lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Mar 2019 10:40:46 -0700
From:   Gregory Rose <gvrose8192@...il.com>
To:     Pravin Shelar <pshelar@....org>,
        Numan Siddique <nusiddiq@...hat.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        ovs dev <dev@...nvswitch.org>, Ben Pfaff <blp@....org>
Subject: Re: [PATCH v2 net-next] net: openvswitch: Add a new action
 check_pkt_len



On 3/26/2019 9:31 AM, Pravin Shelar wrote:
> On Mon, Mar 25, 2019 at 5:44 PM <nusiddiq@...hat.com> wrote:
>> From: Numan Siddique <nusiddiq@...hat.com>
>>
>> This patch adds a new action - 'check_pkt_len' which checks the
>> packet length and executes a set of actions if the packet
>> length is greater than the specified length or executes
>> another set of actions if the packet length is lesser or equal to.
>>
>> This action takes below nlattrs
>>    * OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
>>
>>    * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER - Nested actions
>>      to apply if the packet length is greater than the specified 'pkt_len'
>>
>>    * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL - Nested
>>      actions to apply if the packet length is lesser or equal to the
>>      specified 'pkt_len'.
>>
>> The main use case for adding this action is to solve the packet
>> drops because of MTU mismatch in OVN virtual networking solution.
>> When a VM (which belongs to a logical switch of OVN) sends a packet
>> destined to go via the gateway router and if the nic which provides
>> external connectivity, has a lesser MTU, OVS drops the packet
>> if the packet length is greater than this MTU.
>>
>> With the help of this action, OVN will check the packet length
>> and if it is greater than the MTU size, it will generate an
>> ICMP packet (type 3, code 4) and includes the next hop mtu in it
>> so that the sender can fragment the packets.
>>
>> Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html
>> Suggested-by: Ben Pfaff <blp@....org>
>> Signed-off-by: Numan Siddique <nusiddiq@...hat.com>
>> CC: Gregory Rose <gvrose8192@...il.com>
>> CC: Pravin B Shelar <pshelar@....org>
>> ---
>> v1 -> v2
>> -----
>>     * Addressed the review comments.
>>       - Removed the vlan-tag length when checking the packet length
>>       - Reordered the netlink attributes
>>       - Changed the comments to use 'attribute' instead of 'action'
>>
>> Corresponding OVS patch (submitted as RFC for now)  which makes use of this action can be
>> found here - https://patchwork.ozlabs.org/patch/1059081/
>>
> Looks good to me.
> Acked-by: Pravin B Shelar <pshelar@....org>

Tested-by: Greg Rose <gvrose8192@...il.com>
Reviewed-by: Greg Rose <gvrose8192@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