Bug 2074537
Summary: | ovn-trace crashes when rejecting ICMP | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | François Rigault <frigo> |
Component: | ovn-2021 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
Status: | CLOSED ERRATA | QA Contact: | Ehsan Elahi <eelahi> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | RHEL 8.0 | CC: | ctrautma, jiji, lorenzo.bianconi, nusiddiq |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-30 18:00:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
François Rigault
2022-04-12 12:43:53 UTC
Thanks for raising this bz. I can see the same crash too. We recently fixed something similar in ovn-controller - https://github.com/ovn-org/ovn/commit/bcd9a8fb1b60accd6560c45e69ea80b70b2d3346 We should handle something similar in ovn-trace too. ### Reproduced on [root@bz-2074537 ~]# rpm -qa |grep -E 'ovn|openvswitch' openvswitch-selinux-extra-policy-1.0-28.el8fdp.noarch ovn-2021-21.12.0-11.el8fdp.x86_64 ovn-2021-central-21.12.0-11.el8fdp.x86_64 ovn-2021-host-21.12.0-11.el8fdp.x86_64 openvswitch2.15-2.15.0-93.el8fdp.x86_64 systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 systemctl start openvswitch ovs-vsctl set open . external_ids:system-id=hv1 # IP address configuration to physical interface ifconfig ens1f0 42.42.42.1 netmask 255.255.0.0 ovs-vsctl set open . external_ids:ovn-remote=tcp:42.42.42.1:6642 ovs-vsctl set open . external_ids:ovn-encap-type=geneve ovs-vsctl set open . external_ids:ovn-encap-ip=42.42.42.1 systemctl start ovn-controller ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:00:00:01 42.42.42.1" ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:00:00:02 42.42.42.2" ovn-nbctl pg-add pg1 ls1p1 ls1p2 ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 42.42.42.0/24 && udp && udp.dst >= 9000 && udp.dst <= 9999" allow ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject [root@bz-2074537 ~]# ovn-trace 'inport == "ls1p2" && eth.src == 00:00:00:00:00:02 && eth.dst == 00:00:00:00:00:01 && ip.ttl==42 && ip4.src == 42.42.42.2' Segmentation fault (core dumped) ### Verified on [root@bz-2074537 ~]# rpm -qa |grep -E 'ovn|openvswitch' openvswitch-selinux-extra-policy-1.0-28.el8fdp.noarch ovn-2021-21.12.0-73.el8fdp.x86_64 ovn-2021-central-21.12.0-73.el8fdp.x86_64 ovn-2021-host-21.12.0-73.el8fdp.x86_64 openvswitch2.15-2.15.0-93.el8fdp.x86_64 [root@bz-2074537 ~]# ovn-trace 'inport == "ls1p2" && eth.src == 00:00:00:00:00:02 && eth.dst == 00:00:00:00:00:01 && ip.ttl==42 && ip4.src == 42.42.42.2' # ip,reg14=0x2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,nw_src=42.42.42.2,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=42 ingress(dp="ls1", inport="ls1p2") --------------------------------- 0. ls_in_port_sec_l2 (northd.c:5597): inport == "ls1p2", priority 50, uuid de255dec next; 24. ls_in_l2_lkup (northd.c:8454): eth.dst == 00:00:00:00:00:01, priority 50, uuid 182c8727 outport = "ls1p1"; output; egress(dp="ls1", inport="ls1p2", outport="ls1p1") ------------------------------------------------- 4. ls_out_acl (northd.c:6277): inport==@pg1, priority 3001, uuid 66b3def3 reg0 = 0; reject { outport <-> inport; next(pipeline=ingress, table=24); }; icmp4 ----- outport <-> inport; next(pipeline=ingress, table=24); ingress(dp="ls1", inport="ls1p1") --------------------------------- 24. ls_in_l2_lkup (northd.c:8454): eth.dst == 00:00:00:00:00:02, priority 50, uuid 8211896b outport = "ls1p2"; output; egress(dp="ls1", inport="ls1p1", outport="ls1p2") ------------------------------------------------- 4. ls_out_acl (northd.c:6277): inport==@pg1, priority 3001, uuid 66b3def3 reg0 = 0; reject { outport <-> inport; next(pipeline=ingress, table=24); }; ###Also verified on [root@bz-2074537 ~]# rpm -qa |grep -E 'ovn|openvswitch' openvswitch-selinux-extra-policy-1.0-28.el8fdp.noarch ovn22.03-22.03.0-52.el8fdp.x86_64 ovn22.03-host-22.03.0-52.el8fdp.x86_64 openvswitch2.15-2.15.0-93.el8fdp.x86_64 ovn22.03-central-22.03.0-52.el8fdp.x86_64 ###And verified on [root@bz-2074537 ~]# rpm -qa |grep -E 'ovn|openvswitch' openvswitch-selinux-extra-policy-1.0-31.el9fdp.noarch openvswitch2.16-2.16.0-52.el9fdp.x86_64 ovn22.03-22.03.0-52.el9fdp.x86_64 ovn22.03-central-22.03.0-52.el9fdp.x86_64 ovn22.03-host-22.03.0-52.el9fdp.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5446 |