From patchwork Sun Nov 21 15:20:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cheng Li X-Patchwork-Id: 1557757 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HxvHl4sd4z9sf8 for ; Mon, 22 Nov 2021 02:21:07 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 4679E607AB; Sun, 21 Nov 2021 15:21:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pnEaTd2a56W9; Sun, 21 Nov 2021 15:21:04 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 6EA7460766; Sun, 21 Nov 2021 15:21:03 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 45C4AC002E; Sun, 21 Nov 2021 15:21:03 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 488D4C0012 for ; Sun, 21 Nov 2021 15:21:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 2B73780F17 for ; Sun, 21 Nov 2021 15:21:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2HX3gp_zS6Z6 for ; Sun, 21 Nov 2021 15:21:01 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from chinatelecom.cn (prt-mail.chinatelecom.cn [42.123.76.223]) by smtp1.osuosl.org (Postfix) with ESMTP id C089E80F10 for ; Sun, 21 Nov 2021 15:20:58 +0000 (UTC) HMM_SOURCE_IP: 172.18.0.188:40096.1722778111 HMM_ATTACHE_NUM: 0000 HMM_SOURCE_TYPE: SMTP Received: from clientip-171.217.49.168 (unknown [172.18.0.188]) by chinatelecom.cn (HERMES) with SMTP id 1ADD92800C5 for ; Sun, 21 Nov 2021 23:20:52 +0800 (CST) X-189-SAVE-TO-SEND: lic121@chinatelecom.cn Received: from ([172.18.0.188]) by app0023 with ESMTP id 9037342def314f8da7f4e22957414289 for dev@openvswitch.org; Sun, 21 Nov 2021 23:20:56 CST X-Transaction-ID: 9037342def314f8da7f4e22957414289 X-Real-From: lic121@chinatelecom.cn X-Receive-IP: 172.18.0.188 X-MEDUSA-Status: 0 Date: Sun, 21 Nov 2021 23:20:55 +0800 From: lic121 To: "dev@openvswitch.org" X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.2.19.158[cn] Mime-Version: 1.0 Message-ID: <2021112123205523936749@chinatelecom.cn> X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [ovs-dev] [PATCH v4 1/3] upcall: prevent from installing flows when inconsistence X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" In ovs kernel datapath upcall, the *key* and packet are passed to userspace. The key contains the fields/meta extracted from packet. Once the ovs-vswitchd receives the upcall, the packet is extracted again into *flow*. Next, the flow is used to match openflow rules to generate the wildcard(wc). At last, vswitchd installs a mega_flow in datapath(mega_flow = key/wc,action) We can see that vswitchd generate wc from flow while it installs dp flow with key. If the key is not consistent with the flow [1], we get bad mega_flow. Let's assume we have the flowing rules, means to block tcp port 0-0xf, but allow other ports. "table=0,priority=100,tcp,tp_dst=0x0/0xfff0 actions=drop" "table=0,priority=90,tcp actions=p1" good case: If a packet has tcp dst=0x10, generated `mega_flow=0x10/0xfff0,out:p1`, this is expected. bad case: If a packet has tcp dst=0x10 but not pass tcphdr_ok [1], generated wc and action are `0xfff0,out:p1`. The mega_flow will be `0x0/0xfff0,out:p1`, bacause mega_flow=key/wc,action. This allows packets with tcp port 0-0xf pass by mistake. The following scapy3 script triggers the issue: ```py eth=Ether(src="fa:16:3e:5e:e3:57",dst="be:95:df:40:fb:57") ip=IP(src="10.10.10.10",dst="20.20.20.20") tcp=TCP(sport=100,dport=16,dataofs=1) sendp(eth/ip/tcp) ``` This patch is to prevent from installing datapath flow if the key is not consistant with the flow. [1] https://github.com/openvswitch/ovs/blob/v2.16.1/datapath/flow.c#L601 Signed-off-by: lic121 --- ofproto/ofproto-dpif-upcall.