.
v1 -> v2
* Refactored DHCP option parsing and packet boundary checks.
lib/dhcp.h | 3 +
ovn/controller/pinctrl.c | 129 +---
ovn/lib/ovn-l7.h | 9 +++
tests/ovn.at | 188 +--
4 files changed, 264 insertions(+), 65 deletions(-)
diff --git a/lib/dhcp.h b/lib/dhcp.h
index 271e0a5..73f593a 100644
--- a/lib/dhcp.h
+++ b/lib/dhcp.h
@@ -54,7 +54,10 @@ BUILD_ASSERT_DECL(DHCP_HEADER_LEN == sizeof(struct
dhcp_header));
#define DHCP_MSG_OFFER 2
#define DHCP_MSG_REQUEST 3
#define DHCP_MSG_ACK 5
+#define DHCP_MSG_NAK 6
+#define DHCP_OPT_PAD 0
+#define DHCP_OPT_REQ_IP50
#define DHCP_OPT_MSG_TYPE 53
#define DHCP_OPT_END 255
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 56539a8..6b26d82 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -608,14 +608,23 @@ pinctrl_handle_put_dhcp_opts(
*| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var
len)|
*
*/
-if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN +
-sizeof (struct dhcp_header) + sizeof(uint32_t) + 3)) {
+
+const char *end = (char *)dp_packet_l4(pkt_in) + dp_packet_l4_size(pkt_in);
+const char *in_dhcp_ptr = dp_packet_get_udp_payload(pkt_in);
+if (!in_dhcp_ptr) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
goto exit;
}
-struct dhcp_header const *in_dhcp_data = dp_packet_get_udp_payload(pkt_in);
+const struct dhcp_header *in_dhcp_data =
+ALIGNED_CAST(const struct dhcp_header *, in_dhcp_ptr);
+in_dhcp_ptr += sizeof *in_dhcp_data;
+if (in_dhcp_ptr > end) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
+goto exit;
+}
if (in_dhcp_data->op != DHCP_OP_REQUEST) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid opcode in the DHCP packet : %d",
@@ -626,41 +635,101 @@ pinctrl_handle_put_dhcp_opts(
/* DHCP options follow the DHCP header. The first 4 bytes of the DHCP
* options is the DHCP magic cookie followed by the actual DHCP options.
*/
-const uint8_t *in_dhcp_opt =
-(const uint8_t *)dp_packet_get_udp_payload(pkt_in) +
-sizeof (struct dhcp_header);
-
ovs_be32 magic_cookie = htonl(DHCP_MAGIC_COOKIE);
-if (memcmp(in_dhcp_opt, _cookie, sizeof(ovs_be32))) {
+const ovs_be32 *in_dhcp_cookie =
+ALIGNED_CAST(const ovs_be32 *, in_dhcp_ptr);
+in_dhcp_ptr += sizeof *in_dhcp_cookie;
+if (in_dhcp_ptr > end || *in_dhcp_cookie != magic_cookie) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "DHCP magic cookie not present in the DHCP packet");
goto exit;
}
-in_dhcp_opt += 4;
+const uint8_t *in_dhcp_msg_type = NULL;
+const ovs_be32 *in_dhcp_request_ip = NULL;
+while (in_dhcp_ptr < end) {
+const struct dhcp_opt_header *in_dhcp_opt =
+(const struct dhcp_opt_header *)in_dhcp_ptr;
+if (in_dhcp_opt->code == DHCP_OPT_END) {
+break;
+}
+if (in_dhcp_opt->code == DHCP_OPT_PAD) {
+in_dhcp_ptr += 1;
+continue;
+}
+
+in_dhcp_ptr += sizeof *in_dhcp_opt + in_dhcp_opt->len;
+if (in_dhcp_ptr > end) {
+break;
+}
+
+switch (in_dhcp_opt->code) {
+case DHCP_OPT_MSG_TYPE:
+if (in_dhcp_opt->len == 1) {
+in_dhcp_msg_type = (const uint8_t *)_dhcp_opt[1];
+}
+break;
+case DHCP_OPT_REQ_IP:
+if (in_dhcp_opt->len == 4) {
+in_dhcp_request_ip =
+ALIGNED_CAST(const ovs_be32 *, _dhcp_opt[1]);
+}
+break;
+default:
+break;
+}
+
+if (in_dhcp_msg_type && in_dhcp_request_ip) {
+break;
+}
+}
+
/* Check that the DHCP Message Type (opt 53) is present or not with
- * valid values - DHCP_MSG_DISCOVE
[ovs-dev] [PATCH v4] pinctrl: Check requested IP in DHCPREQUEST messages
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
v3 -> v4
* Reworked the option-parsing while loop.
v2 -> v3
* Fixed long line.
v1 -> v2
* Refactored DHCP option parsing and packet boundary checks.
