[ovs-discuss] Reporting Bugs in Open vSwitch

Ben Pfaff blp at ovn.org
Tue Sep 24 02:46:51 UTC 2019


On Mon, Sep 23, 2019 at 11:22:12PM -0400, cao jiahao wrote:
>    I am a researcher focusing on SDN Security. Recently, my colleagues and
> me find a bug on the packet buffering mechanism of OVS. In summarize, we
> find that OVS directly forwards a buffered packet according to the *actions*
> in the flow rule no matter whether the buffered packet matches the *match
> fields *in flow rules.  We show the detailed description and an example in
> the attachment. We hope we can help to fix the problem.
>     Please let us know if you need further information. Thank you.

Thanks for the report.

I don't understand your threat model.  If your controller runs malicious
apps, it can send anything in the network whatever it wants.  OpenFlow
and Open vSwitch provide no mechanisms for isolation between
application.  How does this property of OpenFlow make a difference?


More information about the discuss mailing list