Minxi Hou <[email protected]> writes:

> Add test_trunc exercising the OVS_ACTION_ATTR_TRUNC action. The test
> verifies truncation limits in four steps: reject trunc(1) and
> trunc(13) which are below ETH_HLEN, confirm normal forwarding works,
> apply trunc(14) which truncates packets to the Ethernet header and
> verify ping fails, then restore normal forwarding and verify recovery.
>
> The kernel requires max_len >= ETH_HLEN (14 bytes). trunc(14) sets
> OVS_CB(skb)->cutlen so pskb_trim strips the IP payload at output
> time; the receiver drops the runt frame and no echo reply is
> generated.
>
> Signed-off-by: Minxi Hou <[email protected]>
> ---

Reviewed-by: Aaron Conole <[email protected]>

NB: There is a note from Sashiko on this about a pre-existing issue with
trunc() action.  That issue was discussed a bit offline, and I think
someone/someprocess is going to submit a patch upstream "soon."  That
said, as with all actions related security issues in OVS, they require
giving a process CAP_NET_ADMIN, which is quite a powerful capability and
generally not advised for the average user.

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to