Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch.15775 for
openSUSE:Leap:15.2:Update checked in at 2021-02-13 13:02:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/openvswitch.15775 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.openvswitch.15775.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch.15775"
Sat Feb 13 13:02:36 2021 rev:1 rq:871318 version:unknown
Changes:
--------
New Changes file:
--- /dev/null 2021-01-11 18:20:20.070723563 +0100
+++
/work/SRC/openSUSE:Leap:15.2:Update/.openvswitch.15775.new.28504/openvswitch.changes
2021-02-13 13:02:36.940365006 +0100
@@ -0,0 +1,1880 @@
+-------------------------------------------------------------------
+Mon Feb 8 15:51:26 UTC 2021 - Jaime Caama??o Ruiz <[email protected]>
+
+- Add patch to include security fix for CVE-2020-35498 (bsc#1181742).
+ * 0001-flow-Support-extra-padding-length.patch
+
+-------------------------------------------------------------------
+Wed Jan 27 10:08:18 UTC 2021 - Jaime Caama??o Ruiz <[email protected]>
+
+- Update openvswitch to 2.13.2. For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/v2.13.2/NEWS
+ Includes security fix for CVE-2020-27827 (bsc#1181345).
+- Removed patches no longer applying to code base:
+ * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+ * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+ * 0002-ovs-monitor-ipsec-Convert-Python2-code-to-Python3.patch
+
+-------------------------------------------------------------------
+Tue Nov 3 11:08:37 UTC 2020 - Jaime Caama??o Ruiz <[email protected]>
+
+- Replaced `%service_del_postun -n` with `%service_del_postun_without_restart`
+ (bsc#1117483).
+
+-------------------------------------------------------------------
+Tue Sep 29 11:43:40 UTC 2020 - Jaime Caama??o Ruiz <[email protected]>
+
+- Update openvswitch to 2.13.1. For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/v2.13.1/NEWS
+- Update ovn to 20.03.1. For a list of changes check
+ https://github.com/ovn-org/ovn/blob/v20.03.1/NEWS
+- Fix wrong default directories for OVS python utilities (bsc#1176273).
+- Add upstream patches to fix openvswitch-ipsec service (bsc#1176273).
+ * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+ * 0002-ovs-monitor-ipsec-Convert-Python2-code-to-Python3.patch
+
+-------------------------------------------------------------------
+Mon Jun 15 13:21:22 UTC 2020 - Jaime Caama??o Ruiz <[email protected]>
+
+- Fix preserving old default OVS_USER_ID for users that removed the
+ override at /etc/sysconfig/openvswitch or for users affected by
+ fillup bug below (bsc#1172861).
+- Add patch to workaround a possible fillup issue that could cause
+ existing openvswitch configuration to be unintendedly altered during
+ upgrades (bsc#1172929).
+ * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+
+-------------------------------------------------------------------
+Wed Jun 3 14:53:21 UTC 2020 - Jaime Caama??o Ruiz <[email protected]>
+
+- add missing provides/obsoletes for python3-openvswitch-test
+
+-------------------------------------------------------------------
+Mon May 4 11:38:26 UTC 2020 - Jaime Caama??o Ruiz <[email protected]>
+
+- Update openvswitch to 2.13.0.
+ * For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
+ * This version drops python2 binding support. Only python3 bindings
+ provided going forward.
+ * Tool ovs-vlan-bug-workaround is no longer provided.
+- OVN was split to its own repo but is still built together with OVS and as
+ such from this same source package. OVN initial version is 20.03.
+ * For a list of changes, check
+ https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
+ * Packages openvswitch-ovn* are renamed to ovn*.
+ * OVN now has its own sysconfig and log paths.
+- Add OVS patch to be proposed upstream:
+ * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+- Patch instead of post-processing configuration files to set running
+ credentials (bsc#1157338):
+ * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
+ * 0001-Run-ovn-as-openvswitch-openvswitch.patch
+- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
+ (bsc#1140835). System admin should mount hugepages on a path and permissions
of
+ his choosing for OVS. Add patch:
+ * 0001-Don-t-change-permissions-of-dev-hugepages.patch
+- Will no longer install udev rule to change group ownership of vfio devices to
+ 'hugetlbfs'. Group name does not make much sense in this case and ownership
of
+ vfio devices should be coordinated system wide or per device.
+- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
+ OVS will now run under group 'openvswitch' whether compiled with DPDK support
+ or not.
+- OVS persistent state is now saved on /var/lib/openvswitch instead of
+ /etc/openvswitch for new installs.
