On Thu, Jun 09, 2016 at 05:32:05PM -0700, William Tu wrote: > >> Signed-off-by: William Tu <u9012...@gmail.com> > > > > I'm a bit nervous about cutlen. Can a packet change, for example by > > popping a VLAN header, after cutlen is set? If so, can this cause the > > packet length to drop below 0, or below 14? > > > > I don't want this happen. As a result, at OpenFlow side I only expose > output(max_len=n,port=m) and in datapath, making truncate action > immediately followed by output action. So, after cutlen is set, it > immediately outputs to a port.
I understand that's what userspace does. What about in the datapath? Do the datapaths properly handle it if userspace adds a flow that does "truncate, pop_vlan, ..., output"? The kernel datapath, in particular, should be able to handle malicious or buggy userspace. > However, if the output port is a patch port, then we might have other > actions come in between truncate and output action. And if it is > popping a vlan header, then packet length could drop to below 60 byte > or lower depends on number of vlan_pop. For this reason, the current > patch disallows output to the patch port. That restriction seems OK. It can always be relaxed later. > > xlate_output_trunc_action() disallows all special OFPP_* ports. Is > > there a reason to disallow output_trunc to OFPP_LOCAL or OFPP_IN_PORT? > > > In the beginning I couldn't think of any use case of OFPP_LOCAL or > OFPP_IN_PORT so I disallow them. I could enable it in next version. Thanks. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
