[net-next] openvswitch: Derive IP protocol number for IPv6 later frags

Message ID 1533921581-22806-1-git-send-email-yihung.wei@gmail.com
State Changes Requested
Delegated to: David Miller
Headers show
Series
  • [net-next] openvswitch: Derive IP protocol number for IPv6 later frags
Related show

Commit Message

Yi-Hung Wei Aug. 10, 2018, 5:19 p.m.
Currently, OVS only parses the IP protocol number for the first
IPv6 fragment, but sets the IP protocol number for the later fragments
to be NEXTHDF_FRAGMENT.  This patch tries to derive the IP protocol
number for the IPV6 later frags so that we can match that.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
---
 net/openvswitch/flow.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

Pravin Shelar Aug. 13, 2018, 1:09 a.m. | #1
On Fri, Aug 10, 2018 at 10:19 AM, Yi-Hung Wei <yihung.wei@gmail.com> wrote:
> Currently, OVS only parses the IP protocol number for the first
> IPv6 fragment, but sets the IP protocol number for the later fragments
> to be NEXTHDF_FRAGMENT.  This patch tries to derive the IP protocol
> number for the IPV6 later frags so that we can match that.
>
> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
> ---
>  net/openvswitch/flow.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
> index 56b8e7167790..3d654c4f71be 100644
> --- a/net/openvswitch/flow.c
> +++ b/net/openvswitch/flow.c
> @@ -297,7 +297,13 @@ static int parse_ipv6hdr(struct sk_buff *skb, struct sw_flow_key *key)
>
>         nh_len = payload_ofs - nh_ofs;
>         skb_set_transport_header(skb, nh_ofs + nh_len);
> -       key->ip.proto = nexthdr;
> +       if (key->ip.frag == OVS_FRAG_TYPE_LATER) {
> +               unsigned int offset = 0;
> +
> +               key->ip.proto = ipv6_find_hdr(skb, &offset, -1, NULL, NULL);
> +       } else {
> +               key->ip.proto = nexthdr;
> +       }
parsing ipv6 ipv6_skip_exthdr() is called to find fragment hdr and
then this patch calls ipv6_find_hdr() to find next protocol. I think
we could call ipv6_find_hdr() to get fragment type and next hdr, that
would save parsing same packet twice in some cases.

Other option would be calling ipv6_find_hdr() after setting OVS_FRAG_TYPE_LATER.
William Tu Aug. 13, 2018, 5:48 p.m. | #2
On Sun, Aug 12, 2018 at 6:09 PM Pravin Shelar <pshelar@ovn.org> wrote:
>
> On Fri, Aug 10, 2018 at 10:19 AM, Yi-Hung Wei <yihung.wei@gmail.com> wrote:
> > Currently, OVS only parses the IP protocol number for the first
> > IPv6 fragment, but sets the IP protocol number for the later fragments
> > to be NEXTHDF_FRAGMENT.  This patch tries to derive the IP protocol
> > number for the IPV6 later frags so that we can match that.
> >
> > Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
> > ---
> >  net/openvswitch/flow.c | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
> > index 56b8e7167790..3d654c4f71be 100644
> > --- a/net/openvswitch/flow.c
> > +++ b/net/openvswitch/flow.c
> > @@ -297,7 +297,13 @@ static int parse_ipv6hdr(struct sk_buff *skb, struct sw_flow_key *key)
> >
> >         nh_len = payload_ofs - nh_ofs;
> >         skb_set_transport_header(skb, nh_ofs + nh_len);
> > -       key->ip.proto = nexthdr;
> > +       if (key->ip.frag == OVS_FRAG_TYPE_LATER) {
> > +               unsigned int offset = 0;

How about we start the 2nd time parsing from
unsigned int offset = payload_ofs;

> > +
> > +               key->ip.proto = ipv6_find_hdr(skb, &offset, -1, NULL, NULL);

Then we only find the last header from previous parsed offset.

William

> > +       } else {
> > +               key->ip.proto = nexthdr;
> > +       }
> parsing ipv6 ipv6_skip_exthdr() is called to find fragment hdr and
> then this patch calls ipv6_find_hdr() to find next protocol. I think
> we could call ipv6_find_hdr() to get fragment type and next hdr, that
> would save parsing same packet twice in some cases.
>
> Other option would be calling ipv6_find_hdr() after setting OVS_FRAG_TYPE_LATER.
Yi-Hung Wei Aug. 13, 2018, 7:47 p.m. | #3
On Mon, Aug 13, 2018 at 10:48 AM William Tu <u9012063@gmail.com> wrote:
> > > --- a/net/openvswitch/flow.c
> > > +++ b/net/openvswitch/flow.c
> > > @@ -297,7 +297,13 @@ static int parse_ipv6hdr(struct sk_buff *skb, struct sw_flow_key *key)
> > >
> > >         nh_len = payload_ofs - nh_ofs;
> > >         skb_set_transport_header(skb, nh_ofs + nh_len);
> > > -       key->ip.proto = nexthdr;
> > > +       if (key->ip.frag == OVS_FRAG_TYPE_LATER) {
> > > +               unsigned int offset = 0;
>
> How about we start the 2nd time parsing from
> unsigned int offset = payload_ofs;
>
> > > +
> > > +               key->ip.proto = ipv6_find_hdr(skb, &offset, -1, NULL, NULL);
>
> Then we only find the last header from previous parsed offset.
>
> William
>
> > > +       } else {
> > > +               key->ip.proto = nexthdr;
> > > +       }
> > parsing ipv6 ipv6_skip_exthdr() is called to find fragment hdr and
> > then this patch calls ipv6_find_hdr() to find next protocol. I think
> > we could call ipv6_find_hdr() to get fragment type and next hdr, that
> > would save parsing same packet twice in some cases.
> >
> > Other option would be calling ipv6_find_hdr() after setting OVS_FRAG_TYPE_LATER.

Thanks Pravin and William's feedback.

After looking into ipv6_find_hdr() more closely, I think we can just
call ipv6_find_hdr() once and derive everything we need.

I will submit the new patch once net-next is open.

Thanks,

-Yi-Hung

Patch

diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 56b8e7167790..3d654c4f71be 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -297,7 +297,13 @@  static int parse_ipv6hdr(struct sk_buff *skb, struct sw_flow_key *key)
 
 	nh_len = payload_ofs - nh_ofs;
 	skb_set_transport_header(skb, nh_ofs + nh_len);
-	key->ip.proto = nexthdr;
+	if (key->ip.frag == OVS_FRAG_TYPE_LATER) {
+		unsigned int offset = 0;
+
+		key->ip.proto = ipv6_find_hdr(skb, &offset, -1, NULL, NULL);
+	} else {
+		key->ip.proto = nexthdr;
+	}
 	return nh_len;
 }