+
+-------------------------------------------------------------------
+Thu Feb 13 18:06:02 UTC 2020 - Dirk Mueller <[email protected]>
+
+- add missing sortedcontainers dependency to the python bindings
+
+-------------------------------------------------------------------
+Mon Oct 28 14:56:34 UTC 2019 - Jaime Caama??o Ruiz <[email protected]>
+
+- Update openvswitch to 2.12.0. For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/master/NEWS
+- Removed patches that are already included upstream:
+ * 0001-rhel-secure-openvswitch-useropts.patch
+ * 0002-rhel-let-ctl-handle-runtime-directory.patch
+- Rebased patches:
+ * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+
+-------------------------------------------------------------------
+Thu Aug 8 11:55:36 UTC 2019 - <[email protected]>
+
+- Fixed missing obsoletes for old python-ovs (bsc#1138948).
+
+-------------------------------------------------------------------
+Tue Jul 16 09:10:42 UTC 2019 - <[email protected]>
+
+- Add unbound as a build requirement to support asynchronous DNS
+ resolving for remotes.
+
+-------------------------------------------------------------------
+Thu Jun 20 12:00:42 UTC 2019 - <[email protected]>
+
+- Update DPDK dependency to support DPDK 18.11.2.
+
+-------------------------------------------------------------------
+Mon Jun 10 17:12:00 UTC 2019 - <[email protected]>
+
+- Add upstream patches to fix bsc#1135884:
+ * 0001-rhel-secure-openvswitch-useropts.patch
+ * 0002-rhel-let-ctl-handle-runtime-directory.patch
+
+-------------------------------------------------------------------
+Mon May 6 17:08:26 UTC 2019 - <[email protected]>
+
+- Use temporary directory for python build.
+
+-------------------------------------------------------------------
+Mon Apr 29 14:12:36 UTC 2019 - <[email protected]>
+
+- Fix problem preventing new installs to run as non root (bsc#1132029),
+ including:
+ * Align with upstream so that no running configuration is changed on
+ upgrades, specifically to avoid changes on the user Open vSwitch runs
+ under.
+ * hugetblfs groups is created as system group.
+- Add missing opnvswitch-ipsec package and systemd service.
+- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
+ libreswan package not available currently.
+ * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+- Add missing ovs-delete-transient-ports systemd service.
+- Align installed headers with upstream.
+- Fix problem preventing rpm build '--with check'.
+- Fix python environment that had directories pointing to /usr/local.
+- Version bump to 2.11.1. Some of the changes are:
+ * netdev-tc-offloads: Fix probe tc block support
+ * rhel: Include all header files in the Fedora's devel package
+ * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
+ * OVN: Make periodic RAs consistent with RA responder.
+ * OVN: Always send prefix option in RAs
+ * OVN: Use offset instead of pointer into ofpbuf
+ * ofproto: fix the bug of bucket counter is not updated
+ * netdev-dpdk: Print netdev name for txq mapping.
+ * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
+ * ifupdown.sh: Add missing "--may-exist" option
+ * dpif-netdev-perf: Fix double update of perf histograms.
+ * dpdk: Stop dumping memzones to stdout.
+ * dpctl: Drop parser debug information.
+ * netdev-tc-offloads: Properly get the block id on flow del/get
+ * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
+ * conntrack: Replace structure copy by memcpy().
+ * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
+ * conntrack: Fix race for NAT cleanup.
+ * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic
addresses.
+ * datapath-windows: Add annotations to find vport functions
+ * datapath-windows: Guard vport usage in user.c
+ * datapath-windows: Fix potential deadlock in event subscription
+ * datapath-windows: Fix race condition during port creation
+ * datapath-windows: Fix nbl cleanup when memory allocation fails
+ * netdev-linux: Remove ingress qdisc before trying to add shared block
+ * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
+ * ovsdb-idl: Fix memory leak of idl->remote.
+ * travis: Remove 'sudo' configuration.
+ * OVN: Add port addresses to IPAM after all ports are joined.
+ * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
+ * OVN: update RA next_announce according to {min, max}_interval
+ * rconn: Avoid occasional immediate connection failures.
+ * dpdk: Fix case-sensitivity of dpdk-init knob.
+ * NEWS: Clean up the 2.11.0 release notes a bit.
+ * conntrack: Fix L4 csum for V6 extension hdr pkts.
+ * packets: Change return type for 'packet_csum_upperlayer6()'.
+ * ovsdb-client: Fix typo.
+ * ovn-nbctl: Daemon mode should retry when IDL connection lost.