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c index 1c9c720..81f297d 100644 --- a/ofproto/ofproto-dpif-upcall.c +++ b/ofproto/ofproto-dpif-upcall.c @@ -244,6 +244,7 @@ struct upcall { size_t key_len; /* Datapath flow key length. */ const struct nlattr *out_tun_key; /* Datapath output tunnel key. */ + const struct flow *key_as_flow; /* converted from key. */ struct user_action_cookie cookie; uint64_t odp_actions_stub[1024 / 8]; /* Stub for odp_actions. */ @@ -810,6 +811,7 @@ recv_upcalls(struct handler *handler) struct dpif_upcall dupcalls[UPCALL_MAX_BATCH]; struct upcall upcalls[UPCALL_MAX_BATCH]; struct flow flows[UPCALL_MAX_BATCH]; + struct flow key_as_flows[UPCALL_MAX_BATCH]; size_t n_upcalls, i; n_upcalls = 0; @@ -818,6 +820,7 @@ recv_upcalls(struct handler *handler) struct dpif_upcall *dupcall = &dupcalls[n_upcalls]; struct upcall *upcall = &upcalls[n_upcalls]; struct flow *flow = &flows[n_upcalls]; + struct flow *key_as_flow = &key_as_flows[n_upcalls]; unsigned int mru = 0; uint64_t hash = 0; int error; @@ -830,7 +833,7 @@ recv_upcalls(struct handler *handler) } upcall->fitness = odp_flow_key_to_flow(dupcall->key, dupcall->key_len, - flow, NULL); + key_as_flow, NULL); if (upcall->fitness == ODP_FIT_ERROR) { goto free_dupcall; } @@ -843,6 +846,9 @@ recv_upcalls(struct handler *handler) hash = nl_attr_get_u64(dupcall->hash); } + /* Fill flow with key_as_flow as upcall_receive needs + * packet flow info. */ + *flow = *key_as_flow; error = upcall_receive(upcall, udpif->backer, &dupcall->packet, dupcall->type, dupcall->userdata, flow, mru, &dupcall->ufid, PMD_ID_NULL); @@ -856,20 +862,21 @@ recv_upcalls(struct handler *handler) dupcall->key_len, NULL, 0, NULL, 0, &dupcall->ufid, PMD_ID_NULL, NULL); VLOG_INFO_RL(&rl, "received packet on unassociated datapath " - "port %"PRIu32, flow->in_port.odp_port); + "port %"PRIu32, key_as_flow->in_port.odp_port); } goto free_dupcall; } upcall->key = dupcall->key; upcall->key_len = dupcall->key_len; + upcall->key_as_flow = key_as_flow; upcall->ufid = &dupcall->ufid; upcall->hash = hash; upcall->out_tun_key = dupcall->out_tun_key; upcall->actions = dupcall->actions; - pkt_metadata_from_flow(&dupcall->packet.md, flow); + pkt_metadata_from_flow(&dupcall->packet.md, key_as_flow); flow_extract(&dupcall->packet, flow); error = process_upcall(udpif, upcall, @@ -1332,6 +1339,19 @@ should_install_flow(struct udpif *udpif, struct upcall *upcall) return false; } + /* For linux kernel datapath, the "key" extracted by kernel may be + * inconsistent with the flow extracted from packet by ovs. If that + * is the case, twe can't install the datapth flow (key/wc) */ + if (upcall->key_len && !flow_equal_except(upcall->key_as_flow, + upcall->flow, &upcall->wc)) { + VLOG_INFO_RL(&rl, "upcall: inconsistent on datapath key and " + "vswitchd extracted key. Datapath flow will not be " + "installed\n" + "datapath key: %s \nvswitchd extracted key: %s", + flow_to_string(upcall->key_as_flow, NULL), + flow_to_string(upcall->flow, NULL)); + return false; + } return true; } From patchwork Sun Nov 21 15:21:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cheng Li X-Patchwork-Id: 1557758 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HxvJc1QrXz9sf8 for ; Mon, 22 Nov 2021 02:21:52 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id B57576079C; Sun, 21 Nov 2021 15:21:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2s2ZqVIhSuu; Sun, 21 Nov 2021 15:21:49 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 2063260614; Sun, 21 Nov 2021 15:21:48 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id EC103C002E; Sun, 21 Nov 2021 15:21:47 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C9767C0012 for ; Sun, 21 Nov 2021 15:21:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id A63194017A for ; Sun, 21 Nov 2021 15:21:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id watkvqVZ06Ji for ; Sun, 21 Nov 2021 15:21:45 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from chinatelecom.cn (prt-mail.chinatelecom.cn [42.123.76.226]) by smtp2.osuosl.org (Postfix) with ESMTP id D563640010 for ; Sun, 21 Nov 2021 15:21:43 +0000 (UTC) HMM_SOURCE_IP: 172.18.0.218:39682.1100601190 HMM_ATTACHE_NUM: 0000 HMM_SOURCE_TYPE: SMTP Received: from