Signed-off-by: Gregory Smith
---
lib/dhcp.h | 3 +
ovn/controller/pinctrl.c | 127 +---
ovn/lib/ovn-l7.h | 9 +++
tests/ovn.at | 188 +--
4 files changed, 262 insertions(+), 65 deletions(-)
diff --git a/lib/dhcp.h b/lib/dhcp.h
index 271e0a5..73f593a 100644
--- a/lib/dhcp.h
+++ b/lib/dhcp.h
@@ -54,7 +54,10 @@ BUILD_ASSERT_DECL(DHCP_HEADER_LEN == sizeof(struct
dhcp_header));
#define DHCP_MSG_OFFER 2
#define DHCP_MSG_REQUEST 3
#define DHCP_MSG_ACK 5
+#define DHCP_MSG_NAK 6
+#define DHCP_OPT_PAD 0
+#define DHCP_OPT_REQ_IP50
#define DHCP_OPT_MSG_TYPE 53
#define DHCP_OPT_END 255
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 56539a8..44e9844 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -608,14 +608,23 @@ pinctrl_handle_put_dhcp_opts(
*| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var
len)|
*
*/
-if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN +
-sizeof (struct dhcp_header) + sizeof(uint32_t) + 3)) {
+
+const char *end = (char *)dp_packet_l4(pkt_in) + dp_packet_l4_size(pkt_in);
+const char *in_dhcp_ptr = dp_packet_get_udp_payload(pkt_in);
+if (!in_dhcp_ptr) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
goto exit;
}
-struct dhcp_header const *in_dhcp_data = dp_packet_get_udp_payload(pkt_in);
+const struct dhcp_header *in_dhcp_data =
+ (const struct dhcp_header *)in_dhcp_ptr;
+in_dhcp_ptr += sizeof *in_dhcp_data;
+if (in_dhcp_ptr > end) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
+goto exit;
+}
if (in_dhcp_data->op != DHCP_OP_REQUEST) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid opcode in the DHCP packet : %d",
@@ -626,41 +635,99 @@ pinctrl_handle_put_dhcp_opts(
/* DHCP options follow the DHCP header. The first 4 bytes of the DHCP
* options is the DHCP magic cookie followed by the actual DHCP options.
*/
-const uint8_t *in_dhcp_opt =
-(const uint8_t *)dp_packet_get_udp_payload(pkt_in) +
-sizeof (struct dhcp_header);
-
ovs_be32 magic_cookie = htonl(DHCP_MAGIC_COOKIE);
-if (memcmp(in_dhcp_opt, _cookie, sizeof(ovs_be32))) {
+const ovs_be32 *in_dhcp_cookie = (const ovs_be32 *)in_dhcp_ptr;
+in_dhcp_ptr += sizeof *in_dhcp_cookie;
+if (in_dhcp_ptr > end || *in_dhcp_cookie != magic_cookie) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "DHCP magic cookie not present in the DHCP packet");
goto exit;
}
-in_dhcp_opt += 4;
+const uint8_t *in_dhcp_msg_type = NULL;
+const ovs_be32 *in_dhcp_request_ip = NULL;
+while (in_dhcp_ptr < end) {
+const struct dhcp_opt_header *in_dhcp_opt =
+(const struct dhcp_opt_header *)in_dhcp_ptr;
+if (in_dhcp_opt->code == DHCP_OPT_END) {
+break;
+}
+if (in_dhcp_opt->code == DHCP_OPT_PAD) {
+in_dhcp_ptr += 1;
+continue;
+}
+
+in_dhcp_ptr += sizeof *in_dhcp_opt + in_dhcp_opt->len;
+if (in_dhcp_ptr > end) {
+break;
+}
+
+switch (in_dhcp_opt->code) {
+case DHCP_OPT_MSG_TYPE:
+if (in_dhcp_opt->len == 1) {
+in_dhcp_msg_type = (const uint8_t *)_dhcp_opt[1];
+}
+break;
+case DHCP_OPT_REQ_IP:
+if (in_dhcp_opt->len == 4) {
+in_dhcp_request_ip = (const ovs_be32 *)_dhcp_opt[1];
+}
+break;
+default:
+break;
+}
+
+if (in_dhcp_msg_type && in_dhcp_request_ip) {
+break;
+}
+}
+
/* Check that the DHCP Message Type (opt 53) is present or not with
- * valid values - DHCP_MSG_DISCOVER or DHCP_MSG_REQUEST as the first
- * DHCP option.
