On 15.05.2018 20:18, Ben Pfaff wrote: > On Tue, May 15, 2018 at 02:23:38PM +0300, Ilya Maximets wrote: >> Unconditional return may cause packet leak in case of >> 'may_steal == true'. >> >> Additionally, removed redundant checking for depth level and >> clarified ignoring of the 'false' value of 'may_steal'. >> >> CC: Sugesh Chandran <[email protected]> >> Fixes: 7c12dfc527a5 ("tunneling: Avoid datapath-recirc by >> combining recirc actions at xlate.") >> Signed-off-by: Ilya Maximets <[email protected]> > > Thanks. This seems reasonable to me. > > Did you take a look at the other cases in the function to see whether > they have the same problem? > > Since this is in dpif-netdev I'll leave the final review to Ian for his > branch.
Hello, Ian. What do you think about this patch? Sorry for pinging, but this is a really bad issue which drains the mempool in case of badly configured OpenFlow rules. We're faced this on one of SDN setups in our testing lab. Is it possible to include the fix in one of the next pull requests? Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