clientip-171.217.49.168 (unknown [172.18.0.218]) by chinatelecom.cn (HERMES) with SMTP id 1C0EF28009D for ; Sun, 21 Nov 2021 23:21:28 +0800 (CST) X-189-SAVE-TO-SEND: lic121@chinatelecom.cn Received: from ([172.18.0.218]) by app0025 with ESMTP id 8e7f24311c17440086bf608ec9adf0f0 for dev@openvswitch.org; Sun, 21 Nov 2021 23:21:32 CST X-Transaction-ID: 8e7f24311c17440086bf608ec9adf0f0 X-Real-From: lic121@chinatelecom.cn X-Receive-IP: 172.18.0.218 X-MEDUSA-Status: 0 Date: Sun, 21 Nov 2021 23:21:31 +0800 From: lic121 To: "dev@openvswitch.org" X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.2.19.158[cn] Mime-Version: 1.0 Message-ID: <2021112123213125691050@chinatelecom.cn> X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [ovs-dev] [PATCH v4 2/3] tests: fix packet data endianness X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Without this fix, flowgen.py generates bad tcp pkts. tcpdump reports "bad hdr length 4 - too short" with the pcap generated by flowgen.py This patch is to correct pkt data endianness Signed-off-by: lic121 --- tests/flowgen.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/flowgen.py b/tests/flowgen.py index 7ef32d1..9823167 100755 --- a/tests/flowgen.py +++ b/tests/flowgen.py @@ -135,7 +135,7 @@ def output(attrs): 12893) # urgent pointer if attrs['TP_PROTO'] == 'TCP+options': tcp = (tcp[:12] - + struct.pack('H', (6 << 12) | 0x02 | 0x10) + + struct.pack('>H', (6 << 12) | 0x02 | 0x10) + tcp[14:]) tcp += struct.pack('>BBH', 2, 4, 1975) # MSS option tcp += b'payload' From patchwork Sun Nov 21 15:21:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cheng Li X-Patchwork-Id: 1557759 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HxvJf3CSXz9sf8 for ; Mon, 22 Nov 2021 02:21:54 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 5356F4045E; Sun, 21 Nov 2021 15:21:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8iX8T9qm62YE; Sun, 21 Nov 2021 15:21:51 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 6755D4041D; Sun, 21 Nov 2021 15:21:50 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id AFA50C0033; Sun, 21 Nov 2021 15:21:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id C3CE7C0012 for ; Sun, 21 Nov 2021 15:21:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id B369F80F10 for ; Sun, 21 Nov 2021 15:21:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vikR-zv1Mxg for ; Sun, 21 Nov 2021 15:21:47 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from chinatelecom.cn (prt-mail.chinatelecom.cn [42.123.76.227]) by smtp1.osuosl.org (Postfix) with ESMTP id A9C3580F02 for ; Sun, 21 Nov 2021 15:21:44 +0000 (UTC) HMM_SOURCE_IP: 172.18.0.188:56548.1430292516 HMM_ATTACHE_NUM: 0000 HMM_SOURCE_TYPE: SMTP Received: from clientip-171.217.49.168 (unknown [172.18.0.188]) by chinatelecom.cn (HERMES) with SMTP id 9F0B4280098 for ; Sun, 21 Nov 2021 23:21:34 +0800 (CST) X-189-SAVE-TO-SEND: lic121@chinatelecom.cn Received: from ([172.18.0.188]) by app0023 with ESMTP id f82aff57fa11480fb771ed5bb890ccf5 for dev@openvswitch.org; Sun, 21 Nov 2021 23:21:39 CST X-Transaction-ID: f82aff57fa11480fb771ed5bb890ccf5 X-Real-From: lic121@chinatelecom.cn X-Receive-IP: 172.18.0.188 X-MEDUSA-Status: 0 Date: Sun, 21 Nov 2021 23:21:38 +0800 From: lic121 To: "dev@openvswitch.org" X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.2.19.158[cn] Mime-Version: 1.0 Message-ID: <2021112123213784785551@chinatelecom.cn> X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [ovs-dev] [PATCH v4 3/3] upcall: considering dataofs when parsing tcp pkt X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" dataofs field of tcp header indicates the tcp header len. The len should be >= 20 bytes/4 and be <= tcp data len. This patch is to test dataofs, and don't parse layer 4 fields when meet bad dataofs. This behave is consistent with openvswitch kenrel module. Signed-off-by: lic121 --- lib/flow.c | 20 ++++++++++++-------- tests/ofproto-dpif.at | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 8 deletions(-) diff --git a/lib/flow.c b/lib/flow.c index 89837de..a021bc0 100644 --- a/lib/flow.c +++ b/lib/flow.c @@ -1006,14 +1006,18 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) if (OVS_LIKELY(nw_proto == IPPROTO_TCP)) { if (OVS_LIKELY(size >= TCP_HEADER_LEN)) { const struct tcp_header *tcp = data; - - miniflow_push_be32(mf, arp_tha.ea[2], 0); - miniflow_push_be32(mf, tcp_flags, - TCP_FLAGS_BE32(tcp->tcp_ctl)); - miniflow_push_be16(mf, tp_src, tcp->tcp_src); - miniflow_push_be16(mf, tp_dst, tcp->tcp_dst); - miniflow_push_be16(mf, ct_tp_src, ct_tp_src); - miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst); + size_t tcp_hdr_len = TCP_OFFSET(tcp->tcp_ctl) * 4; + + if (OVS_LIKELY(tcp_hdr_len >= TCP_HEADER_LEN) + && OVS_LIKELY(size >= tcp_hdr_len)) { + miniflow_push_be32(mf, arp_tha.ea[2], 0); + miniflow_push_be32(mf, tcp_flags, + TCP_FLAGS_BE32(tcp->tcp_ctl)); + miniflow_push_be16(mf, tp_src, tcp->tcp_src); + miniflow_push_be16(mf, tp_dst, tcp->tcp_dst); + miniflow_push_be16(mf, ct_tp_src, ct_tp_src); + miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst); + } } } else if (OVS_LIKELY(nw_proto == IPPROTO_UDP)) { if (OVS_LIKELY(size >= UDP_HEADER_LEN)) { diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at index 31fb163..637bc89 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at @@ -4862,6 +4862,56 @@ recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,fr OVS_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([ofproto-dpif - malformed packets handling - upcall]) +OVS_VSWITCHD_START +add_of_ports br0 1 90 + +dnl drop packet has tcp port 0-f but allow other tcp packets +AT_DATA([flows.txt], [dnl +priority=75 tcp tp_dst=0/0xfff0 actions=drop +priority=50 tcp actions=output:1 +]) +AT_CHECK([ovs-ofctl replace-flows br0 flows.txt]) + +dnl good tcp pkt, tcp(sport=100,dpor=16) +pkt1="be95df40fb57fa163e5ee3570800450000280001000040063e940a0a0a0a141414140064001000000000000000005002200053330000" + +dnl malformed tcp pkt(tcp_hdr < 20 byte), tcp(sport=100,dport=16,dataofs=1) +pkt2="be95df40fb57fa163e5ee3570800450000280001000040063e940a0a0a0a141414140064001000000000000000001002200093330000" + +dnl malformed tcp pkt(tcp_hdr > pkt_len), tcp(sport=100,dport=16,dataofs=15) +pkt3="be95df40fb57fa163e5ee3570800450000280001000040063e940a0a0a0a14141414006400100000000000000000f002200093330000" + +AT_CHECK([ovs-appctl vlog/set dpif:dbg dpif_netdev:dbg]) + +mode=normal + +AT_CHECK([ovs-appctl netdev-dummy/receive p90 "$pkt1"], [0], [stdout]) +dnl for good tcp pkt, ovs can extract the tp_dst=16 +AT_CHECK([ovs-appctl dpctl/dump-flows filter=in_port\(90\),tcp], [0], [dnl +flow-dump from the main thread: +recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,frag=no),tcp(dst=16/0xfff0), packets:0, bytes:0, used:never, actions:1 +]) + +AT_CHECK([ovs-appctl revalidator/purge], [0], [stdout]) +AT_CHECK([ovs-appctl netdev-dummy/receive p90 "$pkt2"], [0], [stdout]) +dnl for malformed tcp pkt(tcp_hdr < 20 byte), ovs uses default value tp_dst=0 +AT_CHECK([ovs-appctl dpctl/dump-flows filter=in_port\(90\),tcp], [0], [dnl +flow-dump from the main thread: +recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,frag=no),tcp(dst=0/0xfff0), packets:0, bytes:0, used:never, actions:drop +]) + +AT_CHECK([ovs-appctl revalidator/purge], [0], [stdout]) +AT_CHECK([ovs-appctl netdev-dummy/receive p90 "$pkt3"], [0], [stdout]) +dnl for malformed tcp pkt(tcp_hdr > pkt_len), ovs uses default value tp_dst=0 +AT_CHECK([ovs-appctl dpctl/dump-flows filter=in_port\(90\),tcp], [0], [dnl +flow-dump from the main thread: +recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,frag=no),tcp(dst=0/0xfff0), packets:0, bytes:0, used:never, actions:drop +]) + +OVS_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([ofproto-dpif - exit]) OVS_VSWITCHD_START add_of_ports br0 1 2 3 10 11 12 13 14