+ * valid values - DHCP_MSG_DISCOVER or DHCP_MSG_REQUEST.
*/
-if
[ovs-dev] [PATCH v2] pinctrl: Check requested IP in DHCPREQUEST messages
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
Signed-off-by: Gregory Smith
---
v1 -> v2
* Refactored DHCP option parsing and packet boundary checks.
lib/dhcp.h | 3 +
ovn/controller/pinctrl.c | 124 ---
ovn/lib/ovn-l7.h | 9 +++
tests/ovn.at | 188 +--
4 files changed, 259 insertions(+), 65 deletions(-)
diff --git a/lib/dhcp.h b/lib/dhcp.h
index 271e0a5..73f593a 100644
--- a/lib/dhcp.h
+++ b/lib/dhcp.h
@@ -54,7 +54,10 @@ BUILD_ASSERT_DECL(DHCP_HEADER_LEN == sizeof(struct
dhcp_header));
#define DHCP_MSG_OFFER 2
#define DHCP_MSG_REQUEST 3
#define DHCP_MSG_ACK 5
+#define DHCP_MSG_NAK 6
+#define DHCP_OPT_PAD 0
+#define DHCP_OPT_REQ_IP50
#define DHCP_OPT_MSG_TYPE 53
#define DHCP_OPT_END 255
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 56539a8..20e4d19 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -608,14 +608,23 @@ pinctrl_handle_put_dhcp_opts(
*| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var
len)|
*
*/
-if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN +
-sizeof (struct dhcp_header) + sizeof(uint32_t) + 3)) {
+
+const char *end = (char *)dp_packet_l4(pkt_in) + dp_packet_l4_size(pkt_in);
+const char *in_dhcp_ptr = dp_packet_get_udp_payload(pkt_in);
+if (!in_dhcp_ptr) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
goto exit;
}
-struct dhcp_header const *in_dhcp_data = dp_packet_get_udp_payload(pkt_in);
+const struct dhcp_header *in_dhcp_data =
+ (const struct dhcp_header *)in_dhcp_ptr;
+in_dhcp_ptr += sizeof *in_dhcp_data;
+if (in_dhcp_ptr > end) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
+goto exit;
+}
if (in_dhcp_data->op != DHCP_OP_REQUEST) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid opcode in the DHCP packet : %d",
@@ -626,41 +635,96 @@ pinctrl_handle_put_dhcp_opts(
/* DHCP options follow the DHCP header. The first 4 bytes of the DHCP
* options is the DHCP magic cookie followed by the actual DHCP options.
*/
-const uint8_t *in_dhcp_opt =
-(const uint8_t *)dp_packet_get_udp_payload(pkt_in) +
-sizeof (struct dhcp_header);
-
ovs_be32 magic_cookie = htonl(DHCP_MAGIC_COOKIE);
-if (memcmp(in_dhcp_opt, _cookie, sizeof(ovs_be32))) {
+const ovs_be32 *in_dhcp_cookie = (const ovs_be32 *)in_dhcp_ptr;
+in_dhcp_ptr += sizeof *in_dhcp_cookie;
+if (in_dhcp_ptr > end || *in_dhcp_cookie != magic_cookie) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "DHCP magic cookie not present in the DHCP packet");
goto exit;
}
-in_dhcp_opt += 4;
+const uint8_t *in_dhcp_msg_type = NULL;
+const ovs_be32 *in_dhcp_request_ip = NULL;
+while (true) {
+const struct dhcp_opt_header *in_dhcp_opt =
+(const struct dhcp_opt_header *)in_dhcp_ptr;
+in_dhcp_ptr += 1;
+if (in_dhcp_ptr > end || in_dhcp_opt->code == DHCP_OPT_END) {
+break;
+} else if (in_dhcp_opt->code == DHCP_OPT_PAD) {
+continue;
+}
+in_dhcp_ptr += 1;
+if (in_dhcp_ptr > end) {
+break;
+}
+in_dhcp_ptr += in_dhcp_opt->len;
+if (in_dhcp_ptr > end) {
+break;
+}
+switch (in_dhcp_opt->code) {
+case DHCP_OPT_MSG_TYPE:
+if (in_dhcp_opt->len == 1) {
+in_dhcp_msg_type = (const uint8_t *)_dhcp_opt[1];
+}
+break;
+case DHCP_OPT_REQ_IP:
+if (in_dhcp_opt->len == 4) {
+in_dhcp_request_ip = (const ovs_be32 *)_dhcp_opt[1];
+}
+break;
+default:
+break;
+}
+}
+
/* Check that the DHCP Message Type (opt 53) is present or not with
- * valid values - DHCP_MSG_DISCOVER or DHCP_MSG_REQUEST as the first
- * DHCP option.
