[ovs-discuss] IPv6 fragmented packet is not handled correctly
Ken Ajiro
ajiro at mxw.nes.nec.co.jp
Thu May 9 15:24:19 UTC 2013
Hello,
I'm evaluating OVS 1.7.3.
I'd like to report an unexpected behavior of OVS.
* What you did that make the problem appear?
Send two of IPv6 fragmented packets (not first fragment).
For example:
# netwox 142 -d Eth1 --ip6-exts "2c 0600008012345678"
* What you expected to happen?
1st packet will be upcalled to ovs-vswitchd.
2nd packet will be forwarded in datapath.
* What actually happened.
Both packets were upcalled to ovs-vswitchd.
Also, following lines are logged.
2013-05-09T14:46:11Z|00491|ofproto_dpif|WARN|unexpected flow from datapath in_port(1),eth(src=00:0c:29:9e:2c:f6,dst=00:08:09:0a:0b:0c),eth_type(0x86dd),ipv6(src=::,dst=::,label=0,proto=44,tclass=0,hlimit=0,frag=later)
2013-05-09T14:46:16Z|00492|dpif|WARN|system at br0: failed to flow_del (No such file or directory) in_port(1),eth(src=00:0c:29:9e:2c:f6,dst=00:08:09:0a:0b:0c),eth_type(0x86dd),ipv6(src=::,dst=::,label=0,proto=44,tclass=0,hlimit=0,frag=later)
* The Open vSwitch version number (as output by "ovs-vswitchd
--version").
---------
# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 1.7.3
Compiled May 9 2013 19:36:46
OpenFlow versions 0x1:0x1
---------
* The Git commit number (as output by "git rev-parse HEAD"),
if you built from a Git snapshot.
Not from git.
* Any local patches or changes you have applied (if any).
No patches are applied.
* The kernel version on which Open vSwitch is running (from
/proc/version) and the distribution and version number of
your OS (e.g. "Centos 5.0").
Distribution is RHEL 6.1
kernel is:
Linux version 2.6.32-131.0.15.el6.x86_64 (mockbuild at x86-007.build.bos.redhat.com) (gcc version 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Tue May 10 15:42:40 EDT 2011
* The contents of the vswitchd configuration database (usually
/etc/openvswitch/conf.db).
It's shown on any configuration.
* The output of "ovs-dpctl show".
---------
# ovs-dpctl show
system at br0:
lookups: hit:292241 missed:65347420 lost:34828526
flows: 0
port 0: br0 (internal)
port 1: eth1
port 2: eth2
---------
* If you have Open vSwitch configured to connect to an
OpenFlow controller, the output of "ovs-ofctl show <bridge>"
for each <bridge> configured in the vswitchd configuration
database.
No OpenFlow controller was set.
* A fix or workaround, if you have one.
Modify parse_ipv6() at ovs/lib/flow.c as:
---------
*** flow.c 2012-12-10 15:11:18.000000000 +0900
--- flow.c.new 2013-05-10 00:13:08.000000000 +0900
***************
*** 202,214 ****
return EINVAL;
}
/* We only process the first fragment. */
if (frag_hdr->ip6f_offlg != htons(0)) {
! if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) == htons(0)) {
! flow->nw_frag = FLOW_NW_FRAG_ANY;
! } else {
flow->nw_frag |= FLOW_NW_FRAG_LATER;
nexthdr = IPPROTO_FRAGMENT;
break;
}
}
--- 202,213 ----
return EINVAL;
}
/* We only process the first fragment. */
if (frag_hdr->ip6f_offlg != htons(0)) {
! flow->nw_frag = FLOW_NW_FRAG_ANY;
! if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
flow->nw_frag |= FLOW_NW_FRAG_LATER;
nexthdr = IPPROTO_FRAGMENT;
break;
}
}
---------
In original code, FLOW_NW_FRAG_LATER is specified alone but
it looks like that it should be specified together with FLOW_NW_FRAG_ANY.
* Any other information that you think might be relevant.
None.
Thanks,
Ken
--
Ken Ajiro
More information about the discuss
mailing list