From: Eli Britstein
In case of a malformed packet, its parsing fails. Instead of continuing
and possible form a wrong flow, drop the packet.
Relevant tests changed to send valid packets.
Signed-off-by: Eli Britstein
Acked-by: Roi Dayan
---
lib/dpif-netdev.c| 7 ++-
tests/mpls-xlate.at | 4 ++--
tests/ofproto-dpif.at| 6 +++---
tests/ofproto.at | 6 +++---
tests/tunnel-push-pop.at | 2 +-
5 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index c7f9e149025e..cf27d2631a94 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -8588,7 +8588,12 @@ dfc_processing(struct dp_netdev_pmd_thread *pmd,
}
}
-miniflow_extract(packet, &key->mf);
+if (OVS_UNLIKELY(!miniflow_extract(packet, &key->mf))) {
+dp_packet_delete(packet);
+COVERAGE_INC(datapath_drop_rx_invalid_packet);
+continue;
+}
+
key->len = 0; /* Not computed yet. */
key->hash =
(md_is_valid == false)
diff --git a/tests/mpls-xlate.at b/tests/mpls-xlate.at
index 7474becc8914..c0f33715dc82 100644
--- a/tests/mpls-xlate.at
+++ b/tests/mpls-xlate.at
@@ -72,13 +72,13 @@ AT_CHECK([tail -1 stdout], [0],
])
for d in 0 1 2 3; do
-
pkt="in_port(1),eth(src=f8:bc:12:44:34:b6,dst=f8:bc:12:46:58:e0),eth_type(0x8847),mpls(label=22,tc=0,ttl=64,bos=1)"
+
pkt="f8bc124658e0f8bc124434b68847000161404518000140007ae6"
AT_CHECK([ovs-appctl netdev-dummy/receive p0 $pkt])
done
AT_CHECK([ovs-appctl dpctl/dump-flows | sed 's/packets.*actions:1/actions:1/'
| strip_used | strip_ufid | sort], [0], [dnl
flow-dump from the main thread:
-recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth_type(0x8847),mpls(label=22/0xf,tc=0/0,ttl=64/0x0,bos=1/1),
packets:3, bytes:54, used:0.0s, actions:pop_mpls(eth_type=0x800),recirc(0x3)
+recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth_type(0x8847),mpls(label=22/0xf,tc=0/0,ttl=64/0x0,bos=1/1),
packets:3, bytes:126, used:0.0s, actions:pop_mpls(eth_type=0x800),recirc(0x3)
recirc_id(0x3),in_port(1),packet_type(ns=0,id=0),eth(src=f8:bc:12:44:34:b6,dst=f8:bc:12:46:58:e0),eth_type(0x0800),ipv4(src=0.0.0.0,dst=0.0.0.0,proto=0,frag=no),
actions:100
])
diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at
index 0b23fd6c5ea6..65c94a59abae 100644
--- a/tests/ofproto-dpif.at
+++ b/tests/ofproto-dpif.at
@@ -7477,10 +7477,10 @@ AT_CHECK([tail -1 stdout], [0],
])
dnl An 170 byte packet
-AT_CHECK([ovs-appctl netdev-dummy/receive p1
'000c29c8a0a4005056c80800459cb4a640019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p1
'000c29c8a0a4005056c8459cb4a640019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f'])
AT_CHECK([ovs-ofctl parse-pcap p1.pcap], [0], [dnl
-icmp,in_port=ANY,vlan_tci=0x,dl_src=00:50:56:c0:00:08,dl_dst=00:0c:29:c8:a0:a4,nw_src=192.168.218.1,nw_dst=192.168.218.100,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+in_port=ANY,vlan_tci=0x,dl_src=00:50:56:c0:00:08,dl_dst=00:0c:29:c8:a0:a4,dl_type=0x05ff
])
AT_CHECK([ovs-appctl revalidator/purge], [0])
@@ -7509,7 +7509,7 @@ AT_CHECK([tail -1 stdout], [0],
])
dnl An 170 byte packet
-AT_CHECK([ovs-appctl netdev-dummy/receive p1
'000c29c8a0a4005056c80800459cb4a640019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f'])
+AT_CHECK([ovs-appctl netdev-dummy/receive p1
'000c29c8a0a4005056c8459cb4a640019003c0a8da01c0a8da640800cb5fa762000556f431ad0009388e08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f'])
AT_CHECK([ovs-appctl revalidator/purge], [0])
dnl packet size: 64 + 128 + 170 = 362
diff --git a/tests/ofproto.at b/tests/ofproto.at
index 2889f81fb171..435f0f45762c 100644
--- a/tests/ofproto.at
+++ b/tests/ofproto.at
@@ -6627,11 +6627,11 @@ AT_CHECK([ovs-ofctl del-flows br0])
AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
dnl send a proto 0 packet to try and poison the DP flow path
-AT_CHECK