Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-20 Thread Paul Boca
Hi Nithin! Thanks for your review and changes! Regards, Paul > -Original Message- > From: Nithin Raju [mailto:nit...@vmware.com] > Sent: Friday, May 20, 2016 1:31 AM > To: Paul Boca; dev@openvswitch.org > Subject: Re: [ovs-dev] [PATCH V2] datapath-windows: Validate

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-19 Thread Nithin Raju
Hi Paul, I looked at the change in detail and it is definitely in the right spirit to harden the kernel datapath code. However, I thought a few things could be simplified a little. I will be sending out a couple of simple reviews on top of your patch (that is already submitted). Pls. take a look.

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-17 Thread Paul Boca
Hi Nithin! You are right, this code shouldn't be here in this case. I will take it out in a future patch. Thanks, Paul From: Nithin Raju [mailto:nit...@vmware.com] Sent: Tuesday, May 17, 2016 9:09 PM To: Paul Boca; dev@openvswitch.org Subject: Re: [ovs-dev] [PATCH V2] datapath-windows: Val

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-17 Thread Paul Boca
Sent: Tuesday, May 17, 2016 8:42 PM > To: Paul Boca; dev@openvswitch.org > Subject: Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets > integrity > > Hi Paul, > Can you point out the particular code that fixed the access violation? > > I looked at the c

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-17 Thread Nithin Raju
Just a couple of more comments. -Original Message- From: dev mailto:dev-boun...@openvswitch.org>> on behalf of Paul Boca mailto:pb...@cloudbasesolutions.com>> Date: Wednesday, April 27, 2016 at 1:05 AM To: "dev@openvswitch.org" mailto:dev@openvswitch.org>> Su

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-17 Thread Nithin Raju
Hi Paul, Can you point out the particular code that fixed the access violation? I looked at the code, and code such as the following is redundant: +// We need to ensure we have enough data to process +if (NlMsgSize(&ovsMsg->nlMsg) > ovsMsgLength) { +status = STATUS_INVALID_PARAMETE

Re: [ovs-dev] [PATCH V2] datapath-windows: Validate netlink packets integrity

2016-05-16 Thread Ben Pfaff
On Wed, Apr 27, 2016 at 08:05:47AM +, Paul Boca wrote: > Solved access violation when trying to acces netling message - obtained with > forged IOCTLs > > Signed-off-by: Paul-Daniel Boca > Acked-by: Alin Gabriel Serdean > --- > V2: Fixed alignement problems Applied, thanks!