2014-04-01 15:25:50

by Wei Zhang

Subject: Re: [PATCH] openvswitch: supply a dummy err_handler of gre_cisco_protocol to prevent kernel crash

At 2014-04-01 08:49:53,"Jesse Gross" <[email protected]> wrote:
>On Sun, Mar 30, 2014 at 5:12 AM, wei zhang <[email protected]> wrote:
>> At 2014-03-29 06:02:25,"Jesse Gross" <[email protected]> wrote:

>> Maybe I misunderstand something? I think if we discard all packet pass to us
>> when we use gre vport, new gre_cisco_protocol which has lower priority could
>> not see the packet intended to it.
>
>That's true but in this case it would also not see any data packets,
>so I don't think that situation would work well anyways.
>
>> I checked the implementation of the ipgre_err(), which has be called before
>> the err_handler of gre vport. It use the the (local address, remote address, key)
>> to distinguish the packet which is realy intended to it, although it could not
>> always get the key from the icmp packet. Should we do as the same as it?
>> I'm not sure this is feasible, any advice is appreciate.
>
>OVS does flow based matching rather than using a static set of
>configuration parameters, so everything "matches" in some way
>(although the result might be to drop). 

So the flow based match could dynamically determine by the ovs daemon, we could
not find out the belonging of the packet as far as we call ovs_dp_upcall(), isn't it?

>This generally means that OVS
>is the receiver of last resort and nothing currently has a lower
>priority. 

Thanks for your kind help, this clarify my misunderstanding!

>That actually means the difference between the patches is
>somewhat academic but it seems more robust for the logic to be
>consistent.

Regards,
Wei Zhang 

????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?

2014-04-01 18:35:45

by Jesse Gross

Subject: Re: [PATCH] openvswitch: supply a dummy err_handler of gre_cisco_protocol to prevent kernel crash

On Tue, Apr 1, 2014 at 8:24 AM, wei zhang <[email protected]> wrote:
> At 2014-04-01 08:49:53,"Jesse Gross" <[email protected]> wrote:
>>On Sun, Mar 30, 2014 at 5:12 AM, wei zhang <[email protected]> wrote:
>>> At 2014-03-29 06:02:25,"Jesse Gross" <[email protected]> wrote:
>
>>> Maybe I misunderstand something? I think if we discard all packet pass to us
>>> when we use gre vport, new gre_cisco_protocol which has lower priority could
>>> not see the packet intended to it.
>>
>>That's true but in this case it would also not see any data packets,
>>so I don't think that situation would work well anyways.
>>
>>> I checked the implementation of the ipgre_err(), which has be called before
>>> the err_handler of gre vport. It use the the (local address, remote address, key)
>>> to distinguish the packet which is realy intended to it, although it could not
>>> always get the key from the icmp packet. Should we do as the same as it?
>>> I'm not sure this is feasible, any advice is appreciate.
>>
>>OVS does flow based matching rather than using a static set of
>>configuration parameters, so everything "matches" in some way
>>(although the result might be to drop).
>
> So the flow based match could dynamically determine by the ovs daemon, we could
> not find out the belonging of the packet as far as we call ovs_dp_upcall(), isn't it?

That's right - and since the OVS flow table always has a default
behavior (even if it is drop or send to controller) there's never a
packet that isn't considered to be destined to OVS once it is
received.

If this makes sense to you, would you mind submitting the patch you
had earlier formally with a commit message and signed off by line?

2014-04-02 00:38:57

by Wei Zhang

Subject: Re: [PATCH] openvswitch: supply a dummy err_handler of gre_cisco_protocol to prevent kernel crash

At 2014-04-02 02:27:56,"Jesse Gross" <[email protected]> wrote:
>On Tue, Apr 1, 2014 at 8:24 AM, wei zhang <[email protected]> wrote:
>> At 2014-04-01 08:49:53,"Jesse Gross" <[email protected]> wrote:
>>>On Sun, Mar 30, 2014 at 5:12 AM, wei zhang <[email protected]> wrote:
>>>> At 2014-03-29 06:02:25,"Jesse Gross" <[email protected]> wrote:
>>
>>>> Maybe I misunderstand something? I think if we discard all packet pass to us
>>>> when we use gre vport, new gre_cisco_protocol which has lower priority could
>>>> not see the packet intended to it.
>>>
>>>That's true but in this case it would also not see any data packets,
>>>so I don't think that situation would work well anyways.
>>>
>>>> I checked the implementation of the ipgre_err(), which has be called before
>>>> the err_handler of gre vport. It use the the (local address, remote address, key)
>>>> to distinguish the packet which is realy intended to it, although it could not
>>>> always get the key from the icmp packet. Should we do as the same as it?
>>>> I'm not sure this is feasible, any advice is appreciate.
>>>
>>>OVS does flow based matching rather than using a static set of
>>>configuration parameters, so everything "matches" in some way
>>>(although the result might be to drop).
>>
>> So the flow based match could dynamically determine by the ovs daemon, we could
>> not find out the belonging of the packet as far as we call ovs_dp_upcall(), isn't it?
>
>That's right - and since the OVS flow table always has a default
>behavior (even if it is drop or send to controller) there's never a
>packet that isn't considered to be destined to OVS once it is
>received.
>
>If this makes sense to you, would you mind submitting the patch you
>had earlier formally with a commit message and signed off by line?

Sure, thank you again as it's my first time to send patch to the kernel, your patient and kind
help give me confidence to do it :)

Regards,
Wei Zhang????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?