On Fri, Jan 10, 2014 at 05:03:54PM +0000, John Hurley wrote:
> I found a bug in OVS where a send to meter instruction can be accepted when
> the meter ID does not exist. This causes a seg fault in our setup.
>
> It occurs if we add a new meter and then add a flow rule to send matches to
> that meter. If this flow rule is then modified to send the traffic to a
> meter that does not exist, OVS will overwrite the actions and accept the
> new (incorrect) meter ID.
>
> I believe this is caused by add_flow function in ofproto.c calling
> ofproto_check_ofpacts which in turn calls 'ofpacts_check' to verify the
> actions and then does a check for a valid meter.
> The modify_flows__ function, however, only calls 'ofpacts_check'.
>
> Replacing the line in the modify_flows__ function in ofproto.c:
>
> error = ofpacts_check(fm->ofpacts, fm->ofpacts_len, &fm->match.flow,
> u16_to_ofp(ofproto->max_ports),
> rule->table_id);
>
> with
>
> error = ofproto_check_ofpacts(ofproto, fm->ofpacts, fm->ofpacts_len,
> &fm->match.flow, rule->table_id);
>
> fixes the issue - it returns a meter error if the modify rule has an
> invalid meter.
Thanks. I sent out a patch for review:
http://openvswitch.org/pipermail/dev/2014-January/035883.html
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
