[ovs-dev] [PATCH] datapath: Relax set header validation.

Ethan Jackson ethan at nicira.com
Fri Aug 3 17:59:18 UTC 2012 

Looks good to me.  I'd prefer someone who knows the kernel code review
it as well.

Ethan

On Thu, Aug 2, 2012 at 7:39 PM, Jesse Gross <jesse at nicira.com> wrote:
> When installing a flow with an action to set a particular field we
> need to validate that the packets that are part of the flow actually
> contain that header.  With IP we use zeroed addresses and with TCP/UDP
> the check is for zeroed ports.  This check is overly broad and can catch
> packets like DHCP requests that have a zero source address in a
> legitimate header.  This changes the check to look for a zeroed protocol
> number for IP or for both ports be zero for TCP/UDP before considering
> the header to not exist.
>
> Bug #12769
>
> Reported-by: Ethan Jackson <ethan at nicira.com>
> Signed-off-by: Jesse Gross <jesse at nicira.com>
> ---
>  datapath/datapath.c |    6 +++---
>  lib/odp-util.c      |    2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/datapath/datapath.c b/datapath/datapath.c
> index dc2cfad..7a7dc4c 100644
> --- a/datapath/datapath.c
> +++ b/datapath/datapath.c
> @@ -561,10 +561,10 @@ static int validate_sample(const struct nlattr *attr,
>  static int validate_tp_port(const struct sw_flow_key *flow_key)
>  {
>         if (flow_key->eth.type == htons(ETH_P_IP)) {
> -               if (flow_key->ipv4.tp.src && flow_key->ipv4.tp.dst)
> +               if (flow_key->ipv4.tp.src || flow_key->ipv4.tp.dst)
>                         return 0;
>         } else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
> -               if (flow_key->ipv6.tp.src && flow_key->ipv6.tp.dst)
> +               if (flow_key->ipv6.tp.src || flow_key->ipv6.tp.dst)
>                         return 0;
>         }
>
> @@ -597,7 +597,7 @@ static int validate_set(const struct nlattr *a,
>                 if (flow_key->eth.type != htons(ETH_P_IP))
>                         return -EINVAL;
>
> -               if (!flow_key->ipv4.addr.src || !flow_key->ipv4.addr.dst)
> +               if (!flow_key->ip.proto)
>                         return -EINVAL;
>
>                 ipv4_key = nla_data(ovs_key);
> diff --git a/lib/odp-util.c b/lib/odp-util.c
> index 7caab09..901dac3 100644
> --- a/lib/odp-util.c
> +++ b/lib/odp-util.c
> @@ -1976,7 +1976,7 @@ static void
>  commit_set_port_action(const struct flow *flow, struct flow *base,
>                         struct ofpbuf *odp_actions)
>  {
> -    if (!base->tp_src || !base->tp_dst) {
> +    if (!base->tp_src && !base->tp_dst) {
>          return;
>      }
>
> --
> 1.7.9.5
>

More information about the dev mailing list