+ * valid values - DHCP_MSG_DISCOVER or DHCP_MSG_REQUEST.
*/
-if (!(in_dhcp_opt[0] == DHCP_OPT_MSG_TYPE && in_dhcp_opt[1] == 1 && (
-in_dhcp_opt[2] == DHCP_MSG_DISCOVER ||
Re: [ovs-dev] [PATCH] pinctrl: Check requested IP in DHCPREQUEST messages
Numan Siddique wrote: > On Fri, Nov 16, 2018 at 11:03 PM Gregory Smith wrote: > > > See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the > > server should validate that the client's requested IP matches the > > offered IP. > > When we added the native DHCP support in OVN, we primarily had > OpenStack in mind and wanted to get rid of neutron dhcp agent service. > In the case of OpenStack, when a port is created, the IP address is > assigned to it by the Neutron IPAM. This IP address will most likely > will remain the same for the port. So we added a simple native DHCP > implementation. > > I want to understand the use case for this requirement. Can you please > give more details. Does a CMS update the address of a logical port at > a later point of time ? We’ve been cloning windows VMs, and we’ve observed that the clone sometimes requests its parent’s IP address during boot, despite having been assigned a new adapter MAC address. The Windows DHCP client gets confused when it gets a DHCPACK for a different address, and reacts by repeating its original DHCPREQUEST. After a few retries, it gives up and uses the old address. It never sends a DHCPDISCOVER. By contrast, when the Windows DHCP client recieves a DHCPNAK, it immediately sends a DHCPDISCOVER to discover its new address. Regarding OpenStack: I understand that it is not common to change a Neutron port's IP address assignment, but this is certainly a supported workflow. Are there any other parts of OVN that assume the port's IP address assignment is immutable? Greg ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] pinctrl: Check requested IP in DHCPREQUEST messages
See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.
Signed-off-by: Gregory Smith
---
lib/dhcp.h | 3 +
ovn/controller/pinctrl.c | 79 +---
tests/ovn.at | 188 +--
3 files changed, 220 insertions(+), 50 deletions(-)
diff --git a/lib/dhcp.h b/lib/dhcp.h
index 271e0a5..73f593a 100644
--- a/lib/dhcp.h
+++ b/lib/dhcp.h
@@ -54,7 +54,10 @@ BUILD_ASSERT_DECL(DHCP_HEADER_LEN == sizeof(struct
dhcp_header));
#define DHCP_MSG_OFFER 2
#define DHCP_MSG_REQUEST 3
#define DHCP_MSG_ACK 5
+#define DHCP_MSG_NAK 6
+#define DHCP_OPT_PAD 0
+#define DHCP_OPT_REQ_IP50
#define DHCP_OPT_MSG_TYPE 53
#define DHCP_OPT_END 255
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 56539a8..2c1a380 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -608,8 +608,11 @@ pinctrl_handle_put_dhcp_opts(
*| UDP HEADER | DHCP HEADER | 4 Byte DHCP Cookie | DHCP OPTIONS(var
len)|
*
*/
-if (dp_packet_l4_size(pkt_in) < (UDP_HEADER_LEN +
-sizeof (struct dhcp_header) + sizeof(uint32_t) + 3)) {
+
+size_t pkt_in_l4_size = dp_packet_l4_size(pkt_in);
+size_t req_l4_size = (UDP_HEADER_LEN +
+ sizeof (struct dhcp_header) + sizeof(uint32_t) + 3);
+if (pkt_in_l4_size < req_l4_size) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
VLOG_WARN_RL(, "Invalid or incomplete DHCP packet received");
goto exit;
@@ -655,12 +658,58 @@ pinctrl_handle_put_dhcp_opts(
if (in_dhcp_opt[2] == DHCP_MSG_DISCOVER) {
msg_type = DHCP_MSG_OFFER;
} else {
+/* This is a DHCPREQUEST. If the client has requested an IP that
+ * does not match the offered IP address, reply with a NAK. The
+ * requested IP address may be supplied either via Requested IP Address
+ * (opt 50) or via ciaddr, depending on the client's state.
