[ovs-dev] [PATCH] tunnel: Validate IP header for userspace tunneling.
Jesse Gross
jesse at nicira.com
Sun Sep 13 15:21:00 UTC 2015
On Sat, Sep 12, 2015 at 5:13 PM, Pravin Shelar <pshelar at nicira.com> wrote:
> On Fri, Sep 11, 2015 at 6:59 PM, Jesse Gross <jesse at nicira.com> wrote:
>> Currently, when doing userspace tunneling we don't perform much in
>> the way of integrity checks on the incoming IP header. The case of
>> tunneling is different from the usual case of switching since we are
>> acting as the endpoint here and should not allow invalid packets to
>> pass.
>>
>> This adds checks for IP checksum, version, total length, and options and
>> drops packets that don't pass.
>>
>> Signed-off-by: Jesse Gross <jesse at nicira.com>
>
> Looks good.
>
> Acked-by: Pravin B Shelar <pshelar at nicira.com>
Thanks, applied to master.
More information about the dev
mailing list