From e62d903bca43235e5c92ded0753b1c13096e790a Mon Sep 17 00:00:00 2001
From: Jesse Gross <jesse@nicira.com>
Date: Wed, 8 Apr 2015 12:56:50 -0700
Subject: [PATCH] tunneling: Invalid packets should be cleared.

If we receive a packet with an invalid tunnel header, we
should drop the packet without further processing. Currently
we do this by removing any parsed tunnel metadata. However,
this is not sufficient to stop processing - this only results
in the packet getting dropped by chance when something
usually runs across part of the packet that does not make
sense. Since both the packet and its metadata are in an
inconsistent state, it's also possible that the result is
an ovs-vswitchd crash or forwarding of a mangled packet.

Rather than clear the metadata, an alternate solution is to
remove all of the packet data. This guarantees that the
packet gets dropped during the next round of processing.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
---
 lib/netdev.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/netdev.c b/lib/netdev.c
index 9d391634b09..45f7f29a0db 100644
--- a/lib/netdev.c
+++ b/lib/netdev.c
@@ -747,8 +747,7 @@ netdev_pop_header(struct netdev *netdev, struct dp_packet **buffers, int cnt)
 
         err = netdev->netdev_class->pop_header(buffers[i]);
         if (err) {
-            struct flow_tnl *tunnel_md = &buffers[i]->md.tunnel;
-            memset(tunnel_md, 0, sizeof *tunnel_md);
+            dp_packet_clear(buffers[i]);
         }
     }