On Thu, Jun 9, 2016 at 7:38 PM, Ben Pfaff <b...@ovn.org> wrote: > On Thu, Jun 09, 2016 at 05:32:05PM -0700, William Tu wrote: >> >> Signed-off-by: William Tu <u9012...@gmail.com> >> > >> > I'm a bit nervous about cutlen. Can a packet change, for example by >> > popping a VLAN header, after cutlen is set? If so, can this cause the >> > packet length to drop below 0, or below 14? >> > >> >> I don't want this happen. As a result, at OpenFlow side I only expose >> output(max_len=n,port=m) and in datapath, making truncate action >> immediately followed by output action. So, after cutlen is set, it >> immediately outputs to a port. > > I understand that's what userspace does. What about in the datapath? > Do the datapaths properly handle it if userspace adds a flow that does > "truncate, pop_vlan, ..., output"? The kernel datapath, in particular, > should be able to handle malicious or buggy userspace. >
There is check in truncate action at flow install. we can check the same at output. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
