No description
Find a file
Rosemarie O'Riorden a188b65e43 net: openvswitch: fix parsing of nw_proto for IPv6 fragments
commit 12378a5a75 upstream.

When a packet enters the OVS datapath and does not match any existing
flows installed in the kernel flow cache, the packet will be sent to
userspace to be parsed, and a new flow will be created. The kernel and
OVS rely on each other to parse packet fields in the same way so that
packets will be handled properly.

As per the design document linked below, OVS expects all later IPv6
fragments to have nw_proto=44 in the flow key, so they can be correctly
matched on OpenFlow rules. OpenFlow controllers create pipelines based
on this design.

This behavior was changed by the commit in the Fixes tag so that
nw_proto equals the next_header field of the last extension header.
However, there is no counterpart for this change in OVS userspace,
meaning that this field is parsed differently between OVS and the
kernel. This is a problem because OVS creates actions based on what is
parsed in userspace, but the kernel-provided flow key is used as a match
criteria, as described in Documentation/networking/openvswitch.rst. This
leads to issues such as packets incorrectly matching on a flow and thus
the wrong list of actions being applied to the packet. Such changes in
packet parsing cannot be implemented without breaking the userspace.

The offending commit is partially reverted to restore the expected
behavior.

The change technically made sense and there is a good reason that it was
implemented, but it does not comply with the original design of OVS.
If in the future someone wants to implement such a change, then it must
be user-configurable and disabled by default to preserve backwards
compatibility with existing OVS versions.

Cc: stable@vger.kernel.org
Fixes: fa642f0883 ("openvswitch: Derive IP protocol number for IPv6 later frags")
Link: https://docs.openvswitch.org/en/latest/topics/design/#fragments
Signed-off-by: Rosemarie O'Riorden <roriorden@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Link: https://lore.kernel.org/r/20220621204845.9721-1-roriorden@redhat.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-19 17:50:38 +08:00
arch arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer 2023-04-19 17:50:37 +08:00
block block: Fix handling of offline queues in blk_mq_alloc_request_hctx() 2023-04-19 17:50:34 +08:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2023-04-19 17:50:34 +08:00
crypto crypto: memneq - move into lib/ 2023-04-19 17:50:35 +08:00
Documentation x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data 2023-04-19 17:50:28 +08:00
drivers random: quiet urandom warning ratelimit suppression message 2023-04-19 17:50:38 +08:00
fs zonefs: fix zonefs_iomap_begin() for reads 2023-04-19 17:50:37 +08:00
include random: quiet urandom warning ratelimit suppression message 2023-04-19 17:50:38 +08:00
init Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug 2023-04-19 17:50:04 +08:00
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() 2023-04-19 17:49:52 +08:00
kernel bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs 2023-04-19 17:50:37 +08:00
lib crypto: memneq - move into lib/ 2023-04-19 17:50:35 +08:00
LICENSES
mm init: Initialize noop_backing_dev_info early 2023-04-19 17:50:34 +08:00
net net: openvswitch: fix parsing of nw_proto for IPv6 fragments 2023-04-19 17:50:38 +08:00
samples samples/landlock: Format with clang-format 2023-04-19 17:50:01 +08:00
scripts faddr2line: Fix overlapping text section failures, the sequel 2023-04-19 17:50:34 +08:00
security KEYS: trusted: tpm2: Fix migratable logic 2023-04-19 17:50:26 +08:00
sound ALSA: hda/realtek: Add quirk for Clevo NS50PU 2023-04-19 17:50:38 +08:00
tools selftests/bpf: Add selftest for calling global functions from freplace 2023-04-19 17:50:37 +08:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2023-04-19 17:44:58 +08:00
virt KVM: avoid NULL pointer dereference in kvm_dirty_ring_push 2023-04-19 17:47:52 +08:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap mailmap: add Andrej Shadura 2021-10-18 20:22:03 -10:00
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: add git tree for random.c 2023-04-19 17:49:03 +08:00
Makefile Linux 5.15.50 2023-04-19 17:50:37 +08:00
README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.