When we execute a packet from userspace we first extract the header
fields from the packet and then add supplied metadata. However, we
compute the hash of the packet in between these two steps despite
the fact that the metadata can affect the hash. This can lead to
two separate hashes for packets of the same flow.
Found by code inspection, not an actual real-world problem.
Signed-off-by: Jesse Gross <je...@nicira.com>
---
datapath/datapath.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/datapath/datapath.c b/datapath/datapath.c
index 7499081..b92c198 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -686,7 +686,6 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb,
struct genl_info *info)
err = flow_extract(packet, -1, &flow->key, &key_len, &is_frag);
if (err)
goto err_flow_put;
- flow->tbl_node.hash = flow_hash(&flow->key, key_len);
err = flow_metadata_from_nlattrs(&flow->key.eth.in_port,
&flow->key.eth.tun_id,
@@ -694,6 +693,8 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb,
struct genl_info *info)
if (err)
goto err_flow_put;
+ flow->tbl_node.hash = flow_hash(&flow->key, key_len);
+
acts = flow_actions_alloc(a[OVS_PACKET_ATTR_ACTIONS]);
err = PTR_ERR(acts);
if (IS_ERR(acts))
--
1.7.4.1
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
