Dear Open vSwitch Team,
I am writing to report a bug I encountered while using Open vSwitch. Below are
the details of the issue:
I. Bug Description I found an issue that When fragmented packets perform the
dec_ttl action first and then the SNAT action, the SNAT action does not take
effect.
I am unable to find the corresponding conntrack through "ovs-appctl
dpctl/dump-conntrack", and using "ovs-appctl coverage/show | grep ipf", I see
the error statistics "ipf_l3csum_err 0.4/sec 0.400/sec 0.0256/sec total: 92".
During the code walkthrough, it was found that when performing the del_ttl
action, the ip->ttl was modified, but the ip checksum was not recalculated. The
ipf judged the fragmented packets as illegal.
Code:
static void
odp_set_ipv4(struct dp_packet *packet, const struct ovs_key_ipv4 *key,
const struct ovs_key_ipv4 *mask)
{
......
if (OVS_LIKELY(mask->ipv4_ttl)) {
new_ttl = key->ipv4_ttl | (nh->ip_ttl & ~mask->ipv4_ttl);
if (OVS_LIKELY(nh->ip_ttl != new_ttl)) {
if (dp_packet_hwol_tx_ip_csum(packet)) {
dp_packet_ol_reset_ip_csum_good(packet); // remove
ip_checksum_good flag, and not recalc ip_csum
} else {
nh->ip_csum = recalc_csum16(nh->ip_csum,
htons(nh->ip_ttl << 8),
htons(new_ttl << 8));
}
nh->ip_ttl = new_ttl;
static bool
ipf_is_valid_v4_frag(struct ipf *ipf, struct dp_packet *pkt)
{ .......
if (OVS_UNLIKELY(!dp_packet_ip_checksum_good(pkt)
&& csum(l3, ip_hdr_len) != 0)) {
COVERAGE_INC(ipf_l3csum_err); //
goto invalid_pkt;
}
1. Steps to Reproduce
a. Add an OpenFlow flow table entry, and the action is to perform
dec_ttl first and then SNAT.
b. Send fragmented packets. 2. Expected Behavior
SNAT work, Packets with the source IP changed after SNAT can be captured on
the outbound interface. 3. Actual Behavior
The packets captured on the output interface are packets that have not
undergone SNAT address conversion.
II. System Information1. Open vSwitch Version
ovs-vswitchd (Open vSwitch) 3.3.2
DPDK 23.11.2
4. Kernel Version and OS Details
Kernel Version: Linux version 5.4.0-144-generic (buildd@lcy02-amd64-089) (gcc
version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #161-Ubuntu SMP Fri Feb 3
14:49:04 UTC 2023IV. Possible Solution or Workaround
V. Additional Information
Similar problems exist not only in this one place. Are there any patches for
such problems at present? Or how can they be solved?
Thank you for your attention to this matter. I hope this report helps in
resolving the issue quickly.
Best regards,
[Your Name]
[Your Contact Information]
from Alimail Windows_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