+ */
+ovs_be32 *request_ip = NULL;
+in_dhcp_opt += 3;
+while (!request_ip) {
+req_l4_size += 1;
+if (pkt_in_l4_size < req_l4_size ||
+in_dhcp_opt[0] == DHCP_OPT_END) {
+break;
+}
+if (in_dhcp_opt[0] == DHCP_OPT_PAD) {
+in_dhcp_opt += 1;
+continue;
+}
+req_l4_size += 1;
+if (pkt_in_l4_size < req_l4_size) {
+break;
+}
+req_l4_size += in_dhcp_opt[1];
+if (pkt_in_l4_size < req_l4_size) {
+break;
+}
+if (in_dhcp_opt[0] == DHCP_OPT_REQ_IP && in_dhcp_opt[1] == 4) {
+request_ip = (ovs_be32 *)_dhcp_opt[2];
+}
+in_dhcp_opt += 2 + in_dhcp_opt[1];
+}
msg_type = DHCP_MSG_ACK;
+if (request_ip) {
+if (*request_ip != *offer_ip) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "DHCPREQUEST requested IP "IP_FMT" does not "
+ "match offer "IP_FMT, IP_ARGS(*request_ip),
+ IP_ARGS(*offer_ip));
+msg_type = DHCP_MSG_NAK;
+}
+} else if (in_dhcp_data->ciaddr != *offer_ip) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+VLOG_WARN_RL(, "DHCPREQUEST ciaddr "IP_FMT" does not match "
+ "offer "IP_FMT, IP_ARGS(in_dhcp_data->ciaddr),
+ IP_ARGS(*offer_ip));
+msg_type = DHCP_MSG_NAK;
+}
}
/* Frame the DHCP reply packet
* Total DHCP options length will be options stored in the userdata +
- * 16 bytes.
+ * 16 bytes. Note that the DHCP options stored in userdata are not included
+ * in DHCPNAK messages.
*
* --
*| 4 Bytes (dhcp cookie) | 3 Bytes (option type) | DHCP options |
@@ -668,8 +717,10 @@ pinctrl_handle_put_dhcp_opts(
*| 4 Bytes padding | 1 Byte (option end 0xFF ) | 4 Bytes padding|
* --
*/
-uint16_t new_l4_size = UDP_HEADER_LEN + DHCP_HEADER_LEN + \
- userdata->size + 16;
+uint16_t new_l4_size = UDP_HEADER_LEN + DHCP_HEADER_LEN + 16;
+if (msg_type != DHCP_MSG_NAK) {
+new_l4_size += user
[ovs-dev] Attention
Hello My name is Veronica Smith, I work with the National Bank of the Virgin Islands. I am contacting you because i have a client who has mandated me to source a middle man for a 4,000,000 barrels of Libyan Crude Oil sales. They are offering the middleman a 20% commission from the proceeds.I am proposing that you be the middle man for my client. I will detail you further on your response. SincerelyVeronica SmithSr. Banking ExecutiveBusiness Banking UnitNational Bank of the Virgin IslandsEmail: veronica.sm...@emailn.eu ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Network virtualization User Contact List.
