[ovs-git] [openvswitch/ovs] 430092: datapath: Pass net into ovs_fragment.

GitHub noreply at github.com
Mon Jun 27 12:23:51 UTC 2016


  Branch: refs/heads/branch-2.5
  Home:   https://github.com/openvswitch/ovs
  Commit: 43009218f2fc3eddfea5a4c6f06ab7019f5af2ce
      https://github.com/openvswitch/ovs/commit/43009218f2fc3eddfea5a4c6f06ab7019f5af2ce
  Author: Eric W. Biederman <ebiederm at xmission.com>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M datapath/actions.c

  Log Message:
  -----------
  datapath: Pass net into ovs_fragment.

Upstream commit:
    openvswitch: Pass net into ovs_fragment

    In preparation for the ipv4 and ipv6 fragmentation code taking a net
    parameter pass a struct net into ovs_fragment where the v4 and v6
    fragmentation code is called.

    Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>

Upstream: c559cd3ad32b ("openvswitch: Pass net into ovs_fragment")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: 5bb45e2c539dd6ebd20c33a4c0826a60bcac0258
      https://github.com/openvswitch/ovs/commit/5bb45e2c539dd6ebd20c33a4c0826a60bcac0258
  Author: Eric W. Biederman <ebiederm at xmission.com>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M acinclude.m4
    M datapath/actions.c
    M datapath/linux/compat/include/net/ip.h

  Log Message:
  -----------
  compat: ipv4: Pass struct net through ip_fragment.

Upstream commit:
    ipv4: Pass struct net through ip_fragment

    Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>

Upstream: 694869b3c544 ("ipv4: Pass struct net through ip_fragment")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


  Commit: 624818b8634f278bffb03ac71e260a2216a6ebfd
      https://github.com/openvswitch/ovs/commit/624818b8634f278bffb03ac71e260a2216a6ebfd
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-06-27 (Mon, 27 Jun 2016)

  Changed paths:
    M datapath/linux/Modules.mk
    M datapath/linux/compat/include/net/ip.h
    A datapath/linux/compat/ip_output.c

  Log Message:
  -----------
  compat: Backport ip_do_fragment().

Prior to upstream Linux commit d6b915e29f4a ("ip_fragment: don't forward
defragmented DF packet"), the fragmentation behaviour was incorrect when
dealing with linear skbs, as it would not respect the "max_frag_size"
that ip_defrag() provides, but instead attempt to use the output
device's MTU.

If OVS reassembles an IP message and passes it up to userspace, it
also provides a PACKET_ATTR_MRU to indicate the maximum received unit
size for this message. When userspace executes actions to output this
packet, it passes the MRU back down and this is the desired refragment
size. When the packet data is placed back into the skb in the execute
path, a frags list is not created so fragmentation code will treat it
as one big linear skb. Due to the above bug it would use the device's
MTU to refragment instead of the provided MRU. In the case of regular
ports, this is not too dangerous as the MTU would be a reasonable value.
However, in the case of a tunnel port the typical MTU is a very large
value. As such, rather than refragmenting the message on output, it
would simply output the (too-large) frame to the tunnel.

Depending on the tunnel type and other factors, this large frame could
be dropped along the path, or it could end up at the remote tunnel
endpoint and end up being delivered towards a remote host stack or VM.
If OVS is also controlling that endpoint, it will likely drop the packet
when sending to the final destination, because the packet exceeds the
port MTU.

Different OpenFlow rule configurations could end up preventing IP
messages from being refragmented correctly for as many as the first four
attempts in each connection.

Fix this issue by backporting ip_do_fragment() so that it will respect
the MRU value that is provided in the execute path.

VMWare-BZ: #1651589
Fixes: 213e1f54b4b3 ("compat: Wrap IPv4 fragmentation.")
Reported-by: Salman Malik <salmanm at vmware.com>
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Jesse Gross <jesse at kernel.org>


Compare: https://github.com/openvswitch/ovs/compare/dcb9f93609ef...624818b8634f


More information about the git mailing list