From: Jesse Gross Date: Mon, 5 Nov 2012 23:47:41 +0000 (-0800) Subject: datapath: Don't allow flows installed with only TUN_ID. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c7f58830a25520f7e18225b79de2774b9e9e012;p=openvswitch datapath: Don't allow flows installed with only TUN_ID. Tunnel ports now always include full outer IP information, even if userspace can't understand it. Since our flows our exact match this information must also be provided when setting up flows. Since flows with only OVS_KEY_ATTR_TUN_ID keys don't contain all of this information they can never be hit and we should just reject them at setup time. Signed-off-by: Jesse Gross Acked-by: Kyle Mestery --- diff --git a/datapath/flow.c b/datapath/flow.c index 2acdd059..f33760af 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -1041,14 +1041,11 @@ int ovs_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_lenp, if (tun_id != tun_key->tun_id) return -EINVAL; - memcpy(&swkey->phy.tun.tun_key, tun_key, sizeof(swkey->phy.tun.tun_key)); - attrs &= ~(1ULL << OVS_KEY_ATTR_TUN_ID); - attrs &= ~(1ULL << OVS_KEY_ATTR_IPV4_TUNNEL); - } else if (attrs & (1ULL << OVS_KEY_ATTR_TUN_ID)) { - swkey->phy.tun.tun_key.tun_id = nla_get_be64(a[OVS_KEY_ATTR_TUN_ID]); - swkey->phy.tun.tun_key.tun_flags |= OVS_FLOW_TNL_F_KEY; + memcpy(&swkey->phy.tun.tun_key, tun_key, + sizeof(swkey->phy.tun.tun_key)); attrs &= ~(1ULL << OVS_KEY_ATTR_TUN_ID); + attrs &= ~(1ULL << OVS_KEY_ATTR_IPV4_TUNNEL); } else if (attrs & (1ULL << OVS_KEY_ATTR_IPV4_TUNNEL)) { struct ovs_key_ipv4_tunnel *tun_key; tun_key = nla_data(a[OVS_KEY_ATTR_IPV4_TUNNEL]); @@ -1056,7 +1053,9 @@ int ovs_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_lenp, if (!tun_key->ipv4_dst) return -EINVAL; - memcpy(&swkey->phy.tun.tun_key, tun_key, sizeof(swkey->phy.tun.tun_key)); + memcpy(&swkey->phy.tun.tun_key, tun_key, + sizeof(swkey->phy.tun.tun_key)); + attrs &= ~(1ULL << OVS_KEY_ATTR_IPV4_TUNNEL); }