[ovs-git] Open vSwitch: datapath: Use masked flow when validating actions. (master)

dev at openvswitch.org dev at openvswitch.org
Tue Jul 16 22:38:23 UTC 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, master has been updated
       via  529db6351a720e3525059370a7ebd2420582395f (commit)
      from  eb19e5f0781cdf3caec1a0ba172fcaf32da5e481 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 529db6351a720e3525059370a7ebd2420582395f
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=529db6351a720e3525059370a7ebd2420582395f
Author: Jesse Gross <jesse at nicira.com>
		
datapath: Use masked flow when validating actions.
		
It is important to validate flow actions to ensure that they do
not try to write off the end of a packet. The mechanism to do this
is to ensure that a flow is precise enough to describe valid vs.
invalid packets and only allowing actions on valid flows.

The introduction of megaflows broke this by using a narrow base
flow but a potentially wide match. This meant that while the
original flow was properly validated, later packets might not
conform to that flow and could be truncated. This switches to
using the masked flow instead, effectively requiring that all
possible matching packets be valid in order for a flow's actions
to be accepted.

This change only affects the flow setup path - executed packets
have always used the flow extracted from the packet and therefore
were properly validated.

Signed-off-by: Jesse Gross <jesse at nicira.com>


-----------------------------------------------------------------------

Summary of changes:
 datapath/datapath.c |   15 +++++++++++----
 datapath/flow.c     |   12 ++++--------
 datapath/flow.h     |    5 +++--
 3 files changed, 18 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
Open vSwitch

More information about the git mailing list