If we receive a packet with an invalid tunnel header, we
should drop the packet without further processing. Currently
we do this by removing any parsed tunnel metadata. However,
this is not sufficient to stop processing - this only results
in the packet getting dropped by chance when something
usually runs across part of the packet that does not make
sense. Since both the packet and its metadata are in an
inconsistent state, it's also possible that the result is
an ovs-vswitchd crash or forwarding of a mangled packet.
Rather than clear the metadata, an alternate solution is to
remove all of the packet data. This guarantees that the
packet gets dropped during the next round of processing.
Signed-off-by: Jesse Gross <je...@nicira.com>
---
lib/netdev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/netdev.c b/lib/netdev.c
index aed5289..790bab9 100644
--- a/lib/netdev.c
+++ b/lib/netdev.c
@@ -747,8 +747,7 @@ netdev_pop_header(struct netdev *netdev, struct dp_packet
**buffers, int cnt)
err = netdev->netdev_class->pop_header(netdev, buffers[i]);
if (err) {
- struct flow_tnl *tunnel_md = &buffers[i]->md.tunnel;
- memset(tunnel_md, 0, sizeof *tunnel_md);
+ dp_packet_clear(buffers[i]);
}
}
--
1.9.1
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
