On Sep 5, 2014, at 2:26 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote:
>
> On Sep 5, 2014, at 2:12 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote:
>
>>>>
>>>> case OVS_KEY_ATTR_IPV4:
>>> [...]
>>>> - if (ipv4_key->ipv4_frag != flow_key->ip.frag)
>>>> - return -EINVAL;
>>>> + /* Non-writeable fields. */
>>>> + if (mask->ipv4_proto || mask->ipv4_frag)
>>>> + return -EINVAL;
>>>> + } else {
>>>> + if (!flow_key->ip.proto)
>>>> + return -EINVAL;
>>>
>>> I believe that this check on ip.proto is being used to verify that the
>>> IP header is actually present, so this would mean that we can write
>>> off the end of the packet in the masked case.
>>
>> But this is at flow set-up time, and the mask could still wildcard the
>> ip.proto field,
>
> I checked this and flow_key is the masked flow key, so it can not be
> wildcarded, sorry for the confusion. However, it is conceivable that a
> userspace app wants to set a flow to match on all IP packets with
> eth_type(0x0800), and then e.g. set(ipv4(tos=0)). So, I’d like to get rid of
> the ip.proto check anyway!
>
> Is the make_writeable() check sufficient?
Just discussed this with Pravin, planning to check the extracted packet key to
make sure the specific header exists in the packet.
Jarno
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
