neutron

openvswitch native agent, ARP responder response has wrong Eth headers

Bug #1623849 reported by Thomas Morin on 2016-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Thomas Morin	neutron newton-rc1 "rc1"

Bug Description

The ovs-ofctl ARP responder implementation (install_arp_responder) sets the correct src/dst MAC addresses in the Ethernet header:

https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_tun.py#L197

https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py#L110

--> 'move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:%(mac)s,'

*However* the native Openflow/ryu install_arp_responder implementation does not set these src/dst fields of the Ethernet header:

https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_tun.py#L223

The result is that the forged ARP response is incorrect arp_responder=True and of_interface=native:

09:59:47.162196 fa:16:3e:ea:2e:9a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.10.1 tell 192.168.10.5, length 28
09:59:47.162426 fa:16:3e:ea:2e:9a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Reply 192.168.10.1 is-at fa:16:5e:47:33:64, length 28

Tags:

Thomas Morin (tmmorin-orange) on 2016-09-15

Changed in neutron:
assignee:	nobody → Thomas Morin (tmmorin-orange)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-15: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/370639

Changed in neutron:
status:	New → In Progress

Ihar Hrachyshka (ihar-hrachyshka) on 2016-09-15

Changed in neutron:
milestone:	none → newton-rc1

Hirofumi Ichihara (ichihara-hirofumi) on 2016-09-15

Changed in neutron:
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-16: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/370639
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7d2721de1a06ed233c8a2906d14df02ed70c95d9
Submitter: Jenkins
Branch: master

commit 7d2721de1a06ed233c8a2906d14df02ed70c95d9
Author: Thomas Morin <email address hidden>
Date: Thu Sep 15 11:25:47 2016 +0200

ovs agent, native ARP response: set Eth src/dst

    This change adds action to install_arp_responder of native implementation
    so that the source and destination MAC addresses of the Ethernet header
    are properly set, and now consistent with the ovs-ofctl implementation.

Change-Id: I9a095add42ba5799bd81887f1cbe5507ab9ba48c
Closes-Bug: 1623849

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-19: Related fix merged to neutron (master)

Reviewed: https://review.openstack.org/371183
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=033903aec0afbabce5155e49b807c9793c79f908
Submitter: Jenkins
Branch: master

commit 033903aec0afbabce5155e49b807c9793c79f908
Author: Assaf Muller <email address hidden>
Date: Thu Sep 15 18:02:16 2016 -0400

Add fullstack test with OVS arp_responder

    Now that fullstack uses a modern OVS we may finally have
    an OVS ARP responder test. The code will now have implicit
    coverage. It previously was not run in any functional or
    integration test.

Change-Id: I3db3185a08b7cc546dee9e711f5bda9143752f86
Related-Bug: #1623849

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-26: Fix included in openstack/neutron 9.0.0.0rc1

This issue was fixed in the openstack/neutron 9.0.0.0rc1 release candidate.

Ihar Hrachyshka (ihar-hrachyshka) on 2017-01-17

tags:

added: neutron-proactive-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-18: Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/421969

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-18: Related fix proposed to neutron (stable/newton)

Related fix proposed to branch: stable/newton
Review: https://review.openstack.org/421972

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-20: Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/421969
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=16820d8c2862494ed2220bad18898d2f60040599
Submitter: Jenkins
Branch: stable/mitaka

commit 16820d8c2862494ed2220bad18898d2f60040599
Author: Thomas Morin <email address hidden>
Date: Thu Sep 15 11:25:47 2016 +0200

ovs agent, native ARP response: set Eth src/dst

    Change-Id: I9a095add42ba5799bd81887f1cbe5507ab9ba48c
    Closes-Bug: 1623849
    (cherry picked from commit 7d2721de1a06ed233c8a2906d14df02ed70c95d9)

tags:

added: in-stable-mitaka

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-20: Related fix merged to neutron (stable/newton)

Reviewed: https://review.openstack.org/421972
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=cdfa780ab81a40b3498af105aa7ef994757dc860
Submitter: Jenkins
Branch: stable/newton

commit cdfa780ab81a40b3498af105aa7ef994757dc860
Author: Assaf Muller <email address hidden>
Date: Thu Sep 15 18:02:16 2016 -0400

Add fullstack test with OVS arp_responder

    Change-Id: I3db3185a08b7cc546dee9e711f5bda9143752f86
    Related-Bug: #1623849
    (cherry picked from commit 033903aec0afbabce5155e49b807c9793c79f908)

tags:

added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-01: Fix included in openstack/neutron 8.4.0

#10

This issue was fixed in the openstack/neutron 8.4.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.