When someone sends the attached packet to a switch, it generates an infinite loop of packet_ins in our production network. This is because this incoming tcp packet has nw_proto=6 and tcp port numbers of "0", but outgoing flow_mod has nw_proto of "0" and tcp port numbers of "0". So, the packet_out generates a new packet_in and this loop continues forever.
I see the following code in src/lib/flow.cc (both in NOX-Zaku and SNAC). I believe this is what is causing the nw_proto to be "0" in the flow_mod. I'm not sure who wrote that piece of code. This is not handling corrupted packets well and rejecting this packet as a invalid TCP packet. Does anyone see problems with removing the "else" clause? if (nw_proto == ip_::proto::TCP) { const tcp_header *tcp = pull_tcp(b); if (tcp) { tp_src = tcp->tcp_src; tp_dst = tcp->tcp_dst; } else { /* Avoid tricking other code into thinking that * this packet has an L4 header. */ nw_proto = 0; } } FYI, pull_tcp is defined as below: static const tcp_header * pull_tcp(Buffer& b) { if (const tcp_header *tcp = b.try_at<tcp_header>(0)) { int tcp_len = TCP_OFFSET(tcp->tcp_ctl) * 4; if (tcp_len >= sizeof *tcp) { return reinterpret_cast<const tcp_header*>(b.try_pull(tcp_len)); } } return 0; }
<<attachment: packet_with_bad_tcp_offset.PNG>>
_______________________________________________ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org