+ * ofctl: break the loop if ovs_pcap_read returns error
+ * netlink: added check to prevent netlink attribute overflow
+
+-------------------------------------------------------------------
+Mon Mar 25 14:18:56 UTC 2019 - <[email protected]>
+
+- Disable dpdk on ix86, aligned with dpdk package.
+
+-------------------------------------------------------------------
+Thu Mar 21 15:12:55 UTC 2019 - Jan Engelhardt <[email protected]>
+
+- Combine %service_* calls to reduce generated boilerplate.
++++ 1683 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.openvswitch.15775.new.28504/openvswitch.changes
New:
----
0001-Don-t-change-permissions-of-dev-hugepages.patch
0001-Run-openvswitch-as-openvswitch-openvswitch.patch
0001-Run-ovn-as-openvswitch-openvswitch.patch
0001-Use-double-hash-for-OVS_USER_ID-comment.patch
0001-Use-strongswan-for-openvswitch-ipsec-service.patch
0001-flow-Support-extra-padding-length.patch
Module.supported.updates
openvswitch-2.13.2.tar.gz
openvswitch.changes
openvswitch.spec
ovn-20.03.1.tar.gz
preamble
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvswitch.spec ++++++
++++ 1304 lines (skipped)
++++++ 0001-Don-t-change-permissions-of-dev-hugepages.patch ++++++
>From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]>
Date: Wed, 6 May 2020 16:32:28 +0200
Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages
For SLES/openSUSE, don't change permissions of /dev/hugepages as that is
a system path. Sysadmin shoudl mount hugepages on a path and permission
of his choosing if OVS either manually or via hugeadm.
---
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ----
1 file changed, 4 deletions(-)
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index ff43dae96..08355d950 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf
EnvironmentFile=-/etc/sysconfig/openvswitch
EnvironmentFile=-/run/openvswitch.useropts
LimitSTACK=2M
-@begin_dpdk@
-ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
-ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
-@end_dpdk@
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovsdb-server --no-monitor --system-id=random \
${OVS_USER_OPT} \
--
2.16.4
++++++ 0001-Run-openvswitch-as-openvswitch-openvswitch.patch ++++++
>From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]>
Date: Fri, 8 May 2020 11:15:57 +0200
Subject: [PATCH] Run openvswitch as openvswitch:openvswitch
Change default run configuration to unprivilieged user openvswitch and
group openvswitch. Expect any further customization from user in
sysconfig/openvswitch, including setting it back to privileged root:root
configuration.
---
rhel/etc_logrotate.d_openvswitch | 2 +-
rhel/etc_openvswitch_default.conf | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
index f4302ffbc..eaf1fd5bf 100644
--- a/rhel/etc_logrotate.d_openvswitch
+++ b/rhel/etc_logrotate.d_openvswitch
@@ -6,7 +6,7 @@
# without warranty of any kind.
/var/log/openvswitch/*.log {
- su root root
+ su openvswitch openvswitch
daily
compress
sharedscripts
diff --git a/rhel/etc_openvswitch_default.conf
b/rhel/etc_openvswitch_default.conf
index c74417db6..20d1f5f54 100644
--- a/rhel/etc_openvswitch_default.conf
+++ b/rhel/etc_openvswitch_default.conf
@@ -1,5 +1,4 @@
# DO NOT EDIT THIS FILE
# The following is the *default* configuration for the openvswitch user ID.
-# This is for backward compatibility.
-OVS_USER_ID="root:root"
+OVS_USER_ID="openvswitch:openvswitch"
--
2.16.4
++++++ 0001-Run-ovn-as-openvswitch-openvswitch.patch ++++++
>From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]>
Date: Fri, 8 May 2020 11:23:04 +0200
Subject: [PATCH] Run ovn as openvswitch:openvswitch
Change default run configuration to unprivilieged user openvswitch and
group openvswitch. Expect any further customization from user in
sysconfig/ovn.
