[ovs-discuss] IPv6 fragmented packet is not handled correctly

Ken Ajiro ajiro at mxw.nes.nec.co.jp
Thu May 9 15:24:19 UTC 2013


 Hello,

 I'm evaluating OVS 1.7.3.
 I'd like to report an unexpected behavior of OVS.

 * What you did that make the problem appear?

   Send two of IPv6 fragmented packets (not first fragment).
   For example:
   # netwox 142 -d Eth1 --ip6-exts "2c 0600008012345678"

 * What you expected to happen?

   1st packet will be upcalled to ovs-vswitchd.
   2nd packet will be forwarded in datapath.

 * What actually happened.

   Both packets were upcalled to ovs-vswitchd.
   Also, following lines are logged.

2013-05-09T14:46:11Z|00491|ofproto_dpif|WARN|unexpected flow from datapath in_port(1),eth(src=00:0c:29:9e:2c:f6,dst=00:08:09:0a:0b:0c),eth_type(0x86dd),ipv6(src=::,dst=::,label=0,proto=44,tclass=0,hlimit=0,frag=later)
2013-05-09T14:46:16Z|00492|dpif|WARN|system at br0: failed to flow_del (No such file or directory) in_port(1),eth(src=00:0c:29:9e:2c:f6,dst=00:08:09:0a:0b:0c),eth_type(0x86dd),ipv6(src=::,dst=::,label=0,proto=44,tclass=0,hlimit=0,frag=later)

 * The Open vSwitch version number (as output by "ovs-vswitchd
    --version").

---------   
# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 1.7.3
Compiled May  9 2013 19:36:46
OpenFlow versions 0x1:0x1
---------   

 * The Git commit number (as output by "git rev-parse HEAD"),
   if you built from a Git snapshot.

   Not from git.

 * Any local patches or changes you have applied (if any).

   No patches are applied.

 * The kernel version on which Open vSwitch is running (from
   /proc/version) and the distribution and version number of
   your OS (e.g. "Centos 5.0").

   Distribution is RHEL 6.1
   kernel is:
   Linux version 2.6.32-131.0.15.el6.x86_64 (mockbuild at x86-007.build.bos.redhat.com) (gcc version 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Tue May 10 15:42:40 EDT 2011

 * The contents of the vswitchd configuration database (usually
   /etc/openvswitch/conf.db).

   It's shown on any configuration.

 * The output of "ovs-dpctl show".

---------   
# ovs-dpctl show
system at br0:
        lookups: hit:292241 missed:65347420 lost:34828526
        flows: 0
        port 0: br0 (internal)
        port 1: eth1
        port 2: eth2
---------   

 * If you have Open vSwitch configured to connect to an
   OpenFlow controller, the output of "ovs-ofctl show <bridge>"
   for each <bridge> configured in the vswitchd configuration
   database.

   No OpenFlow controller was set.

 * A fix or workaround, if you have one.

   Modify parse_ipv6() at ovs/lib/flow.c as:

---------   
*** flow.c      2012-12-10 15:11:18.000000000 +0900
--- flow.c.new  2013-05-10 00:13:08.000000000 +0900
***************
*** 202,214 ****
                  return EINVAL;
              }

              /* We only process the first fragment. */
              if (frag_hdr->ip6f_offlg != htons(0)) {
!                 if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) == htons(0)) {
!                     flow->nw_frag = FLOW_NW_FRAG_ANY;
!                 } else {
                      flow->nw_frag |= FLOW_NW_FRAG_LATER;
                      nexthdr = IPPROTO_FRAGMENT;
                      break;
                  }
              }
--- 202,213 ----
                  return EINVAL;
              }

              /* We only process the first fragment. */
              if (frag_hdr->ip6f_offlg != htons(0)) {
!                 flow->nw_frag = FLOW_NW_FRAG_ANY;
!                 if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
                      flow->nw_frag |= FLOW_NW_FRAG_LATER;
                      nexthdr = IPPROTO_FRAGMENT;
                      break;
                  }
              }
---------   

   In original code, FLOW_NW_FRAG_LATER is specified alone but
   it looks like that it should be specified together with FLOW_NW_FRAG_ANY.

 * Any other information that you think might be relevant.

   None.


 Thanks,
 Ken

-- 
Ken Ajiro



More information about the discuss mailing list