[PWCI] "[ovs-dev,v2] odp-execute: Fix packet length check for TSO packets."

[ovsrobot]

NOTE: This is an auto submission for "[ovs-dev,v2] odp-execute: Fix packet length check for TSO packets.".

See "http://patchwork.ozlabs.org/project/openvswitch/list/?series=473083" for details.

Summary by Sourcery

Fix packet length validation for TCP Segmentation Offload and refine tunnel metadata flags handling

Bug Fixes:

• Preserve existing GRE tunnel flags when adding the CSUM flag
• Map the IP "Don't Fragment" bit to the FLOW_TNL_F_DONT_FRAGMENT flag in tunnel metadata

Enhancements:

• Limit pkt_len check in odp_execute for TSO packets by calculating segment-based length

Summary by CodeRabbit

• Bug Fixes

  • Correctly set the tunnel DF flag for IPv4 packets.
  • Preserve existing tunnel flags when GRE checksum is indicated.
  • Make packet-length checks respect TSO segment boundaries.

• Tests

  • Added userspace offload test for TSO with check_pkt_len.
  • Updated flow-dump expectations to reflect +df-csum in GRE/Geneve/NSH paths and tunnel-based recirculation.

• Documentation

  • Updated maintainers list: moved Russell Bryant to Emeritus.

[sourcery-ai]

Reviewer's Guide

Implements TSO-aware packet length validation by computing a per-segment maximum based on TCP payload offset and fixes tunnel flag handling by setting the IPv4 “dont fragment” bit and OR’ing GRE checksum flags to preserve existing flags.

Class diagram for updated dp_packet TSO and payload handling

classDiagram
    class dp_packet {
        +get_send_len()
        +get_tso_segsz()
        +get_tcp_payload()
        +get_inner_tcp_payload()
        +get_l2_pad_size()
        +get_tunnel()
        +get_data()
    }
    class odp_execute_check_pkt_len {
        +size
        +TSO-aware length check
    }
    dp_packet <.. odp_execute_check_pkt_len: uses

Loading

Class diagram for updated flow_tnl flag handling in tunnel parsing

classDiagram
    class flow_tnl {
        +ip_tos
        +ip_ttl
        +flags
    }
    class ip_extract_tnl_md {
        +sets FLOW_TNL_F_DONT_FRAGMENT if IPv4 DF bit is set
    }
    class parse_gre_header {
        +flags |= FLOW_TNL_F_CSUM
    }
    flow_tnl <.. ip_extract_tnl_md: modified
    flow_tnl <.. parse_gre_header: modified

Loading

File-Level Changes

Change	Details	Files
Support TSO in packet length validation	Detect TSO segment size in odp_execute_check_pkt_len Extract TCP payload pointer for inner or outer packet Compute segment max length and cap packet size accordingly	lib/odp-execute.c
Correct tunnel flags handling	Set FLOW_TNL_F_DONT_FRAGMENT when IPv4 DF bit is set Use OR assignment for FLOW_TNL_F_CSUM to preserve existing flags	lib/netdev-native-tnl.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

Updates tunnel flag handling to set DF for IPv4 and preserve GRE flags, adds TSO-aware packet-length checking, and adjusts tests to reflect DF (+df-csum) in tunnel expectations. Introduces a new userspace offload test for TSO with check_pkt_len. Maintainers list moves one entry to Emeritus.

Changes

Cohort / File(s)	Summary
Documentation / Maintainers MAINTAINERS.rst	Move Russell Bryant from active OVS Maintainers to OVS Emeritus Maintainers (same email).
Tunnel flag handling (DF/CSUM) lib/netdev-native-tnl.c	IPv4: detect DF via ip->ip_frag_off and set FLOW_TNL_F_DONT_FRAGMENT; GRE: when checksum present, set CSUM flag with
TSO-aware check_pkt_len lib/odp-execute.c	In odp_execute_check_pkt_len, incorporate TSO segment boundaries: derive segsize from payload offset + TSO seg size (inner payload for tunneled TCP), clamp size to segsize before comparison.
New userspace offload TSO test tests/dpif-netdev.at	Add “userspace offload - tso + check_pkt_len” test validating check_pkt_len with varying TSO segment sizes and packet lengths; verifies offload flows and pcap outputs.
DF flag expectations (NSH over VXLAN) tests/nsh.at	Update expected flows: tunnel flags switch from -df-csum+key to +df-csum+key in specified recirculation entries.
GRE recirc expectations with DF/CSUM tests/packet-type-aware.at	Widespread expectation updates to reflect tunnel(...flags(+df-csum)) and GRE-based recirc paths; adjust in_port to gre_sys where applicable.
Geneve flag expectation tweak tests/tunnel-push-pop.at	Change expected Geneve tunnel flags from -df-csum+key to +df-csum+key for a dpif/dump-flows line.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Ingress as Ingress Packet
  participant Exec as odp_execute_check_pkt_len
  participant Parser as L3/L4 Parser
  participant TSO as TSO Context

