[ovs-dev] [PATCH] Validation of IPv6 set port action uses IPv4 header

Jesse Gross jesse at nicira.com
Mon May 7 23:01:31 UTC 2012


On Mon, May 7, 2012 at 3:01 PM, Pravin B Shelar <pshelar at nicira.com> wrote:
> When the kernel validates set TCP/UDP port actions, it looks at
> the ports in the existing flow to make sure that the L4 header exists.
> However, these actions always use the IPv4 version of the struct.
> Following patch fixes this by checking for flow ip protocol first.
>
> Signed-off-by: Pravin B Shelar <pshelar at nicira.com>

Can you add a prefix to the subject with the area that this touches
(i.e. datapath:)?

> diff --git a/datapath/datapath.c b/datapath/datapath.c
> index 63713d8..ebbe2ec 100644
> --- a/datapath/datapath.c
> +++ b/datapath/datapath.c
> @@ -558,6 +558,19 @@ static int validate_sample(const struct nlattr *attr,
>        return validate_actions(actions, key, depth + 1);
>  }
>
> +static int validate_tp_port(const struct sw_flow_key *flow_key)
> +{
> +       if (flow_key->eth.type == htons(ETH_P_IP)) {
> +               if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst)
> +                       return -EINVAL;
> +       } else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
> +               if (!flow_key->ipv6.tp.src || !flow_key->ipv6.tp.dst)
> +                       return -EINVAL;
> +       }
> +
> +       return 0;
> +}

Can we reverse this check to make it a little more robust - i.e. if
the IP version and ports are OK and then default reject?



More information about the dev mailing list