-
Ben Pfaff authored
In the OVS architecture, when a datapath doesn't have a match for a packet, it sends the packet and the flow that it extracted from it to userspace. Userspace then examines the packet and the flow and compares them. Commonly, the flow is the same as what userspace expects, given the packet, but there are two other possibilities: - The flow lacks one or more fields that userspace expects to be there, that is, the datapath doesn't understand or parse them but userspace does. This is, for example, what would happen if current OVS userspace, which understands and extracts TCP flags, were to be paired with an older OVS kernel module, which does not. Internally OVS uses the name ODP_FIT_TOO_LITTLE for this situation. - The flow includes fields that userspace does not know about, that is, the datapath understands and parses them but userspace does not. This is, for example, what would happen if an old OVS userspace that does not understand or extract TCP flags, were to be paired with a recent OVS kernel module that does. Internally, OVS uses the name ODP_FIT_TOO_MUCH for this situation. The latter is not a big deal and OVS doesn't have to do much to cope with it. The former is more of a problem. When the datapath can't match on all the fields that OVS supports, it means that OVS can't safely install a flow at all, other than one that directs packets to the slow path. Otherwise, if OVS did install a flow, it could match a packet that does not match the flow that OVS intended to match and could cause the wrong behavior. Somehow, this nuance was lost a long time. From about 2013 until today, it seems that OVS has ignored ODP_FIT_TOO_LITTLE. Instead, it happily installs a flow regardless of whether the datapath can actually fully match it. I imagine that this is rarely a problem because most of the time the datapath and userspace are well matched, but it is still an important problem to fix. This commit fixes it, by forcing flows into the slow path when the datapath cannot match specifically enough. CC: Ethan Jackson <ejj@eecs.berkeley.edu> Fixes: e79a6c83 ("ofproto: Handle flow installation and eviction in upcall.") Reported-by: Huanle Han <hanxueluo@gmail.com> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-January/343665.html Signed-off-by: Ben Pfaff <blp@ovn.org>
687bafbb