  Ingress->>Exec: Execute actions (check_pkt_len)
  Exec->>Parser: Determine base send length, L2 padding
  Parser-->>Exec: Base size (send_len - l2pad)

  alt TSO enabled
    Exec->>TSO: Retrieve TSO segment size
    alt Tunnelled TCP
      Exec->>Parser: Locate inner TCP payload offset
      Parser-->>Exec: Inner payload offset
    else Non-tunnel TCP
      Exec->>Parser: Locate TCP payload offset
      Parser-->>Exec: TCP payload offset
    end
    Exec->>Exec: segsize = payload_offset + tso_seg_size
    Exec->>Exec: size = min(size, segsize)
  end

  Exec-->>Ingress: Compare size vs threshold -> branch (gt / le)

Loading

sequenceDiagram
  autonumber
  participant Rx as Packet RX
  participant Tnl as ip_extract_tnl_md
  participant GRE as parse_gre_header
  participant Flow as Flow Tunnel MD

  Rx->>Tnl: Parse IPv4 header
  Tnl->>Tnl: Check DF bit (ip_frag_off & IP_DF)
  Tnl->>Flow: Set FLOW_TNL_F_DONT_FRAGMENT if DF

  Rx->>GRE: Parse GRE header (if GRE)
  GRE->>Flow: tnl->flags |= FLOW_TNL_F_CSUM (preserve other flags)
  GRE-->>Rx: Return updated tunnel flags

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Pre-merge checks (1 passed, 2 warnings)

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The current title includes CI and series tags that add noise and quoting which distracts from the actual change; the core summary “odp-execute: Fix packet length check for TSO packets” does describe the main update, but the extra “[PWCI]” and “[ovs-dev,v2]” prefixes and nested quotes make it verbose and less clear than needed.	Please remove the “[PWCI]” and “[ovs-dev,v2]” prefixes and any unnecessary quoting so that the title reads simply “odp-execute: Fix packet length check for TSO packets,” providing a concise and direct summary of the change.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

Poem

I thump my paws at flags that fly,
A DF set, a checksum nigh—oh my!
TSO trims each segment neat,
While tests now dance to updated beat.
With tunnels true and flows aligned,
This bunny signs: “All neatly confined.” 🐇✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch series_473083

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

tests/dpif-netdev.at (3)

2257-2260: Nit: prefer explicit nxm notation for clarity (optional)

check_pkt_larger(514)->NXM_NX_REG0[0] is correct; for readability you could use reg0[0] consistently with other tests (if accepted by parser).

---

2270-2273: Stable match of check_pkt_len action

Dump assertion is tight; to reduce brittleness across minor formatting changes, consider matching only the action substring.

Apply this diff if desired:

-AT_CHECK([ovs-appctl dpctl/dump-flows | strip_used | strip_stats], [0], [dnl
-flow-dump from the main thread:
-recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:check_pkt_len(size=514,gt(3),le(2))
-])
+AT_CHECK([ovs-appctl dpctl/dump-flows | strip_used | strip_stats | grep 'actions:check_pkt_len(size=514,gt(3),le(2))$'])

---

2275-2301: pcap counters rely on clean start

Counts assume new pcaps. If flakiness appears, explicitly clear pcap files after bridge creation.

Example:

 add_of_ports --pcap br1 `seq 1 3`
+rm -f p2-tx.pcap p3-tx.pcap

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a2169a and ab00b05.

