Re: [ovs-dev] [PATCHv2] Update SECURITY.md

2015-01-11 Thread Ben Pfaff
I don't know anyone who uses Thunderbird. I never have. I'm not going to switch for this. On Fri, Jan 09, 2015 at 10:26:05PM +, Andrew Kampjes wrote: > So the way that I would see this working, is the security team would have > upto maybe 4 people on it. > > If a researcher just sends the r

Re: [ovs-dev] [PATCH] pkg-config: Fix Cflags in package-config files

2015-01-11 Thread Ben Pfaff
On Fri, Jan 09, 2015 at 12:29:48PM +0100, Thomas Graf wrote: > From: Amit Bose > > Cflags in pkg-config files sets the include path to $PREFIX/openflow, > $PREFIX/openvswitch. This makes the including source files use the files > like > include > instead of > include > > Signed-off-by: Ami

Re: [ovs-dev] [PATCH] FAQ.md: Describe OpenFlow packet buffering.

2015-01-11 Thread Ben Pfaff
Thanks! Applied. On Fri, Jan 09, 2015 at 10:01:23AM -0800, Jarno Rajahalme wrote: > Acked-by: Jarno Rajahalme > > On Jan 9, 2015, at 8:28 AM, Ben Pfaff wrote: > > > Signed-off-by: Ben Pfaff > > --- > > FAQ.md | 41 + > > 1 file changed, 41 insertions(+)

Re: [ovs-dev] [PATCH v3 2/2] [RFC] classifier: Add support for conjunctive matches.

2015-01-11 Thread Ben Pfaff
On Fri, Jan 09, 2015 at 04:54:42PM -0800, Jarno Rajahalme wrote: > With the small nits below: > > Acked-by: Jarno Rajahalme Thanks. I fixed up everything you mentioned and applied this to master. I gave details below; the only bit where I think you might want followup is on the treatment of O

[ovs-dev] [PATCH 0/2] Fixes for very-high-MTU

2015-01-11 Thread Ben Pfaff
These patches fix an assertion failure when very large (approximately 64 kB) packets are sent to userspace through a network device with a very large MTU. This bug was originally reported through the new security vulnerability management process, but we decided during the process that the severity

[ovs-dev] [PATCH 1/2] netlink: Refine calculation of maximum-length attributes.

2015-01-11 Thread Ben Pfaff
Until now the Netlink code has considered an attribute to exceed the maximum length if the *padded* size of the attribute exceeds 65535 bytes. For example, an attribute with a 65529-byte payload, together with 4-byte header and 3 bytes of padding, takes up 65536 bytes and therefore the existing cod

[ovs-dev] [PATCH 2/2] dpif-netlink: Drop oversized packets instead of assert-failing.

2015-01-11 Thread Ben Pfaff
A packet sent to a Netlink datapath has to fit within a Netlink attribute. Until now, this was only checked in an assertion inside the Netlink code, which meant that trying to send a too-large packet (approximate 64 kB or larger) would assert-fail. It's better to just drop those packets, which thi

Re: [ovs-dev] [PATCH 0/2] Fixes for very-high-MTU

2015-01-11 Thread Ben Pfaff
On Sun, Jan 11, 2015 at 01:50:23PM -0800, Ben Pfaff wrote: > These patches fix an assertion failure when very large (approximately 64 > kB) packets are sent to userspace through a network device with a very > large MTU. This bug was originally reported through the new security > vulnerability mana

Re: [ovs-dev] [PATCHv2] Update SECURITY.md

2015-01-11 Thread Andrew Kampjes
Well if no-one wants to use it, then I'll remove the GPG parts and call it good-enough. On Mon Jan 12 2015 at 06:26:43 Ben Pfaff wrote: > I don't know anyone who uses Thunderbird. I never have. I'm not going > to switch for this. > > On Fri, Jan 09, 2015 at 10:26:05PM +, Andrew Kampjes wro