Skip to content

Commit

Permalink
openvswitch: Validation of IPv6 set port action uses IPv4 header
Browse files Browse the repository at this point in the history
When the kernel validates set TCP/UDP port actions, it looks at
the ports in the existing flow to make sure that the L4 header exists.
However, these actions always use the IPv4 version of the struct.
Following patch fixes this by checking for flow ip protocol first.

Signed-off-by: Pravin B Shelar <[email protected]>
Signed-off-by: Jesse Gross <[email protected]>
  • Loading branch information
Pravin B Shelar authored and jessegross committed May 8, 2012
1 parent 4cb6e11 commit 072ae63
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions net/openvswitch/datapath.c
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,19 @@ static int validate_sample(const struct nlattr *attr,
return validate_actions(actions, key, depth + 1);
}

static int validate_tp_port(const struct sw_flow_key *flow_key)
{
if (flow_key->eth.type == htons(ETH_P_IP)) {
if (flow_key->ipv4.tp.src && flow_key->ipv4.tp.dst)
return 0;
} else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
if (flow_key->ipv6.tp.src && flow_key->ipv6.tp.dst)
return 0;
}

return -EINVAL;
}

static int validate_set(const struct nlattr *a,
const struct sw_flow_key *flow_key)
{
Expand Down Expand Up @@ -462,18 +475,13 @@ static int validate_set(const struct nlattr *a,
if (flow_key->ip.proto != IPPROTO_TCP)
return -EINVAL;

if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst)
return -EINVAL;

break;
return validate_tp_port(flow_key);

case OVS_KEY_ATTR_UDP:
if (flow_key->ip.proto != IPPROTO_UDP)
return -EINVAL;

if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst)
return -EINVAL;
break;
return validate_tp_port(flow_key);

default:
return -EINVAL;
Expand Down

0 comments on commit 072ae63

Please sign in to comment.