[ovs-discuss] Flow removed message bug

Romain Lenglet romain at midokura.jp
Tue Feb 22 00:29:35 UTC 2011 

Hi all,

How about following the Robustness Principle, as defined in RFC 1122:
1.2.2 Robustness Principle At every layer of the protocols, there is a general rule whose application can lead to enormous benefits in robustness and interoperability [IP:1]: "Be liberal in what you accept, and conservative in what you send" Software should be written to deal with every conceivable error, no matter how unlikely; sooner or later a packet will come in with that particular combination of errors and attributes, and unless the software is prepared, chaos can ensue. In general, it is best to assume that the network is filled with malevolent entities that will send in packets designed to have the worst possible effect.

...

OVS follows that principle, by normalizing wildcards in input and sending only normalized wildcards.
NOX doesn't, so NOX should be fixed, and the OpenFlow standard should be more precise to enforce the Robustness Principle, IMHO.

NOX (Python API) has an even worse security-related problem when using wildcards: I have observed that when a field is wildcarded, that field's value is just garbage that comes from uninitialized memory. So NOX may send sensitive information from RAM on the wire. That's not acceptable. NOX should definitely normalize its output: zero out undefined wildcard bits, zero out wildcarded fields, etc.

Sincerely,
-- 
Romain Lenglet

On Tuesday, February 22, 2011 at 03:27, kk yap wrote: 
> Hi,
> 
> I believe maintaining the wildcards would be enough. To me, the
> following two matches are the same:
> 
> Wildcards = ALL - DL_TYPE, DL_TYPE = 5, IP_SRC = 100...
> Wildcards = ALL - DL_TYPE, DL_TYPE = 5, IP_SRC = 0...
> 
> I believe Ben and Justin is saying that it is reasonable to maintain
> the wildcard field. Seems like we have a working solution?
> 
> I will post this on the openflow-spec list for the words to be cleared
> up. The priority field worries me a little more, such I think exact
> match is normalized to priority 65535? Should that be maintained in
> flow_removed? I wonder.
> 
> Regards
> KK
> 
> On 21 February 2011 09:30, Ben Pfaff <blp at nicira.com> wrote:
> > On Sun, Feb 20, 2011 at 11:36 PM, Derek Cormier
> > <derek.cormier at lab.ntt.co.jp> wrote:
> > > I see what you mean and I agree that a switch shouldn't store unnecessary
> > > information. But is it really a burden in this case? The wildcards are
> > > stored in a single 32-bit integer, so no extra space is needed.
> > 
> > The data structure that OVS uses for classification requires that
> > wildcarded fields
> > be zeroed for efficiency reasons. In other words, storing the wildcards isn't a
> > big deal, but storing nonzero values of wildcarded fields would require extra
> > memory. So I'd rather not do it, although certainly it's not a huge
> > deal if in the
> > OVS has to.
> > 
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110222/4a4a5a3b/attachment-0001.html>

More information about the discuss mailing list