[ovs-discuss] Meter Action Bug

John Hurley john.hurley at netronome.com
Fri Jan 10 17:03:54 UTC 2014


Hi,

I found a bug in OVS where a send to meter instruction can be accepted when
the meter ID does not exist. This causes a seg fault in our setup.

It occurs if we add a new meter and then add a flow rule to send matches to
that meter. If this flow rule is then modified to send the traffic to a
meter that does not exist, OVS will overwrite the actions and accept the
new (incorrect) meter ID.

I believe this is caused by add_flow function in ofproto.c calling
ofproto_check_ofpacts which in turn calls 'ofpacts_check' to verify the
actions and then does a check for a valid meter.
The modify_flows__ function, however, only calls 'ofpacts_check'.

Replacing the line in the modify_flows__ function in ofproto.c:

error = ofpacts_check(fm->ofpacts, fm->ofpacts_len, &fm->match.flow,
                              u16_to_ofp(ofproto->max_ports),
rule->table_id);

with

error = ofproto_check_ofpacts(ofproto, fm->ofpacts, fm->ofpacts_len,
                                  &fm->match.flow, rule->table_id);

fixes the issue - it returns a meter error if the modify rule has an
invalid meter.

Let me know if there are any issues with this fix.

Thanks,

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140110/baaa7ff3/attachment.html>


More information about the discuss mailing list