[ovs-dev] the host will be soft lookup when some illeagal packets attack host

Zhangkun (K) Mon, 08 Aug 2016 20:34:05 -0700

diff --git a/datapath/linux/compat/flow_dissector.c 
b/datapath/linux/compat/flow_dissector.c
index 3f42dba..4c5d023 100644
--- a/datapath/linux/compat/flow_dissector.c
+++ b/datapath/linux/compat/flow_dissector.c
@@ -77,7 +77,7 @@ again:
                struct iphdr _iph;
ip:
                iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
-               if (!iph)
+               if (!iph || iph->ihl < 5)
                        return false;
                if (ip_is_fragment(iph))



if IHL in IP head is very small or zero , some illegal packets using 
IPPROTO_IPIP in the L4 layer protocol will lead to the death cycle.

For example of the packet header:

a0 5b f7 a8 44 4d 10 12 4e a8 bf 86 08 00 40 00
00 34 bb 84 40 00 40 04 fd e9 c0 a8 00 03 c0 a8
00 02 b6 9a 00 16 7a c0 a6 14 d0 e0 84 70 80 10
00 73 81 7c 00 00 01 01 08 0a 00 00 1d 90 00 05
d7 4f

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] the host will be soft lookup when some illeagal packets attack host

Reply via email to