[ovs-dev] [PATCH] tunneling: Don't send ICMP messages if no tunnel port is found.
Jesse Gross
jesse at nicira.com
Sat Feb 2 01:18:43 UTC 2013
On Fri, Feb 1, 2013 at 5:04 PM, Kyle Mestery (kmestery)
<kmestery at cisco.com> wrote:
> On Feb 1, 2013, at 6:58 PM, Jesse Gross <jesse at nicira.com> wrote:
>> Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
>> store information while processing packets. However, if we don't
>> find an appropriate tunnel port on receive, then we send an ICMP
>> port unreachable message, which calls back into the IP stack. The
>> stack assumes that skb->cb will still contain valid information
>> about from the IP layer, including any IP options. As a result,
>> icmp_echo_options() can read the garbage values from STT and
>> overwrite data on the stack, panicing the machine.
>>
>> This simply stops sending ICMP messages when ports are not found.
>> Many people find them confusing and flow based tunneling will
>> never send them (since it always finds a port) so it solves both
>> problems at once.
>>
>> Bug #14880
>>
>> Reported-by: Deepesh Govindan <dgovindan at nicira.com>
>> Signed-off-by: Jesse Gross <jesse at nicira.com>
>
>
> Looks straightforward enough to me, thanks for the nice explanation
> Jesse.
>
> Acked-by: Kyle Mestery <kmestery at cisco.com>
Thanks for the review Kyle, I applied this patch.
More information about the dev
mailing list