Hello there, I would like to know if you are interested in acquiring Network virtualization User Contact List. Information fields: Names, Title, Email, Phone, Company Name, Company URL, Company physical address, SIC Code, Industry, Company Size (Revenue and Employee). Let me know if you are interested and I will get back to you with the counts and pricing. Regards, Katelyn Smith. Marketing Executive To opt out, please reply with Leave Out in the Subject Line. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] HII
-- Hello My Dear, is nice to meet you, my names are Mary Smith, how are you doing,i hope all is well with you (mariasmitha...@gmail.com),i look forward to reading from you soon, Yours Friend, Mary Smith. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] SAP SuccessFactors Users List
Hi, I would like to know if you are interested in acquiring SAP SuccessFactors Users List for your marketing campaigns. These are the information fields that we provide for each contacts: Names, Title, Email, Phone, Company Name, Company URL, and Company physical address, SIC Code, Industry and Company Size (Revenue and Employee). Let me know if you have any other target criteria and I will get back to you with the counts and pricing. Regards, Katelyn Smith Marketing Executive to opt out, please reply with Leave Out in the Subject Line. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Dell Software Users List
Hello there, I would like to know if you are interested in acquiring Dell Software Users List? Information fields: Names, Title, Email, Phone, Company Name, Company URL, Company physical address, SIC Code, Industry and Company Size (Revenue and Employee). Let me know if you are interested and I will get back to you with the counts and pricing. Regards, Katelyn Smith Marketing Executive to opt out, please reply with Leave Out in the Subject Line. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Bug Tracking Software Users List
Hello there, I would like to know if you are interested in acquiring Bug Tracking Software Users List. Some Bug Tracking Software Users Like: Zoho Projects, CaseCamp.com, QuickBase, Bugzilla, MantisBT, devZing, Axosoft, IBM Rational, ServiceNow Security Operations, BugAware, and many more... Information fields: Names, Title, Email, Phone, Company Name, Company URL, Company physical address, SIC Code, Industry, Company Size (Revenue and Employee). Let me know if you are interested and I will get back to you with the counts, sample and pricing. Regards, Katelyn Smith Marketing Executive To opt out, please reply with Leave Out in the Subject Line. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] SAP SuccessFactors Users List
Hello there, I would like to know if you are interested in acquiring SAP SuccessFactors Users List. Information fields: Names, Title, Email, Phone, Company Name, Company URL, Company physical address, SIC Code, Industry, Company Size (Revenue and Employee). We also have related technology users like: Workday, Taleo, Kenexa, PeopleSoft, SAP Ariba, Infor, Oracle, Salesforce, BusinessObjects, Sybase, NetSuite and many more... Let me know if you are interested and I will get back to you with the counts and pricing. Regards, Katelyn Smith Marketing Executive To opt out, please reply with Leave Out in the Subject Line. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Any Industry Professionals Contact Info
Hi, Hope all is well! Would you like to reach the Newly Updated Opt-In Email List which includes complete contact details and tele-verified email addresses. Every lead comes with Name, Company, Title, Website, Physical Address, Employee Size, Revenue Size, Industry, SIC, Phone Number and Opt-In Email Address. Services: Email Lists - Email Appending - Email Campaigns - Application Development - SEO/PPC - Website Building SN Industries Counts 1. IT Executives List CIO, CTO, CISO, IT-VP, IT-Director, IT Manager, MIS Manager etc. 718,205 2. Technology Users SAP, MS Users, Oracle, ERP, CRM, Sage, Accounting Software, VMware, etc. 95,565 3. Information Technology Computer Hardware, Software, and IT Resellers (Value Added Resellers), etc. 94,587 4. CRM users list MS Dynamic CRM, Siebel, SAP, Salesforce, IBM Lotus, Sage Saleslogix, etc. 84,253 5. Health-care Industry Hospitals, Clinics, Physicians and Doctors, Nurses, Specialists etc. 31,88,133 6. Finance & Banking Insurance Agents, Banks, Financial Services, Credit Agency, Mortgage Bankers, etc. 690,182 7. Marketing Professionals Lists CMO, VP of Marketing, Director of Marketing, Marketing Manager etc. 397,450 8 Business Intelligence Networking software, IT security software, Database application users list. 95,240 9. Automotive Industry Automobile dealers, New & Used Car Dealers, Used Car Dealers etc. 37,450 10. Manufacturing Industry Food, Kindred Products, Textile, Apparel, Furniture, Fixtures, etc. 910,673 11. HR Professionals List VP of HR, HR Director & HR Manager etc. 861,403 12. Education Industry Schools, College, University, Teachers, K-12 education etc. 85,540 13. Construction Real estate, Architectural firms, Power and Energy, Electrical, Transportation etc. 528,757 14. All C-level executives List CEO, CFO, CIO, CTO, CMO, CISO, CSO, COO, CNO etc. 3 Million+ Just let us know your exact target audience (Location, Industry, and Job Titles you wish to reach)? Thanks & Regards, Laura Smith Marketing Coordinator - To remove from this mailing: reply with subject line as "leave out."http://e.sbemaillinks.email/mail/index.php/lists/mr2890zrqsf8d/unsubscribe/bh762ad9tl0e6/bq4338m2eh115;>Unsubscribe ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Business Proposal 2017