---
rhel/etc_logrotate.d_ovn | 2 +-
rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 +
rhel/usr_lib_systemd_system_ovn-controller.service | 1 +
rhel/usr_lib_systemd_system_ovn-northd.service | 1 +
4 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
index a351ec303..4b26333fc 100644
--- a/rhel/etc_logrotate.d_ovn
+++ b/rhel/etc_logrotate.d_ovn
@@ -6,7 +6,7 @@
# without warranty of any kind.
/var/log/ovn/*.log {
- su root root
+ su openvswitch openvswitch
daily
compress
sharedscripts
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 09ad0612c..dd6ff6675 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -35,6 +35,7 @@ After=openvswitch.service
[Service]
Type=simple
Restart=on-failure
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service
b/rhel/usr_lib_systemd_system_ovn-controller.service
index 15d0ac853..c602760f1 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -23,6 +23,7 @@ After=openvswitch.service
Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service
b/rhel/usr_lib_systemd_system_ovn-northd.service
index d281f861c..d5c7dfa5f 100644
--- a/rhel/usr_lib_systemd_system_ovn-northd.service
+++ b/rhel/usr_lib_systemd_system_ovn-northd.service
@@ -20,6 +20,7 @@ After=syslog.target
[Service]
Type=oneshot
RemainAfterExit=yes
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn
EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-northd
--
2.16.4
++++++ 0001-Use-double-hash-for-OVS_USER_ID-comment.patch ++++++
>From e007ba2d276530db6aa8a242b069f356395cd8e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]>
Date: Mon, 15 Jun 2020 15:15:53 +0200
Subject: [PATCH] Use double hash for OVS_USER_ID comment
---
rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
index c467d02db..10b841679 100644
--- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
+++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
@@ -28,4 +28,4 @@
OPTIONS=""
# Uncomment and set the OVS User/Group value
-#OVS_USER_ID="openvswitch:openvswitch"
+## OVS_USER_ID="openvswitch:openvswitch"
--
2.26.1
++++++ 0001-Use-strongswan-for-openvswitch-ipsec-service.patch ++++++
>From f786cf97880bdf1ebed65db2f560ff15f1f29413 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <[email protected]>
Date: Mon, 28 Oct 2019 15:14:19 +0100
Subject: [PATCH] Use strongswan for openvswitch-ipsec service
Since libreswan is not packaged for Leap/SLES, use strongswan for the
time being.
---
rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index d8f47af68..3c4a40138 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -7,7 +7,7 @@ After=openvswitch.service
Type=forking
PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
- --ike-daemon=libreswan start-ovs-ipsec
+ --ike-daemon=strongswan start-ovs-ipsec
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
[Install]
--
2.16.4
++++++ 0001-flow-Support-extra-padding-length.patch ++++++
>From f9498a162855476f0c2548354f27d618dbb51666 Mon Sep 17 00:00:00 2001
From: Flavio Leitner <[email protected]>
Date: Mon, 26 Oct 2020 16:03:19 -0300
Subject: [PATCH v2 branch-2.13] flow: Support extra padding length.
Although not required, padding can be optionally added until
the packet length is MTU bytes. A packet with extra padding
currently fails sanity checks.
Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.")
Reported-by: Joakim Hindersson <[email protected]>
Acked-by: Ilya Maximets <[email protected]>
Signed-off-by: Flavio Leitner <[email protected]>
---
lib/conntrack.c | 2 +-
lib/dp-packet.h | 10 +++++-----
lib/flow.c | 6 +++---
tests/classifier.at | 36 ++++++++++++++++++++++++++++++++++++
4 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 0cbc8f6d2..bb98395cd 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -813,7 +813,7 @@ static void
reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
{
char *tail = dp_packet_tail(pkt);
- uint8_t pad = dp_packet_l2_pad_size(pkt);
+ uint16_t pad = dp_packet_l2_pad_size(pkt);
struct conn_key inner_key;
const char *inner_l4 = NULL;
uint16_t orig_l3_ofs = pkt->l3_ofs;
diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index 9f8991faa..45655af46 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -81,7 +81,7 @@ struct dp_packet {
/* All the following elements of this struct are copied in a single call
* of memcpy in dp_packet_clone_with_headroom. */
- uint8_t l2_pad_size; /* Detected l2 padding size.
+ uint16_t l2_pad_size; /* Detected l2 padding size.
