ovs may install bad datapath flow when meet malformed pkts. As a result, it may allows some unwanted pkts pass. This could be a point of attack.
lic121 (3): upcall: prevent from installing flows when inconsistence tests: fix packet data endianness upcall: considering dataofs when parsing tcp pkt lib/flow.c | 18 ++++++++++-------- ofproto/ofproto-dpif-upcall.c | 29 +++++++++++++++++++++++++---- tests/flowgen.py | 2 +- tests/ofproto-dpif.at | 31 +++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 13 deletions(-) -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
