Re: [ovs-dev] [PATCH 1/2] datapath: Properly set L4 keys on "later" IP fragments
On 8/28/2019 5:17 PM, Justin Pettit wrote: On Aug 28, 2019, at 4:50 PM, Greg Rose wrote: Upstream commit: commit ad06a566e118e57b852cab5933dbbbaebb141de3 Author: Greg Rose Date: Tue Aug 27 07:58:09 2019 -0700 openvswitch: Properly set L4 keys on "later" IP fragments When IP fragments are reassembled before being sent to conntrack, the key from the last fragment is used. Unless there are reordering issues, the last fragment received will not contain the L4 ports, so the key for the reassembled datagram won't contain them. This patch updates the key once we have a reassembled datagram. The handle_fragments() function works on L3 headers so we pull the L3/L4 flow key update code from key_extract into a new function 'key_extract_l3l4'. Then we add a another new function ovs_flow_key_update_l3l4() and export it so that it is accessible by handle_fragments() for conntrack packet reassembly. Co-authored-by: Justin Pettit Signed-off-by: Greg Rose Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Cc: Justin Pettit Signed-off-by: Greg Rose Thanks, Greg. I was able to cleanly apply this to master and branch-2.12. Would you be able to provide backports to older OVS versions? I think fragment reassembly was introduce in OVS 2.5. Thanks! I can do that. - Greg --Justin ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 1/2] datapath: Properly set L4 keys on "later" IP fragments
> On Aug 28, 2019, at 4:50 PM, Greg Rose wrote: > > Upstream commit: >commit ad06a566e118e57b852cab5933dbbbaebb141de3 >Author: Greg Rose >Date: Tue Aug 27 07:58:09 2019 -0700 > >openvswitch: Properly set L4 keys on "later" IP fragments > >When IP fragments are reassembled before being sent to conntrack, the >key from the last fragment is used. Unless there are reordering >issues, the last fragment received will not contain the L4 ports, so the >key for the reassembled datagram won't contain them. This patch updates >the key once we have a reassembled datagram. > >The handle_fragments() function works on L3 headers so we pull the L3/L4 >flow key update code from key_extract into a new function >'key_extract_l3l4'. Then we add a another new function >ovs_flow_key_update_l3l4() and export it so that it is accessible by >handle_fragments() for conntrack packet reassembly. > >Co-authored-by: Justin Pettit >Signed-off-by: Greg Rose >Acked-by: Pravin B Shelar >Signed-off-by: David S. Miller > > Cc: Justin Pettit > Signed-off-by: Greg Rose Thanks, Greg. I was able to cleanly apply this to master and branch-2.12. Would you be able to provide backports to older OVS versions? I think fragment reassembly was introduce in OVS 2.5. Thanks! --Justin ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 1/2] datapath: Properly set L4 keys on "later" IP fragments
> On Aug 28, 2019, at 5:05 PM, Yi-Hung Wei wrote: > > Thanks for the backport. > > Acked-by: Yi-Hung Wei Thanks, Yi-Hung. I already pushed the backports. --Justin ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH 1/2] datapath: Properly set L4 keys on "later" IP fragments
On Wed, Aug 28, 2019 at 4:50 PM Greg Rose wrote: > > Upstream commit: > commit ad06a566e118e57b852cab5933dbbbaebb141de3 > Author: Greg Rose > Date: Tue Aug 27 07:58:09 2019 -0700 > > openvswitch: Properly set L4 keys on "later" IP fragments > > When IP fragments are reassembled before being sent to conntrack, the > key from the last fragment is used. Unless there are reordering > issues, the last fragment received will not contain the L4 ports, so the > key for the reassembled datagram won't contain them. This patch updates > the key once we have a reassembled datagram. > > The handle_fragments() function works on L3 headers so we pull the L3/L4 > flow key update code from key_extract into a new function > 'key_extract_l3l4'. Then we add a another new function > ovs_flow_key_update_l3l4() and export it so that it is accessible by > handle_fragments() for conntrack packet reassembly. > > Co-authored-by: Justin Pettit > Signed-off-by: Greg Rose > Acked-by: Pravin B Shelar > Signed-off-by: David S. Miller > > Cc: Justin Pettit > Signed-off-by: Greg Rose > --- Thanks for the backport. Acked-by: Yi-Hung Wei ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
