[ovs-dev] [PATCH v3 0/3] bug fix: avoid install bad dp flow

lic121 lic121 at chinatelecom.cn
Mon Nov 1 11:01:47 UTC 2021


ovs may install bad datapath flow when meet malformed pkts. As a
result, it may allows some unwanted pkts pass. This could be a point
of attack.

lic121 (3):
  upcall: prevent from installing flows when inconsistence
  tests: fix packet data endianness
  upcall: considering dataofs when parsing tcp pkt

 lib/flow.c                    | 18 ++++++++++--------
 ofproto/ofproto-dpif-upcall.c | 29 +++++++++++++++++++++++++----
 tests/flowgen.py              |  2 +-
 tests/ofproto-dpif.at         | 31 +++++++++++++++++++++++++++++++
 4 files changed, 67 insertions(+), 13 deletions(-)

-- 
1.8.3.1



More information about the dev mailing list