📒 Files selected for processing (7)

• MAINTAINERS.rst (1 hunks)
• lib/netdev-native-tnl.c (2 hunks)
• lib/odp-execute.c (1 hunks)
• tests/dpif-netdev.at (1 hunks)
• tests/nsh.at (2 hunks)
• tests/packet-type-aware.at (8 hunks)
• tests/tunnel-push-pop.at (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

lib/odp-execute.c (1)

lib/dp-packet.h (5)

• dp_packet_get_tso_segsz (716-720)
• dp_packet_get_tso_segsz (783-787)
• dp_packet_get_inner_tcp_payload (560-574)
• dp_packet_get_tcp_payload (544-558)
• dp_packet_data (830-835)

lib/netdev-native-tnl.c (1)

include/sparse/netinet/in.h (1)

• htons (158-161)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: linux gcc check-offloads 100-
• GitHub Check: linux gcc m32 --disable-ssl
• GitHub Check: linux gcc --disable-ssl
• GitHub Check: linux gcc dpdk-shared
• GitHub Check: linux gcc --enable-afxdp
• GitHub Check: linux gcc dpdk-shared --enable-shared
• GitHub Check: linux clang test --enable-shared
• GitHub Check: linux gcc test --enable-shared
• GitHub Check: linux clang c99
• GitHub Check: linux gcc test
• GitHub Check: linux clang --enable-afxdp
• GitHub Check: linux gcc test -ljemalloc
• GitHub Check: linux gcc check check-dpdk dpdk
• GitHub Check: clang-analyze-cache
• GitHub Check: freebsd_build COMPILER:clang freebsd_instance:family/freebsd-13-5-snap
• GitHub Check: freebsd_build COMPILER:clang freebsd_instance:family/freebsd-14-3-snap
• GitHub Check: osx clang --disable-ssl
• GitHub Check: linux rpm fedora
• GitHub Check: linux deb no dpdk
• GitHub Check: build oss-fuzz fuzzers

🔇 Additional comments (15)

MAINTAINERS.rst (1)

94-95: Move to Emeritus looks correct.

Entry for Russell Bryant appears only under Emeritus; no remaining active entry visible in this diff. Good housekeeping.

lib/netdev-native-tnl.c (2)

155-157: Correctly preserve IPv4 DF into tunnel flags.

Using ip->ip_frag_off & htons(IP_DF) and OR-ing FLOW_TNL_F_DONT_FRAGMENT ensures DF is propagated without clobbering other flags. Matches emit path in netdev_tnl_ip_build_header().

---

474-474: Fix: don’t overwrite existing tunnel flags when GRE has CSUM.

Changing to tnl->flags |= FLOW_TNL_F_CSUM preserves previously-set flags (e.g., DF, KEY). This resolves subtle flag-loss bugs on GRE pop.

tests/tunnel-push-pop.at (1)

688-688: Test expectation aligned with preserved flags.

flags(+df-csum+key) matches the DF detection and GRE/UDP checksum flag preservation. Good update.

lib/odp-execute.c (1)

800-818: Approve TSO-aware check_pkt_len clamp
Global search shows check_pkt_len and TSO paths in lib/odp-execute.c, ofproto, netdev modules and extensive coverage in system-tso and dpif-netdev tests—no missing call sites.

tests/nsh.at (2)

722-724: DF and CSUM flags expectation flip looks correct

The tunnel header in the preceding tnl_push shows IPv4 frag=0x4000 (DF). Expecting flags(+df-csum+key) on the recirculated tunnel context is consistent. LGTM.

---

776-779: Consistent DF expectation across subsequent recircs

The additional recirc steps also now show flags(+df-csum+key), matching DF propagation. Looks good.

tests/packet-type-aware.at (7)

327-328: GRE recirc now shows DF+CSUM — OK

The flags(+df-csum) on the tunnel context after tnl_pop(gre_sys) align with setting DF on the outer IPv4 header. Approve.

---

345-346: DF+CSUM on N1→N2 path

Expectation updated to flags(+df-csum) looks consistent with the push header (frag=0x4000). LGTM.

---

363-364: N2→N1 GRE recirc DF flag

Same rationale; update is correct.

---

381-383: Chained GRE hops preserve DF

DF shown on both hops is accurate given DF in outer headers. Looks good.

---

400-402: IPv6/IPv4 mix: DF only on IPv4 outer — OK

IPv6 legs lack DF (not applicable), IPv4 legs show flags(+df-csum). Expectations match behavior.

---

419-420: DF+CSUM on L3 GRE

Matches earlier changes; consistent.

---

1018-1020: MPLS over GRE: DF retained after packet_type change

flags(+df-csum) on both pre- and post-recirculation flows align with DF in the push path; OK.

tests/dpif-netdev.at (1)

2248-2304: New TSO-aware check_pkt_len test covers key boundary cases

• Default (no TSO): le path to port 2.
• TSO=460: 54+460=514 → le path (2).
• TSO=500: 54+500=554 → gt path (3).

Helper macros/functions add_of_br, add_of_ports, strip_stats and strip_used are defined in tests/ofproto-macros.at and available in this context.