From patchwork Tue May 29 18:06:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li,Rongqing via dev" X-Patchwork-Id: 922299 X-Patchwork-Delegate: pshelar@ovn.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=openvswitch.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=digitalocean.com header.i=@digitalocean.com header.b="UjEuPStY"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40wMB22JBLz9s1d for ; Wed, 30 May 2018 04:06:50 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 05798D8E; Tue, 29 May 2018 18:06:34 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C463AD8B for ; Tue, 29 May 2018 18:06:32 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f194.google.com (mail-qt0-f194.google.com [209.85.216.194]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E659D6DB for ; Tue, 29 May 2018 18:06:30 +0000 (UTC) Received: by mail-qt0-f194.google.com with SMTP id q6-v6so19823169qtn.3 for ; Tue, 29 May 2018 11:06:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalocean.com; s=google; h=from:to:cc:subject:date:message-id; bh=KROjtjxRtezR/CrcbC0629Y6V9p5Abv8Q9Ep8NDPhXU=; b=UjEuPStYlGN4RAB6AO4uZTGf+jpjJ/m51XuZsUzpmSxCQv2sL7JwlY/B56BMYOgjX/ 8DLAX/kVP+5m1+U1vpgFJkFFNQm6dksBBN/nlegyr980AGEY61fp/6j2UxAn0Fzmjeu4 xULV9FOsozzGMrd0TUADdcpXwqQ8elmYS/DLU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=KROjtjxRtezR/CrcbC0629Y6V9p5Abv8Q9Ep8NDPhXU=; b=ZvmGMR66KFJ3VKbck5YbHdintrhmNu5Y5xOt+vXCG/rwlgfBc9OSrTHLP6+ZYUFMLw sz28ovRSmAEWvj8tOB97+vs57RfE5lkzEZSjrxDz4xmtekji2TEd+30Iqy3G/2OCht6W oP1+DxTg68zrFjESN5M9UyCONKVA6ODFNvv8kHhbZufTxvKSPzh9WxSM6eKweSUyRi0/ SXJgE/Gy+b05MzuqUU0fmKlrHeJGmops2kDhtJVq0FIY1s4D2lUNRc2rYHHNryYVwQ0N 8Hpi4mQdquJ12ciyRSldRsX86SSiAvkjyW1lL/JdCnvvBKyBe3B1Zbdy/oAlAcyzKtEI 4OpA== X-Gm-Message-State: ALKqPwfEMvNzEdxvrGiRiRil0toR/gfzN4GFUqxLbbnogMJ3cAHlLaNu sPgSUMKs+2E7nhGh0Y82SH3p+HsGt2EfKg== X-Google-Smtp-Source: ADUXVKKxDw0z4zQDguZTxf50mPlQjxOUvovwDnZ0ESIFqUSUAbs345+xWNHNRA6GjLbOa8vB+mZk/A== X-Received: by 2002:ac8:3a64:: with SMTP id w91-v6mr18097629qte.339.1527617189750; Tue, 29 May 2018 11:06:29 -0700 (PDT) Received: from localhost.localdomain ([165.227.115.194]) by smtp.gmail.com with ESMTPSA id q77-v6sm4942045qki.73.2018.05.29.11.06.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 29 May 2018 11:06:29 -0700 (PDT) To: dev@openvswitch.org Date: Tue, 29 May 2018 18:06:19 +0000 Message-Id: <1527617179-28985-1-git-send-email-neal@digitalocean.com> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH] datapath: ensure UFO traffic is actually fragmented X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Neal Shrader via dev From: "Li,Rongqing via dev" Reply-To: Neal Shrader MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org While investigating a kernel panic, our team noticed that UDP traffic recieved by an STT tunnel will always have a gso_type set as SKB_GSO_UDP. After decap, we also noticed that traffic that had this flag set had its fragmentation type set as OVS_FRAG_TYPE_FIRST during key extraction. When the connection tracker encounters this, it assumes it's already dealing with fragmented traffic, which might not be the case. This patch simply ensures we're dealing with an actual fragment before sending the skb off to be reassembled. Reported-by: Johannes Erdfelt Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-May/046800.html Signed-off-by: Neal Shrader --- datapath/conntrack.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index e53b8e3..04dbeb4 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -1187,9 +1187,18 @@ int ovs_ct_execute(struct net *net, struct sk_buff *skb, return err; if (key->ip.frag != OVS_FRAG_TYPE_NONE) { - err = handle_fragments(net, key, info->zone.id, skb); - if (err) - return err; + bool real_fragment = true; + +#ifdef HAVE_SKB_GSO_UDP + if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP) + real_fragment = !!(ip_hdr(skb)->frag_off & htons(IP_OFFSET | IP_MF)); +#endif + + if (real_fragment) { + err = handle_fragments(net, key, info->zone.id, skb); + if (err) + return err; + } } if (info->commit)