From patchwork Tue Mar 12 10:02:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1910927 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=SVTtDcOs; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tv8NH2S71z23qn for ; Tue, 12 Mar 2024 21:03:11 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 397D34058A; Tue, 12 Mar 2024 10:03:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id seGKLeiYYIde; Tue, 12 Mar 2024 10:03:06 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org BD0134059A Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=SVTtDcOs Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id BD0134059A; Tue, 12 Mar 2024 10:03:06 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 65C0DC0077; Tue, 12 Mar 2024 10:03:06 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id EB5FAC0037 for ; Tue, 12 Mar 2024 10:03:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C9E86817F5 for ; Tue, 12 Mar 2024 10:03:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LNFjBihU8JG for ; Tue, 12 Mar 2024 10:03:04 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org CE7A1817AD Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CE7A1817AD Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=SVTtDcOs Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id CE7A1817AD for ; Tue, 12 Mar 2024 10:03:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710237782; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8wJzfujFZz4+VjC7OW5eKLGeHonPmXTnTSYgsNgzVUk=; b=SVTtDcOsUlfMDNFj7NE1GLoZAzcKPseRMvoid4O6KtKEsGKzVh42HLeLN0YPo06ATjUJVD FeNZF/6xgdoCWnFoGM+pkuy2evrrXwc1aRmUDmdnQ2l3RWc9Vv8b6LQfC4XV8TjiAQllB/ jLDGQYdyhdxFXzmGTQb60ToUaEIcEG4= Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-630-u48OZhqoPS63LIhby7q8Pw-1; Tue, 12 Mar 2024 06:03:01 -0400 X-MC-Unique: u48OZhqoPS63LIhby7q8Pw-1 Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2d2c8c1b76bso4078911fa.1 for ; Tue, 12 Mar 2024 03:03:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710237780; x=1710842580; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8wJzfujFZz4+VjC7OW5eKLGeHonPmXTnTSYgsNgzVUk=; b=lhPYI4xC4WOaHH50zvZqFWHvSgj0MCdtSQbGklOf/vC6Q1VPEWYpGPqgdduBcQSjP7 0jwDJSXTfoB9O6mvQWgG6WRPMMWnBLRILKlA+chyP9wGpd8IeEKqYC+0zreE9kcbjGnC JkAwi1iUKDNRqPLUuq8xNcvKJML90xSG5VGe84LZL/WmqEqpd+TZMaz21PivzM7XpAP8 +VouTuSSEIGdBtOJVdw5ZKLlxxRxqrtOC2Udd5rHrRUJNIb5X8loF/Q6WHBQXjJy2OLt ZZpOx2qbd5Tyttys4fOiAoBGDjsvrqBeJT+phG/mOx7Qa2fczUtA3PTw4d836m47Fyic 376A== X-Gm-Message-State: AOJu0YyUVeXdP7Yj+r65Ulcm1S+RyrK2mwWX1pNGf5S4zzBLkLyLtUpH Zdcw08+aHCirHfYDx0HE7KPf5tuMc4eJwWrx32pByeUfdJKm0f8EihY0SKsvZ2te+4InuLnUFxs J3HJGQIuOrNlkhq77c4UuueOSPM47n4NgNoWv4ecw5ujE2kz/XNjunAB0O2GGlSQEEUOEjurU6E OCE9w/KbPn3uzp0Zs/lPTMzL1/GAOHj7jSCScPk1U= X-Received: by 2002:a2e:a170:0:b0:2d4:4b6c:3312 with SMTP id u16-20020a2ea170000000b002d44b6c3312mr1490637ljl.2.1710237779744; Tue, 12 Mar 2024 03:02:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGfWCKRfliVkWEYAteH4stTuHr0/YOd1uXkQDi/bBVk+sZh1sxhMfQvojYQYIGJjpreQMSJIw== X-Received: by 2002:a2e:a170:0:b0:2d4:4b6c:3312 with SMTP id u16-20020a2ea170000000b002d44b6c3312mr1490613ljl.2.1710237779173; Tue, 12 Mar 2024 03:02:59 -0700 (PDT) Received: from localhost (net-93-66-118-90.cust.vodafonedsl.it. [93.66.118.90]) by smtp.gmail.com with ESMTPSA id l2-20020a05600c4f0200b00412a31d2e2asm12098414wmq.32.2024.03.12.03.02.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Mar 2024 03:02:58 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Tue, 12 Mar 2024 11:02:55 +0100 Message-ID: <20240312100255.498965-1-pvalerio@redhat.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH] conntrack: Do not use icmp reverse helper for icmpv6. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" In the flush tuple code path, while populating the conn_key, reverse_icmp_type() gets called for both icmp and icmpv6 cases, while, depending on the proto, its respective helper should be called, instead. The above leads to an abort: [...] 0x00007f3d461888ff in __GI_abort () at abort.c:79 0x000000000064eeb7 in reverse_icmp_type (type=128 '\200') at lib/conntrack.c:1795 0x0000000000650a63 in tuple_to_conn_key (tuple=0x7ffe0db5c620, zone=0, key=0x7ffe0db5c520) at lib/conntrack.c:2590 0x00000000006510f7 in conntrack_flush_tuple (ct=0x25715a0, tuple=0x7ffe0db5c620, zone=0) at lib/conntrack.c:2787 0x00000000004b5988 in dpif_netdev_ct_flush (dpif=0x25e4640, zone=0x7ffe0db5c6a4, tuple=0x7ffe0db5c620) at lib/dpif-netdev.c:9618 0x000000000049938a in ct_dpif_flush_tuple (dpif=0x25e4640, zone=0x0, match=0x7ffe0db5c7e0) at lib/ct-dpif.c:331 0x000000000049942a in ct_dpif_flush (dpif=0x25e4640, zone=0x0, match=0x7ffe0db5c7e0) at lib/ct-dpif.c:361 0x0000000000657b9a in dpctl_flush_conntrack (argc=2, argv=0x254ceb0, dpctl_p=0x7ffe0db5c8a0) at lib/dpctl.c:1797 0x000000000065af36 in dpctl_unixctl_handler (conn=0x25c48d0, argc=2, argv=0x254ceb0, [...] Fix it by calling reverse_icmp6_type() when needed. Furthermore, self tests have been modified in order to exercise and check this behavior. Fixes: 271e48a0e244 ("conntrack: Support conntrack flush by ct 5-tuple") Reported-at: https://issues.redhat.com/browse/FDP-447 Signed-off-by: Paolo Valerio --- lib/conntrack.c | 4 +++- tests/system-traffic.at | 10 +++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 5786424f6..a62f27d24 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2586,7 +2586,9 @@ tuple_to_conn_key(const struct ct_dpif_tuple *tuple, uint16_t zone, key->src.icmp_type = tuple->icmp_type; key->src.icmp_code = tuple->icmp_code; key->dst.icmp_id = tuple->icmp_id; - key->dst.icmp_type = reverse_icmp_type(tuple->icmp_type); + key->dst.icmp_type = (tuple->ip_proto == IPPROTO_ICMP) ? + reverse_icmp_type(tuple->icmp_type) : + reverse_icmp6_type(tuple->icmp_type); key->dst.icmp_code = tuple->icmp_code; } else { key->src.port = tuple->src_port; diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2d12d558e..87de0692a 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3103,7 +3103,10 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0) ]) -AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +AT_CHECK([ovs-appctl dpctl/flush-conntrack 'ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2']) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +]) dnl Pings from ns1->ns0 should fail. NS_CHECK_EXEC([at_ns1], [ping -q -c 3 -i 0.3 -w 2 10.1.1.1 | FORMAT_PING], [0], [dnl @@ -3244,6 +3247,11 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl icmpv6,orig=(src=fc00::1,dst=fc00::2,id=,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=,type=129,code=0) ]) +AT_CHECK([ovs-appctl dpctl/flush-conntrack 'ct_ipv6_src=fc00::1,ct_ipv6_dst=fc00::2']) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl +]) + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP