Minxi Hou <[email protected]> writes: > Add test_trunc exercising the OVS_ACTION_ATTR_TRUNC action. The test > verifies truncation limits in four steps: reject trunc(1) and > trunc(13) which are below ETH_HLEN, confirm normal forwarding works, > apply trunc(14) which truncates packets to the Ethernet header and > verify ping fails, then restore normal forwarding and verify recovery. > > The kernel requires max_len >= ETH_HLEN (14 bytes). trunc(14) sets > OVS_CB(skb)->cutlen so pskb_trim strips the IP payload at output > time; the receiver drops the runt frame and no echo reply is > generated. > > Signed-off-by: Minxi Hou <[email protected]> > ---
Reviewed-by: Aaron Conole <[email protected]> NB: There is a note from Sashiko on this about a pre-existing issue with trunc() action. That issue was discussed a bit offline, and I think someone/someprocess is going to submit a patch upstream "soon." That said, as with all actions related security issues in OVS, they require giving a process CAP_NET_ADMIN, which is quite a powerful capability and generally not advised for the average user. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
