On Sep 5, 2014, at 2:26 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote:

> 
> On Sep 5, 2014, at 2:12 PM, Jarno Rajahalme <jrajaha...@nicira.com> wrote:
> 
>>>> 
>>>>       case OVS_KEY_ATTR_IPV4:
>>> [...]
>>>> -               if (ipv4_key->ipv4_frag != flow_key->ip.frag)
>>>> -                       return -EINVAL;
>>>> +                       /* Non-writeable fields. */
>>>> +                       if (mask->ipv4_proto || mask->ipv4_frag)
>>>> +                               return -EINVAL;
>>>> +               } else {
>>>> +                       if (!flow_key->ip.proto)
>>>> +                               return -EINVAL;
>>> 
>>> I believe that this check on ip.proto is being used to verify that the
>>> IP header is actually present, so this would mean that we can write
>>> off the end of the packet in the masked case.
>> 
>> But this is at flow set-up time, and the mask could still wildcard the 
>> ip.proto field,
> 
> I checked this and flow_key is the masked flow key, so it can not be 
> wildcarded, sorry for the confusion. However, it is conceivable that a 
> userspace app wants to set a flow to match on all IP packets with 
> eth_type(0x0800), and then e.g. set(ipv4(tos=0)). So, I’d like to get rid of 
> the ip.proto check anyway!
> 
> Is the make_writeable() check sufficient?


Just discussed this with Pravin, planning to check the extracted packet key to 
make sure the specific header exists in the packet.

  Jarno

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to