[ovs-dev] [PATCH] tunneling: Don't send ICMP messages if no tunnel port is found.

Kyle Mestery (kmestery) kmestery at cisco.com
Sat Feb 2 01:04:08 UTC 2013


On Feb 1, 2013, at 6:58 PM, Jesse Gross <jesse at nicira.com> wrote:
> Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
> store information while processing packets.  However, if we don't
> find an appropriate tunnel port on receive, then we send an ICMP
> port unreachable message, which calls back into the IP stack.  The
> stack assumes that skb->cb will still contain valid information
> about from the IP layer, including any IP options.  As a result,
> icmp_echo_options() can read the garbage values from STT and
> overwrite data on the stack, panicing the machine.
> 
> This simply stops sending ICMP messages when ports are not found.
> Many people find them confusing and flow based tunneling will
> never send them (since it always finds a port) so it solves both
> problems at once.
> 
> Bug #14880
> 
> Reported-by: Deepesh Govindan <dgovindan at nicira.com>
> Signed-off-by: Jesse Gross <jesse at nicira.com>


Looks straightforward enough to me, thanks for the nice explanation
Jesse.

Acked-by: Kyle Mestery <kmestery at cisco.com>



More information about the dev mailing list