[ovs-git] Open vSwitch: tunneling: Don't send ICMP messages if no tunnel port is found. (master)

dev at openvswitch.org dev at openvswitch.org
Sat Feb 2 01:18:19 UTC 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, master has been updated
       via  498e12855516a9009fcfff3d1a2d475ead1822ca (commit)
      from  cc2862a93261e9fc9c3880982a9f45e10061733f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 498e12855516a9009fcfff3d1a2d475ead1822ca
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=498e12855516a9009fcfff3d1a2d475ead1822ca
Author: Jesse Gross <jesse at nicira.com>
		
tunneling: Don't send ICMP messages if no tunnel port is found.
		
Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
store information while processing packets.  However, if we don't
find an appropriate tunnel port on receive, then we send an ICMP
port unreachable message, which calls back into the IP stack.  The
stack assumes that skb->cb will still contain valid information
about from the IP layer, including any IP options.  As a result,
icmp_echo_options() can read the garbage values from OVS and
overwrite data on the stack, panicing the machine.

This simply stops sending ICMP messages when ports are not found.
Many people find them confusing and flow based tunneling will
never send them (since it always finds a port) so it solves both
problems at once.

Bug #14880

Reported-by: Deepesh Govindan <dgovindan at nicira.com>
Signed-off-by: Jesse Gross <jesse at nicira.com>
Acked-by: Kyle Mestery <kmestery at cisco.com>


-----------------------------------------------------------------------

Summary of changes:
 datapath/vport-capwap.c |    4 +---
 datapath/vport-gre.c    |    4 +---
 datapath/vport-vxlan.c  |    4 +---
 3 files changed, 3 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
Open vSwitch



More information about the git mailing list