tunneling: Invalid packets should be cleared.

If we receive a packet with an invalid tunnel header, we should drop the packet without further processing. Currently we do this by removing any parsed tunnel metadata. However, this is not sufficient to stop processing - this only results in the packet getting dropped by chance when something usually runs across part of the packet that does not make sense. Since both the packet and its metadata are in an inconsistent state, it's also possible that the result is an ovs-vswitchd crash or forwarding of a mangled packet. Rather than clear the metadata, an alternate solution is to remove all of the packet data. This guarantees that the packet gets dropped during the next round of processing. Signed-off-by: Jesse Gross <[email protected]> Acked-by: Pravin B Shelar <[email protected]>
aleeee · Apr 9, 2015 · e62d903 · e62d903
1 parent d625fbd
commit e62d903
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/lib/netdev.c b/lib/netdev.c
@@ -747,8 +747,7 @@ netdev_pop_header(struct netdev *netdev, struct dp_packet **buffers, int cnt)
 
         err = netdev->netdev_class->pop_header(buffers[i]);
         if (err) {
-            struct flow_tnl *tunnel_md = &buffers[i]->md.tunnel;
-            memset(tunnel_md, 0, sizeof *tunnel_md);
+            dp_packet_clear(buffers[i]);
         }
     }