* Padding is non-pullable. */
uint16_t l2_5_ofs; /* MPLS label stack offset, or UINT16_MAX */
uint16_t l3_ofs; /* Network-level header offset,
@@ -118,8 +118,8 @@ void *dp_packet_resize_l2(struct dp_packet *, int
increment);
void *dp_packet_resize_l2_5(struct dp_packet *, int increment);
static inline void *dp_packet_eth(const struct dp_packet *);
static inline void dp_packet_reset_offsets(struct dp_packet *);
-static inline uint8_t dp_packet_l2_pad_size(const struct dp_packet *);
-static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint8_t);
+static inline uint16_t dp_packet_l2_pad_size(const struct dp_packet *);
+static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint16_t);
static inline void *dp_packet_l2_5(const struct dp_packet *);
static inline void dp_packet_set_l2_5(struct dp_packet *, void *);
static inline void *dp_packet_l3(const struct dp_packet *);
@@ -327,14 +327,14 @@ dp_packet_reset_offsets(struct dp_packet *b)
b->l4_ofs = UINT16_MAX;
}
-static inline uint8_t
+static inline uint16_t
dp_packet_l2_pad_size(const struct dp_packet *b)
{
return b->l2_pad_size;
}
static inline void
-dp_packet_set_l2_pad_size(struct dp_packet *b, uint8_t pad_size)
+dp_packet_set_l2_pad_size(struct dp_packet *b, uint16_t pad_size)
{
ovs_assert(pad_size <= dp_packet_size(b));
b->l2_pad_size = pad_size;
diff --git a/lib/flow.c b/lib/flow.c
index 45bb96b54..353d5cd3e 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -655,7 +655,7 @@ ipv4_sanity_check(const struct ip_header *nh, size_t size,
tot_len = ntohs(nh->ip_tot_len);
if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len ||
- size - tot_len > UINT8_MAX)) {
+ size - tot_len > UINT16_MAX)) {
return false;
}
@@ -693,8 +693,8 @@ ipv6_sanity_check(const struct ovs_16aligned_ip6_hdr *nh,
size_t size)
if (OVS_UNLIKELY(plen + IPV6_HEADER_LEN > size)) {
return false;
}
- /* Jumbo Payload option not supported yet. */
- if (OVS_UNLIKELY(size - (plen + IPV6_HEADER_LEN) > UINT8_MAX)) {
+
+ if (OVS_UNLIKELY(size - (plen + IPV6_HEADER_LEN) > UINT16_MAX)) {
return false;
}
diff --git a/tests/classifier.at b/tests/classifier.at
index 88818618b..cdcd72c15 100644
--- a/tests/classifier.at
+++ b/tests/classifier.at
@@ -304,3 +304,39 @@ ovs-ofctl: "conjunction" actions may be used along with
"note" but not any other
])
OVS_VSWITCHD_STOP
AT_CLEANUP
+
+# Flow classifier a packet with excess of padding.
+AT_SETUP([flow classifier - packet with extra padding])
+OVS_VSWITCHD_START
+add_of_ports br0 1 2
+AT_DATA([flows.txt], [dnl
+priority=5,ip,ip_dst=1.1.1.1,actions=1
+priority=5,ip,ip_dst=1.1.1.2,actions=2
+priority=0,actions=drop
+])
+AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+packet=00020202020000010101010008004500001c00010000401176cc01010101010101020d6a00350008ee3a
+AT_CHECK([ovs-appctl ofproto/trace br0 in_port=1 $packet] , [0], [stdout])
+AT_CHECK([tail -2 stdout], [0],
+ [Megaflow: recirc_id=0,eth,ip,in_port=1,nw_dst=1.1.1.2,nw_frag=no
+Datapath actions: 2
+])
+# normal packet plus 255 bytes of padding (8bit padding).
+# 255 * 2 = 510
+padding=$(printf '%*s' 510 | tr ' ' '0')
+AT_CHECK([ovs-appctl ofproto/trace br0 in_port=1 ${packet}${padding}] , [0],
[stdout])
+AT_CHECK([tail -2 stdout], [0],
+ [Megaflow: recirc_id=0,eth,ip,in_port=1,nw_dst=1.1.1.2,nw_frag=no
+Datapath actions: 2
+])
+# normal packet plus padding up to 65535 bytes of length (16bit limit).
+# 65535 - 43 = 65492
+# 65492 * 2 = 130984
+padding=$(printf '%*s' 130984 | tr ' ' '0')
+AT_CHECK([ovs-appctl ofproto/trace br0 in_port=1 ${packet}${padding}], [0],
[stdout])
+AT_CHECK([tail -2 stdout], [0],
+ [Megaflow: recirc_id=0,eth,ip,in_port=1,nw_dst=1.1.1.2,nw_frag=no
+Datapath actions: 2
+])
+OVS_VSWITCHD_STOP
+AT_CLEANUP
--
2.29.2
++++++ Module.supported.updates ++++++
updates/openvswitch.ko
updates/vport-geneve.ko
updates/vport-gre.ko
updates/vport-lisp.ko
updates/vport-stt.ko
updates/vport-vxlan.ko
++++++ preamble ++++++
Requires: kernel-%1
Enhances: kernel-%1
Supplements: packageand(kernel-%1:%{-n*})
