Hi,
I found a bug in OVS where a send to meter instruction can be accepted when
the meter ID does not exist. This causes a seg fault in our setup.
It occurs if we add a new meter and then add a flow rule to send matches to
that meter. If this flow rule is then modified to send the traffic to a
meter that does not exist, OVS will overwrite the actions and accept the
new (incorrect) meter ID.
I believe this is caused by add_flow function in ofproto.c calling
ofproto_check_ofpacts which in turn calls 'ofpacts_check' to verify the
actions and then does a check for a valid meter.
The modify_flows__ function, however, only calls 'ofpacts_check'.
Replacing the line in the modify_flows__ function in ofproto.c:
error = ofpacts_check(fm->ofpacts, fm->ofpacts_len, &fm->match.flow,
u16_to_ofp(ofproto->max_ports),
rule->table_id);
with
error = ofproto_check_ofpacts(ofproto, fm->ofpacts, fm->ofpacts_len,
&fm->match.flow, rule->table_id);
fixes the issue - it returns a meter error if the modify rule has an
invalid meter.
Let me know if there are any issues with this fix.
Thanks,
John
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
