[ovs-dev] [runt-flows 8/8] datapath: Avoid accesses past the end of skbuff data in actions.

Jesse Gross jesse at nicira.com
Thu Aug 26 23:07:35 UTC 2010

On Fri, Aug 13, 2010 at 10:55 AM, Ben Pfaff <blp at nicira.com> wrote:
> Some of the flow actions that modify skbuff data did not check that the
> skbuff was long enough before doing so.  This commit fixes that problem.
> Previously, the strategy for avoiding this was to only indicate the layer-3
> nw_proto field in the flow if the corresponding layer-4 header was fully
> present, so that if, for example, nw_proto was IPPROTO_TCP, this meant
> that a TCP header was present.  The original motivation for this patch was
> to add corresponding code to only indicate a layer-2 dl_type if the
> corresponding layer-3 header was fully present.  But I'm now convinced that
> this approach is conceptually wrong, because the meaning of a layer-N
> header should not be affected by the meaning of a layer-(N+1) header.
> This commit switches to a new approach.  Now, when a header is missing, its
> fields in the flow are simply zeroed and have no effect on the "type" field
> for the outer header.  Responsibility for ensuring that a header is fully
> present is now shifted to the actions that wish to modify that header.
> Signed-off-by: Ben Pfaff <blp at nicira.com>

Thanks, this looks good.  The behavior also seems much more consistent
to me compared to what we had before.

More information about the dev mailing list