lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 8 Dec 2015 16:22:01 -0800
From:	Joe Stringer <joe@....org>
To:	Or Gerlitz <gerlitz.or@...il.com>
Cc:	Jesse Gross <jesse@...nel.org>, Or Gerlitz <ogerlitz@...lanox.com>,
	Haggai Eran <haggaie@...lanox.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Ilya Lesokhin <ilyal@...lanox.com>,
	Rony Efraim <ronye@...lanox.com>,
	Hadar Hen Zion <hadarh@...lanox.com>,
	Tal Anker <Ankertal@...lanox.com>,
	Jarno Rajahalme <jarno@....org>
Subject: Re: OVS VXLAN decap rule has full match on TTL for the outer headers?

On 8 December 2015 at 13:23, Or Gerlitz <gerlitz.or@...il.com> wrote:
> On Tue, Dec 8, 2015 at 9:20 PM, Joe Stringer <joe@....org> wrote:
>> On 2 December 2015 at 10:01, Joe Stringer <joe@....org> wrote:
>>> On 29 November 2015 at 05:37, Or Gerlitz <gerlitz.or@...il.com> wrote:
>>>> On Thu, Nov 19, 2015 at 5:40 PM, Or Gerlitz <gerlitz.or@...il.com> wrote:
>>>>> On Sat, Nov 14, 2015 at 8:45 AM, Joe Stringer <joestringer@...ira.com> wrote:
>>>>>> On 13 November 2015 at 06:46, Or Gerlitz <gerlitz.or@...il.com> wrote:
>>>>>>> On Fri, Nov 13, 2015 at 10:14 AM, Joe Stringer <joestringer@...ira.com> wrote:
>>>>>
>>>>>>>> I agree that this UNSPEC issue on v2.3 could do with a bit of a closer
>>>>>>>> look. I'll see if I can find some time for it. Alternatively if you're
>>>>>>>> willing and have bandwith, I'd be curious if it's related to the
>>>>>>>> masked set field feature introduced in Linux-4.0.
>>>>>
>>>>>>> so what would you suggest here? run with 3.19 or earlier?
>>>>>
>>>>>> On second thought, I think if it were related to that then userspace
>>>>>> v2.4 would not exhibit the problem. I'd have to dig in to see why it
>>>>>> occurs.
>>>>>
>>>>> Any findings?
>>>>
>>>> Hi Joe/Jesse,
>>>>
>>>> Apart from Haggai's note on the TTL, I am pinging you here for the 2nd
>>>> time... can you please let me know how
>>>> this goes on your end?
>
>>> Apologies for the delayed response, we haven't found anything
>>> interesting yet although we've mostly looked at plain set-field
>>> actions with a combination of kernel/userspace versions. I plan to
>>> carve out some time later this week to take another look.
>
>> (resending due to teething issues with new email and plain-text, sorry
>> for the spam)
>
>> As far as the mask, I briefly discussed this with Jarno and it seems
>> like it could be something as simple as zeroing the ip_ttl mask in
>> tnl_wc_init().
>
> to make sure I follow, will that have the consequence that we (user +
> kernel) will practically not be testing the ttl for these flows?

Yes, it would cause userspace to 'wildcard' the field so the kernel
flows that are installed will ignore it during lookup.

>> As far as the UNSPEC issue, I couldn't reproduce it. Are you sure that
>> there weren't multiple versions of OVS installed, and while the OVS
>> running was v2.3, your ovs-dpctl was an older version? I was running
>> latest OVS branch-2.3 (c2e761f5b152).
>
> OK, for the sake of double checking, I will do over-all cleanup and
> re-check, but will be able to do that only next week.

Thanks,
Joe
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