Re: [ovs-dev] [PATCH] ovn: Allow DNS lookups over IPv6
On Fri, Feb 09, 2018 at 11:45:17AM -0600, Mark Michelson wrote: > On 02/09/2018 11:35 AM, Ben Pfaff wrote: > >On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote: > >>There was a bug in DNS request handling where the incoming packet was > >>assumed to be IPv4. > >> > >>The result was that for the outgoing packet, we would attempt to write > >>the IPv4 checksum and total length into what was actually an IPv6 > >>header. This resulted in the source IPv6 address getting corrupted. > >>Later, the source and destination IPv6 addresses would get swapped, > >>resulting in the DNS response being sent to a nonsense destination. > >> > >>With this change, we check the ethertype of the packet to determine what > >>l3 information to write, and where to write it. A test is also included > >>that verifies that this works as expected. > >> > >>Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608 > >>Signed-off-by: Mark Michelson > > > >Thank you for the fix and the test! I applied this to master and > >branch-2.9. Let me know if you want it backported further. > > > >I folded in the following nonessential correction pointed out by > >"sparse": > > > >--8<--cut here-->8-- > > > >diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c > >index 6654d7f49396..14c95ff547ff 100644 > >--- a/ovn/controller/pinctrl.c > >+++ b/ovn/controller/pinctrl.c > >@@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup( > > out_udp->udp_csum = 0; > > struct eth_header *eth = dp_packet_data(&pkt_out); > >-if (eth->eth_type == ntohs(ETH_TYPE_IP)) { > >+if (eth->eth_type == htons(ETH_TYPE_IP)) { > > struct ip_header *out_ip = dp_packet_l3(&pkt_out); > > out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs > > + new_l4_size); > > > > Thanks Ben. This error is present in 2.8 as well. OK, I backported it there too. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] ovn: Allow DNS lookups over IPv6
On 02/09/2018 11:35 AM, Ben Pfaff wrote: On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote: There was a bug in DNS request handling where the incoming packet was assumed to be IPv4. The result was that for the outgoing packet, we would attempt to write the IPv4 checksum and total length into what was actually an IPv6 header. This resulted in the source IPv6 address getting corrupted. Later, the source and destination IPv6 addresses would get swapped, resulting in the DNS response being sent to a nonsense destination. With this change, we check the ethertype of the packet to determine what l3 information to write, and where to write it. A test is also included that verifies that this works as expected. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608 Signed-off-by: Mark Michelson Thank you for the fix and the test! I applied this to master and branch-2.9. Let me know if you want it backported further. I folded in the following nonessential correction pointed out by "sparse": --8<--cut here-->8-- diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c index 6654d7f49396..14c95ff547ff 100644 --- a/ovn/controller/pinctrl.c +++ b/ovn/controller/pinctrl.c @@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup( out_udp->udp_csum = 0; struct eth_header *eth = dp_packet_data(&pkt_out); -if (eth->eth_type == ntohs(ETH_TYPE_IP)) { +if (eth->eth_type == htons(ETH_TYPE_IP)) { struct ip_header *out_ip = dp_packet_l3(&pkt_out); out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs + new_l4_size); Thanks Ben. This error is present in 2.8 as well. Mark ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] ovn: Allow DNS lookups over IPv6
On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote: > There was a bug in DNS request handling where the incoming packet was > assumed to be IPv4. > > The result was that for the outgoing packet, we would attempt to write > the IPv4 checksum and total length into what was actually an IPv6 > header. This resulted in the source IPv6 address getting corrupted. > Later, the source and destination IPv6 addresses would get swapped, > resulting in the DNS response being sent to a nonsense destination. > > With this change, we check the ethertype of the packet to determine what > l3 information to write, and where to write it. A test is also included > that verifies that this works as expected. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608 > Signed-off-by: Mark Michelson Thank you for the fix and the test! I applied this to master and branch-2.9. Let me know if you want it backported further. I folded in the following nonessential correction pointed out by "sparse": --8<--cut here-->8-- diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c index 6654d7f49396..14c95ff547ff 100644 --- a/ovn/controller/pinctrl.c +++ b/ovn/controller/pinctrl.c @@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup( out_udp->udp_csum = 0; struct eth_header *eth = dp_packet_data(&pkt_out); -if (eth->eth_type == ntohs(ETH_TYPE_IP)) { +if (eth->eth_type == htons(ETH_TYPE_IP)) { struct ip_header *out_ip = dp_packet_l3(&pkt_out); out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs + new_l4_size); ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev