Ubuntu
openvswitch package

openvswitch: same tcp session encapsulated with different udp src port for ovs vxlan tunnel

Bug #1860987 reported by Maxime Leroy on 2020-01-27

14

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
	Bionic	Confirmed	Undecided	Unassigned
	Focal	Confirmed	Undecided	Unassigned
	Groovy	Fix Released	Undecided	Unassigned
	Hirsute	Fix Released	Undecided	Unassigned
	Impish	Fix Released	Undecided	Unassigned
	openvswitch (Ubuntu)	Fix Released	Medium	Unassigned
	Bionic	Triaged	Low	Unassigned
	Focal	Fix Released	Medium	Unassigned
	Groovy	Fix Released	Medium	Unassigned
	Hirsute	Fix Released	Medium	Unassigned
	Impish	Fix Released	Medium	Unassigned

Bug Description

[SRU Justification]

[Impact]

Packets encapsulated into a vxlan tunnel with openvswitch don't have the same udp source port for the first packet and the following ones of the same TCP flow in a DOCKER scenario usecase.

In fact, when using the kernel datapath, the upcall don't include skb hash info relatived. As VXLAN module uses
the skb hash to select UDP src port, the source port is different for the first packet.

More information can be found here:
https://mail.openvswitch.org/pipermail/ovs-dev/2019-October/364062.html

This has been fixed in the next release openvswitch 2.13 by the following upstream commits:
- 0442bfb11d6ccb ("ofproto-dpif-upcall: Echo HASH attribute back to datapath.")
- c4d8a4e0399910 ("ofproto-dpif: Fix using uninitialized execute hash.")
- 924d94a695a6ca ("ofproto-dpif-upcall: Fix using uninitialized upcall hash.")

https://github.com/openvswitch/ovs/commit/0442bfb11d6ccbf11754ef1d6de603b970465302
https://github.com/openvswitch/ovs/commit/c4d8a4e039991030c1298dbd1335d209cb437875
https://github.com/openvswitch/ovs/commit/924d94a695a6ca54b83d4bd42ec196ba53947c6d

The bug exists since the beginning of vxlan support in openvswitch.

== Fix ==

Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and
Xenial (4.4).

Maxime Leroy (maxime-leroy) on 2020-01-27

affects:

linux (Ubuntu) → openvswitch (Ubuntu)

Revision history for this message

James Page (james-page) wrote on 2021-06-28:

#1

Focal already has 2.13.3 which includes this fix.

Revision history for this message

James Page (james-page) wrote on 2021-06-28:

#2

Does this also have a kernel side part to the fix to ensure that the skb hash is passed?

Revision history for this message

James Page (james-page) wrote on 2021-06-28:

#3

It does and the focal 5.4 kernel does not include this fix:

https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/tree/include/uapi/linux/openvswitch.h

Revision history for this message

James Page (james-page) wrote on 2021-07-02:

#4

Present in the Groovy 5.8 kernel and later:

https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/tree/include/uapi/linux/openvswitch.h

Changed in openvswitch (Ubuntu Focal):
status:	New → Fix Released
Changed in openvswitch (Ubuntu Hirsute):
status:	New → Fix Released
Changed in openvswitch (Ubuntu Groovy):
status:	New → Fix Released
Changed in openvswitch (Ubuntu Impish):
status:	New → Fix Released
Changed in openvswitch (Ubuntu Bionic):
status:	New → Triaged
importance:	Undecided → Medium
Changed in openvswitch (Ubuntu Focal):
importance:	Undecided → Medium
Changed in openvswitch (Ubuntu Groovy):
importance:	Undecided → Medium
Changed in openvswitch (Ubuntu Hirsute):
importance:	Undecided → Medium
Changed in openvswitch (Ubuntu Impish):
importance:	Undecided → Medium
Changed in openvswitch (Ubuntu Bionic):
importance:	Medium → Low

Revision history for this message

James Page (james-page) wrote on 2021-07-02:

#5

Commit that introduces the hash to the upcall to OVS:

https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/commit/include/uapi/linux/openvswitch.h?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d

Changed in linux (Ubuntu Groovy):
status:	New → Fix Released
Changed in linux (Ubuntu Hirsute):
status:	New → Fix Released
Changed in linux (Ubuntu Impish):
status:	New → Fix Released

Revision history for this message

James Page (james-page) wrote on 2021-07-02:

#6

Raising tasks for Linux as well - Groovy onwards is good so just focal and bionic targets now.

Revision history for this message

James Page (james-page) wrote on 2021-07-02:

#7

For reference - this should be usable on Focal with the HWE kernel (rather than the 5.4 release kernel).

Revision history for this message

Narendar R Pulimamidi (narendarpnr) wrote on 2022-02-28:

#8

above commit https://kernel.ubuntu.com/git/ubuntu/ubuntu-groovy.git/commit/include/uapi/linux/openvswitch.h?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d

is not available, any suggestion how to get that patch.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-02-28:

#9

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu Bionic):
status:	New → Confirmed
Changed in linux (Ubuntu Focal):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.