Hi Good day. Would you be interested to get in touch with Key Decision Makers across B2B industry sector as mentioned below? We provide complete contact information like dual verified Opt-in Email address, direct Phone no and other business information. Below are the Industry sector, Job titles and Geographies we service: Industries: Mining, Oil & Gas, Food & Beverage, Pharmaceutical, Biotechnology, Chemical, Construction, Automotive, Aerospace, Aviation, Marine, Manufacturing, Energy, Travel & Tourism, Wholesale, Retail, Finance, Real Estate, Information Technology, Hospitality, Leisure, Healthcare, Business Services. Job Titles: CEO, CFO, CMO, CTO, CRO, President, Owners, Founders, Chairman, Managing Directors, VP, Directors, Managers and other decision makers. Departments: Marketing, Sales, HR, IT, Operational, Purchasing, Procurement and other you wish to reach. Geography: North America, South America, APAC, Middle East, Africa, Europe and United Kingdom. Kindly let me know your specifications so that I shall send across more details accordingly. Look forward to hearing from you. Regards, Niklaus Smith Business Development Executive Global Database Consultants Quality data drives quality decision! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] Docker/PuppetLabs/Chef Customers list
Hi, A gentle follow up to my previous email. Please share your thoughts so that we can proceed accordingly. Awaiting your response. Best regards, Eva From: Eva Smith [mailto:eva.sm...@leadspioneer.com] Sent: Wednesday, May 10, 2017 3:20 PM To: 'd...@openvswitch.org' Subject: Docker/PuppetLabs/Chef Customers list Hi, Hope all is well at your end. I am writing to check if you would be interested in reaching out to the customers of following: . Docker . PuppetLabs . Chef . VmWare . Jenkins We also have list for lead personas like: . CEO, CTO, CIO, COO,VP, Director and Managers of IT, Operations, Engineering and Product Development, Project Managers Please share your thoughts and also advise if we can connect on a quick call to discuss this in detail. Look forward to an opportunity to work with you. Regards, Eva Smith Lead generation department Brigade ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] Docker/PuppetLabs/Chef Customers list
Hi, Hope all is well at your end. I am writing to check if you would be interested in reaching out to the customers of following: . Docker . PuppetLabs . Chef . VmWare . Jenkins We also have list for lead personas like: . CEO, CTO, CIO, COO,VP, Director and Managers of IT, Operations, Engineering and Product Development, Project Managers Please share your thoughts and also advise if we can connect on a quick call to discuss this in detail. Look forward to an opportunity to work with you. Regards, Eva Smith Lead generation department Brigade ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] You have been nominated for the £2 million charity support
You have been nominated for the charity program to support Prince Alwaleed Bin Tala, please contact: http://bit.do/23awsa for more information. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] B2b Email Marketing List
Hi There, Hope this email finds you well. Would you like to acquire the below mentioned technologies users with *Verified Email List?* We are a Global Technology User’s List Provider’s with *250 Million Plus *data and counting. *Technology Users* *CRM Users* *Business Intelligence* *Cloud Computing Users* *Other Technology Users* Accounting Software User Sugar CRM SAP BI Amazon Web Services SAP Users QuickBooks Zoho CRM IBM Cognos Cloud Bees IBM Users Acumatica Web CRM ApeSoft Rack Space Oracle Users AME Accounting Software Sales force CRM Birst Google Apps Jd Edwards Users Financial Force SAP CRM Data Applied Go grid Cisco Users Open Systems Accounting Software Microsoft Dynamic CRM Dimensional Insight Right Scale Citrix Users NOSA XP and more Sage CRM and more. Dynamic AI and more Sales force and more. Virtualization Users and more Kindly let us know based on the below data fields to provide you with detailed information for your review. Target Technology: Target Titles: Target Geography: Await your response! Thanks, Becky Smith *Marketing Analyst* To Opt out Response Unsubscribe in subjectline ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
