[Kernel-packages] [Bug 1946393] [NEW] Fix byte count on fragmented packets in tc ct action

[Bodong Wang]

Public bug reported:

* Explain the bug
 
First fragmented packets (frag offset = 0) byte len is zeroed 
when stolen by ip_defrag(). And since act_ct update the stats
only afterwards (at end of execute), bytes aren't correctly
accounted for such packets. 
 
* How to test
 
Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices)
Enable HW offload and configure connection tracking OpenFlow rules as below
e.g:
    ovs-ofctl del-flows br-ovs
    ovs-ofctl add-flow br-ovs arp,actions=normal
    ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"

Run fragmented icmp ping traffic (e.g ping -s 2000)

dump ovs rules (ovs-appctl dpctl/dump-flows), observe byte count on frag=first 
rule:
ct_state(-trk),recirc_id(0),in_port(2),eth_type(0x0800),ipv4(proto=1,frag=first),
 packets:10, bytes:13960, used:1.370s, actions:ct(zone=1),recirc(0x1)

bytes would be zero if bug occurs.

* What it could break.
 
NA

** Affects: linux-bluefield (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1946393

Title:
  Fix byte count on fragmented packets in tc ct action

Status in linux-bluefield package in Ubuntu:
  New

Bug description:
  * Explain the bug
   
  First fragmented packets (frag offset = 0) byte len is zeroed 
  when stolen by ip_defrag(). And since act_ct update the stats
  only afterwards (at end of execute), bytes aren't correctly
  accounted for such packets. 
   
  * How to test
   
  Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices)
  Enable HW offload and configure connection tracking OpenFlow rules as below
  e.g:
      ovs-ofctl del-flows br-ovs
      ovs-ofctl add-flow br-ovs arp,actions=normal
      ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"

  Run fragmented icmp ping traffic (e.g ping -s 2000)

  dump ovs rules (ovs-appctl dpctl/dump-flows), observe byte count on 
frag=first rule:
  
ct_state(-trk),recirc_id(0),in_port(2),eth_type(0x0800),ipv4(proto=1,frag=first),
 packets:10, bytes:13960, used:1.370s, actions:ct(zone=1),recirc(0x1)

  bytes would be zero if bug occurs.

  * What it could break.
   
  NA

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1946393/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp