From: Pravin Shelar <pravin.ovn@gmail.com>
To: Lorenzo Bianconi <lorenzo@kernel.org>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Numan Siddique <nusiddiq@redhat.com>,
Greg Rose <gvrose8192@gmail.com>,
lorenzo.bianconi@redhat.com, ovs dev <dev@openvswitch.org>
Subject: Re: [PATCH net] openvswitch: take into account de-fragmentation in execute_check_pkt_len
Date: Sat, 20 Jun 2020 00:01:35 -0700 [thread overview]
Message-ID: <CAOrHB_B2GO51hRy_kj3kdJKrFURFbKubhGvanLKCRHDc9DKeyg@mail.gmail.com> (raw)
In-Reply-To: <74266291a0aba929919f71ff3dbd1c36392bb4c4.1592567032.git.lorenzo@kernel.org>
On Fri, Jun 19, 2020 at 4:48 AM Lorenzo Bianconi <lorenzo@kernel.org> wrote:
>
> ovs connection tracking module performs de-fragmentation on incoming
> fragmented traffic. Take info account if traffic has been de-fragmented
> in execute_check_pkt_len action otherwise we will perform the wrong
> nested action considering the original packet size. This issue typically
> occurs if ovs-vswitchd adds a rule in the pipeline that requires connection
> tracking (e.g. OVN stateful ACLs) before execute_check_pkt_len action.
>
> Fixes: 4d5ec89fc8d14 ("net: openvswitch: Add a new action check_pkt_len")
> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> ---
> net/openvswitch/actions.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
> index fc0efd8833c8..9f4dd64e53bb 100644
> --- a/net/openvswitch/actions.c
> +++ b/net/openvswitch/actions.c
> @@ -1169,9 +1169,10 @@ static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb,
> struct sw_flow_key *key,
> const struct nlattr *attr, bool last)
> {
> + struct ovs_skb_cb *ovs_cb = OVS_CB(skb);
> const struct nlattr *actions, *cpl_arg;
> const struct check_pkt_len_arg *arg;
> - int rem = nla_len(attr);
> + int len, rem = nla_len(attr);
> bool clone_flow_key;
>
> /* The first netlink attribute in 'attr' is always
> @@ -1180,7 +1181,8 @@ static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb,
> cpl_arg = nla_data(attr);
> arg = nla_data(cpl_arg);
>
> - if (skb->len <= arg->pkt_len) {
> + len = ovs_cb->mru ? ovs_cb->mru : skb->len;
> + if (len <= arg->pkt_len) {
We could also check for the segmented packet and use segment length
for this check.
next prev parent reply other threads:[~2020-06-20 7:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 11:48 [PATCH net] openvswitch: take into account de-fragmentation in execute_check_pkt_len Lorenzo Bianconi
2020-06-20 7:01 ` Pravin Shelar [this message]
2020-06-22 12:02 ` Lorenzo Bianconi
2020-06-22 15:59 ` Pravin Shelar
2020-06-22 20:46 ` Lorenzo Bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOrHB_B2GO51hRy_kj3kdJKrFURFbKubhGvanLKCRHDc9DKeyg@mail.gmail.com \
--to=pravin.ovn@gmail.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=gvrose8192@gmail.com \
--cc=lorenzo.bianconi@redhat.com \
--cc=lorenzo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nusiddiq@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.