[Windows] OVSext driver doesn't support discontiguous net buffer on Windows Server 2019 #323
Comments
|
I am also experiencing this on Windows Server 2022 |
|
Hi. Thanks for the report! I can be wrong, but it looks like the TCP conntrack handler is actually the only place that is not handling non-contiguous data. If that's true, it should not be hard to fix. Could you try the following change in your setup: igsilya/ovs@3a4f491 ? Note: only compile-tested in CI, I don't have a windows setup to do any actual testing. |
ovsrobot
pushed a commit
to ovsrobot/ovs
that referenced
this issue
Jun 6, 2024
NdisGetDataBuffer() is called without providing a buffer to copy packet data in case it is not contiguous. So, it fails in some scenarios where the packet is handled by the general network stack before OVS and headers become split in multiple buffers. Use existing helpers to retrieve the headers instead, they are using OvsGetPacketBytes() which should be able to handle split data. It might be a bit slower than getting direct pointers that may be provided by NdisGetDataBuffer(), but it's better to optimize commonly used OvsGetPacketBytes() helper in the future instead of optimizing every single caller separately. And we're still copying the TCP header anyway. Fixes: 9726a01 ("datapath-windows: Implement locking in conntrack NAT.") Reported-at: openvswitch/ovs-issues#323 Signed-off-by: Ilya Maximets <[email protected]> Signed-off-by: 0-day Robot <[email protected]>
ovsrobot
pushed a commit
to ovsrobot/ovs
that referenced
this issue
Jul 15, 2024
NdisGetDataBuffer() is called without providing a buffer to copy packet data in case it is not contiguous. So, it fails in some scenarios where the packet is handled by the general network stack before OVS and headers become split in multiple buffers. In the fix it will supply the stack buffer to copy packet data when call NdisGetDataBuffer(). In the conntrack Action process, it will do OvsPartialCopyNBL firstly with the size of layers l7offsets. If the header is split the header will be merged to one continuous buffer. But IPV6 traffic is not handed in this case. Reported-at: openvswitch/ovs-issues#323 Signed-off-by: Wilson Peng <[email protected]> Signed-off-by: 0-day Robot <[email protected]>
ovsrobot
pushed a commit
to ovsrobot/ovs
that referenced
this issue
Jul 17, 2024
NdisGetDataBuffer() is called without providing a buffer to copy packet data in case it is not contiguous. So, it fails in some scenarios where the packet is handled by the general network stack before OVS and headers become split in multiple buffers. In the fix it will supply the stack buffer to copy packet data when call NdisGetDataBuffer(). In the conntrack Action process, it will do OvsPartialCopyNBL firstly with the size of layers l7offsets. If the header is split the header will be merged to one continuous buffer. But IPV6 traffic is not handed in this case. Reported-at: openvswitch/ovs-issues#323 Signed-off-by: Wilson Peng <[email protected]> Signed-off-by: 0-day Robot <[email protected]>
ovsrobot
pushed a commit
to ovsrobot/ovs
that referenced
this issue
Aug 5, 2024
NdisGetDataBuffer() is called without providing a buffer to copy packet data in case it is not contiguous. So, it fails in some scenarios where the packet is handled by the general network stack before OVS and headers become split in multiple buffers. In the fix it will supply the stack buffer to copy packet data when call NdisGetDataBuffer(). In the conntrack Action process, it will do OvsPartialCopyNBL firstly with the size of layers l7offsets. If the header is split the header will be merged to one continuous buffer. But IPV6 traffic is not handed in this patch to merge the split dis-continuous net-buf. Reported-at: openvswitch/ovs-issues#323 Signed-off-by: Wilson Peng <[email protected]> Signed-off-by: 0-day Robot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi OVS dev,
We recently hit an issue with OVSext on Windows, after TCP handshake is completed, the following request packet is dropped by OVS datapath because they are marked as invalid.
Below is a screen shot of the packet capture,
The traffic topology is like this,
Tried to print OVS kernel logs, we saw that the packet is marked as invalid in conntrack by this code . A wonder is the request data (packet) is dis-contiguous in the memory buffer as it was routed on the Windows host before entering OVS, and the existing OVSext assumes the packet data must be contiguous.
According to the Microsoft official document, it looks Windows suggested that networking drivers support header-data split after NDIS 6.0, but OVSext doesn’t have the related support.
Is it possible to modify OVSext driver to support it?
The text was updated successfully, but these errors were encountered: