[ovs-dev] [PATCH] ipf.c: Fix userspace datapath crash caused by IP fragments

王亮 Liang Wang wangliangrt at didiglobal.com
Tue Apr 13 05:25:52 UTC 2021


From d5c454bc9c68a6b2b40a2301a21f7337d6086d4c Mon Sep 17 00:00:00 2001
From: Wang Liang <wangliangrt at didiglobal.com>
Date: Mon, 12 Apr 2021 18:24:21 +0800
Subject: [PATCH] Fix userspace datapath crash caused by IP fragments

The ovs userspace datapath will crash on openflow packet-out message
with IP packet largger than MTU. This patch will fix the problem.
When pre-processing the IP fragments, clone the packet if it has
'dnsteal' flag set.

Signed-off-by: Wang Liang <wangliangrt at didiglobal.com>
---
 lib/ipf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ipf.c b/lib/ipf.c
index c20bcc0b3..43f81706c 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -811,7 +811,7 @@ ipf_process_frag(struct ipf *ipf, struct ipf_list *ipf_list,
              * recommend not setting the mempool number of buffers too low
              * and also clamp the number of fragments. */
             struct ipf_frag *frag = &ipf_list->frag_list[last_inuse_idx + 1];
-            frag->pkt = pkt;
+            frag->pkt = dnsteal ? dp_packet_clone(pkt) : pkt;
             frag->start_data_byte = start_data_byte;
             frag->end_data_byte = end_data_byte;
             frag->dnsteal = dnsteal;
-- 
2.27.0




More information about the dev mailing list