Juniper Openstack

A fragmented TCP Reset packet can cause Hold flows in vrouter

Bug #1523857 reported by Vedamurthy Joshi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Fix Committed
Medium
Anand H. Krishnan
Juniper Openstack r3.0-fcs
R2.20
Fix Committed
Medium
Anand H. Krishnan

Bug Description

R2.20 Build 112 Ubuntu 14.04 Juno multi-node

==============
From 219.14.75.3, send a TCP Reset (fragmented)

>>> send(fragment(IP(dst="20.1.1.4")/TCP(dport=8888, flags="R", sport=7777)/payload, fragsize=400))
...
Sent 3 packets.
>>>
==============
It creates a flow as below
root@nodek2:~# flow -l | grep -A2 "20.1.1.4:8888"
2548940<=>4015896 219.14.75.3:7777 20.1.1.4:8888 6 (1)
(K(nh):70, Action:F, Flags:, TCP:RD, S(nh):70, Stats:3/1118, SPort:53496)

--
4015896<=>2548940 20.1.1.4:8888 219.14.75.3:7777 6 (1)
(K(nh):70, Action:F, Flags:, TCP:, S(nh):21, Stats:0/0, SPort:56927)

root@nodek2:~#
==============
Send the same Reset packet again

>>> send(fragment(IP(dst="20.1.1.4")/TCP(dport=8888, flags="R", sport=7777)/payload, fragsize=400))
...
Sent 3 packets.
>>>
==============
Hold flows are seen now.

root@nodek2:~# flow -l | grep -A2 "20.1.1.4:8888"
2548940 219.14.75.3:7777 20.1.1.4:8888 6 (1)
(K(nh):70, Action:H, Flags:, TCP:, S(nh):0, Stats:1/250, SPort:0)

root@nodek2:~#

==============

Tags: vrouter
Revision history for this message
Anand H. Krishnan (anandhk) wrote :

https://github.com/Juniper/contrail-vrouter/commit/d752dcfc645d2c38045f6a649c00e7fbf785dcc4

Revision history for this message
Anand H. Krishnan (anandhk) wrote :

For mainline

https://github.com/Juniper/contrail-vrouter/commit/7e8bbfd8c994ef5230d27ce67fd734d861edcb4b

Changed in juniperopenstack:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.