On 7/3/25 1:08 AM, Flavio Leitner wrote: >>>> @@ -651,6 +654,10 @@ static int ovs_packet_cmd_execute(struct sk_buff >>>> *skb, struct genl_info *info) !!(hash & OVS_PACKET_HASH_L4_BIT)); >>>> } >>>> >>>> + if (a[OVS_PACKET_ATTR_UPCALL_PID]) >>>> + upcall_pid = >>>> nla_get_u32(a[OVS_PACKET_ATTR_UPCALL_PID]); >>>> + OVS_CB(packet)->upcall_pid = upcall_pid; > > Since this is coming from userspace, does it make sense to check if the > upcall_pid is one of the pids in the dp->upcall_portids array?
Not really. IMO, this would be an unnecessary artificial restriction. We're not concerned about security here since OVS_PACKET_CMD_EXECUTE requires the same privileges as the OVS_DP_CMD_NEW or the OVS_DP_CMD_SET. Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
