More specifically, this code in bfd_process_packet() sees p->l7 == NULL
and does pointer arithmetic on NULL, which seems bad:
msg = ofpbuf_at(p, (uint8_t *)p->l7 - (uint8_t *)p->data, BFD_PACKET_LEN);
On Wed, Oct 16, 2013 at 02:20:15PM -0700, Alex Wang wrote:
> Have a question,
>
> function flow_compose() is called when we specify '-generate' option. in
> that case, the packet will not have any l7 data. so, seem to me there is
> no change to the output.
>
> Thanks,
>
>
> On Mon, Sep 30, 2013 at 2:47 PM, Ben Pfaff <[email protected]> wrote:
>
> > flow_extract() fills in ->l7 but flow_compose() wasn't doing it, which
> > confused bfd_process_packet() when invoked via the ofproto/trace appctl
> > command.
> >
> > Signed-off-by: Ben Pfaff <[email protected]>
> > ---
> > lib/flow.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/lib/flow.c b/lib/flow.c
> > index 0678c6f..7372e3b 100644
> > --- a/lib/flow.c
> > +++ b/lib/flow.c
> > @@ -1032,6 +1032,7 @@ flow_compose(struct ofpbuf *b, const struct flow
> > *flow)
> > icmp->icmp_code = ntohs(flow->tp_dst);
> > icmp->icmp_csum = csum(icmp, ICMP_HEADER_LEN);
> > }
> > + b->l7 = ofpbuf_tail(b);
> > }
> >
> > ip = b->l3;
> > --
> > 1.7.10.4
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > http://openvswitch.org/mailman/listinfo/dev
> >
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
