On Wed, Apr 8, 2015 at 1:19 PM, Jesse Gross <[email protected]> wrote: > If we receive a packet with an invalid tunnel header, we > should drop the packet without further processing. Currently > we do this by removing any parsed tunnel metadata. However, > this is not sufficient to stop processing - this only results > in the packet getting dropped by chance when something > usually runs across part of the packet that does not make > sense. Since both the packet and its metadata are in an > inconsistent state, it's also possible that the result is > an ovs-vswitchd crash or forwarding of a mangled packet. > > Rather than clear the metadata, an alternate solution is to > remove all of the packet data. This guarantees that the > packet gets dropped during the next round of processing. > > Signed-off-by: Jesse Gross <[email protected]> > --- > lib/netdev.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/lib/netdev.c b/lib/netdev.c > index aed5289..790bab9 100644 > --- a/lib/netdev.c > +++ b/lib/netdev.c > @@ -747,8 +747,7 @@ netdev_pop_header(struct netdev *netdev, struct dp_packet > **buffers, int cnt) > > err = netdev->netdev_class->pop_header(netdev, buffers[i]); > if (err) { > - struct flow_tnl *tunnel_md = &buffers[i]->md.tunnel; > - memset(tunnel_md, 0, sizeof *tunnel_md); > + dp_packet_clear(buffers[i]); > } > }
Thanks for fixing it. Acked-by: Pravin B Shelar <[email protected]> _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
