[ovs-dev] [VLAN/SNAP 2/3] dpif-netdev: Tolerate undersized packets.

Ben Pfaff blp at nicira.com
Tue Aug 10 20:44:52 UTC 2010


On Tue, Aug 10, 2010 at 11:53:39AM -0700, Ben Pfaff wrote:
> On Thu, Aug 05, 2010 at 01:41:20PM -0400, Jesse Gross wrote:
> > On Wed, Jul 28, 2010 at 2:01 PM, Ben Pfaff <blp at nicira.com> wrote:
> > I think the problem is bigger than this and also exists in the kernel
> > datapath.
> > We never reset key->dl_type if the corresponding L3 header isn't present,
> > which means that both operations on vlan headers and IP headers are
> > vulnerable.  The only header we zero out is L4.  Additionally,
> > vlan_pull_tag() and modify_vlan_tci() in the kernel and
> > dp_netdev_strip_vlan() in userspace check that they are operating on packets
> > with vlan headers by looking at the skb directly, not the flow key, which
> > bypasses the length check.
> 
> Ouch.  I can't believe that we still have this problem.  I swear I've
> fixed it a dozen times.  I'll send out a new patch.

I wasn't sure how to best fix it, so I started a new thread for
discussion.  Meanwhile I pushed this series since it seems to be an
improvement at least.




More information about the dev mailing list