On Fri, Apr 19, 2019 at 3:27 AM Ben Pfaff <b...@ovn.org> wrote: > On Thu, Apr 18, 2019 at 02:55:58PM -0700, Ben Pfaff wrote: > > This calculation in pinctrl_handle_icmp() looks suspect to me. Does it > > function properly if the packet is larger than about 576 bytes and the > > subtraction wraps around? > > > > + /* Calculate available room to include the original IP + > data. */ > > + nh = dp_packet_l3(&packet); > > + uint16_t room = 576 - (sizeof *eh + ntohs(nh->ip_tot_len)); > > + if (in_ip_len > room) { > > + in_ip_len = room; > > + } > > Excuse me: the above is actually a comment for patch 4. >
Hi Ben, Based on the code here - https://github.com/openvswitch/ovs/blob/master/ovn/controller/pinctrl.c#L557 i.e ***** nh->ip_tot_len = htons(sizeof(struct ip_header) + sizeof(struct icmp_header)); ***** The value of sizeof *eh + nh->ip_tot_len can never be greater than 576. So you think it's still not safe and it's better to handle the subtraction wrap ? Thanks Numan _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev