From 9dc9136ec47459d5ce5e52e4b759b6a77fadde06 Mon Sep 17 00:00:00 2001 From: Alexander Chernavin Date: Tue, 3 Oct 2023 12:45:51 +0000 Subject: flowprobe: fix corrupted packets sent after feature disabling When IPFIX flow record generation is enabled on an interface and the active timer is set, flows will be saved and then exported according to the active and passive timers. If then disable the feature on the interface, the flow entries currently saved will remain in the state tables. They will gradually expire and be exported. The problem is that the template for them has already been removed. And they will be sent with zero template ID which will make them unreadable. A similar problem will occur if feature settings are "changed" on the interface - i.e. disable the feature and re-enable it with different settings (e.g. set a different datapath). The remaining flows that correspond to the previous feature settings will be eventually sent either with zero template ID or with template ID that corresponds to the current feature settings on the interface (and look like garbage data). With this fix, flush the current buffers before template removal and clear the remaining flows of the interface during feature disabling. Type: fix Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16 Signed-off-by: Alexander Chernavin (cherry picked from commit f68afe85a6e4d5e00fdad1af19a76eb40fdfa388) --- test/test_flowprobe.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'test') diff --git a/test/test_flowprobe.py b/test/test_flowprobe.py index 19571f71235..0bdbd3d6789 100644 --- a/test/test_flowprobe.py +++ b/test/test_flowprobe.py @@ -1291,6 +1291,44 @@ class DisableFP(MethodHolder): ipfix.remove_vpp_config() self.logger.info("FFP_TEST_FINISH_0001") + def test_no_leftover_flows_after_disabling(self): + """disable flowprobe feature and expect no leftover flows""" + self.pg_enable_capture(self.pg_interfaces) + self.pkts = [] + + # enable ip4 datapath for an interface + # set active and passive timers + ipfix = VppCFLOW( + test=self, + active=3, + passive=4, + intf="pg3", + layer="l3", + datapath="ip4", + direction="rx", + mtu=100, + ) + ipfix.add_vpp_config() + + # template packet should arrive immediately + ipfix.verify_templates(count=1) + + # send some ip4 packets + self.create_stream(src_if=self.pg3, dst_if=self.pg4, packets=5) + self.send_packets(src_if=self.pg3, dst_if=self.pg4) + + # disable feature for the interface + # currently stored ip4 flows should be removed + ipfix.disable_flowprobe_feature() + + # no leftover ip4 flows are expected + self.pg_enable_capture([self.collector]) + self.sleep(12, "wait for leftover ip4 flows during three passive intervals") + self.collector.assert_nothing_captured() + + # cleanup + ipfix.disable_exporter() + @unittest.skipUnless(config.extended, "part of extended tests") class ReenableFP(MethodHolder): -- cgit 1.2.3-korg