[ovs-git] [openvswitch/ovs] 025813: datapath: Pass net into ovs_fragment.

GitHub noreply at github.com
Mon Jun 27 09:27:46 UTC 2016 

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 025813bb8e10a5adf783a74efe0c8ce955450896
      https://github.com/openvswitch/ovs/commit/025813bb8e10a5adf783a74efe0c8ce955450896
  Author: Eric W. Biederman <ebiederm at xmission.com>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M datapath/actions.c

  Log Message:
  -----------
  datapath: Pass net into ovs_fragment.

Upstream commit:
    openvswitch: Pass net into ovs_fragment

    In preparation for the ipv4 and ipv6 fragmentation code taking a net
    parameter pass a struct net into ovs_fragment where the v4 and v6
    fragmentation code is called.

    Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>

Upstream: c559cd3ad32b ("openvswitch: Pass net into ovs_fragment")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: 0374bcbe2911414cf35bf6708064b68ea6750ccb
      https://github.com/openvswitch/ovs/commit/0374bcbe2911414cf35bf6708064b68ea6750ccb
  Author: Eric W. Biederman <ebiederm at xmission.com>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M acinclude.m4
    M datapath/actions.c
    M datapath/linux/compat/include/net/ip.h

  Log Message:
  -----------
  compat: ipv4: Pass struct net through ip_fragment.

Upstream commit:
    ipv4: Pass struct net through ip_fragment

    Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>

Upstream: 694869b3c544 ("ipv4: Pass struct net through ip_fragment")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: ea2bad6bda2cfb75b060a66a8c37f69d0ee63b23
      https://github.com/openvswitch/ovs/commit/ea2bad6bda2cfb75b060a66a8c37f69d0ee63b23
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M datapath/linux/Modules.mk
    M datapath/linux/compat/include/net/ip.h
    A datapath/linux/compat/ip_output.c

  Log Message:
  -----------
  compat: Backport ip_do_fragment().

Prior to upstream Linux commit d6b915e29f4a ("ip_fragment: don't forward
defragmented DF packet"), the fragmentation behaviour was incorrect when
dealing with linear skbs, as it would not respect the "max_frag_size"
that ip_defrag() provides, but instead attempt to use the output
device's MTU.

If OVS reassembles an IP message and passes it up to userspace, it
also provides a PACKET_ATTR_MRU to indicate the maximum received unit
size for this message. When userspace executes actions to output this
packet, it passes the MRU back down and this is the desired refragment
size. When the packet data is placed back into the skb in the execute
path, a frags list is not created so fragmentation code will treat it
as one big linear skb. Due to the above bug it would use the device's
MTU to refragment instead of the provided MRU. In the case of regular
ports, this is not too dangerous as the MTU would be a reasonable value.
However, in the case of a tunnel port the typical MTU is a very large
value. As such, rather than refragmenting the message on output, it
would simply output the (too-large) frame to the tunnel.

Depending on the tunnel type and other factors, this large frame could
be dropped along the path, or it could end up at the remote tunnel
endpoint and end up being delivered towards a remote host stack or VM.
If OVS is also controlling that endpoint, it will likely drop the packet
when sending to the final destination, because the packet exceeds the
port MTU.

Different OpenFlow rule configurations could end up preventing IP
messages from being refragmented correctly for as many as the first four
attempts in each connection.

Fix this issue by backporting ip_do_fragment() so that it will respect
the MRU value that is provided in the execute path.

VMWare-BZ: #1651589
Fixes: 213e1f54b4b3 ("compat: Wrap IPv4 fragmentation.")
Reported-by: Salman Malik <salmanm at vmware.com>
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: 13a1d366d99910e0c96c74aed472157a2a0f68b1
      https://github.com/openvswitch/ovs/commit/13a1d366d99910e0c96c74aed472157a2a0f68b1
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M tests/system-traffic.at

  Log Message:
  -----------
  system-traffic: Remove basic connectivity tests.

For many of the tests, we would first execute a "basic connectivity
check" to validate the sanity of the setup before running the test
traffic which probes the actual OVS behaviour. However, by running
traffic through the rules prior to running the test, it is more likely
that the traffic hits datapath flows and doesn't test the "execute" path
(from userspace to kernel). This can hide some classes of bugs.

The first few tests in system-traffic already check the basic sanity of
the environment, so these redundant pieces are unnecessary. Remove them.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


Compare: https://github.com/openvswitch/ovs/compare/2225c0b9355e...13a1d366d999

More information about the git mailing list