Hi Srini,
I think you are fixing this in the wrong place. Putting nw_proto=0
does not cause an infinite loop. Where is the loop happening? Can
you provide more detailed NOX output so that we can even start looking
at this.
Regards
KK
On 13 January 2011 11:02, Srini Seetharaman <seeth...@stanford.edu> wrote:
> We don't know who sent it, but it came from outside our network. If it
> is easy to take down a network by just sending 1 invalid packet, I'd
> be worried!
>
> On Thu, Jan 13, 2011 at 10:59 AM, kk yap <yap...@stanford.edu> wrote:
>> Hi Srini,
>>
>> What is this packet? The length of TCP is zero?!?! I wish to
>> understand the circumstance for which we are getting the packet before
>> commenting on the right way to handle this.
>>
>> Regards
>> KK
>>
>>
>> On 13 January 2011 10:38, Srini Seetharaman <seeth...@stanford.edu> wrote:
>>> When someone sends the attached packet to a switch, it generates an
>>> infinite loop of packet_ins in our production network. This is because
>>> this incoming tcp packet has nw_proto=6 and tcp port numbers of "0",
>>> but outgoing flow_mod has nw_proto of "0" and tcp port numbers of "0".
>>> So, the packet_out generates a new packet_in and this loop continues
>>> forever.
>>>
>>> I see the following code in src/lib/flow.cc (both in NOX-Zaku and
>>> SNAC). I believe this is what is causing the nw_proto to be "0" in the
>>> flow_mod. I'm not sure who wrote that piece of code. This is not
>>> handling corrupted packets well and rejecting this packet as a invalid
>>> TCP packet. Does anyone see problems with removing the "else" clause?
>>>
>>> if (nw_proto == ip_::proto::TCP) {
>>> const tcp_header *tcp = pull_tcp(b);
>>> if (tcp) {
>>> tp_src = tcp->tcp_src;
>>> tp_dst = tcp->tcp_dst;
>>> } else {
>>> /* Avoid tricking other code into thinking that
>>> * this packet has an L4 header. */
>>> nw_proto = 0;
>>> }
>>> }
>>>
>>> FYI, pull_tcp is defined as below:
>>> static const tcp_header * pull_tcp(Buffer& b)
>>> {
>>> if (const tcp_header *tcp = b.try_at<tcp_header>(0)) {
>>> int tcp_len = TCP_OFFSET(tcp->tcp_ctl) * 4;
>>> if (tcp_len >= sizeof *tcp) {
>>> return reinterpret_cast<const
>>> tcp_header*>(b.try_pull(tcp_len));
>>> }
>>> }
>>> return 0;
>>> }
>>>
>>> _______________________________________________
>>> nox-dev mailing list
>>> nox-dev@noxrepo.org
>>> http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
>>>
>>>
>>
>
_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
