[ovs-git] Open vSwitch: ofproto-dpif-xlate: Make flows that match ICMP fields revalidate correctly. (branch-2.0)

dev at openvswitch.org dev at openvswitch.org
Tue Feb 11 17:43:42 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, branch-2.0 has been updated
       via  d2bf1bf62e81862fe02795277b9427916f2d9425 (commit)
      from  89ffab9d002bb74c829a45c499386769749f741c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d2bf1bf62e81862fe02795277b9427916f2d9425
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=d2bf1bf62e81862fe02795277b9427916f2d9425
Author: Ben Pfaff <blp at nicira.com>
		
ofproto-dpif-xlate: Make flows that match ICMP fields revalidate correctly.
		
ICMPv4 and ICMPv6 have 8-bit "type" and "code" fields.  struct flow
uses the low 8 bits of the 16-bit tp_src and tp_dst members to
represent these fields.  The datapath interface, on the other hand,
represents them with just 8 bits each.  This means that if the high 8
bits of the masks for these fields somehow become set (meaning to
match on the nonexistent "high bits" of these fields) during
translation, then they will get chopped off by a round trip through
the datapath, and revalidation will spot that as an inconsistency and
delete the flow.  This commit avoids the problem by making sure that
only the low 8 bits of either field can be unwildcarded for ICMP.

This seems like the minimal fix for this problem, appropriate for
backporting to earlier branches.  The root of the issue is that these high
bits can get set in the match at all.  I have some leads on that, but they
require more invasive changes elsewhere.

Bug #23320.
Reported-by: Krishna Miriyala <miriyalak at vmware.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>
Acked-by: Andy Zhou <azhou at nicira.com>


-----------------------------------------------------------------------

Summary of changes:
 lib/meta-flow.c              |   14 --------------
 lib/packets.h                |   14 +++++++++++++-
 ofproto/ofproto-dpif-xlate.c |   19 ++++++++++++++++++-
 3 files changed, 31 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
Open vSwitch



More information about the git mailing list