tc filter show tcp_flags wrong mask value
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Ubuntu-power-systems project |
Fix Released
|
Medium
|
Ubuntu on IBM Power Systems Bug Triage | ||
iproute2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Stefan Bader |
Bug Description
[SRU Justification]
Impact: The tc command does not show the correct values for tcp_flags (and ip_tos) on filter rules. This might break other scripts parsing that output but at least confuses users.
Fix: Backport of "tc: fix bugs for tcp_flags and ip_attr hex output" from upstream iproute2.
Testcase:
tc qdisc add dev lo ingress
tc filter add dev lo parent ffff: prio 3 proto ip flower ip_tos 0x8/32
tc filter add dev lo parent ffff: prio 5 proto ip flower ip_proto tcp \
tcp_flags 0x909/f00
tc filter show dev lo parent ffff:
filter protocol ip pref 3 flower chain 0
filter protocol ip pref 3 flower chain 0 handle 0x1
eth_type ipv4
ip_tos a9606c10 <-- bad, should be 0x8/32
not_in_hw
filter protocol ip pref 5 flower chain 0
filter protocol ip pref 5 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
tcp_flags 909909 <-- bad, should be 0x909/f00
not_in_hw
Note that the ip_tos value in the -j[son] output is correct, while the tcp_flags value is
is incorrect in both cases.
Risk of Regression:
Low: Usually scripts would use the json output and that has at least the ip output correct. And the values shown in the bad case seem to be little useful. So it seems unlikely anybody relied on them. But cannot completely be ruled out.
=== Original description ===
---Problem Description---
Problem Descriptions
"tc" utility does not show correct TC rule's tcp_flags mask correctly in current "iproute2" package shipped on Genesis.
# dpkg -l |grep iproute2
ii iproute2 4.15.0-2ubuntu1 ppc64el networking and traffic control tools
---Steps to Reproduce---
Steps to reproduce the problem:
1) Add a tc rule to the testing VF (i.e. p0v2_r):
# tc filter add dev p0v2 protocol ip parent ffff: pref 5 chain 1 handle 0x1 flower src_mac 00:00:00:
2) Validate the added TC rule:
# tc filter show dev p0v2_r root
filter protocol ip pref 5 flower chain 1
filter protocol ip pref 5 flower chain 1 handle 0x1
src_mac 00:00:00:
eth_type ipv4
ip_proto tcp
tcp_flags 22 /* <--- Wrong */
skip_sw
in_hw
action order 1: mirred (Egress Redirect to device p0v0_r) stolen
3) If we add the tcp_flags using explicit mask 0x7:
# tc filter add dev p0v2 protocol ip parent ffff: pref 5 chain 1 handle 0x1 flower src_mac 00:00:00:
After that, using "tc filter show dev p0v2_r root" to verify, we still see the same output (tcp_flags 22) as shown in 2) above, which is wrong.
Userspace tool common name: tc
The userspace tool has the following bit modes: 64-bit
Userspace package: iproute2
==
Fixes:
There are 2 patches to fix the issue:
patch 1:
commit b85076cd74e7753
Author: Stephen Hemminger <email address hidden>
Date: Tue Sep 11 08:29:33 2018 -0700
lib: introduce print_nl
Common pattern in iproute commands is to print a line seperator
in non-json mode. Make that a simple function.
/* This patch declares global variable "const char *_SL_ = "\n";" in lib/utils.c to be used by 2nd patch */
patch 2:
commit e8bd395508cead5
Author: Keara Leibovitz <email address hidden>
Date: Thu Jul 26 09:45:30 2018 -0400
tc: fix bugs for tcp_flags and ip_attr hex output
Fix hex output for both the ip_attr and tcp_flags print functions.
With the above 2 patches pull in, the new "tc" utility will show the correct tcp_flags mask:
# tc filter show dev p0v2 root
filter protocol ip pref 5 flower chain 1
filter protocol ip pref 5 flower chain 1 handle 0x1
src_mac 00:00:00:
eth_type ipv4
ip_proto tcp
tcp_flags 0x2/7 /* <--- Correct */
skip_sw
in_hw
action order 1: mirred (Egress Redirect to device p0v0_r) stolen
====
This bug affects tc in Ubuntu 18.04.1 stock image.
Related branches
- Andreas Hasenack: Approve
- Jay Vosburgh (community): Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 180 lines (+158/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch (+150/-0)
debian/patches/series (+1/-0)
tags: | added: architecture-ppc64le bugnameltc-185386 severity-medium targetmilestone-inin18041 |
Changed in ubuntu: | |
assignee: | nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
affects: | ubuntu → iproute2 (Ubuntu) |
Changed in ubuntu-power-systems: | |
importance: | Undecided → Medium |
assignee: | nobody → Canonical Server Team (canonical-server) |
Changed in iproute2 (Ubuntu): | |
assignee: | Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) → Canonical Kernel Team (canonical-kernel-team) |
Changed in ubuntu-power-systems: | |
assignee: | Canonical Server Team (canonical-server) → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
Changed in ubuntu-power-systems: | |
status: | New → Triaged |
Changed in iproute2 (Ubuntu Bionic): | |
importance: | Undecided → Medium |
assignee: | Canonical Kernel Team (canonical-kernel-team) → Stefan Bader (smb) |
description: | updated |
description: | updated |
Changed in ubuntu-power-systems: | |
status: | Triaged → In Progress |
Changed in ubuntu-power-systems: | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
Changed in ubuntu-power-systems: | |
status: | Fix Committed → Fix Released |
Both fixes are in v4.19.0 and later