[ovs-git] [openvswitch/ovs] ba479b: ofproto: Fix wrong datapath flow with same in_port...

GitHub noreply at github.com
Mon Jan 22 18:22:21 UTC 2018 

  Branch: refs/heads/branch-2.8
  Home:   https://github.com/openvswitch/ovs
  Commit: ba479b349391637e5081382e375dc91b47ea8d4a
      https://github.com/openvswitch/ovs/commit/ba479b349391637e5081382e375dc91b47ea8d4a
  Author: Lilijun (Jerry) <jerry.lilijun at huawei.com>
  Date:   2018-01-22 (Mon, 22 Jan 2018)

  Changed paths:
    M ofproto/ofproto-dpif-xlate.c

  Log Message:
  -----------
  ofproto: Fix wrong datapath flow with same in_port and output port.

In my test, the new datapath flow which has the same in_port and actions
output port was found using ovs-appctl dpctl/dump-flows.  Then the mac
address will move from one port to another and back it again in the
physical switch. This problem result in the VM's traffic become abnormal.

My test key steps:

    1) There are three VM using ovs bridge and intel 82599 nics as uplink
    port, deployed in different hosts connecting to the same physical
    switch. They can be named using VM-A, VM-B and VM-C, Host-A, Host-B,
    Host-C.

    2) VM-A send many unicast packets to VM-B, and VM-B also send unicast
    packets to VM-A.

    3) VM-C ping VM-A continuously, and do ovs port add/delete testing in
    Host-C ovs bridge.

    4) In some abormal scence, the physical switch clear all the mac-entry
    on each ports. Then Host-C ovs bridge's uplink port will receive two
    direction packets(VM-A to VM-B, and VM-B to VM-A).

The expected result is that this two direction packets should be droppd in
the uplink port. Because the dst port of this packets is the uplink port
which is also the src port by looking ovs bridge's mac-entry table learned
by ovs NORMAL rules.  But the truth is some packets being sent back to
uplink port and physical switch. And then VM-A's mac was moved to the
physical switch port of Host-C from the port of Host-A, as a reulst, VM-C
ping VM-A failed at this time.  When this problem occurs, the abnormal ovs
datapath's flow "in_port(2) actions:2" was found by executing the command
"ovs-appctl dpctl/dump-flows".

Currently, xlate_normal() uses xbundle pointer compare to verify the
packet's dst port whether is same with its input port. This implemention
may be wrong while calling xlate_txn_start/xlate_txn_commit in type_run()
at the same time, because xcfg/xbridge/xbundle object was reallocated and
copied just before we lookup the dst mac_port and mac_xbundle. Then
mac_xbundle and in_xbundle are same related with the uplink port but not
same object pointer.

And we can fix this bug by adding ofbundle check conditions shown in my
patch.

Signed-off-by: Lilijun <jerry.lilijun at huawei.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>

More information about the git mailing list