We currently allow five trips through the kernel datapath before dropping the packet to protect the stack. However, there have been a few reports recently involving tunneling that this is still too much. Although it's not a complete solution, this reduces the limit by one to balance safety in common situations with flexibility.
Reported-by: Paul Ingram <[email protected]> Reported-by: 謝秉融 <[email protected]> Signed-off-by: Jesse Gross <[email protected]> --- datapath/actions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datapath/actions.c b/datapath/actions.c index bc126a7..0dac658 100644 --- a/datapath/actions.c +++ b/datapath/actions.c @@ -532,7 +532,7 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, /* We limit the number of times that we pass into execute_actions() * to avoid blowing out the stack in the event that we have a loop. */ -#define MAX_LOOPS 5 +#define MAX_LOOPS 4 struct loop_counter { u8 count; /* Count. */ -- 1.7.10.4 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
